Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Citizen. Show all posts
USDoD
Data Breach InfraGard National Public Data US Citizen USDoD

Brazil's Federal Police Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

 

Brazil's Polícia Federal arrested USDoD, an infamous hacker linked to the National Public Data and InfraGard breaches, as part of "Operation Data Breach". USDoD, dubbed EquationCorp, has a long history of high-profile data breaches in which he stole data and often posted it on hacking forums, mocking the victims. 

These breaches include those on the FBI's InfraGard, a threat intelligence sharing platform, and National Public Data, which exposed the private data and social security numbers of hundreds of millions of US citizens online. 

Things became worse for the threat actor when he targeted cybersecurity firm CrowdStrike and revealed the company's internal threat actor list. Soon after leaking the IOC list, Brazilian publisher Techmundo received an anonymous CrowdStrike report that reportedly identified, or doxed, the threat actor, figuring out the perpetrator as a 33-year-old Brazilian called Luan BG. 

Interestingly, USDoD verified that CrowdStrike's information was accurate in an interview with HackRead and stated that he was currently living in Brazil. "So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack," USDoD told HackRead. 

Brazil's Polícia Federal (PF) confirmed his arrest in Belo Horizonte/MG earlier this week, most likely with the use of this intelligence. 

"The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the systems of the Federal Police and other international institutions," according to a news release issued by the PF.

A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.

The prisoner boasted on websites that he had exposed sensitive data belonging to 80,000 members of InfraGard, a partnership between the Federal Bureau of Investigation (FBI) and private critical infrastructure companies in the United States of America. He claimed to be the mastermind of multiple cyber invasions that were carried out in multiple nations.

Ironically, the arrest was carried out as part of a law enforcement action known as "Operation Data Breach," which the police said was called after the threat actor's known cyber attacks.
Read more »
US Citizen
Christopher Wray Data Privacy Department of Justice FBI Privacy Unwarrantedly gained data US US Citizen

FBI Admits to Have Gained US Citizens’ Location Data, Unwarranted


According to a Wired report, FBI Director Christopher Wray revealed for the first time at a Senate Intelligence Committee hearing yesterday that the organization has previously acquired the location data of US citizens without obtaining a warrant. 

Despite the practice becoming more frequent and widespread since the US Supreme Court restricted the government’s ability to track Americans’ phones warrantlessly, around five years ago, the FBI did not previously acknowledge ever making purchases of such kind. 

The revelation comes after Sen. Ron Wyden [D-Ore] questioned Wray “Does the FBI purchase US phone-geolocation information?” The response to which alarmed privacy experts. 

“To my knowledge, we do not currently purchase commercial database information that includes location data derived from Internet advertising[…]I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time,” said Wray. 

The response, while being vague and revolving around the question asked, gave a clear insight into the way the FBI made use of location data to monitor US individuals with no court oversight. 

It is not immediately clear whether Wray was talking to a warrant—a court order that states that a crime has been committed—or another legal device. Wray also did not explain why the FBI decided to stop the practice. 

The Supreme Court ruled in the infamous Carpenter v. United States decision, that when government organizations accessed historical location data without a warrant, they were in violation of the Fourth Amendment's prohibition on unjustified searches. But the decision was interpreted very strictly. Privacy groups claim that the judgment left an obvious gap that enables the government to just buy anything it is unable to legally obtain. The Military Intelligence Agency and US Customs and Border Protection (CBP) are two federal organizations that are known to have exploited this loophole. 

On being asked during the Senate hearing whether the FBI is planning to adhere to the practice of buying location data again, Wray said “We have no plans to change that, at the current time.” 

According to Seam Vitka, a policy lawyer at Demand Progress, a nonprofit firm based on national security and private reforms, the FBI needs to be more forthcoming about the purchase, dubbing Wray’s revelation as “horrifying” in its implications. “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” says Vitka. 

US lawmakers have historically failed to enact a comprehensive privacy law, and the majority of the proposed bills have purposely ignored the government's own acquisition of US citizens' private data. For example, all law enforcement organizations and any business "gathering, processing, or transferring" data on their behalf are excluded from the provisions of the American Data Privacy and Protection Act (ADPPA), which was presented last year. Wyden and other senators have attempted to tackle the problem head-on with a number of proposals. For instance, the Geolocation Privacy and Surveillance Act has been reintroduced multiple times in Congress since 2011, but it has never been put to a vote.  

Read more »
Subscribe to: Posts (Atom)