Hackers say they’ve been able to breach the U.S. Department of Justice and steal sensitive information from 20 thousand employees, including FBI officials, and those who work outside of the U.S. The hackers also say that they have information concerning over 9 thousand Department of Homeland Security employees. The Department of Homeland Security did not realize that a breach had occurred until they were informed by writers at Motherboard.
The hackers posted the data online, on an encrypted website that required the password “lol” to gain access. The website also displayed two screenshots of a web browser that was logged into a DOJ computer. The information included phone numbers and email addresses for people who used to be employed by the DOJ. Some of the posted phone numbers lead directly to employees. Others lead to general department operator desks. The hackers also leaked job titles that covered employees in various departments, including contractors, special agents, and intelligence analysts.
The affected departments met to discuss the data breach, and found that the hackers didn’t steal any private information like employee Social Security numbers. The data in this breach was mainly names, titles, and phone numbers. A hacker said he was able to access the data initially by compromising the email account of an employee at the DOJ. He tried to log into the DOJ web portal with the employee’s email, but was unable to get through. Then the hacker called the DOJ and pretended to be a new employee who couldn’t figure out how to use the portal. He said he did not have a token code, so the DOJ just gave him a token to use.
Through the DOJ intranet, the hacker was able to access the employee’s work computer and see the user’s documents, and some other documents on the local network. The hacker said he found a way to to access 1TB of data, including credit card numbers and military emails, although there is no evidence that he took any of that data. The hacker was only able to take 200GB worth of data, but this breach highlights the poor endpoint security in place at the DOJ. A hacker should not have been able to override an authentication token by placing a phone call and impersonating a DOJ employee.
This isn’t the first time the American government has been targeted by hackers. Back in October, a teenager was able to break into the CIA Director’s private email. More recently, the IRS revealed that identity thieves used a bot to gather Social Security numbers, which they then used to create 100 thousand PINs which will be used to file fraudulent refunds. In 2014, Russian hackers were able to read the President’s unclassified emails. The massive breach at the Office of Personnel Management compromised the sensitive data – including veteran status information, pay history, and fingerprints – of government employees. The DOJ data breach is not as big as last year’s breach at the OPM, where 21.5 million federal employees and dependents were affected, but it’s still concerning that hackers were able to gain access to information on federal networks.
Increasingly, hackers have been trying to steal information from government databases. Promisec Endpoint Manager (PEM) is an endpoint security solution that can keep federal departments free from unauthorized intrusions. PEM analyzes when systems are no longer compliant with departmental security standards and can immediately identify the problem. Best practice standards like DISA STIGs can be directly loaded into PEM, which lets federal department security teams measure endpoint risk and ensure endpoint protection. PEM’s cyber threat detection capabilities allow IT teams to identify unauthorized access before hackers have a chance to gather information. With PEM, security teams can remediate problems automatically and remotely, and keep federal data secure.