Science

Hackers Leak Almost 30,000 Government Employees' Personal Information

Need a job in cybersecurity? The Department of Homeland Security may be hiring.

by Joe Carmichael

While Americans nationwide tuned in to watch the Super Bowl, a team of hackers exposed employee data for almost 30,000 FBI, Department of Justice, and Department of Homeland Security employees.

These hackers found their way into a Department of Justice email account, which in turn enabled them to access, but not infiltrate, a directory. Infiltration required a token code in addition to the email’s login information. Getting the code was as easy as swindling a department representative. Once in, the hackers had free range over three computers, then found the databases. And, before the Super Bowl, the hackers warned Vice’s Motherboard what they were up to. During the Super Bowl — around 7 p.m. Sunday — the hackers followed through on their vow.

The DHS database is accessible here, and some of the FBI database is here. (Enter at your own risk.) With the password — “lol” — you can get a look at the employee information. The lists contains employee names, roles, phone numbers, vague locations, and email addresses. (In the DHS list, there are 20 employees whose job titles include the words “Cyber Security” — not sure that they’ll be around much longer.) But the hack does expose, once again, that our government is exceptionally bad at protecting itself from cyber warfare.

This hack was purportedly an effort to raise awareness for a cause: #FreePalestine. (Check out the Twitter account that announced the leaks here.) And, if we’re to take the hackers at their word — which, they’re one-for-one on promises thus far — they “won’t stop until they cut relations with Israel.”

Perhaps the most interesting aspect of the leak — aside from making nerve-wracked calls to DHS employees, hoping for a comment — are the job titles. Within the DHS database, there are 18 “DHS Research Chemists,” for instance. There’s a Biometrics Program Manager. There are 19 people associated with COMSEC, an organization whose sole purpose is “to deny unauthorized persons information derived from telecommunications of the U.S. Government” — or, in other words, to prevent this exact hack from ever happening. There are people known as Knowledge Managers.

And within the FBI database? Special agents. (There’s at least one Special Agent Cooper, but his name, unfortunately, is not Dale.) And there are all sorts of other positions.

Inverse attempted to contact some of these people for a comment, but only one person picked up. She was unauthorized to comment, and seemed either annoyed or perturbed. Her number — unlike many others, as the answering machines of which indicated — was incorrectly attributed to someone else, and, while she seemed aware of the hack, she was unaware that her number was included.

The number listed for “DHS IT Specialist / COMSEC Manager” went straight to an automated message, which announced: “Your call cannot be completed as dialed because the called party is busy.”

Which, in hindsight, was fairly predictable.