A new computer attack Wednesday on the Department of Public Safety hit only officers’ outside and personal emails and, unlike last week, not the agency’s own computers, DPS Capt. Steve Harrison said.
He said it appears the two incidents are linked, with those who broke into the DPS computers last week stealing personal email addresses and passwords from officers’ official DPS email accounts. That allowed members of the group AntiSec access to private accounts, enabling them to post some of what they were able to find in those accounts, including pictures and emails.
While Harrison said the latest release posed no threat to DPS security, he acknowledged that one of the seven officers affected this time had a bomb threat phoned to his wife. Another had a fake Facebook page created about him, he said.
Harrison said he was one of the latest seven victims but declined to provide specifics.
In its posting, AntiSec said it specifically targeted him as a DPS spokesperson “who has been bragging to the news about how they are upgrading their security and how they will catch the evil hackers who exposed them.’’ That, the posting boasted, was clearly not secure enough.
“We owned his personal hotmail, facebook and match.com accounts and dumped all his personal details for the world to see,’’ it continued. “The same fate will meet anyone else who tries to paint us as terrorists in an Orwellian attempt to pass more pro-censorship or racial-profiling police state laws.’’
That last reference goes back to the original security breach where a group called LulzSec, short for Lulz Security, said it targeted DPS computers in retaliation for the state’s laws aimed at illegal immigrants and what it said was the role in DPS in enforcing those laws.
That hack got into email accounts on officers on DPS computers, giving it access to phone numbers and addresses of what Harrison said Wednesday were between 11 and 13 officers. There also were some case files revealed and information officers had in those email accounts about illegal activity.
LulzSec said in a posting it had disbanded. But a separate posting said it was starting AntiSec as an anti-security project.
Harrison said the link appears obvious, as the latest intrusion into the personal accounts of DPS officers appears to be based on information gathered from last week’s hack. He said officers had information in their official DPS accounts — the ones accessed last week — that basically became the guides for going after their personal emails.
According to AntiSec, the new postings includes online dating information, chat logs, social security numbers and even “seductive girlfriend pictures.’’
“We found more internal police reports, cops forwarding racist chain emails, k9 drug unit cops who use percocets, and a convicted sex offender who was part of FOP Maricopa Lodge Five,’’ it says.
Harrison said it will be up to the individual DPS officers to protect themselves from identity theft or other problems from the latest leaks, as these were in their personal accounts. The one exception was the officer who got the bomb threat, with DPS “sweeping’’ his house and finding no evidence of explosives.
But Harrison said some of what was discovered could create internal problems for the officers if there is evidence of criminal wrongdoing.
He said the agency is reviewing what was “dumped’’ by AntiSec, looking not only for “sensitive’’ information that might compromise a current investigation or officer safety but also “to see if there is anything that we as an agency need to take action on.’’
Harrison stressed that the information revealed did come from personal accounts.
“DPS employees still have the same rights as anybody else,’’ he said.
“They have a right to voice an opinion,’’ Harrison continued. “But if they’re talking about engaging in illegal activity, absolutely we will take a look at those and conduct internal and criminal and internal investigations if they’re warranted.’’
Harrison acknowledged that, absent the AntiSec action, DPS would not have had access to the officers’ personal accounts except through a court-ordered search warrant. He sidestepped an inquiry over whether the illegal actions of AntiSec in exposing the contents of those accounts now gives DPS the power to use what was there.
“That would be a legal question,’’ he said. “But the fact that that information is already out there, it now is in the public domain, probably will limit the expectation of privacy, as opposed to DPS going into their email accounts personally and looking at that.’’
Harrison said he doubts DPS officials would find evidence of anything approaching criminal conduct by current DPS employees.
The reference in Wednesday’s data dump to a convicted sex offender, according to the FOP, involves someone who had left the department and already moved out of state when the offense occurred.