HPD security breach appears to be linked to "anti-American" hacking campaign

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.hawaiinewsnow.com/story/22176979/hpd-security-breach-appears-to-be-linked-to-anti-american-hacking-campaign

HONOLULU (HawaiiNewsNow) -

HPD has confirmed one of their databases containing information about
the public has been hacked. Officials say anyone who has ever signed
up for an "HPD alert" using their email address or phone number has
been exposed. They say this includes more than 3,500 entries listing
individual's full names.

The group that is claiming responsibility appears to be affiliated
with an "anti-American" cyber-attack campaign targeting U-S financial
and governmental institutions.

A list of more than two dozen HPD personnel names, phone numbers,
email addresses and log-in passwords popped up on several
hacker-affiliated websites overnight.

The group taking credit for the website breach is "X-Blackerz Inc".
They posted a link to the leaked information on their Facebook page
using the hashtag "#OpUSA", which according to their webpage is an
on-going cyber-attack campaign coordinated through Twitter and sites
like Pastebin.

According to an image that has been circulating online, #OpUSA is
quote: "for the children of Iraq, Gaza, Pakistan, Afghanistan and all
victims of American drone violence".

The photo, which features a skull and the American flag, goes on to
say quote: "Hurt the only thing the American Government cares about
money". "X-Blackers" claims to have hacked into at least 100 other
U.S. websites, though no other police department's appear to have been
impacted at this time.

Local cyber security expert and former Honolulu Police detective,
Chris Duque, says these hacks should be taken seriously.

"This puts everyone at risk. Personal information is much more
valuable these days than the actual money in your pocket, in your
purse, or in the bank— information is the new commodity," said Duque.

"Everyone is vulnerable - everyone is vulnerable to some kind of cyber
attack," Duque explained, before describing how difficult it can be to
catch the people who are responsible.

"Unfortunately, it's a see-saw battle. Sometimes you win, sometimes
you lose. We're trying to keep up, but it's hard because of the
limited resources the government has versus the bad guys. The bad guys
really have unlimited resources, because all their resources they
steal," said Duque.

The Honolulu Police Department released the following statement Monday evening:

"The Honolulu Police Department announced today that its "HPD Alerts"
database was accessed by an unauthorized person or persons this
weekend, and subscribers' names, phone numbers, and email addresses
were compromised. HPD Alerts was a pilot program to provide breaking
information to the public. It was recently discontinued due to
technical problems not associated with the cyberattack.

The HPD has since removed the database and implemented additional
measures to protect the information. At no time did the breach affect
police services.

For more information, subscribers should contact honolulupolice () honolulupd org"

Follow Mileka Lincoln on Facebook: facebook.com/MilekaLincoln.HNN or
on Twitter: twitter.com/MilekaLincoln

Copyright 2013 Hawaii News Now. All rights reserved.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.