US Department of Justice hacked: 9,000 DHS employees exposed, FBI to be next

Thousands of sensitive US government credentials have been exposed by an unnamed hacker, who has leaked a trove of suspected employee data to the internet and issued a warning that the FBI will be the next target. The full list, which was uploaded to hosting platform CryptoBin, contains a slew of identifiable information including names, job titles, emails, addresses and telephone numbers of staff allegedly from the Department of Homeland Security (DHS).

The hacker, who attached a note to the leaked cache that said "this is for Palestine, Ramallah, West Bank, Gaza, this is for the child that is searching for an answer", claimed to have attained the information via a Department of Justice (DoJ) computer. It is suspected that hundreds of gigabytes of data was stolen in the hack.

The compromised data was first sent to technology website Motherboard, which quickly set to work attempting to verify the information. Upon analysis, many of the telephone numbers checked out. While many of the calls went to voicemail, the recipient's names matched those in the leaked database. The expansive list, viewed by the IBTimes UK, includes job titles such as intelligence analyst, staff scientist, information security specialist and FBI liaison officer.

IBTimes UK has contacted the DoJ for additional comment, however we had received no response at the time of publication.

Meanwhile, a twitter account under the handle @DotGovs appears to be host to the hackers responsible for the breach. On the profile, which has stated publicly that it has multiple admins, the hackers threatened to expose a separate set of up to 20,000 credentials from the FBI – however this data has not yet been published.

In some of the most recent tweets, the account has made numerous references to Jeremy Hammond, the famed computer hacker who was convicted in 2013 for breaching the networks of private intelligence firm Stratfor and sending the data to whistleblowing website WikiLeaks.

The hacker has claimed to have had access to around one terabyte of government data, however only downloaded roughly around 200GB in total. "I had access to it, I couldn't take all of the 1TB," he told Motherboard.

As we previously reported, a federal audit of the US government's $6bn (£4.2bn) cybersecurity network, nicknamed the "Einstein system", exposed a number of security concerns and found it was only useful in a small number of the 23 agencies it was set up to protect.

This is not the first time the DoJ has been targeted. Back in 2013, the website of the DoJ-linked United States Sentencing Commission was breached by hacktivist group Anonymous following the death of computer expert Aaron Swartz, who was facing years in prison for computer misuse charges.

"With Aaron's death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine," the hacking group said in a 10-minute video posted to the government website at the time.

Lately, the US government has suffered a number of serious security incidents. The most damning of these was a hack at the Office of Personnel Management (OPM), which houses federal records and employee data. In the breach, which was blamed on China by US officials, over 21.5 million records were stolen alongside over five million fingerprint scans.

Additionally, the personal AOL email account of US director of national intelligence, James Clapper, was breached last year by a group of teenage hackers calling themselves 'Crackas with Attitude' who manipulated all his incoming phone calls to direct to the Free Palestine Movement.