A nonprofit organization affiliated with the FBI confirmed that hackers breached the web servers of multiple chapters and published the names and addresses of hundreds of law enforcement personnel and thousands of other people online.
The hacked materials, which were released late last week and obtained Sunday by NBC News, include names, job descriptions, email addresses and, in some cases, street addresses of more than 23,000 people in multiple databases. More than 1,000 of the email addresses belong to the FBI.gov domain and the domains of other federal, state and local law enforcement agencies.
Several dozen other identities, included in a database that hackers say are "people being watched by the FBI," are attached to the domains of major news organizations, including NBC News.
In a statement, FBI National Academy Associates, an organization supporting graduates of the FBI Academy, confirmed that the websites of three of its local chapters were breached and that "personal information has been obtained to be sold on the web."
The organization said it was still investigating along with federal authorities, but it said it had determined that its national database wasn't affected.
The materials appear to have been made public as a proof of concept, establishing that the hackers are to be taken seriously. The hacking group — which NBC News isn't naming, along with other information that could lead to the materials — said it was in possession of even more sensitive information that it hoped to sell.
In posts that continued on Sunday, the hackers also prominently promoted what they described as a ransomware encryption package that they hoped to provide to other hackers.
So far, the tool "hasn't found its way into the wild," said Brett Callow, a spokesman for Emsisoft, a security company that released a decryption tool for the malware over the weekend.
But "in terms of seriousness, it could be very serious," Callow said in an interview. "Information for FBI staff is now in the public domain."
Emsisoft's head of security, Fabian Wosar, a widely respected ransomware expert, on Sunday described the malware code as unique, saying by email that there were no clues to indicate it was the work of a previously known actor.
Among their materials, the hackers said they had "been working quietly since 2014, and did not particularly attract attention, but the time has come to change the world."
While bad actors online will often "chaff" their communications with false information to mislead investigators, a possible clue to the hackers' motives beyond profit could be a single post on Sunday declaring: "We demand freedom for Peter Levashov."
In September, Levashov, of St. Petersburg, Russia, pleaded guilty to causing intentional damage to a personal computer, conspiracy, wire fraud and aggravated identity theft in connection with one of the world's largest spambots, Kelihos, variants of which began infecting hundreds of thousands of computers around the world in 2010.
Court documents unsealed in the case showed that federal investigators had had Levashov's Apple iCloud account under surveillance since mid-2016, which is believed to have yielded the evidence prosecutors needed to extradite him to the United States. Sentencing is scheduled for Sept. 6 in U.S. District Court in Connecticut.
