Thousands of Identities Compromised by AntiSec Law Enforcement Hack
Friday, Identity protection and data leak prevention tool maker Identity Finder released the results of their detailed analysis with regards to hacker groups choosing to publish acquired organization data. Based on the 10gb of confidential data cache obtained from 70 US law enforcement agencies, the company confirmed that the cache contains “hundreds of private emails spools, password information, address, Social Security numbers, credit card numbers, snitch information, training files, and more.”
Using its array of DLP tools to analyze the data, Identity Finder uncovered 2,719 Social Security numbers (1,923 unique); 15,798 dates of birth; 8,214 passwords; 45,764 postal addresses; eight credit card numbers; 53 driver’s license numbers; 89,589 telephone numbers; and 1.5 million email addresses. These data are in PDF, PowerPoint, Word, e-mail and webserver files which are by far in a format nothing out of the ordinary.
“The 1,923 Social Security numbers were one of the biggest concerns because they could be correlated with full names, addresses, and dates of birth,” says Todd Feinman, CEO of Identity Finder. “With that information, a hacker can open up a credit card account, or even steal a tax refund.”
“Of course, it contains information about law enforcement investigations, but in terms of file types, it’s fairly typical of what you’d find on the average person’s work computer,” Feinman says. “We even found 22 pieces of malware that had infected them.”
Feinman also noticed that AntiSec does not take advantage of the data by limiting its exposure to themselves or selling it to another party, as the data has been flaunted all over the Internet. This manner of hacking has far reaching implications for changing enterprise security.
“Some of these law enforcement agencies were relatively small, which shows that any company could be a target,” he says. “And the way the data was dumped, there wasn’t much separation between sensitive data and public data, which is different than you’d see in a financially motivated attack.”
It will be greatly beneficial for enterprises to use DLP products. Aside from keeping an eye at the gateway and the traffic, it helps users decide whether the data should be stored, shredded or encrypted. “We’re seeing more customers using our ‘shredder’ feature now,” he says. “If you aren’t going to use it, there’s no reason to keep it around.”
We’ve seen numerous cyberattacks and confidential information leakages, noting the recent ones initiated by LulzSec such as the release an entire 446 megabytes worth documents from AZDPS officer emails via The Pirate Bay. It had 700 seeds. Meanwhile, there is a mandatory data retention bill currently being drafted by the US House of Representatives to enable law enforcement to do their job in today’s increasingly Internet-enabled culture.
We also have Anonymous and some members of the disbanded LulzSec operating under the banner of the AntiSec movement retaliating to police arresting suspected members of the hacktivist group by releasing 10 gigabytes of leaked law enforcement data. Even BlackBerry’s good intentions of cooperating with the police to appease the London riots have subjected them to hacker threats. The attackers demonstrated their resoluteness by taking down BlackBerry’s blog.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU