Names and addresses of 20,000 FBI employees and over 9,000 Homeland Security workers were dumped on the internet by unknown hackers after they tricked their way into a Department of Justice computer.
Tweeting as @DotGovs, the hackers posted a link pointing to a plain-text post on CryptoBin listing names, job titles, work emails, phone numbers and the states for thousands of employees of the Department of Homeland Security (DHS) and FBI. The list includes computer specialists, procurement officers, budget analysts, directors and senior advisers.
Several news outlets were contacted by the hackers on Sunday evening and given a preview of the data, including Vice’s Motherboard blog and FedScoop. According to the sites, the information in the leak was accurate.
"We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information," DHS spokesman S.Y. Lee said in a statement Monday morning.a
The hackers told Motherboard they accessed the information by compromising an email account of a Justice Department official. They used the email address to “social engineer” access to the DOJ intranet, calling technical support to give them a password.
“So I called up, told them I was new and I didn't understand how to get past [the portal],” one of the hackers told Motherboard. “They asked if I had a token code, I said no, they said ‘that's fine – just use our one’.”
At that point, the hackers gained access to about a terabyte of data, and managed to download about 200 gigabytes.
“This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer,” the hackers said at the beginning of their CryptoBin post. Both the message and the method used in the hack resemble those of a different group of anonymous hackers that last year breached the private email accounts of CIA Director John Brennan and National Intelligence Director James Clapper.
Hit by a series of high-profile data breaches in recent years, the US government is demanding more cyber security funding. Last week, Defense Secretary Ash Carter requested nearly $7 billion for the Pentagon’s cyber operations budget in 2017, to “further DOD's network defenses… build more training ranges for our cyber warriors; and also develop cyber tools and infrastructure needed to provide offensive cyber options."
The Pentagon’s cyber budget for the current fiscal year is $5.5 billion.