What a cock-like thing to do:
"Meanwhile, in response to threats from the government of Ecuador, Anonymous releases personal data (names, ID numbers, dates of birth etc) on 45,000 local police officers."
Hacktivists have released a huge cache of stolen data from US law enforcement agencies as revenge for the arrest of alleged members of LulzSec and Anonymous. The 10GB data dump covered personal information, email addresses, social security numbers, and credit card details swiped from an online sheriff's store. The batch also …
I think the term 'hacktivist' lends an aura of respectability where it doesn't belong.
While I don't agree with the ideas behind whole Wikileaks exposé, there at least was a certain defensible point in exposing things that had otherwise been covered up.
What we are seeing now is nothing shy of digital terrorism by a bunch of anarchist script kiddies throwing a temper tantrum.
Throw the book at 'em.
Do not forget that agencies and corporations do not think twice about revealing your information so they can make a profit or serve their political needs, so Anonymous doing that onto them is simplay a case of turn about is fair play.
Do you really believe them to be terrorist? Anonymous does not use violence in any way. They do not threaten children, they only respond upon those that have attacked your rights, and the response is always peaceful.
I think you need to think about that term a little more before pinning it on somebody.
@AC 18:40, again, you don't get it. The only people who are going to suffer are the people using the services of the corporations getting hacked, whose personal info is now released to the black market for people to exploit. Those people did nothing wrong, and do not deserve being at risk to have their bank accounts emptied and credit ruined, at best. There are other ways for them to make a point, and if they take the high road and leave people out of it, I have no problem, and they're probably right.
And seriously, Someone Else? Rosa Parks? You're seriously comparing them to Rosa Parks? She improved the lives of millions of oppressed people by sitting on a bus. Lulz is ruining thousands of lives, hiding behind the internet. Period. Please reassess your definitions of right and wrong.
Is there a reason WHY all this info is on a internet-facing computer, or was it all on some mugs desktop?
These idiots do highlight one thing, if it absolutely does not need to be constantly Internet-accessible, keep it off a fucking internet connected computer!
Even if they need to shift officers records around, VPN that shit.
Most of the data was stored by a 3rd party marketing company. Presumably so the departments could access it at any time without running their own servers. Not sure why a marketing company would have that info though...
The marketing company seems to be the one at fault (for the U.S. departments anyway).
"Is there a reason WHY all this info is on a internet-facing computer...." You need to direct that question to the beancounters. Usually, 90% of responsibility for security issues belongs to beancounters that say things like "We don't need UNIX, it's too expensive", or "We don't need to hire real security professionals, those graduates are much cheaper". I'm betting is what will have happened is some group of police beancounters will have got together, without any representation from anyone with a clue about IT, and decided that outsourcing their personnel system and records to a third-party "is a good idea that will save money". If you keep your personnel and records inhouse, you can make it a closed system with no Internet access. Problem is any such outsourced solution cannot be closed off as it needs an access point for the customers (the police forces in this case) to login to access their data. Any form of gateway to the solution is potentially a security hole (you listening, cloud fanbois?). Even a VPN is only as strong as the passwords and certificates used.
If you need non-IT-literate people (like your average human resources administrator) to use the solution then their password and username choices are going to be weak at best, especially if the service-provider doesn't enforce strong password techniques. I'm betting the Anonyputzs did nothing more 1337 than download a password brute-force tool to use on some officer's gmail account, then tried the same username and password on the third-party database. Or the third-party's web-facing servers were just as poorly secured that retrying common paswords got them in.
So, the Anonyputzs are not "hackers", they just used downloaded toolz and took advantage of poorly-educated luser behaviour. They are also criminals again, especially if they exposed informant data. If any of those informants is murdered as a result then I really hope they charge the Anons they catch with at least manslaughter.
...why anyone, especially a police officer who should know better, would give his/her SSN to a web-based store. No amount of discount for someone "on the job" would be worth surrendering up that vital piece of info to a profit-based company whose apparent response to the concept of internet security is, "Yeah, I've heard of it".
