"Alleged ISIS leak compromises hundreds of U.S. military & intelligence emails — Dept of Defense is ‘looking into it’"

RallyPoint Shared Content — Wed, 12 Aug 2015 09:53:22 -0400

From: Venture Beat

A Twitter account claiming to be the “IS Hacking Division” has published what appears to be an extensive directory of government emails, passwords, credit cards, phone numbers, and addresses spanning U.S. military departments and divisions, the FBI, U.S. embassies, the Library of Congress, U.S. city officials, the British Embassy, the FTC, and NASA, as well as possible personnel at Wells Fargo.

VentureBeat is able to confirm that the U.S. Department of Defense is “looking into” this alleged hack. We’ve also independently verified that at least several of the items included on that list contained accurate information, but that several of the people were not aware that the leak had occurred.

Other details in the document appear inaccurate or outdated; it lists two Intel Corporation email accounts which apparently do not exist in Intel’s “company email directory,” an Intel spokesperson told VentureBeat.

The content was published onto a site entitled “zonehmirrors.org,” a domain which was registered under the name Redi Alberto in the city of Lugano, Switzerland.

Upon our contacting the U.S. Department of Defense, a spokesperson acknowledged the alleged leak, telling VentureBeat: “We are certainly looking into it, but I don’t have anything more than that.” Later, the spokesperson shared:

We are aware of the report. Cannot confirm credibility at this time. The safety of our service members is always a primary concern. We encourage our personnel to exercise appropriate OPSEC and force protection procedures.
We’ve subsequently reached out to several of the affected departments and Twitter for comment and have yet to hear back. Hours later, the Twitter account in question was suspended. The age and authenticity of this supposed leak remains unconfirmed, despite some of the information being accurate and current.

We’ve also reached out to dozens of the phone numbers listed in the document. We spoke with members of the Utah Air National Guard, the US African Development Foundation, and the United States Central Command (CENTCOM). All three confirmed that at least a portion of the sensitive information included was accurate. They also confirmed that the listed government affiliation is accurate. We aren’t naming them because of the sensitivity of the leak and potential security clearances.

Military members allegedly sharing info via Facebook

At the bottom of the document is a series of screencaps prefaced with a warning from ISIS: “We Are Watching You – You have ZERO OpSEC – this is just 1% of what we know!” [sic]

Indeed, the screenshots included appear to show communications between various members of the armed forces on Facebook. Facebook chats are easily altered, so the veracity of these images cannot immediately be verified. The alleged conversations include potentially sensitive details: security coverage at an unnamed pier, troop movements, and reassignments to new bases.

We have reached out to the U.S. Army, Facebook, and Twitter to further verify the veracity of these accounts.

http://venturebeat.com/2015/08/11/alleged-isis-leak-compromises-hundreds-of-u-s-military-intelligence-emails-dept-of-defense-is-looking-into-it/

Dept of Defense ‘looking into’ Twitter account which allegedly leaked 100s of U.S. military &...

A Twitter account claiming to be the “IS Hacking Division” has published what appears to be an extensive directory of government emails, passwords, credit cards, phone numbers, and addresses spanning U.S. military departments and divisions, the FBI, U.S. embassies, the Library of Congress, U.S. city officials, the British Embassy, the FTC, and NASA, as well as possible personnel at Wells Fargo.

Response by SSgt Alex Robinson made Aug 12 at 2015 9:58 AM

SSgt Alex Robinson — Wed, 12 Aug 2015 09:58:07 -0400

Our country deserves better. We can do a better job securing this type of data.

Response by Sgt David G Duchesneau made Aug 12 at 2015 10:12 AM

Sgt David G Duchesneau — Wed, 12 Aug 2015 10:12:48 -0400

One would think that with all of the technology at our disposal today, things like this would not happen. Instead, the powers to be are too busy cleaning up their own bullshit instead of securing this Great Country of ours. And we wonder where the hell all of our US Tax dollars are going? Come on, wake up America. We are being torn apart from the inside out. WTF-Over!

Response by LTC Stephen F. made Aug 12 at 2015 11:04 AM

LTC Stephen F. — Wed, 12 Aug 2015 11:04:27 -0400

I expect ISIS is taking credit and "publishing" information that was hacked by others over the past couple of years including what was purported to be hacked by Chinese military hackers. This would be typical of ISIS - claiming that they had done something that had not to impress their own and wannabes.
The humorous side of "leaks" is that the "targeted" government agencies can never admit that the information is legitimate even if it is. :-)
The agencies go through the process of "tracking" use of the hacked information attributed to their agencies while they change the processes, rules, and techniques used for creation of accounts, emails, passwords, etc.

Response by PO1 John Miller made Aug 13 at 2015 7:17 AM

PO1 John Miller — Thu, 13 Aug 2015 07:17:39 -0400

How the hell would ISIS get credit card information from these types of directories?

Response by A1C Private RallyPoint Member made Aug 13 at 2015 7:50 AM

A1C Private RallyPoint Member — Thu, 13 Aug 2015 07:50:16 -0400

How many times does the DoD need to get information compromised before it realized it has a serious problem with data security