Are the FBI and DHS victims of hacktivism?
The FBI and DHS suffered a politically-motivated hack that released personal information about roughly 30,000 employees. The method behind the hacktivism suggests that the trend is evolving.
The Federal Bureau of Investigation and the Department for Homeland Security suffered from a massive hack over the weekend.
Roughly 30,000 FBI and DHS employees had their personal contact information leaked, including names, email addresses, phone numbers, and job titles. According to the FBI, the released information was not a threat to individuals or national security. Officials likened the breach to stealing a year-old AT&T phonebook, according to the Guardian.
“This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information,” Justice Department spokesman Peter Carr told CNN. “The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information.”
Linked to a pro-Palestinian Twitter account, the hack is likely the latest breach in an evolving trend of political hacktivism.
The FBI and DHS hack, which targeted agent and employee information, resembles previous political hacks on US intelligence agencies aiming to raise attention for the “Free Palestine” movement, such as the hack of National Intelligence Director James Clapper's personal email. CIA director John Brennan and DHS secretary Jeh Johnson have also suffered from personal hacks.
However, hacking as a form of political and social protest has a much longer history. In 1998, Stefan Wray, professor of digital media at the University of Texas at Austin, wrote in a paper that “hacktivism, as defined across the full spectrum from relatively harmless computerized activism to potentially dangerous resistance to future war, is a phenomena that is on the rise.”
So far, in the nearly two decades since, his predictions have been accurate.
Political hacktivism has been prevalent abroad. In 2010, hackers protesting proposals by the Australian government to limit access to specific websites hacked many Australian government websites and denied access to them. As recently as January 2016, Japanese automobile manufacturer Nissan found its main website offline as a result of an attack from hackers protesting the Japanese government's stance on whale hunting.
Hacktivism had a similar impact on US politics, including more than a dozen government websites being shutdown in 2012 in response to the ACTA and SOPA bills.
The methods of hacktivism, as predicted by Mr. Wray, are also evolving.
“One reason why it is difficult to get a firm grip on hacktivism's direction," he says, "is that hacktivism will evolve in response to changing global economic and political conditions.”
The leaking of personal information used in the recent FBI and DHS hacks could be a sign of one such evolution.
In contrast to the hacktivism performed against the Australian government in 2010 or the US government in 2012, the FBI and DHS hacks did not attempt to take down the agency website, but focused more on hacking inside to find personnel data. A similar approach was taken by hackers who attacked Ashley Madison, the dating website for married men and women, in 2015. In all, personal information about 32 million Ashley Madison users was stolen and released online.
The information about roughly 20,000 FBI staffers and 9,000 DHS employees was gained through a variety of methods combining hacking and social engineering.
Compromising the email account of one Depart of Justice employee, the hackers attempted to log into a DOJ web portal. After being unable to access it, the hackers called the relevant department and were walked through the process after identifying themselves using stolen information, according to Motherboard, which was reportedly contacted by one of the hackers.
“So I called up, told them I was new and I didn't understand how to get past [the portal],” one self-professed hacker told Motherboard. “They asked if I had a token code, I said no, they said that's fine – just use our one.”
After learning of the social engineering behind the hack, US intelligence officials admitted there was a problem in the system.
“The bottom line is, something broke,” officials told The Guardian.