A partial screenshot of the BlueLeaks data cache.
Hundreds of thousands of potentially sensitive files from US police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at Texas web design and hosting company Netsential that maintains a number of state law enforcement data-sharing portals.
The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.
In a post on Twitter, DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”
Fusion centers are state-owned and operated entities that gather and disseminate law enforcement and public safety information between state, local, tribal and territorial, federal and private sector partners.
KrebsOnSecurity obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), which confirmed the validity of the leaked data. The NFCA alert noted that the dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.
“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”
The NFCA said it appears the data published by BlueLeaks was taken after a security breach at Netsential, a Houston-based web development firm.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA wrote. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
Reached via phone Sunday evening, Netsential Director Stephen Gartrell declined to comment for this story.
The NFCA said a variety of cyber threat actors, including nation-states, hacktivists, and financially-motivated cybercriminals, might seek to exploit the data exposed in this breach to target fusion centers and associated agencies and their personnel in various cyber attacks and campaigns.
The BlueLeaks data set was released June 19, also known as “Juneteenth,” the oldest nationally celebrated commemoration of the ending of slavery in the United States. This year’s observance of the date has generated renewed public interest in the wake of widespread protests against police brutality and the filmed killing of George Floyd at the hands of Minneapolis police.
Stewart Baker, an attorney at the Washington, D.C. office of Steptoe & Johnson LLP and a former assistant secretary of policy at the U.S. Department of Homeland Security, said the BlueLeaks data is unlikely to shed much light on police misconduct, but could expose sensitive law enforcement investigations and even endanger lives.
“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” Baker said. “Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly. I’d also be surprised if the files produce much scandal or evidence of police misconduct. That’s not the kind of work the fusion centers do.”
Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number
- Hackers leaked hundreds of gigabytes’ worth of potentially sensitive files from police departments across the US in the form of a searchable database that can be sorted by officers’ badge numbers.
- The leaked data stemmed from a security breach at a Houston-based web-services company that maintains several law-enforcement data centers, according to a memo obtained by the security reporter Brian Krebs.
- The files don’t provide much information about police misconduct, but they do include emails that appear to show how police departments and the FBI have monitored protests across the US.
- The files include police departments exchanging information about the clothes, tattoos, and Twitter handles of people at the protests.
A secretive group has published hundreds of thousands of files online that it said were leaked from over 200 police departments and FBI offices across the US, including internal memos, emails, and officers’ personal information.
The data dump, dubbed “BlueLeaks,” was published on Friday by a collective called DDoSecrets. Many of the documents purport to show how law-enforcement agencies have been sharing information about COVID-19, George Floyd protesters, and even tweets critical of the police. The documents were obtained by hackers aligned with Anonymous, according to WIRED.
—Distributed Denial of Secrets (@DDoSecrets) June 19, 2020
The files appear to stem from a data breach at Netsential, a Houston-based web-service provider that contracts with state law-enforcement agencies across the US. A memo obtained by the security reporter Brian Krebs said hackers compromised Netsential’s servers and stole files hosted by fusion centers, or state agencies that facilitate information sharing among police departments.
Netsential did not immediately respond to Business Insider’s request for comment.
Hack Brief: Anonymous Stole and Leaked a Megatrove of Police Documents
It’s been the better part of a decade since the hacktivist group Anonymous rampaged across the internet, stealing and leaking millions of secret files from dozens of US organizations. Now, amid the global protests following the killing of George Floyd, Anonymous is back—and it’s returned with a dump of hundreds of gigabytes of law enforcement files and internal communications.
On Friday of last week, the Juneteenth holiday, a leak-focused activist group known as Distributed Denial of Secrets published a 269-gigabyte collection of police data that includes emails, audio, video, and intelligence documents, with more than a million files in total. DDOSecrets founder Emma Best tells WIRED that the hacked files came from Anonymous—or at least a source self-representing as part of that group, given that under Anonymous’ loose, leaderless structure anyone can declare themselves a member. Over the weekend, supporters of DDOSecrets, Anonymous, and protesters worldwide began digging through the files to pull out frank internal memos about police efforts to track the activities of protesters. The documents also reveal how law enforcement has described groups like the antifascist movement Antifa.
“It’s the largest published hack of American law enforcement agencies,” Emma Best, cofounder of DDOSecrets, wrote in a series of text messages. “It provides the closest inside look at the state, local, and federal agencies tasked with protecting the public, including [the] government response to COVID and the BLM protests.”
