Another BART website was hacked yesterday, with the attackers – who may or may not be members of the Anonymous group – releasing the private data of more than 100 BART police officers.
The home addresses, email addresses and passwords, obtained from the BART Police Officers Association, were posted on Pastebin.
The attack is the latest reponse to BART’s decision to shut off cellphone service last week in anticipation of demonstrations against the shooting of a homeless man in July.
The site was initially hacked by Anonymous, which later called for a physical demonstration which led to the shutting of four stations earlier this week.
Anonymous, though, hasn’t claimed responsibility for the latest attack. But someone has – a person known as Lamaline, who describes him or herself as ‘not a hacker’, saying it was a first attack.
In an IRC chat, he or she says: “This really was the easyest thing. The had 0 security,” adding: “For starters, using microsoft SQL is not theire best choice.”
Even Anonymous itself seems uncertain as to whether the hacker is a member of the loose collective, warning: “The leak today could be the work sanctioned by those who truly support anonymous, or agent provocateurs. Stay skeptical.”
The website is still down.
“It seems likely that a vulnerability on their site will have let the hackers access the police officer’s database,” says security expert Graham Cluley of Sophos.
“Clearly the information had not been properly secured. In the current climate of high profile hacks that’s not excusable. Other forces would be wise to look at their own sites and make sure that they are not similarly vulnerable to attack.”