A hacker group posted thousands of names and the personal information of law enforcement officials
and FBI agents thanks to the fact that the FBI apparently doesn’t secure its own websites
as well as a dog grooming business.
Fox Business reported:
The Associated Press counted at least 1,400 unique records of employees
of the FBI, Secret Service, Capital Police, and other federal agencies as well as police
and sheriffs’ deputies in North Carolina and Florida.
Tech Crunch was the first to report the exploitation. One of the hackers contacted the outlet
and bragged about their abilities, even directing the reporter to another FBI web site,
which when accessed, showed the
information that had been hacked on the homepage.
Tech Crunch outlined the actions:
A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.
The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal
and law enforcement leadership and training located at the FBI training academy in Quantico, VA.
The hackers exploited flaws on at least three of the organization’s chapter
websites — which we’re not naming — and downloaded the contents of each web server.
The hackers then put the data up for download on their own website, which we’re also not naming
nor linking to given the sensitivity of the data.
The spreadsheets contained about 4,000 unique records after duplicates were removed,
including member names, a mix of personal and government email addresses, job titles,
phone numbers and their postal addresses.
The FBINAA could not be reached for comment outside of business hours.
If we hear back, we’ll update.
TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted
chat late Friday.
“We hacked more than 1,000 sites,” said the hacker.
“Now we are structuring all the data,
and soon they will be sold.
I think something else will publish from the list of hacked government sites.”
We asked if the hacker was worried that the files they put up for download would put federal
agents and law enforcement at risk.
“Probably, yes,” the hacker said.
The hacker claimed to have “over a million data” [sic] on employees across several U.S.
federal agencies and public service organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on
the dark web, but the hackers said they would offer the data for free to show that they
had something “interesting.”
Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked.
When we opened the page in a Tor browser session, the website had been
defaced — prominently displaying a screenshot of the encrypted chat moments earlier.
The hacker — one of more than ten, they said — used public exploits, indicating that
many of the websites they hit weren’t up-to-date and had outdated plugins.
In the encrypted chat, the hacker also provided evidence of other breached websites,
including a subdomain belonging to manufacturing giant Foxconn.
One of the links provided did not need a username or a password but revealed the back-end to a
Lotus-based webmail system containing thousands of employee records, including
email addresses and phone numbers.
Their end goal:
“Experience and money,” the hacker said.
The fact that the Federal Bureau of Investigation is so lax in performing
the most basic security tasks is ridiculous.
Is this intentional?
Are they aware that any Chinese hacker could access such information and probably wouldn’t
brag about it?
Courtesy by Georgette
SCRIVI: IL TUO COMMENTO
- Today' NEW contacts -