Hackers attack release details of public servants in the US

February 9, 2016 |

There is a distinct subset of data breaches where the intention is to embarrass by posting personal information on line.  It is particularly embarrassing because it often involves politically sensitive information such as posting the private files of American police union or  leaking contracts which do not reflect well on the police and the government bodies they dealt with.    In a similar vein hackers have released the names, job titles and phone numbers of 22,000 FBI employees and its contractors.  It is not as huge a data breach of the Office of Public Management last year which involved the theft of data relating to  22 million Federal Government employees.   The consequences of that breach have been catastrophic for the OPM starting with the embarrassment that goes with a review which usually picks up other problems.  In this case OPM is suffering the indignity of a new agency being established to do background checks. The principles of data security remain much the same for a large or small organisation.  The implementation is the problem.

The article regarding the leakage of FBI personal details provides:

A Twitter account named “Penis,” sporting a Buzz Lightyear avatar and pro-Palestinian message, has just released the names, job titles, and phone numbers of apparently more than 22,000 FBI employees and contractors.

Phone calls to a number of those named indicated that yes, the names and phone numbers are indeed correct. Some refused to answer any questions, and instead simply asked for this reporter’s identifying phone number.

Penis tweeted a link to the online database Monday afternoon, along with a password to decrypt it: “lol.”

The news came as no surprise to people following Penis. He gave the information to Motherboard on Sunday, which wrote about his plans to release. Penis accomplished this, he said, the old fashioned way: by tricking a government employee into thinking he was a colleague, claiming he’d lost his access to an employee portal, and finding the information on the Department of Justice Intranet.

The contents of what he was able to acquire—Penis didn’t release anything beyond names, job titles, phone numbers, or email addresses—were less impressive than the scope of what he published. Though the entries number more than 22,000, the listed names, arranged in alphabetical order by entrants’ last name, are cut off midway through the Js. 

The FBI, which investigates most major hacks of U.S. companies without publicly confirming so, didn’t comment, and referred the Daily Dot to the DOJ.

In a statement provided to the Daily Dot, a DOJ spokesman said that “This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information.”

A number of government agencies have been breached recently. Not all are as glaringly large and serious as that of the Office of Personnel Management (OPM), in which the human resource files of some 21.5 million government employees were exposed. Some are similarly childish. In October, a then-13-year-old hacker who goes by “Cracka” hacked the AOL account of CIA Director John Brennan, also relying heavily on social engineering.

Penis didn’t respond to request for comment.

One Response to “Hackers attack release details of public servants in the US”

  1. Hackers attack release details of public servants in the US | Australian Law Blogs

    […] Hackers attack release details of public servants in the US […]

Leave a Reply

Verified by MonsterInsights