A new computer attack Wednesday on the Department of Public Safety hit only officers’ outside and personal emails and, unlike last week, not the agency’s own computers, DPS Capt. Steve Harrison said.

He said it appears the two incidents are linked, with those who broke into the DPS computers last week stealing personal email addresses and passwords from officers’ official DPS email accounts. That allowed members of the group AntiSec access to private accounts, enabling them to post some of what they were able to find in those accounts, including pictures and emails.

While Harrison said the latest release posed no threat to DPS security, he acknowledged that one of the seven officers affected this time had a bomb threat phoned to his wife. Another had a fake Facebook page created about him, he said.

Harrison said he was one of the latest seven victims but declined to provide specifics.

In its posting, AntiSec said it specifically targeted him as a DPS spokesperson “who has been bragging to the news about how they are upgrading their security and how they will catch the evil hackers who exposed them.’’ That, the posting boasted, was clearly not secure enough.

“We owned his personal hotmail, facebook and match.com accounts and dumped all his personal details for the world to see,’’ it continued. “The same fate will meet anyone else who tries to paint us as terrorists in an Orwellian attempt to pass more pro-censorship or racial-profiling police state laws.’’

That last reference goes back to the original security breach where a group called LulzSec, short for Lulz Security, said it targeted DPS computers in retaliation for the state’s laws aimed at illegal immigrants and what it said was the role in DPS in enforcing those laws.

That hack got into email accounts on officers on DPS computers, giving it access to phone numbers and addresses of what Harrison said Wednesday were between 11 and 13 officers. There also were some case files revealed and information officers had in those email accounts about illegal activity.

LulzSec said in a posting it had disbanded. But a separate posting said it was starting AntiSec as an anti-security project.

Harrison said the link appears obvious, as the latest intrusion into the personal accounts of DPS officers appears to be based on information gathered from last week’s hack. He said officers had information in their official DPS accounts — the ones accessed last week — that basically became the guides for going after their personal emails.

According to AntiSec, the new postings includes online dating information, chat logs, social security numbers and even “seductive girlfriend pictures.’’

“We found more internal police reports, cops forwarding racist chain emails, k9 drug unit cops who use percocets, and a convicted sex offender who was part of FOP Maricopa Lodge Five,’’ it says.

Harrison said it will be up to the individual DPS officers to protect themselves from identity theft or other problems from the latest leaks, as these were in their personal accounts. The one exception was the officer who got the bomb threat, with DPS “sweeping’’ his house and finding no evidence of explosives.

But Harrison said some of what was discovered could create internal problems for the officers if there is evidence of criminal wrongdoing.

He said the agency is reviewing what was “dumped’’ by AntiSec, looking not only for “sensitive’’ information that might compromise a current investigation or officer safety but also “to see if there is anything that we as an agency need to take action on.’’

Harrison stressed that the information revealed did come from personal accounts.

“DPS employees still have the same rights as anybody else,’’ he said.

“They have a right to voice an opinion,’’ Harrison continued. “But if they’re talking about engaging in illegal activity, absolutely we will take a look at those and conduct internal and criminal and internal investigations if they’re warranted.’’

Harrison acknowledged that, absent the AntiSec action, DPS would not have had access to the officers’ personal accounts except through a court-ordered search warrant. He sidestepped an inquiry over whether the illegal actions of AntiSec in exposing the contents of those accounts now gives DPS the power to use what was there.

“That would be a legal question,’’ he said. “But the fact that that information is already out there, it now is in the public domain, probably will limit the expectation of privacy, as opposed to DPS going into their email accounts personally and looking at that.’’

Harrison said he doubts DPS officials would find evidence of anything approaching criminal conduct by current DPS employees.

The reference in Wednesday’s data dump to a convicted sex offender, according to the FOP, involves someone who had left the department and already moved out of state when the offense occurred.

(2) comments

Umut Selvi
Umut Selvi

I don't believe when I read any news about mail hacking. That's too stupid in PrivateSky time. People just needs to use smart and simple encryption tool for emails. I recommend you to take a look at that product https://PrivateSky.me I'm also seeking another useful tool. If you know, please share links with me.

tnguyen
tnguyen

Everyday you read about well known companies having security breaches. I don't feel that companies do enough to protect my personal info so I will think twice before providing businesses with any personal info. Everyone needs to be smart about protecting their personal and confidential data. I use this free email encryption service to send and receive encrypted emails at this secure web site: https://www.sendinc.com/
It ensures my messages are stored and transmitted securely, and that only I and my recipients have the capability to decrypt email messages.

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.