Hacktivists associated with the Anonymous movement leaked 1.7GB of data belonging to the United States Bureau of Justice Statistics online.
The Bureau of Justice Statistics collects and publishes data on crime in the United States, including data on cyber-crimes. In a statement on The Pirate Bay accompanying a torrent file for downloading the data, the hacktivists wrote that the data included internal emails and an “entire database dump.”
The release was part of an operation dubbed “Monday Mail Mayhem.”
“We do not stand for any government or parties, we stand for freedom of people, freedom of speech and freedom of information,” the statement from the hacktivists read. “We are releasing data to spread information, to allow the people to be heard and to know the corruption in their government.”
In response to the attack, a spokesperson for the U.S. Department of Justice said it is investigating the matter and will turn any information it finds over to law enforcement.
“The department is looking into the unauthorized access of a Website server operated by the Bureau of Justice Statistics that contained data from their public Website,” the spokesperson said. “The Bureau of Justice Statistics Website has remained operational throughout this time. The departments main Website, justice.gov, was not affected.”
“The department is continuing protection and defensive measures to safeguard information and will refer any activity that is determined to be criminal in nature to law enforcement for investigation,” the spokesperson added.
Hacktivist attacks were blamed for a majority of the breaches investigated by Verizon last year and detailed in the company’s latest data breach report. On May 20, Anonymous-affiliate group AntiS3curityOPs launched a distributed denial-of-service (DDoS) attack against Chicago’s Website prior to the start of protests surrounding the NATO summit in the city.
In a post on Twitter, AntiS3curityOPS said that though it was not behind the justice.gov DB attack, the group did help attack the site.
Organizations need to take appropriate measures to protect their servers and sites against data breaches and denial-of-service attacks, said Neil Roiter, director of research at Corero Network Security.
Government agencies and high-profile commercial enterprises are and will continue to be targets of politically and ideologically motivated hacktivists,” he said. “As we see again in the case of the Bureau of Justice Statistics breach, these groups often are indiscriminate about what they take and what they make public, simply grabbing what they can and posting it online.