Texas LE Databases Hit by Hackers

This is a screenshot of the defaced Texas Chiefs' site.

Editor's note: For more great technology artilces by Nick Selby & Dave Henderson, please visit PoliceLedIntelligence.com, where this article was first published. 

On Sept. 1, 2011, a cache of some 3GB of data stolen from 28 current and former Texas Chiefs of Police was released on the Internet by people associated with the criminal hacking group known as Anonymous.

Among the data were personal details about the chiefs themselves, their credentials to a range of law enforcement and non-law enforcement systems and resources (from banking and income tax forms, online tax and financial records, pornography sites, and the uncensored contents of their personal and work email accounts.

We know that some of the victims made life incredibly easy for the criminals. For example, some passwords were stored in text files. Thus, when a bad email password was compromised, the hackers got a trove of accounts to play with.

It’s been said that each password recovered from among the 28 victims – the AP reports that one was a former Houston officer mistakenly identified by the hackers as a current Houston Lieutenant- was worked to death; under the reasonable and correct assumption on the part of the hackers that the paswords were being used repeatedly, it was simply a matter of testing out things like eBay and Amazon and adult sites, as well as plumbing the depths of the agencies’ internal systems.

We believe that these attacks – which like the other attacks on law enforcement throughout the country in the recent past – were preventable and damage could have been limited by basic protections of the sort taken for granted by those in industry and in state and certainly in federal government.

We’ve written at length about this - troubling to point out how serious are the consequences of failure to defend police networks, and will continue to work behind the scenes and publicly to educate law enforcement on the dangers of bad security – of which, in fact, all of us are guilty.

We’ve said before and will say again here: everyone is hackable, everyone has done stupid things. We don’t necessarily blame those victims for their bad security.

We do blame agencies which do not heed the warnings and lessons of these attacks.

As a guide, we recommend that the hacked agencies focus not on the highly embarrassing public release of personal email, lite-pornography and racist jokes.

You’re embarrassed already, moving quickly to attempt to redact what is already in the public domain is futile.

Instead, we recommend that you focus on investigating the extent of the damage caused, and sanitizing infected and compromised systems with security which has a chance of preventing a repeat attack.

If you think they’re done, you’re mistaken. If you think that because your agency was not included in this wave of attacks, you are similarly and dangerously mistaken. The number of compromised credentials is still unknown; as is the number of compromised systems. Last night the Texas Police Chiefs Association website was re-attacked, because those “fixing” the defacement merely replaced the defaced files, leaving the compromise on the server in place.


Law Enforcement vs. Google's Waze

Google’s traffic app draws concerns that would-be cop killers might use its features to find their victims

Social Media: Friend & Foe

The connection to our device has become so powerful that we have a difficult time unplugging.

Using Emojis as Evidence

Recent cases involving the text characters and pictures have been used to convict

CASE STUDY: 4 Departments Evaluate Mobile Data Computers Over 10 Years

In this photo taken Thursday, March 12, 2015, Seattle police officer Debra Pelich, right, wears a video camera on her eyeglasses as she talks with Alex Legesse before a small community gathering in Seattle. The camera is attached to a battery pack and controls on the officer's uniform. As police departments struggle with police body camera videos, the Seattle police, under the direction of new Chief Kathleen O'Toole, are voluntarily putting blurry, silent versions of the videos on YouTube, giving the curious a chance to see what they entail while also protecting the privacy of those depicted. (AP Photo/Elaine Thompson)

States Place Limits on Body Camera Videos

Legislators introduce bills limiting what can be recorded and what can be released.

On the Water

Cincinnati PD uses HD cameras to improve public safety along the Ohio River