BlueLeaks

Last updated

Anonymous Convergence and Speakout at Times Square -opop530 (18104825898).jpg
Anonymous Convergence and Speakout at Times Square -opop530 (18104825898).jpg
Protestor wearing Guy Fawkes mask in front of police

BlueLeaks, sometimes referred to by the Twitter hashtag #BlueLeaks, refers to 269.21 gibibytes of internal U.S. law enforcement data obtained by the hacker collective Anonymous and released on June 19, 2020, by the activist group Distributed Denial of Secrets, which called it the "largest published hack of American law enforcement agencies". [1]

Contents

The data — internal intelligence, bulletins, emails, and reports — was produced between August 1996 and June 2020 [2] by more than 200 law enforcement agencies, which provided it to fusion centers. It was obtained through a security breach of Netsential, a web developer that works with fusion centers and law enforcement.

The leaks were released at hunter.ddosecrets.com and announced on the @DDoSecrets Twitter account. The account was banned shortly after for "dissemination of hacked materials" and "information that could have put individuals at risk of real-world harm." [3] Wired reported that Distributed Denial of Secrets attempted to remove sensitive information from the data before publication. National Fusion Center Association (NFCA) officials confirmed the authenticity of the data, according to documents obtained by security journalist Brian Krebs; the organization warned its members that hackers may use the leaked information to target them. [4]

Background

The Blue Leaks data comes largely from the intelligence gathered by fusion centers. After the September 11 attacks, the United States government sought to improve communication between different levels of law enforcement to better discover and prevent terrorist attacks. They encouraged state and local governments to create fusion centers: physical locations where representatives of different law enforcement agencies share and collectively analyze intelligence before distributing reports back to their respective agencies. Fusion centers have since begun working with private data brokers with little public oversight. [5]

Fusion centers have been criticized as privacy-invading, ineffective, and targeted at political groups. In 2012, the Senate Permanent Subcommittee on Investigations found that over the 13 months of review, fusion centers did not contribute to the identification or prevention of a terrorist plot, [6] :2 and that of the 386 unclassified fusion center reports it reviewed, three-quarters had no connection to terrorism at all. [6] :32 In 2008, the Department of Homeland Security identified a number of privacy-related concerns created by fusion centers. The department noted that the excessive secrecy of fusion centers led to comparisons with COINTELPRO, and that fusion center reports sometimes distribute inaccurate or incomplete information. [7] :28–9 The 2012 Senate report points to a report issued by an Illinois fusion center in 2011. The report wrongly claimed that Russian hackers were to blame for a broken water pump, and despite the Department of Homeland Security publicly stating the report was false, its Office of Intelligence and Analysis included the claims in its report to Congress. [8]

After the murder of George Floyd and other instances of police violence in 2020, law enforcement in the United States came under renewed scrutiny. In early June, the hacker collective Anonymous announced its intent to expose police misconduct. [9] The collective did high-profile hacks in the 2000s and early 2010s. In 2011, Antisec, a subgroup of Anonymous, released law enforcement information in support of Occupy Wall Street protestors, but the collective had few significant operations within the United States since then. [4]

Findings

The BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. [4] More than one million documents were leaked from law enforcement fusion centers. [1] In leaked documents, officers track individual, group, and event pages with protest or anti-law enforcement rhetoric. [10] Some of the documents contain material related to the attitudes of law enforcement and their response to the Black Lives Matter movement, George Floyd protests, and COVID-19 pandemic.

During the George Floyd protests, law enforcement agencies monitored protesters' communications over social media and messaging apps. Reports leaked found that the police were aware of the potential for their surveillance to violate the Constitution. They distributed documents to police filled with rumors and warnings that the protests would become violent, sparking fear among police officers. [11]

The documents also show a much broader trend of surveillance. They show details about the data that police can obtain from social media sites including Facebook, Twitter, TikTok, Reddit and Tumblr, among others. Fusion centers also collect and distribute detailed data from automatic license plate readers. [12]

Surveys from law enforcement training programs reveal that some instructors were prejudiced and unprofessional. Classes taught biased, outdated, and incorrect content. Some contain sexual content unrelated to the class, and there was one report of an instructor admitting to lying in court frequently. [13]

In Maine, legislators took interest in BlueLeaks thanks to details about the Maine Information and Analysis Center, which is under investigation. The leaks showed the fusion center was spying on and keeping records on people who had been legally protesting or had been "suspicious" but committed no crime. [14]

