back to article Hackers dump secret info for thousands of cops

Hackers said they posted the names, addresses, and other personal information of 7,000 law enforcement officers that were stolen from a training academy website they compromised. Many of the entries also included the officers' social security numbers, email addresses, and the usernames and passwords for their accounts on the …

COMMENTS

This topic is closed for new posts.
  1. Zane
    WTF?

    Do I get this right?

    They stored the password unencrypted? Are there OS's still out that store passwords by default unencrypted? Even for a web login there are quite some standard libs that will store passwords only encrypted, right? Today you really need to spend some effort to have logins that store the passwords enuncrypted, I would think.

    1. Anonymous Coward
      Boffin

      If the passwords were actually stolen

      As you point out, it indicates a level of incompetence one would have thought one would have seen in at least two decades. The "Missouri Sheriff's Association" should be sued out of existence.

    2. Chris Harden
      Facepalm

      Not that simple

      Unfortunatly it's not that simple. The OS has nothing to do with how a website stores its usernames and passwords, the code for the website does that, and while there are libraries to help you do hashing etc, there is no 'make me a ultra secure, scalable website' library you can just plug into a webserver and it 'just works'.

      You do get things like dotNetNuke and other CMS solutions which come with secure login bundled in but they have a learning curve that most people don't bother with.

      Lastly there is the .NET framework's FormsAuth (lastly that I am aware of, I'm a .NET developer so have no insight over PHP or Java's offerings) which kinda gives people the ability to custom roll a secure area and make it not suck but that is more like a really gentle push in the right direction, it's no way pretty to use if you want to get really custom on it.

      So in short, unfortunatly there isn't, and the quickest (IE cheapest) and easiet way to create a website login is just to roll it yourself.

      The excuse I usually hear for not hasing passwords is that if a user forgets the password, or the 'business' want to be able to log into customer's area's for testing purposes, it is easier if the password can be extracted from the database. "And no encrytion is not enough because then I might actually have to use some quick and easy to use tool to read the password as opposed to SQL Server Manager."

      1. Anonymous Coward
        Boffin

        That's not an excuse for bad security.

        Wanting to retrieve a password is no excuse for storing passwords unencrypted. And hashing is not the same as encrypting.

      2. peredur
        Pint

        Password retrieval

        I feel your pain. It's not a great excuse though, is it? All the systems that I know of have ways of retrieving or resetting passwords. In the worst case (i.e. where it's the business and not the user who wants to be able to retrieve the password), a db admin could manipulate the user's record such that the password could be retrieved/reset without going through the Web site's security checks.

        It's hard, for me, to imagine a system where a db admin couldn't do that: at least where we're just talking about simple uid/pwd validation and not the use of some other security device as well.

        Cheers

        PAE

  2. Destroy All Monsters Silver badge
    FAIL

    This is getting rather propeller

    Dumping dox of informants?

    Uh, maybe not the best idea.

    1. 5.antiago

      4 thumbs down?

      Not sure why your post has got 4 thumbs down - I guess that proves at least 4 Register readers can't see the wider context

      Exposing informants completely undermines everything. Remember Wikileaks, and the claims against them that the releases put people in the field in danger: it turns people against the idea. (It doesn't matter that it's not necessarily true - mud sticks and people will use it to get others on their side when they file their "Anti-Freedom" bills into Parliament/Congress.)

      It's counter-productive. You can't claim to be fighting the good fight while putting common normal people in danger. It's just like NOTW claiming to be the soldiers' friend, while hacking the families. It reveals that the true agenda lies elsewhere

      I hope this release isn't true, I appreciate it needs to be confirmed

    2. Anonymous Coward
      Anonymous Coward

      Dumping informant details

      It may endanger the informants, but it also shows that they were never really protected in the first place. Often the dangerous criminals are able to get that stuff anyways, and by the same methods, they just don't publish it and so it never gets fixed. At least this way it lets the informants know they are not safe, and cannot trust law enforcement.

      It is a good tactical move.

      1. 5.antiago

        Retro-justification

        "At least this way it lets the informants know they are not safe, and cannot trust law enforcement."

