DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

EXCLUSIVE: One month later, some south Florida confidential records databases still not secured (UPDATED)

Posted on March 11, 2016 by Dissent

Almost one month after confidential records of thousands of south Florida law enforcement officials and judges was hacked and dumped online, some of the hacked databases are still not secured, the individual who claims to have hacked them tells DataBreaches.net.

Updated March 14: Dougan informs DataBreaches.net that the FBI just raided his house. More on this later. (here)

Original story:

On February 16, Jess Swanson of the Broward Palm Beach New Times broke the story of how a friend of a former Palm Beach Sheriff’s Office deputy, Mark Dougan, hacked a number of databases and dumped the data on PBSOTalk.com. The hack was reportedly in retaliation for how the sheriff’s office had retaliated against Dougan for his efforts to expose corruption in the department.

Dougan, who tells DataBreaches.net that problems escalated for him after he reported a fellow officer to Internal Affairs, eventually left the department, following what he alleges were numerous retaliatory acts against him. Some of the department’s alleged corruption and hacks of his accounts have been documented on a website he created, PBSOTalk.com, where he also describes his experiences working for the department. Dougan claims that despite repeated efforts on his part, no federal or state agency has agreed to investigate the wrong-doing and corruption in the department.

It was their alleged hacks of Dougan’s accounts, however, he claims, that led to him selling his web site to friends of his in Russia. Those friends, he say, are solely responsible for the hacks and data dumps. And they taunt the PBSO that the data dump will remain up and there’s nothing the PBSO or law enforcement in the U.S. can do about it, as they’re in Russia.  A whois lookup indicates that PBSOTalk.com is registered by Alexey Drobyshev, and hosted by Digital Ocean. The site is administered under the forum name “БадВолф” (“BadWolf” or “BadVolf”).

On February 13, in discussing the leak, he wrote, in part:

This list is brought to you courtesy of your Sheriff, Ric Bradshaw. And your Michael Gauger and Detective Kenneth Lewis. They wish to hack so there has been hacking of our own. Many kinds we cant tell you about but we can give you this little list. This list came from your government {the Palm Beach County Property Appraiser’s Office}. In this we were able to hack their database and give all (about 4,000) records confidential to public so their privacy is no more important as the people they hack.

To be clear, DataBreaches.net has not independently investigated any of the claims of corruption made by Dougan, nor any of the counterclaims and arguments made by others in the forum thread announcing the leak. What this site did attempt to verify, however, is the hacks themselves. And that’s when things took an interesting turn.

DataBreaches.net reached out to to inquire exactly what databases the data dump came from and to ask for more details. Badvolf offered to demonstrate that they still had access. The following is a screencap from Badvolf’s access to pbcgov.com, taken yesterday morning (Eastern time). It was redacted by him to hide the username for login, but shows the domain name. DataBreaches.net has redacted the names of the home owners from the confidential property records. Other screencaps in this article were also redacted by DataBreaches.net to protect the names of individuals and their titles or positions.  The unredacted screenshots revealed information on judges, police officers, and others in law enforcement.

Screenshot PBC
Screencap of data from unidentified table – pbcgov.com

Because the hackers still had access to pbcgov.com, DataBreaches.net attempted to notify the county through a contact form on their web site. Getting no response, four hours later, this blogger called their Information Systems department, eventually reaching Phil Davidson, Deputy Director of Information System Services for Palm Beach County.

When I explained why I was calling about the recent hack and to warn them that the hackers still had access, Davidson replied, “We don’t think that’s what happened.” I informed him that I could not reveal the method, but that I had proof of access taken hours earlier. He said they would look into it, and took my email address. I never heard back from him.

Today, Dougan informed me that he got a call from the FBI who would like to meet with him about the hacks. He informs me that he declined to meet them.

It is not only Palm Beach County’s server that is still unsecured, however, according to BadVolf, who claims to still have access to other counties’ or agencies’ servers.  To prove that point, he provided screenshots, taken today, from Miami-Dade, Broward, Duval, and Leon counties. The latter two domains are for the clerk of court. Data from Duval, he tells me, had been acquired – and they still have access to it – but they had not dumped it publicly.

DataBreaches.net called Miami-Dade, Broward, and the two Clerks of the Court to alert them that they still had vulnerable servers. A voicemail was left for Duval.

miami-dade_screencap
Screencap of data from identified table from portal.miamidade.gov
broward screenshot
Screencap of data from identified table from access.broward.org
duval_screencap
Screencap of data from identified table from duvalclerk.com
Screencap from clerk.leon.fl.us
Screencap of data from identified table from  clerk.leon.fl.us

So one month after they were hacked, the vulnerable servers of these agencies are still not secure. Worse, several of the people I spoke with did not know that they had been hacked in the first instance, erroneously thinking it was (just) the sheriff’s office that had been hacked or that it wasn’t their agency. Their confusion is somewhat understandable, as the original data dump simply named counties without being specific as to which agencies had been attacked.

“Tell them we give them sporting chance to find security flaw,” Badvolf told DataBreaches.net. “If they do this they will have diverted problem. It is like game. All of it. Our intentions not to destroy or else we could have wiped system.”

I doubt those whose confidential information has been exposed will view this as a game, and they may well be furious with these agencies that one month after the original hack was revealed, their data remain at risk of other attacks from the same or other individuals. But if the agencies didn’t realize that the data came from or through them, well, that may explain whey it hasn’t been secured already.

By all accounts, this was a retaliatory attack by someone who tells me, “You understand I am not hacker by trade yes? This is only to stop assault on great friend.” That may be so, but what if criminals with other motives were to access those servers? Or what if they were to find and use the data that has already been dumped? What then?

This was a dangerous leak, and if someone who isn’t a “hacker by trade” found it easy to acquire the data, the responsible parties really need to up their security.

Update: I received a photo, allegedly taken in Moscow. Mark Dougan is in a suit with a gold tie, and “BadVolf” is the young man on the right, waving.

20130718_234439_LLS

Dougan, noting my mention of Digital Ocean in the story, also called my attention to this article on how to hide a server.

Related posts:

  • DCLeaks was a conspiracy to get Trump elected, but wait until you hear these Russian hackers’ motivation!
  • Forbes Breach Email Statistics
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Arabic News site Durar Shamiya Hacked, 50,000 Accounts Leaked
Category: Breach IncidentsCommentaries and AnalysesGovernment SectorHackOf NoteU.S.

Post navigation

← Hacker picks 1-800-FLOWERS’ customers credit card info
Another intriguing development concerning Tiversa, Inc. →

2 thoughts on “EXCLUSIVE: One month later, some south Florida confidential records databases still not secured (UPDATED)”

  1. Justin Shafer says:
    March 11, 2016 at 4:34 pm

    Crazy!!! And that is a very educational article, thanks Dougan!

    1. J. Mark Dougan says:
      March 11, 2016 at 6:00 pm

      You are welcome, Justin! Feel free to read the rest of the site to learn how to safeguard computers, mobile devices, communications, etc.

      It is a shame it is necessary, but your government has made it a war against the citizens. It’s why I applaud Apple for taking a tough stance against the FBI!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Breaches have consequences (sometimes)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.