"It's the largest published hack of American law enforcement agencies," Emma Best, cofounder of DDOSecrets, wrote in a series of text messages. "It provides the closest inside look at the state, local, and federal agencies tasked with protecting the public, including [the] government response to COVID and the BLM protests."The HackThe massive internal data trove that DDOSecrets published was originally taken from a web development firm called Netsential, according to a law enforcement memo obtained by Kreb On Security. That memo, issued by the National Fusion Center Association, says that much of the data belonged to law enforcement "fusion centers" across the US that act as information-sharing hubs for federal, state, and local agencies. Netsential did not immediately respond to a request for comment.
Best declined to comment on whether the information was taken from Netsential, but noted that "some Twitter users accurately pointed out that a lot of the data corresponded to Netsential systems." As for their source, Best would say only that the person self-represented as "capital A Anonymous," but added cryptically that "people may wind up seeing a familiar name down the line."DDOSecrets has published the files in a searchable format on its website, and supporters quickly created the #blueleaks hashtag to collect their findings from the hacked files on social media. Some of the initial discoveries among the documents showed, for instance, that the FBI monitored the social accounts of protesters and sent alerts to local law enforcement about anti-police messages. Other documents detail the FBI tracking bitcoin donations to protest groups, and internal memos warning that white supremacist groups have posed as Antifa to incite violence.
DDOSecrets notes that none of the files appear to be classified, and Best concedes that they may not show illegal behavior on the part of police. But the group argues that the documents instead reveal legal but controversial practices, as well as the tone of police discussions around groups like Antifa—for instance, describing white nationalists like Richard Spencer as anti-Antifa, rather than acknowledging that Antifa expressly opposes groups like those who follow Spencer."The underlying attitudes of law enforcement is one of the things I think BlueLeaks documents really well," Best writes. "I've seen a few comments about it being unlikely to uncover gross police misconduct, but I think those somewhat miss the point, or at least equate police misconduct solely with illegal behavior. Part of what a lot of the current protests are about is what police do and have done legally."
Security News this Week: Palantir Manual Shows How Law Enforcement Tracks Families. If you happened to buy the Blue Smart hair straightener from Glamorizer—perhaps not even realizing it had Bluetooth capability, because why would it?—then TechCrunch is sorry to report but hackers could totally seize your device, and well, change the temperature of the hot iron remotely, if they wanted to.
Who's Affected, and How Serious Is This?DDOSecrets counts the data of more than 200 state, local, and federal agencies in the leak. Some of the agencies with the most sheer quantity of information in the leak's dataset do appear to be intelligence fusion centers, like the Missouri Information Analysis Center, the Northern California Regional Intelligence Center, the Joint Regional Intelligence Center, the Delaware Information and Analysis Center, and the Austin Regional Intelligence Center. The group also includes a handful of regional FBI Academy alumni associations and Infragard, a San Francisco–based group devoted to sharing information between the FBI and the private sector.