Anonymous continued its attacks against law enforcement
agencies to protest recent arrests of Anonymous members and Topiary by breaching a third-party marketing firm hosting 70 law enforcement Websites.
Under the banner of its
"AntiSec" campaign, the so-called "hacktivist" collective
Anonymous and its counterparts in the recently resurrected LulzSec struck
again, this time going after multiple law enforcement agencies in the United
States, Ecuador and Brazil. The group also defaced Websites belonging to the Syrian
and Colombian governments.
The attackers uploaded a 7.4GB
file via BitTorrent on Aug. 6; the file contained more than 300 email boxes
from 56 different law enforcement domains, personal details belonging to more
than 7,000 sheriffs in Missouri, online police-training videos, and a list of
60 people who called in about Anonymous on the tips hotline. Dubbed
"Shooting the Sheriffs," the file contained personal details such as
user names, passwords, home addresses, telephone numbers and Social Security
All in all, 70 law
enforcement agencies, mostly rural sheriffs, were hit in the latest AntiSec
campaign. The stolen data came from 76 Websites in 11 states, including
Arkansas, Louisiana, Kansas, Missouri and Mississippi, and was stolen during
the July 31 attack. The current dump appears to be related to the sample of
Social Security numbers belonging to 100 police officers that Anonymous leaked
"We are doing this in
solidarity with Topiary and the Anonymous
PayPal LOIC defendants
as well as all other political prisoners who are
facing the gun of the crooked court system," the attackers wrote in the
file's summary on BitTorrent.
refers to the spokesperson of LulzSec
, who the British police arrested in
Scotland last month and charged with five counts of computer misuse, including
unauthorized access to a computer system, encouraging or assisting offenses,
conspiracy to carry out distributed denial-of-service attacks, and conspiracy
to commit computer misuse offenses. He is out on bail and is banned from using
The Federal Bureau of
Investigation also arrested 16 individuals in July for participating in a
attack against PayPal
earlier in the year using the Low Orbit Ion Cannon
Anonymous said the goal was to
"embarrass, discredit and incriminate police officers across the U.S.,"
in retaliation for the ongoing arrests of Anonymous members.
Mountain Home, Ark.-based
online marketing firm Brooks-Jeffrey Marketing hosted and managed Websites for
the affected law enforcement agencies. The attackers discovered a vulnerability
in BJM's servers that allowed them access, according to the AntiSec press
release. It appears that BJM discovered the data breach against several of its
law enforcement Websites on its platform and took them offline, but failed to
fix the underlying vulnerability or remove the backdoor code before adding new
"We were surprised and
delighted to see that not only did they relaunch a few sites less than a week
later, but that their 'bigger, faster server that offers more security' carried
over our backdoors from their original box," said the AntiSec statement.
"This time, we were not going to hesitate to pull the trigger: In less
than an hour, we rooted their new server and defaced all 70+ domains, while
their root user was still logged in and active."
Application Security CTO
Josh Shaul told eWEEK
in the past
that IT administrators often just close the security hole when a breach is
detected, but neglect to perform a full audit to check for other
vulnerabilities or changes the attackers made. This way, backdoor code and malware
remains undiscovered and allows attackers to re-compromise the system
The attackers also created a
backdoor into BJM's online store, captured credit card numbers and used them to
make "involuntary donations" to varied organizations such as the
American Civil Liberties Union, the Electronic Freedom Foundation and the
Bradley Manning Support Network.
"The fact that credit
card numbers were stolen and used because they were stored in the clear just
shows that companies need to understand how to protect sensitive data on
servers exposed to the Internet," Wasim Ahmad, vice-president of data
security at Voltage Security, told eWEEK.
Data-centric encryption techniques should have been used, Ahmad said.
Anonymous members also
defaced the Syrian ministry of defense Website to protest the government's
deadly crackdown against demonstrators; defaced Facebook and Twitter accounts
belonging to German Vargas Lleras, Colombia's minister of the interior, to
protest a new copyright law; and released information about 45,000 Ecuadorian
police officers after the government said it would prosecute Anonymous
On the Syrian Website, the
group posted statements in Arabic and English, with the English statement
expressing support for Syrian demonstrators: "The world stands with you against
the brutal regime of [Syrian President] Bashar Al-Assad."
Hackers in Brazil leaked 8GB
of data relating to Operation Satiagraha, a Federal Police investigation that
resulted in a corruption conviction for a prominent banker recently. The dump
included sensitive documents, audio files, telephone wiretap transcripts, video