Anonymous hacker arrested in Texas for compromising county website
Fidel Salinas, Jr., a 27-year-old hacker apparently affiliated with the Anonymous subgroup AntiSec, has been arrested by the Federal Bureau of Investigation in Texas.
According to a criminal complaint (PDF) filed in U.S. District Court for the Southern District of Texas on September 11, Salinas was arrested for “accessing, or attempting to access, a protected computer without authorization, and as a result of such conduct, recklessly causing damage.”
The charges stem from Salinas’s alleged hack, on January 5 of 2012, of co.hidalgo.tx.us, a website belonging to the Hidalgo County government in Texas and hosted by the company CivicPlus on a server in Kansas City, Kansas. Salinas allegedly used a brute force SQL injection attack to access the computer, registering 14,000 attempts before unlocking it.
According to court records, the attack “compromised sensitive human resources and emergency alert data, caused slowness and latency for users, and left administrators unable to access or manage the website for most of the day, according to an affidavit,” as SC Magazine wrote.
The FBI’s cyber crime investigations division found Salinas after a 20-month investigation by tracing the IP address of the computer he used the home of his girlfriend’s mother in Donna, Texas.
Salinas told the investigating agents that he noticed a flaw in the county website, had hacked it to expose it and had intended to inform the website’s administrators of his hack, but hadn’t done so by the time he was apprehended.
Computer forensic investigators found hacking tools downloaded onto Salinas’s computer, an Acunetix Web Vulnerability Scanner, which had logged his 14,000 intrusion attempts, and a Hajiv SQL injection exploit discovery application used to probe for weaknesses in a website.
Also found on his computer, in addition to Google search logs which featured Anonymous-related search terms, were six months of AntiSec IRC chat logs.
On his Facebook page, Salinas had posted this statement, directed at Hidalgo County Sheriff Lupe Trevino on January 22, 2012. He had not been arrested yet, so it’s uncertain if it referred to a specific incident or was a general apprehension of things to come.
“Fuck you corrupt officials and politicians, When someone tries to give you advice that your servers aren’t secure and said person doesn’t modify, access or download and “redistricted information. I believe you say thank you instead of being afraid of what you don’t know by getting an invalid warrant, arresting and wrongfully jacking all his electronics. - We do not forgive, we do not forget, divide by zero we fall, EXPECT US!”
Damages are estimated at a bit over $10,000. Hidalgo faces a possible prison sentence of one to five years.