The war between law enforcement and the Anonymous hacking collective continued this weekend as hackers dumped a 10 gigabyte database that included private e-mails and information sent by confidential informants. Hackers say they stole information during an attack on more than 70 small-town law enforcement agencies.
The hackers, an Anonymous-affiliated group known as AntiSec, say that they hope to “embarrass, discredit and incriminate police officers across the US,” in retaliation for ongoing arrests of Anonymous members.
AntiSec said that it had compromised servers at Brooks-Jeffrey, a Mountain Home, Arkansas, company that runs a computer store and online marketing firm. Brooks-Jeffrey Marketing builds websites for sheriff’s agencies throughout the southern United States. “It took less than 24 hours to root BJM’s server and copy all their data to our private servers,” AntiSec said in a statement, posted Saturday.
Brooks-Jeffrey could not immediately be reached for comment.
The hackers had already knocked many of the sheriffs’ websites offline last week, but on Saturday AntiSec showed that it had gone beyond mere Web defacement, by posting e-mail messages, passwords, social security numbers, credit card numbers as well as messages from confidential informants.
In the U.S., the criminal investigation of Anonymous is being led by the U.S. Federal Bureau of Investigation. The sheriffs’ sites appear to hit simply because they are part of the law enforcement community and because a security flaw at Brooks-Jeffrey made them an easy target for the hackers.
Hackers will often hit third-party service providers as a stepping stone toward more sensitive targets. Earlier this year, online marketer Epsilon Data Management was compromised, forcing dozens of companies, including J.P. Morgan, Verizon, and TiVo, to warn millions of customers that their email addresses had been stolen.
Many of the defaced sheriffs’ websites had been restored by Sunday morning. The victims include sheriffs in Arkansas, Mississippi, and Missouri.
The hackers claim to have obtained passwords, contact information and social security numbers from the Missouri Sheriffs’ Association’s website, which remained offline Sunday.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com