Architechnosecurigeek. Tinkerer. General trouble maker.
539 stories
·
9 followers

DEA Investigating Breach of Law Enforcement Data Portal

1 Comment

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Unidentified hackers shared this screenshot of alleged access to the Drug Enforcement Administration’s intelligence sharing portal.

On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA.

KrebsOnSecurity shared information about the allegedly hijacked account with the DEA, the Federal Bureau of Investigation (FBI), and the Department of Justice, which houses both agencies. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.

“DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent,” the agency said in a statement shared via email.

According to this page at the Justice Department website, LEIA “provides federated search capabilities for both EPIC and external database repositories,” including data classified as “law enforcement sensitive” and “mission sensitive” to the DEA.

A document published by the Obama administration in May 2016 (PDF) says the DEA’s El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community.

EPIC and LEIA also have access to the DEA’s National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins).

“The EPIC System Portal (ESP) enables vetted users to remotely and securely share intelligence, access the National Seizure System, conduct data analytics, and obtain information in support of criminal investigations or law enforcement operations,” the 2016 White House document reads. “Law Enforcement Inquiry and Alerts (LEIA) allows for a federated search of 16 Federal law enforcement databases.”

The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.

Claims about the purloined DEA access were shared with this author by “KT,” the current administrator of the Doxbin — a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.

As KrebsOnSecurity reported earlier this year, the previous owner of the Doxbin has been identified as the leader of LAPSUS$, a data extortion group that hacked into some of the world’s largest tech companies this year — including Microsoft, NVIDIA, Okta, Samsung and T-Mobile.

That reporting also showed how the core members of LAPSUS$ were involved in selling a service offering fraudulent Emergency Data Requests (EDRs), wherein the hackers use compromised police and government email accounts to file warrantless data requests with social media firms, mobile telephony providers and other technology firms, attesting that the information being requested can’t wait for a warrant because it relates to an urgent matter of life and death.

From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley.

Weaver said it’s clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases.

“I don’t think these [people] realize what they got, how much money the cartels would pay for access to this,” Weaver said. “Especially because as a cartel you don’t search for yourself you search for your enemies, so that even if it’s discovered there is no loss to you of putting things ONTO the DEA’s radar.”

The DEA’s EPIC portal login page.

ANALYSIS

The login page for esp.usdoj.gov (above) suggests that authorized users can access the site using a “Personal Identity Verification” or PIV card, which is a fairly strong form of authentication used government-wide to control access to federal facilities and information systems at each user’s appropriate security level.

However, the EPIC portal also appears to accept just a username and password, which would seem to radically diminish the security value of requiring users to present (or prove possession of) an authorized PIV card. Indeed, KT said the hacker who obtained this illicit access was able to log in using the stolen credentials alone, and that at no time did the portal prompt for a second authentication factor.

It’s not clear why there are still sensitive government databases being protected by nothing more than a username and password, but I’m willing to bet big money that this DEA portal is not only offender here. The DEA portal esp.usdoj.gov is listed on Page 87 of a Justice Department “data inventory,” which catalogs all of the data repositories that correspond to DOJ agencies.

There are 3,330 results. Granted, only some of those results are login portals, but that’s just within the Department of Justice.

If we assume for the moment that state-sponsored foreign hacking groups can gain access to sensitive government intelligence in the same way as teenage hacker groups like LAPSUS$, then it is long past time for the U.S. federal government to perform a top-to-bottom review of authentication requirements tied to any government portals that traffic in sensitive or privileged information.

I’ll say it because it needs to be said: The United States government is in urgent need of leadership on cybersecurity at the executive branch level — preferably someone who has the authority and political will to eventually disconnect any federal government agency data portals that fail to enforce strong, multi-factor authentication.

I realize this may be far more complex than it sounds, particularly when it comes to authenticating law enforcement personnel who access these systems without the benefit of a PIV card or government-issued device (state and local authorities, for example). It’s not going to be as simple as just turning on multi-factor authentication for every user, thanks in part to a broad diversity of technologies being used across the law enforcement landscape.

But when hackers can plunder 16 law enforcement databases, arbitrarily send out law enforcement alerts for specific people or vehicles, or potentially disrupt ongoing law enforcement operations — all because someone stole, found or bought a username and password — it’s time for drastic measures.

