Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous Cracks Cops Data Again

The "hacktivist" Anonymous operation known as AntiSec released a 7.4 GB file with emails and personal information from 56 different law enforcement agencies.

The Anonymous-driven "hacktivist" operation known as AntiSec over the weekend released a trove of files relating to law enforcement organizations in the United States, as well as Columbia and Ecuador, while defacing websites and social media pages belonging to the Syrian and Columbian governments.

On Saturday, the group uploaded a 7.4 GB file dubbed "Shooting the Sheriffs," via BitTorrent, containing more than 300 email boxes from 56 different law enforcement domains, more than 7,000 Missouri sheriffs' personal details (usernames, passwords, home addresses, telephone numbers, and social security numbers), as well as online police training files and a list of 60 people who fed Anonymous-related tip to a "report a crime" hotline.

"We are doing this in solidarity with Topiary and the Anonymous PayPal LOIC defendants as well as all other political prisoners who are facing the gun of the crooked court system," according to the file summary.

Topiary refers to the handle of the spokesperson for LulzSec, who British police allege is Jake Davis, 18. Davis was arrested in Scotland last month and charged with five counts of computer misuse, including unauthorized access to a computer system, encouraging or assisting offenses, conspiracy to carry out distributed denial of service attacks (DDoS), as well as conspiracy to commit computer misuse offenses. Likewise, LOIC refers to the tool used by Anonymous participants to create a DDoS attack against the PayPal website. Last month, the FBI made a number of related arrests.

In this latest incident, members of AntiSec obtained the law enforcement data from websites managed by Brooks-Jeffrey Marketing (BJM). According to the AntiSec post, it exploited a vulnerability in BJM's servers to gain access and copied away the data, all over a 24-hour period.

According to news reports, BJM realized last month that multiple law enforcement websites that it hosts had been breached, at which point it took them offline and alerted the FBI. But according to the AntiSec post, BJM failed to fix the underlying vulnerability or eradicate AntiSec's backdoor code before putting new sites online. "We were surprised and delighted to see that not only did they relaunch a few sites less than a week later, but that their 'bigger, faster server that offers more security' carried over our backdoors from their original box," said the AntiSec statement. "This time we were not going to hesitate to pull the trigger: in less than an hour we rooted their new server and defaced all 70+ domains while their root user was still logged in and active."

AntiSec said it also created a back door into the BJM online store, captured some credit card numbers, and used them "to make involuntary donations to the ACLU, the [Electronic Freedom Foundation], the Bradley Manning Support Network, and more."

Beyond the BJM-related activities, over the weekend, AntiSec also defaced the Syrian ministry of defense website, to protest the government's deadly crackdown against protestors, while a group calling itself "LulzSec Brazil" leaked 8 GB of federal police data. Meanwhile, AntiSec also claimed credit for defacing Facebook and Twitter accounts belonging to German Vargas Lleras, Columbia's minister of the interior, to protest a new copyright law. The group also released information about 45,000 police officers in Ecuador after the government threatened to prosecute Anonymous participants.

In related news, British police last week released a statement via TweetDeck saying that investigations into LulzSec and Anonymous continue, and warned that launching DDoS attacks, from or against Britain, are illegal.

"Anyone considering accessing a computer without authority should understand that such acts are unlawful and can carry a term of imprisonment," said the statement. "Under U.K. legislation, it is an offense if a person acts from within the U.K. upon a computer anywhere else in the world. It is also an offence [for] someone anywhere else in the world to criminally affect a computer within the U.K."

In particular, Britain's Computer Misuse Act 1990 outlaws "acts of unauthorized access to personal accounts, [DDoS] attacks, and intrusive hacks where data is taken or systems changed," according to the statement. Penalties range from up to two years of imprisonment for unauthorized access to a computer, or up to 10 years in combination with modifying data on the computer or impeding its operation. "In the past, hacktivists have compared their activities to legitimate civil disobedience--but such a view is not a defense if suspected hackers are brought to court," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

Bringing suspected hacktivists to court appears to be a priority in Britain. On Friday, U.K. newspaper The Guardian reported that Britain's cyber crime police unit size has quadrupled--to 85 officers--over the past two months, and its budget increased by 30 million pounds ($49 million), as the unit investigates hacktivist groups.

In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk. Download it here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...