The names and email addresses of hundreds of U.S. intelligence officials — including some senior officials in the Obama Administration — have been posted on an anti-secrecy website after computer hackers allegedly swiped them from the internal membership list of a prestigious national security organization.
The apparent cyberattack on the Intelligence and National Security Alliance, or INSA, is the latest example of the ability of hackers to penetrate the computer systems of government agencies and private companies — including those that pride themselves on their savvy and expertise in cybersecurity.
INSA — a nonprofit that bills itself as the country's "premier intelligence and national security organization" and whose members include senior U.S. intelligence officials and government contractors — on Monday published a major report (PDF) warning of an urgent need for the country to beef up its cyberdefenses.
Within a couple of days, in apparent retaliation, INSA's "secure" computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org website under the heading "INSA Nest of Official and Corporate Spies," INSA President Ellen McCarthy confirmed.
"I guess I feel like anybody else this happens to — like I was violated," McCarthy, a former top Pentagon intelligence official, told NBC News.
Cryptome was an early forerunner of WikiLeaks, having been in operation since 1996 and openly advertising its willingness to publish national security secrets. The group states on its home page that it "welcomes documents for publication that are prohibited by governments worldwide."
John Young, a New York architect and national security buff who runs Cryptome, said he had no reservations about publishing the INSA membership list. "We would love to name every spy that lives on Earth," he said in a telephone interview.
But Young denied any involvement in the hacking of INSA's computers, insisting that the membership list arrived "over the transom" from a source he didn't know. He declined to elaborate.
The list of INSA members includes at least 95 individuals with email addresses from the supersecret National Security Agency, as well as scores of others in key positions at the White House, the Pentagon, FBI, CIA, the Office of Director of National Intelligence and the State Department.
Among the notables on the list are John Brennan, President Barack Obama's chief counterterrorism advisor; Aneesh Chopra, the White House's chief technology officer; James Clapper, director of national intelligence; Secretary of Energy Steven Chu; and Secretary of State Hillary Clinton. Also on the list is INSA's chair, Frances Fragos Townsend, who previously served as President George W. Bush's top homeland security adviser.
The list also includes the names, emails — and in some cases the work addresses and telephone numbers — of hundreds of top executives at major government contracting firms that specialize in national security work, such as Northrop Grumman, Boeing, General Dynamics, SAIC and CACI. Some members, whose affiliations were not provided, had their home addresses and phone numbers listed.
The publication of the names of so many U.S. intelligence officials raises questions about whether it might have violated the Intelligence Identities Protection Act — a law that forbids the public disclosure of the names of covert intelligence operatives. But McCarthy said she was unaware of any of the group's members serving in a covert or undercover capacity. A U.S. government official, speaking on condition of anonymity, likewise downplayed the seriousness of the security breach.
Cryptome itself ridiculed speculation that it might have violated the law in response to readers’ comments on its website. "Those protected as covert spies do not join public organizations under their true identity," it said.
Still, McCarthy made it clear her members were less than pleased with having their email addresses published on the Internet. "Intelligence people are not very fond of getting a lot of attention," she said.
McCarthy said the incident only calls attention to the underlying security issue that INSA was trying to warn about in its report last week.
"Hardly a day goes by without some news of a major hacker attack on government and industry information" systems,” it noted. The group concluded that cyberspace has become a "multi-dimensional attack space" in which "key economic and national security assets are exposed to significant threats."