First it was a high-profile hack attack last Christmas against Stratfor, a Texas-based security firm; next they brought down the website of a much larger prey — the U.S. Central Intelligence Agency.
While these sophisticated cyber intrusions carried out by Anonymous, the angry rebel “hacktivist” group speaking for the disenchanted American left, may have seemed faraway, they have apparently now struck much closer to home — the confidential databases of the Tamil Nadu police.
Late on Sunday night what appeared to be Anonymous’ India ‘chapter,’ operating under the Twitter handle “opindia_revenge,” posted files online showing a wide range of complaints made to the Tamil Nadu police and responses by law enforcement officials, including private data references such as email and physical addresses, and some redacted phone numbers.
Many of the complaints concerned local law enforcement issues, including attempted cyber crimes.
For example one entry read: “Regarding Harassment by Mr. D.J********** Tel: 9******0** and thru him Mr. C************* 9*9*09**** and another person name not known Tel 9****9*99*.\rSir,\rI have been harassed illegally by the three above. I had purchased land from Mrs. V*********** wife of Mr. J********** residing at *9,**** Street or **A *** Street Karumalai Chettipalayam ,T*********** Village Coimbatore-***00*.in S.F.No ***/*B V*********** details are enclosed in a separate letter herewith along with copies of all documents.”
Another unusual case entry read: “This is fully fake money offer known as NIGERIAN SCANDAL. Avoid this kind of fake money offers. For further assistance you contact The Inspector of Police, A**** Town Police Station for further assistance. Your complaint was forwarded to A**** Town Police Station for your assistance.\r\rSir,\r From your on-line complaint, I wish to say that The Inspector of Police, A**** Town Police Station investigated your complaint and the enquiry reveals that from the above fake advertisement there was no loss of money for you. Also you are enquired by the police and you rottenly stated in the police station there was no need for further action for this on-line complaint. In future you are advised to omit this kind of fake SMS and e-mail. Hence, further action for this on-line complaint has been dropped. This is for your information.\rWith Regards.\r.”
Other entries relate to a wide range of complaints from land disputes and missing person cases to disputes relating to vehicle accidents and petty theft, sometimes involving electronic fund transfers from the accounts of major banks such as ICICI. In many cases the only police response recorded typically noted that the complaint had been received and forwarded to the relevant officer.
If the database exposed is in fact confirmed to belong to the Tamil Nadu police, the incident may well be an embarrassment of epic proportions for the State government in terms of lax cyber security standards.
While Anonymous has been loosely linked to the Occupy Wall Street movement in the U.S., it has adopted a darker, more aggressive tack than the largely peaceful street protests against corruption and greed in high finance. After causing some cyber-damage to Stratfor and the CIA, the U.S. state of Alabama found its websites hacked too, apparently in response to “Alabama’s recent racist legislation in an attempt to punish immigrants as criminals.” Other targets that Anonymous has trained its guns on include the Arizona State Police, Nintendo, Sony and even Rupert Murdoch’s News International group and film studio 20th Century Fox.
In some of the cases, data removal was also accompanied by distributed denial of service (DDOS) attacks, where sites were flooded with traffic until they crashed. The Tamil Nadu police would appear to have been spared that variety of hack at least, as the site seemed to be functioning normally on Monday night. However in what might be an attempted cover-up, or perhaps complete ignorance of the potential exposure, there was absolutely no mention of data theft on the main page of the website.
