Hacker group releases thousands of names and job titles supposedly belonging to FBI, DHS employees
The leak comes just 24 hours after the same group posted a link to what it claimed was a directory of 9,372 Department of Homeland Security employees.The FBI list, in alphabetical order by last name and ending in the J's, includes nearly 1,300 intelligence analysts and nearly 1,800 special agents. The DHS list ranges in last name from A to Z and contains roughly 100 intelligence analysts.
But The Guardian reported that "an official likened it to stealing a years-old AT&T phone book after the telecom had already digitized most of its data." Other officials reportedly admitted that the process through which the hacker claimed to obtain a token was too simple.
How it happenedAn anonymous member of DotGovs told Motherboard of the coming leaks before they were published. The hacker claimed to have obtained access to a Department of Justice web portal through fairly basic techniques: First, the hacker managed to compromise the email account of a DOJ employee, then he or she called an internal department and asked for help accessing their intranet web portal and was obliged. From there, the hacker claimed to have access to a terabyte of data and to have downloaded 200 gigabytes of it.
"I see no reason why the data would be 'fake,'" Patrick Wardle, director of research at cybersecurity firm Synack. He referenced an entry in the FBI list and found that the individual named was quickly shown by a public records search to have been in recent years a state police trooper with a six-figure salary and a listed phone number matching the FBI's Boston office. "[It] seems reasonable that he's now working at or for the FBI in Boston."Alex McGeorge, a senior security researcher specializing in penetration testing at Immunity Inc., another cybersecurity firm, had reservations about some of the hacker's self-reported methods. McGeorge doubted the hacker's claim that he or she had access to a terabyte of data as they hadn't provided any documents that couldn't have originated from a compromised email account alone.
"Somebody got access to someone [in the DOJ's] email and they milked it for all it was worth and that's probably it until they give us more [proof]."
McGeorge felt that the contents of the leaked directory could be "inconvenient" for the DOJ as organizations like the FBI have employees who are not necessarily at liberty to disclose their employer or title. He felt that it was less valuable than the Office of Personnel Management leak last year.The Department of Justice told Business Insider:
The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information. This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information. Any activity that is determined to be criminal in nature will be referred to law enforcement for investigation.
- Around 96% people saw drop in their earnings during COVID-19 induced lockdown
- Owning an electric two-wheeler is slightly cheaper than petrol and diesel at a time when fuel prices are at a record high
- TTD approves Rs 2,938-crore budget for 2021-22
- Wholesale growth expected to continue for tractors, passenger vehicles and two-wheelers, says equity research firm Emkay
- Centre finalises One District One Focus Product to promote in cluster approach