The US Marshals Service, a division of the Justice Department, was hacked last month. According to the New York Times, the hackers stole “a trove of personal information about investigative targets and agency employees.” It’s not a good look for the department tasked with protecting judges, transporting federal prisoners, and managing witness protection. (Fortunately, the latter database wasn’t stolen in the hack.)
According to Justice Department officials, the breach happened on February 17 and was done using ransomware. This information is a bit vague from a security perspective, but suggests that a ransomware tool was used to steal data from the US Marshals’ computer system in order to extort a payout in return for not releasing the information. This is different from another kind of common ransomware attack where the target’s computer is encrypted so they can’t use it, or a straight up hack where the bad actor just steals whatever they can in order to sell it or use it for international espionage. It’s unclear as of yet if the Justice Department intends to pay the hackers off, or if the stolen data—including “sensitive law enforcement information”—has been leaked on the dark web.
The Marshals are far from the first US government organization to suffer a security breach. Last year, at least six state governments were targeted by Chinese hackers. In 2020, a Russian intelligence agency hacked the State Department, the Department of Homeland Security, parts of the Pentagon, and dozens more federal agencies exploiting a vulnerability in a software package called SolarWinds. And local governments are frequently targeted too. Last month, the City of Oakland had to declare a state of emergency after a ransomware attack forced it to take all its IT systems offline. The Center for Strategic and International Studies keeps a list of significant cyber incidents, and there are major attacks on government agencies around the world basically every month.
It’s an issue that the government is aware of, and claims to be actively working to fix. In 2021, a federal cybersecurity evaluation found that almost all of the agencies reviewed did not meet the standards for keeping the data they store safe. Aging computer systems and outdated codes are problems that come up over and over again. Since then, there has reportedly been efforts made to reorganize cybersecurity infrastructure, develop guidelines, and implement best practices.
So what makes government agencies such tempting targets to hackers? Well, let’s leave aside the espionage angle, where adversarial governments attempt to steal state secrets, shut down nuclear programs, and generally just go all John le Carré. Their motivations are fairly self-explanatory. For hackers looking to make a quick buck there are a number of reasons government agencies can be a lucrative option.
According to a report by Sophos, local governments are often targeted because they have weak defenses, low IT budgets, and limited IT staff. In other words, they’re often overstretched compared to the private sector and so the hackers are likely to have an easier time installing ransomware. For larger government departments, presumably including the US Marshals, the appeal is their access to public funds. It makes them seem a lucrative target, whether or not the hackers are able to actually extract a payment.
Cybersecurity has been a priority for the Biden administration, but it’s clear that there is still a long way to go before ransomware attacks like these are no longer an issue for government organizations. The reality is that a single weak link, phishing attack, or vulnerable computer can offer hackers a way in—and keeping ahead of them is a nearly impossible task.