What a cock-like thing to do:
"Meanwhile, in response to threats from the government of Ecuador, Anonymous releases personal data (names, ID numbers, dates of birth etc) on 45,000 local police officers."
Hacktivists have released a huge cache of stolen data from US law enforcement agencies as revenge for the arrest of alleged members of LulzSec and Anonymous. The 10GB data dump covered personal information, email addresses, social security numbers, and credit card details swiped from an online sheriff's store. The batch also …
"Meanwhile, in response to threats from the government of Ecuador, Anonymous releases personal data (names, ID numbers, dates of birth etc) on 45,000 local police officers."
So now the drug cartels have a cheat-sheet on who exactly to bribe/intimidate/kill as they ramp up operations there. Of course, they may have had that already.
I think the term 'hacktivist' lends an aura of respectability where it doesn't belong.
While I don't agree with the ideas behind whole Wikileaks exposé, there at least was a certain defensible point in exposing things that had otherwise been covered up.
What we are seeing now is nothing shy of digital terrorism by a bunch of anarchist script kiddies throwing a temper tantrum.
Throw the book at 'em.
I also think it's time The Register stop calling them "hacktivists", or at least call them "self-styled hacktivists" or something; I would prefer something more descriptive, like "on-line thieves" or "criminals".
That would involve the hacks here listening to their readers...
Most of whom are idiots.
Was the hack successful because the website security was a laugh or because these terrorists were so good ?
Considering their total unethical (or braindead) behavior with regards to personal data (thereby hurting many people who aren't even directly involved in all this) I'm not really impressed by their "skillz" anymore.
I follow you on Syria, no one is going to cry for them, and I don't think that's where the angst in comments above comes from.
Releasing the SSN and personal info of police officers (or any public person) is just wrong, its like pushing a baby in a crib off a high wall, yeah the mother shouldn't have left the pram in a dangerous spot, but you are still a baby killer when you push it over.
The worst appears to the part about informants - these guys took a big shit on civil society and are going to loose support, and worse, maybe even get their own friends against them and turning them in.
@AC, so you're essentially saying that any action is justified, illegal or otherwise, just because a person believes in their cause? Flying planes into buildings or bombing buildings must be ok, too huh? Just because they're forms of activism? Totally righteous. Keep arguing the definition of the word "activism", but in the end you're a clueless sheep. What they are doing is not right, is not legal, constitutional and certainly not heroic or anything to be looked up to. Ruining the lives of thousands of innocent indivuduals by exposing every bit of their personal information is not justifed, no matter the cause. Defend that, you asshat.
Do not forget that agencies and corporations do not think twice about revealing your information so they can make a profit or serve their political needs, so Anonymous doing that onto them is simplay a case of turn about is fair play.
Do you really believe them to be terrorist? Anonymous does not use violence in any way. They do not threaten children, they only respond upon those that have attacked your rights, and the response is always peaceful.
I think you need to think about that term a little more before pinning it on somebody.
...that sitting at the front of that bus, or eating at that lunch counter, was also "not right [...] not legal, constitutional and certainly not heroic or anything to be looked up to" either at the time. But it sure did get its point across, dinnit?
(Oh, and by the way, these not right and illegal acts are now considered constitutional, heroic, and something to be looked up to. My, how things change....)
That was just terrorism coming home.
Politicos will always have dread of non-violent action. More so when face to face with their own words, identities and actions -- actions often enforced with brutality.
Let me spell this out: What Anon/Lulz sec are doing is poles apart from anti segregation/anti racist peaceful protest.
Don't do it.
It insults Dr King and Rosa Parks and everyone involved in the civil rights movement.
Wow! How do you manage to post from so far out in space? Rosa Parks sitting on the front seat of the bus was risking her OWN life for a REAL cause, not exposing police informers that may get killed for a few "lulz"! Personally, I think the only way you could even make such a comparison would be after a labotomy. Congrats, you have managed to generate a new level of uberfailure, even in comparison with the master fail of the Anonyputzs.
@AC 18:40, again, you don't get it. The only people who are going to suffer are the people using the services of the corporations getting hacked, whose personal info is now released to the black market for people to exploit. Those people did nothing wrong, and do not deserve being at risk to have their bank accounts emptied and credit ruined, at best. There are other ways for them to make a point, and if they take the high road and leave people out of it, I have no problem, and they're probably right.
