The US Army, Department of Energy, Department of Health and Human Services, and other US government agencies were infiltrated by the Adobe software breaches that came to light last month, the FBI said in a memo this week. The memo, which was distributed throughout the affected agencies, said that the breaches actually started in December of 2012 and were carried out by the hacker group known as Anonymous. They then left “back doors” to government computer systems which Anonymous operatives could return to later, which some did quite publicly last month.
The FBI memo explained to system administrators how to detect whether their systems were compromised by the attack. But it also expressed uncertainty about the extent of the damage.
“The majority of the intrusions have not yet been made publicly known,” the memo read. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”
In the Department of Energy alone, 104,000 government employees, private contractors, their family members, and other individuals in the agency had their personal information stolen, according to an Oct. 11 internal email from DoE secretary Ernest Moniz’s chief of staff Kevin Knobloch. At least 2,000 of their bank accounts were also compromised.
The government wasn’t the only target of the attacks. 2.9 million Adobe customer IDs were stolen, but up to 150 million Adobe accounts may have been affected in various ways. For example, hashed ID and password pairs were posted to AnonNews.org for a short while last month until Adobe managed to get them removed.