Threat Watch

Police and Fusion Centers Data Published by Distributed Denial of Secrets

Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks, has posted almost 270GB of data that has been dubbed BlueLeaks. The data is a collection of sensitive details from nearly 200 police departments, fusion centers, and law enforcement training and support centers. Fusion centers are state owned-and-operated entities that gather and distribute public safety information between all levels and territories of law enforcement, as well as the private sector partners. The leaked files include thousands of documents such as police and FBI reports, bulletins, guides, and more. According to Brian Krebs, he received an internal analysis of the data from the National Fusion Center Association (NFCA) which confirmed the validity of the data leak. The alert released by the NFCA noted that the leaked information spans almost 24 years and the documents included sensitive personal information such as email contents and attachments, bank account details, names, email addresses, phone numbers, PDF documents, images, and a large number of texts, video, CSV, and ZIP files. The BlueLeaks collection appears to have been taken as a result of a security breach at Netsential, a Houston-based web development firm. The firm declined to comment on the incident at the time of writing.

ANALYST NOTES

The BlueLeaks dataset was released on June 19th, 2020. Data that was included in the BlueLeaks collection is highly sought after by threat actors ranging from nation-state actors, hacktivists, and financially-motivated attackers who could take the personal information in the dataset and use it for fraud or intimidation purposes. According to Stewart Baker, a Washington, DC lawyer and former US Department of Homeland Security Assistant Secretary, he does not believe that the files released will shed much light on police misconduct because Fusion Centers do not do that kind of work. Baker also warned that “with this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk.”

More information: https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/

https://www.zdnet.com/article/blueleaks-data-from-200-us-police-departments-fusion-centers-published-online/