        But that's the wider point, that's crucial for all of us and society. Informants *do* need to be kept safe, and *do* need to be able to trust law enforcement.

        Clearly they have not been as safe as they should, but that's always been the goal. Now the goal cannot be attained.

        There are better ways of highlighting the dangers to these informants than actually putting them in more danger. Before they were in a bit of danger, but now they are most certainly in absolute danger.

        Well done, power to the people! Stick it to the man! Oh, wait, there are youths setting fire to a car in my road but I best not report it

    3. Barracoder
      Big Brother

      Hardly.

      They have all our info and have no qualms about using it. Now we have theirs.

      Democracy at work.

      1. 5.antiago

        Distinction

        "They have all our info and have no qualms about using it. Now we have theirs"

        You missed the distinction.

        I'm talking about informants. You're talking about members of the police.

        If you want to call the police "Them" then fine. But informants are usually "Us"

  3. Anonymous Coward
    Thumb Down

    WTF?? Releasing personal info on individuals - again

    How can releasing the personal information of law enforcement officers possibly be justified?

    In the early days it was about information security, internet openess and DRM, then it was about taking big corps down a peg or two, then it was for the lulz.

    Now, they are twisting the agenda to include retaliatory attacks against the people who are employed to protect and serve. How sad that such high and noble ideals should come to potentially telling convicted murderers where 7000 cops and their families live.

    It's just not funny anymore (if ever it was in the first place).

    Annon, Lulz, et al - please grow up and take your anarchic agenda elsewhere.

    1. Anonymous Coward
      Anonymous Coward

      Grow up?

      You mean like switch to shooting, torturing and imprisoning people instead of just hassling them on the internet? That's what grown ups do isn't it? Besides, these are enemy combatants not innocent people. And if a few of them are innocent, oh well, that's collateral damage I guess. That's how the grown ups justify it anyway.

      Is that what you want? I sure don't. I'll take juvenile mischief over the adult kind any day.

      1. Alex 14
        WTF?

        Wow...

        Falsest dichotomy I've read for a very long time. You don't have to take ANY kind of "mischief"!

    2. Anonymous Coward
      Unhappy

      idk man

      Perhaps a little better targeted -><ambivalent> After seeing a video of some poor 37 year old homeless guy with a mental issue to death in Fullerton, California recently, I'm not so sure. Hearing this guy calling for his dad as they yelled "Quit Resisting" over and over while they kicked his ass into a coma and eventual(!) death, me, having four boys of my own, saw red.I could care less about the cops that participated in that attack - throw them naked in the middle of the prison yard during open rec and turn off the cameras</ambivalent>

      It is weak that AntiSec or whomever is obviously going after low-hanging fruit, at least have a legitimate target.

    3. Svein Skogen
      Megaphone

      Their Reasoning

      Disclaimer: I do not make statements to either acknowledge or deny agreement with the hackers in this case. If you think I agree, or think I disagree, please read this disclaimer again until it makes sense.

      I believe the logical reasoning behind the hackers releasing all they could find on law-enforcement, is that they've seen the law-enforcement becoming profit-enforcement for those with deep pockets, and not law-enforcement for all citizens. I suspect that as long as they continue to see law-enforcement being abused as the private enforcement arm of Corporate States of America, the hackers WILL consider all law-enforcement officers, and affiliates, legal targets for their vendetta.

      I can understand their logic on this one, even if I neither agree nor disagree.

      //Svein

    4. Anonymous Coward
      Anonymous Coward

      This is what I was thinking

      Releasing docs that expose corruption, abuse of process etc; that's one thing and something I would mostly support.

      But this? This act I do not agree with. They are treating all of these officers the same and whilst there are certainly some who will deserve a sound kicking, there are many who are trying to do their job the best they can.

    5. Anonymous Coward
      Anonymous Coward

      Justifications

      We have seen data unprotected, unencrypted by many government agencies and corporations for many years. They all claim to keep it safe, then they either do something stupid which gets it released, or fail to protect it as happened here, or even worse, they intentionally give it to business partners who do who knows what with it.

