A new hacking group claims to have stolen more than 100,000 records containing names, Social Security numbers, and birthdates from a Tennessee city and has leaked thousands of them online. In an exclusive hour-long interview, Spex Security explained its motives and what to expect from the group in the future.
SpexSec, as it is calls itself, appeared on the scene less than 24 hours ago, taking the cyberfight to the front door of a Tennessee military community, by releasing 14,500 of 110,000 identities it says were stolen from residents of Clarksville and the Clarksville-Montgomery County (CMCSS) School System. The group also posted employee and school-wide email passwords.
Clarksville is the fifth-largest city in the state of Tennessee and home of the Army post Fort Campbell, which straddles the border of Tennessee and Kentucky. 2010 Census Bureau data estimates the population at 132,929. The 101st Airborne Division and the 5th Special Forces Group, both units that have seen extensive time in Iraq and Afghanistan, are based at Fort Campbell.
The Clarksville-Montgomery School System serves more than 24,000 students according to its website. The CMCSS website was voluntarily taken offline Monday after the breach was discovered, officials said.
SpexSec released a statement saying, “Our primary suspects include the U.S government for torturous and deceptive acts on our own soil, the educational system for exuberantly being blown-over and belligerently not patching the holes in their system, and anybody else who partook a role in the murder of America.”
CMCSS was targeted because of its failure to comply with basic network security standards. SpexSec says it had “a couple people call them up” and warn them about vulnerabilities in the past. Nothing was fixed, so SpexSec took matters into its own hands. The school system says it was never before contacted by the group.
SpexSec says the breached CMCSS information was accessed sometime last week. “Originally, the plan was to not release the information as we approximated the damage cost and it was increasingly high. It happened though,” one of the SpexSec hackers said via instant messenger Monday afternoon. SpexSec says it was doing Clarksville residents a favor by only releasing 14,000 records.
“It took days to gather all the information and pile it all together. Funny thing is, we could have went far more overboard with this.” SpexSec says it currently still has access to a dispatcher’s database, a Clarksville-based bus company, and surveillance cameras.
“Clarksville did all the ass-fucking in this one, folks. We just showed you guys the final outcome,” he said.
The hacker wouldn’t elaborate on what specific vulnerability provided it access to the data but said, “Think of it like this: I start up a new website, it has thousands and thousands of consumers, only to find out that every piece of information is unencrypted and can be accessed by anybody who has the balls to. You know?
“Tennessee wasn’t targeted to take shots at innocent citizens. It was more of an awakening to the public. Plus, Scott Augenbaum is a citizen in Tennessee and we had people begging to pick him apart,” the SpexSec member said.
If the hackers see themselves as Robin Hoods, Augenbaum is the Sheriff of Nottingham – rounding up hackers across the state while working as the head of the FBI’s cybercrime task force.
The FBI wouldn’t comment on SpexSec naming Augenbaum, who is based in Nashville, as a target. I wasn’t able to find out if Augenbaum has any children or family members in the school system.
“We have no comment in regard to the ongoing investigating. The Joint Cybercrime Task Force with the Tennessee Bureau of Investigation are actively looking into the matter,” FBI spokesperson Joel E. Siskovic said by phone Monday evening.
Augenbaum told local media that the task force has taken the Clarksville case.
The Clarksville Police Department first learned of the hack after a phone tip from a caller in New York, the Leaf Chronicle, Clarksville’s local newspaper, reported. The school system was alerted and also began its own investigation. The CMCSS website has been down since.
A CMCSS teacher says she received an automated call from the school system around 10 a.m. Monday notifying her of the breach. Another call went out in the evening to affected CMCSS employees.
“It was the weirdest call I’ve ever gotten,” she said by phone. She wishes to remain anonymous because she is not authorized to speak to the media. “It said that our passwords, Social Security numbers, names, birthdates, all of it had been accessed. And then it ended by saying to contact our financial institutions.” She immediately called her banks and an identity theft protection company.
The second call came through during my interview with her Monday evening. A recording by Elise Shelton, chief communications officer for CMCSS, said CMCSS is unsure what information the hackers accessed, but confirmed that both current and former employees and students were potential victims of the breach. It also said that the CMCSS could not recommend what action to take for legal reasons. Shelton said all questions should be referred to the U.S. Attorney’s office, the teacher said.
The teacher says she wasn’t surprised that the school system was hacked, because she’s witnessed students and school system employees routinely bypass network security to access prohibited websites.
“Every call I get, I get a little bit more nervous,” she said.
SpexSec is currently a two-member team, remnants of the hacker group TeaMp0isoN, regrouped. It may possibly have a third. A statement accompanying the release was signed, “c0mrade,” “reckz0r” and ”Makaveli.”
TeaMp0isoN is the hacker collective known most notably for a hack on the United Nations last year.
“I worked independently by myself. Reckz0r approached me asking if I was interested in forming a team and I agreed,” one member said.
“We’re on an alias switch, though, for our own safety. We will have some big names in the group soon though, there’s just a time zone issue,” he said.
TeaMp0isoN teamed with Anonymous in the past on Operation Robin Hood and the Clarksville leak earned it attention from a branch of Anonymous based in Sweden. But SpexSec said for now it plans to maintain its independence.
“We support Anonymous, but we aren’t branched together at all. Maybe in the future, but for now, we’re working alone. We do support Cyber Zeist (a well-known hacker) of @UG, though. One of our close, close friends,” the hacker said.
Scotland Yard said it arrested two suspected members of the original TeaMp0isoN in April, but the group denied the two were members. SpexSec has no plans to get caught either.
