Feds probe alleged classified US govt data theft and leak
State Dept keeps schtum 'for security reasons'
Updated Uncle Sam is investigating claims that some miscreant stole and leaked classified information from the Pentagon and other national security agencies.
The US Department of State "is aware of claims that a cyber incident has occurred and is currently investigating," a spokesperson told The Register.
"The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department's cybersecurity posture. For security reasons, we will not provide details on the nature and scope of the claim."
A netizen who goes by IntelBroker took credit for the cyber-heist, and on Tuesday appeared to dump at least a sample of the alleged stolen data on the dark web.
The leak, spotted by Dark Web Informer, allegedly consists of contact info for government and military officials – including names, email addresses, and office and personal cell phone numbers belonging to Pentagon and other federal employees – plus classified and confidential communications and documents shared between the Five Eyes' intelligence agencies and other US allies.
IntelBroker bragged about the leak on Twitter, sorry, X, before being booted from the social network — and said they obtained the records after breaking into the IT environment of Acuity, a Virginia-based consulting firm that works with the US government and national security organizations.
We've asked Acuity to respond to the claims made against it, and we will update this story if and when we receive a response.
The intrusion may have happened last month: At the time, the same miscreant claimed to have stolen sensitive information, via Acuity, belonging to US Immigration and Customs Enforcement (aka ICE) and US Citizenship and Immigration Services, including personal details about 100,000 folks plus email addresses and plain-text passwords.
- Ivanti commits to secure-by-design overhaul after vulnerability nightmare
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online
- Ransomware gang did steal residents' confidential data, UK city council admits
- Feds finally decide to do something about years-old SS7 spy holes in phone networks
IntelBroker boasted they used a zero-day bug in GitHub to access Acuity's tokens and snatch the government data.
This follows an earlier theft of State Department data also involving Microsoft, which owns GitHub.
In that case, in June 2023, Chinese government snoops, known as Storm-0558, compromised Microsoft keys and breached the IT giant's Exchange Online hosted email service to steal some 60,000 emails from the department, plus a list of all its employees' email addresses. ®
Updated to add at 2150 UTC
Acuity has told us that yes, it was attacked but it doesn't think any sensitive data was involved.
"Acuity recently identified a cybersecurity incident related to GitHub repositories that housed dated and non-sensitive information. Immediately upon becoming aware of this zero-day vulnerability, Acuity applied the vendor's security updates and performed mitigating actions in accordance with the vendor's guidance," Acuity CEO Rui Garcia told The Register after publication.
"After conducting our own analysis and following a third-party cybersecurity expert investigation, Acuity has seen no evidence of impact on any of our clients' sensitive data. In addition to cooperating with law enforcement, Acuity takes the security of its customers' data seriously and is implementing appropriate measures to secure its operations further."