Vulnerabilities Within Law Enforcement Exposed 

The Worrying Increase in Police-Related Breaches

On September 15th, 2023, it was announced that a company in Stockport, UK, responsible for producing ID cards for various organizations, including Greater Manchester Police, fell victim to a ransomware attack. The attack, conducted using ransomware, had significant implications. Thousands of police officers’ personal details, including their names, were at risk of exposure to the public domain. This breach carried substantial concerns, particularly for undercover officers who rely on anonymity to perform their duties. 

Assistant Chief Constable Colin McFarlane of GMP confirmed the attack and assured that, at that stage, it did not appear to involve the compromise of financial information. The National Crime Agency (NCA) took the lead in investigating the incident, treating it as a national-level criminal investigation. 

This case is part of a disturbing trend, with several other police-related breaches worldwide reported in August 2023: 

The Metropolitan Police 

The Metropolitan Police in the UK found itself investigating a potential data breach after unauthorized access was gained to the systems of one of its suppliers in August 2023; the breach had far-reaching consequences, as the supplier held critical information about police officers and staff. This information included names, ranks, photos, vetting levels, and pay numbers. While personal details like addresses, phone numbers, and financial data remained secure, the breach raised significant concerns. 

Rick Prior, vice-chair of the Metropolitan Police Federation, representing over 30,000 officers in the force, emphasized the gravity of the situation. He expressed concerns about the potential misuse of officers’ personal information if it fell into the wrong hands. For officers in sensitive roles or those from minority backgrounds, the breach posed even more significant risks, potentially compromising their safety. The incident was reported to both the National Crime Agency (NCA) and the Information Commissioner’s Office (ICO) for investigation and regulatory action.  

Norfolk and Suffolk Police 

In another case within the UK, Norfolk and Suffolk Constabularies faced a significant data breach that impacted 1,230 individuals, including crime victims and witnesses. This breach stemmed from what authorities termed a “technical issue,” leading to the inadvertent inclusion of sensitive data in responses to Freedom of Information (FOI) requests concerning crime statistics. 

The compromised data encompassed a wide spectrum of offenses, ranging from domestic incidents to sexual offenses, assaults, thefts, and hate crimes, exposing details such as names, addresses, and dates of birth. Although the exposed data was not readily visible to those accessing the files via FOI requests, the incident raised critical concerns about data handling procedures within law enforcement agencies and underscored the need for stringent security measures. 

To address the breach’s aftermath, authorities made concerted efforts to notify all affected individuals using various communication methods, including letters, phone calls, and face-to-face interactions, tailored to the nature and sensitivity of the exposed data. The ongoing breach investigation maintained an open-minded approach regarding the possibility of inappropriate access. 

Cumbria Police

In an undisclosed incident, Cumbria Police faced a significant data breach that was not previously publicized but was later acknowledged. In this unfortunate event, the names and salaries of over 2,000 employees, including police officers and staff, were mistakenly published online due to human error. 

While the breach may not have exposed all personal details, it did reveal critical information about individuals in covert and sensitive roles. This revelation raised concerns about the potential implications of such sensitive data falling into the wrong hands, especially considering that the breach affected a substantial number of police officers, staff members, and police community support officers. 

Bern Cantonal Police 

Switzerland’s Bern cantonal police faced a substantial data breach due to a security vulnerability in the MobileIron app used on police employees’ smartphones. The breach came to light in July and involved an unknown individual exploiting the vulnerability. The stolen information included the names and phone numbers of police officers. This breach was particularly concerning as it could be used to target law enforcement personnel directly. However, at the time, there was no evidence to suggest that the stolen data had been published online. 

The incident highlighted the importance of cybersecurity measures for both personal and professional devices used by police officers. Authorities initiated an investigation to identify the perpetrator and assess the full extent of the breach. This case was part of a broader surge in cyberattacks targeting various organizations in Switzerland. 

Cyberint Info stealer Research 

Cyberint decided to delve into the matter further and examine police-related mentions within info-stealer logs; our investigation revealed a staggering revelation: Over the last three months, around 10,000 systems associated with police users, department websites, and internal networks had been compromised by info-stealer malware and could be purchased online easily. We we’re able to determine that some law enforcement personnel had fallen victim to malware, resulting in the theft of their login details for police systems and personal credentials. The compromised computer systems yielded a wealth of information, including additional emails, usernames, auto-fill data containing personal details such as names, addresses, and phone numbers, and even system information like computer names and IP addresses. 

This revelation emphasizes the need for law enforcement agencies to bolster their cybersecurity measures and their employee’s cyber education. Cybercriminals often infect systems with info-stealer malware through phishing emails, malicious downloads, drive-by downloads, malvertising, social engineering, software vulnerabilities, Trojan horses, and removable media. Once infected, this malware quietly collects sensitive data and sends it to the attacker. Most of these infections were attributed to three prominent info-stealers: Redline Stealer, Raccoon Stealer, and Azorult. These tools are currently favored among hackers for initiating initial access compromises. 

 Protecting against info-stealer malware requires user vigilance, regular software updates, antivirus software, strong passwords, cybersecurity education, network security measures, and data backups to minimize potential damage. 

Cyberint Recommends

Each case highlights the critical importance of robust data security practices within law enforcement agencies. Safeguarding sensitive information and login credentials is not merely a matter of compliance; it is an imperative that directly affects citizens’ and officers’ safety and effectiveness.

As cyber threats evolve in complexity and scale, it is incumbent upon law enforcement agencies to maintain an unwavering vigilance and proactive stance in protecting their personnel and the invaluable troves of sensitive data entrusted to their care. 

The integrity of our law enforcement systems and the well-being of our officers are inexorably linked to our collective commitment to cybersecurity. It transcends organizational boundaries and necessitates active involvement from policymakers, stakeholders, and the broader community. These incidents serve as resounding reminders that the pursuit of justice and the preservation of public safety demand resilience and the continuous adaptation and strengthening of our digital defenses.   

Recommendations: 

Considering these breaches, it’s crucial for law enforcement agencies to take proactive steps to enhance their cybersecurity posture. Recommendations include: 

1. Cybersecurity Training: Provide ongoing cybersecurity training to all personnel to raise awareness about threats and promote safe online practices. 
2. Multi-Factor Authentication (MFA): Enforce MFA for systems to add an extra layer of security. 
3. Regular Backups: Establish automated and secure data backup procedures for critical information. 
4. Incident Response Plan: Develop a clear incident response plan that outlines actions to take in case of a breach. 
5. Collaboration and Information Sharing: Collaborate with cybersecurity experts and share threat intelligence for better preparedness. 
6. Continuous Monitoring: Implement real-time monitoring for early threat detection. 
7. Security Assessments: Assess third-party vendor security to ensure supply chain integrity. 
8. Drills and Exercises: Conduct cybersecurity drills to improve response readiness. 
9. Data Encryption: Encrypt sensitive data in transit and at rest to safeguard confidentiality. 

By following these recommendations, law enforcement agencies can bolster their cybersecurity defenses and protect sensitive data effectively.