SALT LAKE CITY, Feb 4, (Agencies): Saboteurs stole passwords and sensitive information on tipsters while hacking into the websites of several law enforcement agencies worldwide in attacks attributed to the collective known as Anonymous.
Breaches were reported this week in Boston, Syracuse, New York, Salt Lake City and Greece.
Hackers gained access to the Salt Lake City Police Department website that gathers citizen complaints about drug and other crimes, including phone numbers, addresses and other personal data of informants, police said.
The website remained down Friday as police worked to make it more secure.
Anonymous is a collection of Internet enthusiasts, pranksters and activists whose targets have included financial institutions such as Visa and MasterCard, the Church of Scientology and law enforcement agencies.
Following a spate of arrests across the world, the group and its various offshoots have focused their attention on law enforcement agencies in general and the FBI in particular.
The group also claimed responsibility for hacking the website of a Virginia law firm that represented a US Marine involved in the deaths of civilians in Iraq in 2005.
Anonymous also published a recording on the Internet Friday of a phone call between the FBI and Scotland Yard, gloating in a Twitter message that “the FBI might be curious how we’re able to continuously read their internal comms for some time now.”
FBI spokeswoman Jenny Shearer said in an email to The Associated Press the agency was aware of the incidents, and an investigation was ongoing.
In Greece, the Justice Ministry took down its site Friday after a video by activists claiming to be Greek and Cypriot members of Anonymous was displayed for at least two hours.
In Boston, a message posted on the police website before it was taken down Friday said, “Anonymous hacks Boston Police website in retaliation for police brutality at OWS,” an apparent reference to the Occupy Wall Street movement. The message also promised “there is plenty more mayhem to deliver.”
A police spokesman would not confirm Anonymous was responsible.
Another message on the department’s website said a hack several months ago unearthed hundreds of passwords that were released in retaliation for what was called brutality against Occupy Boston.
In October, Boston police acknowledged that various websites used by members of the police department — including the website belonging to the police patrolmen’s association — had been hacked and possibly compromised. The department said it asked all police personnel to change their passwords on its network.
The Occupy movement in Boston set up camp in the city’s financial district for two months this fall. The first hack came about 10 days after Boston police arrested 141 Occupy demonstrators on Oct. 11.
Police dismantled the camp Dec. 10, citing public health and safety concerns.
“So you get your kicks beating protesters? That’s OK; we get kicks defacing ... your websites — again,” the message on the department’s website said Friday.
Boston police called it unfortunate that the hacking has interrupted the department’s ability to inform the community about important safety matters.
Salt Lake City authorities continued their investigation and said criminal charges were being considered.
Police said Anonymous had taken credit for the attack through local media but hadn’t contacted the department directly.
The hackers claim to have targeted the site in opposition to an anti-graffiti paraphernalia bill that eventually failed in the state Senate. The bill would have made it illegal to possess any instrument, tool or device with the intent of vandalizing an area with graffiti.
Salt Lake City police Detective Josh Ashdown downplayed any danger to citizens.
He said the department’s website is used by residents to report crimes or suspicious activity, and that some submit the tips anonymously while others include personal information.
Ashdown said investigators believe the group is bluffing about the extent of the information it got from the website, and he noted authorities didn’t think any of the details would be widely distributed.
He said police don’t have any reason to believe that citizens who reported crimes on the website are going to be targeted specifically.
“Our main concern is for the public not to lose confidence in the department,” Ashdown said.
In New York, Syracuse police said the department website had also been hacked in an attack attributed to Anonymous.
Sgt. Tom Connellan said names and passwords of people authorized to alter the site were stolen earlier this week and posted on Twitter.
No private information about officers or citizens was accessed, he said, though the site remained down Friday while the FBI and state police continued to investigate. In an online post attributed to Anonymous, the group claims to have targeted the Syracuse site for failing to aggressively pursue child abuse allegations against a former assistant basketball coach.
Meanwhile, Anonymous defaced the website on Friday of the law firm that defended a US Marine who faced charges in connection with the 2005 killing of 24 Iraqi civilians.
Anonymous, in a statement which appeared on the website of the law firm of Puckett and Faraj, also claimed to have published online three gigabytes of private email messages of attorneys Neal Puckett and Haytham Faraj.
“The contents of these email messages include detailed records, transcripts, testimony, trial evidence, and legal defense donation records pertaining to not only Frank Wuterich but also many other marines they have represented,” Anonymous said.
Puckett served as the lead defense lawyer for Staff Sergeant Frank Wuterich, who faced a US military court martial last month in connection with the killings in the Iraqi town of Haditha.
