Hackers Have Infiltrated The US Arrest Records Database

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I don't get it, other than embarrassing the government, what good is it to have access to arrest records?

The group has since published a portion the data it collected to Pastebin and Cryptobin; apparently it released government, military, and police names, emails, and phone numbers. But the portal the hackers accessed held much more info. All told, they got their hands on a dozen different law enforcement tools, and Wired verified that a screenshot of the Joint Automated Booking System (JABS) provided by the hackers was legitimate. The JABS vulnerability is noteworthy because it means the hackers can view arrest records as they're entered into the database -- regardless of whether or not the arrests were under court seal.
 
Makaveli@BETA said:
Blackmail?
Click to expand...

I would think most (if not nearly all) of that information would be available to the public via public records request (FOI). If not, I'd think you'd have to be very careful on what felons you blackmail...
 
Extortian. There is plenty of websites that take public record information and post it online, and will only remove the information you pay out of pocket to take it off the site.
 
Why tf is anything like this online anyway??
The basic stupidity is incredible.
 
I wonder what's the date range of the data they stole. Just a year? All historical data?
 
Some records are sealed. But other than that, nothing you can't get legally anyway.
 
This is so bad on so many levels.

WTF if i'm applying for a new job, am a victim of one of these breeches, the BI company does their business, and they come back with stuff that isn't true about me?

Ugh.
 
I think there are hackers out there who would hack their way into anything just for bragging rights, just to say they're able to do it.
 
I got in a pickle 2 years ago. When i saw my friend being processed I was astonished at the old amd comp they had running the show. Not even bolted down if someone knocked it down.
 
They got more than just criminal records.
Read the Wired article.
 
sliverjazz said:
I got in a pickle 2 years ago. When i saw my friend being processed I was astonished at the old amd comp they had running the show. Not even bolted down if someone knocked it down.
Click to expand...

It was probably just a 'thin-client' running a program from the mainframe anyways. Who cares if you knock over the terminal, nothing sensitive is on it anyways. I doubt it was running the show.
 
Nenu said:
Why is this news then?
Click to expand...

You can have prior charges expunged if you've been a model citizen for a long period of time. There is still a record of stupidity that you did. Also children that commit crimes typically are sealed cases. So this release could affect currently law abiding citizens that paid their debt to society and have proven over a long period of time that they were worthy of having former cases expunged. They are now working nice jobs that they would NOT be allowed to have if those records were unsealed.

Say you were the lookout for a gang that was robbing a bank at age 11. You would get a sealed case if you weren't violent because you were a child and an adult put you up to it. At 25 you have graduated college and now work as a stock broker. Your arrest record is now being held hostage by some website that extorts money from you monthly not to tell your current employer.

Then you have investigations where the government is trying to crack a drug case and arrest a mid tier criminal. In exchange for information, they seal the case and send the informant back in to gather intelligence for them. With the hackers releasing all of the information, those informants and their extended families are now at risk of retaliation from the drug cartel. Also the drug cartel knows that there is a case brewing against them so it effectively ends the investigation and subsequent prosecution.
 
All told, they got their hands on a dozen different law enforcement tools,
Click to expand...

I would be wondering if they got any tools which allowed them to enter data INTO the system.. thus putting our arrest warrants for people possibly? or altering records..
 
MrGuvernment said:
I would be wondering if they got any tools which allowed them to enter data INTO the system.. thus putting our arrest warrants for people possibly? or altering records..
Click to expand...

I'd be far more worried about records alteration.

I know it's not what the story is implying that was done (or could be done), but let's be honest about it - if the bad guys are this close to the data stream itself...what's stopping them from drilling down into the interfaces themselves, punching holes in them/modding them, and changing data in the actual stream itself.

If you're at this level, all actions are (probably) authorized because it's assumed that you were previously verified and validated to be in the position to make the request in the first place. I'd be quite surprised if there were any effective tools to ensure the accuracy and legitimacy of the data in-stream at this level.

Your worst security breaches always come from the inside, using (unauthorized) authenticated accounts and (unauthorized) authenticated requests.

We're fully into "ruining a life" territory here. People really need to stop and think about this one.
 
You must log in or register to reply here.
Back
Top