Documents also contain reports about other countries from the Department of Homeland Security, U.S. Department of State and other agencies. Officials discussed cyber attacks from Iran and concerns about further attacks in early 2020. [15] Another report discusses possible Chinese espionage at natural gas facilities. [16] Homeland Security also discussed Russian interference with American elections, attempts to hack the 2020 census, and manipulation of social media discussion. [17]

Google's CyberCrime Investigation Group

On August 21, The Guardian revealed, based on the leaked documents, the existence of Google's "CyberCrime Investigation Group" (CIG). The group focused on voluntarily forwarding detailed information of Google, YouTube, and Gmail users, among other products, to members of the Northern California Regional Intelligence, a counter-terrorist fusion center, for content threatening violence or otherwise expressing extremist views, often associated with the far right. The company has also been said to report users who appeared to be in mental distress, indicating suicidal thoughts or intent to commit self-harm. [18]

One way Google identified its users in order to report them to law enforcement was by cross-referencing different Gmail accounts, which eventually led them to a single Android phone. In some cases, the company did not ban the users they reported to the authorities, and some were said to still have accounts on YouTube, Gmail, and other services. [18] [19]

Response

Shortly after the leaks were released, on June 23, Twitter permanently banned DDoSecrets's Twitter account for distributing hacked materials. Twitter also censored all links to the DDoSecrets website. [20]

German authorities seized a server used by DDoSecrets at the request of U.S. authorities. The server had hosted the BlueLeaks files, but the documents remained available for download through BitTorrent and other websites. [21]

Reddit banned r/BlueLeaks, a community created to discuss BlueLeaks, claiming they had posted personal information. [22]

There is a federal investigation relating to BlueLeaks. Various Freedom of Information Act requests filed about BlueLeaks and DDoSecrets were rejected due to an ongoing federal investigation. Homeland Security Investigations has questioned at least one person, seeking information about BlueLeaks, DDoSecrets, and one of its founders, Emma Best. [23]

The editor for The Intercept described BlueLeaks as the law enforcement equivalent to the Pentagon Papers. [24]

See also

Related Research Articles

<span class="mw-page-title-main">United States Department of Homeland Security</span> United States federal department

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

In the United States, fusion centers are designed to promote information sharing at the federal level between agencies such as the Federal Bureau of Investigation, the U.S. Department of Homeland Security, the U.S. Department of Justice, and state, local, and tribal law enforcement. As of February 2018, the U.S. Department of Homeland Security recognized 79 fusion centers. Fusion centers may also be affiliated with an emergency operations center that responds in the event of a disaster.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Operation Payback</span> Series of cyberattacks conducted by Anonymous

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

RedHack is a Turkish Marxist-Leninist computer hacker group founded in 1997. The group has claimed responsibility for hacking the websites of institutions which include the Council of Higher Education, Turkish police forces, the Turkish Army, Türk Telekom, and the National Intelligence Organization others. The group's core membership is said to be twelve. RedHack is the first hacker group which has been accused of being a terrorist organization and circa 2015 is one of the world's most wanted hacker groups.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

Ghost Squad Hackers ("GSH") is a hacktivist group responsible for several cyber attacks. Former targets of the group include central banks, Fox News, CNN, the United States Armed Forces and the government of Israel. The group is led by a de facto leader known as s1ege, and selects targets primarily for political reasons. The group forms a part of the hacktivist group Anonymous.

<span class="mw-page-title-main">Distributed Denial of Secrets</span> Whistleblowing organization

Distributed Denial of Secrets, abbreviated DDoSecrets, is a non-profit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.

<span class="mw-page-title-main">Emma Best (journalist)</span> American journalist and whistleblower

Emma Best is an American investigative reporter and whistleblower. They gained national attention for their work with WikiLeaks and activist Julian Assange. Best is known for prolific filing of Freedom of Information Act (FOIA) requests on behalf of MuckRock and co-founding the whistleblower site Distributed Denial of Secrets (DDoSecrets).

<span class="mw-page-title-main">2021 Epik data breach</span> 2021 cybersecurity incident in America

The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

<span class="mw-page-title-main">Fort Worth Intelligence Exchange</span> Fusion center in Fort Worth, Texas

The Fort Worth Intelligence Exchange is a fusion center housed within the Fort Worth Police Department.

