On a Telegram channel with a handful of subscribers, a self-styled hacker brags that he has something he’d like to show off.
Two posts later, they posted what they claim is a directory of thousands of FBI employees, from intelligence analysts to interns at U.S. law enforcement agencies; classified manuals for US warplanes; and databases of US police departments.
What’s next, asks an awed subscriber. “The Feds,” jokes another, before issuing a training manual for the Drug Enforcement Agency, saying, “Here’s something from the collection.”
This forum is just one place in a boisterous marketplace of American secrets, traded by low-level hackers and conspiracy theorists for cash and bragging rights, and accessible without passwords, special software, or knowledge of the dark web.
Following the directions of cyber security researchers who study hacker forums for a living, the Financial Times observed for two weeks several chat groups hosting tens of thousands of pages of documents, sometimes freshly gleaned from recent security breaches, sometimes made up of repackaged nuggets from previous hacks.
They’ve ranged from classified material allegedly leaked by US National Guardsman Jack Teixeira to gigabytes of recently mined company secrets that unpaid ransomware groups unceremoniously dump when negotiations with their victims fall through. There was also private communications between American law enforcement agencies and technology companies.
Often on Telegram, but also in dark web forums where hackers and ransomware criminals share tips and showcase their exploits, anonymous participants discuss world politics and give dating advice as well as exchange leaked data.
Most recently, the most prestige has come from sharing details not yet reported by the Teixeira leaks.
Within seconds of a subscriber on a Telegram channel requesting the documents, a link to several dozen leaked slides appeared, hosted on an open directory on Dropbox. When the FT saw them, many had gone unreported by the world media: China building cyberweapons to take over Western satellites and Russian mercenary group Wagner scavenging the world for weapons.
The caches pale in comparison to what whistleblowers have described as the “avalanche” of data from Russian organizations exposed by pro-Ukrainian hackers.
But the variety of documents and the relative ease with which such online forums can be accessed make it seem “like it’s you [seeing] the tip of the iceberg,” according to a US diplomat. “Even old classified documents have operational value: they show how we deal with problems, how we assess threats, how we train people.”
The hacker boasts, while unsubstantiated, seem to bear this out. “This isn’t the best stuff,” said one member of a group observed by the FT, referring to the documents on a Telegram channel. “You could spend years here [the dark web]and never being invited to the right room.
In the right rooms, the “best stuff” is advertised as screenshots and often exchanged for stolen US or European commercial data: credit card information, emails, social security numbers.
The fact that so many slides of the briefing Teixeira allegedly leaked have become currency in pro-Russian online forums shows that there is a lingering risk from disclosure. Analysts said there remained a real possibility that some of the documents were yet to surface, or that new manipulated documents could appear in Russian disinformation campaigns.
“Once this kind of data is on the internet highway, it doesn’t take long for a small group of people to stumble upon it – and once they do, it spreads across the internet like an epidemic,” he said. Osher Assor, head of the cybersecurity department at consulting firm Auren Israel.
“Every day it’s getting easier to get these classified files and it gets the US government in big trouble. In addition to the originals, we see more fake or manipulated files added to further confuse and mislead,” Assor said.
As the new documents become public, US officials have been quick to assess the depth of the revelations, with some releases catching them by surprise. Pentagon press secretary Brigadier General Pat Ryder said Tuesday that the defense department is still assessing the scope and impact of the Teixeira leaks.
The FBI declined to comment on the scale and severity of the larger leaks. The Pentagon declined to comment.
The wide variety of US government-related material shared underscores its value in the underground information economy in which hackers operate. Its relative scarcity compared to Russian data has made the new leaks exceptionally valuable, said two people involved in such online forums.
Some comfort for US authorities is that few of these hackers break into the government’s most secure databases: The most damaging leaks have come from insiders: Chelsea Manning, convicted of leaking Iraq war logs and cables of the state department; Joshua Schulte, convicted of divulging the technical details of how the CIA hacks high-value targets; and Edward Snowden, who leaked highly classified National Security Agency information.
“You get big ones, like [Schulte]once every five years: here you move fast, collect everything, hide everything, sell fast,” said one broker of these datasets. “But then you always have little ones: you find something here, something there, and then you have a file about one person that is valuable to another person.”
He described selling to a French national the details of a US wiretap operation he learned of by hacking into the emails of a European prosecutor who had been tipped off about possible criminal activity. The FT could not verify the broker’s claims, which included a screenshot of a wire transfer of $250,000 to an Albanian bank account, presumably payment for the tip.
In many cases, criminal groups have distant ties to the Russian state, providing an opportunity to disseminate documents – altered or original – that help with Russian propaganda.
A hacker showed sample source code, settings and test data from an industrial process that has been described as the production of the alloy used to reinforce the armor on American-made infantry fighting vehicles. In another conversation observed by the FT, an unidentified buyer asked if anyone had a more recent copy of the US no-fly list for sale, which contains the names of people prohibited from traveling by air in, out or within interior of the country. A 2019 copy of that list was already leaked to the internet earlier this year.
“Check the DM [direct messages]”, replied a user of the Telegram group, promising that what he was sharing was the “most recent”.
—————————————————-
Source link