      At the same time all this goes on, those in law enforcement and political positions are often excluded from those and other published list. Turn about is fair play. About time they get a feel of what everyone else goes through.

    6. Anonymous Coward
      Anonymous Coward

      It was never about information security or openess in the first place.

      It's just that unlike the current crop, the old guys thought they needed a justification to get their lulz.

  4. Anonymous Coward
    Anonymous Coward

    Hackers becoming threat to society

    "AntiSec also said it released the names and personal information of anonymous law-enforcement informants"

    If this is true, police should deal with these hackers the same way the gangs will deal with informants: bullet through the head. Signing people's death warrants for the lulz is not funny.

    These hackers are fast becoming a threat to society. They need to be taken down quickly, before politicians start altering the law to make anonymity on the Internet impossible.

    Posted anon while I still can.

    1. zen1
      Mushroom

      enough's enough.

      Maybe any fallout that results to CI's or the officers (financial endagerment or death) should be exacted on anybody found and CONVICTED of being associatted with these particular groups. If the offenders are minors, then try them as adults. If they're smart enough breeze through security like that then they're familiar with the rudimentary concepts of right and wrong.

      It's one thing to be responsible for the whole of society paying higher interest rates to credit card companies; but it's entirely another to jeopardize the lives of the people who generally do their best at keeping us safe at night, while we sleep..

      1. The Commenter formally known as Matt
        WTF?

        >enough's enough.

        >If the offenders are minors, then try them as adults.

        Yeah and also I don't think they should have access to lawyers, or have any right to a fair trial either

    2. Paul Shirley

      law enforcement screwed up as well

      ...looks like law enforcement wasn't taking the informants security seriously anyway if amateurs could extract plaintext lists.

      Some would argue simply having the records on a computer shows reckless disregard for their safety, though it's probably cheaper and easier to just bribe a bent policeman than hire a black hat hacker...

      1. Destroy All Monsters Silver badge
        Meh

        Sleep with the dogs, wake up with fleas etc..

        "law enforcement wasn't taking the informants security seriously anyway"

        Well, that's par for the course.

        How do I know? Umm... better not say.

    3. Nell Hansen
      Holmes

      Which is the Greater threat?

      If this information is available for the scriptsters to find that easily, doesn't this show that even vaguely-organized criminal enterprises also had access to this information?

      If anyone is going to put a "bullet through the head" of the scriptsters, it's more likely the organized criminals that regularly trawlled the database for information who are now going to have find a new way to get the data they want. Signing people's death warrants because you can't be bothered to secure a database is not justification to execute those who showed these sheriff/emperors had no clothes, unless you are also associated with the organized criminals who are now going to have to work harder.

      The arrogance of the police to believe they don't need to encrypt their own data is a greater threat to society than the whisle-blowers. And if politicians are going to successfully alter the law to make anonymity on the Net impossible, they're going to have to start being a lot smarter than they clearly and repeatedly shown themselves to be in the past.

      Sherlock sarcastically because it shouldn't take a genius to figure this out.

    4. Anonymous Coward
      Anonymous Coward

      A part of me almost hopes someone does die

      If an informant who stopped a serious crime is killed because of this it might finally wake a lot of people up, both the hackers and the people who store life-threatening information in plaintext format, that this is a serious issue and not to be fucked around with.

      I'd rather they came to that conclusion without people dying, but somehow I doubt it.

      1. 5.antiago

        Someone to die?

        Jesus mate, how about a middle course?!

        Hack in, nick stuff to show it's real, but then *don't share the bit that puts normal people in danger*

        I'm sure that some informants are like the criminal rats in the moves, but I'd bet that most are normal people, pensioners on council estates, that sort of thing.

        If somebody does die, public cooperation with the police will skydive. Despite the obvious problems with the police organisation, we shouldn't throw the baby out with the bathwater

    5. Equitas
      Paris Hilton

      Ever had personal contact .....

      with an American cop in the course of his or her work? They very probably will indeed use a bullet, even if not necessarily into the head of any suspect they attempt to arrest in connection with this alleged offence.

