Expert: Rural US websites easy target for hackers

Aug 08, 2011 By NOMAAN MERCHANT and RAPHAEL G. SATTER , Associated Press

(AP) -- The digital trove of credit card numbers and emails stolen by the group known as Anonymous came from towns across rural America - places like Gassville, Ark. and Tishomingo County, Miss., where officers don't usually have to worry about international hackers.

That may have made them an easy score.

The loosely-knit hacking collective said Saturday that it attacked 70 mostly rural websites in the United States in for the arrests of its sympathizers. Some county sheriffs said they were told about the hacking, but others appeared to learn of the scope of what had happened only when contacted by The Associated Press.

Web said the cyberattack shows that no website is too small to avoid hacking, especially as more upload sensitive information about investigations, and officers to their sites.

"It seems to me to be low-hanging fruit," said Dick Mackey, vice president of consulting at Sudbury, Mass.-based SystemExperts. "The smaller the organization, the more likely that they don't think of themselves as potential targets. They're not going to have the protections in place that a larger organization will have."

Many of the sheriff's offices outsourced their websites to the same Mountain Home, Ark.-based media hosting company, Brooks-Jeffrey Marketing. If Brooks-Jeffrey's defenses were breached, that would give hackers access to every website the company hosted, said Kevin Mitnick, a security consultant and former hacker.

Brooks-Jeffrey declined to comment.

Most of the sheriffs' department sites, if not all, were either unavailable for most of Saturday or had been wiped clean of content. Some had started to reappear online Saturday evening.

The emails were mainly from sheriffs' offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi. Many of the leaked emails appeared to be benign, but some of the stolen material seen by the AP carried sensitive information, including tips about suspected crimes, profiles of gang members and security training. At least one email had material - including pictures of teenage girls in their swimsuits - that Tim Mayfield, the police chief in Gassville, Ark., said was sent to him as part of an ongoing investigation. Mayfield declined to provide more details.

In another email that Anonymous posted, a police tipster wrote that his uncle was a convicted sexual offender who was homeless and hanging around an area Walmart and other places where children were. Another tipster wrote to police that she and her neighbors could smell drugs coming from a house.

The leaked information also included five Anonymous said were used to make "involuntary donations." At least four of the names and other personal details appeared to be genuine. One person confirmed to the AP that his credit card had been used improperly.

In a statement, Anonymous said it leaked "a massive amount of confidential information that is sure to (embarrass), discredit and incriminate police officers across the US." The group said it hopes its disclosures would "demonstrate the inherently corrupt nature of law enforcement using their own words" and "disrupt and sabotage their ability to communicate and terrorize communities."

The group did not say specifically why these sheriffs' departments were targeted, but Anonymous members have increasingly been pursued by law enforcement in the United States and elsewhere following a string of high-profile data thefts and denial of service attacks - operations that block websites by flooding them with traffic. FBI spokesman Steve Frazier did not return several messages Saturday seeking comment on the latest .

The group celebrated its success in several messages posted Saturday to Twitter and hinted that more attacks were to come. In one tweet, it poked fun at local sheriffs: "Time to wake up, boys."

Small agencies often need to do more to protect themselves, even if they don't have as much staff or money as larger cities, Mackey said. One major step is demanding better security from the companies that host their sites.

"I think it behooves anyone who stores sensitive information to basically put the pressure on the vendors who create their websites to do a good job of protecting those sites," Mackey said.

Many sheriffs said they weren't using their sites to store Social Security numbers or other highly sensitive data. John Montgomery, sheriff of Baxter County in northern Arkansas, where Brooks-Jeffrey is located, said his department's website has been used in the past to help track down suspects and get information to the public.

"We are going to continue using the Web," said Montgomery, whose website was taken down. "Are we going to have to be smarter in how we use the Web as far as security? Sure. We'll have to look closely at the security measures that go into place."

Montgomery said the department would also check its internal servers for any weaknesses, and he encouraged other county sheriffs to do the same.

Explore further: 2 tabloid journalists charged with phone hacking

5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Hacker group declares cyber war on US police

Aug 07, 2011

A hacker group on Saturday claimed it has "defaced and destroyed" websites at scores of US police agencies in retaliation for the arrest of suspected peers accused of hacking into the CIA, British crime agency SOCA, and ...

LulzSec computer hackers release Arizona state files

Jun 24, 2011

Computer hackers who have hit the websites of the CIA, US Senate, Sony and others have released hundreds of documents from the Arizona Department of Public Safety (AZDPS) in their latest cyberattack.

Ariz. police confirm 2nd hack on officers' email

Jun 30, 2011

(AP) -- A second computer hacking attack in as many weeks against Arizona state police targeted the personal email accounts of some of its officers, an official confirmed Wednesday.

Dutch police investigate apparent hacker attack

Dec 10, 2010

(AP) -- Police said Friday they are investigating if hackers were responsible for taking down websites of police and prosecutors in the Netherlands after the arrest of a 16-year-old for involvement in a cyberattack on several ...

LulzSec member says group is 'bored'

Jun 26, 2011

A member of a publicity-seeking hacker group that sabotaged websites over the past two months and has announced it is dissolving itself says his group wasn't disbanding under pressure from the FBI or enemy hackers.

Recommended for you

Country Web domains can't be seized: regulator

2 hours ago

The Internet's regulatory authority said Wednesday that country-specific Web domains cannot be seized in court proceedings, as it sought to quash an effort to recover assets in terrorism-related lawsuits.

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Skeptic_Heretic
not rated yet Aug 08, 2011
Probably more due to the lack of internet savy in those areas than the ease of access to targets.
krundoloss
not rated yet Aug 08, 2011
Well they did hack SONY, little web hosting companies are easy prey. I know about rural computer users, they want things EASY and they generally don't care about security. They could make a run through virtually Every small hosting company if they wanted to, its just how smaller companies do it.
Magnette
not rated yet Aug 09, 2011
Probably more due to the lack of internet savy in those areas than the ease of access to targets.


Probably a combination of that plus much smaller financial budgets restricting the amount they can spend on the necessary software.
ScienceLust
not rated yet Aug 09, 2011
This story is to change your definition of hacker into terrorist.Many stories like this are headed our way.