LITTLE ROCK, Arkansas (AP) — The group known as Anonymous said it hacked into some 70 mostly rural law enforcement websites in the United States, a data breach that at least one local police chief said leaked sensitive information about an ongoing investigation.
The loose-knit international hacking collective posted a cache of data to the Internet early Saturday, including emails stolen from officers, tips that appeared to come from members of the public, credit card numbers and other information.
Anonymous said it had stolen 10 gigabytes worth of data in retaliation for arrests of its sympathizers in the U.S. and Britain.
Tim Mayfield, a police chief in Gassville, Arkansas, told The Associated Press that some of the material posted online — including pictures of teenage girls in their swimsuits — was sent to him as part of an ongoing investigation. He declined to provide more details.
Mayfield's comments were the first indication that the hack might be serious. Since news of some kind of cyberattack first filtered out less than a week ago, various police officials said they were unaware of the hacking or dismissed it as nothing to worry about.
Though many of the leaked emails appeared benign, some of the stolen material seen by the AP carried sensitive information, including tips about suspected crimes, profiles of gang members and security training.
The emails were mainly from sheriffs' offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi. Many of the websites were operated by a Mountain Home, Arkansas, media services hosting company, and most, if not all, were either unavailable on Saturday or had been wiped clean of content. The company, Brooks-Jeffrey Marketing, declined to comment.
In a statement, Anonymous said had leaked "a massive amount of confidential information that is sure to (embarrass), discredit and incriminate police officers across the US." The group said it hoped the disclosures would "demonstrate the inherently corrupt nature of law enforcement using their own words" and "disrupt and sabotage their ability to communicate and terrorize communities."
The group did not say specifically why these sheriffs' departments were targeted, but Anonymous members have increasingly been pursued by law enforcement in the United States and elsewhere following a string of high-profile data thefts and denial of service attacks — operations that block websites by flooding them with traffic.
Last month, the FBI and British and Dutch officials made 21 arrests, many of them related to the group's attacks on Internet payment provider PayPal Inc., which has been targeted over its refusal to process donations to WikiLeaks. The group also claims credit for disrupting the websites of Visa and MasterCard in December when the credit card companies stopped processing donations to WikiLeaks and its founder, Julian Assange.
An Internet security expert said Anonymous may have gone after the sheriffs' offices because the hosting company was an easy target. Dick Mackey, vice president of consulting at Sudbury, Mass.-based SystemExperts, said many organizations don't see themselves as potential targets for international hackers, causing indifference that can leave them vulnerable.
"It seems to me to be low-hanging fruit," he said. "If you want to go after someone and make a point and want to have their defenses be low, go after someone who doesn't consider themselves a target."
As part of the information posted from U.S. sheriffs' department, the group leaked five credit card numbers it said it used to make "involuntary donations." It did not elaborate. At least four of the names and other personal details published on the Internet appeared genuine, although those contacted by the AP said they did not know whether their financial information had been compromised.
Anonymous also posted several emails from police tipsters, many who had asked law enforcement not use their names because they were afraid of retaliation. One tipster wrote that his uncle was a convicted sexual offender who was homeless and hanging around an area Walmart and other places where children were. Another tipster wrote to police that she and her neighbors could smell drugs coming from a house. Both did not respond to emails sent by the AP requesting comment.
The AP called more than two dozen sheriffs' offices across the country that had information posted by Anonymous. Most calls went unanswered or were not returned Saturday. Several did confirm that a cyberattack had taken place, and some said they did not believe highly sensitive information had been leaked.
"At this point, other than emails ... there's really not any other critical information they could get their hands on," said John Montgomery, sheriff of Baxter County in northern Arkansas.
Some sheriffs said they were told about the hacking by the hosting company, but the information they received appeared to vary.
In Arkansas, St. Francis County Sheriff Bobby May said his department and several others were targeted in retaliation for the arrest of hackers who had targeted Apple Computer Inc., among other companies.
"It's an international group who are hacking into law enforcement websites across the nation is my understanding," May told the AP in a telephone interview. He said the FBI was investigating the attacks.
FBI spokesman Steve Frazier did not return several phone calls seeking comment.
But other sheriffs seemed to first learn of the scope of the hacking only when contacted by the AP.
Peter E. Walker, sheriff of Jefferson County in Mississippi, said he did not know whether his office's website had been hacked. "As soon as we're back up and rolling on Monday, if something happened we'll be aware of it," he said.
Merchant reported from Little Rock, Ark; Satter reported from London. Associated Press writers Maria Fisher in Kansas City, Mo.; M.L. Johnson in Chicago; Shannon McCaffrey in Atlanta; and Janet McConnaughey in New Orleans contributed to this report.
- denial of service attacks