Read the whole story
petrilli
8 days ago
reply
Wait, so are these the people we're supposed to "trust" with crypto backdoors?

Nope.
Arlington, VA
Share this story
Delete

Twitter CEO Parag Agrawal Fires Company’s Heads of Product and Revenue

2 Comments

Kayvon Beykpour, who’d been head of product at Twitter since 2018:

Interrupting my paternity leave to share some final @twitter-related news: I’m leaving the company after over 7 years.

The truth is that this isn’t how and when I imagined leaving Twitter, and this wasn’t my decision. Parag asked me to leave after letting me know that he wants to take the team in a different direction.

While I’m disappointed, I take solace in a few things: I am INSANELY proud of what our collective team achieved over the last few years, and my own contribution to this journey. [...] I’m proud that we changed the perception around Twitter’s pace of innovation, and proud that we shifted the culture internally to make bigger bets, move faster, and eliminate sacred cows.

Beykpour arrived at Twitter after their acquisition of Periscope, a product that, in hindsight, has proven to have been ahead of its time. I bet we hear from Beykpour again.

As reported by TechCrunch, the other executive canned by Agrawal was revenue product lead Bruce Falck, who wasted no time updating his Twitter bio.

Why would Agrawal make these moves now, while Twitter’s future — including Agrawal’s, to be clear — is completely up in the air? Idea 1: Agrawal has reason to believe the Musk acquisition is going to fall through, so he’s managing the company as he sees fit. Idea 2: Agrawal thinks the deal is going through and is trying to keep his job as CEO by doing what he thinks (or knows) Musk wants done.

Read the whole story
petrilli
8 days ago
reply
As someone who worked for the current CEO, I can say it's entirely #2. He's auditioning for asshole in chief.
Arlington, VA
Share this story
Delete

Deep End

1 Comment and 7 Shares
Hey! No running in the back-arc basin!
Read the whole story
petrilli
14 days ago
reply
Arlington, VA
Share this story
Delete
1 public comment
dukeofwulf
14 days ago
reply
I can't believe he left out the formation of hot tubs in the diagram. Crucial to the pool cycle.

This mashup of Teletubbies and the Highlander is surprisingly epic

1 Share

You know what they say: there can be only one Tinky-Winky.

Read the whole story
petrilli
59 days ago
reply
Arlington, VA
Share this story
Delete

20 Men From 20 Different Countries Dressed In Their National Costumes For The Mister Global 2021 Pageant

1 Comment and 6 Shares

Although women’s beauty pageants are more popular worldwide, it doesn’t mean that male beauty pageants don’t exist. There are many male beauty pageants out there that have been recognized for their amazing shows.

Recently, the Mister Global 2021 pageant was organized in Thailand, and many men from different countries participated in it. They were seen rocking various traditional outfits for the ‘national costume competition’ in the pageant. Check out some of the best attires that were exhibited in the competition.

More info: Mister Global

#1 Bolivia

Image source: David Ryo

#2 Hong Kong

Image source: David Ryo

#3 Sri Lanka

Image source: David Ryo

#4 Czech Republic

Image source: David Ryo

#5 United Kingdom

Image source: David Ryo

#6 Vietnam

Image source: David Ryo

#7 Laos

Image source: David Ryo

#8 India

Image source: David Ryo

#9 Ecuador

Image source: David Ryo

#10 Indonesia

Image source: David Ryo

#11 Korea

Image source: David Ryo

#12 Thailand

Image source: David Ryo

#13 Mexico

Image source: David Ryo

#14 Nigeria

Image source: David Ryo

#15 Philippines

Image source: David Ryo

#16 Cambodia

Image source: David Ryo

#17 Cuba

Image source: David Ryo

#18 Peru

Image source: David Ryo

#19 Malaysia

Image source: David Ryo

#20 South Africa

Image source: David Ryo

The post 20 Men From 20 Different Countries Dressed In Their National Costumes For The Mister Global 2021 Pageant appeared first on DeMilked.

Read the whole story
petrilli
61 days ago
reply
Arlington, VA
Share this story
Delete
1 public comment
christophersw
61 days ago
reply
These are amazing.
Baltimore, MD

Following the money

jwz
3 Shares
One thing that has long baffled me about our ongoing global clusterfuck has been the push to just pretend that it's not happening. Who benefits financially from that?

