Now what has been labeled OpFreeAssange is gathering pace, with hacktivists hacking and DDoS’ing a growing number of organizations – some because they are government-related and others just perhaps because they can. The Cambridge University hack may be one of the latter – surprising even @AnonOpUK, who tweeted, “Why are people hacking universities for #OpFreeAssange? #Assange and #WikiLeaks stands up for freedom of knowledge! I just don't get it :/.”
But one thing is clear, this isn’t just another example of script-kiddie supporters aiming their LOIC at specified targets at a specific time – these are genuine hackers (sometimes the team called NullCrew, often a hacker known as 0x00x00) using their skills to break into, deface and steal data. A quick scout around the internet while writing this report found 0x00x00’s trademark Assange poster inserted, and still live, on the home pages of hand2hand-recruitment.co.uk, the Northern Ireland Home Office, and Norex.
LOIC, or something similar, is still being used, but often by small groups seeking notoriety and with little or only short-term effect. @Anon_Central was forced to request, “Dear Anons from #OpFreeAssange, please check your targets before you tweet tango down. #fail >http://www.justice.gov.uk is up.” In fact, the recent hack of Labour MP Peter Hain’s website, and data dump on Pastebin included the claim, “I am not a part of Anonymous DDOS kids,” yet still used the name of OpFreeAssange. At the time, Hain claimed it was ‘intimidation’, perhaps forgetting that as a young man he had dug up the Lords cricket pitch in a protest against apartheid.
The big news today, however, is the Hertfordshire Constabulary hack. The available information is, as usual, confused and confusing. The BBC today reports, “The data, including phone numbers and IP addresses, relates to a number of officers in Safer Neighbourhood Teams.” The Hertfordshire Constabulary said, “There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised.” But yesterday, the hacker – likely to be 0x00x00 – said, “This is nothing big not some l33t h4x shit...” (echoing the Peter Hain hacker who said, “This is not anything hard its simple sqli shit & a IIS exploit...”) when he dumped his lifted data on the internet.
Although the BBC report talks only about Hertfordshire Constabulary, the data dumped seems to come from three separate sites: www.police.uk, www.snt.herts.police.uk and www.nottinghamshire.police.uk. Catalin Cosoi, chief security researcher at Bitdefender, points out that “The unknown attacker extracted from the second breached website what appear to be police officers’ e-mail addresses, passwords to those e-mail accounts and a list of PINs probably employed as additional safety tools.” He added that “Several user logs have also been made public, exposing a list of employee names and corresponding IPs that could be used in cyber-crime operations requiring identification of a specific machine, containing a particular type of data.”
What worries Ash Patel of Stonesoft, however, is that the police only became aware of the hack after the data was dumped. “This raises an important question as to what other damage may have been caused and whether any other data was stolen that the force is currently not aware of” – or if any trojans “may have been left as sleepers in the database/network.”
Be that as it may, this feeding frenzy is likely to continue for some time – or at least until the current perpetrators are arrested. There is certainly no indication that the police outside the Ecuador embassy might stand down any time soon.