Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Leak DHS Staff Directory, Claim FBI Is Next (csoonline.com)

Posted by timothy on from the soon-we'll-leak-your-mailing-address dept.

itwbennett writes: On Sunday, the name, title, email address, and phone number of more than 9,000 DHS employees, with titles ranging from engineers, to security specialists, program analysts, InfoSec and IT, all the way up to director level was posted on Twitter. 'The account went on to claim that an additional data dump focused on 20,000 FBI employees was next,' writes CSO's Steve Ragan. The hacker told Motherboard that the data was obtained by "compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place."

21 of 81 comments (clear)

  1. Sad state of affairs by daq+man · · Score: 3, Insightful

    I don't know which is worse, that outfits like the DHS and FBI have such lousy cyber security that this can happen or that someone thinks that publishing this stuff is helping their cause.

    1. Re:Sad state of affairs by bws111 · · Score: 2

      Is this stuff even supposed to be a secret? My company has a link to the employee directory (containing names, titles, email addresses, and phone numbers) right on the home page of their web site.

    2. Re:Sad state of affairs by U2xhc2hkb3QgU3Vja3M · · Score: 3, Insightful

      I think they're doing this to shame the DHS and FBI and at the same time show the world that this kind of thing is possible even without government-approved backdoors.

    3. Re:Sad state of affairs by 110010001000 · · Score: 2

      That doesn't seem like a good idea. Spam harvesters, spam phone calls from recruiters/sales/etc.

    4. Re:Sad state of affairs by ATMAvatar · · Score: 3, Interesting

      That largely depends on their cause. If the cause is to show how insecure the DHS is or to damage its reputation, then mission accomplished.

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
    5. Re:Sad state of affairs by Impy+the+Impiuos+Imp · · Score: 2

      A honeypot, like Winnie the Pooh getting his hand stuck in one?

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    6. Re:Sad state of affairs by The-Ixian · · Score: 2

      Not to mention fodder for spear phishing attacks.

      This already happened to us and we are a small company (around 100 employees). An attacker grabbed information from our web site (company directory of C levels), waited until the xmas holiday to initiate an e-mail harvest attack which netted them valid addresses from auto-replies (complete with authentic sigs).

      Then an e-mail was crafted which appeared to be a thread in progress by two of the higher-ups. The thread was all forged, of course, but the signature was spot on and the whole the whole thing looked pretty legit.

      It was only because we do regular phishing audits that it failed. The message was submitted to our internal junk check address (which goes to me) for analysis.

      The accounting person intimated later that they were about to go through with the money transfer... kinda scary stuff.

      --
      My eyes reflect the stars and a smile lights up my face.
  2. Re:Useless without link by Anonymous Coward · · Score: 2, Funny

    https://www.ashleymadison.com/ ;)

  3. But trust us with the keys to your back doors by The-Ixian · · Score: 4, Funny

    We will keep them super ultra extra mega secure... promise.

    --
    My eyes reflect the stars and a smile lights up my face.
  4. "if you don't want to be tracked..." by Anonymous Coward · · Score: 4, Interesting

    For years since the Snowden disclosures we have repeatedly heard from the government If you don't want to be tracked, turn off your phone".. And you have no expectation of privacy when using tools designed to protect your privacy.

    So let's see here. "If you want privacy, don't work for civil-rights violating organizations". "You have no expectation of privacy if you work for the NSA, DHS, or are a congressman/woman who has voted to strip away our civil rights".

    I won't shed half a tear if the shoe shifts to the other foot once in a while.

    1. Re:"if you don't want to be tracked..." by bobbied · · Score: 2

      Shesh AC, seriously if you don't want to be tracked, don't carry around a RF transmitter which is turned on in your pocket, don't connect to the internet and don't walk down a public street. Anybody can track you in public if they want.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  5. Hackers leak DHS directory, claim FBI is next by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

    Great, I've been waiting forever for Mulder's email address. I want to ask him if he knows where his towel is.

  6. Re:Muslim hackers or just thoughtless idiots by MitchDev · · Score: 4, Insightful

    If American citizens can;t have privacy, then neither can the government.

  7. This is so sad by ITRambo · · Score: 3, Insightful

    Homeland Security seems to be anything but secure itself. Don't they have a huge budget for things like...security?

    1. Re:This is so sad by Tablizer · · Score: 2

      The author didn't claim that was their area of work. I know enough about "adjacent" IT groups in my work-place to often determine who's slacking or unskilled. But, that doesn't mean I'm in a position to do anything concrete about it. Merit is only part of the "office game". Office life is Dilbert.

      --
      Table-ized A.I.
  8. Easy Hack by byteherder · · Score: 4, Interesting

    It is not like these lists are ultra top secret. When I worked for a government agency that shall remain nameless, I had access to everyone's email address, name, phone number and work location address. We treated that information with respect for privacy just as we did more sensitive information like SS #, home address, date of birth. Email addresses certainly was not top secret.

    1. Re:Easy Hack by TubeSteak · · Score: 3, Interesting

      If you gather together enough unclassified information, you can frequently distill from it facts that are considered classified.

      Like tracking the tail numbers of international flights to uncover the CIA's rendition program.

      Not to mention that a staff directory is exactly what you want for spearfishing campaigns.

      --
      [Fuck Beta]
      o0t!
    2. Re:Easy Hack by Tablizer · · Score: 2

      Public employees and the work of the public paid for by the people is public information.
      And if I want to call up my public slave and ask them what they're working on today, how their day's going, what project their hacking on, etc....
      That's the right of the people to do. Anytime, for anyone...

      It seems you are a staunch conservative or libertarian. You may not like the government (and perhaps civilization in general), but gov't employees are human beings and citizens, and thus deserve a degree of dignity and respect.

      Further, if they are treated with disrespect, then it will cost more to hire decent talent to compensate for an unpleasant working environment, and thus increase the burden on tax payers. Surely that should concern you anti-government and anti-tax types in a practical sense.

      And they'd end up spending most their day explaining specific work decisions to clueless people in the general public who don't have enough knowledge of the work processes and subject matter, and thus will second-guess all day based on superficial issues.

      I suggest you think through the fuller aspects your demands.

      --
      Table-ized A.I.
  9. Re:Hillary's server? by NotQuiteReal · · Score: 4, Funny

    Heh, maybe Hillary will point out that HER server wasn't breached, but other government servers have been.

    --
    This issue is a bit more complicated than you think.
  10. Re:Hillary's server? by edtice1559 · · Score: 3, Insightful

    She paid a private organization to secure her server. And everybody knows that private industry is better at everything than government. I think this just goes to show that the government should privatize email! Why are they criticizing Hillary for adopting one of their sacred policies?

  11. Exchange? by McGruber · · Score: 4, Informative

    name, title, email address, and phone number of more than 9,000 DHS employees,

    All of which are available to any DHS employee with email access, since that data is in the Outlook directory.