Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

In Wild Hacking Spree, Hackers Accessed Federal Law Enforcement Database

posted by janrinok on Friday March 17 2023, @09:52PM   Printer-friendly
from the random-police-credentials-must-be-in-sudoer-file dept.

fliptop writes:

The U.S. government database provided access to a treasure trove of sensitive data. "I can request information on anyone in the U.S.," one of the alleged hackers wrote:

Two men, one of whom previously presented themselves as an independent security researcher to Motherboard, allegedly went on a wide spanning hacking spree that included breaking into a federal U.S. law enforcement database; using a compromised Bangladeshi police officer's email to fraudulently requesting user data from a social media company; and even trying to buy services from a facial recognition company which doesn't sell products to the wider public.

[...] Sagar Steven Singh, 19, was arrested in Rhode Island on Tuesday; Nicholas Ceraolo, 25, remains at large with his location listed as Queens, New York, a press release from the United States Attorney's Office for the Eastern District of New York says. "Singh and Ceraolo unlawfully used a police officer's stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports," it states.

[...] That pursuit of personal information is what allegedly drew Singh and Ceraolo to breaking into various law enforcement accounts. In one case, the pair allegedly used a police officer's credentials to access a web portal maintained by a U.S. federal law enforcement agency.

Also at Dnyuz.

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
In Wild Hacking Spree, Hackers Accessed Federal Law Enforcement Database | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Touché) by Snotnose on Friday March 17 2023, @11:22PM (4 children)

    by Snotnose (1623) on Friday March 17 2023, @11:22PM (#1296768)

    that wants to force companies to pay more attention to security?

    / hint: dump Microsoft. Won't happen, but it would be the best bang for the buck.

    --
    When the dust settled America realized it was saved by a porn star.
    Starting Score:    1  point
    Moderation   +2  
       Informative=1, Touché=1, Total=2
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 5, Touché) by Opportunist on Friday March 17 2023, @11:48PM

    by Opportunist (5545) on Friday March 17 2023, @11:48PM (#1296773)

    And the same that wants to know and store everything about you, exactly that one.

    And unlike those companies, they won't be liable for anything. Like Mel Brooks already said in the History of the World, it's great to be the king.

  • (Score: 2) by MIRV888 on Saturday March 18 2023, @03:10AM

    by MIRV888 (11376) on Saturday March 18 2023, @03:10AM (#1296804)

    OK your byline is hysterical.
    I lol'd

  • (Score: 3, Informative) by guest reader on Saturday March 18 2023, @06:50AM (1 child)

    by guest reader (26132) on Saturday March 18 2023, @06:50AM (#1296830)

    that wants to force companies to pay more attention to security?

    They used a username and stolen password belonging to a local police officer. Maybe they should start using Multi-factor authentication [wikipedia.org] (includes 2FA).

    Original press release source [justice.gov] from U.S. Department of Justice: Two Men Charged for Breaching Federal Law Enforcement Database and Posing as Police Officers to Defraud Social Media Companies.

    Complaint-USA against Sagar Steven Singh and Nicholas Ceraolo [flashpoint.io], Case 1:23-mj-00213-MMH

    [...] On or about May 7, 2022, SINGH used a username and password belonging to a local police officer (the “Stolen Credentials”) to log in to the Portal without authorization.

    [...] A United States federal law enforcement agency (the “Federal Law Enforcement Agency”) maintains a nonpublic website (the “Portal”) whose purpose is to share intelligence from government databases with state and local law enforcement agencies. Data available through the Portal is not classified but is sensitive and includes detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.

    The Portal is password-protected, and access to the Portal is restricted to law enforcement officials.

    • (Score: 2) by aafcac on Saturday March 18 2023, @06:48PM

      by aafcac (17646) on Saturday March 18 2023, @06:48PM (#1296925)

      And maybe we shouldn't be storing so much data in one place