Report: Hackers steal, post details on 9,000 DHS employees

Warning made of plans to post details of 20K FBI workers

A hacker posted the names, phone numbers and other details about 9,000 Department of Homeland Security employees and says he will post 20,000 similar records about FBI workers. He claims to have records that include military emails and credit card numbers, according to a published report.

Today the hacker posted the details on Twitter along with a screenshot of a warning page allegedly from a Department of Justice computer (shown above).

Motherboard writer Joseph Cox writes that Sunday he received the stolen personal data, some of which came from a single Department of Justice computer hacked using a compromised email account and social engineering.

Cox wrote he checked out the accuracy of the personal information by calling up some of the numbers at random, and in many cases reached voicemail of the persons named or they picked up the phone themselves.

The hacker told Cox that after he compromised the email account of a Department of Justice employee, he tried but failed to log into a DoJ Web portal, then social-engineered an employee into giving him credentials.

The hacker said, “So I called up, told them I was new and I didn't understand how to get past [the portal],” the hacker told Motherboard. “They asked if I had a token code, I said no, they said that's fine—just use our one,” according to the story. From there he moved laterally using the credentials of the hacked email account and reached the work computer of the person whose email he hacked as well as resources on the LAN.

The hacker downloaded 200GB of data from the machine and had access to 1TB, but “couldn’t take all of” it, the story says.

Last year similar details about military personnel were released by a group claiming to be affiliated with ISIS, but at least some of that turned out to be publicly available. Also last year millions of personnel records were stolen from the federal Office of Personnel Management that included Social Security numbers and fingerprints.

Join the CSO newsletter!

Error: Please check your email address.

More about Department of JusticeFBILANTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts