The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies.
IT’S BEEN THE better part of a decade since the hacktivist group Anonymous rampaged across the internet, stealing and leaking millions of secret files from dozens of US organizations. Now, amid the global protests following the killing of George Floyd, Anonymous is back—and it’s returned with a dump of hundreds of gigabytes of law enforcement files and internal communications.
On Friday of last week, the Juneteenth holiday, a leak-focused activist group known as Distributed Denial of Secrets published a 269-gigabyte collection of police data that includes emails, audio, video, and intelligence documents, with more than a million files in total. DDOSecrets founder Emma Best tells WIRED that the hacked files came from Anonymous—or at least a source self-representing as part of that group, given that under Anonymous’ loose, leaderless structure anyone can declare themselves a member. Over the weekend, supporters of DDOSecrets, Anonymous, and protesters worldwide began digging through the files to pull out frank internal memos about police efforts to track the activities of protesters. The documents also reveal how law enforcement has described groups like the antifascist movement Antifa.
“It’s the largest published hack of American law enforcement agencies,” Emma Best, cofounder of DDOSecrets, wrote in a series of text messages. “It provides the closest inside look at the state, local, and federal agencies tasked with protecting the public, including [the] government response to COVID and the BLM protests.
The massive internal data trove that DDOSecrets published was originally taken from a web development firm called Netsential, according to a law enforcement memo obtained by Kreb On Security. That memo, issued by the National Fusion Center Association, says that much of the data belonged to law enforcement “fusion centers” across the US that act as information-sharing hubs for federal, state, and local agencies. Netsential did not immediately respond to a request for comment.
Best declined to comment on whether the information was taken from Netsential, but noted that “some Twitter users accurately pointed out that a lot of the data corresponded to Netsential systems.” As for their source, Best would say only that the person self-represented as “capital A Anonymous,” but added cryptically that “people may wind up seeing a familiar name down the line.”
“Part of what a lot of the current protests are about is what police do and have done legally.”
EMMA BEST, DDOSECRETS
DDOSecrets has published the files in a searchable format on its website, and supporters quickly created the #blueleaks hashtag to collect their findings from the hacked files on social media. Some of the initial discoveries among the documents showed, for instance, that the FBI monitored the social accounts of protesters and sent alerts to local law enforcement about anti-police messages. Other documents detail the FBI tracking bitcoin donations to protest groups, and internal memos warning that white supremacist groups have posed as Antifa to incite violence.
DDOSecrets notes that none of the files appear to be classified, and Best concedes that they may not show illegal behavior on the part of police. But the group argues that the documents instead reveal legal but controversial practices, as well as the tone of police discussions around groups like Antifa—for instance, describing white nationalists like Richard Spencer as anti-Antifa, rather than acknowledging that Antifa expressly opposes groups like those who follow Spencer.
“The underlying attitudes of law enforcement is one of the things I think BlueLeaks documents really well,” Best writes. “I’ve seen a few comments about it being unlikely to uncover gross police misconduct, but I think those somewhat miss the point, or at least equate police misconduct solely with illegal behavior. Part of what a lot of the current protests are about is what police do and have done legally.”Who’s Affected, and How Serious Is This?
DDOSecrets counts the data of more than 200 state, local, and federal agencies in the leak. Some of the agencies with the most sheer quantity of information in the leak’s dataset do appear to be intelligence fusion centers, like the Missouri Information Analysis Center, the Northern California Regional Intelligence Center, the Joint Regional Intelligence Center, the Delaware Information and Analysis Center, and the Austin Regional Intelligence Center. The group also includes a handful of regional FBI Academy alumni associations and Infragard, a San Francisco–based group devoted to sharing information between the FBI and the private sector.
For those organizations and their members and employees, the effects could in some cases amount to more than mere embarrassment. The NFCA memo obtained by Krebs on Security warns that leaked files include “highly sensitive information” such as bank account routing numbers and other personally identifiable information, as well as images of criminal suspects. DDOSecrets’ Best says that the group spent a week prior to publication, however, scrubbing the files for especially sensitive data about crime victims and children, as well as information about unrelated private businesses, health care, and retired veterans’ associations.
“Due to the size of the dataset, we probably missed things,” Best concedes. “I wish we could have done more, but I’m pleased with what we did and that we continue to learn.” Best adds that the group pruned more than 50 gigabytes of data out of the files before publication out of what they describe as an abundance of caution, and will continue to scour that data for anything in the public interest that the group may publish later.
Best notes, however, that DDOSecrets published the financial information knowingly, arguing that it could be correlated with other information to further expose police behavior in ways that serve the public interest. “The potential of the data, especially in the long run and when correlated with other datasets, outweighs any downsides to allowing the public to examine it,” Best argues.
They also have no qualms about publishing the personally identifiable information of police officers. “The public has an interest in the identities of public servants,” they write.
For Anonymous, meanwhile, the BlueLeaks release represents perhaps the most significant action the group has undertaken in the US in years. The police targeting harks back to the 2011 operations of the Anonymous subgroup Antisec, whose members—including the prolific hacktivist Jeremy Hammond—stole and leaked data from a wide array of law enforcement targets in support of Occupy Wall Street protesters. “The closest thing I can think of to a precedent is some of Jeremy Hammond’s hacks,” Best says of BlueLeaks.
Hammond himself is still serving a 10-year sentence for his hacking crimes. On Friday, a group of supporters known as the Jeremy Hammond Support Committee tweeted out a link to the BlueLeaks data dump. It read, simply, “Fuck the police. #BlueLeaks.”