A hacker published info of more than 20,000 Federal Bureau of Investigation agents online on Monday. A day prior to the leak, the same hacker posted info of 9,000 Department of Homeland Security officials.
The data dumps, which appeared on the website www.cryptobin.org, included people’s names, email addresses, job titles, and phone numbers. The password to decrypt their contents was “lol.”
Get Data Sheet, Coins2Day’s technology newsletter.
The FBI press office referred Coins2Day in an email to the Department of Justice. The DOJ responded to Coins2Day’s request for comment with a statement supplied to several news outlets, including Vice Motherboard, which broke news of the first data dump during the Super Bowl on Sunday.
“The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information,” a department spokesperson wrote. “This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information. Any activity that is determined to be criminal in nature will be referred to law enforcement for investigation.”
For more on hacking government officials, watch the following Coins2Day video:
The leaked DHS personnel directory appeared to be several years out of date, according to the Guardian’s review of the data. The UK-based news outlet reported that an official at a government meeting on Monday compared the hacking incident, in the Guardian’s words, “to stealing a years-old AT&T phone book after the telecom had already digitized most of its data.”
DHS was not immediately available to respond to Coins2Day’s request for comment; however, a department spokesperson told Vice: “We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information.”
Both dumps included header messages that indicate an activist motivation for the leaks. “This is for Palestine,” said the first. “Long Live Palestine,” said the other.
These government staffer data breaches are reminiscent of recent cyber intrusions targeting the personal online accounts of CIA director John Brennan, DHS Secretary Jeh Johnson, and most recently, those linked to the director of National Intelligence James Clapper. The hacker group that claimed responsibility for those attacks also sought to raise awareness for the “Free Palestine” movement.
Social engineering, or tricking an employee into providing access to restricted computer networks or to personal data, likely played a part in the compromise.