14 DAY TRIAL // The recent manifestations in Baltimore against the police department have been noticed by hackers operating under the “Anonymous” banner, who sided with the protesters and disclosed to the public some information belonging to the law enforcement organization.
The cache is not large and comprises multiple email addresses, as well as IP addresses for some Internet services used by the authorities.
Minimum information is needed to deploy attacks
According to a tweet from @AnonymousGlobo on Saturday, the servers of the Baltimore Police Department (BPD) have been breached and data found on them has been published on anonymous pasting website Pastebin.
The entry consists in a set of Baltimore Police email addresses followed by IPs for the web server of the website for the webmail and maps services.
Although valid email addresses are not meant to be secret and can be found by anyone via online searches, they can be used by attackers to gain a foothold on the police computer network.
Phishing is one of the most used attack vectors, and combined with good social engineering skills, it can lead to a successful compromise of the system.
Revealing the IP addresses used by the department can also have dire consequences on the activity of the department. Unless the website and its services benefit from proper protection, threat actors can deploy distributed denial-of-service (DDoS) attacks, which are far from expensive.
Luckily, the website of Baltimore Police Department is protected by CloudFlare, a company offering content delivery network and domain name server system services.
Hackers tried doxing the mayor and the governor
Hackers associated with Anonymous are not at the first attempt to attack Baltimore authorities. Some pasting websites have been used to publish personal information belonging to the mayor of Baltimore and the Governor of Maryland.
However, this data was exposed for a short while on April 28, as it was accessed only 22 times. Comparatively, the BPD data is still available online and has been seen more than 3,500 times.
It is unclear how the attacker managed to access the server of the police department or if more sensitive information has been reached, but this sort of incident may inspire others sympathetic with the protesters to take similar action.