Breach, Data Security, Network Security, Threat Management, Vulnerability Management

AntiSec hackers release cache of police data

Members of the AntiSec movement over the weekend released a cache of data belonging to law enforcement bodies across the United States in retaliation for recent hacking arrests.

The leak, dubbed “Shooting Sherifs Saturday,” contains more than 10 GB of stolen data belonging to sheriff's offices for mostly rural towns across the country, according to a statement the hackers posted Saturday to the file-sharing site Pastebin. The data dump includes private emails, passwords, addresses, Social Security numbers, credit card numbers, police training files, and information from informants.

The hack was part of a venture called Anti-Security, or AntiSec, which is led by the hacktivist groups Anonymous and LulzSec, and calls for hackers worldwide to expose sensitive data that reveals wrongdoing within governments and corporations.

The hacktivist collective said it carried out the attack in retaliation for the arrests of AntiSec sympathizers, including an 18-year-old nicknamed Topiary, who police allege is the unofficial spokesperson of LulzSec.

“We hope that not only will dropping this info demonstrate the inherently corrupt nature of law enforcement using their own words, as well as result in possibly humiliation, firings, and possible charges against several officers, but that it will also disrupt and sabotage their ability to communicate and terrorize communities,” AntiSec hackers wrote in their statement.

The information was obtained late last month during an attack on Brooks-Jeffrey Marketing, a Mountain Home, Ark.-based firm that hosts many Sheriffs' Association sites, the hackers said. More than 70 sites belonging to local sheriff's offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi, and several other states, were impacted by the attack.

“It took less than 24 hours to root [Brooks-Jeffrey's] server and copy all their data to our private servers,” the hackers said.

Brooks-Jeffrey Marketing did not respond to a request for comment made by SCMagazineUS.com on Monday.

Shortly after the initial attack, the hackers were able to compromise a replacement server and deface the affected domains. Many of the affected sites were unavailable over the weekend, though most appeared to be back online Monday. 

The hackers, meanwhile, also used stolen credit card details to make donations to the American Civil Liberties Union, Electronic Frontier Foundation, and the Bradley Manning Support Network, according to the statement.

Richard Mackey, vice president of consulting at SystemExperts, told SCMagazineUS.com on Monday that the hackers likely went after local law enforcement bodies to make the largest impact with the smallest amount of work. Such organizations probably don't consider themselves a prime target of hackers, and as a result, haven't implemented as robust security controls as larger law enforcement bodies.

“[Attackers] will look for relatively easy targets, ones they will be able to exploit right away rather than a high-profile organization that has invested substantial funds in security defenses,” Mackey said.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds