A ‘highly sensitive’ WikiLeaks-style data hack of police records has put records from more than 200 police departments spanning 20 years into the public domain, revealing the names of suspects, details of investigations and information about cops like their bank details and home addresses.
The data dump, dubbed Blue Leaks, was posted online by The Distributed Denial of Secrets, a group of hackers, after they harvested it from Netsential.
Netsential holds data from fusion centers, which act as data sharing facilities for the FBI, local law enforcement agencies and other law enforcement organizations.
The hack stole more than 1million names of both cops and suspects, along with more than 500,000 images, PDF documents and texts.
The files date back to 1996 and do not include any information about police misconduct or disciplinary investigations.
Instead, they reveal how police investigate crimes, focus on the social media posts and share information between departments.
The files include warnings from the FBI to local police departments about how protesters were planning George Floyd demonstrations.
They included tweets from people using the hashtag ‘avenge George Floyd’.
The FBI in L.A. released this warning on May 29 about George Floyd protests and how they were being planned on Twitter
The BlueLeaks data dump occurred June 19, which is also known as ‘Juneteenth’ – a national celebration to commemorate the end of slavery in the US
There are memos highlighting specific clothing, tattoos, signs and cars of protesters that could be a potential threat – officers have made arrests based on these using photos from protests
Among the departments from whom data was stolen are Alabama Fusion Center Austin Regional Intelligence Center Boston Regional Intelligence Center Colorado Information Analysis Center California Narcotic Officers’ Association Delaware Information and Analysis Center, FBI Houston Citizens Academy Alumni Association FBI National Academy Association Arkansas/Missouri Chapter FBI National Academy Association Michigan Chapter FBI National Academy Association of Texas Fort Worth Intelligence Exchange and dozens more.
The files reveal that the FBI was searching for anyone tweeting about Juneteenth protests, and also reveals how Google has helped with investigations by providing users’ Google Wallet information.
The BlueLeaks data dump occurred June 19, which is also known as ‘Juneteenth’ – a national celebration to commemorate the end of slavery in the US, KrebsOnSecurity reports.
Twitter user Distributed Denial of Secrets (DDoSecrets), shared that the data dump includes 269 gigabytes of information.
‘Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources, one of the user’s posts reads.
‘Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.’
DDoSecrets also shares some of the departments in the US were included in the leak, including information centers, FBI departments and police units.
However, a memo obtained by KrebsOnSecurity shows that the leak includes information from August 1996 through June 19, 2020.
The internal analysis notes that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.
‘Additionally, the data dump contains emails and associated attachments,’ the alert reads.
DDoSecrets also shares some of the departments in the US were included in the leak, including information centers, FBI departments and police units
The documents reveal how law enforcement is picking out extremists at protests
The internal analysis notes that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files
The documents do not include information about police misconduct or complaints of any actions against certain departments
‘Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.’
All of the leaked data was traced back to a security breach at Netsential in Houston.
‘Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,’ the National Fusion Center Association Cyber Intelligence Network wrote.
‘Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.’
The files, which can be downloaded, reveals the FBI and other police departments have been scanning social media accounts looking for organized protests over the death of George Floyd, an man who was killed while in police custody last month, Business Insider reports.
An unclassified FBI memo to law enforcement in May states that ‘law enforcement supports’ safety’ may be in danger.
The document includes two tweets that discusses aggressive acts against those who support the ‘Blue Lives Matter’ movement.
There are other internal memos in the data dump that show discussions on specific clothing, signs and cars of protesters that could be threats.
And police officers have made arrests after tracking people down using photos taken at protests.
However, the documents do not include information about police misconduct or complaints of any actions against certain departments.
Stewart Baker, an attorney at the Washington, D.C. office of Steptoe & Johnson LLP and a former assistant secretary of policy at the U.S. Department of Homeland Security, told KrebsOnSecutiry that the BlueLeaks data is unlikely to shed much light on police misconduct, but could expose sensitive law enforcement investigations and even endanger lives.