Minnesota government database hacked by activist in protest of Yanez verdict

article

ST. PAUL, Minn. (KMSP) - A Minnesota state government database was hacked by an activist in protest of the acquittal of Officer Jeronimo Yanez in the fatal shooting of Philando Castile, Vice News outlet Motherboard reported Tuesday. Minnesota IT Services confirmed the attack to Fox 9.

“Minnesota IT Services is aware of this attack and is investigating the incident,” the agency said in a statement. “Minnesota IT Services’ security forensics team will share any relevant information with law enforcement for review for potential criminal activity.”

According to Motherboard, a hacker calling himself Vigilance gained access to a Minnesota state government database and allegedly stole a list of 1,400 email addresses and passwords. The hacker claimed he could impersonate a Minnesota government official or state employee with the information.

"I thought I had to do something against what I found to be unjust," the hacker told Motherboard. "This was a failure of justice. And his family won't get the satisfaction of knowing the one who killed Philando is rightly punished. An innocent man died. And a guilty one lives freely."

Read more at https://motherboard.vice.com/en_us/article/hacktivist-breaks-into-minnesota-government-databases-to-protest-philando-castile-verdict

Jeronimo Yanez was charged with manslaughter for the July 6, 2016 shooting of Castile during a traffic stop in Falcon Heights, which was patrolled by the St. Anthony Police Department. A Ramsey County jury found Yanez not guilty on all counts in a verdict delivered Friday, June 16, following 27 hours of deliberations. Shortly after the verdict, the city announced Yanez would not be returning to its force.

Protests against the acquittal of Officer Yanez started with a State Capitol rally just hours after the verdict. That group eventually marched down University Avenue in St. Paul, swelling to a crowd of 2,000 people. The demonstrators shut down both directions of Interstate 94, concluding with 18 arrests.

Another rally was held Saturday at Loring Park in Minneapolis. The rally was followed by a march through downtown Minneapolis that blocked traffic and light rail trains. Sunday, a “Father’s Day for Philando” rally was held outside the St. Anthony Police Department, followed by a march through the city.

Full Minnesota IT Services statement: 

“As previously reported, Minnesota IT Services has determined that a server housing several legacy state technology applications was accessed without authorization by an external actor. This hack impacted a very small portion of the State of Minnesota’s technology infrastructure, primarily affecting legacy computer systems that are no longer in use.

“This event did not impact any major business systems that support state government operations.  In this incident, the hacker exploited a weakness in the state system that resulted in the hacker’s ability to access the data inside. The data that was posted online appears to be consistent with what our investigation has found, including email addresses and encrypted passwords of subscribers to old government newsletters (for example, energy permitting program updates).

“After learning about the potential breach, Minnesota IT Services’ Computer Forensic Team immediately took steps to assess the validity of the claim and concluded that the server had in fact been compromised. Minnesota IT Services worked quickly to remedy the vulnerabilities and strengthen security controls. We anticipate that we will be turning over the information resulting from our investigation to the FBI today.

“Minnesota IT Services will be reaching out directly to those who are affected, primarily subscribers to state geographic information and energy program newsletters.   As always, we recommend that people use unique passwords for every account they use.  Out of caution, our recommendation to those who are affected is that they consider the passwords compromised and reset them anywhere the same password might have been used.

“While Minnesota’s systems are probed for vulnerabilities more than 3 million times each day, our state has fortunately not yet experienced a major attack exposing Minnesotan’s private data. However, Minnesota has experienced incidents that have exposed state systems and data to significant risk. Nearly every government function that Minnesotans depend on is reliant on technology, but many of the systems we use today run on outdated, unsupported technology that makes them a prime target for attack. Recognizing the growing threat, Governor Dayton proposed a significant investment in cybersecurity during the last legislative session to modernize state systems and strengthen cyber defenses to better protect Minnesotans. Events such as these underscore the urgency of this increased investment.”