Skip to main content
  1. Home
  2. Computing
  3. News

Hacker compromises data of nearly 30,000 FBI and DHS employees with a simple phone call

By

hacker compromises data of nearly 30000 fbi and dhs employees with a simple phone call j edgar hoover building headquarters
The J. Edgar Hoover Building, home of the Federal Bureau of Investigation, in Washington, D.C.. Image used with permission by copyright holder
In most cases, hacking is a much more laborious task than the one-button system we all experienced in Watch Dogs two years ago, but that’s not the case for a real-life hacker who actually stole confidential information from the FBI and Department of Homeland Security.

The hacker, who in his conversation with Motherboard says he wishes to remain anonymous, began by acquiring credentials for a single Department of Justice email account. Logging in with the credentials actually failed to work, but the hacker was undeterred. He gave the department a phone call, swindling a support representative for the instructions he so desperately needed.

Recommended Videos

“I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker explains. “They asked if I had a token code. I said ‘No’, they said ‘That’s fine, just use our one’.”

And, just like that, he was able to log in, access a DoJ virtual machine, enter the login credentials, and secure complete access over three department computers. Of these systems was one owned by the employee whose email account he had earlier hacked. All he had to do was click on it, and he would have complete, unadulterated access to the entire PC, along with all its file systems.

So he did what any malicious, power-hungry hacker would do — he accessed over 1TB of DoJ documents, sporting personal details of tens of thousands of employees, and of that terabyte, about 200GB was stolen.

Though the hacker notably mentioned the system included its fair share of military emails and credit card numbers, whether he actually seized any of that data is largely nebulous. Nonetheless, while those details weren’t given to Motherboard for verification, the aforementioned DoJ personal documents were.

Included in these documents were allegedly the phone numbers of the government employees at risk. By randomly selecting a handful of the numbers provided and calling them, Motherboard was able to confirm their veracity.

“We are looking into the reports of purported disclosure of DHS employee contact information,” Department of Home Security spokesperson S.Y. Lee responded to the initial report. “We take these reports very seriously, however, there is no indication at this time that there is any breach of sensitive information.”

In an update provided by Motherboard earlier today, it’s now evident that the personal accounts of 9,000 DHS employees have been leaked on Twitter, coupled with a “pro-Palestinian message.”

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
This gorgeous Mac mini hub exacerbates the power button placement problem
M4 Mac mini with Satechi hub on a desk.

Satechi, known for its high-quality tech accessories, is updating its Mac mini hub for the new M4 model. Like previous hubs, it allows Mac mini owners to expand their storage and ports while preserving airflow, wireless signal, and performance. It looks awesome, but this time, the design highlights the problematic nature of the new Mac mini's placement of its power button.

With previous Mac mini models, the power button was at the back, making it easily accessible even when it was in a Satechi hub. The new button placement on the bottom of the PC, however, may prove even more annoying for anyone who wants to buy this accessory.

Read more
Proton VPN vs. Mullvad: Which is the best open-source VPN?
Proton VPN Plus and Mullvad websites appear in a split-screen on a PC monitor.

Open-source software is exploding in popularity and even virtual private networks (VPNs) share code for transparency. With over 100 million open-source developers contributing to the community, there’s an improved chance to find bugs and patch vulnerabilities.

Proton VPN and Mullvad are among the best VPNs available, and both are open-source solutions. You can browse the code used in Proton VPN and Mullvad on GitHub to check that there isn’t any secret logging or undisclosed data collection.

Read more
Some older D-Link routers are vulnerable to attack
D-Link Omna 180 Cam HD

A few legacy D-Link routers can be vulnerable to Remote Code Execution (RCE) attacks since the company refuses to send any updates to patch them up, claiming they have reached end-of-life, as recently posted on its announcement page.

The vulnerability is a serious issue since it allows hackers to take control from anywhere in the world and use a stack buffer overflow. This attack sends more data than the buffer size can handle, potentially corrupting critical information like the return address. Thus, hackers can take control of your PC. However, the company did not detail how the threat works, possibly not informing the hackers too much about the issue.

Read more