In the latest cyber-attack targeting the federal government, an intruder gained access to information for thousands of employees at the Justice Department and the Department of Homeland Security, but officials said that there was no indication that sensitive information had been stolen.
Most of the information appeared to have been culled from internal government directories, including employees’ email addresses, phone numbers and job titles. Motherboard, a technology news site, reported that it had been approached by a hacker who claimed to have obtained employee information on about 20,000 people at the F.B.I. and 9,000 at the Department of Homeland Security. The hacker professed support for pro-Palestinian groups and vowed to make the information public in an apparent attempt to embarrass federal agencies that play a part in cybersecurity operations. Officials at the Justice Department and the Department of Homeland Security said they were examining the breach. “There is no indication at this time that there is any breach of personally identifiable information,” said Peter Carr, a spokesman for the Justice Department. Marsha Catron, a Homeland Security spokeswoman, echoed that statement.
It was unclear when the breach had occurred or whether it was connected to an intrusion last fall that exposed personal emails of Jeh Johnson, the Homeland Security secretary, and John O. Brennan, the C.I.A. director. The hackers who claimed to have carried out those attacks also expressed pro-Palestinian views. The new breach does not appear to have resulted from an attack using an outside computer to penetrate the system. Instead, officials said, they believe that the intruder impersonated a government employee and used that information to get into other parts of the system. The officials would not elaborate on how that had been done, but described it as a social engineering breach, which could involve pulling personal information from social media and using it to determine passwords. Agencies across the federal government have struggled to keep computer information secure from both outside hackers and their own employees.
A hacker published info of more than 20,000 Federal Bureau of Investigation agents. A day prior to the leak, the same hacker posted info of 9,000 Department of Homeland Security officials. The data dumps, which appeared on a website included people’s names, email addresses, job titles, and phone numbers. The password to decrypt their contents was “lol.” The agencies supplied the following statement to several news outlets:
“The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information. This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information. Any activity that is determined to be criminal in nature will be referred to law enforcement for investigation.” The leaked DHS personnel directory appeared to be several years out of date, according to the Guardian’s review of the data. The UK-based news outlet reported that an official at a government meeting on Monday compared the hacking incident, in the Guardian’s words, “to stealing a years-old AT&T phone book after the telecom had already digitized most of its data.” A department spokesperson told Vice: “We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information.” Both dumps included header messages that indicate an activist motivation for the leaks. “This is for Palestine,” said the first. “Long Live Palestine,” said the other. These government staffer data breaches are reminiscent of recent cyber intrusions targeting the personal online accounts of CIA director John Brennan, DHS Secretary Jeh Johnson, and most recently, those linked to the director of National Intelligence James Clapper. The hacker group that claimed responsibility for those attacks also sought to raise awareness for the “Free Palestine” movement.
Social engineering, or tricking an employee into providing access to restricted computer networks or to personal data, likely played a part in the compromise