      Not saying ours are any better -- it's just that they don't have guns routinely.

      Paris -- because even she knows what American cops are like.

    6. Anonymous Coward
      Anonymous Coward

      Bullet through the head?

      You need to think about that for a few minutes. If ytou believe in freedom, and justice, then you should believe people are innocent until proven guilty. Your suggestion of a bullet through the head takes all that away.

      Who's side are you on?

      1. zen1
        Pint

        The telephone game

        I don't believe I insinuated that anybody should be shot for hacking. I simply stated that if convicted, they should be tried as adults. And while I'm clarifying, I think a fair number of you seem to be operating under the misperception that 'merica is nothing more than one giant cess pool with the constant drone of small arms fire. That might be the norm for LA, San Francisco, Denver, Chicago, Cincinnati, most of "the south", Detroit, Cleveland, Pittsburgh and everything on the eastern seaboard, from Maryland to, oh say, the northern state border for Mass.

        We're not all uncivilized heathens or uncouth trash that rely on pistols. I happen to prefer my 30-06 or my .308 rifles.

        Now, back to "at the risk of sounding serious"... One can argue that the police screwed the pootch for laxed security, ok, fine. I'll grant you that one. BUT, comparing organized crime to a "hacktivist" group that's pissed at the world about wiki leaks? That's too much of a leap.

        If they ever do find out who's responsible AND those suspects are found guilty then they should be punished to the fullest extent of the law. Killing them? Nah, just remove all the product warning labels and get rid of product liability law suits and the gene pool will clean itself out in no time.

  5. Anonymous Coward
    Mushroom

    somehow I'm not feeling it

    LEOs tend to be stupid, so this may develop into an interesting scandal.

    LMAO in 5, 4, 3 ....

    1. Solomon Grundy
      Black Helicopters

      It's on purpose

      There is SCIENCE behind hiring practices for law enforcement officers. Part of that science strongly advocates hiring people who are not very good at original thinking and who quickly respond when their intelligence/power are threatened (or perceived as threatened).

      The idea being that officers won't be as prone questioning orders or to being outsmarted by crooks. Really. The idea is that you hire somone so stupid they can't be out-stupided and who can't think for themselves. It's probably not a terrible theory but in practice far too many stupid violent thugs are the people who best fit the bill.

  6. Chris Hatfield
    Stop

    title

    Didn't that twat Aaron Barr pine for stuff to make Anon & Glenn Greenwald look like bad guys? This could be them

    In any case, who ever did this is irresposible and stupid.

  7. -tim
    FAIL

    Petty disputes getting out of hand?

    If I tell a local Bikie gang that they are sissies and one of them hits me, the local cops will tell they may file a report and I shouldn't be so stupid next time. The powers that be decided to take funding away from wikileaks and a bunch of people decided to hit back in a controlled way for 2 hours at each site. Had any of the payment providers simply said they were sorry and allowed payments again the spat would be over but egos got in the way and the big players got the FBI involved and their ego didn't allow them to tell the processors to just deal with it like they should have. The result is this will escalate and now its involved thousands of people outside of the grip of US law enforcement and this will lead to an all out attack against either Master Card, Visa or Paypal and it could bankrupt them if the timing is right. Since the technical details have already appeared in the IRC channels on how to bring down MC for good, its management has a legal obligation to its stock holders to make sure that doesn't happen even it it means backing down and a token donation to wikileaks. It may be morally wrong to pay the mobster not to break your knees but when they show up with a sledge hammer, you pay.

    1. DavCrav

      Come again?

      "If I tell a local Bikie gang that they are sissies and one of them hits me, the local cops will tell they may file a report and I shouldn't be so stupid next time. The powers that be decided to take funding away from wikileaks and a bunch of people decided to hit back in a controlled way for 2 hours at each site. Had any of the payment providers simply said they were sorry..."

      Oh wait, you think it's the payment providers who are being petty, not the skiddies? Oh, and while it would be interesting to see MC being taken down for good, I think it would be the easiest way to make sure you have the entire world's resources focused on finding you and landing you in a jail cell/executed for financial terrorism...

