US Marshals Ransomware Hack is ‘Major Incident’

The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly).

You’d have hoped USMS had learned something after the 2019 hack. But no. It’s presumably the same old story of third-rate security and guv’mint underfunding.

Your tax dollars not at work. In today’s SB Blogwatch, we lose patience.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The streaker.

Useless USMS?

What’s the craic? Andrew Blankstein, Michael Kosnar, Jonathan Dienst, Tom Winter and Zoë Richards report—“Security breach that compromises sensitive information”:

Official said the incident is significant
The U.S. Marshals Service suffered a security breach over a week ago … multiple senior U.S. law enforcement officials said. … U.S. Marshals Service spokesperson Drew Wade acknowledged the breach: … “The affected system contains law enforcement sensitive information. [We] discovered a ransomware and data exfiltration event affecting a stand-alone USMS system. … It constitutes a major incident.”

A senior law enforcement official familiar with the incident … said no one in the witness protection program is in danger because of the breach. Nevertheless, the official said, the incident is significant, affecting law enforcement sensitive information pertaining to the subjects of Marshals Service investigations.

ELI5? Sergiu Gatlan has a go—“U.S. Marshals Service investigating ransomware attack, data theft”:

Witness protection program
USMS is a bureau within the Justice Department that provides support to all elements of the federal justice system by executing federal court orders, seizing illegally obtained assets, assuring the safety of government witnesses and their families, and more. … The attack is currently under active investigation.

The attackers did not gain access to USMS’ Witness Security Files Information System (aka WITSEC or the witness protection program). This follows another data breach [when] the U.S. Marshals Service exposed the details of over 387,000 former and current inmates in a December 2019 incident, including their names, dates of birth, home addresses, and social security numbers. … In related news, the … FBI also disclosed a cybersecurity incident two weeks ago.

And the DoD last week. And, and, and. Glenn Thrush and Chris Cameron run with the agency angle—“Hackers Breach U.S. Marshals”:

A spate of hacks of government computers
Several government agencies have fallen victim to hackers in recent years, as a growing number of groups have acquired the tools and expertise to steal data, disrupt critical infrastructure and extort payments. … A highly sophisticated Russian hacking attack during the final year of the Trump administration compromised the networks of more than 250 federal agencies and businesses — including the Treasury, State, Commerce and Energy Departments, and parts of the Pentagon.

A spate of hacks of government computers in 2015 that originated in China stole the personal information of about 21.5 million people, including addresses, health and financial history, and other private details, from people who had been subjected to a government background check. The hackers also took the personnel data and fingerprints of federal employees. A number of other, smaller data breaches have targeted groups related to the federal government, including … the theft in 2019 of tens of thousands of images of travelers and license plates stored by Customs and Border Protection.

How does this keep happening? Money—or rather the lack of it—as u/Mississimia opines:

The government refuses to allocate enough money for cybersecurity. They refuse to hire cybersecurity professionals who smoke weed. There are a bunch of old men in charge who don’t like things that aren’t in their wheelhouse. … This could end badly.

And MxMatrix agrees:

Is this what you get when the only investment was new weapons instead of proper IT security?

As does u/phdoofus, who has first-hand experience:

This is a failure by Congress mostly to not fund and prioritize IT security. The US nuke labs get their computers hammered all of the time by outside actors but you never hear about breaches there. OPM, not so much. Why? Someone at OPM probably asked about IT security at one point and Congress basically said ‘Nah, there ain’t no money for that and what do you need it for anyway?’

The real systems that have the **** that you don’t want anyone to touch ever, are [airgapped]. There are even measures beyond that to ensure security. However, depending on the lab, they also have a number of programs that need to interact either with researchers not ‘behind the fence’ or with other branches of the .gov or even with the public. Those get hammered all the time.

Source: Have worked for nuke labs.

Hacking law enforcement, though? bug_hunter doesn’t ascribe it to malice:

Guessing most likely non-targetted attack? Criminals would have some giant balls to try and ransomware any kind of law enforcement.

If you were inclined to go after such a dangerous target, I’m assuming randsomware wouldn’t be the most profitable application of such a hack. Guessing this … was hoping to snag a bunch of nobodies, but accidentally has gotten waaay too much heat.

Is it all the fault of education? Get off u/Crizbibble’s lawn:

The new IT crowd—especially the folks going to these software boot camps—don’t know how to build networks, maintain proper information security or do much of anything outside of building front ends and web services. They are also unwilling to learn it because they don’t think it’s important. Not sure why that is happening or what schools are teaching.

Meanwhile, a slightly sarcastic Miles_O’Toole quotes the original story:

“The official said no one in the witness protection program is in danger because of the breach.” … Of course we all believe them.

Is there anybody in the world with a three-figure IQ who trusts “the official” when they make this claim? Would it even make the news if John Smith, recently of Podunk Iowa, died in a one car accident on his way home from work?

And Finally:

He likes to show off his physique

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Fry1989 (cc:by-sa; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 596 posts and counting.See all posts by richi