SoylentNews is people
SoylentNews
from the random-police-credentials-must-be-in-sudoer-file dept.
The U.S. government database provided access to a treasure trove of sensitive data. "I can request information on anyone in the U.S.," one of the alleged hackers wrote:
Two men, one of whom previously presented themselves as an independent security researcher to Motherboard, allegedly went on a wide spanning hacking spree that included breaking into a federal U.S. law enforcement database; using a compromised Bangladeshi police officer's email to fraudulently requesting user data from a social media company; and even trying to buy services from a facial recognition company which doesn't sell products to the wider public.
[...] Sagar Steven Singh, 19, was arrested in Rhode Island on Tuesday; Nicholas Ceraolo, 25, remains at large with his location listed as Queens, New York, a press release from the United States Attorney's Office for the Eastern District of New York says. "Singh and Ceraolo unlawfully used a police officer's stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports," it states.
[...] That pursuit of personal information is what allegedly drew Singh and Ceraolo to breaking into various law enforcement accounts. In one case, the pair allegedly used a police officer's credentials to access a web portal maintained by a U.S. federal law enforcement agency.
Also at Dnyuz.
(Score: 2) by Osamabobama on Tuesday March 21 2023, @05:52PM
The reason this is a story is because the data was compromised in one 'spree.' If, on the other hand, the database had not been compromised by these two, it would have remained in use by police, who could abuse it slowly, one query at a time. Police access to the database is durable--they don't need to hurry to exploit the data before they get locked out. They will be able to use it when the need arises, whether the use is officially sanctioned or not.
The only thing keeping this database from being abused is the set of rules and laws punishing abuse. But those rules didn't deter the two perpetrators, and there will also be police officers who won't be deterred. Unless police are somehow more ethical than the rest of us, that is, but that idea has gotten really hard to defend in the last few years. Furthermore, any punishment for police abuse of the database will be much less than for hackers who aren't authorized to use the system in the first place, so the rules-based deterrent is going to be less effective on cops.
Appended to the end of comments you post. Max: 120 chars.