The Department of Justice (DoJ) and Homeland Security (DHS) were breached…again. This time, however, there were a little over 20,000 records of sensitive data stolen from those agencies. The interesting thing about this is that it wasn’t done to gain money, but rather political attention.
First Published 10th February 2016
"Fight the powers that be"
2 min read | Reflare Research Team
Yesterday, news broke of a breach in the Department of Justice and Homeland Security. 20,000 records of sensitive data from the DoJ and 9,000 from Homeland Security were stolen in an attempt to gain political attention. The breach is just more evidence that attackers are moving towards political advancement rather than monetary gain and most targets are government officials and associated websites.
The hacker contacted Motherboard before the data was leaked. He described how he was able to access an internal Department of Justice machine and gain full access to it. He claims he first compromised an employee's email, but he does not explain how he was able to compromise it. He then used social engineering to gain elevated privileges. He called the DoJ's web portal hotline and convinced the operator to give him access to the internal network. From there, he gained remote control access to the victim's entire workstation.
The hacker admitted to having 1TB of information but only downloaded 200GB. Years ago, a hacker might take that information and sell it online. Instead, this hacker used a Twitter account to post the file details. The file details were posted with the "#FreePalestine" hashtag. The DoJ has recently commented that it is looking into the attacks and who is behind them.
The records were reviewed by Motherboard, and some of them were outdated, so some speculate that it is not officially up-to-date data. However, what is confirmed is that the breach was meant to bring attention to the political rivalry between Palestine and Israel. The attack is likened to stealing old AT&T phonebook records, but Motherboard confirmed that a few of the records reviewed were answered by DoJ employees, some of whom would not give their titles when asked.
The attack is fresh and little is known about the hacker. He continues to post on his @DotGovs Twitter handle which is supposedly used by multiple people. It sheds light on the importance of government agencies and how they should be on high alert as targets for political hackers, especially social engineering attacks.