A hacker has posted a directory containing nearly 10,000 names of staff at the Department of Homeland Security. Following the DHS post, the hacker via his Twitter account claimed that details of 20,000 employees from the Federal Bureau of Investigation (FBI), is next.
The revelation came from an article on Motherboard first, wherein a hacker claimed to have downloaded hundreds of gigabytes of data from a Department of Justice (DoJ) computer. The publication verified several contact details on the data dump by reaching out to them directly.
It was only after several calls when Motherboard reached the National Operations Centre, a wing of the DHS, that the department confirmed that they hadn’t heard or detected any indication of such a breach.
Speaking to the publication, the hacker revealed that he had social-engineered his way into logging into a DoJ web portal after gaining information about an employee account. When his attempt to login did not work, the hacker simply made a phone call to the targeted department.
He claimed that he was new to the department and did not know how to get access to the portal. In an interview withI, he said:
They asked if I had a token code, I said no, they said that’s fine—just use our one.
He was then able to login and access a virtual machine online through a link on a personal computer. Here, he entered the credentials of the compromised employee account and got through. At this point, the hacker claimed he gained the means to access three different computers, with one of them being the work station of the compromised employee.
By gaining complete access to the computer, he was able to access the local files on the computer as well as those on the intranet network.
Altogether, the hacker had access to 1TB of files, out of which he downloaded around 200GB.
On Sunday, the staff list of names, emails and contact details of employees working at DHS was released.
Furthermore, the hacker also stated that the group he is representing will release the data of 20,000 FBI employees, including those stationed outside the US.
As shown with the hashtag above, the hackers‘ motivations to post the data was revealed at the very beginning of the breached data directory. The message simply read:
//This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer.//
Hacked was able to access the data dump of DHS employees but did not verify the authenticity of the information leaked. A representative for the DOJ or the FBI was not immediately available for comment at the time of publication. The departments are yet to publicly comment on the breach.
Featured image from Shutterstock.