Homeland Security Today: Cyberattacks Pose Threat to Law Enforcement Intelligence, Operations and Personnel

The Kimery Report

Anthony L. Kimery

Anthony L. Kimery, Homeland Security Today‘s senior reporter and online editor draws on his years of experience and extensive contacts as he investigates and analyzes the world of homeland security, counterterrorism, intelligence and border security. “The Kimery Report” was awarded the 2008 National ASBPE Award for Online Excellence for Original News Section. His report, “Savage Struggle on the Border,” was the lead report in the series of the same tile that won the 2010 National ASBPE Gold Award for best magazine feature series. Comments on any of Tony’s “Kimery Reports” are welcome. Read more on Tony…

See all The Kimery Report blogs and comments


Cyberattacks Pose Threat to Law Enforcement Intelligence, Operations and Personnel

January 13, 2012

By: Anthony Kimery

Last year, “law enforcement agencies, officials and law enforcement-affiliated groups worldwide [were] primary targets of” hackers with malicious political and ideological motivations who’ve “shown both the desire and the capability … to endanger law enforcement officers and agencies,” a Jan. 5 intelligence bulletin issued by one of the nation’s fusion centers reported. And, the alert warned, “it is likely that hacker groups will continue to target law enforcement officials and agencies.”


The alert, obtained by Homeland Security Today, was distributed just days before hackers believed to be associated with the decentralized hacker network called Anonymous obtained email addresses and encrypted passwords of hundreds of US and British military, intelligence and police officials and several hundred NATO officials and staff members and made them available on the Internet.


Eighteen-year intelligence and special operations veteran, John Bumgarner, research director for security technology at the US Cyber Consequences Unit (US-CCU), said details of US military members also were obtained in the purported Anonymous-related hack, including approximately 20,000 email addresses ending in the .mil domain.


Bumgarner said just under 200 individuals deployed in Afghanistan and about the same number of service personnel in Iraq can be identified.


The hackers gained unauthorized access during Christmas to the account information of Stratfor, a private security consulting company in Austin, Texas. The firm’s database contained spreadsheets of website subscribers’ IDs and their encrypted passwords. According to reports, the credit card numbers and addresses of about 75,000 subscribers to Stratfor’s products via its website were compromised.


The fusion center intelligence bulletin said “there are a variety of explanations for targeting law enforcement, including perceived invasions of privacy by law enforcement; alleged or actual wrongdoing by a particular officer; alleged corruption or censorship within an agency; and animosity for anything having to do with  the government and law enforcement.”


The alert said “hacker groups have attacked law enforcement networks in numerous ways, including taking down law enforcement websites; deleting databases; accessing and releasing sensitive information; and spreading disinformation.”


The alert said because “law enforcement is a visible representative of the government’s authority, law enforcement agencies and personnel have been a primary target for these groups.”


From June 12, 2011 through Jan. 1, 2012, there were 29 incidents involving hacks into the computer systems of hundreds of law enforcement agencies and organizations around the world – many of which are in the US, the alert detailed. At the very least, tens of thousands of individuals’ personal information was obtained and potentially compromised.


Cybersecurity authority Jeff Carter, chief strategy officer for EyeLock Corp., told Homeland Security Today the fusion center alert “is easy to understand and clearly explains the situation,” adding, “I have some deep and complex thoughts regarding both the nature of the attacks reported in [the bulletin] in addition to the wide variety of other types of attacks occurring in almost every aspect of business and life.”


Carter ran innovation for Bank of America and the Center for Future Banking, a joint venture between Bank of America, MIT and Harvard University. He was named the 4th most innovative person in banking by American Banker in 2010.


The Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center had warned in an earlier bulletin, Anonymous and Associated Hacker Groups Continue to be Successful Using Rudimentary Exploits to Attack Public and Private Organizations, that “attacks have the potential to result in serious harm, particularly to law enforcement and other federal, state and local government personnel who may be targeted as a result.


The Jan. 5 fusion center bulletin cautioned that “hacker groups have attacked law enforcement networks in numerous ways, including making law enforcement websites inaccessible through denial of service attacks; deleting databases; and accessing and releasing sensitive information.”


And “through the attacks,” the intelligence bulletin specifically warned, “these groups have endangered law enforcement officers and agencies. This capability poses an ongoing threat to law enforcement. In many incidents, hacker groups have obtained and released personal details of officers, including names, addresses, phone numbers, email addresses and similar information about officers’ family members.”


And “the release of the officers’ personal information allows for the possibility that anyone who sees this information could harass the officers through phone calls, mail and email messages. It could also lead to physical attacks on officers, residences, family members or agencies,” the bulletin stressed.


Last August, Anonymous attacked and disabled over 70 law enforcement websites throughout the Central and Southern US, the bulletin pointed out, noting that “the hackers  completely erased the contents of some of the websites and released emails containing sensitive information.”


Continuing, the alert advised that “hackers also target individuals to gain access to law enforcement-related databases and files,” noting that, “rather than resist the defenses of a large agency or organization network, the hackers can attempt to access the personal computers or personal email accounts of law enforcement personnel. Hackers have targeted personal computers to seek work-related files that officers may have placed on their personal computers and to gain access to agency networks, if there is a remote access capability.”


