Police Data Leaked: A Sign of the Times?Group Known as 'Distributed Denial of Secrets' Responsible for 'BlueLeaks' Data Dump
The recent leak of 269 GB of sensitive data from more than 200 police departments and the FBI could be a sign that law enforcement agencies are becoming a prime target for hackers, given recent civil unrest.
See Also: The Department of Defense Faces Risk
The data was leaked last week by a group known as Distributed Denial of Secrets, or DDoSecrets, which, like Wikileaks, publishes formerly secret data, according to a security blogger Brian Krebs.
"It's no surprise that law enforcement was the target of this data breach," says Saryu Nayyar, CEO of Gurucul, a risk analytics firm. "With the current civil and political climate, a wide range of threat actors, from activists to nation-states, would be interested in revealing this sort of confidential information. Going forward, especially with the current election cycle, we can expect to see more events like this."
Several days after DDoSecrets revealed the information through its Twitter account, the social media platform permanently suspended DDoSecrets, citing Twitter rules concerning posting stolen data, according to a news report.
Web Developer Apparently Breached
The information leaked by DDoSecrets apparently came from the breach of web-development company Netsential, which has many law enforcement customers, according to Krebs. He cited a document he obtained from the National Fusion Center Assocation as offering confirmation of the source of the data and its validity.
The data dump, dubbed BlueLeaks, was posted on June 19 to DDoSecrets' site. The data came from a wide variety of law enforcement sources and included personally identifiable information and data concerning ongoing cases, DDoSecrets claims in a tweet.
"Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more," the group tweeted. It also claimed that information mentioning COVID-19 is included.
What Was Leaked?
Krebs says an internal document from the National Fusion Center Association that says the leaked data actually ranges from August 1996 to June 20. The document says the personal information includes names, email addresses, phone numbers, PDFs, images,text and video, Krebs reports.
"Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform's upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data," the NCFA document notes, according to Krebs.
Netsential did not immediately reply to a request for comment.
DDoSecrets says its mission is publishing "materials submitted by sources, both leakers and hackers. We provide a stable platform for the public to access data and an anonymity shield for sources to share it, but are uninvolved in the exfiltration of data," according to its Twitter page.
DDoSecrets' actions mirror those of the loosely knit hacktivist group Anonymous that has posted pilfered data from governments, politicians and financial institutions (see: Anonymous DDoS Attacks Spread, But What's the Impact?)
Some of the agencies cited in the leak are the Alabama Fusion Center, Austin Regional Intelligence Center, Iowa Law Enforcement Academy and the Nevada Cyber Exchange, according to a series of DDoSecrets tweets.
Fusion centers are state-owned and operated centers that serve as focal points for the receipt, analysis, gathering and sharing of threat-related information between state and local governments and the private sector, according to the Department of Homeland Security.
As government agencies increase their use of third-party vendors, they must ramp up their monitoring of these entities, says Mike Reimer, global chief security architect at the security company Pulse Secure.
"Despite the fact that poor security practices among contractors often result in larger breaches like this one, reliance on third-party entities to manage data and digital services continues to grow in the government sector," he says.
"The only way to immediately begin mitigating this risk is through a "zero trust" framework, which requires thoroughly vetting all users, devices and applications before they have access to sensitive data, which extends to outside vendors."
Bill Santos, president and COO of Cerberus Sentinel, adds: "Some of the larger incidents in recent history, in addition to this incident specifically, can be tied to a third party not handling or securing information appropriately. A regular review of your vendor ecosystem, as well as contractual obligations for security, are an important part of creating a true culture of security."