Hackers Leak Canadian Officials’ Creds to Protest Surveillance Legislation

A group acting in the name of Anonymous claim to have published personal details that were maintained in an insecure Intelligent Transportation Systems (ITS) Society of Canada website.

In the hackers’ chatroom, a user named ro0ted purported to still have access to the site when contacted by Motherboard on June 23, about three hours after the database was posted to a document-sharing website.  

ro0ted said the leak was in "retaliation for the passing of Bill C51”—a controversial piece of Canadian anti-terrorism legislation recently signed into law.

ro0ted said their group has a list of future targets, but no schedule for attacks. One user who went by the name of Doemela in the chatroom said that the attackers "scan domains beloging [sic] to Canada" and "when there is a vulnerability it is investigated further."

"We said we would respond in order to prevent the NSA and other intelligence contractors from the further invasion of our privacy and violation of our rights," Doemela said.

The hacktivists claimed that everything in the system was stored in plaintext, or unencrypted. Passwords, the last four digits of credit card numbers, and what appears to be the financial amounts of transactions can all be identified in the dump.

ITS Canada administrative manager Janneke Poelking said her group "was made aware of the hacking of our website by a member of ITS Canada. We are working with Biz-One on this at this moment, and this is all that I can say."

Biz-One is listed as the developer of the society’s website.

The attack allegedly exposed data belonging to private sector companies and industry groups, as well as employees from a swath of transportation-related agencies from municipal governments in Toronto, Ottawa, Montreal and Calgary; provincial governments of Ontario and Alberta; and federal departments such as Foreign Affairs, Trade and Development Canada, Environment Canada and Transport Canada.

The data includes the names, email addresses, phone numbers, and partial credit card information of government employees.