On May 8th, researchers at KrebsOnSecurity discovered that hackers may have gained unauthorized access to a US Drug Enforcement Agency (DEA) portal that taps into 16 different federal law enforcement databases. Researchers believe a threat actor obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. LEIA is connected to several federal law enforcement databases that contain law enforcement sensitive data. Researchers fear that not only have threat actors gained access to sensitive information, but the access may allow them to submit false records to law enforcement and intelligence agency databases. When asked about the breach, DEA declined to comment on the situation and offered the following statement, “DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent.” Binary Defense analysts will continue to monitor the situation for developments.
Law enforcement agencies are a constant target for threat actors. Sensitive law enforcement data at any level will gain interest from buyers on the dark web. Federal law enforcement databases containing sensitive data should be mandated to be protected through multi-factor authentication and guidance should be published for state and local level law enforcement agencies. Agencies lacking in cyber defense will continue to be a prime target for threat actors, even if they have been victims previously.