Cyber Incident Victim: Windham County Sheriffs Office
Date:
Nov 2016
Location:
United States of America
Summary
The Windham County Sheriff's Office experienced a cyber intrusion involving unauthorized access to its systems via SQL injection, leading to a data breach. An attacker compromised sensitive information including prisoner transportation records and employee credentials, with stored passwords utilizing weak MD5 hashing or plaintext storage for per diem personnel; some credentials employed easily guessable passwords like 'password1'. The exposed data was subsequently publicly disclosed by the threat actor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 12, 2016, an individual using the Twitter handle @CyberZeist publicly announced a breach of the Windham County Sheriff’s Office website (WindhamCountyVT.gov). The attacker claimed to have accessed and exfiltrated sensitive data, subsequently dumping it online. Forensic analysis of the leaked material revealed significant security deficiencies, including the storage of user passwords as MD5 hashes—a cryptographically weak algorithm known to be vulnerable to brute-force attacks—or, in the case of per diem employees, entirely unencrypted plain text. Compromised credentials included easily guessable passwords such as 'password' and 'password1,' indicating poor password hygiene practices. The dumped data extended beyond credential information to include prisoner transportation records, which contained operational details likely considered sensitive law enforcement material. CyberZeist explicitly stated that initial access was achieved through an SQL injection vulnerability, a technique exploiting insecure database query handling on the web application.
The breach exposed both administrative and operational records, with prisoner transportation logs representing a particularly severe compromise due to their potential to reveal inmate movements, security protocols, and personnel involvement. DataBreaches.net independently verified aspects of the leak and attempted to notify Sheriff Clark of the incident via direct inquiry, though no public acknowledgment or detailed response from the Sheriff’s Office was documented in the available reporting. The attacker’s use of social media to disclose the intrusion amplified public awareness of the incident, while the presence of unhashed credentials and weakly protected hashes underscored systemic security failures. The SQL injection vector highlighted insufficient input validation safeguards on the agency’s web infrastructure, allowing unauthorized database access. No additional remediation steps, containment actions, or forensic findings from the Sheriff’s Office were disclosed in the source material following the initial disclosure and data dump.