Late last night, Thursday, the Internet highwaymen group of LulzSec finished collating through numerous leaks and other information they gathered from directing other hacker groups to attack government websites and released a megaton smartbomb of leaked information from Arizona’s Department of Public Safety. No doubt this move has once again upped the ante in the search for the group, but it also demonstrates their capability to leverage their celebrity to motivate numerous other groups.
The Pastebin.com press-release style of LulzSec seemed to change in this leak; partially due to the fact that they claim the leak comes from an affiliated group and not them (they’re just releasing it into the wild and using their celebrity to fan the flames.) The entire file weighs in at 446 megabytes and contains numerous documents pilfered from AZDPS officer e-mails. It was just as quickly loaded onto torrent sites like The Pirate Bay and has already accrued almost 700 seeds.
The affiliate claims they provided the leak out of protest against Arizona SB1070 anti-illegal immigration bill and named the leak “Chinga La Migra” as part of nose-thumbing at the legislation.
“We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement,” reads the Pastebin bulletin with the leak information. “We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.”
The LulzSec twitter also taunted Maricopa County Sheriff Joe Arpaio with the same Spanish insult, “@RealSheriffJoe Media? Heat? You? Chinga La Migra!”
Steve Harrison, a DPS spokesman, confirmed to AzCentral late Thursday that the agency’s system had been hacked earlier in the day. While the compromise has been acknowledged and a spokesmen said the files look authentic, they have also noted that DPS has claimed that they do not believe any sensitive files have been leaked. Although in the Pastebin press release (and leak information) the LulzSec affiliate notes that some of the files had been marked “not for public distribution.”
Many of the files appear to be mundane and without much journalistic interest; but some of them seem to outline expectations of officers in an ever-evolving technological environment. Some even appear to discuss tactics and advisories about the infiltration of a Mexican drug cartel. Some of the information contained in the leak package does look like it could contain extremely damaging materials related to the operations of AZDPS.
LulzSec has promised to release information from the various leaks they’ve received from this operation every week to embarrass military and law enforcement officials engaged in politics that they don’t agree with.
This new type of document release shows that LulzSec has entered into a new and more dangerous path in their adventures. Before this release, they had kept to the more staid activities of malicious Internet pranksters—breaking through poor security on gaming forums and official websites; or DDoSing targets off the Internet.
With their newfound, supernova celebrity they’ve become a focal point for other hacker groups with varying levels of technical prowess and now are using that celebrity to showcase the work of more sophisticated hackers. As a result, we can probably expect to see a lot more surface attacks like the one done against AZDPS, which will reveal embarrassing but probably not hypersensitive information from various outfits.