By: Maddy Lally
The same hackers who made headlines not so long ago after tapping into CIA Director John Brennan’s personal email account are at it again. Except this time, the group that goes by the name “Crackas with Attitude” (“CWA”) is not just targeting agency and political officials or celebrities. Instead, their victims are criminals—anyone with an arrest record, regardless of whether that arrest was for something as minimal as disturbing the peace or as serious as terrorism or treason.
The CWA hackers apparently located a vulnerability in an online law enforcement portal which allowed them to view sensitive criminal data ranging from arrest records to information about active shooters, and even real-time chats between law enforcement agents regarding cases, threats, and dangerous criminal individuals. For example, the hackers obtained access to the Joint Automated Booking System (“JABS”) which is a main database of national arrest records in the United States. CWA was able to view these records immediately after they were entered into the system, including sealed records which would likely not be made public for months, or even years, after the arrest is entered into JABS. CWA was also able to view records pertaining to confidential informants, including their true identities and those who they “rat” on. Even more disturbing is that CWA also accessed the Enterprise File Transfer Service, a web interface for “securely” sharing and transmitting files. This system is used by various government law enforcement agencies, including the FBI.
The issue here is clear: is the tradeoff between ease of sharing information between law enforcement officers really worth the inherent dangers that come along with posting records and sensitive legal and criminal justice information online? How often did we hear about the highly sensitive information of thousands of people being accessed or leaked when it was stored offline? While online databases are clearly the way of the future there is an argument to be made that law enforcement should not follow suit until their databases can be truly secure. Vulnerabilities in such systems are doing nothing to promote or preserve the basic principles on which the justice system is built when sealed records can no longer be considered fully under seal or when confidential informants cannot be entirely sure that the information they provide or their identities will in fact remain confidential. With FBI leader’s personal email accounts being breached and “secure,” sensitive databases being accessed, it seems like it is one step forward, two steps back when it comes to law enforcement and the Internet.