".....why anyone, especially a police officer who should know better, would give his/her SSN to a web-based store....." Sometimes you don't have a choice, the beancounters or HR make the decision and your data gets outsourced to a third-party. This is happening more and more, even with big corporations, as they seek to cut costs by outsourcing their HR, pensions, etc, to companies that offer such administration as a service. Even should you change companies, that previous employer has to hold information on you, and that will usually stay at that same thrid-party. It's also happening in the UK with local councils outsourcing stuff that used to be done internally to outside companies, some of them in totally different countries. Usually, the driver is cost-cutting by the beancounters. Should that third-party service provider prove to have security made of marshmellow then you are screwed without having had any say in the matter.
Even if my data was involved.
The bad guys ("shady rat") have been doing this in secret and for money for a very long time - but nobody likes to talk about it, claiming security where it never really existed.
At last, there's somebody exposing this security-theater.
Bravo.
Fact is, the information doesn't appear particularly hard to get a hold of, anyone who seriously wanted it probably already has it. They would have gone in, stolen it, pulled out the information they wanted and thrown the rest away, meanwhile keeping it all hush hush so the next time they wanted some info they could pop in the same way. The only people who didn't have access to the info was people who didn't really care....umm....us!
These guys have done a favour for a lot of people by exposing just how easy it is to get information. May be it will be better safeguarded next time so anyone with an ounce of brains a few spare minutes couldn't pop in and grab whatever they want.
@Richard7
Sad that your comment has got 2 down-votes, it really shouldn't. Releasing information on informants is indefensible. It's significantly different from releasing information on police officers; the majority of informants are everyday members of the public, like old ladies on council estates.
Trying to justify how they may be safer in the long run if they are put in immediate danger now doesn't quite work for me.
@Steve Brooks
Massive critical thinking fail from you. Basically, you've based your estimation of the skills of other people on an analysis of your own, then added in some massive assumptions about their probable behaviour based on this.
"Fact is, the information doesn't appear particularly hard to get a hold of"
Depends if you are an extremely computer literate criminal. Perhaps that is an area to study, whether levels of computer literacy within the criminal world are significantly higher than in the general populace...
I'll hazard a guess that the vast majority of criminals do not have the skills to hack into anything. But I bet a lot of them are capable of downloading a list of addresses, going to the house and throwing bricks through a window.
"These guys have done a favour for a lot of people by exposing just how easy it is to get information"
No, they really haven't. I would have preferred to learn about the failings of our law enforcement in a way that didn't put innocent people in danger, or utterly undermine relations with police and normal people.
There are clearly real problems to fix - I think we should try and fix them in a way that doesn't break a load of other stuff at the same time
"Sad that your comment has got 2 down-votes, it really shouldn't. Releasing information on informants is indefensible. It's significantly different from releasing information on police officers; the majority of informants are everyday members of the public, like old ladies on council estates."
Really? I'm not going to download this 10g of data and try to mine it to confirm my suspicions (for one thing, I am not so confident in the anonymity of the internet as Anon seems to be), but I suspect that most "informants" are criminals themselves who sold out their mates. I have... minimal sympathies. It would be unfortunate if retribution were taken against them, but we aren't talking about "old ladies on council estates." They fall under a different class all together. They're also usually less likely to be vindictively hunted down by the multiple felon who was sold out by one of his own.
Along the same lines, after I thought about it for a while (and I thought about this for some time, I must say) I can honestly say that I don't see a great increase in danger to at least U.S. police (Arizona, Missouri, etc.) from this data leak. I've lived in multiple locations in the U.S., including Missouri, and every single time could tell you where the local cop(s) lived, usually along with their names. The police may not publish a directory, but their home addresses are an open secret. Now, are they at greater risk for all sorts of mischief now that their social security numbers are dumped all over the net? Of course! But that's a FAR cry as claiming that their lives have been endangered.
So, my final conclusion is that while I can't really condone this action, I find the wave of condemnation to be greatly overblown.
-d
... now I wait for my own wave of downvotes. *sigh* ;)
In Miami, to the best of my knowledge, you recognize the police officers' houses as there is a police vehicle parked in front of them at night-time – unless they're working nights
The safest system is one where there is generally mutual respect – luckily mostly the case nowadays – it avoids the kind of bottled-up hostility that causes riots
"Really? I'm not going to download this 10g of data and try to mine it to confirm my suspicions..."
It'd be difficult, certainly. You'd hope they have a column somewhere in the data where it says 'Criminal' or 'Innocent' :-D
"...but I suspect that most "informants" are criminals themselves who sold out their mates."
