As protests over the death of George Floyd in Minneapolis have spread across America, cyber attacks targeted Minnesota police. In particular, on Sunday, Anonymous claimed responsibility for an attack that destroyed the website of the Minneapolis Police Department, while they published a set of email addresses and passwords that had been stolen. A closer look at the leaks of 798 email addresses and passwords doesn't seem to have stolen data, which means they've actually been "repackaged". data from previous leaks and cyberattacks that had nothing to do with the assassination of George Floyd. THE Troy Hunt, researcher security and founder of the Have I Been Pwned database, looked at their list credentials connection released and found that 95% had already leaked due to previous breaches. The use of old, stolen credentials is nothing new, as cybercriminals often repackage data to sell it as new leaks. In April, a document containing 25.000 addresses came to light. e-mail as well as leaked passwords belonging to members of the World Health Organization and the Centers for Disease Control, data also compiled from an earlier hack.
With the latest leak, Anonymous appears to be taking advantage of the outrage that has erupted against police brutality, in order to spread false and misleading news, thus strengthening the misinformation on the Internet. In particular, Hunt said in an interview that there is this social anger in Minneapolis and people need to believe that this hack team will do something, since for many, Anonymous symbolizes social justice. There were many signs that led Hunt to conclude that the leaked credentials did not come from a new breach. Aside from the fact that 95% of them were already available to the public, it had found 87 email addresses that had been repeated. If it was a new hack, the database would not have the same email addresses with different passwords. The number of weak passwords in the data set also raised suspicions, Hunt added. He found passwords that were only two letters or codes PIN, which are very unlikely to be allowed for internal connection networks of a big city. Most likely, the so-called leak came as a collection of "@ minneapolis.mn.us" email addresses with passwords from previous breaches, including data from sites such as LinkedIn.
Some of the passwords and email messages work for other accounts. Hunt said one of the credentials worked to connect to the account Twitter an employee in Minneapolis. This is most likely due to the fact that the majority of people use the same passwords for many accounts, rather than a new breach.