A group of cyber activists have published nearly 300GB of data they say originated from US law enforcement agencies and police departments, nicknamed the BlueLeaks.
The data was published by self-described ‘transparency collective’, Distributed Denial of Secrets (DDoSecrets) that has been likened to Wikileaks for their publishing of sensitive information.
The leak contains more than half a million images, 291,000 documents and contains more than a million names.
According to the BlueLeaks online portal, the leak contains “ten years of data from 200 police departments, fusion centers, and other law enforcement training and support resources,” adding that the data came “courtesy of Anonymous.”
A fusion center is a government-owned entity that distributes relevant law enforcement, federal government objectives and public safety information to local, state, territorial and federal law enforcement arms.
Also included are police and FBI reports, law enforcement guides, security bulletins, and even personal information including names, bank account numbers and phone numbers of police officers, as well as their superiors.
Brian Krebs has contacted the National Fusion Center Association (NFCA), who confirmed the data leak who said it was likely a data center in Texas was compromised.
“Additionally, the data dump contains emails and associated attachments,” the alert said. “Our initial analysis revealed that some of the files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”
The NFCA added that it was likely a security breach at a Houston-based web development company that was responsible for the data becoming public.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromised,” it said.
“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data,” the NFCA concluded.
Stewart Baker, a former assistant secretary of policy at the U.S. Department of Homeland Security and now active attorney in Washington DC told Brian Krebs that the data leak could undermine the safety of a number of law enforcement agents.
“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” he said.
“Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly. I’d also be surprised if the files produce much scandal or evidence of police misconduct. That’s not the kind of work the fusion centers do,” Baker concluded.