Contact information for 9,000 Department of Homeland Security (DHS) employees was released online Sunday evening after hackers compromised the email account of a Justice Department official through social engineering.
An anonymous pro-Palestinian hacktivist has taken credit for the theft and is threatening to reveal the contact information of 20,000 Federal Bureau of Investigation (FBI) employees next.
The hacker shared the information on Twitter via a post on CryptoBin, a plain-text storage Web site. A message above the leaked contact information read: “This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer.”
The information was first shared in an interview with Vice’s Motherboard on Sunday, and in an interview, the hackers asserted that they were able to access the information by compromising the email account of a Justice Department official. The hackers then attempted to access a department Web portal but failed until they called someone inside the department who gave them further permissions.
This is a classic example of spear phishing, where hackers often pose as individuals within a company or organization to steal private information such as financial information or employee data. Security company Cloudmark estimates that every spear phishing attack costs a company or organization an average of $1.6 million per incident.
This release of contact information from the Department of Homeland Security is the latest in a series of U.S. government spear phishing hacks by Pro-Palestinian hackers, including the recent email hack of Central Intelligence Agency (CIA) Director John Brennan and Director of National Intelligence James Clapper.