On June 19, an activist group called Distributed Denial of Secrets (DDoSecrets) published a 270-gigabyte collection of sensitive documents exfiltrated from 200 police departments, law enforcement agencies and fusion centers across the United States.
DDoSecrets claims that the leaked data was received from the infamous Anonymous hacktivist group, saying that, “we provide a stable platform for the public to access data and an anonymity shield for sources to share it, but are uninvolved in the exfiltration of data.”
The sensitive data can be perused on an online platform, dubbed BlueLeaks, and contains more than 1 million files, including police and FBI reports, security bulletins, law enforcement guides, scanned documents, videos, emails, and audio files.
“Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more,” DDoSecretssaid in a recent Tweet.
According to KrebsOnSecurity, the National Fusion Center Association (NFCA) has confirmed the validity of the data leak. Fusion centers are state-owned associations that act as intermediaries between local and state law enforcement and federal government agencies across the US, providing training, alerts, guides and instructions between various law enforcement bodies.
“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports,” reads the NFCA alert.
The leaked cache of data raises a high degree of concern for law enforcement agencies across the nation, as cyber criminals might seek to leverage the sensitive data in cyber campaigns.
Moreover, the BlueLeaks data sets may endanger ongoing investigations and the lives of law enforcement agents.
“With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” said Stewart Baker, the former assistant secretary of policy at the U.S. Department of Homeland Security.
“Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly,” he said. “I’d also be surprised if the files produce much scandal or evidence of police misconduct. That’s not the kind of work the fusion centers do.”