Hackers associated with the Islamic State militant group (ISIS) have posted the names and addresses of several U.S. officials online, encouraging the group’s supporters to carry out “lone wolf” attacks.
The Caliphate Cyber Army (CCA), formerly known as the Islamic Cyber Army, released the personal details of 55 New Jersey police officers last week after hacking into the website of the New Jersey Transit police. The information was referenced in a series of Twitter posts on Sunday that also mentioned previous hacks on the U.S. Department of Defense.
“The lone wolves r hungry for yr blood,” one tweet stated. The list of personal details, seen by Newsweek, includes home addresses, phone numbers, names and ranks. The Twitter accounts used to encourage the attacks have since been suspended.
New Jersey Transit said in a statement: “The NJ Transit Information System was not compromised, however some information was breached from an outside vendor. The New Jersey Transit police are working with the Department of Homeland Security and the FBI on this matter.”
The CCA has previously carried out small-scale hacks on seemingly arbitrary online targets, including a small solar energy company in England, a Japanese dance instructor, and a laminate flooring firm based in Wales.
The group also recently promised to take down Google but instead defaced the website of Add Google Online, a small Indian firm that offers search engine optimization services to local businesses.
Experts monitoring the CCA cite unsophisticated attacks like these as evidence that the group has limited technical skill sets.
“We believe they gained access to vulnerable sites using elementary hacking methods and stumbled upon databases or spreadsheets with information they felt would appear threatening if released,” Raijin Rising, a pseudonymous member of the independent counterterrorism network Ghost Security Group, tells Newsweek.
“Their activities shine a light on just how vulnerable websites are out there,” the member said. “It’s amazing how bad it is. I would estimate between 50 percent and 75 percent of websites are weak and vulnerable to simple attacks like these.”