Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Who Hit CIA Director Break Into Law Enforcement Tools (wired.com)

Posted by Soulskill on from the relatedly-you're-all-under-arrest dept.

An anonymous reader writes: The same group of hackers who hacked into the personal email account of CIA director John Brennan have now exploited a vulnerability to gain access to a private law enforcement portal. They demonstrated access to a system called JABS — the Joint Automated Booking System — which is a database of arrest records. "It was through the vulnerable law enforcement portal that the hackers say they also obtained a list of about 3,000 names, titles, email addresses and phone numbers for government employees that they posted to Pastebin on Thursday. The posting, which they indicated was just "Part 1" of a presumably multi-part leak, consisted of a snippet of an alphabetical list of government employees working for the FBI and other federal agencies as well as various local police and sheriff departments around the country. It included job titles, email addresses and phone numbers."

35 comments

  1. will Hillary be in there by turkeydance · · Score: 1

    somewhere?

    1. Re:will Hillary be in there by Anonymous Coward · · Score: 0

      It was she who hacked it! No one else would remove her name from the list and leave everyone else. Don't believe me? Just log into the portal and check for for yourself.

  2. *Someone* is trying to keep our gov't accountable by Anonymous Coward · · Score: 1

    Well, the methods suck but at least SOMEONE is trying to keep the US government accountable.

    The knob-slobberers at The New York Times and The Washington Post sure as hell aren't.

  3. Well done by Anonymous Coward · · Score: 0

    These guys are brave.

    They'll be dead soon.

    1. Re:Well done by KGIII · · Score: 2

      Their "resisting arrest" is almost a certainty at this point.

      Don't worry, a quick review will be done and the officer's actions deemed legitimate.

      --
      "So long and thanks for all the fish."
  4. Fine Example. by Anonymous Coward · · Score: 5, Insightful

    This is really one of the bigger reasons to NOT want the government collecting every little tidbit it can on you under the disguise of "national security". Even if THEY actually have no ill intentions with the data, things like this prove that they don't have their own shit together enough to protect that data from hackers/criminals/etc.

    I'd find it rather hilarious if the exploit used was one of those the NSA knew about and decided to keep secret so they could exploit it themselves rather than get it reported and patched.

    1. Re:Fine Example. by 93+Escort+Wagon · · Score: 4, Insightful

      This is really one of the bigger reasons to NOT want the government collecting every little tidbit it can on you under the disguise of "national security". Even if THEY actually have no ill intentions with the data, things like this prove that they don't have their own shit together enough to protect that data from hackers/criminals/etc.

      That may very well be the point - but, if so, they should be saying that explicitly (and keep doing so!). I have no confidence that the general public is going to figure it out on their own.

      --
      #DeleteChrome
    2. Re: Fine Example. by ghee22 · · Score: 1

      NSA likely writes WAF rules to explicitly block every exploit they find. That's the real treasure, their rule list.

      --
      "Persistence is annoying success." - ghee22 11:28:1999 - 10:53:PM
    3. Re:Fine Example. by phantomfive · · Score: 1

      Hacking like this is just going to get worse and worse until people make security a priority. Right now it's not a high for people, as Linux recently pointed out.

      --
      "First they came for the slanderers and i said nothing."
    4. Re:Fine Example. by CaptainDork · · Score: 4, Insightful

      Actually, my working theory is that the general public HAS figured it out.

      You and I have the same tools as the big guys. One thing we have that they don't is a sense of paranoia. This guy had a non-government email and either jumped a phishing link or had predictable two-level secret questions guarding the gate.

      Having hacked into the "freemail," the hacker examined the contents for clues and hit pay dirt on an exploit or took advantage of reused passwords.

      I am not a hacker and neither are you, but we could be. It's not hard work to move from where we are, technically, to that skill level.

      There are many more people outside any governments than there are on the inside.

      The theory of probability and statistics implies that there are smarter people among the masses than there are smart people working for the government.

      We're all using the same machinery, the same skills, the same software ... it's a level playing field and everyone has a gun.

      Some of us just don't load up.

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:Fine Example. by Anonymous Coward · · Score: 0

      "The theory of probability and statistics implies that there are smarter people among the masses than there are smart people working for the government."

      How is that? The theory of probability and statistics says nothing about it. What it *does* say (by means of Bayes' Theorem) is that the probabilty of you honoring your nickname and really being a dork, given your post's contents, is quite high.

    6. Re:Fine Example. by Anonymous Coward · · Score: 0

      So we should punish / restrict the people gathering information who are trying to punish people who are trying to hack and steal said information for the simple reason of exposing the government gathering data on the people who work for them?

      Excuse me... but the last thing I want is the homes address and phone numbers of ANY law enforcement officials. It's begging for them to be targeted by organized crime -- which, actually fucking does exist. And these hackers are getting pretty goddamned close to being labeled as such. They need to fuck off, before their stupid, pissant adolescent attitude of "just because we can and down with the man", leads to some real, irreversable carnage. Like... a police officer being murdered.

    7. Re:Fine Example. by CaptainDork · · Score: 1

      Your use of a buzzword, having nothing to do with the problem, reveals that you have a non-zero chance in hell of knowing anything about probabilities other than a buzzword. This is slashdot. Nerds visit this place, including statisticians.

      --
      It little behooves the best of us to comment on the rest of us.
    8. Re:Fine Example. by Anonymous Coward · · Score: 0

      "Your use of a buzzword, having nothing to do with the problem, reveals that you have a non-zero chance in hell of knowing anything about probabilities other than a buzzword."

