BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

DHS Data Leaked, Who’s Next?

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 8 Feb 2016 14:45:02 -0700
https://www.riskbasedsecurity.com/2016/02/dhs-data-leaked-whos-next/

Shortly after the Fraternal Order of Police (FOP) leak, we saw another
potential leak from the same person that was allegedly from the National
Aeronautics and Space Administration (NASA), concerning Drones.  Since the
FOP leak gained attention and was confirmed, this seemed like another
breach that deserved examination. After analysis, it was determined that
the group behind this leak was not accurate and it was just data from
public records which can be accessed by anyone who visits
asp-archive.arc.nasa.gov.

While millions of people were busy watching Super Bowl 50, far fewer were
watching what was going on in the Internet as more data was allegedly
exposed.  It started with a single tweet sharing that the Department of
Justice had realized that they were compromised.

Motherboard posted an article and shared details that they obtained
including soon-to-be-leaked names, job titles, email addresses, and phone
numbers of over 20,000 supposed Federal Bureau of Investigation (FBI)
employees, as well as over 9,000 alleged Department of Homeland Security
(DHS) employees. Their unnamed source also explained how the compromise
occurred and then claimed to have downloaded hundreds of gigabytes of data
from a Department of Justice (DOJ) computer as well.  As we saw with the
NASA drone data, sometimes leaks may not be what they appear to be on the
surface, so the Motherboard article goes on to say that they placed several
calls to the numbers and the names on the list appeared to match.

The data itself was then leaked a little over an hour after the Motherboard
article was published.

To verify further, RBS researches quickly placed a few calls as well, and
all calls went to voicemail and confirmed the names matched the list. When
looking further at the list that was leaked, we found:

1,084 Specialist positions such as DHS Information Assurance Specialist,
 DHS IT Security Specialist and DHS Administrative Specialist
503 Officers positions such as DHS Committee Management Officer and DHS
Senior Liaison Officer
716 Security positions such as Physical Security Division, Cargo Security,
and IT Security Specialist.

As the Super Bowl was coming to an end, without any cyber attack that we
know about, or any sort of power outage,  only the staff list at DHS has
been released. However, it appears that there is more to come very soon.
In this case, based on what we have seen with confirmation of the initial
list, we believe the threat of further leaks to be credible.

We aren’t the only ones that believe there is more than just DHS data
compromised at this point. A well known Anonymous account published a few
screen captures and the following message claiming the FBI and DOJ are
compromised as well.

Update 2/8/2016 @4:11pm

It appears that 22,175 FBI employee names, titles, phone numbers, and email
addresses have been published as promised. At the time of this update, the
list was posted includes names up until the last name “Jenkins“. With what
appears to be a steady stream of more leaked data to come, the Department
of Justice and its 60 sub-agencies will need to react quickly to determine
the extent of the leak, and if it will impact their operations. On the
heels of theOffice of Personnel Management breach, this is yet another
reminder of the severity of such information becoming public.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: