Hackers Doxx Fraternal Order of Police, Exploit Alibaba’s Cloud, and Bop TaxSlayer

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Attackers Doxx Biggest U.S. Police Union

A hack at the Fraternal Order of Police has been traced to an IP address in the U.K.

“They were able to feed our system a pseudo-encryption key that the system should not have accepted but did because of software errors,” said Chuck Canterbury, FOP’s national president.

Confidential files, including the names and addresses of officers, forum posts critical of President Barack Obama, and controversial contracts made with city authorities, were published online Jan. 28 after a hacker breached the organization’s website.

In all, 2.5 GB of data was taken from FOP’s servers, dumped online and swiftly shared on social media.

In an online posting, a person using the screen name Cthulhu said he or she had released the files after receiving them from a source who wished to remain anonymous and wanted them made public “in light of an ever-increasing divide between the police groups and the citizens of the U.S.”

In a statement to the Guardian, Cthulhu added, “Our role is simply to present the material in an unadulterated form for the public to analyse.”

Threads from the organization’s restricted online forum were leaked.

A 2010 post by Robert Schafer from Virginia described Obama as an “antipolice, antilaw and order President.” In 2009, Donald Hartman of Indiana condemned the FOP leadership for endorsing the nomination of the “radical socialist” Supreme Court Justice Sotomayor. Anthony Orlando of Tennessee suggested the FOP leadership “follow her lead, step down and give their seats to a minority or smart latina.”

Canterbury blamed “anti-police rhetoric” for the hack.

In the posting, Cthulhu denied being “anti-police.”

Hundreds of contracts between regional authorities and local FOP lodges were posted online. Some such deals have been likened to shielding police officers from prosecution or disciplinary action following use of excessive force.

TaxSlayer Database Popped Open by Hackers

It is believed credentials used to break into the accounts of the tax preparation software firm’s customers were taken from an outside vendor. TaxSlayer refused to identify the vendor or the support function it plays.

“Evidence shows that the unauthorized access did not occur as a result of a vulnerability to our systems," a TaxSlayer spokesperson said. "Nor do we believe that usernames and passwords stored on our systems were accessed and compromised. However, we believe that user credentials, stolen from other sources, were then used to misrepresent our customers and therefore access our program."

TaxSlayer notified the 8,800 affected customers last week that an unauthorized party may have accessed details in their tax returns.

The company learned of the hack earlier in January, as a result of ongoing security reviews.

“The unauthorized third party may have obtained access to any information you included in a tax return or draft tax return saved on TaxSlayer, including your name and address, your Social Security number, the Social Security numbers of your dependents, and other data contained on your 2014 tax return,” the company said in its letter to the affected customers.

ID Thieves Exploit Alibaba's Cloud to Speed Hack Attack

Miscreants obtained 99 million credentials from other websites, and then used the company's Web services to input the details into accounts on Alibaba's Taobao e-commerce site.

Of the 99 million usernames, 20.59 million were also being used for Taobao accounts.

Alibaba's systems discovered and blocked the vast majority of log-in attempts, according to the company.

The hackers were entering the compromised accounts to place fake orders on Taobao, a practice known as "brushing” that raises sellers' rankings. The hackers also sold accounts to be used for fraud.

"Alibaba's spokesman declined to comment on how the hackers were able to use its cloud computing service for the attack," according to Reuters. "He said they could have used any such service, and that the attack was not made possible by loopholes in Alibaba's platform."

The company claims, "Alibaba's system was never breached."

Medicaid ID Theft in Louisiana Claims 13,000 Victims

Keisha Robinson, 43, was arrested Jan. 27 for identity theft, computer fraud, and criminal conspiracy to commit Medicaid fraud after downloading information on more than 13,000 Medicaid recipients from Louisiana Healthcare Connections, a managed care organization.

So far, there is no explanation as to whether Robinson was an employee of Louisiana Healthcare Connections.