back to article Anonymous and LulzSec spew out largest ever police data dump

Hacktivists have released a huge cache of stolen data from US law enforcement agencies as revenge for the arrest of alleged members of LulzSec and Anonymous. The 10GB data dump covered personal information, email addresses, social security numbers, and credit card details swiped from an online sheriff's store. The batch also …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward 101
    Windows

    What a cock-like thing to do:

    "Meanwhile, in response to threats from the government of Ecuador, Anonymous releases personal data (names, ID numbers, dates of birth etc) on 45,000 local police officers."

    1. Anonymous Coward
      Pirate

      Couldn't agree more

      So now the drug cartels have a cheat-sheet on who exactly to bribe/intimidate/kill as they ramp up operations there. Of course, they may have had that already.

  2. Edwin
    Mushroom

    Hacktivists?

    I think the term 'hacktivist' lends an aura of respectability where it doesn't belong.

    While I don't agree with the ideas behind whole Wikileaks exposé, there at least was a certain defensible point in exposing things that had otherwise been covered up.

    What we are seeing now is nothing shy of digital terrorism by a bunch of anarchist script kiddies throwing a temper tantrum.

    Throw the book at 'em.

    1. DavCrav

      Seconded

      I also think it's time The Register stop calling them "hacktivists", or at least call them "self-styled hacktivists" or something; I would prefer something more descriptive, like "on-line thieves" or "criminals".

      1. Wize

        @Seconded

        That would involve the hacks here listening to their readers...

        1. Anonymous Coward
          Anonymous Coward

          @@Seconded

          Most of whom are idiots.

    2. Anonymous Coward
      Anonymous Coward

      Terrorist?

      Do not forget that agencies and corporations do not think twice about revealing your information so they can make a profit or serve their political needs, so Anonymous doing that onto them is simplay a case of turn about is fair play.

      Do you really believe them to be terrorist? Anonymous does not use violence in any way. They do not threaten children, they only respond upon those that have attacked your rights, and the response is always peaceful.

      I think you need to think about that term a little more before pinning it on somebody.

      1. Anonymous Coward
        Facepalm

        Seriously?

        @AC 18:40, again, you don't get it. The only people who are going to suffer are the people using the services of the corporations getting hacked, whose personal info is now released to the black market for people to exploit. Those people did nothing wrong, and do not deserve being at risk to have their bank accounts emptied and credit ruined, at best. There are other ways for them to make a point, and if they take the high road and leave people out of it, I have no problem, and they're probably right.

        And seriously, Someone Else? Rosa Parks? You're seriously comparing them to Rosa Parks? She improved the lives of millions of oppressed people by sitting on a bus. Lulz is ruining thousands of lives, hiding behind the internet. Period. Please reassess your definitions of right and wrong.

  3. Joe K
    FAIL

    Security fails

    Is there a reason WHY all this info is on a internet-facing computer, or was it all on some mugs desktop?

    These idiots do highlight one thing, if it absolutely does not need to be constantly Internet-accessible, keep it off a fucking internet connected computer!

    Even if they need to shift officers records around, VPN that shit.

    1. Solomon Grundy

      Marketing Company

      Most of the data was stored by a 3rd party marketing company. Presumably so the departments could access it at any time without running their own servers. Not sure why a marketing company would have that info though...

      The marketing company seems to be the one at fault (for the U.S. departments anyway).

    2. Matt Bryant Silver badge
      Boffin

      RE: Security fails

      "Is there a reason WHY all this info is on a internet-facing computer...." You need to direct that question to the beancounters. Usually, 90% of responsibility for security issues belongs to beancounters that say things like "We don't need UNIX, it's too expensive", or "We don't need to hire real security professionals, those graduates are much cheaper". I'm betting is what will have happened is some group of police beancounters will have got together, without any representation from anyone with a clue about IT, and decided that outsourcing their personnel system and records to a third-party "is a good idea that will save money". If you keep your personnel and records inhouse, you can make it a closed system with no Internet access. Problem is any such outsourced solution cannot be closed off as it needs an access point for the customers (the police forces in this case) to login to access their data. Any form of gateway to the solution is potentially a security hole (you listening, cloud fanbois?). Even a VPN is only as strong as the passwords and certificates used.

