BlueLeaks files expose data from law enforcement, fusion centers

As protesters continue to take to the streets to demand racial justice and police reform in the wake of George Floyd’s death, the activist group DDoSecrets published data on a searchable portal that it says was nicked from  more than 200 law enforcement agencies and fusion centers in the U.S.

The BlueLeaks files – more than a million documents, videos, audio recordings and the like over 10 years leaked on Juneteenth – appear to come from a hack at web services firm Netsential and provided to DDoSecrets by Anonymous.

“Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more,” DDoSecrets said in a tweet.

#BlueLeaks provides unique insights into law enforcement and a wide array of government activities, including thousands of documents mentioning #COVID19,” DDoSecrets tweeted.

The National Fusion Center Association (NFCA) internal communications acknowledged the leak.

“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports,” the NFCA said in an analysis obtained by KrebsOnSecurity.

The NFCA analysis said that “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

The surrounding technical circumstances of the leak may mean that it’s “reasonable to suppose that the perpetrators have left numerous traces and digital footprints while exfiltrating the data and publishing it online,” said Ilia Kolochenko, CEO at ImmuniWeb, who took the hackers to task for exposing sensitive information that could result in physical, reputational and financial harm. “I think a rapid investigation by federal and state law enforcement agencies will rapidly shed light on the identities of the wrongdoers.”

Kolochenko said the incident from a technical standpoint, “is a painful reminder that third-party security is essential to protect your organization from cyber threats in 2020. You cannot just implement and ensure security in-house but also need to keep an eye on all your trusted parties that have any access to your data or systems.”

Netsential should have been more closely scrutinized, security pros said. “At the heart of cyber-risk is convenience – making it easy to upload files and build a website has also enabled the hackers to score a spectacular win against US law enforcement,” said Colin Bastable, CEO at Lucy Security.

“The Netsential website is barebones right now, but checking out the Wayback Machine for the Netsential website shows a consistent typo: ‘Netsential builds sites with as much or as customer involvement that is desired,’” said Bastable. “For me that would be a red flag – a sign that I should take a closer look at the company, especially since Netsential advertise the fact that the FBI and DoJ are customers. My point being that Fusion Centers were set up as a Homeland Security initiative post-9/11 in order to facilitate information sharing at all levels of law enforcement – an obvious target for China, Russia, Iran or organized crime.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.