Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Government Privacy United States

'BlueLeaks' Exposes Files From Hundreds of Police Departments (krebsonsecurity.com) 147

New submitter bmimatt shares a report from Krebs On Security: Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed "BlueLeaks" and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection -- nearly 270 gigabytes in total -- is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.

In a post on Twitter, DDoSecrets said the BlueLeaks archive indexes "ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources," and that "among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more." KrebsOnSecurity obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), which confirmed the validity of the leaked data. The NFCA alert noted that the dates of the files in the leak actually span nearly 24 years -- from August 1996 through June 19, 2020 -- and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files. The NFCA said it appears the data published by BlueLeaks was taken after a security breach at Netsential, a Houston-based web development firm.

This discussion has been archived. No new comments can be posted.

'BlueLeaks' Exposes Files From Hundreds of Police Departments

Comments Filter:
  • That's really bad. (Score:5, Insightful)

    by LenKagetsu ( 6196102 ) on Monday June 22, 2020 @07:41PM (#60215176)

    Fusion centers are filled with information on suspects and victims. This is the wet dream of anyone seeking revenge against a snitch, an abusive ex, blackmailers, organized criminals, and other scumbags. They basically painted huge targets on an unfathomable amount of private citizens.

    • by hey! ( 33014 ) on Monday June 22, 2020 @07:55PM (#60215224) Homepage Journal

      They're also full of data about political activists, both on the right and left, third party candidates, and religious minorities with no criminal history.

      We started setting these things up in the aftermath of 9/11, but in the 17 years we've had them they've achieved nothing.

      • by cusco ( 717999 )

        Undoubtedly there will be plenty of the absurd threat notices from Fatherland Security. Read a few of those things if you want lessons in absurdity, incompetence, and bureaucratic butt-covering.

      • Re: (Score:2, Troll)

        by Canberra1 ( 3475749 )
        Minnesota Police Memo. Due to public unrest, use of the neck restraints is now forbidden except of life threatening occasions. Instead, officers can now use the Floyd restraint that is just like the neck restraint, only two officers are in charge of obscuring mischievous filming of lawful pacification holds. We have determined snowflake media coverage is detrimental to law enforcement activity. Therefore lethal force is preferable to unwarranted media dramas. Standard firearm apprehension protocols apply. S
    • by Otis B. Dilroy III ( 2110816 ) on Monday June 22, 2020 @09:35PM (#60215448)
      I would much rather have my criminal information as well as LEO's available out in the the wild than having my information available to LEO's and LEO's information available to no-one.
      • Re: (Score:3, Insightful)

        I would much rather have my criminal information as well as LEO's available out in the the wild than having my information available to LEO's and LEO's information available to no-one.

        But those aren't the choices here, the choice is "your information", not "your criminal information".

    • by rtb61 ( 674572 ) on Monday June 22, 2020 @11:13PM (#60215696) Homepage

      They did not do this. The US police forces who in the most idiotic fashion imaginable, thought it was appropriate to hand out all this information to the 'LOWEST' fucking tenders that would inevitably find a million reasons why the additional costs need to be charged post contract.

      DO you know what the lowest tender does, they do everything in the cheapest way possible, including security, that is where the profits come from you fucking idiot junk yard dog law enforcers. The more of this shite you contract out, the greater the number of failures there will be. ZERO fucking efficiency gains with maximum losses.

      Foreign governments, will have a field day with this data, finding exactly those they need to contact for all sorts of criminal activity, with minimal payment. USA you contracting morons, you could exactly what your stupidity deserved.

      • by Joce640k ( 829181 ) on Tuesday June 23, 2020 @01:41AM (#60215930) Homepage

        DO you know what the lowest tender does, they do everything in the cheapest way possible, including security, that is where the profits come from you fucking idiot

        I've known plenty of highest tenders who do that, too.

        The only difference is that the bosses buy new cars immediately after signing instead of having to wait six months.

    • by AmiMoJo ( 196126 )

      According to TFA it only contains information on suspects about whom various inter-agency requests were made, but of course that is still extremely bad and many of them are entirely innocent. It does seem extremely irresponsible.

      Normally this kind of data would be given to journalists who can redact it and release it bit by bit for maximum impact. The Snowden leaks were a great example, we go some excellent analysis and whenever the security services refuted something they would produce another leak showing

      • by Luckyo ( 1726890 )

        All while redacting things like personal information of individuals who may get targeted as a result. That was the critical part of it, and why it's genuinely impossible to differentiate between what Assange's organisation did and what any other investigative journalism outlet does.

