Hacker group LulzSec has struck again, this time targeting Arizona law enforcement by releasing thousands of pages of confidential documents and communications presumably acquired in a security breach. Among those documents are several that show law enforcement’s special interest in the iPhone and other smart phones.
One document, titled “iphone apps- used against officers.doc”, is classified “Law Enforcement Sensitive” and lists several apps of which officers should be aware. These include an app called “Cop Recorder,” which according to the police document “can be activated while in a pocket and record everything the officer is saying,” as well as a speed trap avoidance app and a police tracking app, and an app for jailbroken iPhones that turns the device into a scale in grams or ounces.
“Take the time to look at an arrestee’s cell phone to see what applications they have,” the document advises officers.
Another iPhone-related document is an “Awareness Brief” from the Department of Justice dated June 2009. It outlines the then-new “Find my Phone” and “Remote Wipe” features unveiled with iOS 3.
It warns officers that iPhones seized as evidence should be immediately shielded from wireless signals in a faraday bag or similar container to eliminate the possibility of remote wiping.
The document also advises: “It may be possible to locate the user of an iPhone using this ‘find my iPhone’ feature. (with appropriate legal authority)”.
Arizona police have confirmed that the documents are authentic, issuing a statement saying:
“The Arizona Highway Patrol Association (AHPA) was made aware that hackers, that identify themselves as LulzSec, released confidential information from the Department of Public Safety’s (DPS). AHPA is concerned that the files released could jeopardize the safety of many DPS officers and employees.”
“Law enforcement officials go to many lengths to protect their identities,” said Jimmy Chavez, President of the AHPA. “These individuals maliciously released confidential information knowing the safety of DPS employees, and their families, would be compromised. A threat to release more DPS files demonstrates how heinous the hackers are willing to act. The AHPA would like to see the people brought to justice and prosecuted to the highest degree of the law.”