A hacker group has breached a number of FBI-affiliated web sites and uploaded their contents to the online, together with dozens of recordsdata containing the non-public data of hundreds of federal brokers and legislation enforcement officers, TechCrunch has discovered.
The hackers breached three websites related to the FBI Nationwide Academy Affiliation, a coalition of various chapters throughout the U.S. selling legislation enforcement management and coaching positioned on the FBI coaching academy in Quantico, VA. The hackers exploited flaws on at the very least three of the group’s chapter web sites — which we’re not naming — and downloaded the contents of every internet server.
The hackers then put the info up for obtain on their very own web site, which we’re additionally not naming nor linking to the positioning given the sensitivity of the info.
The spreadsheets contained about 4,000 distinctive data after duplicates, together with member names, e-mail addresses, job titles, telephone numbers and their postal addresses. The FBINAA couldn’t be reached for remark outdoors of enterprise hours. If we hear again, we’ll replace.
TechCrunch spoke to one of many hackers, who didn’t determine his or her identify, by means of an encrypted chat late Friday.
“We hacked greater than 1,000 websites,” stated the hacker. “Now we’re structuring all the info, and shortly they are going to be bought. I believe one thing else will publish from the checklist of hacked authorities websites.” We requested if the hacker was fearful that the recordsdata they put up for obtain would put federal brokers and legislation enforcement in danger. “In all probability, sure,” the hacker stated.
The hacker claimed to have “over 1,000,000 information” [sic] on staff throughout a number of U.S. federal companies and public service organizations.
It’s not unusual for information to be stolen and bought in hacker boards and in marketplaces on the darkish internet, however the hackers stated they’d provide the info totally free to point out that they’d one thing “fascinating.”
Unprompted, the hacker despatched a hyperlink to a different FBINAA chapter web site they claimed to have hacked. After we opened the web page in a Tor browser session, the web site had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.
The hacker — one in all greater than ten, they stated — used public exploits, indicating that most of the web sites they hit weren’t up-to-date and had outdated plugins.
Within the encrypted chat, the hacker additionally offered proof of different breached web sites, together with a subdomain belonging to manufacturing large Foxconn. One of many hyperlinks offered didn’t want a username or a password however revealed the back-end to a Lotus-based webmail system containing hundreds of worker data, together with e-mail addresses and telephone numbers.
Their finish objective: “Expertise and cash,” the hacker stated.