The Federal Bureau of Investigation and Have I Been Pwned, the website that gives you a way to check which of your login details have been compromised by data breaches, is working together to grow its database.
FBI and Have I Been Pwned Partnership
The partnership between the two will give the website access to new passwords as they become compromised, depending on what the feds are investigating at the moment, according to Engadget.
The website's creator, Troy Hunt, has announced the partnership, explaining that the FBI reached out to ask if there is a way to give the agency with an avenue to feed compromised passwords into HIBP, and surface them through the Pwned Passwords feature.
As Hunt explained, the FBI is involved into all sorts of investigations into digital crimes, like ransomware, botnets, online child sexual exploitation, and terrorism.
The compromised passwords they find are usually being used by crime rings, so the passwords' quick addition to the HIBP database would be very helpful. With that said, the website does not have any way for the feds to quickly feed passwords into its database yet.
Hunt is now asking people to help develop an ingestion route for the data now that HBP has open sourced its code base. Hunt first announced that he will open source Have I Been Pwned's code base in 2020 to make sure a more sustainable future for the website.
Now, HIBP is officially an open source project under the non-profit org.NET Foundation. Hunt has listed what he is thinking of for the FBI password ingestion code, if you think you will be able to help.
Hunt said that he is hoping that the scope of this facility may expand in the future to enable other law enforcement agencies to contribute their own finds.
Emotet Email Harvest
This is not the first time that the FBI and Have I Been Pwned has teamed up.
Last month, the FBI has handed over 4.3 million email addresses that were harvested by the Emotet botnet to the Have I Been Pwned service to make it easier to alert those who were affected by the breach.
The FBI collected the email addresses from Emotet's servers, following a takedown in January. The Emotet malware botnet was taken down by law enforcement in the US, Europe Canada, disrupting what Europol said was the world's most dangerous botnet that had been plaguing the internet since 2014.
According to ZDNet, Emotet was responsible for distributing ransomware, banking trojans and other threats through phishing and malware-laden spam.
In January, law enforcement in the Netherlands took control of Emotet's key domains and servers, while Germany's Bundeskriminalamt or BKA federal police agency pushed an update to about 1.6 million computers infected with Emotet malware that activated a kill switch to uninstall that malware.
Hunt stated in a blogpost that the FBI handed him email credentials stored by Emotet for sending spam through victims' mail providers as well as web credentials harvested from browsers that stored them to expedite subsequent logins.
The email addresses and credentials have been loaded in to HIPB as a single breach, even though it is not the typical data breach for which the site collects credentials and email addresses.
This article is owned by Tech Times
Written by Sophie Webster