        Problem here is that whoever leaked this, actually leaked unredacted personal details. That's just fucked up. That is something you do NOT do if you have a shred of decency.

    • by Mousit ( 646085 )
      I'll probably copy-and-paste this reply several times down the threads..

      Krebs and TFS failed to mention that this was NOT an indiscriminate publish. DDoSecrets worked to scrub it of information on victims and children, among other things. It's only briefly mentioned in this Wired article [wired.com] but that's more mention that this report is giving.

      It's a pretty damn important note to include though.
  • Turds (Score:3, Insightful)

    by raymorris ( 2726007 ) on Monday June 22, 2020 @07:41PM (#60215178) Journal

    Great, you indiscriminately leaked police reports online.
    So now anybody who wants to can get names, addresses, and phone numbers of domestic abuse victims, rape victims, witnesses to each crime ...

    Total shitheads.

    • Re: (Score:3, Insightful)

      by adfraggs ( 4718383 )

      Yeah I don't get this. It's just anarchy. Release all the information, let the world burn. No question that law enforcement agencies have problems with transparency but this isn't really helping.

      • Re:Turds (Score:5, Insightful)

        by NicknameUnavailable ( 4134147 ) on Monday June 22, 2020 @08:08PM (#60215256)
        If leaks are common it limits the information which can be recorded in secret, that's still a good thing for freedom and liberty. Even more to the point: this data was already in the hands of people working with those systems, which necessarily had ties to politicians and governing bodies in order to achieve their sales. As we know from Epstein, basically every world leader and politician was in on it, and the people they associate with and hand contracts to are those they themselves can blackmail and/or extort. Literally the worst people already had all that info on potential (and former) victims, the only thing new here is that the common folk have it too now.
        • Re: (Score:2, Insightful)

          by mrproperz ( 6515104 )
          Which crackpot book did you get this from? If you think eliminating need-to-know security will somehow eliminate what is being recorded, you're out of your mind. Look at all the private consumer data leaks that are happening on a daily basis - is that stopping companies from collecting or consumers from handing over? This kind of stuff unequivocally makes things worse.
          • That's just flat out wrong, but that was obvious to everyone when you opened with "hurr conspiracies are all lies." Grow up.
            • Sorry if I came off crass, I'm not trying to play it off as a conspiracy theory, I'm legitimately trying to understand where this idea comes from and if it has any practical relevance. It doesn't really pass the sniff test for me.
          • Which crackpot book did you get this from? If you think eliminating need-to-know security will somehow eliminate what is being recorded, you're out of your mind. Look at all the private consumer data leaks that are happening on a daily basis - is that stopping companies from collecting or consumers from handing over? This kind of stuff unequivocally makes things worse.

            It's called the reality of history. The 4th amendment isn't really about making it easy for crooks, or the common person running around. It's there to stop the king from rummaging at will through peoples' lives and papers and houses, looking for things to hurt political opponents with.

            You've just waived away one of the greatest protections a free society can have.

            And by the way, this is much worse than whether a private corporation wants to know if you might be more interested in ads for Pampers or Depend

          • This data was already out there if it was not secured. It's probably been for sale to criminal organizations. Everyone but the public had access.
        • And to your point but on another angle:

          For every motherfucker out there with a computer is another motherfucker with a computer. ~ © 2020 CaptainDork

          Rhetorical question: Why does the web service have the same equipment as the rest of us?

        • by Kjella ( 173770 )

          This is like saying the US has nukes and ISIS doesn't, releasing blueprints and simulation data would be a good thing. I'm sure that'd level the playing field but not in a good way. If you can't trust the cops with info, then you can't go to the cops and that's a win for all bad guys everywhere.

          • by znrt ( 2424692 )

            This is like saying the US has nukes and ISIS doesn't

            well isis wouldn't have been a thing if some superpower hadn't fucked up the whole region with/for their dirty little secrets and lies, to get an edge over some competition with their own little secrets and lies.

