Texas LE Databases Hit by Hackers - Technology and Communications - LawOfficer.com

Texas LE Databases Hit by Hackers

Anonymous takes credit for the 3GB cache

 


 

Nick Selby and Dave Henderson | Friday, September 2, 2011

Editor's note: For more great technology artilces by Nick Selby & Dave Henderson, please visit PoliceLedIntelligence.com, where this article was first published. 

On Sept. 1, 2011, a cache of some 3GB of data stolen from 28 current and former Texas Chiefs of Police was released on the Internet by people associated with the criminal hacking group known as Anonymous.

Among the data were personal details about the chiefs themselves, their credentials to a range of law enforcement and non-law enforcement systems and resources (from banking and income tax forms, online tax and financial records, pornography sites, and the uncensored contents of their personal and work email accounts.

We know that some of the victims made life incredibly easy for the criminals. For example, some passwords were stored in text files. Thus, when a bad email password was compromised, the hackers got a trove of accounts to play with.

It’s been said that each password recovered from among the 28 victims – the AP reports that one was a former Houston officer mistakenly identified by the hackers as a current Houston Lieutenant- was worked to death; under the reasonable and correct assumption on the part of the hackers that the paswords were being used repeatedly, it was simply a matter of testing out things like eBay and Amazon and adult sites, as well as plumbing the depths of the agencies’ internal systems.

We believe that these attacks – which like the other attacks on law enforcement throughout the country in the recent past – were preventable and damage could have been limited by basic protections of the sort taken for granted by those in industry and in state and certainly in federal government.

We’ve written at length about this - troubling to point out how serious are the consequences of failure to defend police networks, and will continue to work behind the scenes and publicly to educate law enforcement on the dangers of bad security – of which, in fact, all of us are guilty.

We’ve said before and will say again here: everyone is hackable, everyone has done stupid things. We don’t necessarily blame those victims for their bad security.

We do blame agencies which do not heed the warnings and lessons of these attacks.

As a guide, we recommend that the hacked agencies focus not on the highly embarrassing public release of personal email, lite-pornography and racist jokes.

You’re embarrassed already, moving quickly to attempt to redact what is already in the public domain is futile.

Instead, we recommend that you focus on investigating the extent of the damage caused, and sanitizing infected and compromised systems with security which has a chance of preventing a repeat attack.

If you think they’re done, you’re mistaken. If you think that because your agency was not included in this wave of attacks, you are similarly and dangerously mistaken. The number of compromised credentials is still unknown; as is the number of compromised systems. Last night the Texas Police Chiefs Association website was re-attacked, because those “fixing” the defacement merely replaced the defaced files, leaving the compromise on the server in place.



Related:



Connect: Have a thought or feedback about this? Add your comment now
print share
 
Author Thumb

Nick Selby and Dave HendersonNick Selby and Dave Henderson serve at a Texas agency and run CSGAnalysis.com and policeledintelligence.com. In 2005, Selby founded the enterprise security practice at industry analyst firm The 451 Group, where he served as VP of Research Operations. He was sworn as a police officer in 2010. Henderson is a police sergeant with 15 years of law enforcement experience, who has served as detective, warrant officer, motor officer and law enforcement instructor.

BROWSE FULL BIO & ARTICLES >

What's Your Take? Comment Now ...

 

 

Articles

What's the Agenda in Ferguson?

No matter what the police say, do, prove or don’t prove, all of it will be viewed with skepticism, derision and disbelief by many who don’t want inconvenient facts to cloud their preconceived judgment in this case... More >

 

Law Officer Survey

LEOs & Drug Policy

The results are in. More than 11,000 sworn LEOs took time out of their busy schedules to tell us what they think about America’s fast-changing drug policy.
More >

 

Get LawOfficer in Your Inbox

Terms of Service Privacy Policy