Hackers access FBI-affiliated websites to post personal info of agents and police officers
The website Techcrunch has learned that hackers exploited a breach on several FBI-affiliated websites to acccess files containing the personal information of thousands of federal agents and police officers.
The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.
The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.
The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.
The motive? Apparently, the hackers are going to try to sell the information.
TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
The hacker says there's more where that came from.
The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”
For those who glorify these cyber thugs as Robin Hoods or heroic whistleblowers, get a load of this:
The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.
In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn. One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.
Their end goal: “Experience and money,” the hacker said.
It's hard to imagine a lower form of pond scum than a hacker who would knowingly put innocent people and their families in danger and do it for money. But that is the mindset of hackers like Julian Assange who didn't care that he put lives at risk by posting hundreds of thousands of secret documents on the wars in Iraq and Afghanistan.
Assange will eventually pay for his crimes. Will these cyber sleazes pay for theirs?