PHOENIX – State police said Friday that they are checking the security of the agency's computer system after an attack by hackers and they are investigating to determine the extent of the infiltration.
The Lulz Security hacking collective claimed on Thursday that it successfully accessed the Arizona Department of Public Safety computer system and took data including sensitive case files and the phone numbers and addresses of some officers.
Many of the files LulzSec posted online were innocuous and included invitations to conferences and even some inspirational messages. Others focused on the activity and habits of drug cartels and threats to homeland security, and many came from the Department of Homeland Security.
In one DHS assessment, the federal agency said drug trafficking and associated violence "represent the greatest threat to U.S. border security emanating from Sonora," referring to the Mexican state that borders Arizona. In another, the agency writes how terrorists can obtain acquire common chemicals to fashion homemade explosives.
Others were incident reports from years ago, including one in which a U.S. Border Patrol agent found an improvised explosive device on a rural road known for illegal smuggling activity in May 2009. The Pima County Sheriff's Office reported that the device, a pipe bomb wrapped in wires, exploded during the investigation and that it was unclear what the intention of the person who left it was. The report did not say whether anyone was injured.
So far, only seven out of DPS' 1,700 employees have had their email accounts compromised and their personal information seized by the group of hackers, an agency spokesman said.
"We're concerned that somebody was able to get that far," DPS Capt. Steve Harrison said Friday in an interview with The Associated Press. "We don't consider it so severe that it's going to compromise future investigations."
Harrison said it doesn't appear the hackers accessed DPS' main server, but they may have gained entry to a computer that officers use to log onto email accounts and download whatever information was on that server's hard drive.
Some of the data the hackers may have obtained is information that DPS doesn't want to fall into the hands of drug traffickers and other criminals, Harrison said.
"It could be how drug trafficking organizations work, drug concealment methods -- things that we wouldn't necessarily want drug traffickers to know that we know," he said.
State police notified other police agencies after the attack occurred, urging them to apply security measures and protocols to check and secure computer systems in case LulzSec attempted to access other police computer systems in Arizona.
DPS has not received any reports of other police computer systems being compromised, Harrison said.
A spokesman for the Phoenix office of the FBI says the agency was aware of the computer hacking situation at DPS.
"At this time we're not confirming or denying that we're involved in the investigation," said agent Manuel Johnson, an FBI spokesman.
The head of the state police union said it is alarmed by the computer attack.
"We understand that some of the information that they have obtained could compromise the safety of our officers," said Jimmy Chavez, president of the Arizona Highway Patrol Association.
The cyber attackers said they were specifically targeting DPS because of the state's tough immigration enforcement law known as SB1070 "and the racial profiling anti-immigrant police state that is Arizona."
The LulzSec group also said it planned to release "more classified documents and embarrassing personal details of military and law enforcement" every week, but it was unclear whether other Arizona agencies were targeted.
Arizona Attorney General Tom Horne said the group's actions could be prosecuted under either state or federal statutes.
However, prosecution would have to wait "until DPS finds somebody to prosecute," Horne said.
Arizona's law against computer tampering makes it a felony to cause the disruption of a computer system, access a state-government computer to obtain confidential information or recklessly use a computer to threaten or subject a person to substantial emotional distress for no legitimate purpose.
Under the state law, a disruption of a computer system that is necessary to protect public safety is high-grade felony, punishable by up to 12.5 years in prison.