Reflare Weekly Security Briefing 2016-05 - Security in Politics #3
Yesterday, news broke of a breach on the Department of Justice and Homeland Security. 20,000 records of sensitive data from the DoJ and 9,000 from Homeland Security were stolen in an attempt to gain political attention. The breach is just more evidence that attackers are moving towards political advancement rather than monetary gain and most targets are government officials and associated websites.
The hacker contacted Motherboard before the data was leaked. He described how he was able to access an internal Department of Justice machine and gain full access to it. He claims he first compromised an employee’s email, but he does not explain how he was able to compromise it. He then used social engineering to gain elevated privileges. He called the DoJ’s web portal hotline and convinced the operator to give him access to the internal network. From there, he gained remote control access of the victim’s entire workstation.
The hacker admitted to having 1TB of information but only downloaded 200GB. Years ago, a hacker might take that information and sell it online. Instead, this hacker used a Twitter account to post the file details. The file details were posted with the “#FreePalestine†hashtag. The DoJ has recently commented that it is looking into the attacks and who is behind them.
The records were reviewed by Motherboard, and some of them were outdated, so some speculate that it is not official, up-to-date data. However, what is confirmed is that the breach was meant to bring attention to the political rivalry between Palestine and Israel. The attack is likened to stealing old AT&T phonebook records, but Motherboard confirmed that a few of the records reviewed were answered by DoJ employees, some of whom would not give their titles when asked.
The attack is fresh and little is known about the hacker. He continues to post on his @DotGovs Twitter handle that is supposedly used by multiple people. It sheds light on the importance of government agencies and how they should be on high alert as targets for political hackers, especially social engineering attacks.