      1. Solomon Grundy
        Black Helicopters

        Payment Providers

        Yes. They are the ones being petty. What they deserve is a good old-fashioned ass kicking on the sidewalk. I think they got off light with a couple of temporary website outages.

        I don't think releasing the details of the cops is helping though. Most of those guys are just dumb rednecks who probably really try to help society (hopefully anyway). I do believe that the hackers/scripters have a valid point though. Law enforcement is getting out of hand and has become a private army for large corporations.

        If a mom & pop commerce site was DDOS'd do you think the federal law enforcement would be arresting suspects on your behalf? You'd be lucky if the cop you talked to even filed a report.

  8. Black Betty

    IF they use (and reuse) the same password.

    Strikes me, that a badge #, or other job related "word" as a password would indicate at least rudimentary attempts to use DIFFERENT passwords.

    BTW Zane, not necessarily if it's less than 100% compromise of PWs. A dictionary attack on most enctrypted password files will succeed on a great many of the passwords, whatever the source. The exact contents of the released data would tell though. 100% of passwords would indicate either a broken reversible algorithm, or plaintext storage.

    But then again, consider the number of subscription websites that even today return the actual original password to an "I forgot my password" request. It most certainly is possible.

  9. Sir Barry

    I don't see the point.....

    I think Anon and the breakaway groups have forgotten why they started in the first place.

    What do they think they are going to gain by this?

    I reckon thekeyboard warriors should come out from beind their computer screens and stand up and protest in person like real children, um, men.

    1. Cazzo Enorme

      Re: I don't see the point.....

      "I think Anon and the breakaway groups have forgotten why they started in the first place."

      Nope. They started doing it for a laugh (or Lulz if you must), and they're still doing it for a laugh. No altruistic motive ever intended.

      1. 5.antiago

        I dunno mate

        "They started doing it for a laugh (or Lulz if you must), and they're still doing it for a laugh"

        I dunno about that mate, try following a couple of them on Twitter. There's a whole lot of "For the People, For the Greater Good" harping going on.

        We are anonymous, we are coming for you, the rights of the people cannot be trodden down by those with the power, etc etc etc.

        I think some of them are certainly buying into this rhetoric, it's picking up steam but not necessarily any sense to go with it

        1. Anonymous Coward
          Anonymous Coward

          "For the greater good"

          The greater good!

        2. Gav
          Unhappy

          Those you should be scared of

          "For the People, For the Greater Good"

          Sounds like self-important, self-appointed vigilantes to me. Who made them arbiters of what is the greater good? Who voted for them as enforcers for the people?

          It's always the same; the zealots who are certain they know best what's right are the ones who cause the most misery.

  10. pcsupport
    WTF?

    Oh FFS

    Can some please take these immature wankers round the back and put some bullets through their heads?

    Attempting to embarrass legitimate target is (vaguely) acceptable; publishing details of innocent bystanders is just utterly stupid and irresponsible.

  11. John Latham

    One-time hashes?

    "The file strongly suggests that the training site failed to follow industry best practices by securing the password database with one-time hashes to prevent them from being read by attackers."

    What is this "one-time hash" you speak of? Is that where you do the hash then throw the salt over your shoulder for good luck?

  12. Alan Bourke

    " ordinary dictionary words, or were identical to their names or badge numbers"

    Zero sympathy then.

  13. Anonymous Coward
    Joke

    Has to said

    Piggies, start squealing.

  14. Anonymous Coward
    Stop

    reporting fail

    "antisec" is not a group, its the name of an ongoing operation.

  15. Shane8
    Devil

    LOL

    lemme guess, SELECT * FROM Users; ?

  16. Anonymous Coward
    Happy

    Well I'm glad they are helping their "friends"...

    ...because now prosecuters are REALLY going to make an example of them. They may of got a slap on the wrists or a few years at worst, but becuase of the moron's continuing carry on, they will get maximum penalties.

    Reap what you so and all that.

