Update: Arizona police have stated the leaked documents appear to be authentic: "Spokesman Steve Harrison of the Arizona agency said the documents appeared to be authentic and said LulzSec most likely accessed them via the email accounts of eight officers." [Source]
LulzSec's "Operation Anti-Security" has officially kicked off with its first release, a day earlier than expected. LulzSec has posted the following press statement in regards to the leak:
We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.
The documents classified as "law enforcement sensitive", "not for public distribution", and "for official use only" are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.
Every week we plan on releasing more classified documents and embarassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust "war on drugs".
Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world. See you again real soon! ;D
Though I have not had a chance to dig deep into the information (in-depth analysis from ZDNet's finest is soon to come), what accompanies the press release is enough to see that the information is as bad as it sounds -- especially to the individuals who have had all of their personal credentials leaked for all the world to see. In one case, an officer's wife is identified along with her email address.
No one is spared in this release.
Still unclear at this point is how vast the reach of LulzSec goes, but this release shows that it doesn't particularly matter. With no names and no definitive numbers of people, there is no telling who all this group is comprised of; the perfect scenario for talented hackers looking to exploit behind anonymity in numbers.
Unfortunately, they have now proven they have the wherewithal to secure classified documents and personal information beyond that of what simple database exploits have yielded thus far. And this is just the beginning.
LulzSec has stated that there is more to come on Monday. Stay tuned and fasten your seat belts, because it's going to be a bumpy ride as the ante has just been upped considerably from simple DDoS attacks "for the lulz" to cause-driven releases.
-Stephen Chapman SEO Whistleblower
- Suspected LulzSec player arrested, in custody in London
- LulzSec: Is it too cocky for its own good?
- CNet News: U.K. press puts name to LulzSec suspect
- CBS News: LulzSec responds to UK hacker arrest
- LA Times: LulzSec outs snitches