Anonymous Dropped Another FEMA Leak

After leaking a document of contact info and user data allegedly swiped from FEMA servers yesterday, Anonymous today released another set of swiped data contact info for first responders, security contractors, and the like. According to the hackers behind the attack, the releases are meant to be non-sensitive in order to send a "warning" to FEMA and contractor Obsidian Analysis, which has coordinated cybersecurity training with FEMA and the Department of Homeland Security.

The new leak contains contact info that appears ripped from a user database, and features more names connected to intelligence firms, the military, and contractors. It's pretty plain stuff; yesterday's larger dump contained more direct references to DHS, of which FEMA is part. But this leak is just for "those who doubt what kind of data we are sitting on," said the hacker (or hackers) in an email.

For its part, FEMA has not confirmed that a hack even occurred. "We are aware of this reported release of information to the media," said an agency spokesman in an email. "FEMA is closely working with the DHS National Cybersecurity and Communications Integration Center (NCCIC) and the U.S. Computer Emergency Readiness Team (US-CERT) and investigating this."

Asked about the provenance of the leaks, the hackers responded, "You will find contact lists, home addresses of contacts and failed login attempts in the leak provided, these would be too complex (and ultimately pointless) for us simply to contrive."

They also say that the leaked data is only a part of what's been gleaned from servers.

"The breach has been ongoing, data has slowly been leached from the compromised server over a period of months so as not to trigger any (probably non-existent) intrusion detection systems in place," they wrote. "The data leaked is merely a sampling of the total data acquired, the sheer volume of data will require further analysis before further substantial leaks are contemplated."

Of course, the immediate question that comes to mind is why would Anonymous attack FEMA now? The first leak's introduction explained that it was related to national cybersecurity training exercises conducted in 2012 by FEMA and organized by Obsidian Analysis. The training scenario, as explained in a mock news report, was that a hacker group called The Void had found zero days that enabled them to attack US infrastructure.

The Void appears to have been modeled on Anonymous, and the FEMA hackers wrote that they took umbrage at the implication that Anonymous would directly attack the United States. But why a year later?

"FEMA made themselves a target through the wargames exercise, but as an active investor in corrupt intelligence/defense/security contractors they would have been a target either way," they wrote.

"It has been about a year, so you could call this an anniversary. As to why now, an opportunity to settle an old score, an insult unanswered, arose, we took it gladly," they said.