Blue Leaks: The Largest Published Hack of American Law Enforcement Agencies

Anger towards the police has boiled over into another form of attack on the men in blue – a cyber attack. Files from hundreds of police departments throughout the United States were released online in an epic breach called the “Blue Leaks”. “With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk,” said Stewart Baker, an attorney at the Washington D.C. office of Steptoe & Johnson LLP and a former assistant secretary of policy at the U.S. Department of Homeland security. “Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly,” continued Baker.

The animosity toward the police began when bystanders filmed the arrest and killing of George Floyd by Officer Derek Chauvin of the Minneapolis police. Since Floyd’s death, Black Lives Matter and defund the police protests have been held around the country. On June 19th, also known as Juneteenth in the U.S. (a celebration of the last slaves learning they were free) the “Blue Leaks” was published online. The data was posted by a group called the Distributed Denial of Secrets (DDoSecrets) who leaks information they believe is in the public interest. Anonymous, a hacktivist group known for stealing and leaking documents, is reported to be the source of the “Blue Leaks”.

Anonymous Strikes Again

Anonymous doesn’t have a formal membership or structure. As a group, they are well known for wearing Guy Fawkes face masks and orchestrating online hacks typically linked to political events or current affairs. The hacktivist group has credited itself for attacking the CIA, Sony, PayPal, and government websites. 

“It’s the largest published hack of American law enforcement agencies,” said Emma Best, co-founder of DDoSecrets. Reportedly there are 24 years worth of data including documents with names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CVS, zip files made up the data breach. In total it’s about 269-gigabyte collection of police data. The data originated from a hack on a web hosting company called Netsential. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the Web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data,” reported Brian Krebs.      

Police Transparency                                                           

Emma Best is credited with saying, “We simply want to make the information available and to prevent it from disappearing.” In other words, DDoSecret is trying to force police agencies into greater transparency. In June DDoSecrets said in a statement, “[We] publish materials submitted by sources, both leakers and hackers. We provide a stable platform for the public to access data and an anonymity shield for sources to share it, but are uninvolved in the exfiltration of data.”

The last large scale police hacking occurred back in 2011 by an Anonymous subgroup called Antisec. Now Jeremy Hammond, an ally in the 2011 data breach, is serving a 10-year sentence for his hacking crimes. Will the consequences for the “Blue Leaks” be enough to deter future hacktivists?