BlueLeaks, sometimes referred to by the Twitter hashtag #BlueLeaks, refers to 269.21 gibibytes of internal U.S. law enforcement data obtained by the hacker collective Anonymous and released on June 19, 2020, by the activist group Distributed Denial of Secrets, which called it the "largest published hack of American law enforcement agencies". [1]
The data — internal intelligence, bulletins, emails, and reports — was produced between August 1996 and June 2020 [2] by more than 200 law enforcement agencies, which provided it to fusion centers. It was obtained through a security breach of Netsential, a web developer that works with fusion centers and law enforcement.
The leaks were released at hunter.ddosecrets.com and announced on the @DDoSecrets Twitter account. The account was banned shortly after for "dissemination of hacked materials" and "information that could have put individuals at risk of real-world harm." [3] Wired reported that Distributed Denial of Secrets attempted to remove sensitive information from the data before publication. National Fusion Center Association (NFCA) officials confirmed the authenticity of the data, according to documents obtained by security journalist Brian Krebs; the organization warned its members that hackers may use the leaked information to target them. [4]
The Blue Leaks data comes largely from the intelligence gathered by fusion centers. After the September 11 attacks, the United States government sought to improve communication between different levels of law enforcement to better discover and prevent terrorist attacks. They encouraged state and local governments to create fusion centers: physical locations where representatives of different law enforcement agencies share and collectively analyze intelligence before distributing reports back to their respective agencies. Fusion centers have since begun working with private data brokers with little public oversight. [5]
Fusion centers have been criticized as privacy-invading, ineffective, and targeted at political groups. In 2012, the Senate Permanent Subcommittee on Investigations found that over the 13 months of review, fusion centers did not contribute to the identification or prevention of a terrorist plot, [6] : 2 and that of the 386 unclassified fusion center reports it reviewed, three-quarters had no connection to terrorism at all. [6] : 32 In 2008, the Department of Homeland Security identified a number of privacy-related concerns created by fusion centers. The department noted that the excessive secrecy of fusion centers led to comparisons with COINTELPRO, and that fusion center reports sometimes distribute inaccurate or incomplete information. [7] : 28–9 The 2012 Senate report points to a report issued by an Illinois fusion center in 2011. The report wrongly claimed that Russian hackers were to blame for a broken water pump, and despite the Department of Homeland Security publicly stating the report was false, its Office of Intelligence and Analysis included the claims in its report to Congress. [8]
After the murder of George Floyd and other instances of police violence in 2020, law enforcement in the United States came under renewed scrutiny. In early June, the hacker collective Anonymous announced its intent to expose police misconduct. [9] The collective did high-profile hacks in the 2000s and early 2010s. In 2011, Antisec, a subgroup of Anonymous, released law enforcement information in support of Occupy Wall Street protestors, but the collective had few significant operations within the United States since then. [4]
The BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. [4] More than one million documents were leaked from law enforcement fusion centers. [1] In leaked documents, officers track individual, group, and event pages with protest or anti-law enforcement rhetoric. [10] Some of the documents contain material related to the attitudes of law enforcement and their response to the Black Lives Matter movement, George Floyd protests, and COVID-19 pandemic.
During the George Floyd protests, law enforcement agencies monitored protesters' communications over social media and messaging apps. Reports leaked found that the police were aware of the potential for their surveillance to violate the Constitution. They distributed documents to police filled with rumors and warnings that the protests would become violent, sparking fear among police officers. [11]
The documents also show a much broader trend of surveillance. They show details about the data that police can obtain from social media sites including Facebook, Twitter, TikTok, Reddit and Tumblr, among others. Fusion centers also collect and distribute detailed data from automatic license plate readers. [12]
Surveys from law enforcement training programs reveal that some instructors were prejudiced and unprofessional. Classes taught biased, outdated, and incorrect content. Some contain sexual content unrelated to the class, and there was one report of an instructor admitting to lying in court frequently. [13]
In Maine, legislators took interest in BlueLeaks thanks to details about the Maine Information and Analysis Center, which is under investigation. The leaks showed the fusion center was spying on and keeping records on people who had been legally protesting or had been "suspicious" but committed no crime. [14]
Documents also contain reports about other countries from the Department of Homeland Security, U.S. Department of State and other agencies. Officials discussed cyber attacks from Iran and concerns about further attacks in early 2020. [15] Another report discusses possible Chinese espionage at natural gas facilities. [16] Homeland Security also discussed Russian interference with American elections, attempts to hack the 2020 census, and manipulation of social media discussion. [17]
On August 21, The Guardian revealed, based on the leaked documents, the existence of Google's "CyberCrime Investigation Group" (CIG). The group focused on voluntarily forwarding detailed information of Google, YouTube, and Gmail users, among other products, to members of the Northern California Regional Intelligence, a counter-terrorist fusion center, for content threatening violence or otherwise expressing extremist views, often associated with the far right. The company has also been said to report users who appeared to be in mental distress, indicating suicidal thoughts or intent to commit self-harm. [18]
One way Google identified its users in order to report them to law enforcement was by cross-referencing different Gmail accounts, which eventually led them to a single Android phone. In some cases, the company did not ban the users they reported to the authorities, and some were said to still have accounts on YouTube, Gmail, and other services. [18] [19]
Shortly after the leaks were released, on June 23, Twitter permanently banned DDoSecrets's Twitter account for distributing hacked materials. Twitter also censored all links to the DDoSecrets website. [20]
German authorities seized a server used by DDoSecrets at the request of U.S. authorities. The server had hosted the BlueLeaks files, but the documents remained available for download through BitTorrent and other websites. [21]
Reddit banned r/BlueLeaks, a community created to discuss BlueLeaks, claiming they had posted personal information. [22]
There is a federal investigation relating to BlueLeaks. Various Freedom of Information Act requests filed about BlueLeaks and DDoSecrets were rejected due to an ongoing federal investigation. Homeland Security Investigations has questioned at least one person, seeking information about BlueLeaks, DDoSecrets, and one of its founders, Emma Best. [23]
The editor for The Intercept described BlueLeaks as the law enforcement equivalent to the Pentagon Papers. [24]
The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.
Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.
In the United States, fusion centers are designed to promote information sharing at the federal level between agencies such as the Federal Bureau of Investigation, the U.S. Department of Homeland Security, the U.S. Department of Justice, and state, local, and tribal law enforcement. As of February 2018, the U.S. Department of Homeland Security recognized 79 fusion centers. Fusion centers may also be affiliated with an emergency operations center that responds in the event of a disaster.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.
Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.
LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.
Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.
Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.
RedHack is a Turkish Marxist-Leninist computer hacker group founded in 1997. The group has claimed responsibility for hacking the websites of institutions which include the Council of Higher Education, Turkish police forces, the Turkish Army, Türk Telekom, and the National Intelligence Organization others. The group's core membership is said to be twelve. RedHack is the first hacker group which has been accused of being a terrorist organization and circa 2015 is one of the world's most wanted hacker groups.
On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.
Ghost Squad Hackers ("GSH") is a hacktivist group responsible for several cyber attacks. Former targets of the group include central banks, Fox News, CNN, the United States Armed Forces and the government of Israel. The group is led by a de facto leader known as s1ege, and selects targets primarily for political reasons. The group forms a part of the hacktivist group Anonymous.
Distributed Denial of Secrets, abbreviated DDoSecrets, is a non-profit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.
Emma Best is an American investigative reporter and whistleblower. They gained national attention for their work with WikiLeaks and activist Julian Assange. Best is known for prolific filing of Freedom of Information Act (FOIA) requests on behalf of MuckRock and co-founding the whistleblower site Distributed Denial of Secrets (DDoSecrets).
The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.
Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.
The Fort Worth Intelligence Exchange is a fusion center housed within the Fort Worth Police Department.