      If you need non-IT-literate people (like your average human resources administrator) to use the solution then their password and username choices are going to be weak at best, especially if the service-provider doesn't enforce strong password techniques. I'm betting the Anonyputzs did nothing more 1337 than download a password brute-force tool to use on some officer's gmail account, then tried the same username and password on the third-party database. Or the third-party's web-facing servers were just as poorly secured that retrying common paswords got them in.

      So, the Anonyputzs are not "hackers", they just used downloaded toolz and took advantage of poorly-educated luser behaviour. They are also criminals again, especially if they exposed informant data. If any of those informants is murdered as a result then I really hope they charge the Anons they catch with at least manslaughter.

    3. Someone Else Silver badge
      FAIL

      The question I'd like answered is...

      ...why anyone, especially a police officer who should know better, would give his/her SSN to a web-based store. No amount of discount for someone "on the job" would be worth surrendering up that vital piece of info to a profit-based company whose apparent response to the concept of internet security is, "Yeah, I've heard of it".

      1. Matt Bryant Silver badge
        Boffin

        RE: The question I'd like answered is...

        ".....why anyone, especially a police officer who should know better, would give his/her SSN to a web-based store....." Sometimes you don't have a choice, the beancounters or HR make the decision and your data gets outsourced to a third-party. This is happening more and more, even with big corporations, as they seek to cut costs by outsourcing their HR, pensions, etc, to companies that offer such administration as a service. Even should you change companies, that previous employer has to hold information on you, and that will usually stay at that same thrid-party. It's also happening in the UK with local councils outsourcing stuff that used to be done internally to outside companies, some of them in totally different countries. Usually, the driver is cost-cutting by the beancounters. Should that third-party service provider prove to have security made of marshmellow then you are screwed without having had any say in the matter.

  4. Rainer
    Thumb Up

    I have no problem with this

    Even if my data was involved.

    The bad guys ("shady rat") have been doing this in secret and for money for a very long time - but nobody likes to talk about it, claiming security where it never really existed.

    At last, there's somebody exposing this security-theater.

    Bravo.

    1. Shifty
      Thumb Down

      It's perfectly possible...

      to expose this 'security-theater' without posting the SSN's of police officers and otherwise uninvolved individuals.

      1. Anonymous Coward
        Thumb Down

        @I have no problem with this....

        Even though real people may die?

  5. Winkypop Silver badge
    Facepalm

    "anarchist script kiddies throwing a temper tantrum"

    We need a 'cry-baby' emote for these dolts.

    1. richard 7

      Now I'm not usually one to jump in on one side or the other but.....

      Realsing informant data is supremely stupid, selfish and dangerous, way to go, you guys have probobly actually just killed at least one person.

      1. Steve Brooks

        why?

        Fact is, the information doesn't appear particularly hard to get a hold of, anyone who seriously wanted it probably already has it. They would have gone in, stolen it, pulled out the information they wanted and thrown the rest away, meanwhile keeping it all hush hush so the next time they wanted some info they could pop in the same way. The only people who didn't have access to the info was people who didn't really care....umm....us!

        These guys have done a favour for a lot of people by exposing just how easy it is to get information. May be it will be better safeguarded next time so anyone with an ounce of brains a few spare minutes couldn't pop in and grab whatever they want.

        1. Anonymous Coward
          FAIL

          Not hard for you perhaps...

          You assume that possible violent or likewise people have the same talents as you do. This is just more self-justification, and its lame IMO.

      2. Winkypop Silver badge
        WTF?

        I'm calling the script kiddies the dolts

        Not the poster.

      3. 5.antiago
        Flame

        Stupid down-votes, again

        @Richard7

        Sad that your comment has got 2 down-votes, it really shouldn't. Releasing information on informants is indefensible. It's significantly different from releasing information on police officers; the majority of informants are everyday members of the public, like old ladies on council estates.

        Trying to justify how they may be safer in the long run if they are put in immediate danger now doesn't quite work for me.

        @Steve Brooks

        Massive critical thinking fail from you. Basically, you've based your estimation of the skills of other people on an analysis of your own, then added in some massive assumptions about their probable behaviour based on this.

