ASCII art from the top of the Anonymous leak
Anonymous breached FEMA servers and pulled information on hundreds of agency contacts worldwide. According to the hacker collective, it was in response to Homeland Security training exercises that centered on a fictional version of the hacker collective. In a document containing non-sensitive data pulled from FEMA's system, Anonymous wrote that the attack was designed as a reminder that it would continue to fight against government efforts to police the internet.
The document, which was sent to me from a Tormail account this morning and since been released online, contains a dump of email addresses and contact info for hundreds of contacts: police and fire departments nationwide, FBI special agents, a "Bioterrorism Coordinator Chair," scores of private contractors, and some international contacts at agencies concerned with police work, counterterror efforts, and disaster response.
The dump contains a table of user IDs and MD5 hashes of corresponding passwords, presumably for DHS's Integrated Security and Access Control System. Also included is a small set of what appears to be descriptions of training exercises (sample title: "Monitoring Weather Conditions and Taking Necessary Precautions") that date from 2004-2007.
"Anonymous has purposefully redacted logins, passwords, SSNs and other details that might genuinely endanger the United States from this document, our intent is not to harm, merely to issue a firm warning," the document's intro states.
I've reached out to the members who initially sent the file to me, and will update when I hear back. I reached out to FEMA, and am waiting to hear back. I'll update when I do. (Update: Anonymous dropped another leaked, and I spoke with both FEMA and the hackers, which warranted its own post.)
As Anonymous noted both in the intro text to its dump and in emails, the attack is a response to FEMA's 2012 National Level Exercise (NLE), an umbrella program comprising annual “congressionally mandated preparedness exercises designed to educate and prepare participants for potential catastrophic events.” Last year was reportedly the first time the NLE focused largely on cyberattacks.
The scenario for the NLE, as laid out in a fictional news report starring former CNN homeland security reporter Jeanne Meserve, involved a fictional hacker group called "The Void" threatening the US, saying that it had a zero day it could exploit to attack critical infrastructure worldwide.
It's not hard to assume that The Void was modeled on Anonymous, which has proven it can successfully hack government agencies and contractors in the past. According to the statement in the document, Anonymous took issue with the fact that The Void was painted as both inexperienced and anti-American, with what it sees as close ties between government, contractors, and the media. The group states that those conflicts are highlighted by Meserve's participation and former FEMA Chief of Staff Jason MacNamara's recent hiring by Obsidian Analysis, a contractor that organized the 2012 NLE.
"Even in a government sponsored wargame scenario clearly aimed at brainstorming ways of thwarting Anonymous you were afraid to invoke our name, but were as subtle as a sledgehammer," reads the document. "Even the name you chose resonates closely with Anonymous."
As to the attack coming a year after the NLE that sparked the hacktivist collective's ire, the document says the hack was sparked by recent privacy revelations. This was all amusing back in 2012, and lulz were surely had by all, but recent events have brought such oblique and cowardly implied threats against Anonymous very much back into the forefront of the hive's consciousness," it reads.
The first email I received also ended by saying, "Remember that we can still deliver." Recently, as evidenced by bungled attempt by the South Korea chapter of Anonymous to attack North Korea, it's seemed like Anonymous has gone from being the face of the year of hacktivism to relying on DDoS attacks and website defacement.
More than anything, this attack seems aimed at reminding authorities and the internet that Anonymous is still serious.