Thread: Computer hackers target AZ. DPS, against SB 1070

Computer hackers target Arizona DPS

by KTAR.com (June 23rd, 2011 @ 6:59pm

The group of computer hackers known as "LulzSec" released their latest data dump, taking on the Arizona DPS as a protest to SB 1070.

A press release from the group said, "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona."

LulzSec says this is just the start, as they plan on releasing more classified documents and personal details of military and law enforcement.

"Every week we plan on releasing more classified documents and embarassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust "war on drugs."

Calls to several Arizona law enforcement agencies have not been returned, but the Maricopa County Sheriff's Office said they were "investigating" the group's claims.

The attack seems to have caught law enforcement unawares, as MCSO said they were notified of the attack not by their computers, but by a message posted to Sheriff Joe Arpaio's Twitter account.

"They actually did post something on the Sheriff's Twitter page," MSCO spokesperson Joseph Rango said. "That's how we found out about it. I don't know if that's something they're trying to use to get their message across because of how many people are following the sheriff."

http://ktar.com/category/local-news-art ... er-Patrol/

They arrested a guy for spreading the "Anti-Sec Revolution" hackers message with graffiti at Mission Beach in San Diego. He is 16.

Operation Anti-Security: Mysterious serial graffiti reported ...
2 days ago
The crude stencil graffiti read "#ANtiSec", "The Anti-Sec Revolution" and "AntiSec!" along with a LulzSec Mascot. A “mysteriousâ€

LulzSec

Hackers claim release of classified DPS docs

Posted Jun 23, 2011, 5:02 pm
Dylan Smith TucsonSentinel.com

An anonymous group of computer hackers has released what it said is trove of secret data from the Arizona Department of Public Safety.

LulzSec, a international group known for breaking into high-security websites, said Thursday that it was releasing "hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement."

The group titled the 446-megabyte torrent "Chinga La Migra" (F**k the Border Patrol).

"We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona," a release from LulzSec said.

Many of the files leaked appear to be public information (see sidebar), including operations manuals, bulletins from other law enforcement agencies, and fliers for events.

The information contained in the release was confirmed as accurate by TucsonSentinel.com. DPS officials confirmed that their computer network has been broken into.

To verify their hacking, LulzSecs included in their release information on seven DPS employees, including names, home and cell phone numbers, and computer passwords. One password was "12345," according to the group.

From the release:

The documents classified as “law enforcement sensitiveâ€

RELATED

Hackers hit CIA site
http://www.alipac.us/ftopict-241043.html

Exclusive: Rival Hacker Group Racing Police to Expose LulzSec

By Jana Winter & Jeremy A. Kaplan
Published June 23, 2011
FoxNews.com

Lulz Security

The logo of the Lulz Security hacker organization, which has compromised the websites of numerous organizations in recent weeks.

From hacker to hackee.

The anonymous LulzSec group has made waves hacking everyone from media companies to the government. But a second hacker squad plans to take its followers out, one by one -- and give LulzSec a taste of its own medicine.

"We're here to show the world that they're nothing but a bunch of script kiddies," Hex0010, a 23-year-old member of TeaMp0isoN, said in an exclusive FoxNews.com interview.

TeaMp0isoN -- read, Team Poison -- is a group of professional hackers, publicly connected to the Palestinian-friendly "Mujahideen Hacking Unit" that defaced Facebook in December, and they're racing international police to pull back the sheets and expose LulzSec's identities.

Related Links LulzSec Hackers Take Down Brazil Government Websites CIA Hackers Just 'Schoolboys,' Security Expert Says Hackers Break Into US Senate Computers A Brief History of the LulzSec Hackers

The cops struck first when 19-year-old Ryan Cleary, widely rumored to be a member of LulzSec, was arrested Monday and charged Wednesday with several offenses by British police.

He won't be the last, Hex said.

Team Poison on Tuesday defaced the website for Sven Slootweg, a Swedish web designer living in the Netherlands, labeling him part of LulzSec.

Slootweg quickly and avidly denied the accusations. After reclaiming his site, he posted a note stating, "I am not a member of LulzSec (a statement I have made several times before in various places)."

Hex, who agreed to speak with FoxNews.com on condition that he not be named, said the next hacker to be exposed is a Californian. He refused to name names but plans to post that information sometime Thursday, along with IP addresses and chat room logs that confirm the person's affiliation with LulzSec.

Why the headbutting among hackers? Team Poison has been hacking for years and takes issue with the newcomers, who use push-button software packages to bring down websites from Sony and Sega to the FBI and the CIA.

Get some skills, Hex said.

"You think, 'I'm a bad-ass hacker because I can knock someone offline for a few minutes.' That's bull----. Come on," he scoffed.

LulzSec, which is affiliated with the notorious hacker group Anonymous, is not amused, Hex said.