Check this out: http://www.drtomoconnor.com/3220/3220lect02c.htm. It's an interesting source of information on who constitutes an informant and the ways you could segment them. Turns out it's not so simple as 'Criminal' or 'Innocent'.
The best quote from my perspective is: "Cultivated sources typically include people doing business around an area where criminals conduct their business. Examples include taxi drivers, hotel employees, airline employees, automobile salespeople, doormen, gun dealers, bartenders, private investigators, apartment managers, package delivery employees, and proprietors or employees of restaurants"
My opinion on this depends a little on how much of the 10gb is made up of these kinds of people
Oh, and if you can find other or better sources of info on the topic, please share them.
"I have... minimal sympathies. It would be unfortunate if retribution were taken against them, but we aren't talking about "old ladies on council estates." They fall under a different class all together. They're also usually less likely to be vindictively hunted down by the multiple felon who was sold out by one of his own."
There's a little bit too much "guilty of something once, guilty of everything always" vibe in this idea for me, and even then it doesn't justify condoning violence against them since the act of informing is usually for a greater good, isn't it?
"<snip stuff about cops being accessible already> Of course! But that's a FAR cry as claiming that their lives have been endangered."
There's something in that, of course. I'm specifically separating the value in publishing informants' details versus police officers' details.
"... now I wait for my own wave of downvotes. *sigh* ;)"
Just wait til you comment on an environmental story on here. Jeeeee-sus!
You have to give credit for hacking the Syrian Ministry of Defense website...
It encouraged the military to revolt against orders to kill their own citizens .
I don't thing the other things they have been doing over the weekend are morally correct but for the Syrian hack at least they are doing 'something' and letting the people of Syria that they have support .
Anyone who says negatively of that event - I ask you : -
"What have you done to help?"
If it happened in the UK this would fall under section 58A of the Terrorism Act ("A person commits an offence who elicits or attempts to elicit information about an individual who is or has been a constable which is of a kind likely to be useful to a person committing or preparing an act of terrorism, or publishes or communicates any such information").
Regardless or not whether this was an act of total stupidity on the "hackers'" part it does ask the question what the hell were the police doing keeping data that unsecured either themselves or using a "secure" service provider.
Then we get to privacy questions: should all that data have been kept a) together and b) in a form where it can be read ... encryption possibly?
Then we get to sociological questions about the data....how many people had access, were the system already compromised by "authorised" humans....?
Isn't the whole point of LulzSec to expose how little consideration is being given to keep our private information secure?
Either that, or one helluva conspiracy to share our private data with organisations who would otherwise have to go through due process.
Mission accomplished.
Either way, don't expect any privacy.
I hope the relevant organisations are sued for failing to protect these sensitive data.
To those who vehemently disagree with what LulzSec are doing, do you also agree that the security of your data should be treated with such contempt?
A lot of people would agree that organisations (esp gov) keeping too much data is bad - especially as they've shown time and time again they can't secure it.
However being dumb enough to endanger peoples lives by releasing such sensitive data both loses the sympathy of the public and gives the authorities 101 reasons to crack down on everyone using the internet - not just hackers.
Hacking the systems to release the data highlights the lack of security but even if the data collectors learn from this and secure the data better it means they will get better at hiding how much data they collect too.
If the aim was to protect privacy and keep data secure wouldn't it be better to persuade organisations not to collect / store the data in the 1st place ? Many people have pointed out that data is often kept at the behest beancounters - because it is profitable to.
There are surely better ways of making it less profitable to store data than releasing it...
You have a point here, absolutely. But I'm not sure what I would like better...
Living in a world were people can show respect for companies / agencies who don't have their security up top notch (I like to translate this to knowing that your neighbor never looks his backdoor and respect that by not even considering to enter his house while he's gone for shopping).
And instead of putting all his furniture down at the street you could also tell him a few times that it may not be a very good idea to leave his door open because there are people around who have bad intentions.
At the very least you can use some common sense.
vs.
A world where we all keep attacking and hacking at companies and other agencies because well; if they're the government or a multinational they'd better invest on security because they're big and can, and therefor should. Of course where the money comes from is something unimportant here; its about security and the need to keep that top notch. And if you don't you're a loser.
Would I want to live in a house where I need to keep my backdoor not only locked but also boarded up at night because if I don't I can be sure that people will simply come in and take my stuff away? Worse yet: will simply blame /me/ for not having locked my doors as good as I could have?
