Hackers Targeted the Minnesota Senate's Server and Accessed a Passwords File

You probably haven't heard the name 'Anonymous' in a while. The Guy Fawkes mask-wearing hacktivists have been unusually quiet for the last few years, but apparently, the unrest that followed George Floyd's tragic death has prompted them to go back to their usual disruptive ways.

The Guy Fawkes mask is trendy again

It must be said that the "Anonymous is back" headlines should be taken with a pinch of salt. Unlike a regular hacking crew, Anonymous doesn't have a core of team members that coordinate their actions. Anyone can mount an attack and then claim that they did it on behalf of Anonymous, which means that instead of an organization with a well-defined agenda, we have a large number of hackers all hiding behind a logo that has become a part of popular culture.

Nevertheless, the said logo appears to be connected to a series of attacks aimed at authorities in Minnesota, George Floyd's home state. First, the Minneapolis police department found itself scrambling to bring its website back up after hackers launched a DDoS attack against it, and later, a database allegedly full of law enforcement agents' passwords started circulating on hacking forums.

Both incidents were relatively harmless. The DDoS attack was not very big, and the police department's website was back up and running in a relatively short period of time. As for the password dump, the security experts quickly realized that the credentials were actually scraped from databases leaked during unrelated breaches.

On Tuesday, however, it became apparent that the Minnesota Senate's website has also been attacked, and this time, it looks like things could be a bit more serious.

Hackers deface the Minnesota Senate's website and access "a password file"

The attack was launched in the early morning of June 2 when attackers apparently managed to hack their way into the server hosting the senate's website. They then defaced the website and put up the Anonymous logo on the home page. A Twitter account allegedly linked to the group announced the successful defacement, and in the meantime, the Minnesota IT Services, along with the FBI brought the website down and set about restoring things back to normal. Later that day, the Secretary of the Senate, Cal Ludeman, sent out a letter to the senators detailing what had happened.

Local news outlet TwinCities.com managed to read through the communication and revealed that the defacement was only a part of the attack. Ludeman informed senators that the hackers had also accessed a "Passwords File" hosted on the same server. The extract of the letter posted by the media doesn't give us a clear idea of what sort of passwords were located in the said file, but Ludeman does point out that they, along with the database server credentials, have been reset. The compromised file also held the password for the senate's Wi-Fi network, which has been changed as well.

The letter points out that the Passwords File doesn't contain any credentials for the email or "login" accounts of any Senators or staff, which might make some people breathe a sigh of relief. This could be a mistake, though.

We mustn't forget how many people reuse the same passwords for multiple accounts, and experience has taught us that this includes users with high-ranking positions who are responsible for the processing of a lot of sensitive data. In the end, it could turn out that the data in the compromised file can act as a launching pad for a credential stuffing attack, and we can only guess what the consequences of that might be.