Hacker claims to have used social engineering to trick DoJ help desk into granting him access to sensitive files

Tools

A hacker claimed to have used social engineering to break into a Department of Justice computer and download 200GB of sensitive files, reported Joseph Cox with Motherboard.

The source told Cox that he was able to access the data by compromising the email account of a DoJ employee. After failing to login into the DoJ Web portal, he called up the department's help desk and told them that he was a new employee and didn't understand how to get access to the portal. "They asked if I had a token code, I said no, they said that's fine —just use our one," the source said.

Using this information, the source claimed that he was able to get access the work computer of the employee whose email account he had compromised. From there, he was able to access the company intranet and download around 200GB of files, although he said he had access to 1TB worth of data.

Fulfilling on a threat made over the weekend, the alleged hacker published what appears to be personnel information, such as name, phone number, email addresses and titles, of 9,000 Department of Homeland Security employees, although it was not clear how he obtained the DHS information from the DoJ computer.

The alleged hacker is threatening to publish similar information on more than 20,000 FBI employees and the data he stole from the DoJ computer, according to Cox.

Motherboard obtained copies of the information from the source before it was published and called random numbers to verify that the data was indeed on DHS and FBI employees. "Many of the calls went through to their respective voicemail boxes, and the names for their supposed owners matched with those in the database… One alleged FBI intelligence analyst did pick up the phone, and identified herself as the same name as listed in the database," Cox wrote.

DHS emailed a statement to Motherboard, which said: "We are looking into the reports of purported disclosure of DHS employee contact information. We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information." The DoJ and FBI did not respond to requests for comment from Motherboard.

Commenting on the apparent breach Thomas Ristenpart, a professor at Cornell University and a member of the Cornell Tech Security Group, said in email to FierceITSecurity: "Usually, these attacks use one of a variety of standard techniques like leveraging known software vulnerabilities or social engineering. That is why it's so critical that the Department of Justice and FBI constantly update and improve their security practices to make sure they're using the best defenses available."

For more:
- read the Motherboard article

Related Articles:
Timeline: Breach of the US Office of Personnel Management
OMB's Cobert takes over as acting OPM director following Archuleta's resignation
Cyberthreat analysis: An intelligence-driven approach to security and risk