In one of the biggest and potentially most threatening hacks since the Obama-era 2015 OPM breach, a group of hackers believed to be based in Ukraine has published sensitive personal information of 4,000 FBI agents after infiltrating three chapters of the FBI National Academy Association.
The group, which corresponded with TechCrunch via an encrypted chat, says it is 'structuring' data belonging to employees across several federal law enforcement agencies, and is planning to package the information for sale. When asked if the information could put lives of federal employees at risk, one of the hackers replied: "Probably. yes."
The information posted online included data belonging to 4,000 FBI employees, Secret Service agents, Capitol Police and US Park Police.
The FBI National Academy Associates said in a statement to TechCrunch that the information, posted late Thursday, appears to come from the websites of three local chapters of the nonprofit FBINIAA, which has nearly 17,000 members nationwide and is active in 174 countries.
"We believe we have identified the three affected Chapters that have been hacked and they are currently working on checking the breach with their data security authorities," the organization said.
One of the purported hackers told TC that the organization has hacked "more than 1,000 sites" and that "soon they [the data] will be sold."
“We hacked more than 1,000 sites,” said the hacker. "Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites."
We'd imagine there are a host of criminal organizations and foreign governments who might be interested in purchasing the data. The hackers said they published some of the data to prove to any potential customers that they had something "interesting."
During their correspondence with TechCrunch, the hackers sent a chilling message to prove that they had seized a website belonging to one FBINAA chapter. They also sent proof that they had infiltrated sites belonging to other organizations, including the Taiwan-based manufacturing giant Foxconn.
Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced - prominently displaying a screenshot of the encrypted chat moments earlier.
The hacker - one of more than ten, they said - used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.
In the encrypted chat, the hacker also provided evidence of other breached websites, including a subdomain belonging to manufacturing giant Foxconn.
One of the links provided did not need a username or a password but revealed the back-end to a Lotus-based webmail system containing thousands of employee records, including email addresses and phone numbers.
When asked why they did it, the hacker told TC: "Experience and money."