Computer experts are trying to determine how an international group of hackers broke into the Arizona Department of Public Safety's computers on Thursday and downloaded and released hundreds of law-enforcement files.
The hacking group LulzSec, which has taken responsibility for breaching the websites of the CIA and the U.S. Senate, said in a bulletin that it targeted the DPS because LulzSec opposes Senate Bill 1070, a law the Arizona Legislature passed that widened law-enforcement officers' ability to apprehend illegal immigrants. The law is largely on hold pending a review by the U.S. Supreme Court.
The DPS files, posted on LulzSec's website, include personal information about officers and numerous documents ranging from routine alerts from out-of-state police agencies to videos and photos about the hazards of police work and operations of drug gangs. The names of the files are as innocuous as "resume" and "evaluation form" and as provocative as "cartel leader threatens deadly force on U.S. police."
In its Web posting, the group said the files were primarily related to U.S. Border Patrol and counterterrorism operations.
The hackers vowed to release more classified documents each week as a way to embarrass authorities and sabotage their work.
Steve Harrison, a DPS spokesman, confirmed late Thursday that the agency's system had been hacked earlier in the day. The agency had heard rumors that someone was working on hacking the agency's system, but the DPS could not do anything until the system was actually breached, Harrison said.
Gov. Jan Brewer was briefed on the situation, but her spokesman referred all questions to the DPS.
Experts are working on closing the loopholes and have closed external access to the DPS system.
Harrison said the release of officers' personal information is alarming. This information included the names of eight officers, their spouses' names, cellphone numbers and addresses.
"When you put out personal information, you don't know what kind of people will respond," Harrison said, noting that another officer was attacked at his home Thursday morning in an unrelated incident.
The only breach identified by the DPS so far has been that of the e-mail accounts, the passwords of which were also posted online. The agency suspects most, if not all, of the information released was obtained via what was available on those accounts.
Although LulzSec claims some of the files were labeled "not for public distribution," Harrison said. The DPS did not believe any sensitive information that would compromise current investigations was leaked.
Many of the files reflect the mundane concerns of law enforcement. Others offer insight into efforts to keep pace with rapidly evolving technology and the ways criminals take advantage of it.
Some documents also relate to the DPS' effort to address issues of alleged racial profiling, stemming from a 2001 lawsuit that the agency agreed to settle. As part of that agreement, the DPS has continued to allow a university research firm to collect data on its officers' traffic stops.
Other documents included an intelligence bulletin about the leader of a Mexican drug cartel, an advisory from the Arizona Counter Terrorism Intelligence Center and Highway Patrol operational plans for responding to border threats.
According to news reports, the anonymous computer-hacking group has taken responsibility for breaching websites of the CIA, the U.S. Senate, the Public Broadcast System and numerous video-game companies.
LulzSec posts its exploits on Twitter and, as of Thursday, claimed more than 261,200 followers.
Aaron Sandeen, the state's chief information officer, said a national cybersecurity agency that monitors state websites notified his office of a potential breach.
The DPS website was shut down immediately, Sandeen said, and IT teams went to work "to make sure there was no outbreak anywhere else within the network."
The DPS information system is separate from the rest of state government, he said. No other state agency websites have been compromised, he said.
Sandeen said the DPS attack appeared to have been malware.
DPS employees late Thursday were comparing passwords and e-mail addresses to verify whether the information LulzSec has published matches actual DPS accounts.
"DPS is working to verify all user accounts, change all passwords and make sure everything is secure," Sandeen said. "We have to validate that it is a legitimate hack and it's legitimate information."
IT teams also were looking for the source of the cyberattack by scanning internal computer files for unusual activity, such as peaks of usage.
For example, Sandeen said increased traffic this week on the DPS sex-offender registry could provide some clues.
"I don't know if that's related, but that's something we will look into," he said.
On Thursday afternoon, LulzSec taunted Maricopa County Sheriff Joe Arpaio on his official account, saying, "Media? Heat? You?" The tweet included an expletive in Spanish aimed at the Border Patrol.
Sheriff's Deputy Chief Jack MacIntyre said the Sheriff's Office is taking "some countermeasures" with the agency's IT system.
"We will be cooperating with DPS to make sure that we minimize any possible impact," he said. Asked if the sheriff's computer systems had been compromised, MacIntyre responded, "We don't think so, we're looking at that - although we're not absolutely sure. We're working on it full-scale with all our IT people."
Sen. Linda Gray, chairwoman of the state Senate's Public Safety and Human Services Committee, said she was unaware of the attack. But she did worry about confidential employee information, such as home addresses and other identifying details, being disseminated on DPS personnel.
Much of that information is shielded from public disclosure in the interest of protecting law enforcement who work on sensitive matters, she said.
Asked if Maricopa County is taking special precautions amid the high-profile attacks, a county spokesman declined to provide details, saying only, "We are always vigilant."
In a bulletin accompanying the latest release of information, LulzSec said:
"We are releasing hundreds of private intelligence bulletins, training manuals, personal e-mail correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB 1070 and the racial profiling anti-immigrant police state that is Arizona."
The group said it will release more information every week to embarrass military and law-enforcement officials "in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust 'war on drugs.' "
by Yvonne Wingett Sanchez, Matt Haldane and Shaun McKinnon The Arizona Republic Jun. 24, 2011 12:00 AM
Global hacking group breaks into DPS network
Crave: The Gadget Blog
PCWorld Latest Technology News
CNET TV: Laptops
- ► 2016 (75)
- ► 2015 (94)
- ► 2014 (55)
- ► 2013 (126)
- ► 2012 (117)
- Glasses-free HTC EVO 3D smartphone announced for E...
- Hacker group LulzSec says it's dissolving itself
- Arizona DPS officials downplay attack's effect on ...
- A look at infamous hackers
- Arizona DPS: Officers' personal info, cartel brief...
- Report: Scottsdale-based GoDaddy sale rumored
- Tech-gadgetry groans
- Global hacking group breaks into DPS network
- Firms lighten cloud-computing load
- Police: Man updated Facebook during standoff
- Go Daddy gets approval to go .XXX
- Phoenix-area firm forms digital-sign alliance
- Pandora shares soar after IPO
- IBM has left its mark on century
- Phoenix-based company sues Apple over iCloud servi...
- Social sites connecting legislators with public
- Company plans more Blockbuster kiosks
- Hackers strike at major firms
- Nintendo's debut of Wii U draws investor skepticis...
- Apple called largest chip buyer
- France bans Twitter, Facebook mentions on TV, in t...
- CEO Jobs unveils iCloud, Apple's venture into virt...
- Tempe gets electric-vehicle recharging station
- Four Intriguing New Smart Phones - Yahoo! Shopping...
- China paper warns Google may pay price for hacking...
- Tenn. passes Web log-in theft bill
- How To Embed Practically Anything On Your Blog or ...
- ▼ June (27)