News

‘BlueLeaks’: data from over 200 police departments exposed in a massive leak

A group that goes by the name Distributed Denial of Secrets (DDoSecrets) has published 269 GB worth of data with hundreds of documents, images and sensitive information from over 200 police departments.

The legitimacy of this data has been confirmed by the National Fusion Center Association (NFCA) to KrebsOnSecurity.

Originally released via a tweet on Juneteeenth (Jun 19th) 2020, the dump, according to DDoSecrets, contains “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

Image: Twitter

However, of particular importance is the fact the dataset also exposes some highly personally identifiable information (PII), email addresses, phone numbers and financial data such as bank account numbers.


Image credit: https://hunter.ddosecrets.com/datasets/102

NFCA told KrebsOnSecurity that the data associated with BlueLeaks appears to have been obtained from a previous data breach at the web development company, Netsential.

“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” stated NFCA. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

The timestamps on some of the documents go all the way back to August 1996 and end at 2020 dates, making the leak cover ~24 years worth of data.

Given the recent events and BLM protests, and the timing of the data leak (Junteenth), the move by DDoSecrets seems in retaliation. However, experts are skeptical if exposing the 269 gig dump does anything to expose police misconduct. Rather, some fear, the exposed data may harm innocent victims, and ongoing investigations, as a current lawyer and former US Department of Homeland Security (DHS) assistant secretary of policy, Stewart Baker stated:

“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” said Baker. “Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly. I’d also be surprised if the files produce much scandal or evidence of police misconduct. That’s not the kind of work the fusion centers do.”

Some members of DDoSecrets, including Emma Best, have clarified some common misconceptions about their group made by Bahama’s Attorney General’s Office.

“DDoSecrets was formed December 2018, not December 2019. This was reported by the AP at the time and can be easily determined by looking at our website or simply Googling the issue The data isn’t from [January 2020]. Our members are openly listed on our site,” said Best.

Image Credit: Twitter

The massive data dump is being reviewed by journalists and analysts for any bits of information that may reveal something interesting.

More information should become available in due course of time.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

10 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

11 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

11 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

11 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.