Sunday, July 31, 2011

Antisec Attacks Missouri Sheriff's Association

First a little back story. On July 30, 2011, a hacker group (most likely Anonymous) using the antisec mantra attacked Missouri law enforcement personnel through a release of 7000+ username/passwords including some Social Security Numbers. The information was released through the website pastebin.com, http://pastebin.com/v1H455Na (post has been removed). Shortly after that, another pastebin post from the user AnonymousIRC claimed credit for the attack, http://pastebin.com/iwnA90E6.

So what is the damage? Law enforcement personnel from across Missouri had personally identifiable information released on a public website for several hours. In addition, it is unknown what Anonymous may have done with this information besides the public disclosure. Despite the dump information being removed, the damage has already been done. Anyone who had information disclosed in this dump needs to take this seriously and immediately begin monitoring their personal accounts.

The released information includes things such as name, address, and phone numbers. The most damaging information disclosed was username/passwords and Social Security Numbers. It is important to note that not all people had Social Security Numbers disclosed. I think it is obvious what damage could be done with the SSN disclosure, however most people seem to be undervaluing the username/passsword dump.

The problem with any password compromise is many people will reuse usernames and passwords across multiple accounts. They will use the same username and password combination for email, online banking, and forum accounts. These accounts represent vastly different levels of trust and should be protected by different passwords. Unfortunately, this is rarely the case.

The bottom line is these law enforcement personnel need to be taking immediate steps to protect their identity and finances. The first thing to do is change your passwords and never reuse the compromised password. Choose strong passwords and protect your accounts by using different passwords and if possible different usernames for each account. Begin monitoring credit reports and financial statements and report any unauthorized activity. Free credit reports are available through https://www.annualcreditreport.com. This is not an issue to take lightly and may haunt these people for years.