      • Re:Turds (Score:5, Insightful)

        by TheReaperD ( 937405 ) on Monday June 22, 2020 @09:28PM (#60215434)

        Yea, I'm all for the BLM protests and leaking incriminating data that show maleficence by the police, but this is bullshit. This is burning dozens, or hundreds, of innocents to catch one witch (if you're lucky). There are some crimes that people will punish you for just being accused of it, take pedophilia, for instance. Even if there was found to be no basis to the charges, there are people who would persecute you for the accusation. (I knew someone who was accused, person was nearly 18, had parent's permission, no crime was found by police and people still hounded him for the rest of his life. The only reason it came to the police's attention was the parent's got divorced and one parent accused the other of child trafficking to win custody and child support [it worked]. Custody was for less than four months so, it was obviously to just be vindictive against their ex). This is just one example of how this could damage people. You also have witnesses, some confidential against either abusive spouses or organized crime (you can bet every gang is going to go through this database to find anyone that snitched). And this is just the tip of the iceberg!

      • Yeah,but let's be honest though [youtu.be], it's beautiful, right?
      • Re: Turds (Score:5, Insightful)

        by t4eXanadu ( 143668 ) on Monday June 22, 2020 @11:19PM (#60215714)

        I don't agree with it either, but it's not much different from some company being hacked, particularly if the exfiltrated data was PII such as SSNs or mailing addresses. Innocent people will be hurt by it. I mention this because, when some company gets hacked and it's reported here, the primary sentiment seems to be mockery for some foolish IT person failing to secure things appropriately.

        I guess my point is, perhaps our reaction to large data breaches should always be concern for innocent victims. I think the important lesson here, however, is that security risks of fusion centers may outweigh potential benefits. It's not clear what those benefits might be anyway, as they seem shrouded in secrecy.

    • I am carefully sifting the data to see if any of my clients are on it.
      I definitely will want to know if someone is up to no good or might be a risk to me.

      Hey the data is free and available why not mine it for it's advantage.

    • These aren't just random sociopaths. They're military units of states hostile to the United States, such as the GRU in Russia. You can bet this breach came down to Russia, China, or North Korea.

      • by HiThere ( 15173 )

        Possibly. The sheer size of the link makes that plausible. But I sure wouldn't claim that as a certainty.

        P.S.: This doesn't look like the work of a sociopath, assuming non-state actors, but rather someone who dislikes authority and doesn't think things through. At a guess someone under 22 years of age. There *are* sociopaths who would do this kind of thing with intent, and there are also political stances that would find it justifiable. Assigning a motive to this based on current evidence can only be

    • Maybe, just maybe, it was a really DUMB idea to keep that record in a place where it can be stolen?

    • They claim to have redacted the victim's personal information. About 1/6 of the database was redacted.

      They only spent a month doing it, so I doubt they did a perfect job. I don't know if they did an acceptable job.

      • They redacted it ? Good. Apparently DDoSecrets is a 'journalistic collective' which may or may not mean something. With 270GB redacting has to be a scripted job. Unlikely to work on scanned documents and unlikely to be thorough: you have sample the results and rerun with corrected scripts, do multiple iterations like that. Without doing a perfect job it is possible to reduce the damage very significantly this way though.

    • by Mousit ( 646085 )
      I'll probably copy-and-paste this reply several times down the threads..

      Krebs and TFS failed to mention that this was NOT an indiscriminate publish. DDoSecrets worked to scrub it of information on victims and children, among other things. It's only briefly mentioned in this Wired article [wired.com] but that's more mention that this report is giving.

      It's a pretty damn important note to include though.
      • According to the article you linked, it's 25 years of documents from at least 200 departments and the person days they spent a week taking out some of the most obvious ans most problematic information. One week. They didn't get it all, of course, they left a lot of stuff they know they should have taken out, but they only spent a week, says the person who did the "scrubbing".

        Krebs notes he's already seen people's banking information is included in the public dump.

        > I'll probably copy-and-paste this rep

        • by Mousit ( 646085 )

          Krebs notes he's already seen people's banking information is included in the public dump.

          Please be accurate about it.

          "Best notes, however, that DDOSecrets published the financial information knowingly, arguing that it could be correlated with other information to further expose police behavior in ways that serve the public interest."

          Indeed, please do.

  • by rsilvergun ( 571051 ) on Monday June 22, 2020 @07:48PM (#60215190)
    we don't have real journalists who can go over this stuff full time and who would actually report on anything they found. We lost all that when we let them all get bought out.

    Gawker used to have folks who would pour over this and do the hard work of investigative journalism, but they paid the bills with sleeze and folks hated that so they let Hulk Hogan & his billionaire backer kill them.

