AntiSec targeting law enforcement in support of Occupy Wall Streetby Steve Ragan - Oct 22 2011, 02:14
Once again, after a short break, those supporting the AntiSec movement have targeted law enforcement by compromising several systems and leaking personal information. In addition to the normal anti-police reasoning for such attacks, the AntiSec statement noted that the data breaches were done in support of the Occupy Wall Street movement.
“In solidarity with the Occupation Movement and the International Day of Action Against Police Brutality, allied #anonymous and #antisec vessels took aim at the corrupt bootboys of the 1%: the police,” an AntiSec statement explains.
On Friday, AntiSec supporters posted personal and confidential information taken after they compromised webservers used by Matrix Group, a web development firm located in Arlington, VA, boasting several law enforcement and government clients. The attack on Matrix Group led to the removal of dozens of websites from the Internet, and the compromise of several thousand records and documents.
“We intentionally excluded the unions and other unrelated sites on their servers because, unlike the police and those who support them, we will never betray our working class comrades. We realize our role in the social struggle against capital and against the state, deciding instead to set our sights on the police, military and other government websites hosted by Matrix,” the AntiSec statement added.
In addition to Matrix Group, AntiSec hit the International Association of Chiefs of Police, the Boston Police Patrolmen’s Association, and police officers in the Birmingham / Jefferson County area of Alabama. In all, more than 40 law enforcement websites were taken offline.
So what was taken? According to published information, AntiSec supporters compromised the IACP membership roster, some 16,000 records in all. In addition, the databases for all IACP related websites were also compromised.
Moreover, the discoverpolicecareers.org website was breached, resulting in the loss of nearly 250MB of internal documents. In Boston, the usernames and passwords for those registered on bppa.org were published. The names, rank, address, and phone numbers for 1,000 officers in Alabama were posted to the Web, as were the usernames and passwords associated with SheriffOfBaldwin.com website.
The Matrix Group suffered as well, as those who took part in the AntiSec attack walked away with several databases. Data from the Matrix Group breach was published on the website defacements announcing the attacks, including sever logs and history files, financial data, client lists, and project information.
The scale of the breaches are inline with other AntiSec related attacks. However, it is unknown when AntiSec supporters started this latest run. One website that has since recovered, bppa.org, has a notice to users that suggests the breaches announced on Friday took place some time ago.
“Starting Monday October 17th 2011 all Users who access the secure section of the site will have to re-register for a NEW Username and Password,” the bppa.org advised.
There was no reason listed for the password resets however.
“We are attacking the police because they are the vicious boot boys of the 1% whose role in society is to protect the interests and assets of the rich ruling class. They are not part of the 99%-- they are working class traitors who are paid to intimidate, harass, and repress political movements that would possibly stand a threat to the power structure of the 1%. We have no problem targeting police and releasing their information even if it puts them at risk because we want them to experience just a taste of the brutality and misery they serve us on an everyday basis,” the AntiSec statement concluded.
Josh Shaul, the Chief Technology Officer of Application Security Inc., said that Friday’s breach disclosures highlight the risk of shared hosting environments, and the importance of data protection.
“It’s a clear illustration of the risk in shared hosting environments, where if the host goes down everyone gets hit,” he commented.
If the attack was initiated via SQLi, and access from the database was leveraged in order to access the webservers, the result is compromised data and websites that have been, as is the case here, systematically removed from the internet.
“It’s a regular route to the server. To use SQLi at the website to enter the DB, and then use the DB to enter the server infrastructure, which leaves the attacker in control of not only the webservers, but the database and all of the information that was stored,” Shaul added.
What it comes down to, he noted, is that it’s all about the data. There are several avenues of attack, but at the end of the day the data is the most important thing to protect.
A mirror of one of the site defacements can be viewed on Zone-H.