A Twitter account claiming to be the “IS Hacking Division” has published what appears to be an extensive directory of government emails, passwords, credit cards, phone numbers, and addresses spanning U.S. military departments and divisions, the FBI, U.S. embassies, the Library of Congress, U.S. city officials, the British Embassy, the FTC, and NASA, as well as possible personnel at Wells Fargo.
VentureBeat is able to confirm that the U.S. Department of Defense is “looking into” this alleged hack. We’ve also independently verified that at least several of the items included on that list contained accurate information, but that several of the people were not aware that the leak had occurred.
Other details in the document appear inaccurate or outdated; it lists two Intel Corporation email accounts which apparently do not exist in Intel’s “company email directory,” an Intel spokesperson told VentureBeat.
The content was published onto a site entitled “zonehmirrors.org,” a domain which was registered under the name Redi Alberto in the city of Lugano, Switzerland.
Upon our contacting the U.S. Department of Defense, a spokesperson acknowledged the alleged leak, telling VentureBeat: “We are certainly looking into it, but I don’t have anything more than that.” Later, the spokesperson shared:
We are aware of the report. Cannot confirm credibility at this time. The safety of our service members is always a primary concern. We encourage our personnel to exercise appropriate OPSEC and force protection procedures.
We’ve subsequently reached out to several of the affected departments and Twitter for comment and have yet to hear back. Hours later, the Twitter account in question was suspended. The age and authenticity of this supposed leak remains unconfirmed, despite some of the information being accurate and current.
We’ve also reached out to dozens of the phone numbers listed in the document. We spoke with members of the Utah Air National Guard, the US African Development Foundation, and the United States Central Command (CENTCOM). All three confirmed that at least a portion of the sensitive information included was accurate. They also confirmed that the listed government affiliation is accurate. We aren’t naming them because of the sensitivity of the leak and potential security clearances.
Military members allegedly sharing info via Facebook
At the bottom of the document is a series of screencaps prefaced with a warning from ISIS: “We Are Watching You – You have ZERO OpSEC – this is just 1% of what we know!” [sic]
Indeed, the screenshots included appear to show communications between various members of the armed forces on Facebook. Facebook chats are easily altered, so the veracity of these images cannot immediately be verified. The alleged conversations include potentially sensitive details: security coverage at an unnamed pier, troop movements, and reassignments to new bases.
We have reached out to the U.S. army, Facebook, and Twitter to further verify the veracity of these accounts.
Update Aug 12, 7:23 a.m. PT: Headline revised for clarity.