Posted: 2:56 am EDT
[twitter-follow screen_name=’Diplopundit’ ]
The data was obtained, the hacker told Motherboard, by first compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place. (On Monday, the hacker used the DoJ email account to contact this reporter). From there, he tried logging into a DoJ web portal, but when that didn’t work, he phoned up the relevant department.
“So I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker told Motherboard. “They asked if I had a token code, I said no, they said that’s fine—just use our one.”
If that’s true, then it took just one employee and elementary social engineering to start the ball rolling in this newest data breach.