“They can spend weeks, months, or years over-analyzing logs and whatever the fuck they decide to do, but they won’t get us. That’s the whole point of criminology: go in, do your shit, clean up after yourself and leave,” the hacker said.
The group says its next leak will be even better than the last. “Just because we ridicule the government doesn’t mean we don’t want to be on their good side sometimes. I’m sure a lot of people will love this one.
“We’re planning to leak hundreds of passports and visas of suspected terrorists, Cons, criminals, and civilians. We also plan to leak some textbook terrorist attacks that are planned for the future,” the group said. The hackers wouldn’t identify the source(s) of the upcoming leaks, which were posted early Tuesday morning.
“Although the Government is blatant, mutant, deceptive and beneath the burden, we’ve decided to cut some slack to our buddies over at the Bureaus. *WINKS*, Scott Augenbaum. We hope this helps you close down on some investigations,” said an accompanying statement.
The final transmission from SpexSec came around 5 p.m.: “I’m tired as shit though. Haven’t slept for days. I’m going to catch up on some sleep.”
Unfortunately, some residents of Clarksville may not sleep at all tonight.
The SpexSec leak contained 8,919 unique social security numbers — 4,942 appear to belong to employees, and 3,977 appear to belong to students, according to an analysis of the data by Identity Finder, an identity theft protection company. Identity Finder found the full names and student IDs of 3,988 unique Clarksville students, the names and employee IDs of 4,943 district employees, and 248 employee usernames and passwords.
“If they could hack a government system, why wouldn’t they target me, or my Facebook? If they are targeting Clarksville, why would they stop at Montgomery County School System,” the teacher said.
June 12, 2012 at 2:00 pm, Amy Grubbs Jackson said:
This is by far the most interesting article I have read on this case so far!
June 12, 2012 at 2:02 pm, Amy Grubbs Jackson said:
This is the MOST INTERESTING and DETAILED report I have read on this case so far!
June 12, 2012 at 2:06 pm, Amy Grubbs Jackson said:
This all seems like something off a movie…
June 12, 2012 at 2:18 pm, Rebecca Lynne Byrd said:
thank you for sharing. This is crazy!
June 12, 2012 at 2:38 pm, Dagmar d'Surreal said:
If it were a movie it would be doing it's ninth or tenth sequel of the decade by now. Earlier _this_ decade it took me three *months* to get similar information about many welfare recipients (including children) that was being irresponsibly stored by Arizona (or was it Illinois, I forget), and that actually required a bit of luck–it turned out that someone I went to high school with was an attorney in the area and I got her to "lean" on some people to make the data go offline. Was I going to publicly expose the issue? No (at least not for another month, making it *four*), because that's almost a *guaranteed* way to be _accused_ of breaking in and "stealing" something that was available unencrypted over the web without even a username/password, and was stumbled across by an errant google search. If Clarksville tried this same tactic (kill the messenger), then f**k them.
June 12, 2012 at 2:08 pm, Geral Sosbee said:
Meet the real federal burro of investigation (fbi) in my reports and drawings, and weep for your nation:
fbi to target: we intend to…
http://2.bp.blogspot.com/-2OUrkgFp3d8/T2yJZ4tN4tI/AAAAAAAAAes/MJ5g_fgVY0U/s1600/kill.jpg
usa global postureL:
http://4.bp.blogspot.com/-bXiqquS-lY8/ToNhotApMYI/AAAAAAAAAXY/dJvjW12xgic/s1600/swastikaweb.jpg
fbi as mafia:
http://www.sosbeevfbi.com/statement.html
http://www.indymedia.org/de/2012/06/957265.shtml
June 12, 2012 at 8:10 pm, Jim Simpson said:
Geral, you have some serious issues, don't you? Wow.
June 12, 2012 at 11:41 pm, Lisa Noll said:
wtf?
June 12, 2012 at 10:08 am, Hacker roundup; more attacks possible | No Silence Here said:
[...] an exclusive hour-long interview, Spex Security explained its motives and what to expect from the group in the future. This [...]
June 12, 2012 at 10:23 am, Spexsec: A new Hacking group on the block | said:
[...] via deathandtaxesmag [...]
June 12, 2012 at 2:29 pm, Dagmar d'Surreal said:
Why wouldn't they target a private school teacher? Several reasons actually. The first being you're actually pretty boring–you don't get paid much, and you're *probably* not involved in any propaganda campaigns (unless you're trying to teach Creationism as science). In short, they've better things to do with their time than bother you.
Now, as to the people who were supposed to be in charge of securing that data? Screw them. They were apparently contacted and told there was a specific problem (or three) which they ignored. The usual route this takes is that someone *stumbles* across the information while they're looking for something else and then goes to find other more experienced people who can discretely push to make it go away–which means that actual criminals with actual plants for those identities could just as easily have found them if they hadn't already. So the "evil hax0rs" contact the people who are supposedly responsible and… nothing happens. What would you do? The clock is ticking now–any day someone from China or Romania could snatch that data up for themselves and not actually tell anyone they did it. Anarchistic or not, at least this outcome means the people responsible might actually feel some heat for it.
These idiots are talking about adding extra firewalls (which are not "security". just so we're clear) and ignoring people telling them they have vulnerable data, so either they're just not paying enough for those positions, or those people lied on their resumes. Wait–haha–this is the US educational system. One would certainly make more money delivering pizzas–which highlights a fairly serious problem. The murder of America? Yeah, you could call it that and not be far from the mark.