    I predict this'll amount to Dickie McGeezaks.
    • by ArmoredDragon ( 3450605 ) on Monday June 22, 2020 @09:43PM (#60215462)

      Gawker was nothing but a slimeball celebrity gossip news site in the same vein as TMZ, only less successful.

      • the reason Theil (I remembered his name) went after them wasn't that he was outed gay (he's rich, he doesn't care) it was because they kept running stories about his shady business deals.
        • the reason Theil (I remembered his name) went after them wasn't that he was outed gay (he's rich, he doesn't care) it was because they kept running stories about his shady business deals.

          It's Peter Thiel. Gawker wrote plenty about Thiels personal failings but perhaps you'd like to substantiate your claim how Gawker "kept running stories about his shady business deals" because afaik that never happened. Link goes to archive of Gawker with the tag peter-thiel for your conveniance: https://kinja.com/tag/peter-th... [kinja.com]

    • Mother Jones does better work than Gawker ever did.
      • and that's the problem. Real journalism is a _ton_ of work. Are you going to go through 270 gigabytes of data, then pound a beat to corroborate what you find?
        • All the real journalists are going through YEARS of social media to find that one time someone said, did, or wore something that resembled non compliance with the hive mind. Check back in a few months.

          Also..
          >corroboration

          All the cool kids just go for what drives click and copy; a retraction and a flimsy excuse are WAY simpler.

    • GAWKER? (Score:2, Troll)

      by thesupraman ( 179040 )

      Really? thats what you think investigative journalism is?

      I'm sorry, this leak probably doesnt have a ton of dick and tits out picks, and little celeb dirt, so gawker would not really be interested.

      Yes, we have lost investigative journalism, mostly because the newsrooms are now full of 20something 'interns' trying to 'make it' with little or no life skill, and simply intending to tow whatever is the currently most popular party line.

      THAT is the problem. Gawkers death is a plus, not a minus.

    • by AmiMoJo ( 196126 )

      There is The Guardian which is funded by subscriptions and ads. Buzzfeed of all people do some great investigative work, although they gutted their serious journalism department so I don't know if they still can.

    • Gawker used to have folks

      The fact that you think Gawker was held up as some standard of journalism speaks volumes. Like holy shit man. Not sure if you were going for troll or funny, but what you said sure as heck wasn't insightful.

  • by Cmdln Daco ( 1183119 ) on Monday June 22, 2020 @07:56PM (#60215230)

    There will be negative outcomes from this that affect the victims of crime, and that also unjustly impact people accused of being criminal.

    Ordinary people, as opposed to zealots of various idelogical bents, will recognize the damage these leaks represent.

    Advocates of police secrecy will have a field day using examples from the outcome of these leaks to justify further and mor rigorous secrecy.

    It's probably fun to be one of the adventurist putzes who stole the info and threw it out in public.

  • This is steps away from FBI raids for illegal images and videos.
  • um (Score:2, Insightful)

    If you are unhappy with big city police departments, here's an idea: figure out who has been running them for the last 40 - 60 years, and vote against them.

    • Re: (Score:2, Insightful)

      Comment removed based on user account deletion
      • You dont see politicians advocate that bc its unpopular. Most people know there are certain problems where police are right solution, but they are being used for situations that need social programs to really solve.

      • "Vote against them" implies that there are alternatives you could vote for who are against them.

        How many politicians have you ever seen advocate for defunding the police, much less abolishing them? That's the kind of thing that causes a bag of cocaine to mysteriously be found by a police dog in your car.

        Hmm. So the "institutional racism" of Democrat politicians in big cities in unstoppable?

    • Unless they run unopposed. But if they're running unopposed, then they must be doing a good job, amirite? I guess I could run for political office if I'm unhappy with my representation. Even still, how does voting in a new sheriff help if the real ails of our police department are being covered up by the un-elected peers on the police department? Voting is not our only recourse for social change. Voting may not even be an option for real social change in a country that's been gerry-mandered to hell and back
  • along with the torrent, but it looks like ddossecrets is basically ddosed itself right now.

    here is the searchable link [ddosecrets.com]

    There should be no reason for it to be, but I'm personally curious if there is anything about myself, my family, or anyone else I know in there.

  • I know the current sentiment among teen edge lords is "ACAB" but this crosses way way beyond the line of ethical hacking and goes straight to gutter trash. Really disappointed to see anyone that's happy about this. A lot of completely unrelated data that potentially exposes abuse and crime victims. This is no better than the garbage dumped by Manning & Reality Winner.

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...