A hacktivist group called Distributed Denial of Secrets (DDoSecrets) has leaked online a trove of sensitive data belonging to more than 200 police departments, law enforcement training and support resources and fusion centers (state-owned entities that gather public safety data) across the US.
DDoSecrets is a WikiLeaks-style organization that describes itself as a “transparency collective” whose goal is the “free transmission of data in the public interest.”
The 269 GB data dump, dubbed “BlueLeaks”, has been published on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.
In a message on Twitter DDoSecrets said that BlueLeaks data dump comprised of “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”
According to the security blogger Brian Krebs who first broke the news, the National Fusion Center Association (NFCA) has confirmed the validity of the compromised data.
The NFCA findings indicate that based on the dates of the leaked files BlueLeaks dump covers nearly 24 years - from August 1996 through June 19, 2020. Furthermore, the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files, as well as emails and associated attachments.
“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports,” the NFCA said.
According to the NFCA, the source of the leak is the data breach at Netsential, a web development company based in Texas, which provides web services to many US law enforcement agencies and fusion centers.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA wrote in its internal report. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”