Ha ha ha, I used a simply bolt lock. What a moron I am; don't I know that the latest electronic cyberlock which laser-shields your entire premises is /the/ way to go? Who cares about further details, what a moron!
As said you have a point, but its a little easy to put the whole weight onto the shoulders of companies and governments. For example: what have these guys done to try and help these environments out with their lacking security issues /before/ they went on their rampant spree?
I think I know the answer to that myself....
That's probably "different".
Hacking is still a crime any way you slice it. Antisec is NOT doing the public any favor by disseminating personal information. In fact they are destroying many people's lives as a result of their crime. The more Antisec members who go to prison for their crimes, the better. There are proper ways to disclose security issues and this isn't one of them.
They're Police.
Some are honest, most are not.
They fail to hold the rich and powerful to account and are mostly a stick in the hands of said rich and powerful with which to beat the poor when we get out of line.
When they put on that uniform and behave like that they become legitimate targets for "hackers".
So in your world, the very idea of turning evidence against family and community is much worse than whatever crime they were actually committing. Curiously hard-line opinion there...
Of course, you're right that in some communities informants are seen as traitors (I'm thinking places like Belfast during more troubled times), but to conclude from that they "deserve everything they get" is deeply simplistic
First, good on them for Syria. Second, to those baffled over what was being said about it being "relatively easy" to obtain said information as a criminal...allow me to clarify for the mentally challenged:
An underworld common thug can't get access to such things.
Any profitable criminal however, can and does hire hackers to do this exact thing - on a regular basis. They know more than you would ever like to know. They keep tabs on informants - not to kill them off, but to feed them false information from time to time. Most informants are the low-level versions of double agents.
Oh dear, cops have been revealed. Well, was it not "cops" who arrested these people's friends/associates? I suppose this would be considered retaliation. Not exactly what *I* would do, I'd go after the bigger fish in charge of the operations, but then, that's me, not Anonymous. Anon is an unruly mob. You cannot, in reality, direct a mob. You can guide them, but only if the masses wish to go in that direction in the first place.
If I were in a position of authority, I know I would personally try to keep all my important information to myself - I would certainly never give it over to a 3rd party...even if it did save me some $$$.
As for the informants - nobody who's anybody didn't already know. Now if they had revealed what officers were deep under cover and what their aliases were, then I'd say there's a problem.
But to my knowledge they haven't, so what's the issue? They scared the hell out of some informants who thought they weren't known about? Big deal. So there will be a rush on informants wanting witness relocation protection.
Sorry if this harms other people's ideas of right and wrong, but there is very little black and white in this world. Sadly, the white is a sullied gray and the black is more...charcoal, as it were.
Many of the targets deserve all the fame they are getting. That said an insecure internet isn't a benefit. The community of clever folk should design a better framework and implement some version. It wouldn't kill us if Microsoft, etc. close the 'security' back doors while we are at it.
Not long ago Firefox allowed any widgets. Seeing the flaw in that plan, they test/filter widgets. Maybe web software test service could be cobbled for sites to verify that they meet some standard. Though setting standards will not protect against clever/government hackers it 's a start.
Yes, they're breaking the law; yes their doing so may be endangering others.
But: If a group of bored individuals can access such data for 'fun', then a group of people with something to gain can arrange access to it too, and probably without alerting anyone to the fact.
Anything that gets organisations to look after their data a bit better is surely a good thing.
So the Syrian Defence ministry site was defaced. Bully for Anon/Lulz. Some poor old Syrian Admin get's a bollocking and has to spend his evening fixing his webserver.
.....meanwhile in Missouri, an ex-con with a loaded gun is crawling through the undergrowth outside of a cop's house.
Can't these people see what they are doing? Cops are *NOT* intrinsically bad. Sure, just like any other group of human beings there will be bad cops, but then there are bad fishmongers - you don't see them hacking the website of the National Federation of Fishmongers to release their names and addresses do you?
For Christ's sake guys, grow up and stop putting people's lives at risk.
<!--There now follows some childish comments and down-votes to demonstrate the level of immaturity of these people-->
Wow! Not like leaking confidential informants who live in the criminal world could ever get someone beaten up, tortured or even killed.
Nice going, Anonymous. If someone gets killed or disfigured because of your penis-measuring contest, then I suggest your sentence be getting locked in a cell wallpapered with the pictures of the dead or maimed for whatever time period pleases the court.