June 13, 2012 at 12:47 pm, Belinda Martin said:
The murder of America is due to the people who choose to do wrong to others and then hide behind some ridiculous excuse in an attempt to justify it. Your flawed argument is like saying your neighbor didn't lock her car, so it's justifiable for you to steal it. Wrong is wrong. Period.
June 27, 2012 at 5:00 pm, Dagmar d'Surreal said:
No, it's justifiable to maybe roll it out of her driveway and park it on the street so she has to admit to herself it's not secure and some lunatic could have easily driven off and gone on a murder spree with it. Important point: She still has her car. They still have their data.
June 27, 2012 at 5:00 pm, Dagmar d'Surreal said:
No, it's justifiable to maybe roll it out of her driveway and park it on the street so she has to admit to herself it's not secure and some lunatic could have easily driven off and gone on a murder spree with it. Important point: She still has her car. They still have their data.
June 12, 2012 at 10:41 am, SpexSec takes aim at alleged terrorists, ZeroPwn at Louisiana | Partners In Sublime said:
[...] took days to gather all the information and pile it all together,” SpexSec said of the breach in an interview with Death And Taxes Magazine published today. “Funny thing is, we could have went far more overboard with [...]
June 12, 2012 at 2:45 pm, Faionnee' K Nesbitt-Rice said:
Thanks Carlton!!!!!!
June 12, 2012 at 11:06 am, SpexSec takes aim at alleged terrorists, ZeroPwn at Louisiana | Exploit Archive said:
[...] took days to accumulate all a information and raise it all together,” SpexSec pronounced of a breach in an talk with Death And Taxes Magazine published today. “Funny thing is, we could have went [...]
June 12, 2012 at 3:34 pm, Charles Abernathy said:
Why do so many agencies need my social security number? It should be for social security only! Why does the school system need my child's social security number?
June 12, 2012 at 4:14 pm, Mira McClanahan said:
We are a pretty long way from the original promise that SS#'s would never be used for anything other than Social Security. People are worried about national ID #'s, do they not get that we already have one?
June 12, 2012 at 4:12 pm, Talitha Duckworth said:
PLEASE READ!
June 12, 2012 at 4:15 pm, Mira McClanahan said:
Add this to my already very long list of reasons to home educate.
June 12, 2012 at 4:24 pm, Talitha Duckworth said:
This is just awful!
June 12, 2012 at 4:40 pm, Scott Sheppard said:
if the hackers can be interviewed, then the FBI can locate and arrest them.
June 13, 2012 at 6:23 pm, Kalan Petty said:
I dont think it's on the phone – and no, that doesn't mean they can locate and arrest them. They're most likely going through a ridiculous amount of proxies.
June 13, 2012 at 7:36 pm, Scott Sheppard said:
do you KMOW how they are being interviewd???????
June 13, 2012 at 8:53 pm, Kalan Petty said:
Yes, I do. 1. They're not stupid enough to talk on the phone with the FBI during a long convo. 2. The interview was over a period of time. 3. They say "the last transmission" (obv. not phone.) 4. The safe way to do it, which they know, is through proxies; and a lot of them. Most likely if they ARE in the US, they are having it bounce in from out of the country to make it appear as if they're outside the US.
June 13, 2012 at 10:23 pm, Scott Sheppard said:
ok so YOU THINK but DONT KNOW
June 13, 2012 at 11:02 pm, Kalan Petty said:
… yeah, I guess the FBI was getting telephone "transmissions" from the hackers.
June 13, 2012 at 11:03 pm, Scott Sheppard said:
there u go again….. thinking and guessing
June 12, 2012 at 5:21 pm, Lewis Chapel said:
So let me get this straight this group hacked a town full of US Army Special Operations forces both active duty and retired. Then they say that they going home to sleep at night. They should have been a little more careful of who they mess with. I just keep thinking these people must have a death wish. They seem to be real smart but messing with these folks would seem extremely dangerous.
June 12, 2012 at 7:30 pm, Mike Schroeder said:
I think you forget that members of this group hacked the UN as well. I dont think they are in fear of anything nor should they.
June 15, 2012 at 1:48 am, Lewis Chapel said:
Sleep tight glad they don't know anyone at NSA
June 12, 2012 at 5:34 pm, Lindsi Coomer said:
Freaking fantastic. Compromise my innocent child's future to prove a point. Between this and the numerous Army system hacks our whole family's information is going to be plastered all over the place.
June 13, 2012 at 4:31 am, Dagmar d'Surreal said:
In case you've not noticed, just someone's name and SSN aren't enough to "compromise someone's future". Annoy them, yes. Make the credit agencies actually have to treat their records with care, yes. Ruin their future and cost them a fortune? No. You can blame the financial institutions for being rather casual about how closely they look at the data they're being given for that particular problem. What you should be concerned about is whether or not more traditional criminals were privately able to access that data before now, and why it wasn't taken offline the first time the district was notified about it. However, looking into that would involve a lot of difficult questions. Much easier to just blame the bearer of bad tidings–so go with that. I'm sure nothing bad will come of ignoring the root of the problem.
June 13, 2012 at 1:52 pm, Lindsi Coomer said:
Im not sure what world you live in, but a name and ssn are more than enough to ruin someone's future if it gets in the hands of the wrong people. You can spin this however you want to, but these hackers ARE criminals. If they wanted the school district to patch up the holes in their security then why didn't they publicly put them on blast before taking this route? The saying "two wrongs don't make a right" is learned in what….kindergarten?
June 13, 2012 at 3:52 pm, Kenneth Klein said:
Lindsi, if they publicly announced something like this, the underground world of the internet and all the black hat hackers out there would follow suit, find the vulnerability, and do much much more damage then what these guys did.
June 13, 2012 at 4:15 pm, Lindsi Coomer said:
You honestly believe these idiots were so concerened about the vulnerability of all of these innocent children's information? They can hardly put a coherent sentence together. If they are so eager to point out security flaws why not do it in a legal, ethical way? Maybe get a real job?
June 13, 2012 at 4:17 pm, Kenneth Klein said:
If you haven't heard, these guys have officially retired from black hat and went white hat. They are working with companies now to fix their security holes, if you do not know what white hat means. The school system deserves what it got.
June 13, 2012 at 4:30 pm, Lindsi Coomer said:
So if a friend of yours left your car unlocked and some thief came and stole your things then threw it out on the street for anyone to take you would just chalk it up to "getting what you deserve?" Then if those same thieves went door to door soliciting their services to help you remember to keep your car doors locked you would call them a hero? What you're forgetting here is that there are thousands of innocent people being affected by this. Cmcss may have been negligent, but what do you suppose the public was to do if they had no knowledge of it? We should just be content in the fact that we were the sacrificial lambs?
June 13, 2012 at 4:59 pm, Kenneth Klein said:
Why would a friend of mine leave my car unlocked? If I'm not concerned enough about my personal belongings and my family, then yes I got what I deserved. You need to protect your children. You're just sending your children off to a place that is supposed to protect them without any concerns that something is going wrong. FINALLY someone has opened your eyes to the real dangers of this world when people aren't doing their jobs correctly. Suck it up, real life happened. NOw take your concerns somewhere other then the internet..say maybe to your congressman to ensure that qualified individuals are running your daycares, your school systems and protecting the sensitive information they collect to utilize the services.
June 13, 2012 at 5:39 pm, Lindsi Coomer said:
Should I demand the school explain their computer security measures before I sign them up for school? Daycare? College? Sports? Leaving a door open doesn't give someone the right to walk on in and take what they want. And your statement about them turning "whitehat" is naive at best. They continue to make threats on future breaches and they are still making dumps on pastebin. If you honestly think they did this to open our eyes and "help us" then you are as simple minded as they are.
June 13, 2012 at 8:45 pm, Kalan Petty said:
Lindsi Coomer I think your anger would be better off being directed at your actual IT school department who knew the flaws and allowed this to happen. Whether you like what they did or not, no one is disputing that in true criminals hands – they wouldn't have alerted ANYONE about this flaw and would have stole from the systems all that they're worth. IE: The tons of Eastern European and Chinese hackers who are constantly, on a day to day basis, looking for these sort of flaws. Especially in systems where there is a lot of valuable data to be farmed. Such as social security from poorly secured school networks.
June 13, 2012 at 9:20 pm, Jeffery Cullen said:
Dagmar, Kenneth and Kalan… if they wanted to prove a point, or show how badly the situation was handled by the school system, or wanted to do anything 'for the general good', then they would have released particular individuals information. Individuals who were in charge, or who ignored warnings, or who would not be bothered… not the information of all those innocent people. When figuring in 'collateral damage', the 'hackers for the general good' (for lack of a better description) become the 'evil' they propose to fight against. Don't they?
June 13, 2012 at 9:36 pm, Kalan Petty said:
Lesser evil, sure. Could they have been more gentle with the situation? Absolutely. Could they have released SS# and names to police and have the police contact the school? I'm sure. They most likely did it this way to get their name out there first of all. Secondly, if they did contact the IT dept. and they didn't do anything to fix it, they may have caused the extra damage in an attempt to have the IT people be fired for their neglect. Perhaps they could have still been fired if they had chosen the gentle route, but this definitely has caused wider attention to be brought to network security. I approve of the steps taken, though I probably would have not released entire names or SS#'s.
June 12, 2012 at 5:38 pm, Courtney Goodwin Fowers said:
Im still so confused on why they targeted Clarksville.
June 12, 2012 at 5:50 pm, Jill Heist Newman said:
These people are sick!
June 12, 2012 at 6:35 pm, Deborah Chancellor said:
Very informative
June 12, 2012 at 7:10 pm, Mark Beams said:
from what they said in the interview it was an easy target.
June 12, 2012 at 5:53 pm, Amy Gallagher said:
Why target children if they didn't want to "hurt innocent citizens?"
June 12, 2012 at 7:58 pm, Kenneth Klein said:
They didn't target children. They targeted the school system who leaves YOUR innocent children vulnerable. The only reason the info was released was to open the parents unknowing eyes to what they are getting their children into. Wake up and smell the coffee.
June 12, 2012 at 8:00 pm, Kenneth Klein said:
Its not the hackers you need to be angry with its the school system for letting it happen. They've known for many years their system was vulnerable and they didn't do anything to change that. They, instead of fixing it, hid it, and then hired a company to try to track down those making the accusations.
June 12, 2012 at 8:18 pm, Ammie Whiteley said:
They could have hacked it to prove a point, but no one made them release our info to the public. THEY did that. Not CMCSS.
June 12, 2012 at 8:24 pm, Kenneth Klein said:
CMCSS left the info unencrypted. CMCSS did not believe the info had been taken. c0m did it to make aware of the issues with the system and to prove it. It had to be done to make sure it was fixed since they obviously did not want to fix it or believe there was any issues at all. Now it's their move. They gave CMCSS the chance to fix it without the release of info. They didn't even attempt to fix the issues. They just tried to figure out who did it behind your backs and the victims backs. Don't be mad at the hackers for this. Be mad at CMCSS and their board of directors who claim they were never contacted.
