14 DAY TRIAL // An inexperienced female hacker claims to have broken into the BART Police Officers Association website and leaked the personal information found inside.
According to a report in SF Weekly, the hacker is French and uses the online handle Lamaline_5mg, although this might be just a temporary alias.
The girl claims that this was her first hack and she learned how to do it by reading a PDF document about SQL injection.
According to her, the vulnerability was located in the site's contact form and she found it by searching for "site:bartpoa.com inurl:.asp?" on Google. She then tried out different column names in the SQL query.
"They had zero security," Lamaline_5mg told SF Weekly, explaining that her motive for attacking the website was the shut down of cell phone service by the Bay Area Rapid Transit (BART) officials last week.
"People trying to stand for themselves in peaceful protest ends up being such a big deal that the police has to shut down cellphone and WiFi access.This is exactly like the beginning of the tahrir protests," the hacker said
The attack against the BART police website was originally attributed to Anonymous because the group's OpBART campaign was mentioned in the leak.
However, Anonymous supporters warned on Twitter that this was not a group-sanctioned attack and that the very nature of the movement allows anyone to claim they acted in the name of Anonymous.
"I got pissed. I learned some stuff. They didn't have protections. I won," Lamaline concluded, adding that "lulz" played a part in her decision to leak the data. In hacker parlance lulz means laughs achieved at the expense of others and was often cited as attack motivation by the notorious LulzSec hacker group.
BART condemned the release of personal information because it placed police officers and their families at risk of reprisals from people unhappy with its decision to cut cell phone service.