Hackers leaked DHS staff records, 200GB of files are in their hands
A hacker accessed an employee’s email account at the Department of Justice and stole 200GB of files including records of 9,000 DHS staffers and 20,000 FBI employees.
SecurityAffairs: Yesterday, the data related a Department of Homeland Security (DHS) staff directory were leaked online, a Twitter account shared the link to an archive containing 9,355 names.
The responsible for the data leakage first contacted Motherboard to share the precious archive.
Each record of the DHS Staff Directory includes name, title, email address, and phone number.
Going deep in the archive it is possible to note that it includes information of DHS security specialists, program analysts, InfoSec and IT and also 100 employees with a title “Intelligence”.
The same Twitter account has announced later the imminent release of an additional data dump containing 20,000 FBI employees.
Are the records authentic?
Motherboard that obtained the archive reached the operations center of the FBI, and in one case the individual who pick up the phone presented himself with the same name associated with that number in the archive. A similar circumstance occurred with a DHS employee, Motherboard so confirmed that the information is legit.
Which is the source of data?
According to Motherboard, a hacker accessed an employee’s email account at the Department of Justice. As proof, the hacker sent the email message to Motherboard’s contributor Joseph Cox directly from the compromised account.
“A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.” wrote Cox in a blog post.
“The hacker also claims to have downloaded hundreds of gigabytes of data from a Department of Justice (DOJ) computer, although that data has not been published.”
The hacker first tried to use the compromised credentials to access a DOJ staff portal, but without success, then he called the department directly and obtained the access through social engineering techniques.
The hacker accessed the DoJ intranet where the database is hosted, then he downloaded around the, out of 1TB that he had access to.
“I HAD access to it, I couldn’t take all of the 1TB,” the hacker told to MotherBoard.
The hackers confirmed his intention to release the rest of the data in the near future.Which is the motivation behind the attack?
It is not clear at the moment why the hacker released the archive, surely it’s not financially motivated. The hacker only left the following message when has leaked the data-
“This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer…” which are the verses of “Long Live Palestine”
The only certainty right now is that similar incidents are becoming too frequent, apparently the government staff is not properly trained on the main cyber threats or the hacking technique. Similar incidents show the lack of knowledge on the most basic security measures.
Whenever a hacker leaks so sensitive data, I think the number of his peers who had access to the same information with the intent to use them in other attacks or resell them, perhaps to a foreign government.*** As a reminder, in 2014 a much more dangerous hack intrusion happened at the DHS:
The Department of Homeland Security (DHS) alerted critical infrastructure operators to recent breaches within the sector – including the hack of a U.S. public utility that was vulnerable to brute-force attacks.
This week, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a subgroup of DHS, revealed information about the incidents in a newsletter (PDF).
According to ICS-CERT, industrial control systems were compromised in two, new incidents: one, involving the hack of an unnamed public utility, and another scenario where a control system server was remotely accessed by a “sophisticated threat actor.”
After investigating the public utility hack, ICS-CERT found that the system’s authentication mechanism was susceptible to brute-force attacks – where saboteurs routinely run through a list of passwords or characters to gain access to targeted systems. The control system used a simple password mechanism, the newsletter revealed.
In