The portal provides access to the restricted databases of 16 U.S. federal agencies. These databases contain information that is used for investigations. Krebs said cybercriminals may have gained access to the portal after obtaining an authorized user’s username and password. If true, this raises major concerns about the cybersecurity provisions of U.S. government agencies. Neither the DEA nor any other branch of the Justice Department has officially confirmed the breach.
Law Enforcement Inquiry and Alert System Possibly Compromised
The portal in question is the Law Enforcement Inquiry and Alert (LEIA) system, which is a database containing sensitive information used by U.S. federal agencies. The portal may be linked to the DEA’s El Paso Intelligence Center (EPIC) database, which is believed to contain information related to defense and intelligence. The LEIA system has search capabilities, allowing authorized users to scan through its contents. With access to EPIC, one can look up a variety of records, including information related to “motor vehicles, boats, firearms, aircraft, and even drones.” The potential data breach came to light earlier this week. Krebs said he received a tip that hackers had obtained the login details of an authorized user of the LEIA system on Sunday, May 8. He received the information from the current administrator of Doxbin, which Krebs describes as “a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.” The administrator, identified as KT, even shared screenshots of the portal with Krebs. After receiving this information, Krebs reached out to the DEA, the Federal Bureau of Investigation (FBI), and the Justice Department to inform them. “[The] DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent,” the DEA said in an email response.
Responsible Actors May Have Ties to Lapsus$ Group
According to Krebs, the hackers may have ties to the Lapsus$ group. The group has orchestrated several high-profile cybercrimes in 2022, and its targets include Microsoft, Nvidia, and Samsung. Krebs said that the previous owner of Doxbin is the leader of Lapsus$. The modus operandi of Lapsus$’s cyberattacks usually involves gaining high-level access to a company’s internal networks. The group has previously impersonated law enforcement officials to get user information from companies, including Apple and Meta. “From the standpoint of individuals involved in filing these phony EDRs (Emergency Data Requests), access to databases and user accounts within the Department of Justice would be a major coup,” Krebs said. At the moment, no members of Lapsus$ have confirmed their involvement in the scheme.
Grave Concerns About U.S. Government Cybersecurity
Krebs said this incident has uncovered some shocking flaws in the U.S. government’s cybersecurity infrastructure. The fact that a username and password are enough to grant access to such a highly sensitive database is concerning, especially in the current geopolitical climate, where state-sponsored hacking groups are on the prowl for ways to exploit foreign governments. “I’ll say it because it needs to be said: The United States government is in urgent need of leadership on cybersecurity at the executive branch level — preferably someone who has the authority and political will to eventually disconnect any federal government agency data portals that fail to enforce strong, multi-factor authentication,” Krebs added. If this story piqued your interest, and you’re looking for ways to step up your cybersecurity, check out our list of the five best cybersecurity tools of 2022.