I think the answer is, commercial landlords and hotel financiers.

Backing up:

I don't think that the dropping of all mitigation measures happened just because "people" are "over it". I don't think it's some spontaneous groundswell. People have been given permission to say they're "over it", by misinformation campaigns that have been inflicted upon them.

Random individuals may be driven by infantile short-sightedness, but they are being encouraged in this by businesses, governments and state actors; they are being given cover to just pretend that it's not happening. Businesses are legendarily short-sighted, rarely able to see past the end of the quarter, but more than two years into this, shouldn't they have seen some patterns emerge? Even from the point of view of Capitalism Red in Tooth and Claw, how is it in their interest to have their employees dying by the thousands? To have them become saddled with life-long disabilities that will impact work and jack up the companies' own insurance costs for decades to come?

We've got stunts like this, where Maskless Mayor Breed gathers together a Rogue's Gallery of the world's worst businesses and pressures them into forcing their employees back into their cars and cubicles:

By committing to San Francisco, these businesses and many more are investing in this city and the people who live and work here. We are excited to welcome people back to downtown to work, dine, and experience our arts and culture. March is a new chapter for SF!

Which, due to character limits, she followed up with a second twit containing nothing but a list of the various companies' twitter handles. Ideally she'd be forced to wear their logos on her blazer like a NASCAR jacket, but she probably wouldn't even be embarrassed by that. Scarlet letter my ass.

tbreisacher: If the @SFPride parade was a tweet:

London Breed:

@BankofAmerica @BlackRock @sffed @FibroGenInc @GapInc @warriors @Google @HOKNetwork @Invitae @jpmorganchase @Meta @salesforce @united @Kilroyrealty @Mastercard @Microsoft @Orrick @SFGiants @SFSymphony @SPUR_Urbanist @Uber @usfca @Visa @WellsFargo

If a CEO wanted their employees back in the office for whatever reason (they think they're more productive, more controllable, whatever) they would just DO it. they don't need permission. They don't need the mayor campaigning for it. It's literally their call, and theirs alone. So why is the mayor campaigning for this? On whose behalf? We know it's not the CEOs, those are the targets of the campaign.

Part of the party line on this has been about the financial pain suffered by other downtown businesses, so is this on behalf of the hot dog cart on the corner? The food truck, the pizzeria, the upscale lunchtime businessman steakhouse?

No. Those businesses have no lobbying muscle at all. And more to the point, the various mayors and governors gave zero fucks about those businesses during the decades when the tech companies were building their own "free" cafeterias and restaurants directly into their office towers. Those companies did the math and figured out that if they served their employee a $6 meal in-house, they'd get an extra 2 hours work out of them every day. And all they had to do was shank that hot dog cart, that food truck, that pizzeria. Zero fucks were given while that was happening.

So who's left?

Commercial landlords. They see the spectre of the Googles of the world deciding that they need half as much floor space, and strong-arming their way into smaller leases, or just defaulting on it and daring them to fight it out in court. "We're Google, what are you gonna do?"

I think that those are the donors on whose behalf Breed is lobbying. That's why she wants us to believe the pandemic is over. So that when the CEOs tell everyone to get back to work, to justify those downtown tower leases, that the drones don't just quit. She, and the landlords, require the consent of the abused.

Notably, it will not be the employees of the commercial real-estate holding companies whose lives will be put at risk by these back-to-the-cubicle policies.

Who else, though? Here's another clue:

Breed is currently on a corporate-funded tour of the Great Houses of Europe, glad-handing movers and shakers in the capital cities, putting on her dog-and-pony show about how San Francisco is still a great tourist destination. Hitting all the talking points countering the Fox News stories about blood in the streets, telling everyone the Tenderloin is still a safe and welcoming place for High End Retail.

So who benefits from that? Which lobbyists will be pulling those strings? Airlines, obviously, but more importantly, hotel financiers, and the money-laundering oligarchs who love them.

As we learned from Scooby Doo, Donald Trump and Lex Luthor, it's always a real estate scam.

Always.


Previously, previously, previously, previously, previously.

Read the whole story
petrilli
66 days ago
reply
Arlington, VA
acdha
66 days ago
reply
Washington, DC
Share this story
Delete
Next Page of Stories