FBI operational database is hacked
- Get link
- X
- Other Apps
Hackers Claim FBI Information-Sharing Portal Breached
With just a password needed to access police databases, the FBI got basic security wrong | ZDNet
Hackers who targeted CIA director have breached a police arrest database | ZDNet
CIA Email Hackers Return With Major Law Enforcement Breach | WIRED
Intelligence Chief: OPM Hack Was Not a ‘Cyberattack’ - Nextgov.com
Reuters: OPM hack tied to China’s intelligence operations — and other hacks « Hot Air
FBI Arrests NYPD Detective On Hacking Charges
CIA Email Hackers Return With Major...
News - fbi operational database is hacked - Google Search
police operational database is hacked - Google Search
cyber attacks on us as intelligence operation - Google Search
opm hack as intelligence operation - Google Search
Events - Cyberwarfare in the United States - Wikipedia, the free encyclopedia
With just a password needed to access police databases, the FBI got basic security wrong:
"Hackers earlier this month were able to access a US law enforcement arrest database, and posted screenshots to Twitter -- including some high-profile arrestees, like hacker Jeremy Hammond, convicted for his part in the Stratfor leak. It wasn't just that arrest database. The hackers, according to Wired, also gained access to a police file transfer service, and an instant messaging service for police, and a real-time intelligence-sharing platform, among others...
Exactly how the hackers got access to the database remains a mystery."
"Oh, please. The intruders didn’t need to hack into the system; OPM left the door wide open. They contracted with people who gained root access to the systems, and who turned out to be working not just for the People’s Republic of China, but actually in the PRC.
And guess what? It’s not over — it might just be beginning..."
fbi operational database is hacked - Google Search
Hackers Claim FBI Information-Sharing Portal Breached:
Some security experts question the attackers' asserted ages and levels of recreational drug use. "If they were really teenage stoner hackers, they'd be in jail," Michael Adams, an information security expert who served more than two decades in the U.S. Special Operations Command, tells Vice Motherboard. "It is very difficult for me to understand how hackers characterized as 'teenage stoners' cannot be caught with the resources available to the United States intelligence community and the FBI."
Hacking into police force systems - Independent Police ...
<a href="https://www.ipcc.gov.uk/.../c" rel="nofollow">https://www.ipcc.gov.uk/.../c</a>...
Investigation into hacking of police computer systems, raising issues about: ... Further investigation of the memory stick found files including an operational order ... royal visit, Police National Computer (PNC) databases referring to Vehicle ...
Independent Police Complaints Commission
Loading...
2,400 Law Enforcement Agents Named, Additional Dumps Threatened Mathew J. Schwartz(euroinfosec) • November 9, 2015 1 Comment
A group of hackers claims to have breached an FBI information-sharing portal and gained access to numerous sensitive systems, including records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.
The group, which goes by the name Crackas With Attitude - or CWA - also dumped online about 2,400 names of federal, local, state and international law enforcement agency employees and threatened to release much more information.
The data dump follows CWA claiming recently to have breached the personal email account of FBI Deputy Director Mark Giuliano. That followed its claimed hack in October of CIA Director John Brennan's personal AOL email account. The attackers, who say they leaked sensitive information they found in AOL email attachments and who have described themselves as "stoners" in multiple media interviews, claimed they were high at the time of their actions.
On Nov. 5, meanwhile, the group released a data dump to text-sharing websites Pastebin and Cryptobin. The data dump, which was obtained by Information Media Security Group, includes names, work email addresses and work telephone numbers for 2,398 individuals, as well as the hashtags "#Nov5" and "FreePalestine."
"Happy Nov5 guys! This is only part 1 ... Gov/Police/Military names, emails and phone numbers," a member of the group who goes by "Cracka" tweeted Nov. 5, including links to the data dump. "Who's ready for part 2?" Cracka added Nov. 8.
