FBI-related Hack Exposes Personal Info of Over 23,000 People
The stolen materials include names, jobs, email addresses, and for some, street addresses, of over 23,000 people, 1,000 of which are in law enforcement.
A nonprofit organization affiliated with the FBI was breached last week when hackers got into multiple web servers and published the names and addresses of hundreds of law enforcement personnel and thousands of others.
It was discovered that the hacked materials included names, job descriptions, email addresses and for some, the street addresses of more than 23,000 people, reports NBC News.
More than 1,000 of the stolen emails belonged to the FBI.gov domain and other federal, state and local law enforcement agencies. Dozens of other identities were in a database that hackers say are “people being watched by the FBI” and attached to the domains of major news organizations, including NBC News.
The FBI National Academy Associates confirmed that the websites of three of its local chapters were breached and “personal information has been obtained and sold on the web.”
An investigation by the organization and federal authorities is ongoing but they have determined that the national database was not affected.
The hackers posted on Sunday that they have a ransomware encryption package that they planned to provide to other hackers.
So far, the tool “hasn’t found its way into the wild,” according to Brett Callow, a spokesperson for Emsisoft, a security company. He added, however, that it could be very serious because “Information for FBI staff is now in the public domain.”
According to Emsisoft’s head of security Fabian Wosar, the malware code is very unique.
It was also discovered that the hackers have been working quietly on this scheme since 2016, “and did not particularly attract attention, but the time has come to change the world,” the hackers said.
One clue that could determine the hacker’s motives for the breach is a post from Sunday where they said, “We demand freedom for Peter Levashov.”
Levashov, of Russia, pleaded guilty in September to causing intentional damage to a personal computer, conspiracy, wire fraud and aggravated identity theft in connection with one of the world’s greatest spambots, Kelihos.
Court documents showed that federal investigators had Levashov’s Apple iCloud account number under surveillance since 2016, which provided evidence to extradite him from the United States.
His sentencing is scheduled for Sept. 6 in U.S. District Court in Connecticut.