Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials
A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE), has now built dossiers on tens of thousands of U.S. government officials, including NSA employees, a member of the group told 404 Media. The member said the group did this by digging through its caches of stolen Salesforce customer data. The person provided 404 Media with samples of this information, which 404 Media was able to corroborate.
As well as NSA officials, the person sent 404 Media personal data on officials from the Defense Intelligence Agency (DIA), the Federal Trade Commission (FTC), Federal Aviation Administration (FAA), Centers for Disease Control and Prevention (CDC), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), members of the Air Force, and several other agencies.
The news comes after the Telegram channel belonging to the group, called Scattered LAPSUS$ Hunters, went down following the mass doxing of DHS officials and the apparent doxing of a specific NSA official. It also provides more clarity on what sort of data may have been stolen from Salesforce’s customers in a series of breaches earlier this year, and which Scattered LAPSUS$ Hunters has attempted to extort Salesforce over.
💡
Do you know anything else about this breach? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.
“That’s how we’re pulling thousands of gov [government] employee records,” the member told 404 Media. “There were 2000+ more records,” they said, referring to the personal data of NSA officials. In total, they said the group has private data on more than 22,000 government officials.
Scattered LAPSUS$ Hunters’ name is an amalgamation of other infamous hacking groups—Scattered Spider, LAPSUS$, and ShinyHunters. They all come from the overarching online phenomenon known as the Com. On Discord servers and Telegram channels, thousands of scammers, hackers, fraudsters, gamers, or just people hanging out congregate, hack targets big and small, and beef with one another. The Com has given birth to a number of loose-knit but prolific hacking groups, including those behind massive breaches like MGM Resorts, and normalized extreme physical violence between cybercriminals and their victims.
On Thursday, 404 Media reported Scattered LAPSUS$ Hunters had posted the names and personal information of hundreds of government officials from DHS, ICE, the FBI, and Department of Justice. 404 Media verified portions of that data and found the dox sometimes included peoples’ residential addresses. The group posted the dox along with messages such as “I want my MONEY MEXICO,” a reference to DHS’s unsubstantiated claim that Mexican cartels are offering thousands of dollars for dox on agents.
Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
Scattered LAPSUS$ Hunters—one of the latest amalgamations of typically young, reckless, and English-speaking hackers—posted the apparent phone numbers and addresses of hundreds of government officials, including nearly 700 from DHS.
After publication of that article, a member of Scattered LAPSUS$ Hunters reached out to 404 Media. To prove their affiliation with the group, they sent a message signed with the ShinyHunters PGP key with the text “Verification for Joseph Cox” and the date. PGP keys can be used to encrypt or sign messages to prove they’re coming from a specific person, or at least someone who holds that key, which are typically kept private.
They sent 404 Media personal data related to DIA, FTC, FAA, CDC, ATF and Air Force members. They also sent personal information on officials from the Food and Drug Administration (FDA), Health and Human Services (HHS), and the State Department. 404 Media verified parts of the data by comparing them to previously breached data collected by cybersecurity company District 4 Labs. It showed that many parts of the private information did relate to government officials with the same name, agency, and phone number.
Except the earlier DHS and DOJ data, the hackers don’t appear to have posted this more wide ranging data publicly. Most of those agencies did not immediately respond to a request for comment. The FTC and Air Force declined to comment. DHS has not replied to multiple requests for comment sent since Thursday. Neither has Salesforce.
The member said the personal data of government officials “originates from Salesforce breaches.” This summer Scattered LAPSUS$ Hunters stole a wealth of data from companies that were using Salesforce tech, with the group claiming it obtained more than a billion records. Customers included Disney/Hulu, FedEx, Toyota, UPS, and many more. The hackers did this by social engineering victims and tricking them to connect to a fraudulent version of a Salesforce app. The hackers tried to extort Salesforce, threatening to release the data on a public website, and Salesforce told clients it won’t pay the ransom, Bloomberg reported.
On Friday the member said the group was done with extorting Salesforce. But they continued to build dossiers on government officials. Before the dump of DHS, ICE, and FBI dox, the group posted the alleged dox of an NSA official to their Telegram group.