The veracity of the dumped data has not been verified. But the named individuals allegedly range from FBI special agents and a detective in the Troy, Mich., police force, to an explosives specialist at the U.S. Transportation Security Administration and special agents working for the U.S. Department of Transportation and Diplomatic Security Service, among many other agencies.
The leaked data has already been reposted on at least one leak-sharing website. One CWA member, known as Cubed, tells Vice Motherboard that the group has "a lot more names" that it's prepared to leak, although declined to give a specific count.
FBI Portal Breach Claimed
CWA appears to have breached the FBI's Law Enforcement Enterprise Portal - or LEEP - which the bureau describes as being "a secure, Internet-based information sharing system available to agencies around the world that are involved in law enforcement, first response, criminal justice, anti-terrorism, intelligence and related matters."
On Nov. 8, CWA published a screenshot of what's labeled as being the "SIG/VCC address book," which says it contains 9,046 members' names, titles, employers and location, although parts of that list are blacked out. That appears to refer to the FBI's Virtual Command Center/Special Interest Group, or VCC/SIG, which the bureau says has been used to coordinate about 5,500 cases in the past 10 years, ranging from active shooter incidents and child abductions to presidential inaugurations and terrorist attacks and threats.
An FBI spokeswoman declined to comment on the hack, or what portal technology the bureau uses to run LEEP. "We have no comment on specific claims of hacktivism, but those who engage in such activities are breaking the law," FBI spokeswoman Carol Cratty says. "The FBI takes these matters very seriously. We will work with our public and private sector partners to identify and hold accountable those who engage in illegal activities in cyberspace."
The hackers tell Wired that they were able to exploit a vulnerability in the LEEP portal, giving them access to nearly 20 U.S. law enforcement information-sharing portals and investigation tools. The group declined to detail the vulnerability they exploited, saying they were still using it to attempt to extract additional information.
But CWA provided a detailed list to Wired of 19 tools it claims the group was able to access via the law enforcement portal, which range from the Internet Crime Complaint Center, or IC3, and the Homeland Security Information Network, used for trading sensitive but non-confidential information, to an automated malware analysis tool and JABS, the Joint Automated Booking System, which is a database of federal arrest records.
One concern about the potential JABS breach is that the system can contain arrest records relating to indictments that are still under seal and thus may give any criminals with access to the system a heads-up if they're being targeted. As noted by Wired, a common tactic in cybercrime investigations is for law enforcement agencies to arrest one suspected member of a hacking ring and keep the case sealed while they attempt to get the accused to provide evidence on alleged co-conspirators.
Guy Fawkes Symbolism
The choice of date for CWA's Nov. 5 leak is symbolic - that's Bonfire Night in the United Kingdom, which commemorates the failure of Guy Fawkes to blow up the Houses of Parliament in 1605. The date also features in "V for Vendetta," a comic book and then film, which envisions an alternate future in which a legion of revolutionaries wearing masks - of the type since popularized by Anonymous - battles the fascist state. The date has also become a rallying point for Anonymous-related online operations and protests.
But CWA says it's not part of Anonymous. "No need to target #AnonSec feds, they were nothing to do with the attacks, they're just good friends," reads a tweet from the CWA member who goes by the name Cracka.
In a separate Nov. 5 Pastebin post, meanwhile, Cracka claims that he's "targeting the U.S. government for funding Israel." And the group has said it has a substantial amount of additional data that it's prepared to release unless the government meets its demands.
FBI Deputy Director Targeted
The apparent law enforcement portal breach follows CWA claiming via Twitter that it had hacked into the personal email account of FBI Deputy Director Mark Giuliano. The group told Vice Motherboard it first gained access to a Comcast account registered in Giuliano's wife's name, although declined to note how - and the group's claims could not be verified. The FBI declined to comment on CWA's claimed attack.
