UPDATED 21:51 EST / APRIL 15 2019

SECURITY

Group behind FBI-related hack breaches more sites, makes political demands

A hacking group that leaked the details of federal law enforcement agents last week has accessed and leaked data from more sites and is now making political demands.

The group, which goes by the name of PokemonGo Team, first breached several Federal Bureau of Investigation-affiliated website and leaked details April 11.

According to TechCrunch, the data included information relating to thousands of federal agents and law enforcement officials. It was stolen from three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, Virginia.

The data included 4,000 unique records including member names, a mix of personal and government email addresses, job titles, phone numbers and postal addresses.

In PokemonGo Team’s latest release over the weekend the weekend, it has now released databases relating to “government websites,” though the sites claimed to have been hacked read as a list of organizations in which government workers are members.

Those sites include the National Association of Government Web Professionals, NC-Society of Government Meeting Professionals, Oregon Government Finance Officers Association, Society of Government Meeting Professionals Texas Lone Star Capital Chapter, Society of Government Meeting Professionals San Antonio Alamo Chapter and Michigan Chapter – Society of Government Meeting Professionals.

All of the hacked data so far is available for free download from the group’s website. The apparent motivation came in a screen-shot-2019-04-15-at-9-23-55-amsince-deleted tweet from its suspended account, in which PokemonGo Team wrote, “we demand freedom for Peter Levashov.”

Levashov is a Russian hacker who was arrested in Spain in 2017 on allegations that he was behind the notorious Kelihos botnet. After being extradited to the U.S., Levashov pleaded guilty in September last year, with a sentencing hearing scheduled for September this year.

A spokesperson for Emsisoft Ltd. told SiliconANGLE that the group’s behavior so far is “super-weird and doesn’t add up at all.” On one hand, the group is claiming credit for CryptoPokemon, a form of ransomware that is not in the wild. But it’s also allegedly providing a community service by offering decryption keys for another form of ransomware that is not at all related.

The spokesperson added that Emsisoft has yet to find anything in the ransomware code to indicate that it’s the work of a known actor, but it’s still looking.

What is clear, though, that whoever the group is or whatever its motivation, it’s likely to attack again.

Featured photo: U.S. Air Force; image: Twitter/Emsisoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU