AntiSec supporters take revenge - target the City of Oaklandby Steve Ragan - Oct 27 2011, 15:11
Responding to the violent police treatment of protesters during Occupy Oakland (video below), AntiSec supporters have leaked what appears to be the usernames, passwords, and email addresses of two city employees, while exposing a CMS that manages part of the City of Oakland’s website.
The data leaked by AntiSec supporters - along with a single statement of, “Problem #Oakland authorities? F--- you!” - contains a sample database record, and images taken from the admin area of the Senior Access Guide for Empowerment (SAGE) portal used by Oakland’s Department of Human Services (DHS).
One of the sample links is a copy of an active page, allowing others to access the entire backend by using one of the three administrator accounts provided. Google searches show that the SAGE pages have been in the public for some time.
According to the release, the City of Oakland is using eEye Digital Security’s SecureIIS webserver security suite, which promises, “...integrated multi-layered windows server protection [against] known and unknown exploits, zero day attacks, and unauthorized web access...”
SAGE is what appears to be an ASP driven application, created in-part with a tool called ASPMaker. One of the administrator accounts published by AntiSec supporters comes from T324, a web design and hosting firm located in Albany, California. When the SAGE section of the DHS site was developed by T324, they used version 4 of ASPMaker, which has long since been replaced by several revisions.
It’s possible that access to the user accounts stems from ASPMaker’s role in developing the SAGE portal used by Oakland’s DHS. In addition to IIS 6.0, the site stores all of its content in a MS Access Database.
The age of the development tool, as well as the site itself being publically available, could mean that what AntiSec supporters leaked to the Web is no longer used, or of no critical value to the City of Oakland. However, if it isn’t used or needed, the city needs to remove it. If there is value in the SAGE application, then it needs serious code modifications and protection.
On Tuesday evening, as shown in the video below, the police turned to violence in order to clear Occupy Oakland protesters out of their camp in front of City Hall. Tragically, one protester, an Iraq vet who served two tours and returned home in good health, 24 year-old Scott Olsen, was critically wounded by police.
Oakland PD fired rubber bullets, tear gas, and smoke canisters into the crowd. Olsen was struck in the head by one of the canisters, suffering a fractured skull according to doctors. He is listed in serious, but stable condition.
[The video shows an aerial view of police breaking up the crowd]
[This video shows what is said to be Olsen being attacked.]