A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the "Occupy" demonstrations.
One of the sites targeted was the Boston Police Patrolmen's Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites - such as their email accounts or Facebook.
In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.
Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public.
What's perhaps most bizarre, however, is that a recording has come to light of a hacker phoning up one of the hacked police departments.
The caller speaks with a British accent and claims to be calling from England, via Skype (which explains the poor quality).
After being batted around the police department's telephone system for a while, and listening to some funky muzak, he eventually ends up speaking to a public information officer.
Here is a recording of part of the call:
And here's a partial transcript:
Caller: Your website has been defaced.
Police official: Yes, we're in the process of uh.. investigating it, but apparently someone hacked into our website, but we've..
Caller: Yeah that was me.
Police official: .. shut the website down at this time.
Caller: The person who did it was me.
Police official: You hacked into the website?
Caller: Yes sir.
Police official: Would you like to tell me why you did it?
Caller: AntiSec.
Police official: Is there a particular reason that you did it? Are you trying to prove a point? Or are you just picking on for us any particular reason? What's the problem?
Caller: Just got a bit bored, y'know.
Police official: I can't hear you sir.
Caller: I said, I said I got a bit bored.
Police official: You got a bit bored?
Caller: Yeah.
Police official: That's fine. Alright, well.. perhaps I can break your boredom if we can trace you back and come and put you in jail, we'll get a warrant for you - how's that?
Caller:Well, I'm not in America.
Police official: That's okay. That's alright. It doesn't make any difference where you're at.
Caller:So you're gonna [laughs] come and get me?
Police official: I'm gonna get on a plane in the next few minutes and head that way, start looking for you somewhere.
Caller:Bring it on.
The Boston Police department has asked all personnel to reset their passwords, and says that it is launching a full investigation into the reported incidents.
Meanwhile, the IACP website is still unavailable - clearly the site's administrators were more comfortable with visitors seeing a holding page than the defaced version which included an anti-police rap video:
For more information on securing your website download our technical paper "Securing Websites" published by SophosLabs. In addition to advice on common attack techniques including SQL injection, the paper also discusses establishing a secure foundation for your site and how to deal with external service providers.
Follow @gcluley
I have sympathy for the hacker, can't help it. :)
Yup, a guy with an English accent saying he hacked the Boston PD website. Or another way, Some English guy highhandedly F'd with a historically Irish Organization. Oh Yeah, this will work out well. As we all know the Irish are really forgiving when an English guy messes with them and laughs about it in their face.
Oh that did make me laugh, that's has to be the funniest thing I have seen today...go on you Mr Hacker
The hacker's comments were a bit embarassing. I thought the cop was being a little silly at the end with a bit of seriousness. Then the hacker is like "haha u mad bro". Dude, kid, chill - the police officer sounds like he's a bit bored talking to you as well. Also, enunciate a bit, it helps others understand your accent.
Class.
"Caller:Well, I'm not in America."
If he's British then he's a fool to think this fact will save him. The law states if you launch an attack on another system, regardless of where in the world the target is located you have broken domestic computer law.
Bring British didn't save Topiary and the others, what makes him think it will save him? lol
"Caller:Well, I'm not in America.
Police official: That's okay. That's alright. It doesn't make any difference where you're at."
You just stay right within your nation's borders. The rest of the world does not belong to you.
If you take down the police website here in Greece,
no one will take notice.
BUT if you uninstall solitaire from their windows boxes,
they might shoot you for bringing misery to their life:)