An unknown hacker published FBI and DHS employee contact information on an anonymous data sharing website. The unknown hacker, who calls himself "Penis," made the announcement on his Twitter page, which directed users to the data sharing site. According to the announcement, the information includes the employees' names, job titles, email addresses, and phone numbers.
CNET reports Penis used "a compromised Department of Justice email account" to gain access to the sensitive information.
In an interview with Motherboard, the hacker confirmed he accessed the FBI and DHS employee information through a DOJ employee's email account. Although he did not reveal how he gained access to the account, the hacker explained how he used the email account to access the agency's web portal.
"I called up, told them I was new and I didn't understand how to get past [the portal]... They asked if I had a token code, I said no, they said that's fine—just use our one."
With the token code, the hacker accessed the email account holder's computer and all of the databases and documents that employee had permission to access.
— Haaretz.com (@haaretzcom) February 9, 2016
The hacker reportedly gained access to a total of 1TB of data, including the FBI and DHS employee names, job titles, email addresses, and phone numbers. Although he reportedly also gained access to "military emails and credit card numbers," the hacker has not published that information at this time.
The data, which was published on Sunday and Monday, includes the details of more than 20,000 Federal Bureau of Investigation employees and an estimated 9,000 employees of the United States Department of Homeland Security.
As promised, hacker dumps those details of 20,000 apparent FBI employees https://t.co/s7oIaVuGnS pic.twitter.com/fqlijTn6eL
— Joseph Cox (@josephfcox) February 8, 2016
The published information appears to be accurate. Using the provided phone numbers, Motherboard attempted to contact the listed employees.
According to the February 7 article, a majority of the calls "went through to their respective voicemail boxes, and the names for their supposed owners matched with those in the database."
S.Y. Lee, who is identified as a spokesperson for the Department of Justice, confirmed the published information was not critical to the operation of either agency. However, the spokesperson said the breach is being taken "very seriously."
In addition to linking to the DHS and FBI data, the hacker posted several references to Isreal and Palestine, including the phrase "#FreePalestine."Penis also thanked Vinne Omari, who reportedly helped hack into the FBI and DHS databases.
The hacker also thanked Vinne Omari, who reportedly helped hack into the FBI and DHS databases.
However, he later posted, "Just for the record everyone @Vinnie is a joke."
In December 2014, Omari was arrested as a member of the Lizard Squad, which reportedly hacked into Microsoft and Sony and shut down both of their online gaming networks on Christmas Day.
It is unclear how much information the hacker accessed in addition to the FBI and DHS employee contact information. However, in another Twitter post, he said that the "FBI and DHS info is dropped and that's all we came to do, so now its time to go... "
Although the hacker did not publish any highly sensitive information, the breach underlines a disturbing lack of security on government websites.
In June 2015, officials discovered two separate attacks on United States government personnel databases. As a result, hackers gained access to nearly 22 million Social Security numbers.
CNET reports the hackers accessed documents pertaining to employee background checks. In addition to Social Security numbers belonging to the employees and their families, the reports also included "findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints."
In the most recent attack, a hacker gained access to FBI and DHS employee contact information. However, it is unclear whether he has or plans to publish more sensitive information.
[Image via GlebStock/Shutterstock]