Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal information.
DDoSecrets, or Distributed Denial of Secrets, is a transparency collective similar to WikiLeaks, which publicly publishes data and classified information submitted by leakers and hackers while claiming the organization itself never gets involved in the exfiltration of data.
According to the hacktivist group, BlueLeaks dump includes "police and FBI reports, bulletins, guides and more," which "provides unique insights into law enforcement and a wide array of government activities, including thousands of documents mentioning COVID19.
As you can see in the screenshot below, a quick analysis of the BlueLeaks dump shows the data contains over millions of files including images, documents, videos, web pages, text files, emails, audio files, and more, though it's yet to be investigated how many files are classified and are not supposed to be public.
Some alerts and guides leaked in BlueLeaks also contained intelligence on the protests, including the recent countrywide Black Lives Matter protests in the U.S. following the death of George Floyd at the time he was in the custody of Minneapolis police.
Some of the U.S. agencies listed in BlueLeaks are:
- Alabama Fusion Center
- Austin Regional Intelligence Center
- Boston Regional Intelligence Center
- Colorado Information Analysis Center
- California Narcotic Officers' Association
- Delaware Information and Analysis Center
- FBI Houston Citizens Academy Alumni Association
- FBI National Academy Association Arkansas/Missouri Chapter
- FBI National Academy Association Michigan Chapter
- FBI National Academy Association of Texas
It appears that the source of this massive data stems from a security breach at Houston-based web hosting company 'Netsential Inc,' where the webserver for National Fusion Center Association (NFCA) is hosted, security blogger Krebs reported.
Fusion centers are basically information centers that enable intelligence sharing between local, state, tribal, territorial law enforcement and federal agencies, maximizing their ability to detect, prevent, investigate, and respond to criminal and terrorist activities.
In a statement, NFCA confirmed Krebs that the "dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files."
Netsential confirmed that a threat actor had leveraged a compromised Netsential customer user account and the web platform's upload feature and exfiltrated other Netsential customer data, including several U.S. police agencies, including Fusion Centers.
Netsential is the same web hosting company that was previously abused by attackers to infect targeted victims with ransomware by sending spoofed spear-phishing emails disguised as NFCA.