DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Alabama and Texas law enforcement sites fall to hackers (updated)

Posted on February 9, 2012 by Dissent

Hackers who have previously targeted police department or law enforcement-related web sites have struck three more sites in the past few days – one in Texas and two in Alabama:

The Alabama Department of Public Safety (dps.alabama.gov) was hacked by @cabincr3w and w0rmer. Seven spreadsheets with information on sex offenders and limited information on the victims and the crimes, as well as a database listing offenders’ car make, model, and license plate number were all dumped on the Internet. Inspection of the spread sheets indicates that no names were dumped, but it might be possible to recognize particular cases of child sexual abuse or rape by the dates of the arrests and the description of the crime and victim’s age if a case had been reported in the media or occurred in a small town. Similarly, while offenders names were not included in the data dump, their vehicle information and license plate number were. It’s not clear whether the hackers also acquired other files or databases that would enable identification of what appear to be unique IDs. Their paste provides a list of tables they found.

(Update: in response to a query from this blog, they state that they did acquire such files but chose not to dump them:

@PogoWasRight @CabinCr3w Yeah but we arent gonna post that shit! We are exposing the flaw not the names of the innocent!
— FBI HaZ A File on ME (@Anonw0rmer) February 10, 2012

The hack was announced yesterday on Twitter. DPS’s web site has been offline since then.

In a second hack, announced today on Twitter, @CabinCr3w and w0rmer attacked the Texas Department of Public Safety (www.txdps.state.tx.us) although they didn’t dump any sensitive information. The Dallas Police Department and Texas Police Chiefs Association had previously been hacked.

In the third breach, the City of Mobile Police Department in Alabama’s web site was attacked by CabinCr3w, Kahuna, and w0rmer. In a statement accompanying a limited and redacted data dump, the hackers write:

We at the Cabin have been monitoring your recent racist legislation in an attempt to punish immigrants as criminals. The authorities in the state of Alabama are now able to question people suspected of being in the country illegally and hold them, and officials are able to check the immigration status of students in public schools. We will not idly stand by as this happens. You complain about immigrants costing the state money, however, you do not care about spending the same money to protect your own legal citizens. You say you have no money for immigrants but that’s because you are cutting money from programs everywhere including those which reduce crime. You will be feeding those funds into the soon to be too big to scale prison system. Cutting spending only shifts the cost from preparedness and healthy economy to more crime and suffering. Cutting spending does not cut cost.

[…]

We targeted your police and government servers, and as a result of this journey through the nether of your servers, we have stumbled across a treasure trove of data belonging to people in the state of Alabama. Unlike you, we are not criminals. We believe in protecting citizens’ personal data. Because of your police being lazy when it comes to data security, we have acquired the following information of over 46,000 citizens of the state of Alabama:

Full Legal Names
Social Security Numbers
License Plate Numbers
Date of Births
Phone Numbers
Addresses
Criminal Records

This was not our desire, or our goal. Your police administrators have made a terrible mistake and put the lives of Tens of Thousands of people in jeopardy. Because of the possible cost of lives and money to regular citizens, we are deleting this data and are seeking to make it known that you not only have shown zero regard for immigrants, but for the very citizens that live in the great state of Alabama.

One of the hackers, Kahuna, also pointed out that the department had failed to detect the breach, even days later:

Having access to tens of thousands of social security numbers in a police database still undetected days later #Pathetic #OpPiggyBank

— Kahuna (@ItsKahuna) February 9, 2012

Even if the Mobile Police Department has been busy and didn’t manage to notice that police departments are under cyberattack, why on earth were they storing so many SSNs without encryption?  Although I imagine that the people of Alabama will be more ticked off at the hackers than their own law enforcement, they really should be demanding answers as to why so much personal information was not adequately secured.

As of the time of this posting, the department does not appear to be aware that it has been hacked as the server is still online.  I sent them an inquiry asking for a response to the breach and will update this entry if I get a response.

Update 1: The Mobile PD was notified of the breach by DataBreaches.net via their contact form.  When there was no response and the site was still up hours later, this blogger called them to make sure they understood that they had been hacked and that the information remained vulnerable.

Update 2: As of Friday morning, their site is still online. I hope they have secured the vulnerable database, but have received no response from them to the email and phone notifications by this blog.

Update/Correction 3:  The city claims it was not the police department server that was hacked but the city webmaster’s server and that the database was from an amnesty program. They claim that all the data were public information.  Social Security Numbers?  Really?

Related posts:

  • Operation Anti Security Breakdown and targets, the full time line
  • Los Angeles Police Canine Association Hacked and Lots Of data leaked and police exposed by @CabinCr3w
  • Law enforcement targeted by hackers
Category: Breach IncidentsGovernment SectorHack

Post navigation

← Trading corporation of bangladesh hacked and defaced by Saadi and Hax.r00t
United Nations, UN.org Hacked and data dumped Again →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.