References

  1. 1 2 Karlis, Nicole (June 22, 2020). "Inside "Blue Leaks," a trove of hacked police documents released by Anonymous". Salon. Archived from the original on June 23, 2020. Retrieved June 24, 2020.
  2. "'BlueLeaks' Exposes Files from Hundreds of Police Departments — Krebs on Security". Krebs on Security. June 22, 2020. Archived from the original on June 22, 2020. Retrieved June 22, 2020.
  3. Cimpanu, Catalin (June 23, 2020). "Twitter bans DDoSecrets account over 'BlueLeaks' police data dump". ZDNet. Archived from the original on June 24, 2020. Retrieved June 24, 2020.
  4. 1 2 3 Greenberg, Andy (June 22, 2020). "Anonymous Stole and Leaked a Megatrove of Police Documents". Wired. ISSN   1059-1028. Archived from the original on June 23, 2020. Retrieved June 24, 2020.
  5. Monahan, T. (2009). "The Murky World of 'Fusion Centres'" (PDF). Criminal Justice Matters. 75 (1): 20–21. doi:10.1080/09627250802699715. Archived (PDF) from the original on July 11, 2019. Retrieved June 24, 2020.
  6. 1 2 "Senate report" (PDF). Archived (PDF) from the original on November 12, 2019. Retrieved June 24, 2020.
  7. "DHS report" (PDF). Archived (PDF) from the original on March 29, 2020. Retrieved June 24, 2020.
  8. Zetter, Kim (October 3, 2012). "DHS Issued False 'Water Pump Hack' Report; Called It a 'Success'". Wired. ISSN   1059-1028. Archived from the original on June 24, 2020. Retrieved June 24, 2020.
  9. Molloy, David; Tidy, Joe (June 1, 2020). "The return of the Anonymous hacker collective". BBC News. Archived from the original on June 4, 2020. Retrieved June 24, 2020.
  10. "Yes, the police are watching what you post on Facebook about protests". The Daily Dot. June 29, 2020. Archived from the original on July 13, 2020. Retrieved July 9, 2020.
  11. Hvistendahl, Mara; Brown, Alleen (June 26, 2020). "Law Enforcement Scoured Protester Communications and Exaggerated Threats to Minneapolis Cops, Leaked Documents Show". The Intercept. Archived from the original on June 27, 2020. Retrieved June 28, 2020.
  12. Maharrey, Mike (June 27, 2020). "Document Unmasks Fusion Center's Participation in License Plate Surveillance". Tenth Amendment Center. Archived from the original on July 6, 2020. Retrieved July 11, 2020.
  13. Hagerty, Colleen (July 10, 2020). "'This is a time bomb'—Leaked docs reveal homophobic, racist police instructors". The Daily Dot. Archived from the original on July 10, 2020. Retrieved July 11, 2020.
  14. Neumann, Dan (June 30, 2020). "Lawmakers call to defund Maine's secretive police intelligence agency". Beacon. Retrieved July 11, 2020.
  15. Slapinski, Mark (July 1, 2020). "BlueLeaks: US Law Enforcement feared Iranian hackers". Toronto Today. Archived from the original on July 9, 2020. Retrieved July 11, 2020.
  16. Petti, Matthew (July 7, 2020). "Exclusive: Did Chinese Agents Try To Stake Out American Natural Gas Plants With Drones?". The National Interest. Retrieved July 11, 2020.
  17. Slapinski, Mark (July 6, 2020). "Homeland Security prepared for Russian interference in 2020 Census". Toronto Today. Archived from the original on July 11, 2020. Retrieved July 11, 2020.
  18. 1 2 Wilson, Jason (August 17, 2020). "Google giving far-right users' data to law enforcement, documents reveal". the Guardian. Retrieved September 6, 2020.
  19. Low, Cherlynn (August 17, 2020). "Google reportedly sent identifying info of extremist users to law enforcement". Engadget. Retrieved September 6, 2020.
  20. "Twitter has permanently banned the group that published the 'BlueLeaks' police files obtained by hackers". Business Insider Nederland (in Dutch). June 24, 2020. Archived from the original on July 9, 2020. Retrieved July 9, 2020.
  21. Bajak, Frank (July 9, 2020). "Germany seizes server hosting pilfered US police files". Associated Press. Archived from the original on July 9, 2020. Retrieved July 11, 2020.
  22. Lee, Micah (July 15, 2020). "Hack of 251 Law Enforcement Websites Exposes Personal Data of 700,000 Cops". The Intercept . Retrieved October 13, 2021.
  23. Franceschi-Bicchierai, Lorenzo (July 20, 2020). "ICE Questions an Admin of The-Eye Archive Site That Hosted 'Blue Leaks'". Vice. Archived from the original on July 20, 2020. Retrieved July 20, 2020.
  24. Elder, Jeff. "How 'Keyser Söze' leaked a secret trove of police documents that exposed cops tracking George Floyd protesters". Business Insider. Retrieved February 19, 2021.