And seriously, Someone Else? Rosa Parks? You're seriously comparing them to Rosa Parks? She improved the lives of millions of oppressed people by sitting on a bus. Lulz is ruining thousands of lives, hiding behind the internet. Period. Please reassess your definitions of right and wrong.
Your being too subtle, chill out though.. the majority of the readers understood what you said... I hope ;)
Point of order, My mother buys the Daily Mail and apparently the crossword is very good the rest is used to line the cat litter tray.
"It is activism"
It seems to me that everyone accepts there is justfied activism, but that there is also sheer criminality and mischief making for the sake of it, with no thought to the damage caused to innocent parties. The objection is to lumping them all together as "hacktivists" which makes the criminals and mischief makers sound more cuddly than they are.
Is there a reason WHY all this info is on a internet-facing computer, or was it all on some mugs desktop?
These idiots do highlight one thing, if it absolutely does not need to be constantly Internet-accessible, keep it off a fucking internet connected computer!
Even if they need to shift officers records around, VPN that shit.
Most of the data was stored by a 3rd party marketing company. Presumably so the departments could access it at any time without running their own servers. Not sure why a marketing company would have that info though...
The marketing company seems to be the one at fault (for the U.S. departments anyway).
"Is there a reason WHY all this info is on a internet-facing computer...." You need to direct that question to the beancounters. Usually, 90% of responsibility for security issues belongs to beancounters that say things like "We don't need UNIX, it's too expensive", or "We don't need to hire real security professionals, those graduates are much cheaper". I'm betting is what will have happened is some group of police beancounters will have got together, without any representation from anyone with a clue about IT, and decided that outsourcing their personnel system and records to a third-party "is a good idea that will save money". If you keep your personnel and records inhouse, you can make it a closed system with no Internet access. Problem is any such outsourced solution cannot be closed off as it needs an access point for the customers (the police forces in this case) to login to access their data. Any form of gateway to the solution is potentially a security hole (you listening, cloud fanbois?). Even a VPN is only as strong as the passwords and certificates used.
If you need non-IT-literate people (like your average human resources administrator) to use the solution then their password and username choices are going to be weak at best, especially if the service-provider doesn't enforce strong password techniques. I'm betting the Anonyputzs did nothing more 1337 than download a password brute-force tool to use on some officer's gmail account, then tried the same username and password on the third-party database. Or the third-party's web-facing servers were just as poorly secured that retrying common paswords got them in.
So, the Anonyputzs are not "hackers", they just used downloaded toolz and took advantage of poorly-educated luser behaviour. They are also criminals again, especially if they exposed informant data. If any of those informants is murdered as a result then I really hope they charge the Anons they catch with at least manslaughter.
...why anyone, especially a police officer who should know better, would give his/her SSN to a web-based store. No amount of discount for someone "on the job" would be worth surrendering up that vital piece of info to a profit-based company whose apparent response to the concept of internet security is, "Yeah, I've heard of it".
".....why anyone, especially a police officer who should know better, would give his/her SSN to a web-based store....." Sometimes you don't have a choice, the beancounters or HR make the decision and your data gets outsourced to a third-party. This is happening more and more, even with big corporations, as they seek to cut costs by outsourcing their HR, pensions, etc, to companies that offer such administration as a service. Even should you change companies, that previous employer has to hold information on you, and that will usually stay at that same thrid-party. It's also happening in the UK with local councils outsourcing stuff that used to be done internally to outside companies, some of them in totally different countries. Usually, the driver is cost-cutting by the beancounters. Should that third-party service provider prove to have security made of marshmellow then you are screwed without having had any say in the matter.
Even if my data was involved.
The bad guys ("shady rat") have been doing this in secret and for money for a very long time - but nobody likes to talk about it, claiming security where it never really existed.
At last, there's somebody exposing this security-theater.
to expose this 'security-theater' without posting the SSN's of police officers and otherwise uninvolved individuals.
Even though real people may die?
OK, so I respect the argument, if there no damage then they won't do anything about it, cant make omelet without breaking eggs, and all that tripe.
So why do these hackers continue to hit the common man in the nuts? They make themselves seem like thoughtless bullies and arrogant assholes when they do such an action.
Need to release something for change to happen - then release the Police Chief and other top admins SSN, or even better the government bean counters and politicians that probably made the actual decision, or even better the security company that was contracted to do the work.
actions like this make them look Lazy and mean
You're right. Casualties of war. Whatever it takes. It's great that these people are just collateral damage in the quest for a more 'secure' intertubes.
