Iran-Linked Hackers Dump FBI Director’s Emails
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks.”
Iran-linked hackers accessed the personal email account of FBI Director Kash Patel and released hundreds of emails and photos online, moving quickly after federal authorities targeted the same network.
The FBI confirmed the breach and said the material did not include classified information.
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity. The information in question is historical in nature and involves no government information.”
The group behind the breach, Handala, posted more than 300 emails and photos from what appears to be Patel’s personal Gmail account. The material includes years of personal correspondence, travel records, family exchanges, and images that confirm the authenticity of photos of Patel, with emails dating from roughly 2011 through 2022.
Some of the emails show routine personal and business exchanges, including travel planning and contacts built over years in government and private work. The release does not show access to FBI systems, but it does place a long record of private communications into public circulation all at once.
The hackers tied the release to recent U.S. action against their network.
“We decided to respond to this ridiculous show in a way that will be remembered forever.”
The Justice Department seized multiple domains tied to the same network earlier this month. The group registered the domain used in this breach the same day those seizures were announced.
Federal officials link the group to Iran’s Ministry of Intelligence and Security. Officials warned Patel in 2024 that Iranian-linked hackers had already accessed parts of his personal communications as part of a broader effort targeting officials tied to President Donald Trump.
The emails predate Patel’s tenure as FBI director and stretch back more than a decade. The group held the material, waited for the takedown, and then put it out under his name.
Donations tax deductible
to the full extent allowed by law.
Comments
I’m thinking no one wants to see Patel in swim trunks.
Mr. Pool
@MrPool_QQ
🔻 THEY HACKED THE WRONG MAN.
Friday night. Iran’s cyber unit breached **FBI Director Kash Patel’s personal email.** They published his photos. They thought they’d humiliate him.
They didn’t.
They triggered a protocol.
https://x.com/MrPool_QQ/status/2038230586863587758
“years of personal correspondence, travel records, family exchanges, and images … dating from roughly 2011 through 2022.”
All abetted by Google’s unholy lust to retain, mine, and sell your personal information forever, for advertising revenue. Gmail, the system that treats “delete this mail” as a suggestion (and never complies) unless you happen to know the double-secret Masonic handshake in Settings that will force your deleted mail to be actually DELETED. Otherwise (the default), all your deleted mail will be squirreled away in the AIl Mail mailbox with a little tag on it that says, “I’ve been deleted,” but perfectly readable by yourself or anyone else who can manage to access that mailbox.
Google’s motto used to be “Don’t be Evil,” Now, they ARE a major source of evil.
Kinda ironic since Patel testified the FBI is totes ok with purchasing all the data they can from 3rd party commercial sellers as an end run around warrant requirements. Congress is gonna have to bite the bullet and ensure that consumer data/info belongs to the consumer,.that any entity who collects, maintains the data can’t sell, transfer the data without explicit permission for each separate potential sale/transfer, that a warrant must be issued for any govt entity seeking the data and that within 6 months of issuing the warrant must be provided to the target of the warrant. Obviously that’s gonna create havoc with ‘free’ services business model where the cost to consumers is actually their data/info being sold to data brokers and advertisers. Tough cookies.
“Congress is gonna have to bite the bullet and ensure that consumer data/info belongs to the consumer,.that any entity who collects, maintains the data can’t sell, transfer the data without explicit permission for each separate potential sale/transfer”
“Obviously that’s gonna create havoc with ‘free’ services business model where the cost to consumers is actually their data/info being sold to data brokers and advertisers.”
And that’s why it will never happen.
Here’s a tip: you know you don’t have to participate in those “free” services where you (or, actually, your data) are the product and the provider’s actual customers are people willing to buy that data.
This has been well known for many years. Anyone who still thinks Google is a good steward of their data has apparently been living under a rock for the past decade or so.
When a company is willing to give you something for “free”, or even low cost relative to the expense of providing you the “something” you’re getting, you’re not the customer, you are the product.
If you want a service that protects your data, pay your provider for the service commensurate with its value. That way you are the customer and they have an incentive to serve your needs and desires rather than the data farming industry.
“Here’s a tip: you know you don’t have to participate in those “free” services where you (or, actually, your data) are the product and the provider’s actual customers are people willing to buy that data.”
Would that this were true. Unfortunately, Google retains gatekeeping power over the mailboxes of their captive users.
I pay for and maintain my own mail server. It’s worked fine for years, As of a few months ago, Google has arbitrarily decided that any email messages from my server to any address at gmail “is likely suspicious due to the very low reputation of the sending domain. To best protect our users from spam, the message has been blocked.” There’s no indication of “low reputation” anywhere else on the web other than these “you have been blocked” messages. Any attempt to communicate about this issue or appeal it goes into a queue where it remains in limbo forever. The upshot is, unless you maintain a gmail account of your own from which you can send messages to other gmail users, you can never reach them.
If Google were hit by the SMOD tomorrow, there’s not a thing they provide that I would miss.
Or maybe we could at least keep the gov’t from using data without a warrant. We could even, gasp, do what I suggested and then everyone could be secure in the knowledge that their data wouldn’t be sold off or given away. I’d bet that less than 2/3 of users understand that LEO can get access to their email traffic without a warrant, probably less than half.
Either we work to end the digital surveillance state before the social credit system and digital currency kick in or we’ve lost.
I’m actually not arguing against your proposal…just saying that it’s not going to happen in the current enviornment; so if people want to protect their data, they’re going to have to do it themselves by getting rid of the “free” services where their data is the product and they are not the customer and pay a fee to gain data security.
“Google retains gatekeeping power over the mailboxes of their captive users.”
But those users aren’t really “captive” because their use of gmail is voluntary. Apparently they are OK with accepting that they will not receive communications from addresses to which big brother does not approve, as well as the idea that every email they’ve ever sent or received is the property of Google and can be stored, sold, released, or just outright deleted at their whim.
It sucks that you can’t communicate with them in that way, especially if it’s someone really important to you, but that’s all the more reason for them to get off the Google teat.
I use Protonmail which is end to end encrypted. The problem I run across sometimes is that every email I send has my digital signature (used to verify validity) and my public key (for encryption) attached and some mail servers (most often businesses) reject the mail because of the attachments. You can opt to send emails without those attachments, but I don’t bother. If it’s a business there are other ways to contact them. If it’s someone I care about, I’ll have their phone number so I’ll call or text. Otherwise, I guess I didn’t need to communicate with them after all.
BTW: Proton has a free version. They do that so people can try it out before paying for a more capable paid version; it’s pretty limited functionality wise, but there’s no time limit on it so maybe you could set up a free account there to communicate with gmail users.
Heck, maybe you’ll decide it’s worth it and upgrade to a paid plan so you don’t have to maintain your own email system any more.
I really like the encryption capabilities plus with paid versions you can get a password keeper, VPN, encrypted calendars (I have one of my own and my wife and I share a family calendar), you can even set up permanent or temporary email “alias” accounts with made up email addresses that will forward to your main account. That way you don’t have to give out your real email address to some service or person that you’re only going to communicate with once or don’t know very well. They can’t spam you or sell your email address to anyone else if they don’t have the real thing.
Anyway, I’m not a Protonmail sales person, I just like the service they provide at a reasonable price.
Leave a Comment