Chinese hackers made headlines last month for hacking into United States government servers in March, but they weren’t the only ones poking around on those servers: Anonymous claims it was too.
In fact, a high-level member of Anonymous says the group hacked the same government servers targeted by the Chinese, except months beforehand, through a different, previously unreported exploit.
Videos by VICE
In early July, the New York Times reported that Chinese hackers had found their way into government servers containing the personal information of numerous federal employees, known as the databases of the Office of Personnel Management (OPM).
The Chinese hackers apparently did this in March, but we didn’t hear about it until months later. Caitlin Hayden, a spokeswoman for the Obama administration, told the Times that the administration “had no reason to believe personally identifiable information for employees was compromised.”
Well, that’s not entirely true, says one Anonymous member with a senior-level status in the collective. In a private, encrypted chat, this Anon showed me the results of what appears to be a standard database dump, including passwords and login information, as well as the names, departments and addresses, of various government personnel.
For example, here’s a listing showing publicly available contact info for the Department of Transportation, along with login info we’ve redacted (humorously enough, the ID and password were the same):
TS_AGENCY_HQ_NAME,TS_BUSINESS_ADDRESS,TS_BUSINESS_PHONE,TS_LOGIN_ID,TS_PASSWORD
“Department of Transportation”,”400 7th Street SW”,”202-366-8984″,”[redacted]”,”[redacted]”
For a random sample of more specific entries, I was able to verify names, addresses, and phone numbers via a quick Google search, which all checked out, but was unable to verify login information and passwords of the listed federal employees.
OPM has not yet responded to a request for comment through its media contact. We’ll update when and if the agency responds.
The Anon source insists all the data is real. The breach by which Anonymous hacked into the OPM servers has since been fixed, and this Anon claims they did not gain access through the e-QIP system, which the Chinese hackers were reported to have done.
The Anon wouldn’t specify why he or she was coming forward with this information right now, except to say they had their “reasons” and “everything is political.” When pressed, the Anon admitted to being angry about the late Aaron Swartz and the incarceration of journalist Barrett Brown, as well as the charges against hacktivists Lorax and Lauri Love.
Brown is facing 8.5 years in prison, reduced from 105 years, while British hacker Love is facing 10 years in a US prison for participating in last year’s political hacking campaign known as Operation Last Resort. Operation Last Resort was motivated by the harsh prison sentencing given to hackers and activists.
Meanwhile, Adam “Lorax” Bennett, a popular internet radio DJ by night and surfing lifeguard and cancer fundraiser manager by day, has been charged with “aiding” the hacking of Australian and Indonesian websites in 2012.
The OPM data shown to Motherboard was held “in reserve to make a statement, think similar lines to #oplastresort,” said the Anon, before continuing, “Nothing is secure, governments, businesses, nothing. The US government used this hack to posture at the Chinese, but how many times are they hacked and have no political reason to reveal it?”
This hacking of the OPM database is in line with Anonymous’ activities all of last year, when they were reported as spying on more than 100,000 US government officials and engaging in the aforementioned political hacking spree Operation Last Resort.
Anonymous is also in the habit of stockpiling information to save for rainy days, or in this case, for various political purposes. Anonymous doesn’t always announce on Twitter or via YouTube video when they have hacked something; not everyone is in the habit of tweeting “TANGO DOWN,” the catchphrase appropriated from the hacker known as the Jester.
