The United States Department of Homeland Security had its data leaked online — FBI is forcing websites to remove the data ASAP.
The Federal Bureau of Investigation or the FBI is seeking to wipe off information of its employees that was stolen by a hacker and exposed online on 8th February at “Indybay.” The FBI’s Special Agent Ricky Alwine contacted the website via email and conveyed this message from the agency “We will follow up with any legal process you require.” The email contained a rather alarming subject line: “Sensitive information leaked on your site.”
The full email content read:
“This morning, the data stolen from the Department of Justice […] was posted to your site. Please remove these posts as quickly as possible. We will follow-up with any legal process you require.”
Left with no other choice Indybay complied; the data got replaced with the FBI’s email content. For our readers’ information, the data included information about 20,000 employees working at the agency along with contact details of around 9,000 Department of Homeland Security (DHS) employees.
Soon after, on Wednesday to be precise, the website mysteriously went offline since users trying to access it could not do so. The fault was cited to be a technical failure. The FBI did not comment when asked about any probability of its role in this incident. However, the site is back online now.
Previously this week, sensitive data belonging to over 20,000 FBI employees was leaked online by a hacker, which included information about their names, job ranks, email IDs and contact numbers. The leaked information also allegedly included that of 9,000 workers at the DHS.
The information was instantly distributed on various Pastebin type websites as well as at less likely hosts such as Indybay. Indybay is a community news-oriented website based in San Francisco. The FBI, out of embarrassment, has given a shut-up call to Indybay and has demanded to scrub-off the information no matter how futile it may be.
Motherboard confirmed that the information released was legitimate and also tried to contact the FBI’s operations center. It was identified later on that the data was stolen after the hacker managed to compromise an email account of the Department of Justice. He used this email to contact Motherboard’s reporter after logging in to the web portal of the Department of Justice but could not contact the relative department. The hacker communicated with reporters at the Motherboard and stated:
“So I called up, told them I was new and I didn’t understand how to get past [the portal]. They asked if I had a token code, I said no, they said that’s fine—just use our one.”
Then he somehow got connected to a PC and identified an online virtual machine from where he accessed three different computers offering a treasure trove of data.
On Monday, the Justice Department’s spokesman stated that this time no “breach of sensitive personally identifiable information” took place in an attempt to downplay the success of this recent hack. However, issuing a takedown request via email to the website where the information was posted originally suggests something else.
It seems like the FBI is trying to do damage control but it is also evident that the data would have been downloaded probably hundreds of times and there is now no use of scrubbing it off from the web. What do you think? Please leave your comments below and let us know about your take on the story.
The leaked data is available on the Dark Web as well as on social media.