Hackers Reportedly Gain Access to Drug Enforcement Administration Data Portal

pcmag.com:

It's thought hackers have managed to compromise a data portal run by the US Drug Enforcement Administration (DEA), unlocking access to a wealth of information.

As cybersecurity journalist Brian Krebs reports(Opens in a new window), the breach would have allowed the attackers to prowl through 16 federal law enforcement databases covering a wide variety of investigative data. How did this happen? A failure to implement multi-factor authentication seems to be a key cause.

Krebs wrote that he’s learned “the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.”

He said a tip for this story came from an unnamed administrator at Doxbin—“a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.” Krebs further noted that this unauthorized access could be abused to upload fake data about suspects, citing commentary from Nicholas Weaver(Opens in a new window), a researcher at the University of California at Berkeley’s International Computer Science Institute.

False tips have often been used to initiate “swatting” attacks, in which hoax reports about crimes in progress lead to police swarming a residence with heavily armed SWAT teams. The target–or a random bystander–can wind up dead in the process. 

Unfortunately, Krebs has personal experience with that scenario. In 2013, Fairfax County, Va., police showed up at his door, guns drawn(Opens in a new window) after getting a phony tip that Russians had broken in and shot his wife. The perpetrator was caught after participating in an online forum clandestinely run by the FBI, and