Acting in support of those taking part in the Occupy movement sweeping the globe, a self claimed supporter of Anonymous participating in the AntiSec movement has leaked the membership database of the Coalition of Law Enforcement and Retail (C.L.E.A.R.). The leak exposed the usernames and passwords of both loss prevention and law enforcement personnel from several of organizations.
“Brothers, Use my dump [to], break into any police or federal email and disclose any info on #AntiSec, #anonymous and #OWS,” encouraged the person who claimed the clearusa.org hack, known as Exphin1ty on Twitter.
At least one person has claimed to have used the leaked data to access an email account held by a police department. Yet, the name of the law enforcement agency and the account leveraged in the hijacking remains unknown.
In all, some 2,000 records were exposed after being taken from clearusa.org, which included phone numbers, names, work addresses, agency representation, email addresses, and hashed passwords. When the passwords were reversed from hash form, the admin account and webmaster accounts exposed used “password” and “123456” respectively.
“Many hashes in the list cam easily be resolved using the web, and many users reuse their password elsewhere... People with awesome GPU power or massive rainbow tables are most welcome to send the cracked hashes of my earlier dump & I'll publish them,” Exphin1ty added.
When commenting on the reasoning for the attack, the notes released with the published data said that “law enforcement's inhumane treatments of occupiers” was the main cause.
“You have shown through these actions that you are nothing more than puppets in the hands of your government. We have seen our fellow brothers & sisters being teargassed for exercising their fundamental liberal rights, the exact ones that were bestowed upon them by their Constitution. Due to this and several other reasons we are releasing the entire member database of clearusa.org.”
As with previous AntiSec related leaks, collateral damage is unavoidable, Exphin1ty commented. This includes the personal information for Goodwill employees that were included with the others.
Exphin1ty apologized for their inclusion, but noted that he could not have redacted their information; else he would have been accused of censorship.
C.L.E.A.R. has not issued a statement on the breach.