Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number

Authored by businessinsider.com and submitted by DaFunkJunkie
image for Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number

A hacktivist group on Friday published hundreds of gigabytes' worth of potentially sensitive files from police departments across the US in the form of a searchable database that can be sorted by officers' badge numbers.

The leaked data stemmed from a security breach at a Houston-based web-services company that maintains several law-enforcement data centers, according to a memo obtained by the security reporter Brian Krebs.

The files don't provide much information about police misconduct, but they do include emails that appear to show how police departments and the FBI have monitored protests across the US.

The files include police departments exchanging information about the clothes, tattoos, and Twitter handles of people at the protests.

Visit Business Insider's homepage for more stories.

A group of hackers has published hundreds of thousands of files it said were leaked from over 200 police departments and FBI offices across the US, including internal memos, emails, and officers' personal information.

The data dump, dubbed "BlueLeaks," was published on Friday by a hacktivist group called DDoSecrets. Many of the documents purport to show how law-enforcement agencies have been sharing information about COVID-19, George Floyd protesters, and even tweets critical of the police.

—Distributed Denial of Secrets (@DDoSecrets) June 19, 2020

The files appear to stem from a data breach at Netsential, a Houston-based web-service provider that contracts with state law-enforcement agencies across the US. A memo obtained by the security reporter Brian Krebs said hackers compromised Netsential's servers and stole files hosted by fusion centers, or state agencies that facilitate information sharing among police departments.

Netsential did not immediately respond to Business Insider's request for comment.

The leaked files indicate that the FBI and other law-enforcement agencies have been keeping close tabs on social-media accounts that they believe are organizing protests over the death of George Floyd. One unclassified FBI memo to police departments in late May said that "law enforcement supporters' safety" could be in danger, citing two tweets about destroying "blue lives matter" paraphernalia.

Other internal memos included in the leak showed police departments exchanging information about specific clothing, signs, and cars of protesters deemed potential threats. Police officers have already made arrests after tracking people down using photos taken at protests.

However, the documents don't appear to include much information about specific officers' misconduct or complaints about police departments, which are unlikely to be shared among departments via a fusion center.

Similar to WikiLeaks, DDoSecrets says that it acts as a forum to publish leaked information while keeping the identities of hackers a secret and that it is "uninvolved in the exfiltration of data."

sayrith on June 22nd, 2020 at 17:59 UTC »

Most important bit:

The leaks don't provide much information about police misconduct, but do include emails that appear to show how police departments and the FBI have monitored protests across the US. Leaked memos show police departments exchanging information the clothes, tattoos, and Twitter handles of people at George Floyd protests.

nogooduser321 on June 22nd, 2020 at 17:28 UTC »

I'm surprised these systems aren't regularly audited and pen tested. This is going to make some criminals very happy.

EchoRex on June 22nd, 2020 at 17:24 UTC »

It is also searchable for:

Reason for Investigation, Suspect Name, Suspect Address, Suspect Birthdate, Known Associates, Bank Account Numbers, Bank Account Routing, etc etc.

(Edit: didn't include originally due to not thinking of all the other information in police reports... also searchable, any names, addresses, etc, of victims of rape, or abused minors)

What ISN'T present:

Police Misconduct Reports, Police Misconduct Investigations

Why? Because this is from a "fusion center" aka inter jurisdiction investigation coordination service.

This is a massive doxxing of possible victims of crimes and suspects of crimes and a massive alert to organizations under surveillance, with next to zero police misconduct findings possible.

(Edit2: With more information and people digging into this, the hackers at least attempted to remove victim information from the bulk of the reports and investigations.

They did not get it all.

And they left all Suspect identifying information in, and remember that statistically many to most suspects will never be even be charged with crime)