        "Fact is, the information doesn't appear particularly hard to get a hold of"

        Depends if you are an extremely computer literate criminal. Perhaps that is an area to study, whether levels of computer literacy within the criminal world are significantly higher than in the general populace...

        I'll hazard a guess that the vast majority of criminals do not have the skills to hack into anything. But I bet a lot of them are capable of downloading a list of addresses, going to the house and throwing bricks through a window.

        "These guys have done a favour for a lot of people by exposing just how easy it is to get information"

        No, they really haven't. I would have preferred to learn about the failings of our law enforcement in a way that didn't put innocent people in danger, or utterly undermine relations with police and normal people.

        There are clearly real problems to fix - I think we should try and fix them in a way that doesn't break a load of other stuff at the same time

        1. Daniel 4

          @5.antiago

          "Sad that your comment has got 2 down-votes, it really shouldn't. Releasing information on informants is indefensible. It's significantly different from releasing information on police officers; the majority of informants are everyday members of the public, like old ladies on council estates."

          Really? I'm not going to download this 10g of data and try to mine it to confirm my suspicions (for one thing, I am not so confident in the anonymity of the internet as Anon seems to be), but I suspect that most "informants" are criminals themselves who sold out their mates. I have... minimal sympathies. It would be unfortunate if retribution were taken against them, but we aren't talking about "old ladies on council estates." They fall under a different class all together. They're also usually less likely to be vindictively hunted down by the multiple felon who was sold out by one of his own.

          Along the same lines, after I thought about it for a while (and I thought about this for some time, I must say) I can honestly say that I don't see a great increase in danger to at least U.S. police (Arizona, Missouri, etc.) from this data leak. I've lived in multiple locations in the U.S., including Missouri, and every single time could tell you where the local cop(s) lived, usually along with their names. The police may not publish a directory, but their home addresses are an open secret. Now, are they at greater risk for all sorts of mischief now that their social security numbers are dumped all over the net? Of course! But that's a FAR cry as claiming that their lives have been endangered.

          So, my final conclusion is that while I can't really condone this action, I find the wave of condemnation to be greatly overblown.

          -d

          ... now I wait for my own wave of downvotes. *sigh* ;)

          1. MarkieMark1
            Holmes

            could tell you where the local cop/s lived

            In Miami, to the best of my knowledge, you recognize the police officers' houses as there is a police vehicle parked in front of them at night-time – unless they're working nights

            The safest system is one where there is generally mutual respect – luckily mostly the case nowadays – it avoids the kind of bottled-up hostility that causes riots

          2. Anonymous Coward
            Anonymous Coward

            @Daniel 4

            "but I suspect that most "informants" are criminals themselves who sold out their mates. I have... minimal sympathies"

            You can judge a society (or a person) by how they treat criminals, and the vulnerable. 'nuff said.

          3. 5.antiago

            @ Daniel 4

            "Really? I'm not going to download this 10g of data and try to mine it to confirm my suspicions..."

            It'd be difficult, certainly. You'd hope they have a column somewhere in the data where it says 'Criminal' or 'Innocent' :-D

            "...but I suspect that most "informants" are criminals themselves who sold out their mates."

            Check this out: http://www.drtomoconnor.com/3220/3220lect02c.htm. It's an interesting source of information on who constitutes an informant and the ways you could segment them. Turns out it's not so simple as 'Criminal' or 'Innocent'.

            The best quote from my perspective is: "Cultivated sources typically include people doing business around an area where criminals conduct their business. Examples include taxi drivers, hotel employees, airline employees, automobile salespeople, doormen, gun dealers, bartenders, private investigators, apartment managers, package delivery employees, and proprietors or employees of restaurants"

            My opinion on this depends a little on how much of the 10gb is made up of these kinds of people

            Oh, and if you can find other or better sources of info on the topic, please share them.

            "I have... minimal sympathies. It would be unfortunate if retribution were taken against them, but we aren't talking about "old ladies on council estates." They fall under a different class all together. They're also usually less likely to be vindictively hunted down by the multiple felon who was sold out by one of his own."