"I've already got threats and death threats from [hacker group] Anonymous left and right," he said, before downplaying any risk to himself. And knocking him offline would be pointless, he said.

"Fine, I'm offline," he said. "I go somewhere and wait while my Internet comes back on. Doesn't affect me."

In Britain, the Metropolitan police have yet to explicitly connect Cleary with LulzSec, despite the arrest and the charges of computer hacking. And LulzSec has distanced itself from him, writing on its Twitter account, "Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame."

Hex insisted that Cleary is connected to the group, though his role is unclear.

"Depends on how you look at it," he told FoxNews.com. "You can say he's one of the people that ran it, you can say he's a middleman. Depends on how you look at it. I think he's a middleman."

Team Poison claims its actions are politically motivated, making them good guys -- sort of.

"We're a group that consists of political hackers," Hex told FoxNews.com. "A lot of people consider us being a religious type thing -- in reality it's not. When international governments are doing wrong and trying to hide from it, we're there."

Whether they are good guys depends on where you sit, of course. Hex claimed responsibility for hacking a number of government websites, the same crime Cleary is accused of. The group is also clearly connected with the Mujahideen Hacking Unit and the Pakistan Cyber Army -- groups known to be anti-U.S., anti-Israel and anti-India.

A 2010 Daily Beast article about Team Poison and TriCk, a teenage British leader of the group, alleged that the group of Palestinian, U.S. and United Arab Emirates hackers "wiped clean the pages of their Zionist opponents."

Are they really connected?

"It's complicated," Hex said, explaining that the hacks were part of a "cyberbattle" between a variety of hacking outfits, including PAX and ZHC, or Z-Company.

Then he returned his focus to his current target -- and his plans to reveal LulzSec identities.

"We're going to let them do what they do. Then we're going to do what we do," he told FoxNews.com. "We're going to hit them hard."

http://www.foxnews.com/scitech/2011/06/ ... e-lulzsec/

USATODAY

LulzSec hacks Ariz. state police computers

By Yvonne Wingett Sanchez, Matt Haldane and Shaun McKinnon, The Arizona Republic
Updated 20m ago |

PHOENIX — Computer experts are trying to determine how an international group of hackers broke into the Arizona Department of Public Safety's computers Thursday and downloaded and released hundreds of law-enforcement files.

The group Lulz Security, which has taken responsibility for breaching websites of the CIA and U.S. Senate and hacking into Sony computers, said in a bulletin that it targeted the the state police agency because LulzSec opposes Senate Bill 1070, a law the Arizona Legislature passed that widened law-enforcement officers' ability to apprehend illegal immigrants. The law is largely on hold pending a Supreme Court review.

The files, posted on LulzSec's website, include personal information about officers and numerous documents ranging from routine alerts from out-of-state police agencies to videos and photos about the hazards of police work and operations of drug gangs. The names of the files are as innocuous as "resume" and "evaluation form" and as provocative as "cartel leader threatens deadly force on U.S. police."

In its Web posting, the group said the files were primarily related to U.S. Border Patrol and counterterrorism operations. The hackers vowed to release more classified documents each week as a way to embarrass authorities and sabotage their work.

In London, a 19-year-old who may have ties to LulzSec was arrested Tuesday on suspicion of involvement with cyber attacks on Sony and the CIA website, according to The Associated Press.

Steve Harrison, a state police spokesman, confirmed late Thursday that the agency's system had been hacked earlier in the day.

Experts are working on closing the loopholes and have closed external access to the system.

Harrison said the release of officers' personal information is alarming. This information included the names of eight officers, their spouses' names, cell-phone numbers and addresses.

"When you put out personal information, you don't know what kind of people will respond," Harrison said, noting that another officer was attacked at his home Thursday morning in an unrelated incident.

The only breach that the agency identified so far has been that of email accounts, the passwords of which were also posted online. The agency suspects most, if not all, of the information released was obtained via what was available on those accounts.

Although LulzSec claims some of the files were labeled "not for public distribution," Harrison said. The agency did not believe any sensitive information that would compromise current investigations was leaked.

Many of the files reflect the mundane concerns of law enforcement. Others offer insight into efforts to keep pace with rapidly evolving technology and the ways criminals take advantage of it.

Some documents also relate to the agency's effort to address issues of alleged racial profiling, stemming from a 2001 lawsuit that it agreed to settle. As part of that agreement, state police have continued to allow a university research firm to collect data on its officers' traffic stops.

Other documents included an intelligence bulletin about the leader of a Mexican drug cartel, an advisory from the Arizona Counter Terrorism Intelligence Center and Highway Patrol operational plans for responding to border threats.

According to news reports, the anonymous computer-hacking group has taken responsibility for breaching websites of the CIA, the U.S. Senate, the Public Broadcast System and numerous video-game companies.

LulzSec posts its exploits on Twitter and, as of Thursday, claimed more than 261,200 followers.

