AntiSec hackers dump police files online
Anonymous-linked group steals information from US sheriff service
By Robert McMillan | Published: 10:40, 08 August 2011
The war between law enforcement and the Anonymous hacking collective continued this weekend, as hackers dumped a 10 gigabyte database that included private emails and information sent by confidential informants. Hackers say they stole information during an attack on more than 70 small town US law enforcement agencies.
The hackers, an Anonymous-affiliated group known as AntiSec, say that they hope to "embarrass, discredit and incriminate police officers across the US," in retaliation for ongoing arrests of Anonymous members.
AntiSec said that it had compromised servers at Brooks-Jeffrey, a company that runs a computer store and online marketing firm. Brooks-Jeffrey Marketing builds websites for sheriff's agencies throughout the southern United States.
"It took less than 24 hours to root BJM's server and copy all their data to our private servers," a statement purporting to be from AntiSec read. Brooks-Jeffrey could not immediately be reached for comment.
The hackers had already knocked many of the sheriffs' websites offline last week, but AntiSec later showed that it had gone beyond mere web defacement, by posting email messages, passwords, social security numbers, credit card numbers as well as messages from confidential informants.
In the US, the criminal investigation of Anonymous is being led by the national police bureau, the FBI. The sheriffs' sites appear to hit simply because they are part of the law enforcement community, and because a security flaw at Brooks-Jeffrey made them an easy target for the hackers.
Hackers will often hit third party service providers as a stepping stone toward more sensitive targets. Earlier this year, online marketer Epsilon Data Management was compromised, forcing dozens of companies to warn millions of customers that their email addresses had been stolen.
Many of the defaced sheriffs' websites had been restored by Sunday morning. The victims include sheriffs in Arkansas, Mississippi, and Missouri.
The hackers claim to have obtained passwords, contact information and social security numbers from the Missouri Sheriffs' Association's website, which remained offline Sunday.