            There's a little bit too much "guilty of something once, guilty of everything always" vibe in this idea for me, and even then it doesn't justify condoning violence against them since the act of informing is usually for a greater good, isn't it?

            "<snip stuff about cops being accessible already> Of course! But that's a FAR cry as claiming that their lives have been endangered."

            There's something in that, of course. I'm specifically separating the value in publishing informants' details versus police officers' details.

            "... now I wait for my own wave of downvotes. *sigh* ;)"

            Just wait til you comment on an environmental story on here. Jeeeee-sus!

  6. yossarianuk
    Thumb Up

    Well done anon for Syrian hack !

    You have to give credit for hacking the Syrian Ministry of Defense website...

    It encouraged the military to revolt against orders to kill their own citizens .

    I don't thing the other things they have been doing over the weekend are morally correct but for the Syrian hack at least they are doing 'something' and letting the people of Syria that they have support .

    Anyone who says negatively of that event - I ask you : -

    "What have you done to help?"

  7. Rob 59
    Facepalm

    data on informants

    Nice one numpties, now you'll probably get people killed.

    1. multipharious

      Exactly...

      Do they have the stomach for knowing their disclosure will likely result in some very painful deaths?

      If they don't care, then perhaps a different moniker that has nothing to do with the word "hacking" should be adopted.

  8. haveAnIceDay

    Qui sème le vent récolte la tempête

    As above.

  9. Anonymous Coward
    Anonymous Coward

    Terrorism Act

    If it happened in the UK this would fall under section 58A of the Terrorism Act ("A person commits an offence who elicits or attempts to elicit information about an individual who is or has been a constable which is of a kind likely to be useful to a person committing or preparing an act of terrorism, or publishes or communicates any such information").

    1. Anomalous Cowherd Silver badge

      Not saying much

      Everything falls under the Terrorism Act.

      http://photographernotaterrorist.org/tag/section-44/

    2. OG

      Vague law is Vague

      Simply asking an officer his badge number could be considered eliciting information useful to [insert bogeyman of choice here]. Section 58a is a joke, as is the law for the most part.

  10. Anonymous Coward
    Alert

    Questions

    Regardless or not whether this was an act of total stupidity on the "hackers'" part it does ask the question what the hell were the police doing keeping data that unsecured either themselves or using a "secure" service provider.

    Then we get to privacy questions: should all that data have been kept a) together and b) in a form where it can be read ... encryption possibly?

    Then we get to sociological questions about the data....how many people had access, were the system already compromised by "authorised" humans....?

    1. Matt Bryant Silver badge
      Boffin

      RE: Questions

      In answer to all your questions, I can guarantee the answer is "ask the beancounters".

      1. 5.antiago

        That ignores any kind of context

        --> I can guarantee the answer is "ask the beancounters" <---

        No, that's way too simplistic. If you really need to have all of this rolled into a jazzy little soundbite, then I suggest that we ask the beancounters "what did your boss tell you to do?"

        1. Matt Bryant Silver badge
          Happy

          RE: That ignores any kind of context

          You forgot that many bosses today are simply over-promoted beancounters.

          1. 5.antiago
            Thumb Up

            Perhaps...

            And the rest are just incompetent pricks :-D

  11. b166er

    Erm

    Isn't the whole point of LulzSec to expose how little consideration is being given to keep our private information secure?

    Either that, or one helluva conspiracy to share our private data with organisations who would otherwise have to go through due process.

    Mission accomplished.

    Either way, don't expect any privacy.

    I hope the relevant organisations are sued for failing to protect these sensitive data.

    To those who vehemently disagree with what LulzSec are doing, do you also agree that the security of your data should be treated with such contempt?

    1. FoolD
      Facepalm

      own goal ?

      A lot of people would agree that organisations (esp gov) keeping too much data is bad - especially as they've shown time and time again they can't secure it.

      However being dumb enough to endanger peoples lives by releasing such sensitive data both loses the sympathy of the public and gives the authorities 101 reasons to crack down on everyone using the internet - not just hackers.

      Hacking the systems to release the data highlights the lack of security but even if the data collectors learn from this and secure the data better it means they will get better at hiding how much data they collect too.

