The group known as Anonymous said it hacked into about 70 mostly rural law enforcement Web sites in the US, a data breach that at least one local police chief said leaked sensitive information about an ongoing investigation.
The loose-knit international hacking collective posted a cache of data to the Internet early on Saturday, including e-mails stolen from officers, tips that appeared to come from members of the public, credit card numbers and other information.
Anonymous said it had stolen 10 gigabytes worth of data in retaliation for arrests of its sympathizers in the US and Britain.
Tim Mayfield, a police chief in Gassville, Arkansas, said that some of the material posted online — including pictures of teenage girls in their swimsuits — was sent to him as part of an ongoing investigation. He declined to provide more details.
Mayfield’s comments were the first indication that the hack might be serious. Since news of some kind of cyberattack first filtered out less than a week ago, various police officials said they were unaware of the hacking or dismissed it as nothing to worry about.
Though many of the leaked e-mails appeared benign, some of the stolen material seen by the The Associated Press carried sensitive information, including tips about suspected crimes, profiles of gang members and security training.
The e-mails were mainly from sheriffs’ offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi. Many of the Web sites were operated by a Mountain Home, Arkansas, media services hosting company, and most, if not all, were either unavailable on Saturday or had been wiped clean of content. The company, Brooks-Jeffrey Marketing, declined to comment.
In a statement, Anonymous said it had leaked “a massive amount of confidential information that is sure to [embarrass], discredit and incriminate police officers across the US.”
The group said it hoped the disclosures would “demonstrate the inherently corrupt nature of law enforcement using their own words” and “disrupt and sabotage their ability to communicate and terrorize communities.”
The group did not say specifically why these sheriffs’ departments were targeted, but Anonymous members have increasingly been pursued by law enforcement in the US and elsewhere following a string of high-profile data thefts and denial of service attacks — operations that block Web sites by flooding them with traffic.
Last month, the FBI and British and Dutch officials made 21 arrests, many of them related to the group’s attacks on Internet payment provider PayPal, which has been targeted over its refusal to process donations to WikiLeaks. The group also claims credit for disrupting the Web sites of Visa and MasterCard in December when the credit card companies stopped processing donations to WikiLeaks and its founder, Julian Assange.
An Internet security expert said Anonymous may have gone after the sheriffs’ offices because the hosting company was an easy target.
Dick Mackey, vice president of consulting at Massachusetts-based SystemExperts, said many organizations do not see themselves as potential targets for international hackers, causing indifference that can leave them vulnerable.
“It seems to me to be low--hanging fruit,” he said. “If you want to go after someone and make a point and want to have their defenses be low, go after someone who doesn’t consider themselves a target.”