Tech

Hackers Claim to Have Stolen 250 GB From Washington DC Police

The police department confirmed the existence of the breach, but did not specify the extent of the damage.
mpd
Image: Astrid Riecken For The Washington Post via Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

A gang of cybercriminals said it hacked the Washington D.C. Metropolitan Police Department on Monday, claiming to have stolen more than 250 gigabytes from the law enforcement agency. 

The gang, known as Babuk, published the claim on its official website, where the hackers post some of the stolen files from their victims in an attempt to extort them. The goal is to scare the victim into paying before the hackers release all the information.

Advertisement
Screen Shot 2021-04-26 at 4.34.06 PM.png

"We will not comment this time: Even such an organization has huge security gaps, we advise them to get in touch as soon as possible and pay us, otherwise we will publish this data," the hackers wrote.

The hackers posted some data allegedly stolen from the MPD, including police reports, mug shots and personal details about people arrested, and internal memos. Some of the folders Babuk showed that it hacked from the MPD are named "Gang Conflict Report," "BLOODS," and "BEEFS - CONFLICTS." 

Do you have knowledge of the inner workings of Babuk or another ransomware gang? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com

A spokesperson for the MPD confirmed the breach on Monday night.

"We are aware of unauthorized access on our server," the spokesperson said in an email. "While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter."

The ransomware gang known as Babuk is relatively new on the scene, but has already made some significant victims, including an attack on the multibillion-dollar outsourcing firm Serco. 

Subscribe to our cybersecurity podcast, CYBER.