Hackers reportedly hacked the DEA
The federal agency was missing the bare minimum of security processes.
A group of hackers has reportedly made its way into a data portal run by the US Drug Enforcement Agency (DEA). The group was able to gain access to the DEA’s portal without running into any multi-factor authentication system.
A recent security report from Brian Krebs of Krebs on Security revealed the breach. Krebs received a tip stating that hackers had gained a username and password that gave them access to the Law Enforcement Inquiry and Alerts (LEIA) system that is managed by the DEA.
That particular portal gives users access to 16 different federal law enforcement databases. Also, a user with access to the portal can send out law enforcement alerts or find information on criminals.
It can even disrupt law enforcement operations. You can probably see how it’s not great to have this information in the hands of hackers.
The hacker didn’t need multi-factor authentication to access the DEA portal
What’s even worse is how seemingly easy the hacker was able to get into the portal. Krebs’ source, an administrator of a “highly toxic online community,” said the hacker was able to access the portal with just a username and password they had obtained.
Not once did the DEA’s portal ask the hacker for any other form of identity authentication. If Twitter users should always set up two-factor authentication, then, at the very least, federal law enforcement agencies should have the same level of protection.
The DEA didn’t really give Krebs much information after he notified the agency of the hacker. In fact, all he got was a generic statement saying, “DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent.”
Hopefully, the DEA steps its security up with at least some sort of two-factor authentication. That’s the bare minimum requirement that a powerful federal agency with control of several federal databases should meet.
- Taylor Swift, Drake, and more had their YouTube accounts hacked, but they recovered them
- Thousands of top websites collect your data in real-time as you type
- Facebook intentionally blocked government pages in Australia
- Apple and Meta handed over data to hackers pretending to be police, but it gets worse