A massive data leak containing almost 270GB of secret documents from police departments across the US has been revealed, with items including the phrase “TOP SECRET”.
The released documents hold more than 20 years’ worth of potentially sensitive law enforcement information and intelligence.
The hackers, said to have links to the Black Lives Matter movement, released the information under the name ‘BlueLeaks collection’. This collection is believed to include internal memos, financial records, and more from over 200 state, local, and federal agencies.
The National Fusion Centre Association (NFCA) confirmed the data leak on the 20th of June in a statement seen by website KrebsOnSecurity.
According to the organisation, the dates of the files in the leak date from August 1996 through June 19th, 2020 and include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.
“Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports,” the organisation said.
Documents were uploaded to the Distributed Denial of Secrets (DDoSecrets) project, an alternative to WikiLeaks popular with hacktivists.
The data appears to have been collected following a breach of a Houston based web services company called Netsential which serves several US police agencies.
The NFCA statement continued: “Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centres, law enforcement, and other government agencies across the United States, was the source of the compromise.
“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
- 16,000 UK Consumers Affected by Online Fraud During Lockdown
- Business Hit with Six-fold Increase in Cybersecurity Losses in Past Year
- California-based AI Startup to Establish Edinburgh Research Hub
This leak could potentially leave agencies across America vulnerable as cybercriminals may seek to exploit the exposed data in cyber-attacks and campaigns.
Stewart Baker, an attorney at the Washington, D.C. office of Steptoe & Johnson LLP, said: “With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk.
“Every organised crime operation in the country will likely have searched for their names before law enforcement knows what’s in the files, so the damage could be done quickly. “