A hacker group with ties to Palestinian activists and expressing sympathy for Islamic State extremists has published a list of about 9,000 employees of the Department of Homeland Security as well as a partial list of employees of the Federal Bureau of Investigation.
Examination of the lists, which were posted on an encrypted server, reveals that the DHS listing is several years out of date. The listing of 22,000 FBI employees is partial, with the names ending with last names starting with J.
The hackers communicated with the online publication Motherboard and told contributor Joseph Cox that they'd had trouble getting access to an email account of a Department of Justice employee.
The hackers said that the DOJ help desk provided the necessary log-in information to allow them access to a workstation used by that employee. They said that their access even included access to the agency's internal servers. A hacker using the Twitter account @dotgovs posted a screen shot of the server access.
In his Twitter postings, the hacker expressed support for the Free Palestine movement, quoted frequently from ISIS posts, and in his posts supported that cause. The hacker also expressed support for ending Israeli occupation of the Gaza Strip and for destroying the state of Israel altogether.
While the breach apparently occurred on a computer located at the Department of Justice, the hacker took a list of employees from DHS. The list included the names, and in nearly every case, the phone numbers, email addresses and job titles of those employees.
I examined the list for everyone I happen to know at DHS and found none of them, indicating the list is fairly old. Confirming that, I found a few names of people I know to have left the agency some years ago.
The list of the FBI employees, which appeared online Feb 8, is potentially more damaging since it includes, among the other personal data, the location of the employees. Assuming the list is accurate, this could expose FBI employees located outside the United States, perhaps including those who are working covertly.
The FBI and the DHS aren't saying much about the breach. The FBI, in response to an inquiry from eWEEK, said they were referring all questions to the DOJ for comment.
A spokesperson for the Department of Homeland Security expressed concern when contacted by eWEEK earlier in the day. "We are looking into the reports of purported disclosure of DHS employee contact information," the spokesperson said in an email. "We take these reports very seriously; however, there is no indication at this time that there is any breach of sensitive or personally identifiable information."
A DOJ spokesperson responded to eWEEK by email, "The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information. This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information.