Law enforcement websites hacked in eleven states, information leaked

By   /   August 7, 2011  /   2 Comments

On Saturday a group known as “Anonymous”, and related to  “The Anti Security Movement” or “AntiSec,” released a number of documents stolen from 76 law enforcement web sites in 11 states, most hosted or maintained by a single company.

County sheriffs maintained 57 of the hacked sites. Four of the hacked sites were state sheriffs’ associations in Alabama, Arkansas, Kansas and Missouri.

The Anonymous AntiSec site on Saturday evening

Anonymous described this online release:

“A week after we defaced and destroyed the websites of over 70 law enforcement agencies, we are releasing a massive amount of confidential information that is sure to embarass, discredit and incriminate police officers across the US. Over 10GB of information was leaked including hundreds of private email spools, password information, address and social security numbers, credit card numbers, snitch information, training files, and more. We hope that not only will dropping this info demonstrate the inherently corrupt nature of law enforcement using their own words, as well as result in possibly humiliation, firings, and possible charges against several officers, but that it will also disrupt and sabotage their ability to communicate and terrorize communities.”

Anonymous gives this self-description in this video.

AntiSec posted YouTube videos about their attack on law enforcement in retaliation for “persecution of suspected Anonymous members”:

Hacked Site Summary

One company played a key role in almost all of the hacked sites.

Watchdog.org reviewed the sites listed by Anonymous and found direct or indirect connections to an Arkansas firm, Brooks-Jeffrey Marketing for nearly all the sites.

BJM’s own web site, bjmweb.com, was not online late Sunday evening.   Earlier Sunday Watchdog.org captured a screen showing one of Brook-Jeffrey’s business areas was government web sites.

According to their web site, one of Brooks-Jeffrey Marketing's specialties is government web sites.

BJM was responsible for hosting many of the hacked web sites and maintains internet domain registration for most of them.

On Monday a representative from Brooks-Jeffrey said “no statement is available currently” but offered to send a statement about the hacking incident at a later date.

The only hacked site we could not find a direct or indirect connection to BJM was sheriffcomanche.com, which did not use BJM as a domain registrar and is privately listed by an Australian company.  On Sunday watchdog.org  was not able to connect to that site.

The following is a summary of the 76 unique sites Anonymous claimed to hack:

Two Brooks-Jeffrey Marketing sites in Arkansas:

  • mostwantedwebsites.net
  • mostwantedgovernmentwebsites.com

Seventy-four websites in various states (state assignments for offline sites are tentative):

  • Alabama, 4.  State sheriffs’ association and 3 county sheriffs.
  • Arkansas, 33.  State sheriffs’ association, 5 counties, 22 county sheriffs, 2 cities, 3 other.
  • California, 2.  Police Officers Association of L.A.; Regional Community Policing Institute.
  • Georgia, 2.  Floyd and Meriwether County sheriffs.
  • Illinois, 1.  Knox County Sheriff.
  • Kansas, 5.  State sheriffs’ association, 4 county sheriffs.
  • Louisiana, 1.  Cameron Parish Sheriff’s Office.
  • Missouri, 10.  State sheriffs’ association, 9 county sheriffs.
  • Mississippi, 10.  10 county sheriffs.
  • Oklahoma, 1.  Comanche Sheriff.
  • Tennessee, 1.  McMinn County Sheriff.
  • Unknown:  4. 3 county sheriffs (states not certain), 1 unknown site.

Most of the sites appeared to be part of BJM’s “MostWantedWebsite” sites or “MostWantedGovernmentWebsites.com.”

On sites that were not identified as “MostWanted” a BJM logo appeared on several with an indication they were hosting the web site.

A common thread among all the web sites was sharing of information about “Most Wanted Fugitives” and local registered sex offenders.

Most of the hacked web sites were sheriffs' web pages with a similar design that provided information about "Most Wanted Fugitives" and local "Registered Offenders." Alabama Cherokee County Sheriff's Office web site, http://www.cherokeecountyalsheriff.com

Kansas Woodson County Sheriff's web site, http://woodsonsheriff.com/

The Anonymous AntiSec page found late Saturday provided five different kinds of information:

  • Shoot the Sheriff File
  • Plesk Password File
  • Snitch Crime Report
  • Missouri Sheriffs’ Accounts
  • Email browsing

The files were part of a “BitTorrent” option to download everything in a 7.4 GB file.

But early Sunday morning much of the information could be viewed online via a web interface. By Sunday afternoon those pages appeared to be unreachable.