      Yeah, well... You don't set at all what the government's hiring procedures are, still bubble something about probabilities and statistics of some trait compared to general population. Somebody else points out that this is as dumb as it takes and then invokes the conditional probability theorem to point out that this observation makes you quite probably a dork.

      I know which side the knowledge stands with and it's not yours.

    9. Re:Fine Example. by DarkOx · · Score: 1

      This is what the national security people don't understand or can't admit.

      Information like most things flows for a high concentration to a low concentration. The more you collect centralize and organize the more effort required to keep it where you want it, the greater the potential consequences when you fail. (See OPM hack).

      Mass surveillance and information sharing makes us less safe.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    10. Re:Fine Example. by RockDoctor · · Score: 1

      Are the "general public" their audience?

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    11. Re:Fine Example. by CaptainDork · · Score: 1

      We sure as fuck know which side has literacy going for them.

      --
      It little behooves the best of us to comment on the rest of us.
  5. Nothing to fear? by Anonymous Coward · · Score: 1

    Nothing to hide.

  6. Dead by Anonymous Coward · · Score: 0

    Snitches for sure.

  7. For the morbidly curious, here're the links by Anonymous Coward · · Score: 1

    Here's the deleted Twitter messages referred to in the article:

    http://tweettunnel.com/phphax

    In that link, the Cryptobin link and password are on the bottom. It appears as though the Pastebin has been deleted.

  8. Re:*Someone* is trying to keep our gov't accountab by Anonymous Coward · · Score: 0

    And this does that how?

    They got a specialized phone book. If any one dies from this, I'd hope they get charged with manslaughter.

    Not sure why you are naming the Times and Post specifically, but they'd announce they had the information, not publishing it openly where it could get people killed. This is assuming the ones listed aren't all desk jobs, but possible field agents.

    Think of it like this. There are two groups that are to hold the government accountable. You've got the standard citizens, which I'm assuming you are just like me. Hello there. You also have the Supreme Court. Now the Supreme Courtisf borked, because there has been a movement for the justices to interpret laws by the letter instead of by the spirit. This means that they are not interpreting the meaning of the laws, but just reading it as is. That isn't their job. These justices have been placed by the far right presidents. The citizens need to get out and vote more, which is the simple solution to the problems the nation faces by making the Congress more accountable.

    I fail to see how posting contact information of federal employees does anything to keep anyone accountable. If there was a data dump that may help, it would be a list of political donors and their money trails.

  9. Real hackers would have purged it. by Anonymous Coward · · Score: 0

    Purge the whole database or corrupt all the data in a way that after about 12 months and all the backups have been overwritten they discover the database is useless.

    Remember when hackers were real freedom fighters instead of brainless morons that use script kiddie attacks?

    1. Re:Real hackers would have purged it. by TapeCutter · · Score: 1

      Purge the whole database or corrupt all the data

      The entire planet witnessed what happened in Iraq when the US military sacked the Iraqi public service from the police chief and mayor all the way down to garbage collectors, cops, firemen, etc. Then stood by as the looters and vandals pulled their own society apart. Why are so many Americans keen to repeat that mistake in their own country? Expose serious wrongdoing by all means possible, but IMO your purge/corrupt suggestion is just random vandalism.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  10. Re:*Someone* is trying to keep our gov't accountab by CaptainDork · · Score: 3, Insightful

    You're missing the point of the whole goddam event.

    Hackers hit a "freemail" and, from there, wormed their way to important shit.

    The government (and businesses, and you, and me) are not competent enough to stop phishing schemes or plug all the goddam holes in the crapware tech vendors have been handing out for years.

    --
    It little behooves the best of us to comment on the rest of us.
  11. Re by Anonymous Coward · · Score: 0

    Keep it secure, easy keep it on a closed network with no external access , put it on the net and it will get exploited eventually.

  12. Law Enforcement Tools by Anonymous Coward · · Score: 1

    "Law Enforcement Tools" is a euphemism for "cops"

  13. If only by penguinoid · · Score: 4, Funny

    If only we had some agency that specialized in security.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  14. If only by AndyKron · · Score: 3, Funny

    If only the government had a backdoor...

  15. Poking a bear with a stick by Anonymous Coward · · Score: 0

    I'm not worried about the bear waking up.... I'm worried about the new regulations to protect the bear.

  16. Wonder when the president by Anonymous Coward · · Score: 0

    ....will address this as the continuing threat of terrorism

    1. Re:Wonder when the president by Anonymous Coward · · Score: 0

      Well, the Pentagon did create, arm, and train ISIS, and continues to supply them with intelligence.

      So that's something, right?

  17. data is beyond government ability to protect? by Anonymous Coward · · Score: 0

    guess it's a good way of making that point, at huge risk to themselves.

  18. Huh? by stoatwblr · · Score: 1

    Name, job title and phone number of govt employees are a matter of public record (or should be) and as such exposable under FOIA in any case.

    The fact that this is regarded as secret says far more about a government than it does about the people publishing it.

  19. No surprise at all by gweihir · · Score: 1

    Governments and their organizations are routinely completely incompetent with regards to technology. They are used to being able to solve everything the cave-man way: With being able to dish out more violence. As soon as that fails, they come unarmed to a battle of wits.

    This is also why any kind of backdoors and intentional weaknesses introduced into IT systems is such a bad idea: No government will be able to keep these safe and very soon they are will be available to the criminal world.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  20. OPSEC by godel_56 · · Score: 2

    From TFA,"One U.S. official said the hackers managed to cover their tracks well, but the official expressed confidence they would be found."

    If they are found it will probably be through someone shooting their mouth off on a web site rather than by tracing them through some technical means. If you're going do to this kind of naughty then you really need to STFU. It will be interesting to see if the hackers can maintain their discipline.