on the face of it , all it took to access 16 internal databases used by federal agencies was a username and password .
Internet surety blogger Brian KrebsreportedThursday that hackers had get at more than a twelve U.S. law enforcement agency portals under the Department of Justice , including those used by the Drug Enforcement Agency and FBI . Krebs was slant off that hackers were reportedly able to infiltrate the meshwork through a DEA system containing information and analytics useful for ongoing investigations .
The hacker patently gained access to the databases May 8 through the DEA ’s EPIC System portal , which is distinct from the esp.usdoj.gov portal vein that requires much more strict government authentication . Krebs write that the EPIC arrangement apparently only require a username and password without even a petition for two - step authentication .
Photo: Dmytro Tyshchenko (Shutterstock)
The tout share with Krebs several screenshots of possession records for things like grease-gun , vehicles , and drones . That data could be very useful to national or external criminal groups , according to UC Berkeley computer science investigator Nicholas Weaver , who told Krebs “ I do n’t consider these [ hoi polloi ] realize what they got , how much money the cartel would pay for access to this . ”
The bureau did not answer to Gizmodo ’s request for further commentary . The DEA tell Krebs that they were investigate the reported taxi , say the means “ takes cyber surety and information of intrusion seriously . ”
The data point was leaked to Krebs through a suspect decision maker of Doxbin , which help as a hub for people posting secret information online . Doxbin has major connection to the LAPSUS$ teenage hacking radical that are responsible for breaches of some of the world’sbiggest tech caller . Even after aim leaders of the group were contain in the beginning this yr , hack were still show steal user and society data .
LAPSUS$ hackers have antecedently upload their stolen data to semi - secure Telegram New World chat , but as of midday Thursday the grouping had not seemed to carry any data related to the think hack on its primary channel . Group hackers have already been known toimpersonate police enforcement emailsto get substance abuser data from big technical school company .
Krebs estimated EPIC was n’t the only government database that requires only a individual username and watchword entree , considering there are 3,330 upshot that show up on aDOJ armory .
He further critiqued the government ’s apparent laxity in security , saying that if informal adolescent hacking groups can break in , then Department of State - shop at groups could also have well-to-do access .
“ It is long retiring time for the U.S. federal government to do a top - to - bottom recapitulation of hallmark requirements tied to any governance portals that traffic in sensitive or privileged data , ” Krebs spell .
calculator securityComputingGizmodoHacker cultureHackingHumansTechnology
Daily Newsletter
Get the good tech , science , and culture news in your inbox day by day .
intelligence from the future , delivered to your present .
You May Also Like
