DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
-
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contracts@micahflee@infosec.exchange Uhhh... looks like DHS may have had their contracts system get popped during a penetration test in 2025?
[Edit: LOL]
-
@manchicken @micahflee looks like it was from the DHS overall (not ICE specifically), lasted from 2017-2018, and the funds were used to improve the security of OSS in general. Unless Iβm missing more context, not exactly a bad thing imo
@phillip @manchicken @micahflee Probably from CISA, which is under DHS for some reason.
-
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contracts@micahflee Well well well, move over WikiLeaks! -
I just threw together a website visualizing this ICE contract data! You can browse through the companies and their contracts, and filter them by state https://micahflee.github.io/ice-contracts/
@micahflee this is awesome!
-
@micahflee@infosec.exchange Uhhh... looks like DHS may have had their contracts system get popped during a penetration test in 2025?
[Edit: LOL]@julie @micahflee that means they were probably aware of the vulnerability that allowed this leak to happen⦠and then they didn't fix it (nor did they remove the data that the pentesters injected into their production database, apparently!)
-
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contracts@micahflee oh no, how terrible.
-
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contracts@micahflee glorious!!
-
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contracts@micahflee I cannot help but notice the "Contractors" file is about three times the size of the "Contracts" file.
-
@micahflee@infosec.exchange Uhhh... looks like DHS may have had their contracts system get popped during a penetration test in 2025?
[Edit: LOL]@julie huh, this is quite interesting
-
@julie @micahflee that means they were probably aware of the vulnerability that allowed this leak to happen⦠and then they didn't fix it (nor did they remove the data that the pentesters injected into their production database, apparently!)
@TerrorBite @julie @micahflee
Bugcrowd HackDHS -
@micahflee
Anyone got the geeks to set up a bot that posts the names of 10 of the companies once every 12 hours?
#ICEContractor #ICEComplicit@skua @micahflee Maybe every hour?
-
@skua @micahflee Maybe every hour?
@dalias
Forking Reply"Frequency of bot posts" - ideally something that could be swapped over to "User selected frequency of receiving posts by a bot".
For me, if I checked my notifications after 2 days away from Mastodon and found 48 posts by a bot I'd unFollow.
But really I have no idea where a sweet spot might be found.
-
@dalias
Forking Reply"Frequency of bot posts" - ideally something that could be swapped over to "User selected frequency of receiving posts by a bot".
For me, if I checked my notifications after 2 days away from Mastodon and found 48 posts by a bot I'd unFollow.
But really I have no idea where a sweet spot might be found.
@skua Posts go in your home feed not notifications.
-
@skua Posts go in your home feed not notifications.
@dalias
You're right.
And on my home feed I'm choosing to unFollow some accounts as I want a Home feed that moves pretty slowly - ideally slowly enough that I "often" get to see posts by my most favourite accounts.Thinking multiple bots could work.
@HourlyQuislings
@DailyQuislings
@WeeklyQuislings
User gets to choose frequency. -
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contractsFYI - some of the more perplexing names on this list:
The Linux Foundation
National Public Radio, Inc. -
@micahflee The Linux Foundation got half a million dollars from ICE contracts.
@manchicken @micahflee it looks like that started in 2014 and ended in 2018?
if i'm reading the dataset correctly. Still not a good look -
@vwbusguy @manchicken @micahflee No, the DHS does not have a voting seat with the Linux Foundation. The CII Steering Group is a sub-project of the Linux foundation that accepts monetary donations, then doles them out to open source projects in need.
So the DHS has (or had maybe?) a voting seat to give them a say in how their donations are spent.
@phillip sure that's correct and the best type of correct. Broadly it's true that donors with money always have some kind of vote
-
I just threw together a website visualizing this ICE contract data! You can browse through the companies and their contracts, and filter them by state https://micahflee.github.io/ice-contracts/
@micahflee I find this scrolling visible between floating menus quite irritating.
-
I just threw together a website visualizing this ICE contract data! You can browse through the companies and their contracts, and filter them by state https://micahflee.github.io/ice-contracts/
@micahflee Oh, I see this is from all of DHS, not just ICE, and also that it includes contracts which ended years ago. That's good to be aware of. I actually worked on part of this one contract, over a decade ago, and it was purely about improving cybersecurity for people's smartphones; it had nothing to do with immigration. https://micahflee.github.io/ice-contracts/?state=OR&modalType=contract&modalAwardId=937
-
DHS's Office of Industry Partnership was hacked by a group called "Department of Peace" and info about ICE contracts with over 6,000 companies is now published on @ddosecrets.org!
Enjoy π§
https://ddosecrets.org/article/ice-contracts@micahflee poke @ddosecrets