As an example, the bulletin noted the November, 2011 Anonymous hack into the personal Gmail accounts of a California Department of Justice retired supervisor in which the group accessed and releasing over 38,000 emails, many of which contained sensitive information and conversations about investigations, law enforcement techniques and ways to counter legal defense tactics.”


With regard to the “targeting of specific law enforcement officers,” the fusion center’s alert said “hackers have targeted specific law enforcement officers, primarily in response to an officer’s actions that were perceived to be improper,” often using “Doxing,” which “is a tactic that has been used to target individual officers. This tactic involves searching the Internet via social networking, people search and agency or organization websites to gather information about the officer, which is then publicized.”


“Although experienced hackers can produce more sensitive and personal identifying information from protected databases, ‘doxing’ can be perpetrated by individuals with little skill, who are able to simply searching readily available information on the Internet,” the fusion center bulletin cautioned.


DHS also had described the skill levels of the hackers in question in its bulletin, Anonymous and Associated Hacker Groups Continue to be Successful Using Rudimentary Exploits to Attack Public and Private Organizations.


“So far, Anonymous has not demonstrated any capability to inflict damage to critical infrastructure, instead choosing to harass and embarrass its targets,” DHS concluded. “However,” its analysts noted, “some members of LulzSec have demonstrated moderately higher levels of skill and creativity, evidenced in attacks using combinations of methods and techniques to target multiple networks. To date, their attacks have largely resulted in the release of sensitive documents and personally identifiable information.”


Looking ahead, the Jan. 5 fusion center bulletin forewarned that “it is likely that hacker groups, including Anonymous and LulzSec, will continue to target law enforcement for poor security measures, arrest of members of the hacker groups and perceived wrongdoing by a law enforcement officer or an agency.”


DHS had earlier warned that “we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available web servers, websites, computer networks and other digital information mediums for the foreseeable future.”


The fusion center alert warned that “Anonymous has shown a desire to attach itself to the ideals of political and social movements, and this will likely continue in the future.”


Consequently, “law enforcement targets will continue to include websites, networks and computers of individuals, agencies and law enforcement-related organizations and associations. Hackers may [even] widen their focus by targeting law enforcement news sources or magazines, websites that are supportive of police officers and any organizations that are sympathetic towards law enforcement actions or that have a large number of law enforcement officers as members.”


Just before Christmas, Anonymous stole about 14,000 passwords and 8,000 credit card numbers from SpecialForces.com, a retailer selling equipment to military and law enforcement officials. Anonymous claimed that they targeted the website due to its connection to law enforcement. The hacking group said it had gained access to the information months earlier, but decided to release the purloined personal information as part of its LulzXmas campaign.


According to the DHS bulletin, “members of Anonymous routinely claim to have an overt political agenda and have justified at least a portion of their exploits as retaliation for perceived ‘social injustices’ and ‘freedom of speech’ issues.”


The Jan. 5 fusion center’s analysis admonished that “there is the potential for hacker groups to cooperate or collaborate with extremist groups to pursue their goals,” noting that “individuals with extremist views, including anarchists, white supremacists, Islamic extremists and animal rights extremists have [all] posted support for Anonymous on their [respective] forums.”


Last August, the Central Florida Information Exchange issued the bulletin, Cyber Threat: Growing Interest in ‘Anonymous’ Activities by Extremist Groups.”


“Although there has been no known support beyond posted ‘communiqués,’ it is possible that Anonymous members could use their hacking abilities to commit fraud and identity theft to financially support extremist activities; provide equipment for operations; and attack the networks or websites of those who oppose these groups,” the Jan. 5 fusion center alert said.


Last week, however, apparent German-based members of Anonymous hacked neo-Nazi websites in Germany. And in November the hacker group breached the security of a Finnish neo-Nazi website and made public the group’s 16,000 membership application database. In a statement, Anonymous said “we have no tolerance for any group based on racial, sexual and religion discrimination as well as for all the people belonging to them and sharing their ideologies, which is the reason why we decided to carry out [the] attack.”


Anonymous also has hacked and taken down child pornography websites.


Eyelock’s Jeff Carter said “DHS’s creation of the fusion center is a great first step in creating the proper foundation for understanding the broad cyber risks our law enforcement agencies are facing,” but pointed out two important issues.


First, he said “change is happening at an increasing rate of speed. In his March 7, 2001 essay, The Law of Accelerating Returns, Ray Kurzweil stated, “in the nineteenth century, we saw more technological change than in the nine centuries preceding it. Then in the first twenty years of the twentieth century, we saw more advancement than in all of the nineteenth century. Now, paradigm shifts occur in only a few years time.”


Second, “law enforcement agencies are under tremendous budget pressures, further complicating the situation. Simply keeping pace with the speed of change, the ‘basics,’ is extremely complicated, time intensive and costly.”


And “the result is,” Carter explained, “reactive efforts are either too late or taking so long to implement that they cannot adequately mitigate near term risk; high-risk projects that modify core mission critical systems in near real time with limited ability to test down stream effect; and, extreme costs due to tight deadlines, extreme risks and fluid requirement adjustments reacting to changing conditions or threats.”


Carter stressed “this creates a dangerous condition where threats are rising at an increasing rate of speed, sophistication and scale – at the same time the agencies are struggling to keep up.”


“It is my belief that we cannot continue to do the same things that have not worked in the past and hope for different results,” Carter concluded, emphasizing that “a fundamental shift in strategy is needed – something to radically change the game on cybersecurity and the attackers.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s