BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Anonymous Hacked FEMA, Leaked Hundreds of Email Addresses

From: security curmudgeon <jericho () attrition org>
Date: Thu, 18 Jul 2013 10:32:27 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://motherboard.vice.com/blog/anonymous-hacked-fema-leaked-hundreds-of-email-addresses

By Derek Mead
Vice.com
July 17, 2013

Anonymous breached FEMA servers and pulled information on hundreds of 
agency contacts worldwide. According to the hacker collective, it was in 
response to Homeland Security training exercises that centered on a 
fictional version of the hacker collective. In a document containing 
non-sensitive data pulled from FEMA's system, Anonymous wrote that the 
attack was designed as a reminder that it would continue to fight against 
government efforts to police the internet.

The document, which was sent to me from a Tormail account this morning and 
since been released online, contains a dump of email addresses and contact 
info for hundreds of contacts: police and fire departments nationwide, FBI 
special agents, a "Bioterrorism Coordinator Chair," scores of private 
contractors, and some international contacts at agencies concerned with 
police work, counterterror efforts, and disaster response.

The dump contains a table of user IDs and MD5 hashes of corresponding 
passwords, presumably for DHS's Integrated Security and Access Control 
System. Also included is a small set of what appears to be descriptions of 
training exercises (sample title: "Monitoring Weather Conditions and 
Taking Necessary Precautions") that date from 2004-2007.

"Anonymous has purposefully redacted logins, passwords, SSNs and other 
details that might genuinely endanger the United States from this 
document, our intent is not to harm, merely to issue a firm warning," the 
document's intro states.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: