http://newsok.com/article/3110406/1188011081 By Josh Rabe Staff Writer August 25, 2007 Someone hacked into computers at three Oklahoma law enforcement agencies and may have stolen private information meant only for police use, the state Department of Public Safety announced Friday. Details of the extent of the security compromise remained sketchy Friday, but officials said only the Elk City and Eufaula police departments and the Kiowa County Sheriff Department were affected. The Department of Public Safety is urging anyone who has had contact with those agencies to check for any suspicious charges on credit cards or to obtain a credit report as soon as possible. Even people pulled over for a traffic stop but not given a ticket could be at risk. "Because this is an ongoing investigation, we are not able to release a lot of information,” said Capt. Chris West, spokesman for the Oklahoma Highway Patrol. West said he could not elaborate on how long security had been compromised at those locations or how many people may be affected by the security breach. "We believe it is a small number of individuals,” West said. "Those individuals will be contacted by the involved law enforcement agency.” What was affected The breach involved information used by the Oklahoma Law Enforcement Telecommunications System, a statewide computer network used by dispatchers to obtain instant access to all types of local, state and federal law enforcement databases. Police dispatchers typically use the system to verify the status of driver licenses, vehicle registration and to check for outstanding warrants and criminal history. Gene Thaxton, telecommunications director for the Department of Public Safety, said central files for the system are stored at his agency and were not affected by the breach. The system is accessible at roughly 380 terminals statewide at law enforcement agencies. Any information accessed by dispatchers that was displayed on their computer screen may have been sent to a third party by a computer virus found on the three affected computers. Both driver license numbers and Social Security numbers are listed in the database along with names and addresses, Thaxton said. How it happened The security breach was the first discovered in the computer network, which has been in use since 1986. West said computers law enforcement agencies use for the Oklahoma Law Enforcement Telecommunications System often serve a variety of other functions, including unrestricted Internet access. Employees at the three agencies apparently accessed "inappropriate or undesirable Web sites,” where viruses were unknowingly downloaded onto the computers, West said. West said he could not elaborate on the type of sites in question, but Internet access at all 380 terminals has since been limited to a list of 15 approved sites related to law enforcement. Thaxton said the problem was discovered during a routine inspection of the system, which found private information was being sent to a third party outside law enforcement from those three computers. West said hard drives were removed from the infected computers and have been sent to the FBI for forensic analysis. A surprise for police Eufaula Police Chief Don Murray said he first learned about the problem about 11 a.m. Friday. Murray said the state provided the computer his dispatchers use to access the telecommunications system and he didn't know it was capable of doing anything else. "I would have thought that was all they were restricted to do to begin with,” Murray said. Murray said he was surprised to learn that improper use of the computer may have led to the security breach and that he will take disciplinary action against anyone involved if the FBI can prove guilt. Murray said he is urging anyone who has had contact with his officers within the past year to watch out for identity theft, but that state officials didn't provide him a specific time frame of the breach. Elk City police officials were not available for comment, and Kiowa County officials didn't return a call seeking comment. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Mon Aug 27 2007 - 00:47:50 PDT