Connect with us

News

Hackers reportedly hacked the DEA

The federal agency was missing the bare minimum of security processes.

dea logo with blurred background
Image: KnowTechie

A group of hackers has reportedly made its way into a data portal run by the US Drug Enforcement Agency (DEA). The group was able to gain access to the DEA’s portal without running into any multi-factor authentication system.

A recent security report from Brian Krebs of Krebs on Security revealed the breach. Krebs received a tip stating that hackers had gained a username and password that gave them access to the Law Enforcement Inquiry and Alerts (LEIA) system that is managed by the DEA.

That particular portal gives users access to 16 different federal law enforcement databases. Also, a user with access to the portal can send out law enforcement alerts or find information on criminals.

READ MORE: Google warns of new spyware threat to iOS and Android users

It can even disrupt law enforcement operations. You can probably see how it’s not great to have this information in the hands of hackers.

The hacker didn’t need multi-factor authentication to access the DEA portal

dea dashboard
A screenshot of the DEA’s intelligence sharing portal (Image: Krebs on Security)

READ MORE: Hackers can use Bluetooth to unlock and steal some Teslas

What’s even worse is how seemingly easy the hacker was able to get into the portal. Krebs’ source, an administrator of a “highly toxic online community,” said the hacker was able to access the portal with just a username and password they had obtained.

Not once did the DEA’s portal ask the hacker for any other form of identity authentication. If Twitter users should always set up two-factor authentication, then, at the very least, federal law enforcement agencies should have the same level of protection.

READ MORE: This FBI document reveals how much data it can legally obtain from messaging apps

The DEA didn’t really give Krebs much information after he notified the agency of the hacker. In fact, all he got was a generic statement saying, “DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent.”

Hopefully, the DEA steps its security up with at least some sort of two-factor authentication. That’s the bare minimum requirement that a powerful federal agency with control of several federal databases should meet.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Contributing writer with a passion for gaming and tech. Probably getting wrecked by some kids in Rocket League.

More in News