US Marshals Service Suffers 'Major' Security Breach That Compromises Sensitive Information

According to a spokesperson for the United States Marshals Service (USMS), the agency was hit with a ransomware attack last week that compromises sensitive information. NBC News reports: In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

Wade said the incident occurred Feb. 17, when the Marshals Service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system." The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said. He added that on Wednesday, after the agency briefed senior department officials, "those officials determined that it constitutes a major incident." The investigation is ongoing, Wade said.

A senior law enforcement official familiar with the incident said the breach did not involve the database involving the Witness Security Program, commonly known as the witness protection program. The official said no one in the witness protection program is in danger because of the breach. Nevertheless, the official said, the incident is significant, affecting law enforcement sensitive information pertaining to the subjects of Marshals Service investigations. The official said the agency has been able to develop a workaround so it is able to continue operations and efforts to track down fugitives.

Guessing most likely non-targetted attack?

[bug_hunter]

Criminals would have some giant balls to try and ransomware any kind of law enforcement, and if you were inclined to go after such a dangerous target, I'm assuming randsomware wouldn't be the most profitable application such a hack.

Guessing this is a "we've encrypted your HD, send us 0.1 BitCoin for the decryption key" that was hoping to snag a bunch of nobodies, but accidentally has gotten waaay too much heat.

Re:

[Anonymous Coward]

I had to re-read TFS twice and did a double-take! LOL, that's so funny.

For a second I was sure that I had found the mysterious and very secretive 3 letter agency where our own renowned Slashdot mascot and highly wannabe number 1 top Slashdot influencer in chief on top of them all pretends to work. But, then I realized United States Marshals Service (USMS) seems to be a 4 letter agency instead of a 3 letter agency.

Note that up here in Canada, all serious very secretive agencies are 4 letter agencies which ma

Re:

[Eunomion]

Yeah, this is an area where a lot of professional egos would be involved. If folks thought this really compromised the core mission, you'd have hardware being thrown into the ocean, former gangsters being shuffled like a deck, and people resigning en masse.

Re:

[Opportunist]

I would expect a Ransom-like response. Like

"This is 0.1 bitcoins, but that's as close as you'll ever get to it. Here's 100 bitcoins, they go to whoever brings me your ass".

Re: Guessing most likely non-targetted attack?

[Type44Q]

I'm assuming randsomware wouldn't be the most profitable application such a hack.

You assume correctly; it'd be far more profitable to sell witness protection program data to organized crime and foreign intelligence services.

Re:

[Papaspud]

I would guess you might be right. or maybe foreign intelligence services just probing the security a little.

Re:

[whitroth]

Given that the FBI just went down the blockchain and arrested people for ransomware, this is more than just stupid, this is please come put me in jail.

Re:who cares

[Opportunist]

Just remember, this is the same government that wants to eliminate your privacy to keep you safe.

Re:who cares

[markdavis]

Yep, and the one that wants to tell us how to secure our systems, what is "true", and how we should live our lives.

Less is more.

Re: who cares

[Archangel_Azazel]

You forgot to yell "FOR THE CHILDREN!!" so you can then justify anything and everything.
That way you can have gems like Archie Bunker down in the comment section telling everyone they can like it or GIT OWT!!

CLUE:
If you get told at any point that a law, ANY law, is "for the children" or "for your safety", read the whole Damm thing twice, at least. Bet your star spangled ass there will be gifts in that bill for some donors, probably even themselves while they're at it.
I mean, the STOCK act had to be passed

Re:who cares

[gtall]

Written like a true Fox watcher. Next time you get on a plane, try thanking National Transportation Safety Board for the safety of the plane so you do not have to trust the airline so much. Food safety? FDA. They also keep Ma and Pa Kettle's Home Elixer and Rat Poison off the market. Those childhood vaccines that kept you from getting polio and other diseases are also brought to you by government. CDC provides research for that those new designer diseases that are eyeing you right now. Your mother gets gunned down? In your eyes the police should just smile and tell you not to worry, you aren't dead yet. Your bank accounts are insured by the Fed. Gov.

