Hundreds of Police Departments Info Exposed in BlueLeaks

Hundreds of Police Departments Info Exposed in BlueLeaks

KrebsonSecurity recently reported the leak of hundreds of thousands of potentially sensitive files from police departments across the U.S. 

According to a post on KrebsonSecurity, the so-called “BlueLeaks” leaks made critical files searchable online. It appears to index years of data from police departments, fusion centers, and other law enforcement resources. A fusion center is a state-owned and operated entity that gathers and disseminates law enforcement and public safety information between law enforcement partners.

ALERT: Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and Bottom Line Analysis.

Researchers trace the origin of the breach to Netsentinal, a Texas-based web design and hosting company that maintains a number of state law enforcement data-sharing portals. Distributed Denial of Secrets (DDoSecrets), a Wikileaks alternative dedicated to publishing caches of previously secret data, claimed responsibility.

The National Fusion Center Association confirmed the validity of the breach to KrebsonSecurity. The leaked files span 24 years—from August 1996 through June 19, 2020. The documents contain names, email and addresses, phone numbers, PDF documents, and a large number of text, video, and ZIP files. The files themselves include ACH routing numbers, international bank account numbers, and financial data.   

Colin Bastable, CEO of Lucy Security, shared his thoughts on the BlueLeaks breach. 

“At the heart of cyber-risk is convenience—making it easy to upload files and build a website has also enabled the hackers to score a spectacular win against US law enforcement. 

The Netsential website is barebones right now, but checking out the Wayback Machine for the Netsential website shows a consistent typo: ‘Netsential builds sites with as much or as customer involvement that is desired.’ For me, that would be a red flag – a sign that I should take a closer look at the company, especially since Netsential advertises the fact that the FBI and DoJ are customers. 

My point being that Fusion Centers were set up as a Homeland Security initiative post-9/11 in order to facilitate information sharing at all levels of law enforcement—an obvious target for China, Russia, Iran or organized crime.

You would expect the FBI to have identified this potential point of entry and remedied it. The Feds have been living off their reputation and believing their own propaganda for far too long now. My heart goes out to those many people whose information is compromised.”

Learn more about detecting and mitigating breaches here.

Ben Canner