269GB of data stolen from US police departments published after ‘BlueLeaks’ hack
Data stolen from hundreds of police departments across the U.S. have been published online in a hack dubbed “BlueLeaks.”
The 269 gigabytes of data was published online by a group calling itself Distributed Denial of Secrets and includes hundreds of thousands of police and U.S. Federal Bureau of Investigation reports, bulletins, guides and more. The data include names, addresses, email addresses, dates of birth, bank account details, images of suspects and more.
According to KrebsOnSecurity referencing an alert from the National Fusion Center Association Cyber Intelligence Network the data was stolen from Netsential, a Houston-based web developer used by police departments.
“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement and other government agencies across the United States, was the source of the compromise,” the NFCA wrote. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”
“The analysis from the NFCA shared that nearly 24 years of sensitive information was leaked,” Brenda Ferraro, vice-president of third-party risk at the risk prevention firm Prevalent Inc., told SiliconANGLE. “What is alarming with this particular breach is that it can potentially endanger lives. In this instance, where privacy and loss of life is of concern, continuous third-party risk evaluation specific to web development is key to proactively point out risks within the security domain trifecta of identity, access, and web development management.”
Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, reflected Ferraro’s concerns, saying that “the eventual outcome of this leak will likely have disastrous effects for many innocent people, including people charged with crimes who later were acquitted.
“Furthermore, it will jeopardize legally protected people, like witnesses, who helped investigators convict dangerous criminals,” Kolochenko said. “The disclosure will now literally cause the death of the witnesses if their identity is revealed to the criminals or their bloodthirsty accomplices. Finally, it will substantially hinder the performance of daily law enforcement operations across the entire country, bolstering street crimes and violent crime, exposing thousands of helpless people to the risk of serious bodily injuries and death.”
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.