Nearly 270 gigabytes worth of sensitive files including FBI, “fusion center” and police department data from across the US dubbed “Blue Leaks” has been stolen and leaked online on June 19 by a collective called DDoSecrets.
Fusion centres are hubs for threat and intelligence sharing. The concept was created after September 11, in a bid by the Department of Homeland Security to improve cooperation between state, local, and territorial law enforcement
The National Fusion Centre Association (NFCA) says that the data was taken after a security breach at web development firm Netsential in Houston, Texas. It includes 490 documents pertaining to the UK. Computer Business Review was not immediately able to open these to assess the contents.
DDoSecrets stated that the Blue Leaks archive spans “ten years of data from over 200 police departments, fusion centres and other law enforcement training and support resources […] among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more”.
RELEASE: #BlueLeaks (269 GB)
Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.https://t.co/sWzdKc2VFc
— Distributed Denial of Secrets (@DDoSecrets) June 19, 2020
Investigative security news site KrebsOnSecurity obtained internal analysis by the NFCA, confirming the validity of the leaked data. The Association divulged that the data goes as far back as August 1996 all the way through to its release on June 19, or Juneteenth; Emancipation day in America.
Blue Leaks Data Dump
The NFCA alert said the document dump includes a large number of text, video, CSV and ZIP files, including “highly sensitive information such as AHC routing numbers, international data bank account numbers (IBANs) and other financial data as well.”
It also includes agents’ names, phone numbers, email addresses, images, PDF documents and more.
“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data”.
What Will Happen With the Data?
The effects of the data leak have had a mixed reception.
While the date of release and the subject of the data points towards hacktivism on the side of the Black Lives Matter protesters, many are denouncing the act as dangerous, expressing worry for those whose sensitive information has been leaked.
Founder and CEO of web security company ImmuniWeb Ilia Kolochenko explained his take on the leaks:
“The eventual outcome of this leak will likely have disastrous effects for many innocent people. First, it will likely inflict irreparable reputational, financial and even physical harm to suspects and people charged with crimes who later were acquitted in a court of law.
“The underlying motives of the publication are obscure for the time being […] Given the surrounding technical circumstances of the leak, it may be reasonable to suppose that the perpetrators have left numerous traces and digital footprints while exfiltrating the data and publishing it online.
“From a technical standpoint, it is a painful reminder that third-party security is essential to protect your organization from cyber threats in 2020”.