DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Law enforcement targeted by hackers

Posted on February 4, 2012 by Dissent

There have been a number of  law enforcement-related web sites hacked since last June. Some of those hacks —  like those involving the Arizona Department of Public Safety, BART, International Association of Chiefs of Police, Boston Police Patrolmen’s Association, Baldwin County Sheriff’s office in Alabama,  Coalition of Law Enforcement and Retail (C.L.E.A.R.), the California Statewide Law Enforcement Association, and the New York State Association of Chiefs of Police  — have previously been noted on this blog. But there have been a new rash of such hacks this past week:

Police Department Hacks

One of the hacks this week involved the  Salt Lake City Police Department. I reported on that hack earlier this week.

In addition to SLCPD, the same group of hackers also attacked the Syracuse Police Department; 39 usernames and plain-text passwords were dumped on Pastebin.  Brian Skoloff and Denise Lavoie of Associated Press report that the individuals are those who have the ability to alter the web site. Connellan also stated that no private information about officers or citizens was accessed.   In a statement accompanying the data dump, the hackers, @CabinCr3w and @ItsKahuna on Twitter, indicate that the department was targeted because of its handling of allegations of sexual abuse by Bernie Fine:

Targets: Texas PD and Syracuse
Why: Insufficient effort
———-Evidence:
http://www.syracuse.com/news/index.ssf/2011/12/former_auburn_police_officer_n.html
http://usnews.msnbc.msn.com/_news/2011/11/29/9095160-syracuse-police-knew-of-sex-abuse-allegations-against-coach
http://fur.ly/0/Moreofthesame
Judgment: We must troll you

The Texas Police Association was also hacked, reportedly because of it provided paid leave to an officer who allegedly had child pornography on his computer. In the same data dump, the hackers write:

Dear Texas Police Dept,

Paid administrative leave should be reserved for injured cops, cops with pregnant wives, and cops who declare themselves conscientious objectors to a raid. Not a kiddie porn collecting cop. It looks as if Texas PD hasn’t improved since the cousin of the PD, the Texas Youth Commission was caught with rape rooms.

The data dump posted by the hackers included 787 police officers’ names, usernames, plain-text passwords, agencies and addresses; some of the addresses were reportedly home addresses. In response to the hack, Erwin Ballarta, Executive Director of the Texas Police Association, was quoted as saying,”This is very serious, not just from the standpoint of law enforcement, but for every private citizen out there as far as their privacy.”

Yesterday, one of the hackers involved let the TPA know that they still had not adequately secured their site:

 Texas Police Association, Just So You Know We Still Have Full Access To Your Shit. #OpPiggyBank #CabinCr3w

— Kahuna (@ItsKahuna) February 4, 2012

The reasons behind the defacement of the City of Newark and Newark Police Department sites was not as clear in terms of specific impetus, while the defacement of the Boston Police Department news site (BPDnews.com) indicates a continuation of animosity over the treatment of protesters in the Occupy Boston movement.

Hackers also released an audio file of a conference call between the FBI and Scotland Yard in which the participants discussed Anonymous-related prosecutions. The call reportedly took place on January 17.  How the hackers obtained the file is a matter of significant interest. Were they actually on the call or intercepting it, or did they somehow acquire a copy of the audio file that someone had downloaded? They  published an e-mail they had obtained that provided the date, time and password needed to access the call, raising the tantalizing question as to whether they were on the call.  The FBI is investigating the incident.

Lawyers

Police departments were not the only law enforcement-related sites hit this week in the U.S. The law firm of Puckett & Faraj was also attacked over the Haditha killings of civilians. This week, the Marine who was the leader, cut a deal that left essentially means no one has been tried for murder.  In a tweet concerning the hack, @Anon_Central announced:

ANONYMOUS HACKS PUCKETT & FARAJ – 3GB OF PRIVATE EMAILS DETAILING SSGT FRANK WUTERICH WHO MURDERED DOZENS OF UNARMED IRAQI CIVILIANS

— Anonymous Operations (@Anon_Central) February 3, 2012

Another lawyer, Vale Krenik, was also attacked, and numerous documents from his files were also dumped publicly. In a statement accompanying the data release, @CabinCr3w, @Doxcak3 and @itsKahuna write, “We have taken notice to your blatant disrespect for your title as a lawyer, you have abused your power as a lawyer and used it for anything but good. … again when cries arent heard Anonymous steps in.”

Non-U.S. Hacks

The hacks are not confined to U.S. agencies. In the U.K., www.police.co.uk was hacked by @just_network,  who dumped 17 names, usernames, and plain-text passwords for members of the Grampian Police on Pastebin.  In response to a query by this blogger as to whether other police department subdomains of that site had also been hacked, @just_network replied, “Yes, I did. :),” but offered no explanation as to why he or she had dumped the Grampian data. Nor did @just_network respond to a query as to whether other departments’ personnel information would be dumped.

And in Greece, the Ministry of Justice took its site down after hackers defaced it with a video.

Comment: 

Frankly, the hackers are making law enforcement look foolish and/or incompetent in terms of their web site security.  Although many of these hacks have not resulted in public dumping of personal information, some have, and even those that haven’t have resulted in personal information being in the hands of  others.  Those who suggest the hackers are bluffing when they claim to have acquired data are needlessly increasing the risk that personal data will be exposed on the Internet.  In the case of the SLCPD, such suggestions are also disingenuous because this blog notified the SLCPD earlier in the day that the hackers had announced that they had deleted all the data after it was suggested to them by this blogger.

All law enforcement agencies have been aware that they are being targeted since last year.  Isn’t it time for them to do a better job of securing their sites? Although it’s commendable that in many cases, these public-facing servers do not provide access to the departments’ more sensitive files, can any citizen feel safe proving crime tips through a web site if the departments cannot really protect the privacy and security of the submitter’s data?

Image credit: © Jakub Jirsák | Dreamstime.com

 

Category: Breach IncidentsGovernment SectorHackOf Note

Post navigation

← UK: Cumbrian Hospitals Trust opens investigation after patients' details 'left on train'
More breaches caused by staff than hackers →

1 thought on “Law enforcement targeted by hackers”

  1. virginia lawyer says:
    February 6, 2012 at 1:39 am

    this was such a bad incident i have heard in 2012. no doubt hackers have been involved in many big incidents including international news and their role is improving day by day inspite of cyber crime control. there should be some secure way to to handle government projects and major industrial websites and other businesses.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.