X
Business

Anonymous hacks abortion clinic, steals 10,000 records

Anonymous member James Jeffery this week hacked into the British Pregnancy Advisory Service (BPAS) and stole 10,000 database records. He was arrested the day he planned to release the data.
Written by Emil Protalinski, Contributor
anonymousbpas.jpg

https://www.zdnet.com/blog/security/anonymous-hacks-abortion-clinic-steals-10000-records/10675

27-year-old Anonymous member James Jeffery today admitted he hacked into the British Pregnancy Advisory Service (BPAS), Britain's largest abortion provider. On Thursday, he defaced the website and stole around 10,000 database records containing the personal details (names, user names, e-mail addresses, and phone numbers) of women who had registered with the site. His motivation was a disagreement with his sister's choice to abort her pregnancy.

As you can see in the screenshot above (courtesy of ZDNET UK), here is what Jeffery wrote on the BPAS website, below the Anonymous logo he placed there:

An unborn child does not have an opinion, a choice or any rights. Who gave you the right to murder that unborn child and profit from that murder? "The product, abortion, is skilfully marketed and sold to women at the crisis time in her life. She buys the product, and wants to return it for a refund. But it's too late." \\\ Hacked by PabloEscboar, Anonymous ///

The same day, he boasted about his crime on Twitter, under the handle PabloEscobarSec:

http://www.bpas.org hacked: postimage.org/image/l1wzwuo2… Database dump will be released tomorrow ... #anonymous #antiabortion #humanrights British Pregnancy Advisory Service was attacked because they kill unborn children that have no rights. It's murder. @liannedemello @clare_bpas wrong. We have their entire database and customers contact details. @bpas1968 1,clare.murphy@bpas.org,Clare,59,2,bpas999,Murphy,e85dae
457dbce0fde45f80cf7c3b91ef4f4783a8ad12e0.98902149,clare ... proof enough? @ntihero Google this "Pabloescobar Lulzsec" ... you might just find I am. Isn't weak ass security the reason for all attacks?

At first, BPAS said it was confident that the women's personal details would not be leaked. Later, the organization confirmed the hack.

"The website of the British Pregnancy Advisory Service (bpas) was hacked into and defaced for a period on 8th March, 2012 in what appeared to be a sophisticated cyber attack by an anti-abortion extremist," a BPAS spokesperson said in a statement. "Around 26,000 attempts to break into our website were made over a six hour period, but the hacker was unable to access any medical or personal information regarding women who had received treatment at bpas. The website does store details (names, addresses and phone numbers) of people who have requested information from bpas via the website, including those making personal inquiries as well as health and education professionals, the media and students. These may have been inquiries relating to contraception, pregnancy, abortion, STI testing and sterilisation. All relevant authorities have been informed and appropriate legal action taken to prevent the dissemination of any information obtained from the website."

Jeffery never got a chance to release the records he stole from BPAS. On Friday, he was arrested by the Police Central e-crime Unit (PCeU) in his home. On Saturday (today), Jeffery admitted to two offences under the Computer Misuse Act. While working with Anonymous, he has also hacked other websites in the past, including those of the FBI, the CIA, West Midlands police, the Houses of Parliament, the US navy, Arizona police, and Spanish police. In this case though, Jeffery appears to have worked alone, despite the fact he posted the Anonymous logo on the BPAS website.

No medical information about BPAS' clients was compromised. Instead, Jeffery seems to have obtained personal information of women who visited the site. "We have taken rapid action to identify and arrest a suspect involved in hacking," PCeU detective inspector Mark Raymond said in a statement. "This was done to prevent personal details of people who had requested information from the BPAS website being made public. It should be stressed that the stolen data did not contain the medical details of women who had received treatment or why individuals had contacted the British Pregnancy Advisory Service."

BPAS, which sees about 55,000 women a year in its 40 clinics and other centers across the U.K., provides females with information and a forum to enquire about abortion, contraception, sexually-transmitted infection testing, sterilisation, and other fertility-related matters. The organization's stated purpose is to support "reproductive choice by advocating and providing high quality, affordable services to prevent or end unwanted pregnancies with contraception or by abortion."

Jeferry will be sentenced at a later date.

See also:

Editorial standards