June 25, 2011

Arizona DPS: Officers' personal info, cartel briefings stolen

Hundreds of pages of e-mails. Nearly four dozen images and two dozen slide shows. Intelligence briefings about drug cartels.

Home telephone numbers and work schedules for Arizona Department of Public Safety officers.

The hundreds of documents posted online by an international group of hackers on Thursday have raised questions about whether local and border-security law enforcement was compromised by a breach of DPS computers.

DPS officials deny enforcement work was compromised.

"Other than personal information, we don't think this will affect our operations at all," DPS Capt. Steve Harrison said. "It's a minor inconvenience." He acknowledged, however, that the posting of personal information about DPS officers put them "in harm's way."

The materials are clearly not what a law-enforcement agency would choose to divulge, at least out of caution.

A stark example is an intelligence briefing describing a high-level border-town meeting involving the head of the most powerful drug cartel in Mexico, as related by a confidential informant. The cartel leader and a small army of cartel traffickers were plotting how to smuggle large amounts of marijuana through Arizona.

"If there is information about how sources of information get to our attention, the cartels will change their ways," said Peter Forcelli, a supervisor with the bureau of Alcohol, Tobacco, Firearms and Explosives in Phoenix, who works border smuggling cases.

Also posted online were such things as the work schedule for officers in a DPS bureau, the types of weapons used by officers in another bureau, and personal information and photographs of agency officers and family members.

There is no indication that any source's confidentiality was betrayed or an investigation was jeopardized.

Phoenix police Lt. Vince Piano, who runs an undercover operation targeting drug cartels, said that the damage of the breach to day-to-day enforcement operations is minimal but that the incident will serve as a wake-up call.

"It's going to make officers a lot more cautious," Piano said. "After this, my guys aren't e-mailing anything."

State and federal authorities are now poring through the more than 700 files that include at least 1,300 pages of DPS e-mails taken by hackers known as Lulz Security, to assess the damage.

At a minimum, the unwanted disclosures have forced authorities to rethink cybersecurity. At least for a short time, state and federal agents combating the cartels will have to shift tactics, veteran agents say.

The vast majority of released documents seem mundane. On Friday, the DPS acknowledged that the hackers used the department's remote e-mail system to obtain e-mails and attachments in accounts for eight employees. But the penetration got no further than those documents. Those records range from staff rosters and routine paperwork to unclassified bulletins from intelligence-sharing centers and training slide shows and videos describing drug-cartel methods.

Volumes of personal information were taken from spreadsheets of dozens of employee names. They include badge numbers and personal phone numbers and, in some cases, spouse names. "It's unconscionable and can place these officers in harm's way," Harrison said.

There are home phone numbers for some state judges and personal contacts for some federal authorities.

One spreadsheet lists the work schedule for every officer in one DPS border office for this year, with vacation dates noted. Another indicates the type of weapons used by officers in a different bureau. A third includes the dispatch codes used by police agencies around the state.

Several files outline the dates, locations and participants in police crackdowns.

Many of the documents are alerts about drug-related intelligence, offering a window into how much the DPS knew at various times.

In 2010, the U.S. Department of Homeland Security warned about cartels planning an imminent attack in Sonora border towns.

The alert notes, "There is nothing to indicate that the violence will cross over into the United States, but agents should maintain situational awareness."

In 2010, an unclassified FBI bulletin, based on contact with a confidential informant, warned about cartels seeking to kill local and federal law-enforcement officers at three agencies.

The release of information about confidential informants is "compromising and damaging," said DPS Sgt. Carlos Contreras, a veteran of various task forces assigned to smuggling crimes.

Even more seemingly benign and stale leaks, such as duty rosters, generic operations plans or slides about smuggling techniques can set back counternarcotics agents in the constant chess battle with the cartels.

"It gives them a pretty solid mechanism for changing their tactics," Contreras said, adding that he has been advised to never put sensitive information in e-mails.

Harrison said the DPS is now re-evaluating its procedures. The agency is thinking about a more secure way to share files electronically and changing its e-mail security protocols.

The breach has reverberated beyond the DPS.

The Homeland Security investigations unit of Immigration and Customs Enforcement "is in contact with the Department of Public Safety and the FBI regarding the recent security breach," ICE said in a written statement, adding that it "is still conducting an assessment to determine its operational impact."

Among the documents are photographs of officers. One image shows an officer shaking hands with former President George W. Bush. Another includes a family member's photograph.

There is a picture of nearly 40 officers from one bureau. There are also 43 spreadsheets and 22 slide shows, most of them relating to training or routine paperwork.

What is largely absent is anything relating to Senate Bill 1070, the ostensible reason LulzSec targeted the DPS in the first place.

One e-mail from June 2010 suggests the author saw SB 1070 as a potential reason to move illegal-immigrant suspects from the open desert to safer conditions.

"If we have a distressed pedestrian, regardless of origin, we have a humanitarian responsibility to act for their safety. And if that requires that we transport them to a Border Patrol checkpoint or facility or to another location where we can remove them from the heat, I believe we will meet both the headline and humanity tests," the e-mail said.

A 2008 e-mail did express one officer's anger over Mexican drug dealers profiting from the porous border, "What the @#@%*@ are we thinking???" the sender asked.

A 2009 alert from the U.S. Justice Department warns police that iPhones feature remote-erasure tools, potentially allowing criminals to destroy evidence before police can analyze it. The authorities recommended securing the phones in a way to ensure the erasure signal couldn't be received.

The hacking episode has embarrassed the state agency and left it assessing the value of information never intended for public view.

"We feel like somebody whose house has been burglarized: shock, anger, frustration and a little fear," Harrison said.

by Sean Holstege and Ronald J. Hansen The Arizona Republic Jun. 25, 2011 12:00 AM



Arizona DPS: Officers' personal info, cartel briefings stolen

No comments:

Post a Comment

Mashable!

Crave: The Gadget Blog

PCWorld Latest Technology News

CNET TV: Laptops

Blog Archive

Recent Comments