  17. Gad

    Nah - this ain't no good

    While I sympathise with a bunch of the ideals expressed by (some members) of Anonymous, publishing the details of police officers (and their families) and confidential informations is beyond my pale. While the police may participate in the 'big' crimes which Anonymous & al feel are ongoing they also prevent the 'small' crimes which affect people in the most immediate way - the muggings, burglaries, thefts, etc which we feel most personally. Affecting the ability of police to address that type of crime is a reckless, thoughtless and criminal thing to do - especially by also exposing the police (and CI's) to literally mortal danger. Unless the groups responsible for this also have a way to compensate for the damage they've caused I won't be queuing up to help them out when they land in Gitmo.

  18. Anonymous Coward
    Anonymous Coward

    password security

    OK, it has to be said no matter how the passwords were stored, WHY were they not doing at least some rudimentary strength enforcement?

    I'd be sacked if I allowed users to set passwords that moronically easy.

    What anon have done is nasty but they were pretty much handed this on a plate due to extreme incompetence on the part of the IT section of the law enforcement group - if anyone needs to be hauled over the coals for putting people's lives in danger it's them

    Antisec may have made this public but it's quite likely the badhats already had the data. However sahooting messengers has been a favourite pastime of the incompetent for centuries.

    Anon for obvious reasons.

  19. Equitas
    FAIL

    Is it really possible ......?

    that the grunts don't like it when the boot is on the other foot?

    Some cop-defenders surely aren't suggesting that the police don't routinely use every piece of information they can gather from whatever source in order to put pressure on individuals and their families, friends and acquaintances in order to "prove" complicity in alleged crimes?

    The sad fact is that a very large proportion of those who join the police seem to do so because they can wield a great deal of power while hiding behind a uniform, while relying on the system to protect their actual "private" identity from being held responsible for actions which would, if carried out by a private individual, be classed as brutal and criminal.

    Publish the names and home addresses of all police officers, I say.

    1. Gad

      Curiousity

      You seem to have a very negative view on the police. I can only speak to my own experience in the States (visiting and relatives) and here in Ireland (living, some working and relatives) that most of the people involved that I've dealt with regard it as a vocation rather then a job - that type of thinking about the work kind of precludes the attitude you're describing, leaving me wondering what horrible experiences you've had to generate your view.

      1. Anonymous Coward
        Anonymous Coward

        Grammar!

        Speak about my own experience or refer to my own experience. Honestly!

    2. Anonymous Coward
      Stop

      Re:

      "The sad fact is that a very large proportion of those who join the police seem to do so because they can wield a great deal of power while hiding behind a uniform, while relying on the system to protect their actual "private" identity from being held responsible for actions which would, if carried out by a private individual, be classed as brutal and criminal."

      Fact - Oh really? Where is your evidence?

      There of course are bent coppers, just as there are bent IT Pro's. Nonetheless, to stereotype every copper as corrupt is the same as tarring every 18 year old geek with Aspergers as a hacker - and just as narrow minded.

      What these guys have done is to put thousands of innocents in peril. Have you had a look at the list? No really, have you? Ctrl-C / Ctrl-V into Google Maps and you see their homes. You have their name, phone numbers and often the names of wives/girlfriends/children (as passwords).

      Not good. Not good at all; I sincerely hope the people who did this (and their sympathisers) do not end up with blood on their hands.

    3. Anonymous Coward
      Megaphone

      Publish names and addresses?

      If you do, you will get more like this: http://www.bbc.co.uk/news/uk-northern-ireland-12948992

      Is that *really* what you want?

  20. Assimilated
    Mushroom

    Dodgy Tactics That Will End in Tears

    Many people will sympathise with hackers when they're shown being arrested by a heavy-handed government, but only when lives are not put at risk. At best, not the best PR move I've ever seen at worst a contemptable attempt to endanger people's lives. Not Good.

  21. JimC

    I fought the law...

    and...

  22. Anonymous Coward
    Anonymous Coward

    Anon have crossed a dangerous line here...

