Report: ‘BlueLeaks’ Exposes Sensitive Data From Police Departments


DDoSecrets has published data from over 200 police departments, law enforcement training and support resources and fusion centers.

Thousands of sensitive police department files – including police and FBI reports – were published on Friday by DDoSecrets (Distributed Denial of Secrets), a self-proclaimed “transparency collective” that publishes covert data.

Threatpost Webinar Promotion: The Enemy Within: How Insider Threats Are Changing

The almost 270 gigabytes of data, dubbed “BlueLeaks,” is reportedly from 200 police departments, law enforcement training and support resources and fusion centers, which are state-owned entities that gather public safety data.

DDoSecrets said on Twitter that it contains ten years of data, from over 200 police departments, law enforcement training and support resources and fusion centers, which are state-owned entities that gather public safety data. The data is currently available on the DDoSecrets’ website in a searchable format. On its website, DDoSecrets says it publishes data “aimed at enabling the free transmission of data in the public interest.”

“#BlueLeaks provides unique insights into law enforcement and a wide array of government activities, including thousands of documents mentioning #COVID19,” according to DDoSecret’s Twitter account.

Data included in the leak comes from various agencies, including the Missouri Information Analysis Center (36 gigabytes), Northern California Regional Intelligence Center (19 gigabytes), Joint Regional Intelligence Center (14 gigabytes) and Delaware Information and Analysis Center (13 gigabytes).

Where is the Data From?

According to a Wired report, DDoSecrets obtained the data from a person self-represented as “capital A Anonymous.” A report by KrebsOnSecurity, which first broke the news, said that the leak itself reportedly stems from a data breach at Houston-based web development firm, Netsential, which maintains a number of state law enforcement data-sharing portals, according to the NFCA’s report.

According to Netsential’s website, its software is used by Fortune 500 companies financial institutions, small and medium sized businesses, associations, online publications, government agencies and schools across the U.S.

KrebsOnSecurity obtained an internal analysis by the National Fusion Center Association (NFCA) that confirmed the validity of the leak data. Threatpost has followed up with the NFCA for further comment. The documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files, according to the NFCA report.

Threatpost has reached out to Netsential for further comment; but did not hear back by publication.  According to KrebsOnSecurity,  Netsential Director Stephen Gartrell declined to comment on the story. DDOSecrets for their part also declined to comment on whether the data was taken from Netsential.

Third Party Breach 

Security experts say that the government needs to be more careful in relying on third-parties to have access and control over data – particularly sensitive data.

“The BlueLeaks hack is the latest example of malicious actors targeting third-party vendors to access sensitive government data,” Mike Rieme, global chief security architect at Pulse Secure said via email, “Despite the fact that poor security practices among contractors often result in larger breaches like this one, which included data from over 200 law enforcement agencies, reliance on third-party entities to manage data and digital services continues to grow in the government sector.”

The hack sheds light on police departments, particularly as protests continue to spread across the globe in the wake of George Floyd’s death. Various Twitter users, for their part, said they scoured the data reportedly uncovered by BlueLeaks, including reports that point to the FBI’s monitoring of social media activity related to the Black Lives Matter protests.

Another (supposed) hack of the Minneapolis police department, perpetrated at the hands of the Anonymous hacktivist group, made headlines earlier in June – though security experts like Troy Hunt were quick to call the “breach” fake.

Insider threats are different in the work-from home era. On June 24 at 2 p.m. ET, join the Threatpost edit team and our special guest, Gurucul CEO Saryu Nayyar, for a FREE webinar, “The Enemy Within: How Insider Threats Are Changing.” Get helpful, real-world information on how insider threats are changing with WFH, what the new attack vectors are and what companies can do about itPlease register here for this Threatpost webinar.


Suggested articles