A hacktivist has successfully stolen data including email addresses from three UK police websites in an attack apparently in support of Wikileaks’Julian Assange.
Published on Pastebin under an ‘OpFreeAssange’ banner, the data taken from three police sites - Hertfordshire and Nottinghamshire Constabularies, and police.co.uk – was fairly low-level by recent breach standards.
The most significant included email addresses, account passwords and PINs of police staff working on the Safer Neighbourhoods scheme. IP addresses were also exposed but most of the harm will be simple embarrassment.
"As a precaution these pages have been temporarily disabled whilst the circumstances as to how this information was obtained is investigated,” read a statement form Hertfordshire Police.
"There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromised,” it said.
The hacker’s motivation appears to be simple nuisance.
“I am not a member of Anonymous. Do whatever the f*** you want with this information i don't give a f*** !, read the hacker’s message. This is nothing big not some l33t h4x shit ... but this tells how insecure the Web is …”
As of 31 August, only Hertfordshire’s website was still unavailable.
“Public sector organisations need to understand that, by hosting sites with third parties or outsourcing such important services to system integrators, does not take responsibility away from those who are employed to ensure the security of “our” data,” commented Stonesoft UK and Ireland manager, Ash Patel.
“It is time that it was made clear that the responsibility lies with the government and its employees in the same way that the nation’s security lies with the armed forces,”he added.