BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: German Federal Police servers compromised

From: security curmudgeon <jericho () attrition org>
Date: Tue, 12 Jul 2011 02:40:29 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html

The H-Security
8 July 2011

A group calling itself NN-Crew says it has broken into a server used by 
Germany's Federal Police and stolen a large amount of data used to 
GPS-track suspects under surveillance. The police apparently used the 
hacked server as a data pool and server to download GPS tracking software; 
it also contained instructions for installation and operation of that 
software. Criminal investigators require authentication for server access. 
The surveillance data published by NN-Crew included several usernames and 
passwords along with telephone numbers, license plate numbers, locations, 
and coordinates. Numerous internal documents used by the authorities were 
also stored on the server.

A spokesperson for the German Federal Police said that an "analysis 
conducted by our executive committee revealed that no investigation data 
used by the Federal Police (or by the Federal Criminal Police Office) was 
published. As far as we can tell at the moment, the data published came 
from a server used by customs officials, which apparently also contained 
information from the Federal Police on the use of the PATRAS tracking 
system for distribution among customs officials." The spokesperson also 
said that the server of the PATRAS geo-data system has been temporarily 
switched off for security reasons and that all users have been informed.

The spokesperson added that the Federal Police are currently working with 
customs officials to check whether the data contained any critical 
information. The National Cyber Defence Centre at Germany's Federal Office 
for Information Security will also be looking into the matter. The event 
is especially embarrassing for customs officials, who are probably at 
fault, because they themselves are (associated) members of the Cyber 
Defence Centre.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: