A hacker followed through on his threats by posting a database including details of almost 10,000 Department of Homeland Security (DHS) employees online and promised to post a similar database today, featuring details of 20,000 Federal Bureau of Investigations (FBI) employees.
The hacker announced the publication of the DHS hack on Twitter, soon followed by the promise to publish the FBI database Monday. The DHS database — published on text-sharing website Cryptobin — contains names, titles, email addresses and phone numbers of 9,355 DHS employees.
The database appeared to be genuine and matches other online records. Ahead of the publication of the database, the hacker shared the information with Motherboard, which carried out its own checks and found most of the information matched up.
The hacker also shared the supposed FBI database, and it too appeared to be genuine, according to Motherboard's own investigations. The hacker explained to the publication exactly how he was able to access the huge trove of data.
The initial point of compromise was a Department of Justice email account, though how this was compromised remained unclear. The hacker sent an email from the DoJ account to Motherboard reporter Joseph Cox as proof. Using the compromised details, the hacker attempted to access the DoJ portal but failed. “So I called up, told them I was new and I didn't understand how to get past [the portal]. They asked if I had a token code, I said no, they said that's fine — just use our one.”
From there, the hacker was able to gain access to an internal DoJ network which he claimed contained 1TB of data, though he was able to download only 200GB.
The DoJ, DHS or FBI have yet to comment on the apparent breach.
The Twitter account used by the hacker suggested the reason for posting the stolen data online was to bring attention to the conflict between Israel and Palestine.
Be sure to tweet #FreePalestine to bring awareness to all the kids dying by Israeli bombs that the US government funds!
— penis (@DotGovs) February 8, 2016
The account suggested there was more than one hacker involved in the data breach, with a former member of the notorious hacking group Lizard Squad among those named.