June 12, 2012 at 9:22 pm, Ammie Whiteley said:
I would be more inclined to believe that if these guys could even string together a coherent argument as to their reasons for doing this. Was it out of concern for me? Does it make any sense that they put my ssn on the internet to protect me from the school system? (If that is indeed what they are saying in all the gobbledygook that makes up their statements.)
June 12, 2012 at 9:22 pm, Ammie Whiteley said:
I would be more inclined to believe that if these guys could even string together a coherent argument as to their reasons for doing this. Was it out of concern for me? Does it make any sense that they put my ssn on the internet to protect me from the school system? (If that is indeed what they are saying in all the gobbledygook that makes up their statements.)
June 12, 2012 at 9:59 pm, Amy Gallagher said:
Publishing identifying information belonging to children "had" to be done? Do you really expect the parents to believe that there was no better way to expose the problems? Your argument is akin to saying the only way to prove a faulty smoke alarm is to set the building on fire. The "means" does NOT "justify the end" when children are involved. The legitimate good they MIGHT have done has been negated by the harm they've caused to a vulnerable population.
June 12, 2012 at 10:10 pm, Megan Marie Curtis said:
Kenneth Klein It's sooo easy for you to say not to rest the blame in the hackers hands if you're not a victim of their crime. They released thousands of innocent peoples information including old students that went there who, not to mention, are trying to build their lives, and now have to deal with the issue of having their information at the hands of anyone who chooses to take it.
June 12, 2012 at 11:36 pm, Kenneth Klein said:
Megan Marie Curtis…It's sooo easy for you to assume I'm not a victim. I've attended the CMCSS since grade 3. I first pointed out the vulnerability in 7th grade when I was successfully able to breach the security of the school system, with ease. I once again breached it in 11th grade to prove to a teacher the vulnerabilities still existed. Don't come at me with assumptions when you know nothing about me. Also, don't assume that the teachers, faculty and board knew nothing about the vulnerabilities. They've been warned for years. They got was was deserved. It's a shame that people are affected by it, but look what it has done…it's FINALLY opened the eyes of America and our town.
June 12, 2012 at 11:38 pm, Kenneth Klein said:
Amy Gallagher It did. It's the only way to open the eyes and close the security holes when the useless board, who has been warned many times, have done nothing about it.
June 13, 2012 at 12:09 am, Megan Marie Curtis said:
You should be embarassed of yourself. So many people were harmed in the last few days by these hackers, and your advice is for all of us to see the bright side of it? You're a joke. Btw I didn't assume you weren't a victim, you're not on the list of the 14,000 who are.
June 13, 2012 at 12:33 am, Kenneth Klein said:
I guess you just don't understand. But thanks for checking to see if I was on the list.
June 13, 2012 at 1:13 pm, Amy Gallagher said:
Kenneth — Some of those names belong to children who lost a parent in Iraq. Haven't they been through enough "threats" to their security and sense of safety and stability in the world? If the "hackers" wanted to punish the school administration or the school board, why not restrict the release of personally identifying information to "them" and not "our" children? I don't doubt there was awareness of the problem, but I do question the means used to expose it. And that is what YOU do NOT understand. It's NEVER, EVER, EVER okay to victimize a child to make a point. The height of cowardice and cruelty is the harm of innocents, no matter how "noble" one's purpose. To claim to serve the public good in order to garner infamy, notoriety, and respect amongst one's peers (no matter how lowly they are regarded by general society) is narcissistic and delusional.
June 13, 2012 at 3:49 pm, Kenneth Klein said:
Dont try to pull heart strings out of something completely different. If they only released staff members info, parents would still be under the assumption their kids are not vulnerable. You're the one who is delusional.
June 13, 2012 at 8:48 pm, Kalan Petty said:
They see it as one can go down for the good of many. Put is this way, there's a fire lit under all of the asses of everyone in your county to get their networks secured now, isn't there? Not leaving private info moving around unencrypted is IT Security 101. Get mad at the IT guys.
June 13, 2012 at 9:30 pm, Amy Gallagher said:
No "heart strings" involved — just stating facts. They hacked a SCHOOL and targeted children — no way to spin the facts around it. Believe me, I am angry at the school for letting it happen, but I am more angry at the "hackers" who chose to release private information belonging to kids. Again, your argument is specious. "Don't blame ME for setting the school on fire and letting it burn, blame the faulty smoke alarm system!"
June 27, 2012 at 5:02 pm, Dagmar d'Surreal said:
That information was already likely very public. All SpexSec appears to have done is made it obvious that it's public.
June 27, 2012 at 5:02 pm, Dagmar d'Surreal said:
That information was already likely very public. All SpexSec appears to have done is made it obvious that it's public.
June 12, 2012 at 2:19 pm, SpexSec takes aim at alleged terrorists, Zer0Pwn at Louisiana | #Beet's B.O.O.T. said:
[...] http://www.deathandtaxesmag.com/184442/spexsec-hack-was-retaliation-for-ignoring-security-warnings-t… [...]
June 12, 2012 at 2:37 pm, SpexSec takes aim at alleged terrorists, Zer0Pwn at Louisiana | Latest Technology - News & Articles said:
[...] took days to gather all the information and pile it all together,” SpexSec said of the breach in an interview with Death And Taxes Magazine published today. “Funny thing is, we could have [...]