Then there is SS and Medicare, unless you are prepared to house, feed, and provide medical care to Ma and Pa. And they'll be wanting to live with you. The military keeps the sea lanes open so that those nice Chinese don't decide to stop countries from trading with the U.S.

NIST provides a free accounting of national technical standards, you trust companies to provide those, yes?

I know it is anathema to people like you, but government is composed of people who really care about the care and services they provide Americans. Naturally, right-wing nutjobs hate them for it. preferring a dog-eat-dog world. Actually, government workers are saints, they have to put up with people like you. Want to know just how whacked out the public really is? Watch CSPAN's early morning call in show.

Re: who cares

[Archangel_Azazel]

It's just below the Trump 4 Lyfe sticker and right beside the fading "NObama!" Sticker they got from infowars.

Might be hard to spot from the intentionally thick, choking black smoke generated by their modified "fuktehlibz" exhaust system.

(I'm not being serious, I just wanted to add to the stereotypical picture lol)

Re:

[Ungrounded Lightning]

Written like a true Fox watcher.

Addressing just some parts of this paragraph:

Food safety? FDA.

You mean the agency that caused the recent famine of infant formula by shutting down one of the three major factories over bogus claims of contamination (which they took months to discover were bogus and then more months to let the factory get back into production - while most of what WAS being produced elsewhere was government-earmarked for shipment to border-crosser holding facilities)? But that's minor compared

Re:

[ArchieBunker]

Why haven’t you moved to a place without government then? Or how about those libertarian utopias that all fizzled out?

Re: who cares

[Archangel_Azazel]

From the guy who takes his name from one of the most racist shows ever aired on TV lol.
Just one time I'd like to see something more complex than "well if'n un's don't like it, ye can git owt!!!" from one of you. It's idiocy at its finest and just signals to everyone you can think with all the depth and nuance of an English muffin.
At least troll better? Just saying.

"stand alone" system doesn't use sneaker-net?

[Anonymouse Cowtard]

Isn't there some thermal printer/scanner system that allows data exchange between an online system and a sandboxed system? My first thought anyway.

Re:

[CaptQuark]

"Stand alone system" might just be an encrypted agency laptop that was being used to work from home. Typically these ransomware attacks begin with a compromised email or attachment so it's reasonable to assume it was a user's computer rather than a server.

On a related topic, here is a new-ish attack method that I hadn't heard of before last week. There is a Unicode character called "Right-to-Left Override" that helps hide malicious attachments by disguising the true extension with something that looks inn

Is this what you get ...

[MxMatrix]

... when the only investment was new weapons instead of proper IT security?

Of course we all believe them

[Miles_O'Toole]

From TFA: "The official said no one in the witness protection program is in danger because of the breach."

Is there anybody in the world with a three-figure IQ who trusts "the official" when they make this claim? Would it even make the news if John Smith, recently of Podunk Iowa, died in a one car accident on his way home from work?

Re:

[quantaman]

From TFA: "The official said no one in the witness protection program is in danger because of the breach."

Is there anybody in the world with a three-figure IQ who trusts "the official" when they make this claim? Would it even make the news if John Smith, recently of Podunk Iowa, died in a one car accident on his way home from work?

Trust them, not really.

But a decent design would be to keep the really confidential stuff like witness protection on a separate, more isolated system, so plausibly not affected.

An even better design would be paper copies only.

Re:

[evil_aaronm]

This is the fallout of lying: people no longer believe you. Like the EPA in East Palatine, OH. I don't believe them. And it's not because I support this president or that one: we've been lied to in cases like this before. What is our motivation to believe them this time?

Re:

[Miles_O'Toole]

You nailed it, my friend, and your example is the exact one I'd have chosen to illustrate how skeptical average people have become.

I am sure

[jmccue]

I am sure if they had that new Microsoft Defender Automatic Install for Office 365 this would not have happened. /s

That will make it harder to replace the FBI.

[Ungrounded Lightning]

I understand that one option that has been considered for dealing with runaway-agency issues at the FBI is to just disband it and transfer its legitimate functions to the Marshal Service. This could make that even less likely.