If you were trying to convince someone they should have a home security system, you'd just break into their house and steal everything they own? "See... look how easy that was."
Any gripe you may have with the 'powers that be' (aka: business office, boss, managers, etc.) doesn't justify this.
it's more them saying "check me out, I've got an impregnable fortress of a house! No-one can get in or out without my say-so. You can trust me to keep all of your records and valuables safe in My Impregnable Fortress of a house."
and THEN you turning up and nicking everything.
I've done a similar thing once at uni- after a friend installed an awesome new security system on his ground-floor flat and spent the night boasting loudly about how awesome it was he found me sitting in his living room waiting for him when he got home from the pub. I'd just scrabbled through a window in the 2 minutes it took him to get round the other side of the building and open the door. I told him about the problem, handed him the blutac impressions of his front door key I'd made and then left.
A few weeks later his PS3 got nicked. Through the same open window. This, I have to stress, wasn't me or anything to do with me- someone else noticed the crappy security and chanced it.
Since then, he's always kept his windows locked at night.
The moral of the story? You can show people you can get into something they consider 'secure', and you can show people that once in you can make it really, REALLY easy to get in undetected afterwards (with a copy of the key). But until something happens to really ram it home they'll pay you no mind and think 'ah, it'll never happen to me'.
"it's the foe and not the friend that taught cities to build high walls" -- Aristophanes.
Saying that, giving away information on informants is just plain wrong and warrants a serious punishment. The rest of it? Wouldn't have happenned if they had taken more care with that data.
"If you were trying to convince someone they should have a home security system, you'd just break into their house and steal everything they own? "See... look how easy that was."
Why sure! There was a TV show where they did just that... and the people who got burned sure puckered up their backends to make their home more secure. Let's face it, there is a pack of dull-normals who manage to impress other dull-normals into paying them real taxpayer money for bogus unsecure services that they pay some kids peanuts to set up. They have no business getting anywhere near an ethernet cable, yet they continue to get the chumps to hand over ~our~ money. GOOD! Expose them for what they are, completely and hopelessly inept. I can see no reason Social Security numbers would need to be in the hands of a 3rd party outfit, if it's such a matter of high security. They got placed there and those people left it lying on the sidewalk for a bunch of kiddie scripters to pick up. Plain and simple.
You did your friend a service, puncturing his ego, but stopping short of emtyping his stuff out on to the street (as the hacktivists like to do). Your friend was certainly remiss in not updating his system, but was it a good thing that someone broke in and stole his toys? I'd say not.
We need a 'cry-baby' emote for these dolts.
Realsing informant data is supremely stupid, selfish and dangerous, way to go, you guys have probobly actually just killed at least one person.
Fact is, the information doesn't appear particularly hard to get a hold of, anyone who seriously wanted it probably already has it. They would have gone in, stolen it, pulled out the information they wanted and thrown the rest away, meanwhile keeping it all hush hush so the next time they wanted some info they could pop in the same way. The only people who didn't have access to the info was people who didn't really care....umm....us!
These guys have done a favour for a lot of people by exposing just how easy it is to get information. May be it will be better safeguarded next time so anyone with an ounce of brains a few spare minutes couldn't pop in and grab whatever they want.
Not the poster.
You assume that possible violent or likewise people have the same talents as you do. This is just more self-justification, and its lame IMO.
Sad that your comment has got 2 down-votes, it really shouldn't. Releasing information on informants is indefensible. It's significantly different from releasing information on police officers; the majority of informants are everyday members of the public, like old ladies on council estates.
Trying to justify how they may be safer in the long run if they are put in immediate danger now doesn't quite work for me.
Massive critical thinking fail from you. Basically, you've based your estimation of the skills of other people on an analysis of your own, then added in some massive assumptions about their probable behaviour based on this.
"Fact is, the information doesn't appear particularly hard to get a hold of"
Depends if you are an extremely computer literate criminal. Perhaps that is an area to study, whether levels of computer literacy within the criminal world are significantly higher than in the general populace...
I'll hazard a guess that the vast majority of criminals do not have the skills to hack into anything. But I bet a lot of them are capable of downloading a list of addresses, going to the house and throwing bricks through a window.
