An unidentified person, who denies connections to Anonymous, gained illegal access to several sets of data on three UK police websites and posted them on Pastebin in a message displaying an #OpFreeAssange badge.
Despite the implied support for the cause of Julian Assange, the attacker seems to have no clear motivation other than proving the targeted sites are not secure.
“I am not a member of Anonymous. Do whatever “you want with this information i don’t give a”! This is nothing big not some l33t h4x shâ€¦ This tells how insecure the Web is,” reads the introduction to the Pastebin dump.
Three UK Police properties appear to have been targeted in the attack: www.police.uk, www.snt.herts.police.uk and www.nottinghamshire.police.uk. Though most of the leaked data does not pose a high security risk for the police units, some of the disclosed info could be used in other attacks and cause further damage.
For instance, the unknown attacker extracted from the second breached website what appear to be police officers’ e-mail addresses, passwords to those e-mail accounts and a list of pins probably employed as additional safety tools. Several user logs have also been made public, exposing a list employee names and corresponding IPs that could be used in cyber-crime operations that require identification of a specific machine, containing a particular type of data.
“We are aware of the posting made on Twitter today on Thursday (30 August 2012) by a user who claimed to have accessed information from our website via a third party site,”a spokesman for Nottinghamshire Police said in a statement for HotForSecurity.
“Following initial inquiries, we are confident at this stage that no restricted or confidential information was accessed or databases compromised.
“We continue to investigate and have taken steps to further strengthen security around our website as a precaution.”
“Hertfordshire Constabulary is currently investigating following the publication on the internet of information stored on a database linked to the public Safer Neighbourhoods pages of the external Constabulary website”, stated Sarah Spence, Senior Press and PR Officer Hertfordshire Constabulary for HotForSecurity.
“As a precaution these pages have been temporarily disabled whilst the circumstances as to how this information was obtained is investigated. Hertfordshire Constabulary can confirm that the externally hosted system from where it appears the information has come is not linked to any internal force system and there is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised. Nevertheless matters of IT security are extremely important to the Constabulary and an investigation is already underway.”
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.