@briankrebs@infosec.exchange
ICYMI (I did) from the death-by-shite-security dept. For the next time you need a case study in how poor security can actually lead to human deaths, even executions:
"A recent audit from the U.S. Department of Justice has exposed severe vulnerabilities in the FBI's cybersecurity measures, highlighting how these weaknesses directly contributed to the deaths of key informants in the high-profile El Chapo investigation.
"According to the report, a hacker affiliated with the Sinaloa drug cartel in Mexico was able to access sensitive communications between FBI officials and law enforcement, ultimately leading to the tragic loss of life."
https://www.secureworld.io/industry-news/fbi-breach-deaths-el-chapo
BTW here's the report, which is somewhat heavily redacted of the potentially interesting bits. But overall, the report laments the modern reality of "ubiquitous technical surveillance," which the FBI defines to mean "the widespread collection of data and application of analytic methodologies for the purpose of connecting people to things."
Specifically, the FBI names five "vectors" for this pernicious and omnipresent threat:
1) visual and physical (identification of people or objects tied to an operation through cameras or physical surveillance
2) electronic signals (use of electronic devices such as mobile phones)
3) financial -- transactional financial records with unique identifiers linked to a specific account holder
4) travel -- records that include unique identifiers for hotel stays, border crossings, plane reservations, etc.
5) online - advertising data from web browsing and social media use.
https://oig.justice.gov/sites/default/files/reports/25-065_t.pdf
well if its anything like their Infragard due diligence I'm not surprised. I'm referring to we all had to use a third party to verify ourselves giving lots of personal data and provide images of drivers license, etc. All the FBI said about this third party entity is that it basically pinky swore it was using good security.
