UPDATE: See below for text of a conversation with an anonymous hacker who takes credit for hacking the BART police site.
Someone has hacked into a database of BART police officers held on bartpoa.com and released names, addresses, emails, and passwords for 102 BART officers.
On a Twitter feed for user @AnonyOps, which was used by the international hacking group Anonymous over the past several days to deliver an almost minute-by-minute account of the Aug. 15 downtown San Francisco BART protests, a post went up at 10:55 a.m. Aug. 17 which read, “The bartpoa.com database was just hacked and released.”
NBC Bay Area news is reporting that Anonymous was responsible for breaking into the police officer database, and that the FBI is looking into the matter. A recent report included this statement from BART:
We condemn this latest attack on the working men and women of BART. We are deeply concerned about the safety and security of our employees and their families. We stand behind them and our customers who were the subject of an earlier attack. We are deeply troubled by these actions.
However, Anonymous is not taking credit for this hack.
At 11:15 a.m., another post went up on the same feed, which read, “FYI, No one claimed responsibility for the hack. Some random joe joined a channel and released the data to the press.”
Another message was posted at 11:18: “The thing about anonymity is, you can can claim allegiance to any cause. Even if your intent is to hurt that cause. Who can prove otherwise?”
Then, at 11:21: “The leak today of BART officer data could be the work sanctioned by those who truly support anonymous, or agent provocateurs. Stay skeptical.”
UPDATE: A private chat has been posted to the website Pastebin under the title “Anonymous is not Unanimous.” One online chat occurred around 11:20 a.m. on Aug. 17 between a user identified as Lamaline_5mg, who takes credit for hacking the BART police officer’s website, and another user, n0pants, who says, “It is very important to me in all of the different work that I do not to put people at risk.” Here’s the raw text of that conversation, with dates and times:
[08/17/11 11:18] <Lamaline_5mg> I don’t want the media to know anything about the hackers.
[08/17/11 11:19] <n0pants> in what sense?
[08/17/11 11:19] <Lamaline_5mg> I am not a hacker. This is my first attack.
[08/17/11 11:19] <n0pants> ohwow
[08/17/11 11:19] <n0pants> that’s pretty newsworthy too
[08/17/11 11:19] <Lamaline_5mg> I just got pissed about what bart did and learned a lot about Microsoft SQLi.
[08/17/11 11:19] <n0pants> u cover yr ass?
[08/17/11 11:20] <Lamaline_5mg> Sure I do.
[08/17/11 11:20] <Lamaline_5mg> So, what. Is this an interview? XD
[08/17/11 11:20] <n0pants> heh
[08/17/11 11:20] <n0pants> It is very important to me in all of the different work that I do not to put people at risk
can I share that this is yr 1st attack?
[08/17/11 11:21] <Lamaline_5mg> Yet. Of course. Also, say that I encourage anybody to do the same.
[08/17/11 11:23] <n0pants> you got it. anything else you want to add?
[08/17/11 11:24] <Lamaline_5mg> This really was the easyest thing. The had 0 security.
In an earlier conversation taking place around 10:30 a.m., when Lamaline_5mg links to the file containing the police officer information, the hacker encounters resistance from users who are identified by the person who posts it as being part of the Anonymous team that carried out #opBART. “We are not interested in any thing like that,” someone with the user name OpNoPro says. “Please refrain from dropping anybody’s private information anywhere on anonymous’s behalf… not interested in breaching somebody’s privacy… they have a right to it as much as you do.” The same user notes, “Keep the operations separate.”