Avast_Security_News: How the BlueLeaks data breach happened

[harlan4096]

The massive breach of law enforcement data called BlueLeaks could have been prevented with the right security tools.

Earlier this month, a group of hackers published a massive dataset stolen from various local law enforcement agencies. The data has been labeled BlueLeaks and contains more than 269 GB of thousands of police reports that go back at least two decades from hundreds of agencies from around the US. The reports list private data including names, email addresses, phone numbers and bank accounts. The source is a group called Distributed Denial of Secrets or DDoSecrets, which like Wikileaks has been publishing various leaked datasets for many years. The data can be easily searched as shown in the screenshot below. (After the group tweeted a link to the data, Twitter suspended their account.)

The leak came about through a compromised account at the managed hosting provider Netsential.com based in Houston. The provider’s website has been changed to show very minimal information after the breach, but earlier versions found on Archive.org state the claim that they build sites that are easy to use: “If you can cut and paste - you can maintain and update your website with Netsential's browser-based software.” That doesn’t bode well for their security protocols however.

This provider has a number of police and public safety clients, including the U.S. Departments of Justice and Homeland Security, along with many local law enforcement agencies and what are called Fusion Centers. These are typically state-funded operations which were set up post-9/11 to facilitate information sharing among various public safety agencies about threats to public safety. For example, here is a link to the California fusion center. On their website, they state that they help with “detection, prevention, investigation and response to criminal and terrorist activity, disseminates intelligence and facilitates communications” among various local and state agencies.

The national trade association for these fusion centers confirmed that the BlueLeaks data was a legitimate leak, according to correspondence obtained by security researcher Brian Krebs. The association issued an email alert to its members after the leak. One of Krebs’ sources says, “this data is unlikely to shed much light on police misconduct but could expose sensitive law enforcement investigations and even endanger lives.” ZDnet published copies of various tweets showing samples of data shared about the recent Black Lives Matter protests that were generated in the past several weeks.
...

Continue Reading