TechSpot

Hacker publishes details of almost 30,000 FBI and DHS employees

By midian182
Feb 9, 2016
Post New Reply
  1. The US government has suffered another data breach. While not as severe as the cyberattack on the Office of Personnel Management last year, the recent hack has resulted in the personal information of nearly 30,000 government employees being dumped online.

    In the original story by Motherboard on Sunday, an anonymous hacker promised to publish the details of more than 20,000 Federal Bureau of Investigation agents and 9000 Department of Homeland security officers.

    Just before the Super Bowl kickoff, the cybercriminal stuck to his word and uploaded a list of 9000 DHS employees. Yesterday, the personal data of 20,000 FBI agents was also released.

    The information, which is published on an encrypted text-sharing site, includes names, titles, email addresses, and contact details. The hacker, who uses the Twitter username @DotGovs, posted a tweet with a link to the dump. It read: “Long Live Palestine, Long Live Gaza,” and included the hashtag #FreePalestine. The account also posted two screenshots of a web browser logged into a DoJ computer.

    The person responsible for the breach told Motherboard that they carried out the hack by compromising a Department of Justice (DOJ) email account. They then tricked a department representative into handing over a token code to access the DOJ portal, used the compromised credentials to log into the portal, and gained access to an online virtual machine. From here, the hacker was able to access the databases of DHS and FBI details that were stored on the DOJ intranet.

    Some of the information is out of date, and the DOJ is, as you would expect, playing down the incident. “There is no indication at this time that there is any breach of sensitive personally identifiable information,” DOJ spokesman Peter Carr told the Guardian. One official compared the hack to stealing a years-old AT&T phone book after most of the data already been digitized.

    Despite their words of reassurance, the DOJ acknowledges that this is another example of the government's weak digital security procedures being exposed. “The bottom line is, something broke,” an official said.

    Leo Taddle, currently the CSO of Cryptzone and former Special Agent in Charge of the Special Operations/ Cyber Division of the FBI’s New York Office, believes that the DOJ has few options available for its next move.

    “Recalling the information is not possible. The FBI may request that sites hosting the information take it down, but it would be very unlikely the FBI could obtain authority to compel a site to remove the list. Most likely, the FBI will warn employees of the loss of data and monitor for any anomalous activity that can be attributed to the loss. While the risks from this type of loss will never dissipate completely, over time, the information will become less sensitive due to employee rotations and turnover,” said Taddle.

    He added that the government needs to deploy user access controls that go beyond two-factor authorization to reduce the chance of another social engineering attack taking place.

    “By checking multiple attributes, an enterprise can create a ‘digital identity’ that is almost impossible to socially engineer. For example, before allowing access, enterprises can check the user's location, the time of day, the computer's configuration, patch level, and use of antivirus. By creating this "digital identity," a network is less likely fooled and better protected from bad user behavior.”

    Permalink to story.

     
  2. stewi0001

    stewi0001 TS Evangelist Posts: 1,181   +528

    This hacker is obviously a very mature person. *sarcasm*
     
  3. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,506   +498

    He got access to a sharepoint on premise and then did a search on the users "public" information. Like the ones "downplaying" this besides having a nane and email address there is no confidential information released whatsoever.
     
  4. Uncle Al

    Uncle Al TS Evangelist Posts: 1,660   +767

    Now, if he has the names and address of Fox & Diana ......... oh yeah, c/o CBS ........ yawn .....
     
  5. Squid Surprise

    Squid Surprise TS Guru Posts: 860   +272

    I love how the hacker decided to add the hashtag #freepalestine... maybe he should try living over there and see how much better the Palestinians treat their people as opposed to the Americans...

    For example, if he gets caught in the US, he'd simply face prison time... gets caught in Palestine, he's looking at torture and execution...
     
  6. Underdog

    Underdog TS Member Posts: 21   +16

    Guess you've never heard about Guantanamo or the other places in Europe and the middle east where the US does its dirty "interrogation" work.
     
  7. Squid Surprise

    Squid Surprise TS Guru Posts: 860   +272

    Lol... yes, that is bad... but NOTHING like what regimes in the Middle East do - they have no need to hide their torture, it's basically just normal policy... Complain all you want about the US, they're still MILES ahead of the resst of the Middle East when it comes to human rights (although, ironically, Israel is the only nation in the Middle East that comes close!)...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...