• Our software update is now concluded. You will need to reset your password to log in. In order to do this, you will have to click "Log in" in the top right corner and then "Forgot your password?".
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.
    Register

Hackers Access multiple Law Enforcement Data Systems

Fairy

Fairy

17,133
Posts
12
Years
  • Age 33
  • Seen Jan 12, 2024
Apparently, all it took to access 16 internal databases used by federal agencies was a username and password.

Internet security blogger Brian Krebs reported Thursday that hackers had accessed more than a dozen U.S. law enforcement agency portals under the Department of Justice, including those used by the Drug Enforcement Agency and FBI. Krebs was tipped off that hackers were reportedly able to infiltrate the network through a DEA system containing information and analytics useful for ongoing investigations.

The hacker apparently gained access to the databases May 8 through the DEA's EPIC System portal, which is distinct from the esp.usdoj.gov portal that requires much more strict government authentication. Krebs wrote that the EPIC system apparently only requires a username and password without even a request for two-step authentication.
Click to expand...

Kinda hard to feel bad when an entire branch of US judicial security is compromised by what is suspected to be a couple of teenagers. As far as I understand this hasn't been confirmed as a case of white or black hat hacking, but either way, not having two-step authentication for any account in this day and age is just shameful, deliberate ignorance. If it was really as easy as the alleged informant claimed, then it's not outside of the realm to believe this is deserved. Regardless, there is absolutely no excuse for the US Federal Government to not have among the highest of standards to prevent, or at least slow the efforts of, cyber security breaches. Authentication needs to be addressed from every possible avenue of entry for each portal.

None of the sensitive information has appeared on any popular data dump sites at this time. However, there's allegedly already cases of law enforcement being impersonated in order to obtain user data from big tech companies. So this is not a victimless crime and I'm confident in the very near future the full scale of the consequences of this infiltration will be made apparent.


So what do you think? Is this hack going to, in one way, help better protect citizens because the Federal Government will be forced to strengthen their security? Or has the damage already been done and it's only a matter of time before more governmental branches are accessed due to their own lax security? Maybe a bit of both?

How far do you suspect this rabbit hole really goes?
 
You must log in or register to reply here.
Back
Top