Published June 30, 2011
PHOENIX – A second computer hacking attack in as many weeks against Arizona state police targeted the personal email accounts of some of its officers, an official confirmed Wednesday.
The Arizona Department of Public Safety is reviewing the information released by a group calling itself AntiSec, said Capt. Steve Harrison, an agency spokesman. An attack last week by the computer hacking collective group Lulz Security targeted officers' DPS emails.
LulzSec said Saturday that it was disbanding, but the new postings appeared very similar and referenced the earlier attack. They also used the same name for the latest communique. Harrison said investigators were working to determine if some of the same people are involved and if they are part of a larger hacking group known as Anonymous.
AntiSec said in an online post that it was hitting Arizona police again and "dumping booty pirated from a dozen Arizona police officer's personal email accounts looking specifically for humiliating dirt."
"This leak has names, addresses, phone numbers, passwords, social security numbers, online dating account info, voicemails, chat logs, and seductive girlfriend pictures belonging to a dozen Arizona police officers. We found more internal police reports, cops forwarding racist chain emails, k9 drug unit cops who use percocets, and a convicted sex offender who was part of FOP Maricopa Lodge Five," the group said.
The Arizona Fraternal Order of Police said the former officer mentioned was retired and had moved out of state when he was charged with a sex crime. He had maintained his membership, but when the group learned of the conviction in 2008, he was expelled, executive director Jim Mann said.
"It sounds like it's kind of politically motivated. It's tragic to think people will come after law enforcement and police officers," Mann said. "We believe that anybody who does something like this should be prosecuted to the fullest extent of the law."
The group said it specifically targeted DPS spokesman Harrison, who they said has "been bragging to the news about how they are upgrading their security and how they will catch the evil hackers who exposed them. Clearly not secure enough, because we owned his personal hotmail, facebook and match.com accounts and dumped all his personal details for the world to see."
Harrison acknowledged in a press briefing Wednesday that his job as spokesman was likely the reason he was singled out.
"Speaking for myself, I think that based on last week's media attention, I think that's why I was targeted," he said.
The latest attack targeted between 11 and 13 personal email accounts of DPS officers across the state. Personal tax information, user names and email exchanges were among the items AntiSec posted.
The wife of one officer received a telephone bomb threat after his information was posted, and a DPS bomb squad checked his home, Harrison said. Another officer had a fake Facebook page created that included derogatory information.
Although it isn't yet known exactly how the personal email accounts were accessed, Harrison said he believed user names and possibly passwords from them were obtained in last week's attack, when seven officers' work email accounts were compromised.
One issue the hacked officers will have to watch for is identity theft, Harrison said.
"There's always that anxiety about what is that information being used for now, and what will it be used for in the future," Harrison said. "So there's some anxiety, there's some unknowns out there. Officers are going to have to change email accounts, change phone numbers."
In last week's attack by LulzSec, the group posted case files and the phone numbers and addresses of some officers. Many of the files LulzSec posted online were innocuous and included invitations to conferences and even some inspirational messages. Others focused on the activity and habits of drug cartels and threats to homeland security.
Those officers had access to their accounts through remote hookups. That practice has now stopped and no access is allowed from outside a secure agency network, Harrison said.
There is no evidence that the department's main servers, which can access criminal files, driver's license information and vehicle registration records, have been compromised, Harrison said.
The cyber attackers said they were specifically targeting DPS because of Arizona's tough immigration enforcement law known as SB1070 "and the racial profiling anti-immigrant police state that is Arizona."
LulzSec has previously taken credit for hacking into Sony Corp. -- where more than 100 million user accounts were compromised -- and defacing the PBS website, as well as a cyber-attacking the CIA website and the U.S. Senate's computer system.