The hacker, who in his conversation with Motherboard says he wishes to remain anonymous, began by acquiring credentials for a single Department of Justice email account. Logging in with the credentials actually failed to work, but the hacker was undeterred. He gave the department a phone call, swindling a support representative for the instructions he so desperately needed.
“I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker explains. “They asked if I had a token code. I said ‘No’, they said ‘That’s fine, just use our one’.”
And, just like that, he was able to log in, access a DoJ virtual machine, enter the login credentials, and secure complete access over three department computers. Of these systems was one owned by the employee whose email account he had earlier hacked. All he had to do was click on it, and he would have complete, unadulterated access to the entire PC, along with all its file systems.
So he did what any malicious, power-hungry hacker would do — he accessed over 1TB of DoJ documents, sporting personal details of tens of thousands of employees, and of that terabyte, about 200GB was stolen.
Though the hacker notably mentioned the system included its fair share of military emails and credit card numbers, whether he actually seized any of that data is largely nebulous. Nonetheless, while those details weren’t given to Motherboard for verification, the aforementioned DoJ personal documents were.
Included in these documents were allegedly the phone numbers of the government employees at risk. By randomly selecting a handful of the numbers provided and calling them, Motherboard was able to confirm their veracity.
“We are looking into the reports of purported disclosure of DHS employee contact information,” Department of Home Security spokesperson S.Y. Lee responded to the initial report. “We take these reports very seriously, however, there is no indication at this time that there is any breach of sensitive information.”
In an update provided by Motherboard earlier today, it’s now evident that the personal accounts of 9,000 DHS employees have been leaked on Twitter, coupled with a “pro-Palestinian message.”
Editors' Recommendations
- Flipboard hack prompts password reset for millions of users
- How Beto O’Rourke’s hacker group changed cybersecurity as we know it
- 7-Eleven’s mobile payment app shut down after hackers nab $500K from customers
- TrickBot returns with new attack that compromised 250 million email addresses
- A new phishing scam targets Amazon users just in time for Prime Day
