A hacker team has breached several FBI-affiliated web sites and uploaded their contents to the gain, including dozens of recordsdata containing the non-public data of thousands of federal brokers and legislation enforcement officers, TechCrunch has realized.
The hackers breached three web sites associated with the FBI National Academy Association, a coalition of diversified chapters all around the U.S. promoting federal and legislation enforcement leadership and practising situated on the FBI practising academy in Quantico, VA. The hackers exploited flaws on not lower than three of the organization’s chapter web sites — which we’re not naming — and downloaded the contents of every web server.
The hackers then place the details up for download on their dangle web discipline, which we’re also not naming nor linking to given the sensitivity of the details.
The spreadsheets contained about 4,000 unfamiliar data after duplicates possess been eradicated, including member names, a combination of private and authorities e mail addresses, job titles, cell phone numbers and their postal addresses. The FBINAA may per chance presumably not be reached for comment outside of industry hours. If we hear abet, we’ll substitute.
TechCrunch spoke to one amongst the hackers, who didn’t identify his or her name, thru an encrypted chat gradual Friday.
“We hacked extra than 1,000 web sites,” said the hacker. “Now we are structuring your whole data, and soon they are going to most certainly be sold. I mediate one thing else will post from the checklist of hacked authorities web sites.” We asked if the hacker became as soon as alarmed that the recordsdata they place up for download would place federal brokers and legislation enforcement at chance. “In all probability, yes,” the hacker said.
The hacker claimed to possess “over one million data” [sic] on workers all over several U.S. federal agencies and public provider organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dim web, but the hackers said they would present the details free of charge to existing that they’d one thing “exciting.”
Unprompted, the hacker sent a link to one other FBINAA chapter web discipline they claimed to possess hacked. After we opened the web express in a Tor browser session, the gain discipline had been defaced — prominently exhibiting a screenshot of the encrypted chat moments earlier.
The hacker — one amongst extra than ten, they said — weak public exploits, indicating that somewhat a range of the web sites they hit weren’t up-to-date and had old-fresh plugins.
In the encrypted chat, the hacker also supplied evidence of other breached web sites, including a subdomain belonging to manufacturing giant Foxconn. One amongst the hyperlinks supplied didn’t want a username or a password but printed the abet-cease to a Lotus-primarily based webmail gadget containing thousands of employee data, including e mail addresses and cell phone numbers.
Their cease aim: “Experience and money,” the hacker said.