Cyber criminals from an infamous hacker group recently accessed 16 internal databases used by federal law enforcement agencies by just logging in with a username and password.
Internet security blogger Brian Krebs received a tip that hackers from LAPSUS$, a group known for stealing data from large technology companies, infiltrated more than a dozen online portals belonging to federal agencies this month, but it’s not clear yet how much and what kind of information was stolen.
According to Krebs, Department of Justice (DOJ) agencies such as the Federal Bureau of Investigation (FBI) and Drug Enforcement Administration (DEA) were targeted. Hackers were able to access the DEA database known as the EPIC System Portal, which contains information of ongoing investigations and personal records.
The EPIC portal, which is different from the DOJ’s more secure esp.usdoj.gov portal, reportedly only required a username and password without a request for two-step authentication.
Data in the system included screenshots of ownership records for things like firearms, vehicles and drones, which could be useful for national and international criminal organizations such as cartels.
UC Berkeley computer science researcher Nicholas Weaver said the data could potentially fetch a high price.“I don’t think these [people] realize what they got, how much money the cartels would pay for access to this,” he told Krebs.
In response to Krebs’ article, the DEA said that they were investigating the hack, adding that the agency “takes cyber security and information of intrusions seriously.”
Researchers believe one of the main hackers of LAPSUS$ is a 16-year-old boy living with his mother in England. The group had previously impersonated law enforcement agencies to obtain user data from big tech companies.
“LAPSUS$ appears to be highly sophisticated, carrying out increasingly high-profile data breaches. The group has claimed it is not state-sponsored. The individuals behind the group are likely experienced and have demonstrated in-depth technical knowledge and abilities,” cyber intelligence firm Flashpoint wrote in an analysis of the group, as reported by Krebs.
In the past, the group has posted stolen data to its semi-secure Telegram chats, but no data obtained from the recent hack has reportedly been posted yet.
Krebs found fault with the government’s cyber security protocol.
“It is long past time for the U.S. federal government to perform a top-to-bottom review of authentication requirements tied to any government portals that traffic in sensitive or privileged information,” Krebs wrote.