Hackers Leak Megatrove of Police Data in Solidarity with Black Lives Matter

The release of the archive dubbed "BlueLeaks", including police and FBI reports on the COVID-19 crisis and anti-racism protests, has raised concern that cyber threat actors might exploit the data to target law enforcement agencies and their personnel

Photo by Gabriele Holtermann/Sipa USA

Amid the ongoing protests across the US, an activist group has leaked hundreds of thousands of files from US police departments and other law enforcement agencies, marking the largest-ever dump of such documents.  

The group called Distributed Denial of Secrets (DDoSecrets), which like Wikileaks publishes previously secret data, released the trove on June 19, a holiday that commemorates the end of slavery in the US. The "Juneteenth" holiday has been the focus of heightened public interest this year due to the protests that swept the country following the killing of African-American George Floyd while in police custody.

The nearly 270 GB of files dubbed "BlueLeaks" include police and FBI reports, alerts and instructions regarding the COVID-19 crisis and the protests following Floyd's death.

In a Twitter posting, the group that describes itself as a "transparency collective" said the archive contains “data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

The files were made available online on a searchable portal. DDoSecrets claimed it received the BlueLeaks trove from the "Anonymous" hacktivist group.

The DDoSecrets group also claimed in a tweet that it doesn't actually hack individuals or organizations, but only provides a “stable platform” for data that may have been stolen. 

Reports said the files were stolen during a security breach at a Houston-based web hosting company that handles police websites, including "fusion centers" that gather and disseminate law enforcement and public safety information. 

According to the KrebsOnSecurity blog, the National Fusion Center Association (NFCA) issued an internal security alert in which it confirmed that the data, covering a period from August 1996 to June 2020, was authentic.   

An initial analysis was said to have revealed that the files include names, email addresses and phone numbers as well as emails and associated attachments, some of which contain sensitive information including international bank account numbers and pictures of suspects. 

The blog quoted the NFCA as saying "a variety of cyber threat actors, including nation-states, hacktivists, and financially-motivated cybercriminals, might seek to exploit the data exposed in this breach to target fusion centers and associated agencies and their personnel in various cyber attacks and campaigns."

Some commentators said the leak could potentially expose sensitive law enforcement investigations and even endanger lives.