The torrent download from late Sunday revealed an additional file, academy.tar.gz.

The academy files were mostly Missouri-related and ranged over a number of police training topics, including:

  • Crime Scenes in Jails
  • Faces of Meth
  • IEDs in America
  • Introduction to Sheriffs and Jails
  • See Red:  Is Your Anger a Problem?
  • Sexual Harassment Training for Supervisors
  • Terrorism & WMD Online Documents
  • Understanding Hostage Incidents

The statistics on the extracted academy folder:

  • 8,457 files
  • 532 folders
  • 2.13 GB

Anonymous' option to download 7.4 GB of information stolen from law enforcement

Shooting the Sheriffs File (4600 lines)

This file lists the sites allegedly hacked and contains a number of taunting statements about the UNIX approach used to extract the information.

Six credit cards were listed that supposedly had been stolen from the online store at mosheriffs.com.  The names, social security numbers, addresses and e-mail addresses  were given along with the credit card numbers.

The hackers listed a number of taunting and technical narrative comments with many of the UNIX commands used to extract information from the mosheriffs.com system, such as:

  • “You know what it is, its a stickup”
  • “Gimme the keys to you house”
  • “Why yes these are jail IPS syncing their inmate roster files to the web”
  • “Just in case anyone wanted to play with their online store.  We sure did.”
  • “On to server number two… rooting your box all over again.”
  • “Root logged in … They are on to us… But can never stop us”
  • “Lets see how they attempted to secure their new server”
  • “This time we’re not gonna hesitate to pull the trigger”.  (About two dozen following statements wiped out files on various websites.)
  • “That’s a lesson you learn, comin straight from the slums. And it don’t stop till we get full freedom”

Plesk Pasword File (1500 lines)

Plesk is a commercial web hosting automation program.

Brooks-Jeffrey Marketing may have used Plesk as part of Web sites hosting management for the various law enforcement agencies.

Anonymous gave the PHP scripts that were their “Plesk mass password dumper!!!” and offered an explanation for their technical feat:

“See Plesk has this ridiculously insecure default behavior to store all system/ftp/mail/cpanel/protected directory passwords in cleartext inside a mysql database called `psa`. The plesk master admin password is also stored in cleartext on a file on their server at /etc/psa/.psa.shadow. So we wrote some quick scripts to dump the passwords from a massive vhost into a nicely formatted human readable .txt file. ENJOY!!”

The categories of dumped passwords included:

  • FTP/SSH usernames and passwords
  • Plesk control panel login passwords
  • .htpasswd protected directories
  • Email password database for http://webmail.mostwantedgovernmentwebsites.com

Snitch Crime Report (1028 lines)

Most of the examples gave explicit details.

Names and addresses were included in the Anonymous files, but without knowing case specifics, we do not repeat names and addresses here to protect the integrity of the cases.

“XXXXX, a wanted parolee can be captured at XXXXX in Cape Girardeau, MO.  Residence of XXXXX, girlfriend of XXXXX. XXXXX has a warrant for failure to appear to 2 court dates. Bond forteiture hearing 1/XX/11.”

“I think the lady who robbed the athens walgreens is XXXXX  livin on county road XXX  in the single wide trailer, rumour in the nieghborhood is she was recently arrested for DUI and having pills so after lookin at the pic we think its her,any questions feel free to email me! my family is tired of the constant traffic and discomfort of livin next to them “

“XXXXX, a resident of XXXX, AR, 20 years old, has been having sexual intercourse with an underage girl. Her name is XXXXX.”

Missouri Sheriffs’ Accounts (55,000 lines)

Anonymous makes this claim about this large file:

“7000+ accounts from missouri online training academy database (mosheriffs.com) all law enforcement officers. usernames, cleartext and non-generated passwords, home addresses, etc etc. GO!!!”

Watchdog’s  analysis shows this file contains:

  • 5945 usernames and passwords
  • 6898 email addresses
  • 6792 phone numbers
  • 2124 Social Security Numbers

Email Browsing

Emails for each of the hacked sites could be viewed by selecting a site and drilling down to the various accounts and emails, including attachments.

Anonymous published emails from all the hacked sites.

Watchdog looked through Emails of several of the sites and found a variety of spam and work-related emails from several of the county sheriffs’ web sites.

To avoid releasing any information that might be germane to ongoing investigations by law enforcement, perhaps the email from Pratt County, Kansas, would serve as a good example since it only shows a single test of their tips system.

On the Anonymous site the Pratt County Sheriff’s E-mails could be selected:

Some email accounts had several selections, but this one only had a “cur” option, perhaps for “current”:

Selecting the single email from the list shows it was only a test of the system:

The statistics on what was extracted from the 6 GB mail.tar.gz file from the torrent download late Sunday for 56 of the hacked sites:

  • 181,069 files
  • 2,898 folders
  • 13.3 GB

List of sites allegedly hacked with locations by state

Site State
20jdpa.com
(20th Judicial District Prosecuting Attorney’s Office)
AR?
adamscosheriff.org MS
admin.mostwantedwebsites.net
[same as mostwantedwebsites.net]
-
alabamasheriffs.com AL
arkansassheriffsassociation.com AR
bakercountysheriffoffice.org ?
barrycountysheriff.com MO
baxtercountysheriff.com AR
baxtercountysherifffoundation.org AR?
boonecountyar.com AR
boonesheriff.com AR
cameronso.org LA
capecountysheriff.org MO
cherokeecountyalsheriff.com AL
cityofgassville.org AR
cityofwynne.com AR
cleburnecountysheriff.com AR
coahomacountysheriff.com MS
crosscountyar.org AR
crosscountysheriff.org AR
drewcountysheriff.com AR
faoret.com ?
floydcountysheriff.org GA
fultoncountyso.org ?
georgecountymssheriff.com MS
grantcountyar.com AR
grantcountysheriff-collector.com AR
hodgemansheriff.us KS
hotspringcountysheriff.com AR
howardcountysheriffar.com AR
izardcountyar.org AR
izardcountysheriff.org AR
izardhometownhealth.com AR
jacksonsheriff.org AR
jeffersoncountykssheriff.com KS
jeffersoncountyms.gov MS?
jocomosheriff.org MO
johnsoncosheriff.com AR
jonesso.com MS
kansassheriffs.org KS
kempercountysheriff.com MS
knoxcountysheriffil.com IL
lawrencecosheriff.com MO
lcsdmo.com MO
marioncountysheriffar.com AR
marionsoal.com AL
mcminncountysheriff.com TN
meriwethercountysheriff.org GA
monroecountysheriffar.com AR
mosheriffs.com MO
mostwantedgovernmentwebsites.com -
mostwantedwebsites.net -
newtoncountysheriff.org AR
perrycountysheriffar.org AR
plymouthcountysheriff.com ?
poalac.org
(Peace Officers Association Of L.A County)
CA
polkcountymosheriff.org MO
prairiecountysheriff.org AR?
prattcountysheriff.com KS
prentisscountymssheriff.com MS
randolphcountysheriff.org MO?
rcpi-ca.org
(Regional Community Policing Institute)
CA
scsosheriff.org AR
sebastiancountysheriff.com AR
sgcso.com
(Ste. Genevieve County Sheriff’s Office)
MO
sharpcountysheriff.com AR
sheriffcomanche.com OK
stfranciscountyar.org AR
stfranciscountysheriff.org AR
stonecountymosheriff.com MO
stonecountysheriff.com AR
talladegasheriff.org AL
tatecountysheriff.com MS
tishomingocountysheriff.com MS
tunicamssheriff.com MS
vbcso.com
(Van Buren County Sheriff’s Office)
AR
woodsonsheriff.com KS

On Sunday afternoon several of the sites were not functioning.

Not online:

  • 20jdpa.com
  • faoret.com (unknown purpose)
  • jeffersoncountyms.gov
  • mostwantedwebsites.net
  • poalac.org
  • scsosheriff.org
  • sheriffcomanche.com
  • talladegasheriff.org
  • vbcso.com

“Site coming soon”

  • bakercountysheriffoffice.org
  • baxtercountysherifffoundation.org
  • fultoncountyso.org
  • mosheriffs.com
  • mostwantedgovernmentwebsites.com
  • prairiecountysheriff.org
  • randolphcountysheriff.org

Related:


Contact: Earl F Glynn, earl@kansaswatchdog.org, KansasWatchdog.org

Click here to LEARN HOW TO STEAL OUR STUFF!

  • https://cullingcorruption.wordpress.com/ Blaze

    They are just making it more difficult for corruption investigations.

    Nothing is coming of these massive dumps other than those that are corrupt in government are tidying up loose shoe laces.

    It is a shame really. They are in no way comparable to wikileaks.

    Perhaps if they were not so lazy or so adrenalin ridden, they could make a worthwhile difference, instead of giving corrupt individuals a heads-up.

    What a waste of data.

  • Pingback: Kansas law enforcement sites hacked by “Anonymous”; information leaked