惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
博客园 - 聂微东
Application and Cybersecurity Blog
Application and Cybersecurity Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
H
Help Net Security
L
LangChain Blog
T
Threat Research - Cisco Blogs
量子位
S
Securelist
Last Week in AI
Last Week in AI
L
Lohrmann on Cybersecurity
T
The Exploit Database - CXSecurity.com
P
Privacy International News Feed
The Hacker News
The Hacker News
Vercel News
Vercel News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Blog of Author Tim Ferriss
T
Threatpost
Security Latest
Security Latest
P
Palo Alto Networks Blog
Microsoft Security Blog
Microsoft Security Blog
NISL@THU
NISL@THU
F
Full Disclosure
WordPress大学
WordPress大学
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Heimdal Security Blog
J
Java Code Geeks
Recorded Future
Recorded Future
Hugging Face - Blog
Hugging Face - Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog RSS Feed
月光博客
月光博客
C
Cisco Blogs
V
Visual Studio Blog
D
DataBreaches.Net
H
Hacker News: Front Page
博客园 - 叶小钗
N
News and Events Feed by Topic
爱范儿
爱范儿
A
Arctic Wolf

hackers Archives - VICE

Hackers Are Spreading Malware Through LinkedIn Comments Now Feds Want to Ban the World’s Cutest Hacking Device. Experts Say It's a ‘Scapegoat’ Hackers Took Over Transit Ads with Messages from Queer Palestinians in Gaza ‘Windows for Gamers’ Rolls Dice With Your Security Senator Asks Big Banks How They're Going to Stop AI Cloned Voices From Breaking Into Accounts The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers Smart Garage Company Fixes Vulnerability by Breaking Customers' Devices Hackers Can Remotely Open Smart Garage Doors Across the World The Cure Tried to Stop Scalpers. Brokers Are Selling Entire Ticketmaster Accounts Instead
Inside the DEA Tool Hackers Allegedly Used to Extort Targets
Joseph Cox · 2023-03-17 · via hackers Archives - VICE

Hackers accused of using law enforcement tools and other tactics to extort people online gained access to a sensitive, password protected portal run by the Drug Enforcement Administration, according to a screenshot of the portal obtained by Motherboard.

The new screenshot and other information provides some more clarity on charges unsealed against Sagar Steven Singh, 19, and Nicholas Ceraolo, 25, earlier this week. That pair, who were at one point part of a group called “ViLE,” allegedly went on a wide-spanning hacking spree. That included breaking into the federal U.S. law enforcement portal; using a hacked Bangladeshi police officer’s email account to fraudulently request user data from a social media company; and trying to use it to buy facial recognition services too.

Videos by VICE

Do you know anything else about this portal, or how criminals are obtaining sensitive data? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

“EPIC Portal,” the top of the screenshot reads, referring to the El Paso Intelligence Center (EPIC). EPIC is a multiagency intelligence center led by the DEA with 21 participating agencies, according to the DEA’s website. The mission of EPIC is not just limited to drugs, but also includes terrorism, human trafficking, money laundering, and more.

The portal appears to provide access to a variety of tools, including one labeled as “LPR,” according to the screenshot. LPR typically refers to license plate readers, which are cameras that take photographs of vehicles as they pass certain points and record where a certain vehicle was at a particular time. A 2010 email obtained by the American Civil Liberties Union says that federal, state, and local agencies have the ability to query an “LPR database via EPIC.” A report from the Department of Justice’s Office of Inspector General says EPIC has access to the “DEA’s License Plate Reader Database,” which stores license plate information captured along the Southwest border.

The screenshot also includes “HSIN,” which is the Homeland Security Information Network, which is used to share intelligence among agencies. The EPIC Portal also provides other areas for users to explore, such as “seizures,” “reports,” and “global drug pricing,” according to the screenshot. (In the complaint against Singh and Ceraolo, prosecutors wrote that “Data available through the Portal is not classified but is sensitive and includes detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.”)

portal.jpg
A screenshot of someone logged into the EPIC Portal obtained by Motherboard. Image: Motherboard.

The screenshot also shows access to “Jetway/Pipeline,” referring to two different types of training that teach officers how to interdict at airports and highways respectively, and the Deconfliction and Information Coordination Endeavor (DICE), which helps law enforcement officials not double up on investigations.

In May 2022, Singh, also known as Weep, allegedly logged into the portal from the same IP address he had previously used to access a social media account registered to him, according to the complaint. Records from Singh’s computer and the government servers themselves showed Singh accessed multiple guides on how to use the portal, and sections that track narcotic seizures in the U.S., the complaint says. Krebs on Security reported on a breach of the portal at the time. The outlet reported the breach also impacted the Law Enforcement Inquiry and Alerts (LEIA) system, managed by the DEA, which provides search capabilities for EPIC and other external databases. Krebs also reported these latest charges relate to the DEA breach.

“Were [sic] all gonna get raided one of these days i swear,” Ceraolo wrote after Singh shared the login credentials with him, according to the complaint. Ceraolo, who used the handle Convict, also asked an associate how they could scrape data from inside the portal, the complaint says.

Within one day of gaining access to the portal, “Singh was using his access to the Portal to extort victims,” according to a press release from the Eastern District of New York accompanying the charges. Singh also told a contact “that portal had some fucking potent tools,” and listed five search tools accessible through the portal, the court records add. External databases accessible from EPIC include those run by the FBI, Customs and Border Protection, the Federal Aviation Administration, the Federal Bureau of Prisons, and the U.S. Marshals Service.

However, the exact contours of what information Singh may have accessed, or even been able to, is unclear. The complaint acknowledges that Singh was unable to access other databases because they required other login credentials. KT, a leader of ViLE, told Motherboard in an online chat that the claim that Singh used access to the portal to extort victims “is a lie.” KT said a lot of people accessed the DEA portal at the time after it was shared in a “semi large” Telegram group. 

KT said Ceraolo was kicked from ViLE when he was first raided. The complaint says Homeland Security Investigations agents executed a search warrant at Ceraolo’s residence in May, 2022. Motherboard reported Ceraolo handed himself in earlier this week in light of the new charges.

The DEA declined to comment, and directed inquiries to the Eastern District of New York, which also declined to comment.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.