News
Hackers reportedly hacked the DEA
The federal agency was missing the bare minimum of security processes.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
A group of hackers has reportedly made its way into a data portal run by the US Drug Enforcement Agency (DEA). The group was able to gain access to the DEA’s portal without running into any multi-factor authentication system.
A recent security report from Brian Krebs of Krebs on Security revealed the breach. Krebs received a tip stating that hackers had gained a username and password that gave them access to the Law Enforcement Inquiry and Alerts (LEIA) system that is managed by the DEA.
That particular portal gives users access to 16 different federal law enforcement databases. Also, a user with access to the portal can send out law enforcement alerts or find information on criminals.
READ MORE: Google warns of new spyware threat to iOS and Android users
It can even disrupt law enforcement operations. You can probably see how it’s not great to have this information in the hands of hackers.
The hacker didn’t need multi-factor authentication to access the DEA portal
READ MORE: Hackers can use Bluetooth to unlock and steal some Teslas
What’s even worse is how seemingly easy the hacker was able to get into the portal. Krebs’ source, an administrator of a “highly toxic online community,” said the hacker was able to access the portal with just a username and password they had obtained.
Not once did the DEA’s portal ask the hacker for any other form of identity authentication. If Twitter users should always set up two-factor authentication, then, at the very least, federal law enforcement agencies should have the same level of protection.
READ MORE: This FBI document reveals how much data it can legally obtain from messaging apps
The DEA didn’t really give Krebs much information after he notified the agency of the hacker. In fact, all he got was a generic statement saying, “DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent.”
Hopefully, the DEA steps its security up with at least some sort of two-factor authentication. That’s the bare minimum requirement that a powerful federal agency with control of several federal databases should meet.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Taylor Swift, Drake, and more had their YouTube accounts hacked, but they recovered them
- Thousands of top websites collect your data in real-time as you type
- Facebook intentionally blocked government pages in Australia
- Apple and Meta handed over data to hackers pretending to be police, but it gets worse
Follow us on Flipboard, Google News, or Apple News