Over the weekend that channel went down and the member claimed the group’s server was taken “offline, presumably seized.”
The doxing of the officials “must’ve really triggered it, I think it’s because of the NSA dox,” the member told 404 Media.
Matthew Gault contributed reporting.
How Google, Adidas, and more were breached in a Salesforce scam | Malwarebytes
Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.David Ruiz (Malwarebytes)
Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
A group of hackers from the Com, a loose-knit community behind some of the most significant data breaches in recent years, have posted the names and personal information of hundreds of government officials, including people working for the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE).“I want my MONEY MEXICO,” a user of the Scattered LAPSUS$ Hunters Telegram channel, which is a combination of a series of other hacking group names associated with the Com, posted on Thursday. The message was referencing a claim from the DHS that Mexican cartels have begun offering thousands of dollars for doxing agents. The U.S. government has not provided any evidence for this claim.
404 Media reviewed multiple spreadsheets posted in the group’s Telegram channel. One contained the alleged personal information of 680 DHS officials; another contained data on more than 170 FBI email addresses and their owners; and the third contained the apparent personal information of more than 190 Department of Justice officials.
“Mexican Cartels hmu [hit me up] we dropping all the doxes wheres my 1m [1 million],” another message reads.
💡
Do you know anything else about this data dump? Do you work at any of the agencies impacted? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.Using data collected by cybersecurity company District 4 Labs, 404 Media corroborated some of the data posted to Telegram. It showed that many parts of the dox did relate to government officials with the same name, agency, address, or phone number. In some cases, the addresses posted by the hackers appear to relate to residential addresses rather than offices.
It is not clear how the hackers collated or otherwise sourced this data, be that by combining previous diffuse data breaches, or by obtaining it from a government-specific breach.
DHS has repeatedly said that its officers are facing a wave of doxing and physical threats in the second Trump administration. Most recently the agency said officials “are facing a more than 1000% increase in assaults against them and their families are being doxxed and threatened online.” It is not clear how exactly DHS is quantifying those events to calculate that increase.
The U.S. government has taken action against apps, websites, and social media pages it claims are doxing or otherwise threatening DHS and ICE officials. In many cases, those apps were participating in First Amendment protected speech and were not doxing officials. Apple, for example, removed one app called Eyes Up that was aggregating videos of ICE activity and abuses. Apple banned a wave of apps after direct pressure from the Department of Justice.
These apps also gained popularity after masked ICE agents who refused to identify themselves repeatedly raided communities of immigrants and picked people off the street often without explanation. Recently ICE’s activity has included shooting a priest in the head with a projectile; flooding Chicago neighborhoods with chemical irritants; and detaining and threatening U.S. citizens.
playlist.megaphone.fm?p=TBIEA2…
The data dump by Scattered LAPSUS$ Hunters is more clearly an attempt at a mass doxing event.The hacking group that posted the dox emerged from the Com, short for community. On Discord servers and Telegram channels, thousands of fraudsters, scammers, hackers, and gamers carry out hacks, beef with one another, and commission physical violence. A number of loose-knit groups have emerged from that community, including Scattered Spider which was responsible for the massive ransomware attack against MGM Resorts, and LAPSUS$ which was responsible for a wave of extortions against gaming companies, including Electronic Arts.
The name Scattered LAPSUS$ Hunters is an amalgamation of several of those names. This iteration gained notoriety recently after threatening to publish a wealth of data related to Salesforce customers, including Disney/Hulu, FedEx, Toyota, UPS, and more.
In 2016, another hacking group called Crackas With Attitude posted the personal information of around 20,000 FBI agents and 9,000 DHS officials.
Neither the DHS, FBI, or Department of Justice responded to requests for comment.
“U guys want IRS next?” the hackers wrote in another message.
Hacker Publishes Personal Info of 20,000 FBI Agents
As promised, hacker publishes personal information of 20,000 FBI agents, allegedly stolen from a hacked Department of Justice computer.Lorenzo Franceschi-Bicchierai (VICE)
