Reported have discovered that law enforcement agencies are buying leaked breach data from a vendor named SpyCloud to aid in investigations. SpyCloud also trades in data breaches in order to amass a large database and even hack a password crack feature, that can find out what a password is even if it was obfuscated with a hash.
The discovery is troubling for a number of reasons.
- There’s a moral quandary about buying hacked data in the first place as it promotes that marketplace and may lead to even more breaches and hacks.
- Through this manner, law enforcement sidesteps traditional and current legal ways of obtaining data.
- You’d never know if your information (or password) fell into the hands of a law enforcement department.
- Transparency and accountability is hard to come by because law enforcement is using a private vendor.
Ultimately, how and whether law enforcement obtains and uses our data should be public knowledge unless there are extreme circumstances at hand. This information shouldn’t get out via an anonymous source – it should be transparent so some accountability could be had. The more there’s a market for breached data, the more sellers (and hackers) there may be.
For the full story, visit Motherboard.