On Wednesday we heard additional documents had been leaked from the Arizona Department of Public Safety (DPS). “Will this ever end?” has to be the most commonly-asked question in Arizona nowadays at the DPS. The original attacks last week were claimed by the group LulzSec, which was making the rounds exposing private information through hacking endeavors purportedly aimed at organizations it felt need exposing for “evil deeds.”
What is interesting is the length of this hack. Normally after a breach an organization licks its wounds, sends out some press release and tries to go on about the business of restoring confidence with those they serve. Usually, this means some very high tension, but short timeframe remediation effort, zero seconds to fix the problems would be fine with management. A hack that lasts multiple days has to be unbearable, both from the perspective of the sheer quantity of data stolen as well as loss of trust. Ask Sony, after recent events they have first-hand experience.
DPS suspended e-mail service to its employees on Wednesday in order to stem the attacks, and acknowledged in a press release that the hacker group “appears to have gained access to the personal email accounts of at least eleven DPS employees. The cyber terrorism group has posted the stolen information on its website.”
They are also careful to state, “We would like to make it clear that these intrusions have in no way affected public safety, or the ability of the agency to conduct its mission. The department’s mission is to protect the citizens of Arizona and we will continue to do so every day in a professional manner.” Still this series of events will take years of mischief-free operations on all of DPS’ part to bolster public confidence.
This time, the credit for Wednesday’s breach is claimed by AntiSec, a group of former LulzSec members, which had fragmented into various groups. AntiSec states that their “Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.” Continuing further, “If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.” While no servers have observed possessing traces of lizard blood, this group appears poised to press on, in whatever iteration they find themselves.
It is still unclear what attack methodology was used, we hope DPS will be forthcoming once proper forensic investigation has been affected. Surely they will bolster their security stance. Either way, attacks of this type are a warning bell to determine what your organizations security posture is, defending against ever-changing attacks is a moving target, but one that needs to take a proactive approach.
Author Cameron Camp, ESET