Since none of the above questions can be answered right away, let’s just take a look at what happened. On Tuesday a group of hackers calling themselves “Islamic State Hacking Division“ and who claimed to actually be affiliated with ISIS, posted alleged information on hundreds of U.S. government and military personnel.
The information contained names, email adresses, passwords (unencrypted of course), phone numbers, etc. If you look at it, it sounds like a horrible leak, right? And while some of the names do correspond with those of US government employees there have been some questions as to the legitimacy of the data.
According to the The Register a lot of the entries are for people who don’t actually live in the U.S. and “the plaintext passwords are hilariously weak – like “david8” weak. The sort of password you wouldn’t expect a military or government network to accept. A US Department of Defense source, speaking on condition of anonymity, told The Register the listed passwords are not strong enough to be used on official systems.”
So while the hack might be legit, there is very little information indicating that the U.S. government has been compromised by said “Islamic State Hacking Division“. The data could just as well have been scraped together all over the web.
The Department of Defense can of course not confirm anything at this time.