SpexSec hack was retaliation for ignoring security warnings, targeted FBI agent

SpexSec hack was retaliation for ignoring security warnings, targeted FBI agent

A new hacking group claims to have stolen more than 100,000 records containing names, Social Security numbers, and birthdates from a Tennessee city and has leaked thousands of them online. In an exclusive hour-long interview, Spex Security explained its motives and what to expect from the group in the future.

SpexSec, as it is calls itself, appeared on the scene less than 24 hours ago, taking the cyberfight to the front door of a Tennessee military community, by releasing 14,500 of 110,000 identities it says were stolen from residents of Clarksville and the Clarksville-Montgomery County (CMCSS) School System. The group also posted employee and school-wide email passwords.

Clarksville is the fifth-largest city in the state of Tennessee and home of the Army post Fort Campbell, which straddles the border of Tennessee and Kentucky. 2010 Census Bureau data estimates the population at 132,929. The 101st Airborne Division and the 5th Special Forces Group, both units that have seen extensive time in Iraq and Afghanistan, are based at Fort Campbell.

The Clarksville-Montgomery School System serves more than 24,000 students according to its website. The CMCSS website was voluntarily taken offline Monday after the breach was discovered, officials said.

SpexSec released a statement saying, “Our primary suspects include the U.S government for torturous and deceptive acts on our own soil, the educational system for exuberantly being blown-over and belligerently not patching the holes in their system, and anybody else who partook a role in the murder of America.”

CMCSS was targeted because of its failure to comply with basic network security standards. SpexSec says it had “a couple people call them up” and warn them about vulnerabilities in the past. Nothing was fixed, so SpexSec took matters into its own hands. The school system says it was never before contacted by the group.

SpexSec says the breached CMCSS information was accessed sometime last week. “Originally, the plan was to not release the information as we approximated the damage cost and it was increasingly high. It happened though,” one of the SpexSec hackers said via instant messenger Monday afternoon. SpexSec says it was doing Clarksville residents a favor by only releasing 14,000 records.

“It took days to gather all the information and pile it all together. Funny thing is, we could have went far more overboard with this.” SpexSec says it currently still has access to a dispatcher’s database, a Clarksville-based bus company, and surveillance cameras.

“Clarksville did all the ass-fucking in this one, folks. We just showed you guys the final outcome,” he said.

The hacker wouldn’t elaborate on what specific vulnerability provided it access to the data but said, “Think of it like this: I start up a new website, it has thousands and thousands of consumers, only to find out that every piece of information is unencrypted and can be accessed by anybody who has the balls to. You know?

“Tennessee wasn’t targeted to take shots at innocent citizens. It was more of an awakening to the public. Plus, Scott Augenbaum is a citizen in Tennessee and we had people begging to pick him apart,” the SpexSec member said.

If the hackers see themselves as Robin Hoods, Augenbaum is the Sheriff of Nottingham – rounding up hackers across the state while working as the head of the  FBI’s cybercrime task force.

The FBI wouldn’t comment on SpexSec naming Augenbaum, who is based in Nashville, as a target. I wasn’t able to find out if Augenbaum has any children or family members in the school system.

“We have no comment in regard to the ongoing investigating. The Joint Cybercrime Task Force with the Tennessee Bureau of Investigation are actively looking into the matter,” FBI spokesperson Joel E. Siskovic said by phone Monday evening.

Augenbaum told local media that the task force has taken the Clarksville case.

The Clarksville Police Department first learned of the hack after a phone tip from a caller in New York, the Leaf Chronicle, Clarksville’s local newspaper, reported. The school system was alerted and also began its own investigation. The CMCSS website has been down since.

A CMCSS teacher says she received an automated call from the school system around 10 a.m. Monday notifying her of the breach. Another call went out in the evening to affected CMCSS employees.

“It was the weirdest call I’ve ever gotten,” she said by phone. She wishes to remain anonymous because she is not authorized to speak to the media. “It said that our passwords, Social Security numbers, names, birthdates, all of it had been accessed. And then it ended by saying to contact our financial institutions.” She immediately called her banks and an identity theft protection company.

The second call came through during my interview with her Monday evening. A recording by Elise Shelton, chief communications officer for CMCSS, said CMCSS is unsure what information the hackers accessed, but confirmed that both current and former employees and students were potential victims of the breach. It also said that the CMCSS could not recommend what action to take for legal reasons. Shelton said all questions should be referred to the U.S. Attorney’s office, the teacher said.

The teacher says she wasn’t surprised that the school system was hacked, because she’s witnessed students and school system employees routinely bypass network security to access prohibited websites.

“Every call I get, I get a little bit more nervous,” she said.

SpexSec is currently a two-member team, remnants of the hacker group TeaMp0isoN, regrouped. It may possibly have a third. A statement accompanying the release was signed, “c0mrade,” “reckz0r” and  “Makaveli.”

TeaMp0isoN is the hacker collective known most notably for a hack on the United Nations last year.

“I worked independently by myself. Reckz0r approached me asking if I was interested in forming a team and I agreed,” one member said.

“We’re on an alias switch, though, for our own safety. We will have some big names in the group soon though, there’s just a time zone issue,” he said.

TeaMp0isoN teamed with Anonymous in the past on Operation Robin Hood and the Clarksville leak earned it attention from a branch of Anonymous based in Sweden. But SpexSec said for now it plans to maintain its independence.

“We support Anonymous, but we aren’t branched together at all. Maybe in the future, but for now, we’re working alone. We do support Cyber Zeist (a well-known hacker) of @UG, though. One of our close, close friends,” the hacker said.

Scotland Yard said it arrested two suspected members of the original TeaMp0isoN in April, but the group denied the two were members. SpexSec has no plans to get caught either.

“They can spend weeks, months, or years over-analyzing logs and whatever the fuck they decide to do, but they won’t get us. That’s the whole point of criminology: go in, do your shit, clean up after yourself and leave,” the hacker said.

The group says its next leak will be even better than the last. “Just because we ridicule the government doesn’t mean we don’t want to be on their good side sometimes. I’m sure a lot of people will love this one.

“We’re planning to leak hundreds of passports and visas of suspected terrorists, Cons, criminals, and civilians. We also plan to leak some textbook terrorist attacks that are planned for the future,” the group said. The hackers wouldn’t identify the source(s) of the upcoming leaks, which were posted early Tuesday morning.

“Although the Government is blatant, mutant, deceptive and beneath the burden, we’ve decided to cut some slack to our buddies over at the Bureaus. *WINKS*, Scott Augenbaum. We hope this helps you close down on some investigations,” said an accompanying statement.

The final transmission from SpexSec came around 5 p.m.:  “I’m tired as shit though. Haven’t slept for days. I’m going to catch up on some sleep.”

Unfortunately, some residents of Clarksville may not sleep at all tonight.

The SpexSec  leak contained 8,919 unique social security numbers — 4,942 appear to belong to employees, and 3,977 appear to belong to students, according to an analysis of the data by Identity Finder, an identity theft protection company. Identity Finder found the full names and student IDs of 3,988 unique Clarksville students, the names and employee IDs of 4,943  district employees, and  248 employee usernames and passwords.

“If they could hack a government system, why wouldn’t they target me, or my Facebook? If they are targeting Clarksville, why would they stop at Montgomery County School System,” the teacher said.