You hear it all the time: “Of course the big guys are susceptible to a cyber attack they are a multinational corporation. We won’t get hit, we are just a small manufacturer in the middle of nowhere.”
Wrong. A bunch of small towns may have felt that way once, but surely not any more as the hacker group Anonymous stole credit card numbers and emails from 70 mostly rural law enforcement websites in the United States in retaliation for the arrests of its sympathizers.
Web security experts said the cyber attack shows that no website is too small to avoid hacking, especially as more law enforcement agencies upload sensitive information about investigations, inmates and officers to their sites.
“It seems to me to be low-hanging fruit,” said Dick Mackey, vice president of consulting at Sudbury, MA-based SystemExperts. “The smaller the organization, the more likely that they don’t think of themselves as potential targets. They’re not going to have the protections in place that a larger organization will have.”
Many of the sheriff’s offices outsourced their websites to the same Mountain Home, Ark.-based media hosting company, Brooks-Jeffrey Marketing. If hackers could breach Brooks-Jeffrey’s defenses that would give hackers access to every website the company hosted, said Kevin Mitnick, a security consultant and former hacker.
Most of the sheriffs’ department sites, if not all, were either unavailable for most of Saturday or had been wiped clean of content. Some had started to reappear online Saturday evening.
The emails were mainly from sheriffs’ offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi. Many of the leaked emails appeared to be benign, but some of the stolen material carried sensitive information, including tips about suspected crimes, profiles of gang members and security training.
The leaked information also included five credit card numbers, which Anonymous said ended up making “involuntary donations.”
In a statement, Anonymous said it leaked “a massive amount of confidential information that is sure to (embarrass), discredit and incriminate police officers across the U.S.” The group said it hopes its disclosures would “demonstrate the inherently corrupt nature of law enforcement using their own words” and “disrupt and sabotage their ability to communicate and terrorize communities.”
The group did not say specifically why they targeted these sheriffs’ departments, but law enforcement officials in the United States and elsewhere are pursing Anonymous members following a string of high-profile data thefts and denial of service attacks.