Resident of the world, traveling the road of life
68214 stories
·
21 followers

Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials

1 Share
Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials

A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE), has now built dossiers on tens of thousands of U.S. government officials, including NSA employees, a member of the group told 404 Media. The member said the group did this by digging through its caches of stolen Salesforce customer data. The person provided 404 Media with samples of this information, which 404 Media was able to corroborate.

As well as NSA officials, the person sent 404 Media personal data on officials from the Defense Intelligence Agency (DIA), the Federal Trade Commission (FTC), Federal Aviation Administration (FAA), Centers for Disease Control and Prevention (CDC), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), members of the Air Force, and several other agencies.

The news comes after the Telegram channel belonging to the group, called Scattered LAPSUS$ Hunters, went down following the mass doxing of DHS officials and the apparent doxing of a specific NSA official. It also provides more clarity on what sort of data may have been stolen from Salesforce’s customers in a series of breaches earlier this year, and which Scattered LAPSUS$ Hunters has attempted to extort Salesforce over.

💡
Do you know anything else about this breach? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

“That’s how we’re pulling thousands of gov [government] employee records,” the member told 404 Media. “There were 2000+ more records,” they said, referring to the personal data of NSA officials. In total, they said the group has private data on more than 22,000 government officials. 

Scattered LAPSUS$ Hunters’ name is an amalgamation of other infamous hacking groups—Scattered Spider, LAPSUS$, and ShinyHunters. They all come from the overarching online phenomenon known as the Com. On Discord servers and Telegram channels, thousands of scammers, hackers, fraudsters, gamers, or just people hanging out congregate, hack targets big and small, and beef with one another. The Com has given birth to a number of loose-knit but prolific hacking groups, including those behind massive breaches like MGM Resorts, and normalized extreme physical violence between cybercriminals and their victims.

On Thursday, 404 Media reported Scattered LAPSUS$ Hunters had posted the names and personal information of hundreds of government officials from DHS, ICE, the FBI, and Department of Justice. 404 Media verified portions of that data and found the dox sometimes included peoples’ residential addresses. The group posted the dox along with messages such as “I want my MONEY MEXICO,” a reference to DHS’s unsubstantiated claim that Mexican cartels are offering thousands of dollars for dox on agents. 

Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
Scattered LAPSUS$ Hunters—one of the latest amalgamations of typically young, reckless, and English-speaking hackers—posted the apparent phone numbers and addresses of hundreds of government officials, including nearly 700 from DHS.
Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials

After publication of that article, a member of Scattered LAPSUS$ Hunters reached out to 404 Media. To prove their affiliation with the group, they sent a message signed with the ShinyHunters PGP key with the text “Verification for Joseph Cox” and the date. PGP keys can be used to encrypt or sign messages to prove they’re coming from a specific person, or at least someone who holds that key, which are typically kept private.

They sent 404 Media personal data related to DIA, FTC, FAA, CDC, ATF and Air Force members. They also sent personal information on officials from the Food and Drug Administration (FDA), Health and Human Services (HHS), and the State Department. 404 Media verified parts of the data by comparing them to previously breached data collected by cybersecurity company District 4 Labs. It showed that many parts of the private information did relate to government officials with the same name, agency, and phone number. 

Except the earlier DHS and DOJ data, the hackers don’t appear to have posted this more wide ranging data publicly. Most of those agencies did not immediately respond to a request for comment. The FTC and Air Force declined to comment. DHS has not replied to multiple requests for comment sent since Thursday. Neither has Salesforce.

The member said the personal data of government officials “originates from Salesforce breaches.” This summer Scattered LAPSUS$ Hunters stole a wealth of data from companies that were using Salesforce tech, with the group claiming it obtained more than a billion records. Customers included Disney/Hulu, FedEx, Toyota, UPS, and many more. The hackers did this by social engineering victims and tricking them to connect to a fraudulent version of a Salesforce app. The hackers tried to extort Salesforce, threatening to release the data on a public website, and Salesforce told clients it won’t pay the ransom, Bloomberg reported

On Friday the member said the group was done with extorting Salesforce. But they continued to build dossiers on government officials. Before the dump of DHS, ICE, and FBI dox, the group posted the alleged dox of an NSA official to their Telegram group. 

