A group of hacktivists and activists have published 269 GB of data leaked and allegedly stolen from more than 200 police departments, fusion centers and other law enforcement agencies across the United States. This includes the login credentials for 32 police domains.

The data is being called the “largest anti-police release since one million usernames and passwords from law enforcement and military personnel were leaked in 2015.” The dataset contains over 1,100 databases full of information on police officers, civilians, military personnel, informants and journalists. All of this was published as part of a new website called ‘CopLogic’ which currently has a countdown to March 20th at 11:30 EST.

This incident has been dubbed BlueLeaks, which became exposed data by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal data. The leak is said to not contain information gathered from hacking or other cyberattacks but was obtained by exposing vulnerable servers and through brute force attacks on weak passwords.

The database was indexed into multiple websites, and the identities of police informants were published alongside journalists who receive daily emails containing sensitive information regarding their personal safety. The leak also contains the personal details of officers and civilians. No law enforcement agencies have commented on the leak as of yet.

The dump includes a total of 9,731 records from Florida alone, including names and addresses for police officers who are labeled “informants” in other states that may be at risk if the criminals they helped apprehend are released. A total of 266 GB of data was gathered from more than 800 police departments, and the records were compiled from every state in the United States.

The leaked source code used to build the CopLogic website is available on Github, allowing anyone to download the scripts and create their own mirror for viewing the sensitive data. This source code can be used by anyone to launch their own attacks on law enforcement agencies and other data that appears to be vulnerable. Homeland security has been notified about this latest leak, which is currently under analysis by various agencies.

In a statement, NFCA confirmed Kerbs that the “dates of the files in the leak actually span nearly 24 years – from August 1996 through June 19, 2020. The documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV, and ZIP files.”

“The potential impact of the data released today has been exaggerated. Our intelligence analysis strongly suggests that the attackers received only a limited number of records from sources on the Internet,” said Sgt. Kim Riley, public affairs director for the Florida Chief Financial Officer’s Office.

Some evidence shows that some of the attacks in this attack occurred as far back as 2013 and 2014. The data was compiled from various fields from spreadsheets, databases and other sources. Some of the documents appear to have been stripped of personally identifiable information (PII) but there was enough left within the download to run a search for others. The database appears to have at least 100GB of information in it with multiple table columns containing the words “password”, “pass” or “admin” in them. The dump also contains several files that are encrypted with no decryption key available.

Security researchers who have reviewed the data believe it to be mostly real and has the potential to affect a large number of people. The information contained within this dataset could be used for identity theft, extortion, social engineering, and more as there is a lot of sensitive data leaked from government officials in here. Some believe there may be some information coming out that could damage the careers of several police officers and informants nationwide as well.

Interested in reading about other data leaks? Facebook Users’ Personal Data Leaked Online discusses a recent data leak dealing with one of the largest social media sites, Facebook.

Liquid Video Technologies Logo, zero trust, Security, Video Surveillance, Greenville South Carolina, cybersecurity, data leaked

If you would like liquidvideotechnologies.com to discuss developing your Home Security System, Networking, Access ControlFire, IT consultant, or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.