LulzSec Hack Exposes 700 Arizona Government Files

Hacker group LulzSec is once again delving into the realm of political ’hacktivism,’ releasing more than 700 documents pilfered from the servers of the Arizona Department of Public Safety.

The published documents included hundreds of private intelligence bulletins, training manuals, personal e-mails, classified documents, personnel logs and videos that contained highly sensitive information on drug cartels, gangs, informants, border patrol operations and the names and addresses and other personal information about members of the Arizona Highway Patrol .

LulzSec said that the documents were released to protest Arizona’s Senate Bill 1070, the law that expanded law enforcement’s ability to apprehend and punish illegal immigrants.

’We are targeting AZDPS specifically because we are against SB1070 (the Arizona immigration law) and the racial profiling anti-immigrant police state that is Arizona,’ the group said on its Web site. ’Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust ’war on drugs,’’ LulzSec said.

The Arizona Department of Public Safety hack is one in a long line of highly public government attacks conducted by members of LulzSec, who have also waged successful cyber assaults against Web sites of the U.S. Senate , the CIA and InfraGard, an affiliate of the FBI .

One security expert said that the pervasiveness and popularity of social media has enabled the emergence of large, widely distributed hacker groups that possess the collective skills and wherewithal to hack just about anybody.

Michael Sutton, vice president of security research at cloud security firm Zscaler, said that social networking was a driving force in the sharp uptick of hacktivist attacks -- politically motivated cyber attack -- in part, because ’the whole concept of social networking is to provide the infrastructure to bring large, disparate groups together.’

’It used to be small, focused groups that were generally politically motivated and wanted to get their message across,’ Sutton said. ’Now there are large groups that really have no prior knowledge of one another coming together and assembling very quickly and focusing on a common goal and achieving it. They may not have the guns, but they have the numbers.’

Meanwhile, law enforcement agencies had made attempts in recent weeks to find and crack down on elusive hacker collectives. In a collaborative effort between Scotland Yard and the FBI, 19-year-old Ryan Cleary was arrested in his home in Wikford, England on Monday, on suspicion of being involved with in the attacks on Sony and the https://www.crn.com/news/security/230800003/lulzsec-strikes-again-hits-cia-senate-web-sites.htm CIA Web site, among others.

Prior to that, Turkish police arrested 32 alleged members of the hacker group Anonymous while Spanish police arrested three more individuals suspected of being Anonymous hackers.

Following the arrests, however, LulzSec announced it planned to join forces with global hacker collective Anonymous and target governments in politically motivated attacks.

Next: String Of Hacks Makes U.S. Bigger Cyber Attack Target

Security experts said there will likely be similar attacks down the road, contending that the endless string of assaults have made the U.S. a bigger target to worldwide hacktivism by demonstrating that law enforcement is largely powerless to find and apprehend attackers and bring them to justice.

’Now that all these groups are getting away with it, it’s showing them the U.S. is powerless to take these guys to task. We have some extremely skilled people in the U.S. government, within the NSA, within the FBI, that are skilled in cyber warfare, but politically we’re not allowing them to carry out any type of retaliation,’ said Charles Dodd, cyber warfare advisor to the U.S. government. ’We’re sitting in the cross hairs.’

Looking forward, Dodd said that law enforcement agencies, such as the FBI and NSA, needed to be empowered to freely share intelligence on cyber crime organizations, while recognizing that they shared a common goal of combating these attackers.

’Each entity -- the CIA versus the FBI -- all of them are compartmentalized,’ Dodd said, adding that. ’The two are holding information back from each other. We’re like a dysfunctional family.’

’From a cyber perspective, it takes a year to move forward. That kind of mindset is going to get us capsized,’ he said.

However, Sutton said that if anything, the series of recent hacks occurring on an almost daily basis likely has raised public awareness, shedding light on the fact that many of the world’s most powerful organizations lack fundamental security infrastructure while housing vulnerable Web applications.

’The silver lining to the Anonymous/LulzSec stuff is that I hope it’s going to improve the situation, bringing to the surface a problem that’s not a new, but giving it the spotlight it deserves.’