      If the aim was to protect privacy and keep data secure wouldn't it be better to persuade organisations not to collect / store the data in the 1st place ? Many people have pointed out that data is often kept at the behest beancounters - because it is profitable to.

      There are surely better ways of making it less profitable to store data than releasing it...

    2. Anonymous Coward
      FAIL

      Do no evil...

      You have a point here, absolutely. But I'm not sure what I would like better...

      Living in a world were people can show respect for companies / agencies who don't have their security up top notch (I like to translate this to knowing that your neighbor never looks his backdoor and respect that by not even considering to enter his house while he's gone for shopping).

      And instead of putting all his furniture down at the street you could also tell him a few times that it may not be a very good idea to leave his door open because there are people around who have bad intentions.

      At the very least you can use some common sense.

      vs.

      A world where we all keep attacking and hacking at companies and other agencies because well; if they're the government or a multinational they'd better invest on security because they're big and can, and therefor should. Of course where the money comes from is something unimportant here; its about security and the need to keep that top notch. And if you don't you're a loser.

      Would I want to live in a house where I need to keep my backdoor not only locked but also boarded up at night because if I don't I can be sure that people will simply come in and take my stuff away? Worse yet: will simply blame /me/ for not having locked my doors as good as I could have?

      Ha ha ha, I used a simply bolt lock. What a moron I am; don't I know that the latest electronic cyberlock which laser-shields your entire premises is /the/ way to go? Who cares about further details, what a moron!

      As said you have a point, but its a little easy to put the whole weight onto the shoulders of companies and governments. For example: what have these guys done to try and help these environments out with their lacking security issues /before/ they went on their rampant spree?

      I think I know the answer to that myself....

      That's probably "different".

    3. Matt Bryant Silver badge
      FAIL

      RE: Erm

      You could demonstrate the porosity of the security without endangering people or exposing their data. It's called redaction - look it up. The obvious truth is the Anons wanted to "hurt" the police as they see themselves at war with them.

  12. jake Silver badge

    One wonders ...

    If these are the same idiots who brought their Mum's knickers to the junior high school locker-room for show & tell ...

  13. Anonymous Coward
    Anonymous Coward

    Hacking is still a crime

    Hacking is still a crime any way you slice it. Antisec is NOT doing the public any favor by disseminating personal information. In fact they are destroying many people's lives as a result of their crime. The more Antisec members who go to prison for their crimes, the better. There are proper ways to disclose security issues and this isn't one of them.

  14. Anonymous Coward
    Anonymous Coward

    equadorean police

    Have you ever seen them at work? As far as I've seen most are more dodgy than a 3 pound coin.

  15. Anonymous Coward
    Anonymous Coward

    Little sympathy

    They're Police.

    Some are honest, most are not.

    They fail to hold the rich and powerful to account and are mostly a stick in the hands of said rich and powerful with which to beat the poor when we get out of line.

    When they put on that uniform and behave like that they become legitimate targets for "hackers".

    1. Anonymous Coward
      Anonymous Coward

      Sounds like...

      ... you just got caught for speeding.

  16. BitBotherer
    Thumb Down

    @5.antiago

    In some communities ''the majority of informants are everyday members of the public, like old ladies on council estates.''

    In others they are traitors to their families and those very same communities and deserve everything they get.

    There fixed that for ya.

    1. 5.antiago
      Meh

      Yep, all fixed...

      So in your world, the very idea of turning evidence against family and community is much worse than whatever crime they were actually committing. Curiously hard-line opinion there...

      Of course, you're right that in some communities informants are seen as traitors (I'm thinking places like Belfast during more troubled times), but to conclude from that they "deserve everything they get" is deeply simplistic

  17. Chris 228

    Denial is not reality

    There are some folks in serious denial when it comes to hacking. They make prisons for folks who can't live within the laws of society.

  18. Anonymous Coward
    Happy

    The stupid leading the blind...

    First, good on them for Syria. Second, to those baffled over what was being said about it being "relatively easy" to obtain said information as a criminal...allow me to clarify for the mentally challenged:

    An underworld common thug can't get access to such things.

    Any profitable criminal however, can and does hire hackers to do this exact thing - on a regular basis. They know more than you would ever like to know. They keep tabs on informants - not to kill them off, but to feed them false information from time to time. Most informants are the low-level versions of double agents.