Some security experts question the attackers' asserted ages and levels of recreational drug use. "If they were really teenage stoner hackers, they'd be in jail," Michael Adams, an information security expert who served more than two decades in the U.S. Special Operations Command, tells Vice Motherboard. "It is very difficult for me to understand how hackers characterized as 'teenage stoners' cannot be caught with the resources available to the United States intelligence community and the FBI."
Adams, who has reviewed the list of dumped data, warns that it appears to show police officers that have an FBI email address - meaning they could be embedded bureau agents - as well as agents deployed abroad, for example on the Caribbean nation of Saint Kitts and Nevis, and might be working undercover. "They're busting covers left and right and they don't know it," he said of CWA.
Read the whole story
· · · · ·
posted at 4:41 pm on June 19, 2015 by Ed Morrissey
Actually, “hack” may not be the most accurate term for how China’s intelligence service gained access to practically every piece of sensitive information from every federal employee over the last 30 years. The better description is that the Office of Personnel Management handed someone the master key to the mansion and never noticed that their employee and his bestest buddies were robbing them blind for more than a year. Reuters reports today that the slow-roll theft was accomplished by a group tied to Chinese intelligence services, more or less confirming what had been speculated before:
The Chinese hacking group suspected of stealing sensitive information about millions of current and former U.S. government employees has a different mission and organizational structure than the military hackers who have been accused of other U.S. data breaches, according to people familiar with the matter.While the Chinese People’s Liberation Army typically goes after defense and trade secrets, this hacking group has repeatedly accessed data that could be useful to Chinese counter-intelligence and internal stability, said two people close to the U.S. investigation. …Sources told Reuters that the hackers employed a rare tool to take remote control of computers, dubbed Sakula, that was also used in the data breach at U.S. health insurer Anthem Inc last year.The Anthem attack, in turn, has been tied to a group that security researchers said is affiliated with China’s Ministry of State Security, which is focused on government stability, counter-intelligence and dissidents. The ministry could not immediately be reached for comment.
Plus as the Washington Post notes, that year gave the intruders/welcomed guests lots of time to find all of the data they wanted to hijack. In fact, they were so thorough that OPM still doesn’t know exactly what was taken:
The discovery of that breach followed the detection in April of the compromise of a personnel database containing Social Security numbers and other personal information of 4.1 million current and former federal employees. That hack dates back to December, officials said.In the case of the personnel database, the time between breach and discovery was four months — much shorter than the one-year interval for the security clearance system.OPM officials are still trying to determine how much data was actually stolen and who was affected. The background-check system is complex and antiquated, made up of many databases and fed by numerous agencies. The OPM emphasized that it has tried since last year to put in place stronger detection and prevention. Some U.S. officials say the OPM has been stymied by bureaucratic hurdles.
Oh, please. The intruders didn’t need to hack into the system; OPM left the door wide open. They contracted with people who gained root access to the systems, and who turned out to be working not just for the People’s Republic of China, but actually in the PRC.
And guess what? It’s not over — it might just be beginning:
The OPM attack has been linked in news reports to China and by members of Congressto China. That suggests that the mission is not monetary gain.“If it’s nation state attackers,” Wysopal said, “I assume it will be more phishing style attacks to compromise someone’s home network—getting the information of someone’s family members and them. So I think of [the hack] as a really sophisticated precursor attack to getting at something that is really more of the ultimate target of the hack.” …It’s this kind of information that can give cunning hackers the ability to commit identity fraud, construct sophisticated e-mail scams known as phishing attacks, and lead to even more damaging cyberattacks seeking higher value information.“It’s likely this attack is less about money, but more about gaining deeper access to other systems and agencies,” said Mark Bower, a security expert with Hewlett-Packard.In fact, he said, some of this information could give criminal hackers the raw materials to construct targeted e-mail attacks with the aim of getting access to data about economic policy plans, military and defense data sets, or for committing intellectual property theft.
In other words, now would be an excellent time for those whose data resided at OPM to change passwords, wireless network IDs, and perhaps even bank accounts. Or it might already be too late.
