As noted New Year’s Eve, members of the #Anonymous #AntiSec collective welcomed 2012 by dumping data from law enforcement-related organizations on both coasts. I described the California Statewide Law Enforcement Association hack in a previous blog entry. Now let’s turn to the east coast, where the hackers dumped data reportedly from multiple organizations.
In their statement on the defaced home page of CSLE (since removed but mirrored elsewhere), the hackers write:
For our next owning we bring you multiple law enforcement targets in the state of New York, who has been on our crosshairs for some time due to their brutal repression of Occupy Wall Street. We also want to bring attention to the 1971 riots at Attica where in response to the murder of George Jackson, convicts took over the priso, demanding humane living conditions. It is in this same spirit of cross-country solidarity that we attacked police targets in NY.
We’re dropping the md5-hashed passwords and residential addresses for over 300 Police Chiefs in the state of New York. We are also sharing several private mail spools of a few NY police chiefs. While most of the contents of these emails involve boring day to day office work and blonde joke chain emails, there were also treasure troves of embarrassing personal information as well as several “For Official Use Only” and “Law Enforcement Sensitive” documents discussing police methods to combat protesters.
One of the files in the data dump is a passwords file with 340 first and last names, usernames, MD5 passwords (some decrypted), and e-mail addresses. A second file, addresses, contains 1,348 entries consisting of agency address, cell phone number, email addresses, first and last names with middle initials, phone numbers, rank, and residential addresses and phone numbers. And then there are the email spools.
One of the files appears to be from the New York State Association of Chiefs of Police, but there is no statement on their web site at this time acknowledging or referencing any hack and as of the time of this posting, they have not responded to an email inquiry sent yesterday asking them to confirm or deny whether either or both of the files mentioned above were from their server.
Nor is it clear where/how the email directories of specific police chiefs were obtained. I’m not sure why AntiSec thinks that exposing the e-mail of suburban police chiefs who had no involvement in Occupy Wall Street, Attica, or anything other than what seems like routine suburban law enforcement is justified or helpful.
Via Twitter, I’ve sought additional details/clarification on this data release, but so far, no information has been forthcoming, making this incident impossible to enter in DataLossDB with any real specificity other than “Unknown Organization” for the breached entity or entities.
If anyone can provide additional details that would enable correct attribution of the data, please use the comments section below, email me at [email protected], or DM me @pogowasright
Updated Jan 5: In a new file released today by Anonymous, they indicate that the hack was of nychiefs.org, which is the web site of the New York State Association of Chiefs of Police. NYSACOP never responded to the inquiry sent to them by this site asking them to confirm or deny that they experienced a breach. In their release today, Anonymous summarizes the hack as:
1. Mail spools for 10 NY Police Chiefs
2. Over 300 usernames and md5-hashed passwords for all NY Chiefs
3. Several “Law Enforcement Sensitive” and “For Official Use Only” documents