Government // Cybersecurity
News
11/22/2011
12:43 PM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Leaks Law Enforcement Forensic Secrets

Hacktivist group claims release of 38,000 emails related to the Feds' cybercrime investigations, in retaliation for stiff sentences for Anonymous members.

Members of the hacktivist collective Anonymous Friday released two swaths of data related to government groups, current and former law enforcement agency employees, as well as details of forensics methodologies used in prosecuting computer crimes.

Anonymous said the data release was in retaliation for the harsh penalties being meted out to members of its group for activities that it characterized not as crimes, but rather "electronic civil disobedience."

"As part of our ongoing effort to expose and humiliate our white hat enemies, we targeted a Special Agent Supervisor of the CA Department of Justice in charge of computer crime investigations," according to an Anonymous statement released via Pastebin. "We are leaking over 38,000 private emails which contain detailed computer forensics techniques, investigation protocols, as well as highly embarrassing personal information." The stolen data was released via Tor and BitTorrent.

[ A former Anonymous hacker offers security tips. See 14 Enterprise Security Tips From Anonymous Hacker. ]

Based on a resume that's included in the trove of documents, Anonymous stole the data from Alfredo Baclagan, a former California highway patrol officer who retired in 2010 from his position as special agent supervisor for the California Department of Justice, where he was responsible for overseeing the agency's computer crime investigations.

Anonymous said the released data includes six years' worth of emails from an International Association of Computer Investigative Specialists (IACIS) email list of which Baclagan was a member, "which detail the methods and tactics cybercrime units use to gather electronic evidence, conduct investigations, and make arrests."

"The information in these emails will prove essential to those who want to protect themselves from the techniques and procedures cybercrime investigators use to build cases," according to Anonymous, which said that the emails contain details relating to how EnCase Forensic software gets used, recent attempts to crack TrueCrypt drives, as well as tips for preparing search warrants and subpoenas.

Anonymous said it also released the entire subscriber list for the IACIS email group, "causing the administrators to panic and shut their list and websites down." IACIS didn't immediately respond to a request for comment asking it to confirm whether its email or membership list had been breached by Anonymous.

The release of Baclagan's professional and personal information was meant to serve as a warning to anyone who worked for or with government agencies that prosecute Anonymous members, according to the group. "Let this be a warning to aspiring white hat 'hacker' sellouts and police collaborators: stay out the game or get owned and exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to keep owning your boxes and torrenting your mail spools, plastering your personal information all over teh (sic) internets," it said.

Also on Friday, Anonymous released a Pastebin post detailing its claimed exploit of multiple law enforcement-related groups. For starters, it claims to have released full names and user-supplied passwords for 1,000 members of the Boston Police Patrolmen's Association, "in retaliation for the unprovoked mass arrests and brutality experienced by those at Occupy Boston."

It also claimed to have accessed the "intranet, clients, and employee wiki portals" for website development firm MatrixGroup.net, as well as about 100 of the government, military, and police websites that it hosts. In addition, Anonymous claimed to have released about 600 MB of data--"including internal documents, membership rosters, addresses, passwords, social security numbers, and other confidential data"--from the International Association of Chiefs of Police.

Sensitive customer and business data is scattered in hidden corners of your infrastructure. Find and protect it before it winds up in the wrong hands. Also in the new issue of Dark Reading: The practical side of data defense. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.