The massive internal data trove that DDOSecrets published was originally taken from a web development firm called Netsential, according to a law enforcement memo obtained by Kreb On Security. That memo, issued by the National Fusion Center Association, says that much of the data belonged to law enforcement “fusion centers” across the US that act as information-sharing hubs for federal, state, and local agencies. Netsential did not immediately respond to a request for comment.
Best declined to comment on whether the information was taken from Netsential, but noted that “some Twitter users accurately pointed out that a lot of the data corresponded to Netsential systems.” As for their source, Best would say only that the person self-represented as “capital A Anonymous,” but added cryptically that “people may wind up seeing a familiar name down the line.”
DDOSecrets has published the files in a searchable format on its website, and supporters quickly created the #blueleaks hashtag to collect their findings from the hacked files on social media.
Some of the initial discoveries among the documents showed, for instance, that the FBI monitored the social accounts of protesters and sent alerts to local law enforcement about anti-police messages. Other documents detail the FBI tracking bitcoin donations to protest groups, and internal memos warning that white supremacist groups have posed as Antifa to incite violence.
DDOSecrets notes that none of the files appear to be classified, and Best concedes that they may not show illegal behavior on the part of police. But the group argues that the documents instead reveal legal but controversial practices, as well as the tone of police discussions around groups like Antifa—for instance, describing white nationalists like Richard Spencer as anti-Antifa, rather than acknowledging that Antifa expressly opposes groups like those who follow Spencer.
“The underlying attitudes of law enforcement is one of the things I think BlueLeaks documents really well,” Best writes. “I’ve seen a few comments about it being unlikely to uncover gross police misconduct, but I think those somewhat miss the point, or at least equate police misconduct solely with illegal behavior. Part of what a lot of the current protests are about is what police do and have done legally.”
DDOSecrets counts the data of more than 200 state, local, and federal agencies in the leak. Some of the agencies with the most sheer quantity of information in the leak’s dataset do appear to be intelligence fusion centers, like
- the Missouri Information Analysis Center,
- the Northern California Regional Intelligence Center,
- the Joint Regional Intelligence Center,
- the Delaware Information and Analysis Center, and
- the Austin Regional Intelligence Center.
The group also includes a handful of regional FBI Academy alumni associations and Infragard, a San Francisco–based group devoted to sharing information between the FBI and the private sector.
For those organizations and their members and employees, the effects could in some cases amount to more than mere embarrassment. The NFCA memo obtained by Krebs on Security warns that leaked files include “highly sensitive information” such as bank account routing numbers and other personally identifiable information, as well as images of criminal suspects. DDOSecrets’ Best says that the group spent a week prior to publication, however, scrubbing the files for especially sensitive data about crime victims and children, as well as information about unrelated private businesses, health care, and retired veterans’ associations.
“Due to the size of the dataset, we probably missed things,” Best concedes. “I wish we could have done more, but I’m pleased with what we did and that we continue to learn.” Best adds that the group pruned more than 50 gigabytes of data out of the files before publication out of what they describe as an abundance of caution, and will continue to scour that data for anything in the public interest that the group may publish later.
Best notes, however, that DDOSecrets published the financial information knowingly, arguing that it could be correlated with other information to further expose police behavior in ways that serve the public interest. “The potential of the data, especially in the long run and when correlated with other datasets, outweighs any downsides to allowing the public to examine it,” Best argues.
They also have no qualms about publishing the personally identifiable information of police officers. “The public has an interest in the identities of public servants,” they write.
For Anonymous, meanwhile, the BlueLeaks release represents perhaps the most significant action the group has undertaken in the US in years. The police targeting harks back to the 2011 operations of the Anonymous subgroup Antisec, whose members—including the prolific hacktivist Jeremy Hammond—stole and leaked data from a wide array of law enforcement targets in support of Occupy Wall Street protesters. “The closest thing I can think of to a precedent is some of Jeremy Hammond’s hacks,” Best says of BlueLeaks.
Hammond himself is still serving a 10-year sentence for his hacking crimes. On Friday, a group of supporters known as the Jeremy Hammond Support Committee tweeted out a link to the BlueLeaks data dump. It read, simply, “Fuck the police. #BlueLeaks.”
Andy Greenberg is a senior writer for WIRED, covering security, privacy, information freedom, and hacker culture. He’s the author of the book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book and excerpts from it published in WIRED won a Gerald Loeb Award for International Reporting, two Deadline Club Awards from the New York Society of Professional Journalists, and the Cornelius Ryan Citation for Excellence from the Overseas Press Club. Greenberg works in WIRED’s New York office.