    Oh dear, cops have been revealed. Well, was it not "cops" who arrested these people's friends/associates? I suppose this would be considered retaliation. Not exactly what *I* would do, I'd go after the bigger fish in charge of the operations, but then, that's me, not Anonymous. Anon is an unruly mob. You cannot, in reality, direct a mob. You can guide them, but only if the masses wish to go in that direction in the first place.

    If I were in a position of authority, I know I would personally try to keep all my important information to myself - I would certainly never give it over to a 3rd party...even if it did save me some $$$.

    As for the informants - nobody who's anybody didn't already know. Now if they had revealed what officers were deep under cover and what their aliases were, then I'd say there's a problem.

    But to my knowledge they haven't, so what's the issue? They scared the hell out of some informants who thought they weren't known about? Big deal. So there will be a rush on informants wanting witness relocation protection.

    Sorry if this harms other people's ideas of right and wrong, but there is very little black and white in this world. Sadly, the white is a sullied gray and the black is more...charcoal, as it were.

  19. Paul McClure

    Maybe we should build a better internet

    Many of the targets deserve all the fame they are getting. That said an insecure internet isn't a benefit. The community of clever folk should design a better framework and implement some version. It wouldn't kill us if Microsoft, etc. close the 'security' back doors while we are at it.

    Not long ago Firefox allowed any widgets. Seeing the flaw in that plan, they test/filter widgets. Maybe web software test service could be cobbled for sites to verify that they meet some standard. Though setting standards will not protect against clever/government hackers it 's a start.

  20. Anonymous Coward
    WTF?

    Why...

    for hack's sake is a *marketing* firm hosting highly sensitive law enforcement data??

    Because of the excellent security track record of marketing firms?

  21. Christopher Key.
    Stop

    @Everyone Objecting

    Yes, they're breaking the law; yes their doing so may be endangering others.

    But: If a group of bored individuals can access such data for 'fun', then a group of people with something to gain can arrange access to it too, and probably without alerting anyone to the fact.

    Anything that gets organisations to look after their data a bit better is surely a good thing.

  22. Anonymous Coward
    Stop

    Syrian Website == smoking mirrors

    So the Syrian Defence ministry site was defaced. Bully for Anon/Lulz. Some poor old Syrian Admin get's a bollocking and has to spend his evening fixing his webserver.

    .....meanwhile in Missouri, an ex-con with a loaded gun is crawling through the undergrowth outside of a cop's house.

    Can't these people see what they are doing? Cops are *NOT* intrinsically bad. Sure, just like any other group of human beings there will be bad cops, but then there are bad fishmongers - you don't see them hacking the website of the National Federation of Fishmongers to release their names and addresses do you?

    For Christ's sake guys, grow up and stop putting people's lives at risk.

    <!--There now follows some childish comments and down-votes to demonstrate the level of immaturity of these people-->

  23. Anonymous Coward
    FAIL

    Did I read correctly that Anonymous leaked informant data?

    Wow! Not like leaking confidential informants who live in the criminal world could ever get someone beaten up, tortured or even killed.

    Nice going, Anonymous. If someone gets killed or disfigured because of your penis-measuring contest, then I suggest your sentence be getting locked in a cell wallpapered with the pictures of the dead or maimed for whatever time period pleases the court.

  24. Anonymous Coward
    Anonymous Coward

    Hacktivism

    http://en.wikipedia.org/wiki/Hacker_(programmer_subculture)#Hacktivism

    They are hacking with ideological motives, hence 'hacktivism'. Your not liking them doesn't change the essence of what it is.

    1. Matt Bryant Silver badge
      Stop

      REHacktivism

      They are also criminals, because their "hacktivist" operations are committing criminal acts.

      http://en.wikipedia.org/wiki/Criminal

      Oh, and please stop the male bovine manure that they are doing it "for the greater good" - they're just masturbating by keyboard.

  25. andy 45
    Alert

    Maybe they didnt read all 10gb of data

    Just a thought -- but would you bother to read all 10gb of data?

    That's a lot of reading

This topic is closed for new posts.