"These guys have done a favour for a lot of people by exposing just how easy it is to get information"
No, they really haven't. I would have preferred to learn about the failings of our law enforcement in a way that didn't put innocent people in danger, or utterly undermine relations with police and normal people.
There are clearly real problems to fix - I think we should try and fix them in a way that doesn't break a load of other stuff at the same time
"Sad that your comment has got 2 down-votes, it really shouldn't. Releasing information on informants is indefensible. It's significantly different from releasing information on police officers; the majority of informants are everyday members of the public, like old ladies on council estates."
Really? I'm not going to download this 10g of data and try to mine it to confirm my suspicions (for one thing, I am not so confident in the anonymity of the internet as Anon seems to be), but I suspect that most "informants" are criminals themselves who sold out their mates. I have... minimal sympathies. It would be unfortunate if retribution were taken against them, but we aren't talking about "old ladies on council estates." They fall under a different class all together. They're also usually less likely to be vindictively hunted down by the multiple felon who was sold out by one of his own.
Along the same lines, after I thought about it for a while (and I thought about this for some time, I must say) I can honestly say that I don't see a great increase in danger to at least U.S. police (Arizona, Missouri, etc.) from this data leak. I've lived in multiple locations in the U.S., including Missouri, and every single time could tell you where the local cop(s) lived, usually along with their names. The police may not publish a directory, but their home addresses are an open secret. Now, are they at greater risk for all sorts of mischief now that their social security numbers are dumped all over the net? Of course! But that's a FAR cry as claiming that their lives have been endangered.
So, my final conclusion is that while I can't really condone this action, I find the wave of condemnation to be greatly overblown.
... now I wait for my own wave of downvotes. *sigh* ;)
In Miami, to the best of my knowledge, you recognize the police officers' houses as there is a police vehicle parked in front of them at night-time – unless they're working nights
The safest system is one where there is generally mutual respect – luckily mostly the case nowadays – it avoids the kind of bottled-up hostility that causes riots
"but I suspect that most "informants" are criminals themselves who sold out their mates. I have... minimal sympathies"
You can judge a society (or a person) by how they treat criminals, and the vulnerable. 'nuff said.
"Really? I'm not going to download this 10g of data and try to mine it to confirm my suspicions..."
It'd be difficult, certainly. You'd hope they have a column somewhere in the data where it says 'Criminal' or 'Innocent' :-D
"...but I suspect that most "informants" are criminals themselves who sold out their mates."
Check this out: http://www.drtomoconnor.com/3220/3220lect02c.htm. It's an interesting source of information on who constitutes an informant and the ways you could segment them. Turns out it's not so simple as 'Criminal' or 'Innocent'.
The best quote from my perspective is: "Cultivated sources typically include people doing business around an area where criminals conduct their business. Examples include taxi drivers, hotel employees, airline employees, automobile salespeople, doormen, gun dealers, bartenders, private investigators, apartment managers, package delivery employees, and proprietors or employees of restaurants"
My opinion on this depends a little on how much of the 10gb is made up of these kinds of people
Oh, and if you can find other or better sources of info on the topic, please share them.
"I have... minimal sympathies. It would be unfortunate if retribution were taken against them, but we aren't talking about "old ladies on council estates." They fall under a different class all together. They're also usually less likely to be vindictively hunted down by the multiple felon who was sold out by one of his own."
There's a little bit too much "guilty of something once, guilty of everything always" vibe in this idea for me, and even then it doesn't justify condoning violence against them since the act of informing is usually for a greater good, isn't it?
"<snip stuff about cops being accessible already> Of course! But that's a FAR cry as claiming that their lives have been endangered."
There's something in that, of course. I'm specifically separating the value in publishing informants' details versus police officers' details.
"... now I wait for my own wave of downvotes. *sigh* ;)"
Just wait til you comment on an environmental story on here. Jeeeee-sus!
You have to give credit for hacking the Syrian Ministry of Defense website...
It encouraged the military to revolt against orders to kill their own citizens .
I don't thing the other things they have been doing over the weekend are morally correct but for the Syrian hack at least they are doing 'something' and letting the people of Syria that they have support .
Anyone who says negatively of that event - I ask you : -
"What have you done to help?"
Nice one numpties, now you'll probably get people killed.
Do they have the stomach for knowing their disclosure will likely result in some very painful deaths?
If they don't care, then perhaps a different moniker that has nothing to do with the word "hacking" should be adopted.