June 12, 2012 at 6:48 pm, Mary Paschal Douglas said:
Yeah, thanks a lot for this jerks! I've had to spend my entire morning contacting credit bureaus and banks trying to protect myself. What did it prove to release the info? Okay, yeah you got it… You could have turned around and sent it to the authorities, if you wanted to prove there was a security lapse. I hope these idiots are found and punished within an inch of their life!
June 12, 2012 at 7:33 pm, Rainbow Roses said:
Obviously someone needs to learn geography. Augenbaum is a Nashville resident. Nashville is not Clarksville. It is 40 miles away. I'm sure Augenbaum really feels slighted that bus information was stolen in a place he doesn't even live.
June 12, 2012 at 8:07 pm, Tonia Mills Allard said:
They say they have bigger news to report so I think this leak is just to show that they do have access to REAL information. By showing all of the individuals on the list that the information they have is correct and legit it is their way of proving that the next thing they expose is factual also. This leak on their part garnered tons of responses and people are opening their eyes and ears and listening now. I wonder what they have to show next… I'm not supporting what they did in anyway but I will be watching to see what happens next. Maybe they have some things on the current 2012 Presidential candidates!
June 12, 2012 at 4:19 pm, SpexSec: A solemn exit or just bluffing? (interview) | Death and Taxes said:
[...] that he was gone.” – The Usual Suspects (1995)Forty-eight hours and two leaks later, SpexSec’s members individually announced their retirement from hacking via Pastebin messages Tuesday afternoon. [...]
June 12, 2012 at 4:32 pm, SpexSec takes aim at alleged terrorists, Zer0Pwn at Louisiana | Exploit Archive said:
[...] took days to accumulate all a information and raise it all together,” SpexSec pronounced of a breach in an talk with Death And Taxes Magazine published today. “Funny thing is, we could have went [...]
June 12, 2012 at 8:54 pm, Luis Vazquez said:
Well I don't believe the school board when they said they were never notified about the lack of security of our children's data. I think they are covering up the fact that they knew our children were at risk and did nothing. I think an independent investigation should be conducted to determine at what point they knew our information was at risk. Now don't get me wrong , these hackers are criminals and should be jailed. but that does not relive our local government for the responsibility to protect information that we had no choice in giving them.
June 12, 2012 at 11:54 pm, Scott Sheppard said:
lawsuit
June 13, 2012 at 6:26 pm, Kalan Petty said:
Regardless of whether or not they were contacted – allowing this sort of information to flow freely over the lines without encryption is against their standards. They should have known better than to be so lazy. They're lucky REAL cyber criminals didn't take every SS# they had to sell to identity thieves.
June 13, 2012 at 6:33 pm, Pattie Perry Hancock said:
How do we know they didn't? We don't
June 13, 2012 at 6:57 pm, Kalan Petty said:
I guess you don't. But if they wanted to, why let anyone outside their hacking circles know they did it at all. I don't think that stealing is the agenda here – but I can't prove it either way, like you said. Typically though, cyber criminals don't do releases like this.
June 14, 2012 at 3:46 am, Luis Vazquez said:
Here is more information about the hackers : http://www.deathandtaxesmag.com/184484/spexsec-a-solemn-exit-or-just-bluffing-interview/
June 18, 2012 at 9:51 pm, Luis Vazquez said:
Let just say they are telling the truth ( they are not ) but if they were, why was the data not encrypted? Hu hu? CMCSS Please answer that.
June 19, 2012 at 12:59 pm, Pattie Perry Hancock said:
Because it was old data that was stored where it shouldn't have been that there never was "time" to remove. Nothing will be done about this. It never is. It has only been a week and it's already forgotten except by the people who will never be safe again from crooks.
June 19, 2012 at 10:35 pm, Luis Vazquez said:
It is so easy to encrypt data store in databases. CMCSS was at fault for not encrypting our information.
June 12, 2012 at 8:54 pm, Luis Vazquez said:
Well I don't believe the school board when they said they were never notified about the lack of security of our children's data. I think they are covering up the fact that they knew our children were at risk and did nothing. I think an independent investigation should be conducted to determine at what point they knew our information was at risk. Now don't get me wrong , these hackers are criminals and should be jailed. but that does not relive our local government for the responsibility to protect information that we had no choice in giving them.
June 12, 2012 at 11:45 pm, Lisa Noll said:
Theyre not going to get caught. as rediculous as this is. They hacked the United Nations and got away with it. Trust me this crap going down here in C-ville will be no different. I live here and went to school here and my information got out. all u can do is call and monitor your acounts and go on with life. it is a big issue however there's nothing we can do about it some people just think they have all the power cus they can hack shit. it will blow over and when everyone realizes they will never get caught, those who were affected by it will also realize that their social security numbers will forever be out there with no knowledge of if its being used or not. because if they never get caught which like I said they wont. u never REALLY know if they discarded your information or kept it for personal gain.
June 13, 2012 at 4:37 am, Dagmar d'Surreal said:
You're missing the point. That data was very likely _easily_ available already. What you should be asking after is what mechanism was used to access it in the first place, why the information was there, online and relatively unprotected in the first place, and what went so wrong that the organization ignored it when they were notified about the problem initially (which can probably be summed up by "shoestring budget"). It would be somewhat useless for the hackers to try to use data they've just told everyone they have. Identities with enough information to get a credit card issued can be bought online by more focused criminals for ten bucks and less, all day long, thanks to breaches which no one says thing one about.
