AntiSec hackers expose data from 74 sheriff's offices
- By Kevin McCaney
- Aug 08, 2011
The hacker group Anonymous exploited a weakness in a third-party provider’s website and collected and released 10G of data from more than 70 mostly rural sheriff’s departments, according to a number of reports.
Much of the exposed information appeared to be routine, but the data did include e-mail messages and confidential information from informants, as well as passwords, Social Security numbers and credit card numbers, IDG News Service reported.
The hack was carried out as part of the AntiSec hacking campaign, announced in June as a joint effort of Anonymous and the since disbanded Lulz Security to attack and release information from government websites.
LulzSec, Anonymous declare war on government websites
FBI arrests alleged anonymous members, but hacks continue
The stolen data came from 76 websites in 11 states, the Register reported. Most of it came from sheriffs' offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi, according to the Associated Press.
The release of the data, on Aug. 6, was apparently in retaliation to recent arrests of alleged members of the two groups. In July, the FBI arrested 16 alleged members of Anonymous in connection with a hack of the Pay Pal website earlier this year.
In recent months, other members of Anonymous and LulzSec have been arrested in Great Britain, Turkey and Spain.
According to a statement from AntiSec posted Aug. 6, hackers exploited a weakness in servers at Brooks-Jeffrey, a Mountain Home, Ark., online marketing firm that hosted the sites.
"It took less than 24 hours to root BJM's server and copy all their data to our private servers," according to the group’s statement, IDG reported.
Anonymous and LulzSec have carried out a series of high-profile attacks on government websites this year, among them breaches of sites run by the CIA, U.S. Senate, NATO, the Brazilian government, Arizona law enforcement agencies and several large corporations.
In a statement posted Aug. 8 on an Anonymous Twitter account, AntiSec also claims a hack of the Syrian Defense Ministry website.
The group posted statements in Arabic and English, the English statement expressing support for Syrians, saying “the world stands with you against the brutal regime of Syrian President] Bashar Al-Assad,” the Washington Post reports.
Despite the illegal nature of the hacks — and the fact that releasing some law enforcement information could endanger police and informants — Anonymous’ wide-ranging strikes could be drawing some sympathy from the IT security community.
B.K. DeLong of ThreatPost, writing from the Black Hat and Defcon conferences in Law Vegas, contends that some corporate and government security pros at the conferences privately expressed a certain amount of support for Anonymous.
The reason, DeLong writes, is that they’re frustrated by an organizational emphasis on regulatory compliance, which dominates the focus of top-level executives while real security efforts go underfunded. A few of them might even be willing to quietly tip off hackers to their organization’s weaknesses to underscore the point.
And Robert McMillan of IDG News Service even offers three tips on how Anonymous can improve to better get its message across.
Kevin McCaney is a former editor of Defense Systems and GCN.