Con Job on the Department of Justice!

A hacktivist, who had a compromised email account belonging to a DOJ employee, was poking around the DOJ portal. With the determination to get further in, and getting stopped with a challenge of needing a token code they were stuck…

What would any new person do?
Probably call up support, say they are new, and ask how they can get in.
And that is exactly what went down. The support personnel even gave up their own token code.

Once the hacktivist was logged on, they had access to personal VMs with mapped drives. It’s reported that 200GB was exfiltrated.
hacker-shows-proof-of-doj-hack-100643742-large.idge

Yesterday, the hacktivist dropped information on 20,000 FBI employees on Cryptobin
dotgovs

When Motherboard was trying to vet the data, calling the Homeland Security’s National Operations Center; the reporter’s call was the first NOC had heard about the leak. This negative event shows that we aren’t doing the basic security fundamentals! The least amount of effort necessary to keep data secure!

This entry was posted in Security Blog and tagged , , , , , , , , , , , , . Bookmark the permalink.