Following through on his threat, the hacker responsible for breaching the Department of Justice's (DOJ) web portal has publicly posted stolen data corresponding to roughly 20,000 employees of the FBI and 9,000 from the Department of Homeland Security (DHS).
Using the data dump as a means to express support for Palestine, the hacktivist on Sunday tweeted a link to a CryptoBin page containing a list of DHS personnel's names, job titles, private emails, phone numbers and more. Then yesterday the perpetrator struck again, using the same m.o. to publish the FBI's personnel data. The hacker wrote: “Long Live Palestine, Long Live Gaza” above the data dump and also included a #FreePalestine hashtag. At this point, neither CryptoBin page is available.
In a statement to SCMagazine.com by DHS spokesperson S.Y. Lee, DHS said, “We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously; however there is no indication at this time that there is any breach of sensitive or personally identifiable information.”
Even so, the data breach is new blemish on the federal government's already spotty IT security record — especially with the 2015 hack of the U.S. Office of Personnel Management fresh in people's minds. Considering that the hacktivist gained access to government systems through a combination of phishing and social engineering, Tim Erlin, director of IT security and risk strategy at cybersecurity solution company Tripwire, told SCMagazine.com that moving forward, the federal government should “couple [employee] training with technology controls that prevent individuals from taking unauthorized action even when they're convinced that they should.”