Under a pro-Palestine slogan, a hacker has released information on over 29,000 employees of the FBI and DHS. It isn’t certain who’s behind this, but it’s been speculated that the hackers behind this are same ones from “Crackas With Attitude” (CWA) who were responsible for attacks toward the CIA. According to a tweet, the leader is “Vinnie” who has ties to “Lizard Squad” and was arrested in 2014.
Several tweets have been made that voiced support for the “FreePalestine” movement. One tweet explained that this hack was to bring attention to the movement. It was also expressed in a tweet that Israel and the US governement are evil. “We support #FreePalestine, Israel and the US Gov are evil!”
Support for “FreeJeremy” has been shown as well, “Jeremy” being Jeremy Hammond who was a member of Anonymous and is currently serving 10 years in prison.
The Motherboard reports that the hacker obtained this information by gaining access to an email account of a DoJ employee, where he then social engineered his way into the DoJ web portal giving him access to a virtual machine. The virtual machine gave him full access to several computers, getting full access to those computers allowed him to download the data in databases, among the data being contact information for government employees. The hacker claimed to download around 200GB of data out of the 1TB he had access to. This means that the data released so far is a tiny portion of the data downloaded by the hacker. He told Motherboard “I HAD access to it, I couldn’t take all of the 1TB”. He also claimed to have military emails and credit cards but proof was never provided.
However, the data released so far doesn’t seem to be that sensitive since it only consists of names, positions, emails, and phone numbers.
It’s even been questioned if the hackers are telling the truth, which isn’t surprising considering the recent NASA “hack” by “AnonSec”.
A DHS spokesman has said that “We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information.”
Along with the DHS, the Justice Department is looking into this hack according to a spokesman, “The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information.”
It’s very alarming that such a simple hack was able to take place despite more serious breaches like the Office of Personnel Management from last year. You’d think the government would’ve tightened up security by now.