Hacker’s phone call to police saying he defaced their website.. because he was bored

Graham Cluley
Graham Cluley
@[email protected]

AntiSecA number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.

One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.

In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.

Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public.

Sign up to our free newsletter.
Security news, advice, and tips.

What’s perhaps most bizarre, however, is that a recording has come to light of a hacker phoning up one of the hacked police departments.

The caller speaks with a British accent and claims to be calling from England, via Skype (which explains the poor quality).

After being batted around the police department’s telephone system for a while, and listening to some funky muzak, he eventually ends up speaking to a public information officer.

Here is a recording of part of the call:

And here’s a partial transcript:

Caller: Your website has been defaced.

Police official: Yes, we’re in the process of uh.. investigating it, but apparently someone hacked into our website, but we’ve..

Caller: Yeah that was me.

Police official: .. shut the website down at this time.

Caller: The person who did it was me.

Police official: You hacked into the website?

Caller: Yes sir.

Police official: Would you like to tell me why you did it?

Caller: AntiSec.

Police official: Is there a particular reason that you did it? Are you trying to prove a point? Or are you just picking on for us any particular reason? What’s the problem?

Caller: Just got a bit bored, y’know.

Police official: I can’t hear you sir.

Caller: I said, I said I got a bit bored.

Police official: You got a bit bored?

Caller: Yeah.

Police official: That’s fine. Alright, well.. perhaps I can break your boredom if we can trace you back and come and put you in jail, we’ll get a warrant for you – how’s that?

Caller:Well, I’m not in America.

Police official: That’s okay. That’s alright. It doesn’t make any difference where you’re at.

Caller:So you’re gonna [laughs] come and get me?

Police official: I’m gonna get on a plane in the next few minutes and head that way, start looking for you somewhere.

Caller:Bring it on.

The Boston Police department has asked all personnel to reset their passwords, and says that it is launching a full investigation into the reported incidents.

Boston police hacking advisory

Meanwhile, the IACP website is still unavailable – clearly the site’s administrators were more comfortable with visitors seeing a holding page than the defaced version which included an anti-police rap video:

IACP website

For more information on securing your website download our technical paper “Securing Websites” published by SophosLabs. In addition to advice on common attack techniques including SQL injection, the paper also discusses establishing a secure foundation for your site and how to deal with external service providers.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.