Wuterich, 31, admitted one count of negligent dereliction of duty but manslaughter charges were dropped as part of a plea deal.
Wuterich, who led an eight-man squad whose other members have all been let off, was sentenced to 90 days of confinement and reduced in rank to private but will serve no jail time under the deal with prosecutors.
Anonymous, in the statement on the puckettfaraj.com website, said it wanted to bring attention to the “brutality of US imperialism.”
“Can you believe this (expletive deleted) had his charges reduced to involuntary manslaughter and got away with only a pay cut?” it said.
“Meanwhile Bradley Manning who was brave enough to risk his life and freedom to expose the truth about government corruption is threatened with life imprisonment,” the group said in a reference to the US soldier accused of leaking classified US documents to WikiLeaks.
A receptionist who answered the phone at Puckett and Faraj said the firm’s website was now offline. She said there would be no immediate statement about the hacking incident.
Following the Wuterich verdict, Ali Mussawi, spokesman for Iraqi Prime Minister Nuri al-Maliki, said “the punishment is not suitable with the crime that was committed.”
“We will keep pursuing the legal channels to fight for the rights of our citizens who were victims of indiscriminate shooting, without having committed any sins,” Mussawi said.
The hacking of the Puckett and Faraj website was announced shortly after Anonymous released a recording on YouTube of a conference call between FBI and Scotland Yard agents discussing operations against the hacker group.
Trading jokes and swapping leads, investigators from the FBI and Scotland Yard spent the conference call strategizing about how to bring down the hacking collective known as Anonymous, responsible for a string of embarrassing attacks across the Internet.
Unfortunately for the cyber sleuths, the hackers were in on the call too — and now so is the rest of the world.
Anonymous published the roughly 15-minute-long recording of the call on the Internet on Friday, gloating in a Twitter message that “the FBI might be curious how we’re able to continuously read their internal comms for some time now.”
The humiliating coup exposed a vulnerability that might have had more serious consequences had someone else been listening in on the line.
“A law enforcement agency using unencrypted, unsecure communications is a major fumble,” said Marcus Carey, who spent years securing communications for the US National Security Agency before joining security-risk assessment firm Rapid7.
“What if this event was talking about some terrorist plot to blow up something and ‘they’ were listening in? It could’ve been much worse if it was related to an al-Qaeda plot or something ... So this is a lesson learned.”
A law enforcement official, speaking on condition of anonymity because the matter is under investigation, told The Associated Press that authorities were looking at the possibility the message was intercepted from the private email account of one of the dozens of invited participants — who hailed from the UK, Ireland, Germany, France, the Netherlands and Sweden.
Anonymous published just such an email Friday, complete with the date, time and password needed to access the call.
Graham Cluley, an expert with data security company Sophos, said that anyone with that information could have “rung in and silently listened to the call just like Anonymous did.”
In Paris, a French police official who was briefed on the interception said it could prompt international law enforcement bodies to be more circumspect about sharing information in conference calls. He spoke on condition of anonymity because he wasn’t authorized to speak on the record.
Scotland Yard said there was no immediate evidence their operations were compromised.
Amid jokes about a teenage hacking suspect (who one officer describes as “a bit of an idiot”) and lighthearted banter about McDonald’s, the investigators on the call discussed whether to delay the arrest of two hacking suspects to give the FBI more time to pursue its side of the investigation.
Updates were given on the status of inquiries stretching from Los Angeles and Baltimore to England and Ireland, with one member of Scotland Yard’s central e-crime unit telling the FBI that British police had identified a 15-year-old with possible connections to a recent breach at US videogame company Valve Corp.
“Yeah that’s fantastic,” an FBI official said in response. “We actually do have a pending investigation looking into that compromise.”
An email to the FBI official leading the call was not immediately returned Friday, while the e-crime investigator referred questions to Scotland Yard’s press office. The press office confirmed it had someone on the call but said it would have no further comment.
Most sensitive appears to be discussion of what legal strategy to pursue in the cases of Ryan Cleary and Jake Davis, two British suspects linked to Anonymous. The UK police official on the call said prosecutors were secretly going to court to delay procedures in order to give the FBI more time pursue a related case.
When the FBI official thanked his UK counterpart for the favor, the Briton said cheerily: “We’re here to help!”
Karen Todner, a lawyer for Cleary, said the recording could be “incredibly sensitive” and warned that such data breaches had the potential to derail the police investigation.
“If they haven’t secured their email it could potentially prejudice the investigation,” she told the AP.