On Sunday, a hacker threatened to dump the contact information of thousands of FBI and Department of Homeland Security employees online. Then on Monday, the hacker made good on said threat and released the information, first from the DHS, then from the FBI. The hacker who released the information claimed to have had access to up to 200GB further of information, meaning there could be plenty more releases to come in the days ahead. So how did a person break into the systems of two of America’s most high-profile agencies? A phone call, it appears.
As is so often the case, the easiest way into a secure system is by asking someone for the key. This is the same tactic that a teen hacker claims to have used to gain access to CIA chief John Brennan’s personal email. And it’s fairly similar to “spearphising” attacks, where emails with links to download malicious software are sent to specific people inside a network, in the hopes that they’ll open the email, follow the link, and compromise the system. This is reportedly how Russian hackers got into a Pentagon email server, Ukrainian power stations, and even less conspicious targets, like a German steel mill. Even as the Director of National Intelligence warns that the Internet of Things is a major threat, it appears IRL networks of people are at least as vulnerable. Fortunately for companies that want to find the vulnerabilities in their human networks, there’s an app for that.