- Sep 12, 2015
- 617
Apparently a "hacker" managed to breach the FBI computer system and pulled off a huge number of employee records.
He used what I would call social engineering to trick them into giving him a login token
Some of the data went beyond employee records too...
The team of geniuses on CBS's action-drama show Scorpion routinely make it look simple to hack into government systems, and while it's not supposed to be that way in real life, a hacker who wishes to remain anonymous didn't have much trouble plucking personal details of 20,000 Federal Bureau of Investigation agents and 9,000 Department of Homeland Security employees. How so?
According to Motherboard, who's been in contact with the hacker, it all began with a compromised Department of Justice email account. The hacker didn't say how he sabotaged the email account, but once he had the login details, he tried accessing the DoJ's web portal. When that didn't work, he simply called up the department.
He used what I would call social engineering to trick them into giving him a login token
"I called up, told them I was new and I didn't understand how to get past [the portal]. They asked if I had a token code. I said 'No', they said 'That's fine, just use our one'."
After that, he logged in, clicked on a link to a PC that directed him to an online virtual machine, entered in the DoJ's email login details, and then had access to three computers, including the one belonging to the DoJ employee he initially hacked. According to the hacker, once he clicked on that PC, he had full access to it, and from there he pulled documents on the DoJ's intranet containing details of tens of thousands of employees—some 200GB worth (he had access to 1TB).
Some of the data went beyond employee records too...
The hacker said that some of the data contained military emails and credit card numbers, though it's not clear if he swiped that as well or just peeked at it while he was in the system. Either way, he didn't provide those details to Motherboard, just the aforementioned accounts.
Motherboard was able to confirm that the data was accurate by randomly calling some of the numbers the hacker provided. The numbers led to various FBI agents and employees, one of which told the site this was the first they heard of the data breach.
The hacker has already dumped the data containing details of the 9,000 DHS employees through Twitter accompanied by a pro-Palestinian message. He also plans to dump the remaining data, but hasn't done so yet.