    They constantly release all the data they find onto Bit Torrent for all to download in the name of "security", I am sure those individuals whose details they have leaked feel much more secure now!

    Now that we have the families of law enforcement officers and potential police informants up there for all to download they have put real people in danger.

    I hope police kick their doors in and cart them off, you know "for teh lulz".

  23. A J Stiles
    FAIL

    Lives were *already* at risk

    Any lives that have been "put at risk by this attack" were *already* at risk, as long as passwords were stored unencrypted. Someone could have been going through the database quietly, picking people off one by one, and remained undetected for a long time.

    I am quite sure that if AntiSec had pointed out to the Missouri Sheriff's Association that they were using such an insecure system, the response would *not* have been "Oh, thank you for pointing out our abject failing, we'll fix that as soon as possible. Here, have a medal!"

    Sometimes, the best way to attract attention is to make a noise that is just too loud to ignore.

    I think the best outcome from this would be a law against storing paswords in cleartext. Yes, it makes life difficult for people who forget their passwords. Well, then, they should learn to remember them! And yes, it makes life difficult for the drag-and-drool brigade. But they should employ real IT technicians. And if that's too expensive, well, then, tough titty! We all managed just fine without computers before .....

    1. Anonymous Coward
      Anonymous Coward

      RE: Lives were *already* at risk

      "I am quite sure that if AntiSec had pointed out to the Missouri Sheriff's Association that they were using such an insecure system, the response would *not* have been "Oh, thank you for pointing out our abject failing, we'll fix that as soon as possible. Here, have a medal!"

      Actually you do not know that, did they even try? Nope they just uploaded to Bit Torrent and said "here you are, help yourself ID thief's and criminals of the world!" That Anon broke into the site does not mean it was open for all to see, not everyone has the technical knowledge to get that far.

      "Sometimes, the best way to attract attention is to make a noise that is just too loud to ignore." - yes and subjecting millions to ID theft, fraud, and in this case possible reprisals justifies that?

      1. A J Stiles
        FAIL

        A dose of your own medicine

        "Actually you do not know that, did they even try?" -- No. But you don't need to try jumping off a cliff to know it hurts. When you've watched other people jumping off things, you can build up a pattern. There's a clear historical pattern of shooting messengers when the news is inexpedient.

        "That Anon broke into the site does not mean it was open for all to see, not everyone has the technical knowledge to get that far." -- and you don't know that, either. The point is, they managed to get into the site. That means someone else could have got in, and they might have *actually* harmed someone.

        This is still a failing on the part of the police. If they hadn't been so lax as to store information they probably didn't need to store behind insecure passwords on a public network, *nobody* would have been able to access it.

        And if anybody ever wants to commit a spot of ID theft, there's really no need to go breaking into secure servers. All you need do is type "curriculum vitae.doc" into Google, and pick somebody you want to be.

        In the meantime, be grateful that *all* they did was publish the data. At least now a big fuss has been made, the authorities have no choice but to be on top of it now if anything happens to anyone. Someone really nasty could just have sat under the radar, taking out victims one by one.

    2. Gad

      At risk = fair game?

      Seems like a bad argument to say that some people being able to expose that information justifies exposing it to a far greater pool of people, especially when no risk assessment regarding the impact of that action is.

      If, as an IT pro, I f*ck up security on something for the Irish Police force, exposing informants information to being harvested - does my mistake justify placing those individuals in danger to expose my sloppiness? I'd agree that exposing my mistake to the Police force to correct the issue (and ruin my professional reputation) is justified, but not putting 'innocent' third parties at risk to prove a point - personally that seems like 'cutting off your nose to spit your face' (Irish expression meaning having a hugely out of proportion over-reaction to something, a pre cosmetic surgery saying obviously).

      1. Paul Shirley

        remember, someone started the escalation

        Gad said:"Seems like a bad argument to say that some people being able to expose that information justifies exposing it to a far greater pool of people, especially when no risk assessment regarding the impact of that action is."

