Hundreds of thousands of files belonging to more than 200 law enforcement agencies across the U.S. were leaked online after hackers stolen them from a web development company.
The files were made available by Distributed Denial of Secrets (DDOS), a WikiLeaks-style organization that describes itself as a “ transparency collective ”whose goal is the “ free transmission of data in the public interest . ”
The leak, called BlueLeaks, contains information gathered and produced by over 200 police forces, fusion centers, the FBI and other law enforcement agencies in various U.S. states. The leaked files include images , documents, tables, web pages, text files, videos , audio files, and emails.
DDOS says the information was obtained by hackers that are part of the Anonymous hacktivist movement.
A document obtained by security blogger Brian Krebs shows that the National Fusion Center Association (NFCA) has confirmed the validity of the compromised data and has revealed that it comes from Netsential, a Texas-based web development firm. Fusion centers are responsible for the collection, review and exchange of threat information, and the NFCA represents their interests.
Netsential has evidently acknowledged that its networks were compromised, but it has not made any public statements about the incident.
The NFCA, which determined that the exposed files were dated between 1996 and June 2020, is concerned that threatening actors could leverage the leaked data to target the law enforcement agencies and their employees affected. The leaked data includes both personal and financial information.
The NFCA document revealed that the hackers compromised a Netsential customer ‘s account and exploited it to upload malware that enabled them to exfiltrate other customers’ information from the web development firm ‘s systems.
Law enforcement organizations in the United States have been increasingly targeted by hacktivists over the past weeks following the death of George Floyd in police custody and the protests sparked by the incident. Recently, many police officers’ personal information has been leaked online, and while in some cases the details were obtained from public sources, some of it may have come from hacked online accounts.