BlueLeaks Cyber Attack Exposes 24 Years of Files from Hundreds of US Police Departments
A collection of over one million files from hundreds of police agencies across the United States was leaked online. The data cache, known as BlueLeaks was released online on June 19, which is Juneteenth. The police records were stolen from a Texas company that designs law enforcement online data-sharing portals, according to cyber security researcher Brian Krebs.
The cache of stolen data which includes emails, audio, video, and intelligence documents was released in searchable format by Distributed Denial of Secrets. The BlueLeaks data breach exposed 269 GB of data, from over 200 law enforcement agencies, fusion centers, and law enforcement training agencies. The records span 24 years of activity.
“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.” Says KrebsOnSecurity.
Among the records are FBI reports, bulletins, guides and more.
Distributed Denial of Secrets role is for “Archiving and publishing leaked & hacked data of public interest. Veritatem cognoscere ruat cælum et pereat mundus,” according their Twitter profile. The organization reports that the data breach is the work of hackers at Anonymous.
Anonymous is a collective of independent hackers responsible for attacks against governments and government agencies – Canada, Japan, Cyprus, India, Iran to name a few. Politicians such as Sarah Palin, corporations, and the Church of Scientology have all suffered attacks. Anonymous is a self-described internet vigilante group, or hacktivists, that launch cyber attacks to bring justice to those that have been wronged. The group has attacked Sony’s PlayStation Network and other PlayStation related websites as well organized denial-of-Service (DoS) attacks on the Visa, MasterCard, and PayPal.
Fusion centers are state-owned and operated organizations that collect and share law enforcement and public safety information between state, local, tribal and territorial, and federal police agencies as well as private sector partners.
Distributed Denial of Secrets said in a Twitter Tweet that Anonymous had stolen hundreds of “thousands” of documents, but the number was much close to one million according to National Fusion Center Association (NFCA). Although Distributed Denial of Secrets claimed the data breach stole ten years of documents NFCA says it was 24 years of data. The stolen data along with other treasure troves of hacked data can be seen online.
The NFCA statement says it appears that the files were stolen from web development firm Netsential, a Houston, Texas web development firm. Netsential maintains a number of state law enforcement data-sharing portals.
Also, according to NFCA the hackers likely used a compromised user account to hack into the Netsential platform and exfiltration data.