Slashdot Mirror
A Massive Cache of Law Enforcement Personnel Data Has Leaked (zdnet.com)
Zack Whittaker, reporting for ZDNet: A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned. The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law Enforcement Rapid Response Training -- known as ALERRT -- at Texas State University. The database dates back to April 2017 and was uploaded a year later to a web server, believed to be owned by the organization, with no password protection. ZDNet obtained a copy of the database, which was first found by a New Zealand-based data breach hunter, who goes by the pseudonym Flash Gordon.
...uploaded a year later to a web server, believed to be owned by the organization, with no password protection....
Whoever put into place this stunningly amazing illustration of absolute ignorance about security should never be allowed near a keyboard again.
The way law enforcement has decided they don't give a fuck about our privacy, I'm afraid I have little sympathy for this.
If you're in charge of this kind of information, and you put it on a server with no protection, you probably have no business in that job.
Do the police expect us to care about their privacy when they don't care about ours?
I'm sure that Law Enforcement is perfectly fine with the breach. After all, since they have nothing to hide, they have nothing to fear.
Right?
This is why we need strong encryption and authentication as a legal requirement for all personal information databases. Law enforcement may not like it, but if they require backdoors on encryption schemes and access, this will continue to make them as vulnerable as everyone else. They have proven the argument they oppose for us. I get the problems this causes, but the damage allowed by not using proper data protection is generally much worse. And now they may end up learning this the hard way, and that's a shame.
Or not.
That happened under Obama so the media basically swept it under the rug.
It was reported on every major news outlet when it happened. So that's a strange notion of "sweeping under the rug" you've got there.
Remember, the OPM breach compromised every single federal worker
The Chicoms got a copy of the OPM database but you can't get it on the dark web, like this one will be. That's a major difference.
I know one of our fellow /.'ers who was seriously trying to get a copy of the OPM database. He turned up suddenly dead last year with a self-inflicted gunshot wound. Probably a coincidence, but he was insistent that I turn off my cell phone before talking about it. No joke - I gave him a copy of Tails as I do for everybody but I have no evidence of causality there.
I only know a few of y'all in person, but you're the best kind of crazy friends.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Re "How was if swept under the rug?"
Read the report. Nothing was done. The US gov sat on the discovery about mil/gov data getting accessed for months.
The movement of data in real time out of the USA was allowed.
Nothing was done to protect the data. Nothing was done to secure and encrypt the data.
The data set was left as bait to try and see what was going to be done.
The data set was copied out of the USA. The US gov for some expected the data set to be searched and used in real time.
That the access would be back to the US site, not the movement of all data out of the USA. The data set was left open, unencrypted to see how the access and searching would happen.
Nothing was searched for and all the data got copied out as the US gov watched on. The only method discovered was that the data was copied.
The tame US media reported the copy of the gov/mil data set as if a movie studio had a movie archive copied.
Domestic spying is now "Benign Information Gathering"