Anonymous activists have hacked the US government again. On July 20, the group of online hackers attacked the United States Census Bureau in protest of the proposed Transatlantic Trade and Investment Partnership between America and European Union and the Trans-Pacific Partnership trade negotiations with countries from North America and the Pacific Rim.
Information was stolen from Census’ Federal Audit Clearinghouse, which maintains and disseminates single audits used to assess whether organizations qualify for federal assistance funding and if they are abiding by all the regulations that accompany that funding.
— Anonymous Operations (@AnonOpsSE) July 22, 2015
The four files were then posted on paste sites openly available on the web. They contain the database of the US Census Bureau’s website along with its password hashes, 3000+ usernames, IDs, phone numbers, full names and names of the agencies and most importantly thousands of email IDs belonging to US official from the military, IRS, Census Bureau, Department of Home Security, US Department of Education, National Nuclear Security Administration and other high-profile US government institutions along with their addresses.
Anonymous told HackRead, “Getting into the Bureau’s site was a piece of cake, it was just a simple SQL injection, can you believe? This will hurt a lot of people.”
Census security officials discovered the breach on July 22, at which point they took the site offline to investigate. Census Bureau director John H. Thompson later confirmed the leak and revealed how the hackers could breach the department’s systems.
“Earlier this week, the Census Bureau experienced an attack to gain access to the Federal Audit Clearinghouse, which is housed on an externally facing IT system that contains non-confidential information, such as names of the person submitting the information, organization addresses and phone numbers, site user names, etc. While our IT forensics investigation continues, I want to assure you that at this time every indication is that the breach was limited to this database, and that it did not include personally identifiable information provided by people responding to our censuses and surveys.
“It appears the database was compromised through a configuration setting that allowed the attacker to gain access to the four files posted to the hacker’s site. The hackers acquired the data illegally, but as I indicated above, the Clearinghouse site does not store any confidential household or business data collected by the Census Bureau. That information remains safe, secure and on an internal network segmented apart from the external site and the affected database,” he wrote.
The US Census Bureau gathers data on every US resident once every 10 years, as well as data on its economy every five years. It’s mission statement includes the line: “We honour privacy, protect confidentiality, share our expertise globally, and conduct our work openly.”
The July attack on Census Bureau follows a larger attack on the US Office of Personnel Management (OPM) in June that compromised personal information of millions of Americans.