Good thing Barack Obama has complete confidence in OPM, eh?
Related Posts:
Read the whole story
· · · ·
The mammoth data breach of millions of background investigation forms at the Office of Personnel Management was one of the largest cybercrimes ever perpetrated against the U.S. government, according to federal officials.
But one thing it wasn’t? A cyberattack. At least in the true sense of the term, according to Director of National Intelligence James Clapper.
Testifying Thursday before the House Intelligence Committee on “worldwide cyber threats,” Clapper told lawmakers the intrusion of OPM networks -- purportedly part of a Chinese espionage operation -- did not involve the destruction or manipulation of data, which are crucial to the “working definition” of an online attack.
Data was “simply stolen,” he said. “That's a passive intelligence collection activity -- just as we do," Clapper added.
Getting the terminology right is important, said National Security Agency Director Adm. Michael Rogers.
“Many times, I'll hear people throw out 'attack,' 'act of war,'" he said. “And I go, 'That's not necessarily in every case how I would characterize the activity that I see.'"
Not all members of the committee were assuaged by the explanation, though.
"I do think that it seems to minimize the gravity of this event by characterizing it [as] not an attack,” said Rep. Chris Stewart, R-Utah, adding, “Many of us view this as simply more than just data mining.”
So far, there’s no evidence any of the stolen data -- including deeply personal information on current, former and prospective federal employees who were vetted to handle sensitive material -- has been used “in a nefarious way,” Clapper said. But the possibility remains a concern.
"There is potentially -- and I emphasize the word potentially -- great risk certainly in the case of intelligence people, particularly those assigned overseas,” Clapper said.
The National Counterintelligence and Security Center is providing information to employees whose personal information was exfiltrated to educate them about potential threats, including blackmail, and how to protect themselves.
In addition, the federal government has picked up the tab -- nearly $330 million in all -- to provide three years' credit monitoring and identity-theft prevention services to those affected.
It’s unclear how effective ID protection services will be at neutralizing the national security implications of the stolen data.
“I feel like that's buying people flood insurance when their neighborhood just burned down," FBI Director James Comey said of the credit monitoring offered to hack victims. "The fire is what I'm worried about. It's not people's credit cards and their credit rating, given what we think the information was taken for.”
Read the whole story
· ·
Hackers Claim FBI Information-Sharing Portal Breach
<a href="http://BankInfoSecurity.com" rel="nofollow">BankInfoSecurity.com</a>-Nov 9, 2015
That followed its claimed hack in October of CIA Director John ... the Joint Automated Booking System, which is a database of federal ... The date has also become a rallying point for Anonymous-related online operations and protests. ... it appears to show police agents that have an FBI address - meaning ...
Motherboard
CIA Email Hackers Return With Major Law Enforcement Breach
WIRED-Nov 6, 2015
A former FBI agent confirmed to WIRED that JABS shows “all arrests and ... currently serving a 10-year sentence for hacking into Strategic Forecasting in 2011 ... details of law enforcement agents and the JABS database, the CWA ... tool is used for operations and events that include active shooter incidents, ...
The 'Dox' of More than 2300 Government Employees Might Be ...
Motherboard-Nov 6, 2015
Motherboard-Nov 6, 2015
Explore in depth (49 more articles)
Hackers Claim FBI Information-Sharing Portal Breach
<a href="http://BankInfoSecurity.com" rel="nofollow">BankInfoSecurity.com</a>-Nov 9, 2015
That followed its claimed hack in October of CIA Director John ... the Joint Automated Booking System, which is a database of federal arrest records. ... a rallying point for Anonymous-related online operations and protests.
Next Page of Stories
Loading...
Page 2
Intelligence Chief: OPM Hack Was Not a 'Cyberattack ...
<a href="http://www.nextgov.com/.../" rel="nofollow">www.nextgov.com/.../</a>intelligence...opm-hack.../120722/
Sep 10, 2015 - Intelligence Chief: OPM Hack Was Not a 'Cyberattack' ... intrusion of OPM networks -- purportedly part of a Chinese espionage operation -- did ...
<a href="http://Nextgov.com" rel="nofollow">Nextgov.com</a>
Loading...
Reuters: OPM hack tied to China's intelligence operations ...
Jun 19, 2015 - Actually, “hack” may not be the most accurate term for how China's intelligenceservice gained access to practically every piece of sensitive ...
China and Russia cross-referencing OPM data, other hacks ...
Aug 31, 2015 - William Evanina, the Office of the Director of National Intelligence's National ... According to the report, the OPM hack and other major data breaches ... by China in an effort to both ferret out US covert operations—to provide ...
Cyberwarfare in the United States - Wikipedia, the free ...
<a href="https://en.wikipedia.org/.../" rel="nofollow">https://en.wikipedia.org/.../</a>Cyberwarfare_in_the_United_States
1 The Five Pillars; 2 Cyberattack as an act of war; 3 Attacks on other nations .... OperationsCommand (Land) · United States Army Intelligence and Security ...
Wikipedia
Loading...
Someone in the FBI's own IT department is probably having a very bad week.
Hackers earlier this month were able to access a US law enforcement arrest database, and posted screenshots to Twitter -- including some high-profile arrestees, like hacker Jeremy Hammond, convicted for his part in the Stratfor leak. It wasn't just that arrest database. The hackers, according to Wired, also gained access to a police file transfer service, and an instant messaging service for police, and a real-time intelligence-sharing platform, among others.
The one-stop shop law enforcement gateway, known as LEEP (Law Enforcement Enterprise Portal), is accessible from the web and, indeed, from any computer or network.
So easy is it to access, in fact, that the government has its own domain name: LEO.gov.
The FBI says on its website that it's "located in one centralized location," and accessible by "a single sign-on process -- using one username and one password for many different resources and services."
It's not clear how many authorized users there are, but the number is likely to be in the many hundreds of thousands.
Exactly how the hackers got access to the database remains a mystery. When asked by Wired, the hackers did not respond.
According to NextGov, getting access to the system "does not require multifactor authentication, such as using a password and another form of ID like a smart card."
One theory is that they may have accessed the FBI-run law enforcement portal like any other user would have done: with a username and password.
The hackers first hit the public scene when they gained access to the personal AOL email account of CIA director John Brennan. A number of documents were later acquired by whistleblowing site WikiLeaks and posted online.
The hackers didn't stop there, either. CNN reports that the hackers were able to access the email account of FBI deputy director Mark Giuliano. Email accounts are often the final port of call for password reset messages, making it a prime target for anyone who wants to get access to other systems.
But even most email accounts and social networking sites have two-factor authentication, a system whereby the user gets a notification on a trusted device -- like a phone -- to add an extra layer of security on top of a username and password. And without that code, you can't log in.
What's more surprising is that the FBI trumpets two-factor authentication as one of the prime ways of keeping data safe.
"Cyber criminals...obtain passwords more often than you think. Which is why it's important to add another level of protection between the cyber criminal and you," says the FBI's own website.
What isn't surprising is that the FBI didn't follow its own advice, and it doesn't follow standard industry advice.
Apple, Amazon, Dropbox, eBay, Facebook, Google, LinkedIn, Microsoft, PayPal Skype, Snapchat, Twitter, Yahoo, YouTube are just some of the bigger names which offer two-factor authentication. In fact, most companies do. It's only a fraction of firms that don't.
An FBI spokesperson said they had no comment beyond the Friday statement, which was:
"We have no comment on specific claims of hacktivism, but those who engage in such activities are breaking the law. The FBI takes these matters very seriously. We will work with our public and private sector partners to identify and hold accountable those who engage in illegal activities in cyberspace."
- Get link
- X
- Other Apps
Comments
Post a Comment