Saturday, June 25, 2011

LulzSec Posts Stolen Data from Arizona Lawman Site

Stolen data from the Arizona Department of Public Safety has been posted by the hacker group LulzSec. The hackers promised to release "more classified documents and embarrassing personal details" about military and law-enforcement attempts to "terrorize communities." LulzSec also said its attack on Sony Pictures was wider than reported.
Hackers have released a torrent of confidential data seized during an intrusion at the web site of the Arizona

Department of Public Safety, including hundreds of private intelligence bulletins, training manuals, and personal e-mail correspondence of law-enforcement officials. The underground group LulzSec said it selected its latest target because of Arizona's recent passage of an anti-immigration bill as well as the racial attitudes of state police officials.
Among the confidential documents released by LulzSec Thursday was a report concerning an encounter between Arizona police and two private individuals equipped with pistols and an assault rifle and wearing camouflage outfits. Both individuals held valid U.S. Marine Corps identification cards and claimed they were off-duty and working as private contract employees paid to patrol the border.
"Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement," the LulzSec hackers wrote. The aim is "not just to reveal their racist and corrupt nature, but to purposefully sabotage their efforts to terrorize communities [by] fighting an unjust 'war on drugs.' See you again real soon!"
Problems Along the Border
One sensitive FBI document released Thursday noted that the Mexican government refused to sign an "Intercept Agreement" promising not to eavesdrop on U.S. government radio communications along the border. The confidential report suggested Mexico's response meant Mexican authorities intended "to do a lot of listening."
Other Arizona law-enforcement documents demonstrate that smugglers are becoming more tech-savvy. For example, drug lords moving product across the border are now using sophisticated GPS gear to track their shipments as well as target rival groups.
Smugglers also have begun hiding their flash storage devices in innocuous objects ranging from cigarette lighters, jewelry and pens to calculators and children's toys. By contrast, some of the computers in the Arizona Department of Public Safety are still using dial-up connections to access the Internet.
One anonymous individual whose e-mail accounts were compromised by LulzSec's latest intrusion called the hackers terrorists. "If we're terrorists, then you're a jackass for reusing your password everywhere for nine years," LulzSec retorted in a Friday tweet.
On a Spree
LulzSec claimed responsibility for hacking the PBS web site late last month as payback after the television network ran a TV program about the WikiLeaks hack of sensitive U.S. State Department documents. The intrusion included the posting of a fake Tupac article on the PBS home page.
Then in early June, the hacker group broke into the Sony Pictures web site and claimed to have lifted the personal data of a million individuals. Sony Pictures affirmed the hack on June 8, when it admitted it had notified "approximately 37,500 people who may have had some personally identifiable information stolen during the recent attack."
Sony Pictures said the stolen information didn't include "any credit-card information, Social Security numbers, or driver-license numbers." Still, it admitted the hackers obtained data on a significant number of its web-site users, such as "address, e-mail address, telephone number, gender, date of birth, and web-site password and username."
However, LulzSec said its haul from Sony Pictures had a wider scope than the company reported. The group claimed to have compromised sensitive corporate details as well as propriety information. "Among other things, we also compromised all admin details of Sony Pictures -- including passwords -- along with 75,000 'music codes' and 3.5 million 'music coupons,'" the hacker group wrote.
Moreover, the group hacked Sony Pictures using "a very simple SQL injection -- one of the most primitive and common vulnerabilities, as we should all know by now," LulzSec observed.
 "From a single injection, we accessed EVERYTHING. What's worse is that every bit of data we took wasn't encrypted."

No comments:

Post a Comment