June 13, 2012 at 5:57 am, Lisa Noll said:
im really not worried about it. my accounts are being monitored it only took one phone call. i graduated from northeast in 09 and they still got my info. i think its stupid that the schools even still have our info if weve graduated. but its whatever. and the information was there because ALL schools have names birth dates and socials of their students. the reason its so bothersome isnt that they hacked it i could care less. its the fact that they posted peoples socials to prove a point. they said they didnt intend to target innocent people of clarksvile. but they did. i have life lock so i know im prtected. but its still wrong what they did. if they really wanted to prove a point they could have stated they have socials they didnt have to post them online for anyone to access them. and yeah ur right there are plenty of people out there that can access our info if they really wanted to but the hackers made it easy for people. i think theyre stupid. and should be arrested. its a serious matter to take peoples personal information like that. but no one can sue cmcss because its in the FBIs hands now. the only way anyone could really sue them is if someone actually stole one of these peoples identities because of this. which like i said i dont rly care anymore because i know im protected and i know theyll probably never get caught
June 13, 2012 at 12:06 am, Michael Berlin said:
My wife and thirty or so of her friends and coworkers were hacked in this so-called retalliation. But guess what? Ruining the lives of several thousand basically poor people is murdering this country, you bastards. Admit the truth: you're just some bratty punks with enough computer knoledge to do impressive things but you have absolutely zero real issues to worry about so you do what all other pseudo-rebels do… you pickan easy, harmless target and hurt innocent people. My wife LIVES for the special needs children she takes care of every weekday… for almost no money… so how does adding worry to our lives changing ANYTHING? If you want to change the world then yes gods why don't you hack into the HUGE bank accounts that fund terrorists? Wait… that's because you ARE terrorists. Weak little pissants with big ideas. Just the same types who have murdered the entire planet of its hope and morals. While we have to worry every moment now about who is using our embarrassingly small amount of money in the bank, or our ss numbers to do god knows what, be sure to bask in this bs spotlight you're in. If you're so good, use your ability to get my address, come to my yard, and face me like a man. Rbin Hood my ass.
June 13, 2012 at 12:27 am, Falyn Dimas said:
According to their twitter they both "retired" of course after promising all these big revelations that produced nothing. One of them did apologize to the families he hurt though…nice time to have a conscience a-hole.
June 13, 2012 at 12:53 am, Pattie Perry Hancock said:
I happen to be one of the thousands put at risk by your publication of our personal information and why? Because I happened to have worked for for this system in the past. Now, those of us in this situation get to spend the rest of our lives looking over our shoulders, wondering when and if some crook out there is going to use that information to harm us. If you truly meant no harm to "the little people", give us the proof that the system was warned so that we can prove negligance. Now, THAT would be getting your point across!
June 13, 2012 at 1:04 am, Debbie Perry Schmittou said:
http://www.deathandtaxesmag.com/184484/spexsec-a-solemn-exit-or-just-bluffing-interview/
June 13, 2012 at 1:04 am, Debbie Perry Schmittou said:
Did you read this?
June 13, 2012 at 1:05 am, Debbie Perry Schmittou said:
"I knew the entire time that what we were doing was wrong, and I was telling myself, “I need to fucking stop” – and when you’ve got that much pressure put on you…bam…you just break, you know?"
June 13, 2012 at 1:22 am, Erica Kennedy said:
I agree. Get them. Since I was one of them that had their info. posted all over the internet.
June 13, 2012 at 2:02 am, Amanda Jewel Wadley said:
That put mine out there too, girl. Pisses me off and makes me wanna hurt someone.
June 13, 2012 at 10:24 pm, Scott Sheppard said:
your info is ALREADY all over the internet!!
June 14, 2012 at 12:09 am, Kerstin Yager said:
Where do I go, so I can find out, if any of my children were on that list???
June 14, 2012 at 2:57 pm, Erica Kennedy said:
I don't know where you go to check to see who's on the list. I had a friend call and tell me.
June 13, 2012 at 3:50 am, William Shane Howard said:
The School system WAS told, they were told to encrypt data on their servers.. warned.
June 13, 2012 at 12:50 pm, Belinda Martin said:
prove it
June 13, 2012 at 8:04 am, Raymond Reid said:
I'd like to see how tough these little kids are without their computers. they wouldn't last a day in a real man's world.
June 13, 2012 at 11:23 am, Garrett MacDonald said:
These hackers obviously don't live in the real world. Their Robinhood credo is hypocritical when compared to the real world damage their actions have caused. My mother is a very caring, dedicated educator who has been victimized by this so called retaliation. The people of Clarksville did not deserve to be thrown under the bus to prove a point. Their motive to expose faulty internet security is commendable but the process by which they choose to do so is irresponsible and childish. It is akin to Robinhood cracking the King's vault and only sharing the spoils with common criminals and lazy vagabonds. Obviously they are pretty good at what they do. If they want to make real world change they should use their spare time as cyber-security consultants, showing private information holders useful encryption methods and bad security practices. I hope some day they realize they are doing more harm than good and work hard to amend their mistakes.
June 13, 2012 at 3:40 pm, Janie Young said:
they do not care who they heart, reminds me of the school system
June 14, 2012 at 2:15 am, Janet Mary MacDonald said:
Point well taken Garrett. Those especially hurt are the students who have yet to built their own credit and livelihood.
June 16, 2012 at 7:37 pm, Daniel Jack said:
you know they are just trying to fight the power man
June 13, 2012 at 11:23 am, Garrett MacDonald said:
These hackers obviously don't live in the real world. Their Robinhood credo is hypocritical when compared to the real world damage their actions have caused. My mother is a very caring, dedicated educator who has been victimized by this so called retaliation. The people of Clarksville did not deserve to be thrown under the bus to prove a point. Their motive to expose faulty internet security is commendable but the process by which they choose to do so is irresponsible and childish. It is akin to Robinhood cracking the King's vault and only sharing the spoils with common criminals and lazy vagabonds. Obviously they are pretty good at what they do. If they want to make real world change they should use their spare time as cyber-security consultants, showing private information holders useful encryption methods and bad security practices. I hope some day they realize they are doing more harm than good and work hard to amend their mistakes.
