Drug Enforcement Administration

Drug Enforcement Administration

The Law Enforcement Inquiry and Alerts (LEIA) system managed by the U.S. Drug Enforcement Administration (DEA) suffered a data security breach after hackers obtained the username and password of an authorized user of esp.usdoj.gov.

The hackers used EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.

The hackers used their access not only to view sensitive information but also to submit false records to law enforcement and intelligence agency databases.

Source: https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/

TPRM report: https://scoringcyber.rankiteo.com/company/drug-enforcement-administration

"id": "dru2453822",
"linkid": "drug-enforcement-administration",
"type": "Breach",
"date": "05/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Law Enforcement',
                        'location': 'United States',
                        'name': 'U.S. Drug Enforcement Administration (DEA)',
                        'type': 'Government Agency'}],
 'attack_vector': 'Stolen Credentials',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Motor Vehicle Records',
                                              'Boat Records',
                                              'Firearm Records',
                                              'Aircraft Records',
                                              'Drone Records']},
 'description': 'The Law Enforcement Inquiry and Alerts (LEIA) system managed '
                'by the U.S. Drug Enforcement Administration (DEA) suffered a '
                'data security breach after hackers obtained the username and '
                'password of an authorized user of esp.usdoj.gov. The hackers '
                'used EPIC to look up a variety of records, including those '
                'for motor vehicles, boats, firearms, aircraft, and even '
                'drones. The hackers used their access not only to view '
                'sensitive information but also to submit false records to law '
                'enforcement and intelligence agency databases.',
 'impact': {'data_compromised': ['Motor Vehicle Records',
                                 'Boat Records',
                                 'Firearm Records',
                                 'Aircraft Records',
                                 'Drone Records'],
            'operational_impact': 'Submission of False Records',
            'systems_affected': ['LEIA System',
                                 'Law Enforcement Databases',
                                 'Intelligence Agency Databases']},
 'initial_access_broker': {'entry_point': 'Stolen Credentials'},
 'motivation': ['Data Theft', 'Data Manipulation'],
 'post_incident_analysis': {'root_causes': 'Weak Password Security'},
 'title': 'Data Security Breach of LEIA System',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak Password Security'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.