Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Privacy

US Marshals Service Suffers 'Major' Security Breach That Compromises Sensitive Information (nbcnews.com) 29

According to a spokesperson for the United States Marshals Service (USMS), the agency was hit with a ransomware attack last week that compromises sensitive information. NBC News reports: In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

Wade said the incident occurred Feb. 17, when the Marshals Service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system." The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said. He added that on Wednesday, after the agency briefed senior department officials, "those officials determined that it constitutes a major incident." The investigation is ongoing, Wade said.

A senior law enforcement official familiar with the incident said the breach did not involve the database involving the Witness Security Program, commonly known as the witness protection program. The official said no one in the witness protection program is in danger because of the breach. Nevertheless, the official said, the incident is significant, affecting law enforcement sensitive information pertaining to the subjects of Marshals Service investigations. The official said the agency has been able to develop a workaround so it is able to continue operations and efforts to track down fugitives.

This discussion has been archived. No new comments can be posted.

US Marshals Service Suffers 'Major' Security Breach That Compromises Sensitive Information

Comments Filter:
  • by bug_hunter ( 32923 ) on Monday February 27, 2023 @10:46PM (#63329041)

    Criminals would have some giant balls to try and ransomware any kind of law enforcement, and if you were inclined to go after such a dangerous target, I'm assuming randsomware wouldn't be the most profitable application such a hack.

    Guessing this is a "we've encrypted your HD, send us 0.1 BitCoin for the decryption key" that was hoping to snag a bunch of nobodies, but accidentally has gotten waaay too much heat.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      I had to re-read TFS twice and did a double-take! LOL, that's so funny.

      For a second I was sure that I had found the mysterious and very secretive 3 letter agency where our own renowned Slashdot mascot and highly wannabe number 1 top Slashdot influencer in chief on top of them all pretends to work. But, then I realized United States Marshals Service (USMS) seems to be a 4 letter agency instead of a 3 letter agency.

      Note that up here in Canada, all serious very secretive agencies are 4 letter agencies which ma

    • Yeah, this is an area where a lot of professional egos would be involved. If folks thought this really compromised the core mission, you'd have hardware being thrown into the ocean, former gangsters being shuffled like a deck, and people resigning en masse.
    • I would expect a Ransom-like response. Like

      "This is 0.1 bitcoins, but that's as close as you'll ever get to it. Here's 100 bitcoins, they go to whoever brings me your ass".

    • I'm assuming randsomware wouldn't be the most profitable application such a hack.

      You assume correctly; it'd be far more profitable to sell witness protection program data to organized crime and foreign intelligence services.

      • I would guess you might be right. or maybe foreign intelligence services just probing the security a little.
    • by whitroth ( 9367 )

      Given that the FBI just went down the blockchain and arrested people for ransomware, this is more than just stupid, this is please come put me in jail.

  • Isn't there some thermal printer/scanner system that allows data exchange between an online system and a sandboxed system? My first thought anyway.
    • "Stand alone system" might just be an encrypted agency laptop that was being used to work from home. Typically these ransomware attacks begin with a compromised email or attachment so it's reasonable to assume it was a user's computer rather than a server.

      On a related topic, here is a new-ish attack method that I hadn't heard of before last week. There is a Unicode character called "Right-to-Left Override" that helps hide malicious attachments by disguising the true extension with something that looks inn

  • ... when the only investment was new weapons instead of proper IT security?

  • by Miles_O'Toole ( 5152533 ) on Tuesday February 28, 2023 @04:49AM (#63329293)

    From TFA: "The official said no one in the witness protection program is in danger because of the breach."

    Is there anybody in the world with a three-figure IQ who trusts "the official" when they make this claim? Would it even make the news if John Smith, recently of Podunk Iowa, died in a one car accident on his way home from work?

    • From TFA: "The official said no one in the witness protection program is in danger because of the breach."

      Is there anybody in the world with a three-figure IQ who trusts "the official" when they make this claim? Would it even make the news if John Smith, recently of Podunk Iowa, died in a one car accident on his way home from work?

      Trust them, not really.

      But a decent design would be to keep the really confidential stuff like witness protection on a separate, more isolated system, so plausibly not affected.

      An even better design would be paper copies only.

    • This is the fallout of lying: people no longer believe you. Like the EPA in East Palatine, OH. I don't believe them. And it's not because I support this president or that one: we've been lied to in cases like this before. What is our motivation to believe them this time?
      • You nailed it, my friend, and your example is the exact one I'd have chosen to illustrate how skeptical average people have become.

  • by jmccue ( 834797 ) on Tuesday February 28, 2023 @07:40AM (#63329461) Homepage
    I am sure if they had that new Microsoft Defender Automatic Install for Office 365 this would not have happened. /s
  • I understand that one option that has been considered for dealing with runaway-agency issues at the FBI is to just disband it and transfer its legitimate functions to the Marshal Service. This could make that even less likely.

You are always doing something marginal when the boss drops by your desk.

Working...