Computer hackers are avenging the Occupy movement by exposing the personal information of police officers who evicted protesters and threatening family-values advocates who led a boycott of an American Muslim television show.
In three Internet postings last week, hackers from the loose online coalition called Anonymous published the email and physical addresses, phone numbers and, in some cases, salary details of thousands of law enforcement officers all over the country.
The hackers said they were retaliating for police violence during evictions of Occupy protest camps in cities around the country, but law enforcement advocates slammed the disclosures as dangerous.
“I hope the individuals behind these cyberattacks understand the consequences of what they are doing,” said John Adler, president of the Federal Law Enforcement Officers Association. “There are very dangerous criminals out there who might seek retribution” against any of these police officers.
Another hacker calling himself ihazcAnNONz struck the website of the Florida Family Association. The group opposes gay marriage and has promoted a successful but highly controversial boycott of advertisers on the reality TV show “All-American Muslim.”
Occupy D.C. protesters stand off with police as they block 14th and K streets NW inWashingtonon Wednesday, Dec. 7, 2011. (T.J. Kirkpatrick/TheWashingtonTimes)
The group says the show is “propaganda clearly designed to counter legitimate and present-day concerns about many Muslims who are advancing Islamic fundamentalism and Shariah law.”
Supporters of the show say it depicts ordinary Muslim-American families living their normal lives, and they accuse its critics bigotry.
The hacker, ihazcAnNONz, warned theFloridafamily group, “Your hatred, bigotry and fear mongering towards Gays, Lesbians and most recently Muslim Americans has not gone unnoticed!”
In an Internet posting, he told the family association he was reading its email, and he provided email addresses and partial credit-card information of two dozen or so of the group’s supporters. He referred to the Occupy Wall Street movement’s slogan about the “1 percent” and the “99 percent.”
“I am going to assume most of the people who receive your newsletter, email you and make donations are potentially part of the 99 percent … who have been mislead by all of your [expletive] and god talk,” he wrote, adding that he therefore would not post confidential information on them.
The family association did not respond to an emailed request for comment.
Last week, a hacker calling himself Exphin1ty posted the email and physical addresses, phone numbers and encrypted passwords of more than 2,400 police officers and corporate security executives.
“We have seen our fellow brothers and sisters being teargassed for exercising their fundamental liberal rights,” he wrote.
He urged fellow hackers with access to greater computing power to crack the encryption on passwords and see if the victims had used the same password for any other accounts.
Websites that require users to register typically store data such as names, email addresses and passwords on their servers.
Many websites encrypt passwords and credit-card details, but passwords can be decrypted with sufficient computer-processing power if users have employed a word that can be found in a dictionary. People often use the same password for multiple accounts, a practice security experts decry.
“We encourage all of our […] friends to deface and leak [the officers’] twitters, facebooks and private email accounts,” Exphin1ty said.
The targeted police officers and security personnel were members of the Coalition of Law Enforcement and Retail (CLEAR), a nonprofit group that promotes cooperation between local police forces and retail corporations throughout theUnited States.
The group did not respond to an email requesting comment.
A hacker called Abhaxas also posted 18,000 emails, names and passwords of customers from Specialforces.com, a website that sells military-styled clothing and weapon accessories. A brief review suggested that many of them might be police officers or military personnel and identifiable as such by their emails.
David Thomas, who responded to an email sent to the website, said Specialforces.com had secured the site and alerted all its customers to the breach.
Hackers under the banner “Operation Pig Roast” posted the names, phone numbers, home addresses and salaries of nearly 70 senior members of the Houston Police Department after an eviction there. However, they insisted that they did not “condone nor do we wish violent behavior against families of these officers.”
They claimed they got the information legally and not by hacking into websites. One computer expert said they probably broke no law.
“Publishing personal details about people — if it doesn’t involve hacking — is, on its face, legal,” said Aaron Titus of Identity Finder, a firm that sells software to help companies secure or destroy personal data. “It’s not illegal to compile and publish information that’s available in public records.”
Alan Brill, senior managing director for Kroll Inc.’s cybersecurity practice, said he is seeing an increasing number of attacks aimed at illegally getting personal data from websites.
He said many small- and medium-sized businesses assumed they would not be targets or wrongly thought they lacked the resources to address security questions.
With “‘hacktivism’ growing on a global scale, it is the height of folly to presume you won’t be a target,” he said, referring to a term for hacker-activists.
He noted that the tools for hacking website databases and for automated scanning of thousands of sites, searching for vulnerabilities, are available commercially, meaning almost anyone could accomplish this kind of computer attack.
Mr. Brill and Mr. Titus agreed that database hacking for financial rewards or just vandalism is growing even faster than politically motivated hacking, making it impossible to predict who might become a target.
“People say, ‘Why would they attack us?’ The answer is, ‘Because you’ve got a website,’” Mr. Titus said.