A hacker who has chosen to hide his identity has reportedly stolen the data of 20,000 supposed Federal Bureau of Investigation (FBI) employees. He also has claimed to steal information relating to over 9,000 alleged Department of Homeland Security (DHS) employees.
Motherboard reports to have obtained the supposedly soon-to-be-leaked data and called a large selection of random numbers in both the DHS and FBI databases.
The calls were passed through to their respective voicemail boxes. The names of the owners matched with the names in the database. Motherboard claims that they also reached the operations center of the FBI, according to the person on the other end.
The hacker claims that he downloaded hundreds of terabytes of data from a Department of Justice (DOJ) website. The data, however, has not been made public yet.
One alleged FBI intelligence agent picked up the phone and, to his surprise, identified herself as the same name that was listed in the database. A DHS employee tried to imitate that but did not feel comfortable confirming his job title.
Few of the phones listed for specific agents or employees went through to generic operator desks in several other departments. One FBI number that Motherboard dialed passed through to a voicemail box, but surprisingly, the recorded message seemed to indicate it was somebody else’s account. The same thing happened with the two of the DHS numbers.
The unnamed hacker also told Motherboard website that the data was obtained after hacking a DOJ employee’s email account via social engineering. The email account wasn’t enough to pass through a DOJ web portal, but the hacker called the relevant department, used his social engineering skills to gain access, and manipulated the databases via a DOJ intranet.
“So I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker told Motherboard’s Joseph Cox. “They asked if I had a token code, I said no, they said that’s fine—just use our one.”
The hacker says he then logged into the computer. After logging into the personal computer, he clicked on a link which took him to an online virtual machine and entered in the credentials of the hacked email account. By doing this, the hacker gained access to three different computers, among which was the work machine of the person behind the originally hacked email account.
Computerworld reports that the hacker claims that he downloaded 200GB of data although he had access to 1TB of data. In reference to the DHS employee directory, it contains all manner of directors, managers, specialists, analysts, intelligence staff members, and more. Among the over 9,000 titles, some were a surprise, including DHS PRISM Support mentioned previously.
Jeff Stein of Newsweek reports that the hacker infiltrated the Office of Personnel Management and stole the security clearance information of more than 18 million federal employees and breached FBI agents’ personnel files in the process.
The Department of Justice is undeterred by the hacker’s outrageous claims. They did not respond to Motherboard’s request for comment, and the FBI was not reachable. Motherboard provided a copy of the apparent DHS data to the National Infrastructure Coordinating Center (NICC), which is part of the DHS, but it declined to comment on the issue. A DHS public affairs officer refused to make any comments.
An FBI source told Newsweek that some FBI employees were notified in May that their files had been accessed by hackers during the massive year-long breach of OPM’s database.
More than 36,000 people currently work for the FBI, and while it remains unclear how many of them were affected by the alleged hack, the cyber security breach by the unnamed hacker can have “mind-boggling” effects, according to the sources, because there can be several classified data.
[Photo by Patrick Lux/Gettyimages]