Cyber Incident Victim: National Archives
Date:
Feb 2015
Location:
United States of America
Summary
Law enforcement is investigating a possible data breach at the National Archives following a hacker group's release of a video purporting to show unauthorized access to the agency’s website backend. Officials denied any compromise of private data, asserting that only publicly available information was accessed during recent unauthorized attempts targeting Archives.gov. Security experts suggested attackers potentially exploited stolen credentials or website vulnerabilities to reach the content management system, though broader network infiltration was deemed unlikely. The incident, characterized by experts as a symbolic act to "rewrite history," raised concerns about psychological sophistication despite technically simple methods. The agency requested limited dissemination of the video to avoid inspiring further attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early February 2015, law enforcement initiated an investigation into a potential data breach at the National Archives and Records Administration following the release of a YouTube video by a hacker group. The video, shared privately with The Hill, depicted an individual scrolling through a database of agency files on the Archives.gov website, accompanied by threatening messages and music. Private security experts analyzing the footage concluded the hackers likely accessed the back end of the National Archives’ public-facing website, where content management systems operate. The agency’s Chief Operating Officer, William J. Bosanko, denied any successful data breach, stating that while unauthorized access attempts to Archives.gov had occurred over several months, no non-public information was compromised. He emphasized the Archives’ routine cybersecurity assessments and described the website as a frequent target like other federal entities. The incident highlighted broader vulnerabilities across U.S. government systems, referencing contemporaneous breaches at the U.S. Postal Service (exposing 800,000 employees’ data), the National Oceanic and Atmospheric Administration (weather data theft), and infiltrations of White House and State Department email networks.
Security experts speculated attackers exploited a stolen password or website vulnerability to infiltrate the content management system but deemed it unlikely they penetrated deeper networks housing sensitive data. They noted the hackers’ capability to deface the website or alter public content, suggesting the intrusion aimed to make a political statement—symbolically “rewriting history” rather than stealing classified material. The incident drew parallels to the recent ISIS-affiliated takeover of U.S. Central Command’s social media accounts, which disseminated publicly available documents misrepresented as classified. The Archives faced scrutiny over historical breaches, including a 2010 incident exposing personal data of 250,000 Clinton administration staff, job applicants, and White House visitors, including over 100,000 Social Security numbers due to a missing hard drive. Another 2010 probe revealed the agency had sent a faulty hard drive containing 70 million veterans’ records for repairs without erasing data, though officials later asserted the data remained uncompromised. Archives officials requested limited dissemination of the 2015 video to avoid inspiring copycat attacks, maintaining no private data was accessed despite ongoing law enforcement inquiries.