A group of hackers recently stole data from multiple FBI-affiliated websites for profitable distribution, according to a report from TechCrunch.
Shortly afterward, the news was confirmed by an article from the Associated Press, which discovered over 1,400 published employee records.
The stolen data contained the email addresses and phone numbers of thousands of law enforcement officers and federal agents. Many high-profile U.S. organizations have had their information exposed, including the FBI, the Secret Service, and the Capitol Police.
By selling off their private data, hackers have put the safety and security of thousands of officials at risk.
The Hackers’ Stated Motivation
One of the hackers involved in this data breach spoke on the theft through an encrypted chat last Friday. They explained they carried out their unauthorized intrusion by exploiting security flaws in the FBI National Academy Association’s (FBINAA) website.
The FBINAA contains data on members of the National Academy, a training program for U.S. law enforcement. Consequently, hackers captured information on so many different law-enforcement officials because they were once part of the program.
The cybercriminals downloaded roughly 4,000 individual records from the FBINAA database. The militia sectors also stole a variety of personal employee information.
Furthermore, the hacker revealed their group had breached “more than 1,000 sites” and were currently preparing the data for sale. When asked if their data breach put law enforcement and federal agents in danger, the hacker responded, “Probably, yes.”
The rogue data expert also claimed his group gathered “over a million data [SIC]” on agents and officers belonging to various U.S. agencies.
The reasons for the data breach? According to the hacker, the group’s motive was “Experience and money.”
Avoidable Security Vulnerabilities
The cybercriminals perpetrated their hack with public exploits, meaning most (if not all) of the breached websites were simply not up-to-date.
Poor data security practices are contributing factors to the majority of online data theft, and that’s the case here. In their correspondence, the hacker even showed Tech Crunch how the group subverted the FBI’s websites through these vulnerabilities.
Among the evidence the hacker presented was secure data from a domain owned by the major tech manufacturer Hon Hai/Foxconn. Additionally, the cyber thief provided a link to an FBINAA website which his group had recently vandalized.
With these breaches occurring largely due to such avoidable cybersecurity deficiencies, the public’s intolerance toward weak web security will only become more intense.