Hacker Makes Infiltrating FBI Database Seem All Too Easy

SloppyMcFloppy

SloppyMcFloppy

Level 13
Thread author
Verified
Sep 12, 2015
617
Content source
http://www.maximumpc.com/hacker-makes-infiltrating-fbi-database-seem-all-too-easy/
Apparently a "hacker" managed to breach the FBI computer system and pulled off a huge number of employee records.
The team of geniuses on CBS's action-drama show Scorpion routinely make it look simple to hack into government systems, and while it's not supposed to be that way in real life, a hacker who wishes to remain anonymous didn't have much trouble plucking personal details of 20,000 Federal Bureau of Investigation agents and 9,000 Department of Homeland Security employees. How so?
According to Motherboard, who's been in contact with the hacker, it all began with a compromised Department of Justice email account. The hacker didn't say how he sabotaged the email account, but once he had the login details, he tried accessing the DoJ's web portal. When that didn't work, he simply called up the department.
Click to expand...

He used what I would call social engineering to trick them into giving him a login token
"I called up, told them I was new and I didn't understand how to get past [the portal]. They asked if I had a token code. I said 'No', they said 'That's fine, just use our one'."
After that, he logged in, clicked on a link to a PC that directed him to an online virtual machine, entered in the DoJ's email login details, and then had access to three computers, including the one belonging to the DoJ employee he initially hacked. According to the hacker, once he clicked on that PC, he had full access to it, and from there he pulled documents on the DoJ's intranet containing details of tens of thousands of employees—some 200GB worth (he had access to 1TB).
Click to expand...

Some of the data went beyond employee records too...
The hacker said that some of the data contained military emails and credit card numbers, though it's not clear if he swiped that as well or just peeked at it while he was in the system. Either way, he didn't provide those details to Motherboard, just the aforementioned accounts.


Motherboard was able to confirm that the data was accurate by randomly calling some of the numbers the hacker provided. The numbers led to various FBI agents and employees, one of which told the site this was the first they heard of the data breach.

The hacker has already dumped the data containing details of the 9,000 DHS employees through Twitter accompanied by a pro-Palestinian message. He also plans to dump the remaining data, but hasn't done so yet.
Click to expand...
 
  • Like
Reactions: harlan4096, Raider Red, Rishi and 4 others
pneuma1985

pneuma1985

Level 4
Verified
Aug 30, 2015
189
HaHa sorry that is hilarious: thats some old school hacking right there.. Call up and tell em "you don't know how this thing works", ROFL "ok heres my token try this one it should work" ROFL... Sorry to funny! It's no wonder U.S. FBI & DOJ servers are vulnerable they let idiots have access to them! The vulnerability isn't always the system, most of the time it's the people behind the terminal...
 
Last edited:
  • Like
Reactions: Rishi, frogboy, Sana and 2 others
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Basic style but no one manage to verify carefully where an attack is already plan. As always on movies related through hacking where systems can access easily is indeed exist on reality. The problem always where ignorance on security as implementation can be considered sub-standard.
 
  • Like
Reactions: Rishi and Sana
bunchuu

bunchuu

Level 8
Verified
Well-known
Mar 17, 2015
370
I thought those social engineering trick only work on movies :p
My bank will always asking several personal questions when I want to change something.

Well, its valuable lesson for their IT team.
 
  • Like
Reactions: Rishi and Sana
Sana

Sana

Level 5
Verified
Well-known
Dec 30, 2015
211
LOL. My dad is so paranoid with these scammers and stuff. Even if he gets a legitimate call from the bank asking for details, he says "you should know, your're calling me". :p
 
safe1st

safe1st

Level 17
Verified
Top Poster
Well-known
Jan 29, 2016
812
Sana said:
LOL. My dad is so paranoid with these scammers and stuff. Even if he gets a legitimate call from the bank asking for details, he says "you should know, your're calling me". :p
Click to expand...

If they calling us, means they know us.
Agreed with your dad. but we should be careful tho.. Maybe they also want make sure that is your dad, not others..
 
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,147
This is the best way to get started in the Computer Security field. An arrest gets a person a job with an above decent salary; with actual Federal Jail Time the sky is the limit!
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • HaHa
    • Like
    • Applause
Russian hacker infects himself through own infostealer
Replies
1
Views
1,082
News Archive
Zappathustra
Zappathustra
Gandalf_The_Grey
    • Applause
    • Like
Spain's most dangerous and elusive hacker now in police custody
Replies
0
Views
975
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Viking
    • Like
    • Wow
    • Sad
Indian Railways Data Breach: 30 Million User Records up for Sale
Replies
0
Views
570
News Archive
Viking
Viking

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top