惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
V
Visual Studio Blog
G
GRAHAM CLULEY
Spread Privacy
Spread Privacy
Last Week in AI
Last Week in AI
腾讯CDC
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园 - 司徒正美
爱范儿
爱范儿
雷峰网
雷峰网
The Hacker News
The Hacker News
S
SegmentFault 最新的问题
Cisco Talos Blog
Cisco Talos Blog
博客园 - 聂微东
T
Tor Project blog
I
Intezer
大猫的无限游戏
大猫的无限游戏
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
T
Tenable Blog
Google Online Security Blog
Google Online Security Blog
S
Schneier on Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
AI
AI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
宝玉的分享
宝玉的分享
Help Net Security
Help Net Security
O
OpenAI News
博客园 - 【当耐特】
博客园 - Franky
AWS News Blog
AWS News Blog
罗磊的独立博客
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
小众软件
小众软件
量子位
SecWiki News
SecWiki News
S
Security Affairs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
N
News and Events Feed by Topic
Apple Machine Learning Research
Apple Machine Learning Research
H
Heimdal Security Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家

hackers Archives - VICE

Hackers Are Spreading Malware Through LinkedIn Comments Now Feds Want to Ban the World’s Cutest Hacking Device. Experts Say It's a ‘Scapegoat’ Hackers Took Over Transit Ads with Messages from Queer Palestinians in Gaza ‘Windows for Gamers’ Rolls Dice With Your Security Senator Asks Big Banks How They're Going to Stop AI Cloned Voices From Breaking Into Accounts The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers Smart Garage Company Fixes Vulnerability by Breaking Customers' Devices Hackers Can Remotely Open Smart Garage Doors Across the World The Cure Tried to Stop Scalpers. Brokers Are Selling Entire Ticketmaster Accounts Instead
Inside the DEA Tool Hackers Allegedly Used to Extort Targets
Joseph Cox · 2023-03-17 · via hackers Archives - VICE

Hackers accused of using law enforcement tools and other tactics to extort people online gained access to a sensitive, password protected portal run by the Drug Enforcement Administration, according to a screenshot of the portal obtained by Motherboard.

The new screenshot and other information provides some more clarity on charges unsealed against Sagar Steven Singh, 19, and Nicholas Ceraolo, 25, earlier this week. That pair, who were at one point part of a group called “ViLE,” allegedly went on a wide-spanning hacking spree. That included breaking into the federal U.S. law enforcement portal; using a hacked Bangladeshi police officer’s email account to fraudulently request user data from a social media company; and trying to use it to buy facial recognition services too.

Videos by VICE

Do you know anything else about this portal, or how criminals are obtaining sensitive data? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

“EPIC Portal,” the top of the screenshot reads, referring to the El Paso Intelligence Center (EPIC). EPIC is a multiagency intelligence center led by the DEA with 21 participating agencies, according to the DEA’s website. The mission of EPIC is not just limited to drugs, but also includes terrorism, human trafficking, money laundering, and more.

The portal appears to provide access to a variety of tools, including one labeled as “LPR,” according to the screenshot. LPR typically refers to license plate readers, which are cameras that take photographs of vehicles as they pass certain points and record where a certain vehicle was at a particular time. A 2010 email obtained by the American Civil Liberties Union says that federal, state, and local agencies have the ability to query an “LPR database via EPIC.” A report from the Department of Justice’s Office of Inspector General says EPIC has access to the “DEA’s License Plate Reader Database,” which stores license plate information captured along the Southwest border.

The screenshot also includes “HSIN,” which is the Homeland Security Information Network, which is used to share intelligence among agencies. The EPIC Portal also provides other areas for users to explore, such as “seizures,” “reports,” and “global drug pricing,” according to the screenshot. (In the complaint against Singh and Ceraolo, prosecutors wrote that “Data available through the Portal is not classified but is sensitive and includes detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.”)

portal.jpg
A screenshot of someone logged into the EPIC Portal obtained by Motherboard. Image: Motherboard.

The screenshot also shows access to “Jetway/Pipeline,” referring to two different types of training that teach officers how to interdict at airports and highways respectively, and the Deconfliction and Information Coordination Endeavor (DICE), which helps law enforcement officials not double up on investigations.

In May 2022, Singh, also known as Weep, allegedly logged into the portal from the same IP address he had previously used to access a social media account registered to him, according to the complaint. Records from Singh’s computer and the government servers themselves showed Singh accessed multiple guides on how to use the portal, and sections that track narcotic seizures in the U.S., the complaint says. Krebs on Security reported on a breach of the portal at the time. The outlet reported the breach also impacted the Law Enforcement Inquiry and Alerts (LEIA) system, managed by the DEA, which provides search capabilities for EPIC and other external databases. Krebs also reported these latest charges relate to the DEA breach.

“Were [sic] all gonna get raided one of these days i swear,” Ceraolo wrote after Singh shared the login credentials with him, according to the complaint. Ceraolo, who used the handle Convict, also asked an associate how they could scrape data from inside the portal, the complaint says.

Within one day of gaining access to the portal, “Singh was using his access to the Portal to extort victims,” according to a press release from the Eastern District of New York accompanying the charges. Singh also told a contact “that portal had some fucking potent tools,” and listed five search tools accessible through the portal, the court records add. External databases accessible from EPIC include those run by the FBI, Customs and Border Protection, the Federal Aviation Administration, the Federal Bureau of Prisons, and the U.S. Marshals Service.

However, the exact contours of what information Singh may have accessed, or even been able to, is unclear. The complaint acknowledges that Singh was unable to access other databases because they required other login credentials. KT, a leader of ViLE, told Motherboard in an online chat that the claim that Singh used access to the portal to extort victims “is a lie.” KT said a lot of people accessed the DEA portal at the time after it was shared in a “semi large” Telegram group. 

KT said Ceraolo was kicked from ViLE when he was first raided. The complaint says Homeland Security Investigations agents executed a search warrant at Ceraolo’s residence in May, 2022. Motherboard reported Ceraolo handed himself in earlier this week in light of the new charges.

The DEA declined to comment, and directed inquiries to the Eastern District of New York, which also declined to comment.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.