Reports are in the anonymous (but not “Anonymous”) hackers with a pro-Palestinian bent used social engineering to breach a USG database containing metadata – including names, titles, email addresses, and phone numbers – of thousands and thousands of Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) employees, including directors, senior advisors, and computer “specialists“.
Tweeting from the handle @DotGovs and with the username “penis”, the hackers leaked the information on CryptoBini while informing their followers that the password to the AES256-encryptedii bundle was “lol”. While the CryptoBin server has since been taken down, I was able to procure the plaintext lists, which can be found here and here.
Following the initial buuurn of the incident, the following response was sent to reporting agency Motherboard yesterday by a DHS spokeswoman :
Update 8 February 2016 1.20PM ET: The DHS emailed with the following comment from spokesperson S.Y. Lee: “We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information.”
It’s not clear what’s not “personally identifiable” about names, but maybe it’s subtle “blurryface” reference for the kidz.
In any event, whether you choose to use this information to sign up the aforelisted employees for telemarketing scams, Nigerian prince schemes, or $400`000 mortgages is entirely up to you.
Have fun out there.
___ ___ ___
- CryptoBin is like dpaste or pastebin but it allows for the use of passwords to be entered client-side, revealing the unencrypted information in the browser. It’s basically like a PGP for wetodds. ↩
- AES, for the record, is recently deceased.↩