Hacktivist, Seeking Justice for Philando Castile, Breaches Minnesota Databases

Minnesota IT Services confirmed the attack and said it's investigating

by Mary Lynn Smith, The Star Tribune (Minneapolis) / June 21, 2017

(TNS) -- A hacker, angry that the police officer charged with killing Philando Castile was found not guilty, reportedly broke into state of Minnesota databases, stealing e-mails and passwords.

Minnesota IT Services confirmed the attack and said it's investigating, according to a sparsely worded written statement. "Minnesota IT Services' security forensics team will share any relevant information with law enforcement for review for potential criminal activity."

The hacker, known as "Vigilance," tweeted on Sunday: "Justice for #PhilandoCastile MN.gov and mnstate.edu Hacked An innocent man is dead, while a guilty man is free."

On Friday, a Ramsey County jury found St. Anthony police officer Jeronimo Yanez not guilty of manslaughter in the shooting of Castile during a traffic stop last summer. The case drew worldwide attention after Castile's girlfriend livestreamed the aftermath.

In an exchange of Twitter direct messages between the Star Tribune and Vigilance, he said the hack involved 23 state of Minnesota databases -- "so quite a lot of information," the hacker wrote. It includes about 1,400 e-mails and passwords from state employees and private citizens, although "many of the e-mails don't have passwords," he said.

The passwords have a "weak encryption" so they can be decrypted easily, he said.

Vigilance said he published the information, which can be used by others to access people's accounts, including e-mail and social media.

The hacker also said he broke into databases at Minnesota State University Moorhead but didn't retrieve any sensitive data.

University spokesman David Wahlberg said IT security officials discovered June 5 that files had been hacked. No passwords, Social Security numbers or financial information were stolen, he said. As a precaution, university officials recommended that 8,000 students and 800 employees change their passwords.

'Hacktivism' common

The hacker said he breached the university files on June 5, the day testimony began in the Yanez trial. "I dump data from valuable servers in anticipation I will need it in the future," he explained. He broke into the state of Minnesota databases the day the verdict was reached, he said.

"Hacktivism" is fairly common, said cybersecurity expert Brian Krebs. "It's just feeling disempowered or feeling that some wrong has to be corrected in some way," he said.

Although he hasn't seen the stolen information, Krebs said criminals could use stolen passwords to access bank and e-commerce websites. "Knowing that people will use the same password on numerous sites, they'll probably have some luck," he said.

"If they get access to an e-mail inbox, they get access to every single account that e-mail address was used to sign up," he said. "How do you reset your password? They send you a link. ... They can reset any password."

The hacker, who declined to give his name but said he doesn't live in Minnesota, said hacking has been "my platform" for six years with a goal of speaking for "those who's voices have fallen on deaf ears."

"I chose the Philando case because I was so fed up with all the injustices in the news about cops killing innocent men, women and children then walking free," he told the Star Tribune. "When I saw the verdict, I knew I had to take action."

(c)2017 the Star Tribune (Minneapolis)