Posted on March 16, 2023 at 1:58 PM

Hacker claims to have access to gigabytes of data stolen from the US Marshals Service

A hacker behind an alleged breach of the US Marshal Service is selling the stolen data on a Russian-speaking forum. The hackers claim that they have access to gigabytes of data stolen in this breach.

Hacker is selling data allegedly stolen from US Marshals Service

The US Marshals Service (USMS) servers suffered a notable breach that posed a significant threat to the company. The USMS is a bureau at the Justice Department that offers support to the federal justice system. The service executes federal court orders and assures the safety of government witnesses and their families. The other role of this agency is to seize assets that have been obtained illegally.

Given the functions of this bureau, it serves as one of the most critical organizations in the Justice Department. However, the bureau suffered a notable breach that affected some of its systems.

The hacker selling the stolen data has titled the announcement “350 GB from US Marshal Service (USMS) law enforcement confidential information.” The announcement about the sale of this stolen data was published on March 15 using an account created a day earlier.

The seller of this information said the database was being sold for $150,000, adding that it contained “documents from file servers and work computers from 2021 to February 2023.” The seller also noted that the data did not contain flooding in the same manner as libraries and exe files.

The information also includes aerial footage and other images of US military bases and other areas that are ranked as high-security zones. It contains copies of passports and other identification documents. The hacker also claims to have details about wiretapping and the surveillance of citizens.

The other details in the files include information about gang leaders, convicts, and cartels. According to the seller, some stolen files were marked as “Top Secret” or “Secret.” The hacker further noted that the database included more information about the witnesses in the US witness protection program.

The US Marshalls Service has yet to issue a statement about the alleged sale of the information stolen following this breach on what could easily rank as one of the most critical bureaus in the United States.

US Marshals System targeted by a ransomware attack

The sale of the data allegedly belonging to the US Marshals System comes after the bureau sent out an alert last month saying it had launched a probe into a “data exfiltration event.” The company noted that the investigations were linked to a ransomware attack that happened at the company on February 17 that affected “a stand-alone USMSS system.”

A spokesperson from the bureau noted that the data stolen during this breach mainly pertained to employees. This data included details that could personally identify the bureau’s employees. Nevertheless, the USMS said the breach was a “major incident.”

The spokesperson also noted that the system affected by this breach contained data sensitive to the law enforcement sector, such as administrative details. The stolen information also pertained to some investigations by the bureau and third parties.

“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” the spokesperson said.  

The announcement made by the hacker on selling the data noted that they had infiltrated the witness protection program. However, sources close to this incident said that the threat access did not obtain access to the USMS Witness Security Files Information System (WIITSEC) program database.

Moreover, it is not the first time USMS has reported a security breach in its systems. In May 2020, the bureau revealed details about another security breach. During this breach, the details belonging to 387,000 current and former inmates were exposed in an attack that happened in December 2019.

Some of the details exposed because of the breach included the names, homes, addresses, social security numbers and dates of birth of the affected inmates. Moreover, it appears as if law enforcement authorities in the US are at an increased risk of cybersecurity attacks.

The Federal Bureau of Investigations (FBI) was the victim of a cybersecurity attack that happened two days ago. However, the FBI noted that the isolated incident had since been contained.