        The starting 'risk assessment' here was the state deciding it was perfectly safe to stamp on groups practising responsible disclosure. The idiots making that decision are far too dumb to consider who might step in when the white hats are gone and their corporate friends far too cowardly to defy them. Stupidity is almost a qualification for the job and there's no career downside for them.

        Remember: this escalation had a start and could have been avoided. Or more accurately could have been avoided if our governments and state machinery weren't so irredeemably anti democratic.

        1. Assimilated
          Unhappy

          re: remember, someone started the escalation

          Paul Shirley said "The idiots making that decision are far too dumb to consider who might step in when the white hats are gone and their corporate friends far too cowardly to defy them."

          Publishing the names and addresses of police staff is not white hat behaviour, nor can it be described as responsible disclosure. Nor is there anything democratic about this behaviour and your scattergun logic in justifying this action proves that this whole sorry event was ill-conceived.

          On the whole, I am happy to support white hat action - responsible disclosure in this instance would have been to privately warn the authorities of the security breach. This was nothing more than a cynical revenge attack and hiding behind the excuse that they were doing a public service is very sad.

    3. Henry Herron
      FAIL

      WTF

      So, if the lock on your door is weak, that makes it ok for me to kick in your door and take you things?

      http://www.theregister.co.uk/Design/graphics/icons/comment/fail_32.png

  24. This post has been deleted by its author

    1. Henry Herron

      WTF

      So whistle blowers and mob informants that report murders are the enemy now?

      Sounds like they are working for a criminal organization.

      Might want to take a look at every country around the world that doesn't have a strong government. Most of the African continent, Mexico and much of South America.

      http://www.theregister.co.uk/Design/graphics/icons/comment/fail_32.png

  25. Is it me?

    Ye Gods

    These people do like kicking bears, and then they complain when they get scratched. Oh and by the way releasing names and address of Police officers is a very dangerous thing to do, you could get them killed, and land yourself with some very serious charges.

    The Police are not perfect in any democracy, but exposing their personal details is just wrong, for every bad cop there are dozens of good ones out there that protect you, regardless of your stupidity.

  26. Anonymous Coward
    Thumb Down

    Why blame the users

    Why are so many people blaming the users of this _training_ website for having 'obvious' passwords? That had nothing to do wit it being compromised.

    For all we know the site contained nothing more than publicly available case law and study notes and the only thing of value was the users information itself.

  27. Wile E. Veteran

    Terrorists

    A series of raids by the SEAL team that took out Osama followed by extraordinary renditions and one-way trips to Gitmo would be an appropriate response to these fscking terrorists.

    1. Henry Herron

      Act of War

      Interesting, because now hacking can be considered an act of war.

      Wonder what will happen when they find themselves sitting in Guantanamo Bay or some other unnamed prison awaiting trial. Sooner or later, when the people who have performed this act are disclosed, how safe will they feel?

      Some people are so quick to claim the shoe should be on the other foot, but is that what they really want?

  28. Inachu
    Pint

    In my area....the police do this.

    When something criminal happens to an asian community the police divorce their white wives and hookup with the asian female victims.

    They call this sound policy

  29. TheBeardyMan
    Happy

    If the cops haven't done anything wrong...

    they've got nothing to be afraid of.

    1. Anonymous Coward
      Facepalm

      Try this and see what happens

      Put a big notice outside your house saying "Family of a Policeman and proud of it!". Better still put similar labels on your car, your wife, your children.

      Best make sure you have good property insurance and medical cover first.

  30. Henry Herron
    Thumb Down

    Great Job.

    The problem with the idiots that do this, is they put innocent people in danger. So when gangs run rampant because people are afraid to testify because their person information may be released, the world will be a much better place. Yeah, right.

    These people are making it easier for the government to justify hidden acts. And they are having the opposite effect as people are now siding overwhelming with the government over these leaks as people begin to fear that their own secrets could be released.

    As far as the comments about Visa & Paypal... If you refuse to do business with say Microsoft, does that make it ok for Microsoft to attack and crash you servers?

    http://www.theregister.co.uk/Design/graphics/icons/comment/thumb_down_32.png

This topic is closed for new posts.

Other stories you might like