The leak, dubbed “Shooting Sherifs Saturday,” contains more than 10 GB of stolen data belonging to sheriff's offices for mostly rural towns across the country, according to a statement the hackers posted Saturday to the file-sharing site Pastebin. The data dump includes private emails, passwords, addresses, Social Security numbers, credit card numbers, police training files, and information from informants.
The hack was part of a venture called Anti-Security, or AntiSec, which is led by the hacktivist groups Anonymous and LulzSec, and calls for hackers worldwide to expose sensitive data that reveals wrongdoing within governments and corporations.
The hacktivist collective said it carried out the attack in retaliation for the arrests of AntiSec sympathizers, including an 18-year-old nicknamed Topiary, who police allege is the unofficial spokesperson of LulzSec.
“We hope that not only will dropping this info demonstrate the inherently corrupt nature of law enforcement using their own words, as well as result in possibly humiliation, firings, and possible charges against several officers, but that it will also disrupt and sabotage their ability to communicate and terrorize communities,” AntiSec hackers wrote in their statement.
The information was obtained late last month during an attack on Brooks-Jeffrey Marketing, a Mountain Home, Ark.-based firm that hosts many Sheriffs' Association sites, the hackers said. More than 70 sites belonging to local sheriff's offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi, and several other states, were impacted by the attack.
“It took less than 24 hours to root [Brooks-Jeffrey's] server and copy all their data to our private servers,” the hackers said.
Brooks-Jeffrey Marketing did not respond to a request for comment made by SCMagazineUS.com on Monday.
Shortly after the initial attack, the hackers were able to compromise a replacement server and deface the affected domains. Many of the affected sites were unavailable over the weekend, though most appeared to be back online Monday.
The hackers, meanwhile, also used stolen credit card details to make donations to the American Civil Liberties Union, Electronic Frontier Foundation, and the Bradley Manning Support Network, according to the statement.
Richard Mackey, vice president of consulting at SystemExperts, told SCMagazineUS.com on Monday that the hackers likely went after local law enforcement bodies to make the largest impact with the smallest amount of work. Such organizations probably don't consider themselves a prime target of hackers, and as a result, haven't implemented as robust security controls as larger law enforcement bodies.“[Attackers] will look for relatively easy targets, ones they will be able to exploit right away rather than a high-profile organization that has invested substantial funds in security defenses,” Mackey said.
