Last week, a "premier intelligence and national security organization" was hacked and then hundreds of intelligence officials, ranging from the NSA, FBI, CIA, the Pentagon, the White House, had their names, email addresses, some phone numbers and even home addresses posted on Cryptome.
Intelligence and National Security Alliance (INSA) published a Cyber Intelligence report [PDF] about the need to develop better cyber intelligence sharing, analysis and defenses against the "cyber threat environment" where hackers are cracking into everyone's systems, from government agencies to private companies. 48 hours later, a cyberattack was launched against INSA website and the membership list was leaked after the hack.
MSNBC reported that "in apparent retaliation, INSA's 'secure' computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org." There were 95 email addresses belonging to the "supersecret National Security Agency, as well as scores of others in key positions at the White House, the Pentagon, FBI, CIA, the Office of Director of National Intelligence and the State Department." John Young who runs Cryptome said in a telephone interview with NBC that he had no reservations about publishing 'INSA Nest of Official and Corporate Spies.' Young said, "We would love to name every spy that lives on Earth."
INSA President Ellen McCarthy confirmed the leak is real and told MSNBC that exposed members are not happy about the published list of names and email addresses. "Intelligence people are not very fond of getting a lot of attention."
The Cryptome document claims it does not violate the Intelligence Identities Protection Act, a law that says there can be no public name disclosure of covert intel operatives, because it only applies to insiders who spill secrets. Young added that covert spies don't use their "true identity" to join public organizations. "The consequence of the insidious infiltration by covert spies of societies worldwide: to expect deception, protect thyself from them." Also according to Young, "the accusation of breaking the law" by "revealing a covert agent's identity is frequently deployed as a public manipulation tactic by spies and their supporters such as INSA and a wide range of others committed to exploiting secrecy for their own benefit."
The INSA members with leaked personal info included top executives in national security contracting firms like Northrop Grumman, previously pwned Booz Allen Hamilton, Boeing, and many others. MSNBC added other "notables" included "John Brennan, President Barack Obama's chief counterterrorism advisor; Aneesh Chopra, the White House's chief technology officer; James Clapper, director of national intelligence; Secretary of Energy Steven Chu; and Secretary of State Hillary Clinton. Also on the list is INSA's chair, Frances Fragos Townsend, who previously served as President George W. Bush's top homeland security adviser."
Since Cryptome published 'INSA Nest of Official and Corporate Spies' [PDF] on September 13th, many intelligence officials have written in to have their names and other personal information removed. One request on 9/18/11 is short and blunt, "Get my goddamn personal information off your site. Creep." Other requests to be removed from the INSA spy list state they were never convert or overt spies.
The Daily Beast quoted Wired's Danger Room editor and cybersecurity expert Noah Shachtman as saying, "The people who are supposed to be most sophisticated about network security are constantly getting owned. It used to be that if you wanted to steal secrets from the U.S. government, you would have to go to the Pentagon or Langley, Va. But now, because so much of what our military and intelligence agencies do is actually in private contractor hands, one of the easiest ways to get sensitive information is to break into these corporate and association networks."
In a post about past criminal hacking to get and dump law enforcement officers' personal information versus Freedom of Information Act (FOIA) requests to obtain the information, Police-Led Intelligence quoted Saginaw, Texas, police chief Roger Macon as saying, "Ironically, they could have had ... a whole lot more [e-mails] just by sending a public information request."
This is followed by a list showing the "advantages and disadvantages" of using a FOIA request to legally obtain information or committing a felony to hack a site for information. It points out that police "home addresses, SSNs, bank account numbers" or "graphic or sensitive intelligence reports" would not be revealed, but the article issues a challenge: "If you are really dedicated to your quest for the truth, show your faces and use the system against itself." It concludes with:
If someone hacked a system, committing a felony to get public information prepared for the media? Then that is, well, hilarious.
Talk about Lulz.