Aaron Sandeen, the state's chief information officer, said a national cybersecurity agency that monitors state websites notified his office of a potential breach and the site was shut down immediately.

The agency's information system is separate from the rest of state government, he said. No other state agency websites have been compromised, he said.

On Thursday afternoon, LulzSec taunted Maricopa County Sheriff Joe Arpaio on his official account, saying, "Media? Heat? You?" The tweet included an expletive in Spanish aimed at the Border Patrol.

Sheriff's Deputy Chief Jack MacIntyre said the Sheriff's Office is taking "some countermeasures" with the agency's IT system.

"We will be cooperating with DPS to make sure that we minimize any possible impact," he said. Asked if the sheriff's computer systems had been compromised, MacIntyre responded, "We don't think so, we're looking at that."

—

(Contributing: Ronald J. Hansen, Sean Holstege and Mary K. Reinhart, The Arizona Republic.)

http://www.usatoday.com/tech/news/2011- ... cked_n.htm

Local TV 8 news says that someone took down the San Diego City site.
It may have been done because San Diego Police arrested a 16 year old guy for "Anti-Sec Revolution" graffiti sprayed around Mission Beach in San Diego.

City of San Diego's website may have been hacked

Posted: Jun 24, 2011 11:56 AM PDT Updated: Jun 24, 2011 12:10 PM PDT

SAN DIEGO (CBS 8) - The City of San Diego is on high alert Friday after word that its website may have been hacked.

The site went down Thursday. News 8 received an email warning of the attack in response to a story we aired earlier this week.

In this News 8 video story, Doug Kolk has more.
VIDEO @
http://www.cbs8.com/story/14972025/city ... een-hacked

Arizona DPS: LulzSec hacking started with officers' e-mails

Jun. 24, 2011 01:51 PM
The Arizona Republic

The Arizona Department of Public Safety said Friday that an international group of hackers appeared to have breached a vulnerable spot in its network by accessing the e-mail of seven of its officers stationed in "remote areas" of the state.

Those seven officers were part of a separate e-mail system that did not require users to update their passwords on a regular basis, nor require a more complex combination of capital and lowercase letters and numbers as their entry code.

"Because we have people stationed all over the state, not everyone is on the same password requirements," DPS spokesman Steve Harrison said Friday. "We were in the process of changing that system over already. Obviously, this will make us go a little faster."

The hacking group LulzSec, which has taken responsibility for breaching the websites of the CIA and the U.S. Senate, said in a bulletin Thursday afternoon that it targeted the DPS because it opposes Senate Bill 1070, a tough immigration law passed in 2010 by the Arizona Legislature. The law is largely on hold pending a review by the U.S. Supreme Court.

Harrison said the more than 700 DPS files, posted on the LulzSec website, appear to either be attachments to the e-mails themselves or stored on the hard drives of the computers the officers used to access their accounts.

"Obviously there are some training issues related to this," Harrison said of the simplistic passwords used by the hacked officers. "They need to use a little more robust system."

Harrison declined to discuss specifically what measures the department was taking to contain the breach and ensure it doesn't happen again. But he did say the department's information technology team immediately changed the officers' passwords after confirming the breach Thursday afternoon.

They also blocked external access to the DPS servers Thursday evening in response to the attack. The servers were brought online again shortly after noon Friday, he said.

The stolen DPS files include personal information about officers and numerous documents, ranging from routine alerts from out-of-state police agencies to videos and photos about the hazards of police work and operations of drug gangs.

DPS is handling both the internal investigation into the breach and the criminal investigation resulting from the hack, Harrison said. At this point, it appears that LulzSec violated both federal and state laws, and DPS anticipates bringing in the U.S. Federal Bureau of Investigation to help with the criminal probe.

"I anticipate we will ask for and receive assistance from the FBI," Harrison said. "I suspect this will be a joint investigation, and we will work to bring charges at both the state and federal level."

Manuel Johnson, a spokesman for the Phoenix FBI, said Friday that his office was aware of the attack, but he referred all questions to DPS.

It's not clear who would process the case, if a suspect is identified.

State Attorney General Tom Horne said DPS would have the discretion to send the criminal probe either to his office or to the U.S. Attorney for Arizona, given the apparent violations of both federal and state statutes.

"If the people could be found, we would certainly prosecute them," Horne said.

Gov. Jan Brewer has been briefed on the security breach, but her office is referring all questions to DPS.

House Speaker Andy Tobin, R-Paulden, said Friday that he is "outraged" by the attack, for reasons that include its apparent motivation over SB 1070.

"This extremist group has now put hundreds of Arizona's finest in danger," Tobin said in a statement. "These cyber terrorists should be prosecuted to the full extent possible. Their actions have compromised the safety of our brave law-enforcement officers and their families."

http://www.azcentral.com/news/articles/ ... 24-ON.html