Anonymous and Antisec factions dumped files on the net Friday detailing data from the computer systems of multiple law enforcement agencies and a law enforcement vendor, including the International Association of Chiefs of Police, Boston Police Patrolmen’s Association and the Baldwin County Sheriff’s office in Alabama.
Additionally, the groups took down a number of law enforcement domains hosted together. According to the notice, the site’s homepages were defaced, replaced with an anti-police rap video. At the time of publication, the domains simply failed to load, sending a “Bad Request (Invalid Hostname)” message.
The notice says the attack is in support of the so-called 99% movement, a reference to the Occupy Wall Street protests spreading around the world. The action is described as retaliation against law enforcement for mistreatment of #occupywallstreet, particularly in Boston.
The notice references a 600MB data dump which reportedly includes the IACP membership roster; 1000 names, ranks, addresses, phone numbers, and social security numbesr for police officers in Birmingham and Jefferson Counties; 1,000 names and cleartext passwords for the BPPA; and the client list and financials for Matrix Group, a DC-based web design and marketing firm with law enforcement customers.
The BPPA website has a notice under current events that reads: “* Please Note: Starting Monday October 17th 2011 all Users who access the secure section of the site will have to re-register for a NEW Username and Password.”
But the site doesn’t say why, or warn users that usernames and passwords, which users commonly re-use on other sites, may have been compromised.
The notice contains a details about the compromised servers, but Wired has not been able to locate a publicly available dump of the data, which may not have been released yet.
Matrix Networks, Boston Police Patrolmen’s Association, and Boston PD did not respond to requests for comment by press time.
Update Monday 10/24 4:00 PDT: Wired has now looked through the documents, recently made available on a website proxied through Tor, and confirmed that the file appears to include personal details of police and other database entries consistent with what was claimed by the Antisec participants. Additionally, Matrix Networks has confirmed that it is working with law enforcement to identify the hackers that compromised its server.