IRS, FBI, and DHS Systems Breached

February 11, 2016//Ellen Neveux

Last Updated: May 30, 2018

The US Department of Justice is investigating the apparent breach of its systems that allegedly allowed a hacker to steal the personal information of about 29,000 employees.

On Monday, the hacker dumped the personal information of about 9,000 employees of the Department of Homeland Security (DHS) – analysts, special agents, and technicians, as well as DHS contractors – and 20,000 FBI staff members. The information the hacker leaked included employees’ names, job descriptions, e-mail addresses and phone numbers.

The attacker targeted not only DHS employees, but also included individuals listed as contractors for the agency. Other DHS staffers, such as analysts, special agents, and technicians, were also targeted. The Justice Department has said it does not appear that the hacker got his hands on any “sensitive personally identifiable information.”

Although the investigation has just started, the hacker offered some clues as to a motive. The individual or group responsible for the hack, who use the Twitter name @DotGovs, published the following tweet: “When will the US government realize we won’t stop until they cut relations with Israel.” And in a number of tweets, the hacker also used the #FreePalestine hashtag.

According to the attacker, it took the Justice Department a week to discover the hack. The hacker said he first compromised the email of a Justice Department employee, which he then used to access the agency’s intranet. Finally, to obtain the rest of the information he needed, the hacker called the appropriate agency department, said he was a new employee and asked for help.

This week, the Internal Revenue Service (IRS) also reported another massive breach. The agency said the automated attack on its e-filing personal identification number system happened last month. However, the IRS said it has stopped the attack.

The IRS said the identity thieves used information that was stolen from outside the agency to generate e-file PINs for stolen Social Security numbers (SSNs). Some taxpayers use E-file PINs to file their tax returns electronically. The IRS said that no personal taxpayer data was compromised but added that the cybercriminals successfully used 101,000 Social Security numbers (out of 464,000 attempts) to access E-File PINs. The agency said it was notifying the affected taxpayers.

The news of this latest IRS breach comes after the high-profile breach of the agency’s IRS Get Transcript system in May, which resulted in the theft of the personal data of about 334,000 taxpayers.

According to one analyst, although access control tools and password management systems are necessary, they can only safeguard companies’ sensitive information if the attackers are outside the network. But once an attacker breaks into the system – even with low-level access – he can easily “escalate rights and gain privileged or root access in the corporate network,” the analyst said. “Once that happens, the enemy is inside and poses much higher risk as they seem to be one of us.”

View this video to see how you can manage security threats.

Subscribe to the SecureLink Blog.
close close