The IntelBroker hacker claims to have breached Acuity, a US federal contractor and is now selling data belonging to ICE and USCIS – This incident could potentially expose sensitive information of immigrants and could have national security implications.
The notorious hacker known as IntelBroker has claimed responsibility for a recent data breach allegedly targeting Acuity Inc., a Federal contractor based in Reston, Virginia. The breach has resulted in the theft of sensitive data and documents from two prominent U.S. government entities: U.S. Immigration and Customs Enforcement (ICE) and U.S. Citizenship and Immigration Services (USCIS).
For your information, Acuity Inc. is a federal technology consulting firm headquartered in Reston, Virginia. They offer their deep industry expertise to federal agencies, particularly those focused on National Security and Public Safety. According to the company, their core mission is to help these agencies plan for the future, improve their ability to serve citizens and deliver measurable results through innovative technology solutions and proven management techniques.
These alarming claims surfaced in a recent post on Breach Forums, a notorious cybercrime and hacker forum. Hackread.com has exclusively confirmed that the stolen data is currently being offered for sale on the forum for a mere $3,000 in Monero (XMR) cryptocurrency.
Following the breach announcement on Breach Forums, IntelBroker proceeded to showcase a sample of the alleged stolen data, purportedly containing personal and Personally Identifiable Information (PII) of over 100,000 victims. The showcased records include:
- Full names
- Passport
- Date of Birth
- Phone numbers
- Email addresses
- Physical addresses
- Physical attributes.
According to the hacker, “everything belongs to the US citizens,” implying that the compromised data contains information about civilians as well as government agents.
The Sensitive Nature of Data
In addition to the information available on the forum, Hackread.com gained insight into further sensitive data, including source code, user manual, confidential conversations and feedback exchanged between ICE agents and contractors. This extended to discussions on investigative techniques such as those utilized by the Five Eyes alliance, the Ukraine, and Russia conflict, information on terrorism-related seminars globally, etc.
IntelBroker informed us that a collection of data labelled as ‘Top Secret’, ‘Classified’, ‘Unclassified’, and ‘FOUO’ (For Official Use Only) has been uncovered. The hacker has already shared a screenshot illustrating the sensitive nature of this data on Breach Forum.
Moreover, the alleged compromised data includes .GOV-hosted emails containing plain-text passwords for some. It’s worth noting, however, that these accounts are protected by Two-factor Authentication (2FA), and any unauthorized attempts to access them are promptly blocked until a valid code is provided.
Given the highly sensitive nature of this information, Hackread.com has refrained from sharing some screenshots and has redacted sample data accordingly. It’s essential to emphasise that, at no point, did Hackread.com attempt to access these accounts.
How did the alleged hack take place?
In an exclusive conversation with the hacker, Hackread.com learned that they had exploited a critical 0-day vulnerability in GitHub. Despite not disclosing technical details of the Proof of Concept (PoC) regarding the alleged vulnerability, the hacker claimed that this flaw enables attackers to steal GitHub tokens and advance their malicious activities.
In response to these developments, Hackread.com has initiated contact with GitHub, ICE, USCIS, and Acuity Inc. to request their comments on the matter.
Who is IntelBroker?
IntelBroker is known for targeting high-profile targets in the United States. Some of their previous data breaches include Las Angeles Intl. Airport, US DoD Documents, Staffing Giant Robert Half, Facebook Marketplace Database, DARPA-related accesses in General Electric breach, Weee! Grocery and several others.
In fact, according to the United States government, IntelBroker is also the hacker behind one of the T-Mobile data breaches.
Aftermath of Acuity Inc.’s Alleged Breach
The aftermath of Acuity Inc.’s alleged breach carries potentially severe and long-lasting repercussions. The compromised data, if obtained by nations deemed adversarial by the United States, could pose significant risks to national security. The exploitation of such intelligence-related information may jeopardize the safety of agents and officials, as well as compromise ongoing operations.
Moreover, recent events highlight the vulnerability posed by third-party contractors. Just recently, on March 4th, 2024, American Express disclosed that its cardholders had been affected by a significant data breach originating from a third-party vendor.
In August 2023, an IT contractor employed by the Metropolitan Police Force experienced a cyberattack that impacted over 50,000 MET police personnel.
In September 2023, a third-party contractor experienced a data breach that affected over 8,000 Greater Manchester Police Officers. In October 2023, another contractor inadvertently exposed their database, resulting in the leakage of sensitive details about 500,000 Irish Police vehicle seizure records.
RELATED TOPICS
- US Govt’s secret terrorist watchlist with 2M records exposed online
- Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft
- Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers
- Traffic sign near ICE headquarters hacked with “Abolish ICE” message
- Norweigian researcher exposes how a US firm collected his location data