June 13, 2012 at 7:56 am, Anonymous, LulzSec spawn hacker crew offshoots | WestPenn Journal said:
[...] of names, Social Security numbers, and birthdates of thousands of Tennessee residents earlier. Death and Taxes Magazine reports that SpexSec is comprised of two members of TeaMpoisoN, which collaborated with Anonymous on [...]
June 13, 2012 at 8:22 am, Anonymous, LulzSec spawn hacker crew offshoots | Latest Technology - News & Articles said:
[...] of names, Social Security numbers, and birthdates of thousands of Tennessee residents earlier. Death and Taxes Magazine reports that SpexSec is comprised of two members of TeaMpoisoN, which collaborated with Anonymous on [...]
June 13, 2012 at 10:52 am, Anonymous, LulzSec spawn hacker crew offshoots | Partners In Sublime said:
[...] of names, Social Security numbers, and birthdates of thousands of Tennessee residents earlier. Death and Taxes Magazine reports that SpexSec is comprised of two members of TeaMpoisoN, which collaborated with Anonymous on [...]
June 13, 2012 at 11:14 am, Anonymous, LulzSec spawn hacker crew offshoots | Exploit Archive said:
[...] of names, Social Security numbers, and birthdates of thousands of Tennessee residents earlier. Death and Taxes Magazine reports that SpexSec is comprised of two members of TeaMpoisoN, which collaborated with Anonymous on [...]
June 13, 2012 at 4:27 pm, Brian Carnahan said:
So to prove that the system is broke and needs to be fixed they release the names and SSN of students and teachers who have very little, if any, control on the server. I commend SpexSec on identifying the problem but as soon as they released innocent people's information, SpexSec is no better than the "system" they are trying to harm. The children, teachers, and parents did nothing to harm SpexSec, they probably had no idea that their information was unsecured. So why hurt the innocent to prove a point?
June 13, 2012 at 4:39 pm, Damien Mcnamara said:
this is not right I am the school system this group of people need to be in electric chair.
June 13, 2012 at 4:45 pm, Damien Mcnamara said:
why they not hack ft.campbell or other schools around cmcss.
June 13, 2012 at 6:48 pm, Damien Mcnamara said:
why they not hack ft.camp, private schools, or local school around cmcss.
June 13, 2012 at 8:50 pm, Lindsi Coomer said:
These hackers are true criminals. Let's get that clear first. They are still posting the list of names and ssn on Twitter for the whole world to see.
June 13, 2012 at 10:47 pm, Nellery Marie Marty said:
This is INSANE, I've spent YEARS trying to get my credit back to normal for this to happen. WHY does CMCSS still have my information when I graduated over 6 years ago? I think these hackers proved their point completely. No one ever knows who has their information and its never safe to assume that you have control of everything…..
June 13, 2012 at 10:50 pm, Candace Barbour said:
where's the list of people whose info they leaked?
June 13, 2012 at 10:59 pm, Nellery Marie Marty said:
not sure girl, my mom looked at it and didn't see my name, but that doesn't mean that some hacker doesn't have the info. they can leak it whenever they want. and if they leak it and someone else sees it, they can save it and give it to someone else or repost it. its an endless cycle.
June 14, 2012 at 2:10 am, Kunta Kinte said:
shut up nelly lol…..they hve to keep it for gov't reasons
June 14, 2012 at 2:13 am, Nellery Marie Marty said:
for real Alex, there was no reason to keep my info THAT long, what could they possibly need that information for?
June 13, 2012 at 11:01 pm, Jason Groppel said:
@SpexSec @Reckz0r
"Father God, thank you for what you are about to do to these that deify themselves…that claim to be on a level with You; as to have the same power as You do. Hear and see their sacrilege against You. Make them to understand their violation against us, and You. If they will not turn from their treachery and blasphemy and repent of their crimes, then I turn them over to You for justice. Let it be swift, painful, and not something they will ever forget…and may it cause them to finally, humbly turn to You for mercy. In JESUS' name – AMEN…so be it!" ACTS 12:23.
June 14, 2012 at 1:08 am, Tom Henderson said:
Just a look at the mask in the photo speaks volumes. They were unable to change anything with their petty amateurish sit ins so they took it underground. Domestic terrorists should be dealt with the same way as foreign terrorists.
June 14, 2012 at 2:58 am, Theresa Wolle said:
Folks I have spent several hours now reading spec securities tweets and I do believe that this is terriorist based. They recruited hackers and thensome of the original hackers backed ou then came back again . Apex talks about Iran . Go more in depth back several days. June 5th.
June 15, 2012 at 12:52 am, Luis Vazquez said:
Open letter to @spexSec , our city is dening that they ever know our personal information was at risk. Well if your hell bent on release information on the citizens , how about releasing some prof that clarksville did know about the security leaks and when so we can fight them from this end!
June 14, 2012 at 9:21 pm, New Hacker Crews Spawned By Anonymous, LulzSec : Virtual Threat said:
[...] of names, Social Security numbers, and birthdates of thousands of Tennessee residents earlier. Death and Taxes Magazine reports that SpexSec is comprised of two members of TeaMpoisoN, which collaborated with Anonymous on [...]