Last week, the New York Post reported that hackers had compromised the personal email address of CIA Director, John Brennan. In addition to this attack, the hacker claimed to have accessed the Comcast account of Homeland Security Secretary – Jeh Johnson – and posted a redacted screenshot of a billing page. The account that claimed responsibility – @phphax – is synonymous with another account – @__CWA___ – which are claimed to operate under the banner “Crackas With Attitude” (CWA). The hacker also claimed that he listened to Johnson’s voicemails. Today the actor claimed to provide evidence of attack on Johnson through a series of posts on paste websites.
The Twitter user @phphax posted a tweet today that included links to personal information for a number of individuals purported to be employed by the United States government, including the Secretary of Homeland Security Jeh Johnson. The information contained within these posts appears to include account information (usernames, passwords), personal information (telephone numbers, physical addresses) and claimed “call logs” which encompass times, dates and phone numbers. This information appears to have been collected together from a number of sources. This is akin to the hacktivist practice of doxing – or documenting a target in detail to support other attackers.
In the post, the passwords are displayed in clear text, and answers to some of the security questions express anti-government sentiment, which suggests some of the data may have been changed. It is not currently known where the information has come from. Naturally it is therefore difficult to verify if this data is genuinely from United States (US) Government employees.
Some of the information claimed to pertain to US Government officials does not appear to be associated with them on further assessment, however this is not evidence that the account data is not real, rather that it does not relate to the individual to whom the authored claimed it to be relevant.
In conclusion – an interesting development, which could indicate that this particular attacker will continue its work to target senior figures in U.S. government.