In most cases, hacking is a much more laborious task than the one-button system we all experienced in Watch Dogs two years ago, but that’s not the case for a real-life hacker who actually stole confidential information from the FBI and Department of Homeland Security.
The hacker, who in his conversation with Motherboard says he wishes to remain anonymous, began by acquiring credentials for a single Department of Justice email account. Logging in with the credentials actually failed to work, but the hacker was undeterred. He gave the department a phone call, swindling a support representative for the instructions he so desperately needed.
“I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker explains. “They asked if I had a token code. I said ‘No’, they said ‘That’s fine, just use our one’.”
And, just like that, he was able to log in, access a DoJ virtual machine, enter the login credentials, and secure complete access over three department computers. Of these systems was one owned by the employee whose email account he had earlier hacked. All he had to do was click on it, and he would have complete, unadulterated access to the entire PC, along with all its file systems.
So he did what any malicious, power-hungry hacker would do — he accessed over 1TB of DoJ documents, sporting personal details of tens of thousands of employees, and of that terabyte, about 200GB was stolen.
Though the hacker notably mentioned the system included its fair share of military emails and credit card numbers, whether he actually seized any of that data is largely nebulous. Nonetheless, while those details weren’t given to Motherboard for verification, the aforementioned DoJ personal documents were.
Included in these documents were allegedly the phone numbers of the government employees at risk. By randomly selecting a handful of the numbers provided and calling them, Motherboard was able to confirm their veracity.
“We are looking into the reports of purported disclosure of DHS employee contact information,” Department of Home Security spokesperson S.Y. Lee responded to the initial report. “We take these reports very seriously, however, there is no indication at this time that there is any breach of sensitive information.”
In an update provided by Motherboard earlier today, it’s now evident that the personal accounts of 9,000 DHS employees have been leaked on Twitter, coupled with a “pro-Palestinian message.”