Coordinated to coincide with Juneteenth, hacktivist group Distributed Denial of Secrets published a massive leak of internal police data, a trove which included emails, audio, video, and intelligence documents. In total, the leak constitutes more than one million documents.
According to Wired, who interviewed the organization's founder Emma Best, the hacked files are the work of hacker collective Anonymous, or a source that is part of Anonymous. The files make up 269 GB of data, were taken from over 200 law enforcement agencies, and have been filed under the name Blue Leaks.
In a Twitter announcement, Distributed Denial of Secrets said that Blue Leaks indexes "ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources," and that it "provides unique insights into law enforcement and a wide array of government activities, including thousands of documents mentioning #COVID19."
Security journalist Brian Krebs reported that a document he obtained from the National Fusion Center Association (NFCA), which represents the country's fusion centers, confirms the leak.
"Additionally, the data dump contains emails and associated attachments," the NFCA document states, according to KrebsOnSecurity. "Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports."
According to the report by Krebs, the data was taken from Nesential, which is a web developer that works with fusion centers and law enforcement agencies. Fusion centers are state-owned information gathering and analysis centers that often coordinate between different regional, local and federal law enforcement divisions. Specifically, the groups and fusion centers affected include: the Missouri Information Analysis Center, the Northern California Regional Intelligence Center, the Joint Regional Intelligence Center, the Delaware Information and Analysis Center, the Austin Regional Intelligence Center, and Infragard.
Given the vast trove of documents, the full extent of what they reveal is yet to be determined, as researchers and journalists dig in. However, DDoSecrets says that the leaked documents provide the public with more insight into the strategies and mindset of law enforcement in the United States.
"The underlying attitudes of law enforcement is one of the things I think BlueLeaks documents really well," Best explained to Wired. "I've seen a few comments about it being unlikely to uncover gross police misconduct, but I think those somewhat miss the point, or at least equate police misconduct solely with illegal behavior. Part of what a lot of the current protests are about is what police do and have done legally."
Best added: "It's the largest published hack of American law enforcement agencies; It provides the closest inside look at the state, local, and federal agencies tasked with protecting the public, including [the] government response to COVID and the BLM protests."
Best told Wired the group did its best to scrub the data for especially sensitive information.
"Due to the size of the dataset, we probably missed things," Best told Wired. "I wish we could have done more, but I'm pleased with what we did and that we continue to learn."
The leaks include one widely-shared "intelligence note" by the New Jersey Office of Homeland Security and Preparedness, which was previously shared on Twitter on June 4th, 2020. In that note, law enforcement officers are instructed to "make "observations" on "ANTIFA-affiliated extremists," following the questionable narrative that anti-fascist activists are entirely provocateurs. Another strange instruction tells law enforcement officers to "access" cell phones "by consent of search warrant."
A second document being shared on Twitter shows that an alleged FBI document state a white supremacist motorcycle gang took advantage of "ongoing civil unrest" by trying to make Antifa look like a bigger threat than it is.
According to KrebsOnSecurity, Brian Krebs' security news site, the data leaked could expose sensitive operations.
"With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk," Stewart Baker, an attorney at the Washington, D.C. office of Steptoe & Johnson LLP told KrebsOnSecurity. "Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what's in the files, so the damage could be done quickly. I'd also be surprised if the files produce much scandal or evidence of police misconduct. That's not the kind of work the fusion centers do."