[Infowarrior] - German Federal Police servers compromised

Richard Forno rforno at infowarrior.org
Sun Jul 10 18:14:09 CDT 2011


German Federal Police servers compromised
http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html

A group calling itself NN-Crew says it has broken into a server used by Germany's Federal Police and stolen a large amount of data used to GPS-track suspects under surveillance. The police apparently used the hacked server as a data pool and server to download GPS tracking software; it also contained instructions for installation and operation of that software. Criminal investigators require authentication for server access. The surveillance data published by NN-Crew included several usernames and passwords along with telephone numbers, license plate numbers, locations, and coordinates. Numerous internal documents used by the authorities were also stored on the server.

A spokesperson for the German Federal Police said that an "analysis conducted by our executive committee revealed that no investigation data used by the Federal Police (or by the Federal Criminal Police Office) was published. As far as we can tell at the moment, the data published came from a server used by customs officials, which apparently also contained information from the Federal Police on the use of the PATRAS tracking system for distribution among customs officials." The spokesperson also said that the server of the PATRAS geo-data system has been temporarily switched off for security reasons and that all users have been informed.

The spokesperson added that the Federal Police are currently working with customs officials to check whether the data contained any critical information. The National Cyber Defence Centre at Germany's Federal Office for Information Security will also be looking into the matter. The event is especially embarrassing for customs officials, who are probably at fault, because they themselves are (associated) members of the Cyber Defence Centre.

Screenshot from the NN Crew web site   NN-Crew says it is politically motivated and conducted the attack to protest "constant monitoring" by officials. "This constant monitoring can no longer be tolerated. You have violated numerous privacy rights and data protection laws. Starting now, every vulnerability will be shamelessly exploited, and we will leak everything we get our hands on in order to cause the greatest damage to the image of the enemies of freedom. As long as the government and large corporations steal from, lie to, and spy on citizens and have nothing better to do than think about how they can expand their power and pile up even more money, we will continue to work to protect the rights of citizens in this country," the hackers write on their web site. However, the web site is currently not reachable.


More information about the Infowarrior mailing list