Cyber Incident Victim: Joint Automated Booking System
Date:
Nov 2015
Location:
United States of America
Summary
A group of hackers known as Crackas With Attitude breached a law enforcement portal, gaining unauthorized access to the Joint Automated Booking System (JABS) and multiple sensitive databases. The compromised systems included arrest records—some under court seal—that could reveal sensitive investigations, along with tools for real-time communication, file transfers, and intelligence sharing such as the Enterprise File Transfer Service, National Data Exchange, and ViCAP Web National Crime Database. The attackers leaked law enforcement contact details and claimed their actions targeted government entities rather than civilians, emphasizing the potential risks if foreign adversaries obtained similar access. The breach highlighted vulnerabilities in systems designed for interagency information sharing, though the hackers stated no immediate plans for further data leaks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2015, the hacker group Crackas With Attitude (CWA) breached a restricted law enforcement portal, gaining access to multiple sensitive systems including the Joint Automated Booking System (JABS). This followed their earlier compromise of CIA Director John Brennan’s personal email. The attackers exploited an unspecified vulnerability to infiltrate the portal, which was intended exclusively for FBI and other law enforcement agencies. Through this access, they obtained arrest records from JABS, a national database containing real-time booking information on individuals arrested across the United States. The records included sealed arrests related to terrorism, gang activity, and narcotics investigations, posing risks of operational compromise if disclosed. CWA member "Cracka" provided WIRED with a screenshot confirming JABS access and referenced viewing the arrest record of convicted hacker Jeremy Hammond. The group also accessed the Enterprise File Transfer Service and listed 19 additional systems visible through the portal, such as the National Gang Intelligence Center and Active Shooter Resources Page.
On November 5, 2015—Guy Fawkes Day—CWA leaked law enforcement agents’ contact details and JABS data but stated no intent to release further information immediately. A former FBI agent verified JABS’s inclusion of sealed arrests but noted sensitive cases might be partially redacted or removed to prevent leaks, citing the Silk Road investigation as an example. The hackers emphasized their actions targeted government entities rather than private citizens, with Cracka warning of the breach’s severity by hypothetically referencing foreign adversaries like Russia or China. The exposure of sealed arrest data risked alerting criminal networks to ongoing investigations, potentially enabling suspects to evade capture. No law enforcement containment measures or technical responses were detailed in available reporting.