Department of Justice

November 13, 2021

Hoax Email Blast Abused Poor Coding in FBI Website

This post was originally published on this siteThe Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. The phony message sent late Thursday evening via the FBI’s email system. Image: Spamhaus.org Late in the evening of Nov. 12 ET, tens of thousands of […]
May 12, 2022

DEA Investigating Breach of Law Enforcement Data Portal

This post was originally published on this siteThe U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. Unidentified hackers shared this screenshot of alleged access to the Drug Enforcement Administration’s intelligence sharing portal. On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of […]
June 3, 2022

What Counts as “Good Faith Security Research?”

This post was originally published on this siteThe U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution. In a statement […]