Saturday 25 June 2011

LulzSec Arizona Leak: We Called Public Safety Officers' Cell Phones, and They're Not Laughing

lulzsec.jpg
LulzSec, the anonymous hacker group best known for attacking NPR Sony and wiping the CIA website, took the hacker mission beyond lulz this week with a political statement against Arizona law SB 1070: "Chinga la Migra." (Glossary break. Lulz is like, out-loud laughs, usually personal jokish, usually at someone else's expense. Chinga la migra means fuck the po-lice. Moving on.) Whether these vindictive nerds actually care about the plight of the undocumented immigrant or whether they're just piggypacking popular anti-Arizona sentiment as an excuse to breeze through some dinosauric local-government spyware...
... has yet to be determined. But the LulzSec hack into the Arizona Department of Public Safety servers yesterday was the groups's most significant yet -- both in terms of volume and personal impact at the other end.
We began by calling Lieutenant Larry Parks, from the DPS' Highway Patrol division, on his cell phone. "You're the first one who's called," he says.
And he's surprised. Although Parks says he has no clue "what they put on there," he didn't think his cell phone had been leaked. (Parks' number was not included in the LulzSec press release, like a few of the other officers; instead, interested parties had to download the 470 MB file to find it. Call us devoted.) The officer says he feels terrible for a few of his colleagues, who had their personal info -- wives' names, home addresses, cell phones -- posted on the "Chinga la Migra" home page.
"I find that a little disconcerting," he says. "It makes it a little personal -- makes you worry every time the phone rings."
We called the rest, too. Steven Loya's cell had been disconnected. Horacio Lomeli and Daniel Scott's phones went straight to message. And Charles Springstun Jr., turns out, had gone so far to get a stuffy lawyer-sounding lady to record the following public service announcement for all callers:
"You the public have been victimized by Internet hackers attempting to incite harm, riots and disobedience by stealing the Springstun identity and the employee identities from the Department of Public Safety. DPS employs police officers, secretaries, records clerks, photographers, mechanics, forensic experts and many other occupations of all races and ages. ... Mr. Springstun was a retiree, but due to the economy, had to seek employment and was hired by DPS earlier this year. ... The Springstuns have not made any statements or opinions on the Internet. the Springstuns have not sent or made made any emails, statements or opinions on SB 1070."
Parks says DPS has "launched an investigation" into how such a security breach was made possible. (Good luck with that. Judging by the DPS web correspondance released by LulzSec, officials are still on page 2 of their 'puter manuals.) FBI spokesman Manuel Johnson says, ever cryptically, that it "wouldn't be uncommon for the FBI to assist" in such an investigation -- but the FBI isn't exactly one step ahead of the Lulzers, either.
However, Parks does confirm that the DPS email server can now only be accessed from within department buildings -- making much of the leaked login/password info pretty useless to the general public.
We asked him what he thinks LulzSec wants to get from all this.
"I'm familiar with what an anarchist group is," he says, "but we don't really run into these kind of individuals in my part of the state."
Parks says he patrols the "rural northeast" -- where towns aren't likely to come much larger than 6,000 people. He tries to think of an equivalent near Los Angeles, but can't. "I'm kind of in the sticks," he says.
Because of the smalltime, intimate nature of the e-mails in LulzSec's mass download (and with no time for redactions, a la Palin's Alaska stock!), the DPS correspondence contains many a facepalmy, "Reno 911" moment, like when officers can't get their dial-up Dells to work, or when they use their government accounts to talk about their wives' labor pains. Awkward.
But there are also borderline admissions to racial profiling, by way of warnings to each other -- having everything to do with SB 1070, and making the alleged LulzSec mission, well, kind of accomplished.
For instance, re: ACLU racial-profiling probe, one official says:
"The statistics are from our own data. We need to monitor our personnel and act if there are indications of bias. If we fail to act, I am confident that an outside entity will be established to act for us."
Officers are also very wary of the media:
"Though media representatives may tell you that all of them are critical and time sensitive... if in doubt as to whether a release is time sensitive, it is probably not. Please do not overuse this option."
In one Yuma County traffic stop, a vehicle is pulled over because it looks "suspicious" (aka, has brown people inside); soon after, both driver and passenger are found to be "illegally present in the United States." Kind of hard to pretend that one didn't put a little profiling to use.
The emails and attachments go on in that fashion. No blatant admissions, but lots of gaps in judicial process and cautionary tales between coppers.
Best of all, though, are the hilariously designed "newsletters" and various for-dummies guides (i.e., "How to Crack Your Child's Secret Online Language") circulated within the department. As with the Palin emails, the leak is more embarrassing than anything. Very "The Office." (Boing Boing has a pretty nice collection of excerpts going, too.)
Still, one non-lulzy thing is clear: Arizona law-enforcement officials, however bumbling, knew not to be blatant.
We'd be very interested to see a leak like this in SoCal, perhaps in Orange or San Diego Counties -- those closet Yumas where officials feel they can get away with anything under the guise of being a liberal blue state. Not that we're asking a major hacker group for a highly illegal government breach or anything. Ahem.
[@simone_electra/swilson@laweekly.com]
Simone Wilson @'LAWeekly'

No comments:

Post a Comment