A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.
The hacker also claims to have downloaded hundreds of gigabytes of data from a Department of Justice (DOJ) computer, although that data has not been published.
Update: on Monday, both employee lists were published online.
On Sunday, Motherboard obtained the supposedly soon-to-be-leaked data and called a large selection of random numbers in both the DHS and FBI databases. Many of the calls went through to their respective voicemail boxes, and the names for their supposed owners matched with those in the database. At one point, Motherboard reached the operations center of the FBI, according to the person on the other end.
One alleged FBI intelligence analyst did pick up the phone, and identified herself as the same name as listed in the database. A DHS employee did the same, but did not feel comfortable confirming his job title, he said.
A small number of the phones listed for specific agents or employees, however, went through to generic operator desks in various departments. One FBI number that Motherboard dialed did go through to a voicemail box, but the recorded message seemed to indicate it was owned by somebody else. This also applied to two of the DHS numbers.
After several calls, Motherboard was passed through to the State and Local desk at the National Operations Centre, part of the DHS. That department told Motherboard that this was the first they had heard about the supposed data breach.
The job titles included in the data cover all sorts of different departments: contractors, biologists, special agents, task force officers, technicians, intelligence analysts, language specialists, and much more.
The data was obtained, the hacker told Motherboard, by first compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place. (On Monday, the hacker used the DoJ email account to contact this reporter).
“I clicked on it and I had full access to the computer.”
From there, he tried logging into a DoJ web portal, but when that didn't work, he phoned up the relevant department.
“So I called up, told them I was new and I didn't understand how to get past [the portal],” the hacker told Motherboard. “They asked if I had a token code, I said no, they said that's fine—just use our one.”
The hacker says he then logged in, clicked on a link to a personal computer which took him to an online virtual machine, and entered in the credentials of the already hacked email account. After this, the hacker was presented with the option of three different computers to access, he claimed, and one was the work machine of the person behind the originally hacked email account.
“I clicked on it and I had full access to the computer,” the hacker said. Here the hacker could access the user's documents, as well as other documents on the local network.
The databases of supposed government workers were on a DoJ intranet, the hacker claimed. It is not fully clear when the hacker intends to dump the databases.
The hacker also said that he downloaded around 200GB of files, out of 1TB that he had access to.
“I HAD access to it, I couldn't take all of the 1TB,” he said. He claimed that some of the files' contents included military emails, and credit card numbers. This supposed data was not provided to Motherboard.
This is just the latest in a series of hacks targeting US government employees. Back in October, hackers claiming a pro-Palestine political stance broke into the email account of CIA Director John Brennan. This was followed by a prank, in which calls to the Director of National Intelligence James Clapper would be forwarded to the Free Palestine Movement.
The Department of Justice did not respond to Motherboard's request for comment, and the FBI was not reachable. Motherboard provided a copy of the apparent DHS data to the National Infrastructure Coordinating Center (NICC) which is part of the DHS, but it declined to comment. A DHS public affairs officer did not immediately respond to Motherboard's request for comment.
Update 8 February 2016: After the publication of this article, a Twitter account with a pro-Palestinian message published the apparent details of the 9,000 DHS employees. The account also tweeted a screenshot supposedly from the Department of Justice computers that the hacker claimed to have accessed.
Update 8 February 2016 1.20PM ET: The DHS emailed with the following comment from spokesperson S.Y. Lee: "We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information."