In a rare instance in the intelligence community, an FBI director became a victim of information leak widely believed to be perpetrated by Iran-linked hackers.
The bureau confirmed that Patel’s personal email information had been targeted by “malicious actors” and said the exposed material was “historical in nature” and involved “no government information.”
Reuters reported that the hackers published a sample of more than 300 emails from Patel’s inbox dating between 2010 and 2019.
The group behind the release identified itself as Handala Hack Team, a pro-Palestinian or Iran-linked hacking persona that western researchers associate with Iranian cyberintelligence activity. The FBI is offering up to $10.0 million for information that helps identify members of the group.
This shortly comes after DOJ moved against Handala infrastructure, seizing several domains that it said were tied to Iran’s Ministry of Intelligence and Security and used for propaganda, psychological operations, and hacking-related claims.
BBC reporting said the domain used in the Patel operation was registered on the same day the Justice Department announced the seizure of four Handala-linked domains. Handala said the Patel hack was retaliation for the FBI’s seizure of its websites and for the bureau’s reward offer tied to similar malicious activity.
The group had also claimed responsibility earlier in March for an attack on medical technology company Stryker and asserted it had wiped more than 200,000 systems, servers and mobile devices and extracted 50 terabytes of data.
Patel cache
The material described in the Patel cache points overwhelmingly to a personal archive rather than anything governmental or operational. The leaked items include a purported resume, personal photographs, and private correspondence spanning multiple years.
Notably, there are images of Patel sniffing and smoking cigars, riding in an antique convertible, and taking a mirror selfie while holding a large bottle of rum. Other reporting added more lifestyle and travel details, including photos from what appear to be restaurants and hotels, images beside a jet and a vintage car, and family-related photos.
The travel-related records are among the most concrete details in the reported leak. A 2013 email appeared to include 10 photos from Havana, Cuba, including images tied to El Floridita and other tourist-style settings, while separate records pointed to a five-day stay in Port-au-Prince, Haiti in February 2012.
The leak also included a receipt from an American Airlines trip in February 2022 showing travel from Las Vegas to Newark with a layover in Dallas.
The documents also appear to sketch out parts of Patel’s personal and professional transition years. Reporting referenced an HDFC Non-Resident External account connected to India, a 2014 DOJ acceptance letter, and 2014 correspondence related to apartment hunting in Washington, DC.
Reuters said it could not independently authenticate the Patel messages, though it reported that the personal Gmail address cited by Handala matched an address linked to Patel in prior breach records preserved by District 4 Labs.
The most viral claim in the latest cycle is a leaked alias “spiderkash” allegedly tied to an alleged adult-site profile with the same username. There has been no official confirmation that the account belongs to Patel.
While the leaked documents did not contain integral information to Patel’s tenure as the bureau’s director, it spells a broader statement. Experts cited in the reporting said personal accounts are attractive targets because they lack the protections and alerting common on government systems, and that hack-and-leak operations against senior officials are designed to embarrass targets and make them feel vulnerable.
Information for this story was found via India Times, BBC, The Guardian, and the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
