FacebookTwitterLinkedIn

Data belonging to 200 US Police Departments Leaked

In what has now become known as “BlueLeaks” the data belonging to hundreds of US Police Departments and Fusion Centers has been leaked online. An activist group going by DDoSecrets, or Distributed Denial of Secrets to give the group their long-form name, published 269 GB worth of data stolen from US law enforcement agencies and fusion centers. The data was made available via a search engine on June 19, 2020, to perhaps coinciding with the Juneteenth celebrations which commemorate the end of slavery in the US. This year’s observances of the event have gained new meaning against the backdrop of protests against police brutality in the wake of the killing of George Floyd.

The stolen data has been made available via a searchable portal which according to the “BlueLeaks” portal the data includes more than one million files, such as scanned documents, videos, emails, and audio files. The data is believed to cover more than ten years of collected information pertaining to over 200 police departments across the US. Not only does the data pertain to police departments but also fusion centers that are defined as state-owned and operated entities that gather and disseminate law enforcement and public safety information between state, local, tribal and territorial, federal, and private sector partners.

According to DDoSecrets, most of the files are police and FBI reports, security bulletins, law enforcement guides, and more. Some of the files also supposedly contain sensitive and personal information, such as names, bank account numbers, and phone numbers. A lot of information pertaining to the contents of the stolen data has been posted to DDoSecrets Twitter account. Further, the data was allegedly given to DDoSecrets by Anonymous the infamous hacking group best known in the public sphere for adopting Guy Fawkes masks popularized in the movie “V for Vendetta”.

data from police departments leaked

Based on information garnered from the portal it would seem that many of the files were stolen from a web hosting company based in Houston Texas called Netsential. This is because many of the files are labeled “Netsential.com Inc.”

For many readers, this would be the first time encountering DDoSecrets, who has been described in the past as an alternative to WikiLeaks. They describe themselves as a “transparency collective” and describes their actions and reason for doing what they do on their website. The group defines and describes themselves as,

“Distributed Denial of Secrets (“DDOS”) is a transparency collective, aimed at enabling the free transmission of data in the public interest. We aim to avoid any political, corporate, or personal leanings, and to act as a simple beacon of available information. As a collective, we do not support any cause, idea, or message beyond ensuring that information is available to those who need it most - the people.

While we are happy to serve as an index to data of all varieties, all must meet the following two criteria:
Is the data of public interest?
Can a prima facie case be made for the veracity of the contents?

Unless already public, or as authorized by our source, we do not disclose the providing party of any received information, and we are fully committed to ensuring their anonymity from all threats. We can never advise on the perfect procedure for transferring data to us or anyone else, but we can act as a shield for that process and share advice from our experience. Often our role is to not just make data available, but to act as an anonymity guard to pass data to journalists and other figures best positioned to interrogate it.”

The veracity of the Data

At the time of writing there has been no official release confirming the veracity of DDoSecrets claims other than what the organization itself has claimed. That being said KrebsOnSecurity obtained an internal analysis conducted by the National Fusion Center Association (NFCA) seemingly confirms that the data is indeed what DDoS says it is. However, rather than the 10 years’ worth of data DDoSecrets claimed, the NFCA states that the data consists of 24 years’ worth of information that includes documents containing names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files. Some of the alert was republished on KrebsOnSecurity and reads as follows,

“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports…Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise. Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

KrebsOnSecurity reached out to Netsential for comment but the company declined to do so. Given the sensitive data that has been leaked there is a worry that cyber threat actors, including nation-states, hacktivists, and financially-motivated cybercriminals might seek to use the data for their own ends, exploiting it, not for the sake of transparency, but a malicious agenda. Experts have weighed in on the matter, Stewart Baker, an attorney at the Washington, D.C. office of Steptoe & Johnson LLP and a former assistant secretary of policy at the U.S. Department of Homeland Security is of the opinion that the leaks will do little to shed a light of police misconduct.

Rather the information may jeopardize sensitive police investigations and potentially endanger lives. The data leak will draw moral arguments from both sides of the fence, namely those for transparency and those who believe the inner workings of the police should be classified to an extent. The moral argument is beyond the scope of this article, however, who exactly is behind DDoSecrets deserves to be explored.

DDoSecrets

It was assumed above, and perhaps wrongly, that many readers would not have heard about DDoSecrets. Their similarity to WikiLeaks would undoubtedly draw comparisons but the “transparency collective” is by and large of their own making. Who exactly makes up the collective is shrouded in mystery and is likely to remain so for the foreseeable future. Certain facts are known, namely that it appears that the collective started in late 2018 and has been credited with several significant leaks. One such leak occurred at the start of 2019 when the group released an entire host of emails and messages belonging to Russian officials. The release of the Russian data was seen as a symbolic retaliation for Russian meddling in the 2016 US presidential election.

The sheer amount of data released, 175 GB, ranked as one of the largest public leaks to date, which has only now been surpassed by BlueLeaks at 269 GB. Most of the data pertained to Russia’s war in Ukraine as well as ties between the Kremlin and the Russian Orthodox Church, the business dealings of oligarchs but this only amounted to easily accessible portions of the data. The true significance of the data, like with BlueLeaks, will take years to comb through and categorize. The group also hosted a copy of John Bolton’s explosive book which paints the current US administration in a non-too flattering light.

The tweet stating that they had a copy of the book has since been removed. While the group is for the vast majority made up of anonymous contributors, one contributor has come out of the shadows. Journalist Emma Best has acted as the group's spokesperson on several occasions, speaking to the New York Times after the release of the Russian data and in the Columbia Journalism Review she stated,

“We simply want to make the information available, and to prevent it from disappearing,”

For the most part, the group does seem to be driven by finding and releasing data that points towards the truth. Moral arguments aside whistleblowers can play a vital role in creating an informed public. As to BlueLeaks the timing of the release would most certainly place more pressure on US police departments to be more transparent with their dealings. As to whether the leaks will have any discernible impact on preventing police brutality as well as how police operate when dealing with minorities only time will tell.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal