Shortly after revealing the contact information of nearly 10,000 Department of Homeland Security employees, a group of hackers on Monday also published the contact information of more than 22,000 FBI employees. The leaked information, in addition to disclosing names and job titles, also includes employee phone numbers, states of residence, and email addresses.
Notably, identifiable information of FBI employees from all areas of the bureau was compromised, including special agents, intelligence analysts, technicians, language specialists and more.
DON’T MISS: 5 secret features hiding inside your iPhone
The group behind the attack goes by the name DotGovs, with one member recently telling Motherboard that their most recent hack was carried out with rather elementary techniques.
After obtaining the email credentials of a Department of Justice employee, the hacker tried and failed to access the DOJ web portal. Next, he/she implemented some old-fashioned social engineering techniques and called up “the relevant department.”
“So I called up, told them I was new and I didn’t understand how to get past [the portal]. They asked if I had a token code, I said no, they said that’s fine—just use our one.
The hacker says he then logged in, clicked on a link to a personal computer which took him to an online virtual machine, and entered in the credentials of the already hacked email account. After this, the hacker was presented with the option of three different computers to access, he claimed, and one was the work machine of the person behind the originally hacked email account.
“I clicked on it and I had full access to the computer,” the hacker said. Here the hacker could access the user’s documents, as well as other documents on the local network.
As for the group’s motivations, they run a Twitter account with a @DotGovs handle and frequently use the hashtag FreePalestine on their tweets. A tweet over the weekend indicated that the group won’t stop their hacking activities until the U.S. Government cuts relations with Israel.
For what it’s worth, Government officials have been trying to downplay the hack, with one official reportedly likening it to “stealing a years-old AT&T phone book .”
Commenting on the hack, DOJ spokesman Peter Carr explained that no private information – such as social security numbers – was compromised during the security breach.
“The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information,” Carr told CNN. “This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information. Any activity that is determined to be criminal in nature will be referred to law enforcement for investigation.”