Police Agency Hacking - Investigation - LawOfficer.com

Police Agency Hacking

We need to do more to protect our critical information from criminals

 


 

Nick Selby and Dave Henderson | Monday, August 8, 2011

Editor’s note: This article is from PoliceLedIntelligence.com, posted on August 1. Over the weekend, a hacking group made up of members of Anonymous and LulzSec, calling themselves AntiSec, hacked into several, mostly rural, southern police department systems. The group released, as they put it, “a massive amount of confidential information that is sure to embarrass, discredit and incriminate police officers across the US.” It is alleged the hacking was in retaliation against the arrest of one of their members, the group said in a statement: “We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information.”

This is real, folks. These groups have the know-how and the will to exploit our systems at their weak points. Too little has been done thus far to protect police information infrastructure and let’s hope this serves as a call to action.

While there is lots of news reporting about the attacks against a server hosting the websites and files of more than 70 US law enforcement agencies over this past weekend, in lieu of saying, “we told you so,” we thought we would look at some of what happened to provide a learning experience from it.

Please see our Top 5 Things Cops Must Do To Secure Their Networks. Now. post from last month.

First, for those who have not heard, hackers supporting the criminal movement Antisec (it is likely that there is overlap of those making this post and members of the hacker groups calling themselves Anonymous and Lulzsec) has posted files it says come from its successful exploitation of a computer server hosting law enforcement data.

Note: The last paragraph has been updated to clarify and correct. In earlier versions, we called Antisec a group;  movement is more accurate. Thank you to a commenter, below, and two others who wrote us to correct our characterization.

The group describes the attack as retaliatory:
'In retaliation to the unjust persecution of dozens of suspected Anonymous “members”, we attacked over 70 US law enforcement institutions defacing their websites and destroying their servers. Additionally, we have stolen massive amounts of confidential documents and personal information including email spools, password dumps, classified documents, internal training files, informant lists, and more to be released very soon. We demand prosecuters immediately drop all charges and investigations against all “Anonymous” defendants.'

Security Concerns
In addition to the obvious cyber security issues, which we have previously addressed, there are some serious security concerns here which must be taken seriously.

Let’s put the citizenry first: Antisec said that it is releasing a “list of hundreds of snitches who made ‘anonymous’ crime tips to the police.” As we said earlier, defending those who come to the police for help is a primary mission-critical priority of police agencies. We have failed.

Second, the group said that it has taken “Hundreds of internal police academy training files.” I could make some sarcastic remarks but the fact is that basic police tactics, strategies and training materials are now in the hands of criminals.

Third, the group claims that the data also “contained jail inmate databases and active warrant information.” These are public record, and ironically, the group is redacting the name and address info in them to “demonstrate how those facing the gun of the criminal injustice system are our comrades and not our adversaries.”

Finally, we point out that releasing the names, addresses, Social Security Numbers, telephone numbers and credentials of hundreds and hundreds of law enforcement personnel is of tremendous concern to law enforcement and to the citizens these officers are sworn to protect.

I give a real example here:
J***** B**************
SSN: ***-**-****
[address]@yahoo.com
#### Hwy. Y
Gerald, MO 63037
Phone: 573-###-####
Username: [username]
Password: [password]

That entry comes from a paste dump which contains almost a megabyte of data it says was taken from the Missouri Online Training Academy database (mosheriffs.com; the site was down as we went to press, but you can view a cache from Google).

In this dump, we see some very horrible things.




Connect: Have a thought or feedback about this? Add your comment now
print share
 
Author Thumb

Nick Selby and Dave HendersonNick Selby and Dave Henderson serve at a Texas agency and run CSGAnalysis.com and policeledintelligence.com. In 2005, Selby founded the enterprise security practice at industry analyst firm The 451 Group, where he served as VP of Research Operations. He was sworn as a police officer in 2010. Henderson is a police sergeant with 15 years of law enforcement experience, who has served as detective, warrant officer, motor officer and law enforcement instructor.

BROWSE FULL BIO & ARTICLES >

What's Your Take? Comment Now ...

Buyer's Guide

Companies | Products | Categories
Articles

Ferguson: A Lose-Lose Situation

All hell is breaking lose in Ferguson. And it is all so sad. Why? Because there are almost no winners while there are, unfortunately, plenty of losers... More >

 

Law Officer Survey

LEOs & Drug Policy

The results are in. More than 11,000 sworn LEOs took time out of their busy schedules to tell us what they think about America’s fast-changing drug policy.
More >

 

Get LawOfficer in Your Inbox

Terms of Service Privacy Policy