LulzSec's Latest Lark Targets Ariz. Cops
Private information about several Arizona Department of Public Safety officials has been revealed by the hacker group LulzSec. Other sensitive documents released included some on counter surveillance as well as intelligence on Mexican gangs and on drug trafficking. "Clearly, we as a security industry have failed. The bar should not be this low," Zscaler's Michael Sutton said.
Hacker community LulzSec has revealed it's broken into the Arizona law enforcement agency's servers and released hundreds of sensitive documents on the Internet.
The highly controversial Arizona Senate Bill 1070 targets illegal immigrants and has drawn protests both within Arizona and outside of the state.
Arizona and the federal government are fighting a legal battle over the bill.
The documents LulzSec released on the Internet include the names and contact information of seven ADPS officials. Three of these have also had their home addresses and phone numbers released, and information about the wife of one of the three was also displayed on the Web.
Other sensitive documents released included some on counter surveillance as well as intelligence on Mexican gangs and on drug trafficking.
Arizona officials did not respond to requests for comment by press time.
Ai! Martilleo de la AZPDS!
The documents LulzSec released are primarily related to border patrol and counter-terrorism operations, according to the hacker group. It plans to release more classified documents and embarrassing personal details of military and law enforcement to "purposefully sabotage their efforts to terrorize communities fighting an unjust 'war on drugs.'"
Documents released in addition to the personal information of officials included one on the threat of gang infiltration into law enforcement agencies, a DEA document about narco-terrorism and Mexican drug trafficking organizations, and one on the use of common chemicals to create home-made explosives.
At least one responder to LulzSec's Twitter feed expressed concern about the AZPDS hack in a comment retweeted by several people.
"Dude(s), do you realize some of this information will get actual people killed by gangs because you pointed infiltrators?" Ricardo Sisnett, who goes by the handle "mrjackinc," commented.
Forget Fighting LulzSec
LulzSec's escapades have drawn the wrath of governments around the world, in no small part because it recently announced that it has teamed up with another hacker community, Anonymous, to wage war on governments.
Can LulzSec really be stopped? Should the governments of the world crank up the pressure?
The British government has already arrested a 19-year-old whom LulzSec claims was at most a bit player in the operation. Further, a war is raging in the online community between LulzSec and various anti-LulzSec hackers, including the self-proclaimed anti-hacker vigilante who calls himself "th3j35t3r" (the Jester).
"Arrests will be made, LulzSec will adapt and likely evolve into a completely different entity over time," Michael Sutton, vice president of security research at Zscaler, told TechNewsWorld.
Exposing sensitive documents to the public may appear similar to the activities of sites like WikiLeaks. Unlike WikiLeaks, however, LulzSec doesn't have a defined leadership structure and so "any individual arrest is unlikely to disable the group and may lead to additional support from sympathizers," Sutton said.
"The focus should not be on whether LulzSec can be taken down," Sutton added.
"Stop paying attention to them," recommended Chester Wisniewski, senior security advisor at Sophos.
"These people seek attention because there isn't any lulz when you're all alone," Wisniewski told TechNewsWorld.
The Enemy Is Us
LulzSec is succeeding "because they have competent and determined individuals focused on a common goal, Zscaler's Sutton stated.
"Clearly there is a layer of security focused on protecting data that is missing -- a data encryption platform, if you will, that protects data no matter where it goes," Wasim Ahmad, vice president of data security at Voltage Security, told TechNewsWorld.
Encrypting data with a comprehensive platform renders the data useless to hackers "who have been able to easily penetrate IT security," Ahmad said.
LulzSec is "identifying and exploiting weak links in the security chain at just about any entity they choose to target," Sutton pointed out.
"Clearly, we as a security industry have failed. The bar should not be this low," he said.