Has the Defense Department Network been Breached… Again?

On Sunday, the leak site, Cryptome, released a document purportedly from the hacker group known as the “Remember Emad crew”. The letter, addressed to the Pentagon, claimed,

“we are responsible for the attack to your computers. the results of the attack can be categorized as below :

– deals with contractors

– products being discussed to send overseas to various geos (governments?)

– id and social security of the dod personnel involved

we are processing the data and pretty soon make a dump of it right aside the Saudi corruption leaks recently published.”

 They may be referring to the June leak of half a million cables from the Saudi government that pointed to that government’s efforts to undermine Iran and may have implicated the US to some degree. Many more of these documents are expected to be released in the near future.


According to Israeli sources, the Remember Emad group is connected to the governments of Lebanon (probably Hezbollah) and Iran. The group’s name refers to the operational chief of Hezbollah, Imad Mughniyeh, who was killed by a car bomb in 2008. Hezbollah blames Israel for his death, although Israel has neither confirmed nor denied its involvement. Remember Emad works together with a number of other hacker groups from the Middle East and Pakistan who share a pro-Iran/Hezbollah stance. The group claims to have made this attack on the DoD because of

“your dirty involvement in Syrian affairs and aims against hezbollah and other local resistance groups or as it says on the new show “every action has a reaction” . you will be hearing from us more :)”

 They are promising to release the stolen documents soon and they will either appear on Cryptome, Wikileaks, or the Lebanese newspaper, al-Akhbar.

Now, you may think that this is all bluff, and I would be among the first to agree with this assessment. After all, they threatened a big attack on Israel last year that never materialized. Previously, they’ve threatened to take over American drones and even go after Joe Biden, for some reason. On the other hand, three years ago, the group successfully infiltrated the Israeli data center, WebGate, and stole personal information, Facebook passwords, images of checks, and credit card numbers, among other information, so they have to be taken seriously. There is another good reason to take them seriously this time. Last week, CNN reported that the Pentagon disabled its email because of suspicious activity. The network that was shut down was one “used by the Joint Chiefs of Staff (JCS), and hundreds of military and civilian personnel.” Thus, the hacker group’s attack vector into the Department of Defense is plausible.

The big question I have is how long the system was compromised before the suspicious activity was discovered. Of course, the Remember Emad group could just be using last week’s attack as a way to increase paranoia and may not be involved in the actual breach at all. They also could have performed an additional breach, possibly over the weekend. This would be in keeping with the MO of attacks from Middle East hacking groups. They realize that IT staffs are reduced on weekends and holidays and that networks may be easier to compromise at these times. If the Remember Emad group was, indeed, responsible for last weeks attack,  they would only take responsibility for it after their breach was discovered and they could no longer lie in wait, gathering data.  In any event, I suppose we’ll find out soon whether this is just hype or the real deal. If the group releases some valid stolen data, the DoD will have a few questions to answer.

One thought on “Has the Defense Department Network been Breached… Again?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s