A hacker plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 FBI employees, 9,000 Department of Homeland Security (DHS) employees, and 200GB of files according to Motherboard. http://motherboard.vice.com/read/hacker-plans-to-dump-alleged-details-of-20000-fbi-9000-dhs-employees Pro-Palestinian comments on the hack, along with DHS employee info, were posted on Twitter according to Motherboard.
Zoltán Györkő, CEO, Balabit, notes: "The data breach of detailed contact information on 20,000 FBI and approximately 10,000+ DHS staff is another example that the use of insider using social engineering tactics is now much easier for hackers than writing zero-day exploits.
"Access control tools and password management systems are necessary, but these can only protect companies’ sensitive assets while hackers are outside of the network. Once a hacker manages to break into the system with even low-level access, they can easily escalate their rights and gain privileged or root access in the corporate network. Once that happens, the enemy is inside and poses much higher risk as they seem to be one of us.
Hijacked accounts (when a legal username and password is misused) can only be detected through discovery of differences in the user’s behavior, for example login time and location, speed of typing, and used commands. User Behavior Analytics tools that provide baseline profiling about real employees, that are unique like fingerprints, can easily detect the abnormal behavior of your user accounts and alert the security team or block user activities until further notice.”