Oath Keepers Leak Includes U.S. Military, Government Email Addresses | #emailsecurity | #phishing | #ransomware

Official military and government email addresses can be found throughout a leaked membership list from the Oath Keepers militia.

The paramilitary group, which is currently embroiled in controversy after 19 of its members were arrested and charged for their alleged involvement in the Jan. 6 Capitol riot, had its data exposed on Monday after allegedly being targeted by a hacker.

The 5GB data cache, most of which was made public by the journalism and transparency collective DDoSecrets, contains emails and group chats as well as information on members and donors.

Among the files included is an alleged membership list filled with more than 38,000 emails.

Some of the entries show corresponding names, physical addresses, phone numbers, and IP addresses. The membership list does not detail whether an alleged member is or was ever active with the Oath Keepers. An email address on the list does not necessarily mean they are a member.

Analysis of the data by the Daily Dot found 160 alleged members who shared their official military or government emails with the militia. It is unclear whether the alleged members are currently active within the paramilitary group.

Approximately 28 email addresses included in the list use the .gov domain, including those from local city governments to sheriff’s departments. Other email addresses are linked to more obscure government bodies, like the California Department of Water Resources (DWR).

Federal agencies such as the Department of Homeland Security (DHS), Federal Aviation Administration (FAA), and National Aeronautics and Space Administration (NASA) are represented in the data as well. One domain even originates from the Los Alamos National Laboratory, a Department of Energy (DOE) lab that helped design nuclear weapons during World War II.

A total of 132 email addresses found in the list used the .mil domain, 100 of which were from the U.S. Army. Other branches of the military found on the list include the U.S. Air Force, U.S. Navy, U.S. Coast Guard, and U.S. Marine Corps.

In a statement to the Daily Dot, spokesperson Matt Leonard said that the Army prohibits personnel from advocating what it deems as “extremist” causes.

“The Army prohibits military personnel from advocating supremacist, extremist, or criminal gang doctrine, ideology, or causes. There is no place for extremism in the military and we will investigate each report individually and take appropriate action,” Leonard said. “Any type of activity that involves violence, civil disobedience, or a breach of peace may be punishable under the Uniform Code of Military Justice or under state or federal law.”

The Daily Dot reached out to the other numerous military branches and government agencies listed in the breach but did not receive replies by press time.

Although email addresses can also be found in a separate backup database, many, including some that are clearly fake, appear to have originated from users who signed up for the Oath Keepers website merely to criticize the group.

The leak comes just days after the hack of web hosting company Epik, where the Oath Keepers have been a client since January. The Daily Dot has been unable to confirm whether the hack of the militia group was tied to the Epik breach.

This week’s top technology stories

*First Published: Sep 27, 2021, 5:02 pm CDT

Mikael Thalen

Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.

Mikael Thalen

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − = nineteen