Hacker's phone call to police saying he defaced their website.. because he was bored

Filed Under: Law & order, Vulnerability

AntiSecA number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the "Occupy" demonstrations.

One of the sites targeted was the Boston Police Patrolmen's Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites - such as their email accounts or Facebook.

In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.

Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public.

What's perhaps most bizarre, however, is that a recording has come to light of a hacker phoning up one of the hacked police departments.

The caller speaks with a British accent and claims to be calling from England, via Skype (which explains the poor quality).

After being batted around the police department's telephone system for a while, and listening to some funky muzak, he eventually ends up speaking to a public information officer.

Here is a recording of part of the call:

And here's a partial transcript:

Caller: Your website has been defaced.

Police official: Yes, we're in the process of uh.. investigating it, but apparently someone hacked into our website, but we've..

Caller: Yeah that was me.

Police official: .. shut the website down at this time.

Caller: The person who did it was me.

Police official: You hacked into the website?

Caller: Yes sir.

Police official: Would you like to tell me why you did it?

Caller: AntiSec.

Police official: Is there a particular reason that you did it? Are you trying to prove a point? Or are you just picking on for us any particular reason? What's the problem?

Caller: Just got a bit bored, y'know.

Police official: I can't hear you sir.

Caller: I said, I said I got a bit bored.

Police official: You got a bit bored?

Caller: Yeah.

Police official: That's fine. Alright, well.. perhaps I can break your boredom if we can trace you back and come and put you in jail, we'll get a warrant for you - how's that?

Caller:Well, I'm not in America.

Police official: That's okay. That's alright. It doesn't make any difference where you're at.

Caller:So you're gonna [laughs] come and get me?

Police official: I'm gonna get on a plane in the next few minutes and head that way, start looking for you somewhere.

Caller:Bring it on.

The Boston Police department has asked all personnel to reset their passwords, and says that it is launching a full investigation into the reported incidents.

Boston police hacking advisory

Meanwhile, the IACP website is still unavailable - clearly the site's administrators were more comfortable with visitors seeing a holding page than the defaced version which included an anti-police rap video:

IACP website

For more information on securing your website download our technical paper "Securing Websites" published by SophosLabs. In addition to advice on common attack techniques including SQL injection, the paper also discusses establishing a secure foundation for your site and how to deal with external service providers.

, , , , , , , ,

You might like

8 Responses to Hacker's phone call to police saying he defaced their website.. because he was bored

  1. I have sympathy for the hacker, can't help it. :)

  2. Tim · 1004 days ago

    Yup, a guy with an English accent saying he hacked the Boston PD website. Or another way, Some English guy highhandedly F'd with a historically Irish Organization. Oh Yeah, this will work out well. As we all know the Irish are really forgiving when an English guy messes with them and laughs about it in their face.

  3. Bow · 1004 days ago

    Oh that did make me laugh, that's has to be the funniest thing I have seen today...go on you Mr Hacker

  4. Alex · 1004 days ago

    The hacker's comments were a bit embarassing. I thought the cop was being a little silly at the end with a bit of seriousness. Then the hacker is like "haha u mad bro". Dude, kid, chill - the police officer sounds like he's a bit bored talking to you as well. Also, enunciate a bit, it helps others understand your accent.

  5. Anon · 1003 days ago

    Class.

  6. Steve · 1003 days ago

    "Caller:Well, I'm not in America."

    If he's British then he's a fool to think this fact will save him. The law states if you launch an attack on another system, regardless of where in the world the target is located you have broken domestic computer law.

    Bring British didn't save Topiary and the others, what makes him think it will save him? lol

  7. Giorgos · 1003 days ago

    "Caller:Well, I'm not in America.

    Police official: That's okay. That's alright. It doesn't make any difference where you're at."

    You just stay right within your nation's borders. The rest of the world does not belong to you.

  8. Anon · 1002 days ago

    If you take down the police website here in Greece,
    no one will take notice.
    BUT if you uninstall solitaire from their windows boxes,
    they might shoot you for bringing misery to their life:)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.