Over the weekend that channel went down and the member claimed the group’s server was taken “offline, presumably seized.”

The doxing of the officials “must’ve really triggered it, I think it’s because of the NSA dox,” the member told 404 Media.

Matthew Gault contributed reporting.

Read the whole story
mkalus
42 minutes ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Saturday Morning Breakfast Cereal - Pray

1 Share


Click here to go see the bonus panel!

Hovertext:
Love it when the moon becomes as blood.


Today's News:
Read the whole story
mkalus
1 hour ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

South Korea blows $850m on failed AI school textbooks

1 Share

South Korean president Yoon Suk Yeol wanted AI in education. He’d put AI textbooks in the schools! This would surely solve teachers’ workloads, fix inequality, and personalise learning! [Rest Of World]

The programme was rushed out. The Korean government spent more than 1.2 trillion won ($850 million) on the programme.

The Korean Teachers and Education Workers Union were unhappy the AI textbooks were mandatory. The government moved to running a one-year trial. [press release, in Korean]

Then Yoon tried to impose martial law, and he was impeached and deposed.

The AI textbooks went ahead anyway in March, for maths, English, and computer science. One student said:

All our classes were delayed because of technical problems with the textbooks. I also didn’t know how to use them well. Working individually on my laptop, I found it hard to stay focused and keep on track. The textbooks didn’t provide lessons tailored to my level.

One high-school maths teacher said:

Monitoring students’ learning progress with the books in class was challenging. The overall quality was poor, and it was clear it had been hastily put together.

In June, Lee Jae Myung was elected president. Lee had promised to reverse the AI textbook scheme. The texts’ official status was rescinded in August, after four months live, and they’re now just “supplementary material”.

The textbook publishers, who spent $567 million, will be suing the government for damages. Kim Jong-hee of Dong-A Publishing said “the issue has become overly politicised.” And not that the AI textbooks were, y’know, trash.

Read the whole story
mkalus
2 hours ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Planetary Rings

1 Comment and 2 Shares
If you don't know where you are on Earth, the angle of satellite dishes can help constrain your latitude. If some of them are pointing straight up, you're probably near the Equator, right under the ring.
Read the whole story
alt_text_bot
3 days ago
reply
If you don't know where you are on Earth, the angle of satellite dishes can help constrain your latitude. If some of them are pointing straight up, you're probably near the Equator, right under the ring.
mkalus
1 day ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

How OpenAI dodged Hollywood on Sora 2

1 Share

The use case for AI video is to churn out clips of existing TV and movie characters for your amusement. [THR]

Hollywood got wind of OpenAI’s Sora 2. Agencies called OpenAI to see what the deal was. [THR]

OpenAI told them whatever they wanted to hear:

repeatedly talking up an opt-in regime that would protect the agency’s clients against the misuse of their intellectual property and likenesses.

But when the agents talked to each other:

We started exchanging notes with others having similar conversations and realized we’re all hearing different things.

OpenAI told some agents they would never use actor likenesses without opt-in! Others were told Sora would be opt-out.

The WME agency was told each actor would have to opt out individually. Then, on 29 September, WME was told Sora would not use their clients’ faces or voices without opt-in permission.

Sora went live 30 September, using all the faces and voices anyway. OpenAI announced an opt-out regime, opting out one property at a time.

That’s not how copyright or personality rights work. There’s a century of precedent — you do a deal and you pay. Anthropic successfully claimed fair use on training — but OpenAI has built a machine to churn out violations.

WME has notified OpenAI it does not have permission to use any of WME’s clients. Disney has notified OpenAI that it could just sue under copyright if OpenAI does not desist. [THR]

OpenAI’s going ahead full-steam anyway. Because OpenAI has to get money in, or it dies.

Read the whole story
mkalus
1 day ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Saturday Morning Breakfast Cereal - Irr

1 Comment and 2 Shares


Click here to go see the bonus panel!

Hovertext:
Works especially well for telling people they're not in irrirrerror.


Today's News:
Read the whole story
mkalus
1 day ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete
1 public comment
silberbaer
1 day ago
reply
Irregardless is *literally* just "extra regardless". (flinch)
New Baltimore, MI
Next Page of Stories