When Operation AntiSec was started by Anonymous and LulzSec back in June and the two groups called on “any vessel, large or small, to open fire on any government or agency that crosses their path”, it was difficult to imagine that six month later hackers will still be at it.
The latest addition to the seemingly never-ending stream of hacks was made by a group of hackers “sailing” under the AntiSec banner as they downed the website of the California State Law Enforcement Association (cslea.com) and the websites of eighteen other law enforcement associations’ sites hosted by CSLEA.
They have also apparently managed to access the Association’s servers, open a few backdoors to them and use them to exfiltrate as much sensitive information about its members as it was possible. The hackers say that they are still preparing a bigger dump of all the information they collected, but have released publicly several forum databases and mail spools, which prove that Ken Fair, the Association’s computer and networks systems technician in charge, failed to do a good job protecting its assets.
“Interestingly, CSLEA members have discussed some of our previous hacks against police targets, raising concern for the security of their own systems,” commented the hackers. “However Ken deliberately made some rather amusing lies as to their security. He repeatedly denied having been hacked up until web hosts at stli.com showed him some of the backdoors and other evidence of having dumped their databases.”
Eventually he changed his email address, they say, and after the discovery of the breach they tried to secure their systems. “They changed a few admin passwords and deleted a few backdoors. Shut mail down for a few days. They also finally decided to set a root mysql password, but we got the new one: ‘vanguard’,” concluded the hackers. “But we still had shell on their servers, and were stealthily checking out the many other websites on the server, while also helping ourselves to thousands of police usernames and passwords.”
The Association’s website is still down, as are the rest of the websites it hosts, and the hackers have announced that a torrent containing all the rest of the information will be made available soon.