Back in June a ‘hacker group’ that refers to themselves as ‘The Distributed Denial of Secrets’ or something along those lines made claims that they were behind the leak of about 10 years worth of data from roughly 200 police departments and lots of other similar agencies. While leaks, in general, do happen somewhat often, leaks of this magnitude are not something that many take lightly and since the group has been banned from Twitter.
This leak happened back in June and is referred to as ‘BlueLeaks’ it contains about 269 GB of as noted above data from over 200 police departments and other agencies of that nature. This site in itself is quite similar to WikiLeaks which chances are you’ve heard all about given how prominent their name was during our previous election here in the US. This leak contained/contains hundreds of thousands of potentially sensitive files and well, it’s quite mind-blowing to see.
Krebsonsecurity.com wrote as follows weighing in on this leak:
“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”
The NFCA said it appears the data published by BlueLeaks was taken after a security breach at Netsential, a Houston-based web development firm.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA wrote. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
Reached via phone Sunday evening, Netsential Director Stephen Gartrell declined to comment for this story.
The NFCA said a variety of cyber threat actors, including nation-states, hacktivists, and financially-motivated cybercriminals, might seek to exploit the data exposed in this breach to target fusion centers and associated agencies and their personnel in various cyber attacks and campaigns.
The BlueLeaks data set was released June 19, also known as “Juneteenth,” the oldest nationally celebrated commemoration of the ending of slavery in the United States. This year’s observance of the date has generated renewed public interest in the wake of widespread protests against police brutality and the filmed killing of George Floyd at the hands of Minneapolis police.
Stewart Baker, an attorney at the Washington, D.C. office of Steptoe & Johnson LLP and a former assistant secretary of policy at the U.S. Department of Homeland Security, said the BlueLeaks data is unlikely to shed much light on police misconduct, but could expose sensitive law enforcement investigations and even endanger lives.
“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” Baker said. “Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly. I’d also be surprised if the files produce much scandal or evidence of police misconduct. That’s not the kind of work the fusion centers do.”
Now, in regard to this group’s ban on Twitter Vice has noted that their ban came quite soon after the leak itself. This is said to be because the group violated their distribution of hacked materials policy and while the social media platform has been quite lenient in the past on this kind of thing, it seems now they cannot be. To learn more about this leak as a whole take a look at the video below.