Activists Drop 270GB 'BlueLeaks' File of Internal Police Documents Online

Last Friday, an online group called Distributed Denial of Secrets (DDOSecrets) released a nearly 270-gigabyte data trove called "BlueLeaks." The trove contains more than a decade's worth of "documents, reports, bulletins, guides and more" from "over 200 police departments, fusion centers and other law enforcement training and support resources."

BlueLeaks' content ranges from August 1996 through June 19, 2020, and includes sensitive information such as names, suspect photographs, personal contact details and bank account information within its text, video, spreadsheet and compressed files.

The National Fusion Center Association (NFCA) confirmed the veracity of the leaked documents to security journalist Brian Krebs and said the files were likely downloaded during a security breach at Netsential, a Houston-based web development and hosting firm that maintains data-sharing portals for several state law enforcement agencies.

"Netsential can confirm its web servers were recently compromised," the company wrote in a statement on its website. "We are working with the appropriate law enforcement authorities regarding the breach, and we are fully cooperating with the ongoing investigation."

The company is declining any further comment as an investigation into the breach is ongoing.

According to the tech-news publication Wired, the BlueLeaks documents (which have been published in a searchable format on the DDOSecrets website) reveal that state and federal law enforcement agencies monitor social media posts and track financial transactions involving the recent protests against police brutality.

U.S. police officers BlueLeaks documents
A demonstrator is arrested during a protest against police brutality and the death of George Floyd, on May 31, 2020 in Minneapolis, Minnesota. Scott Olson/Getty

Emma Best, founder of DDOSecrets, told the publication that her group removed 50 gigabytes worth of files from BlueLeaks before releasing it out of "an abundance of caution." Best said DDOSecrets included sensitive financial information in hopes that it might allow the public to expose questionable police behavior in ways that serve the public interest.

"It's the largest leak of US law enforcement data, and because of its nature, it lets people look at policing on the local, state and national levels," Best, told the tech-news website Motherboard. "It shows how law enforcement has reacted to the protests, it shows government handling of COVID, and it shows a lot of things that are entirely legal and normal and horrifying."

Ilia Kolochenko, founder and CEO of the web security company ImmuniWeb, told the tech publication Silicon Angle that he worries the BlueLeaks documents may harm innocent people, such as suspects who were later acquitted, witnesses and investigators who helped convict dangerous criminals.

However, it's not entirely clear whether the BlueLeaks data contains such information. Newsweek reached out to Best for comment. This story will be updated with any response.

On Tuesday, Twitter deactivated the DDoSecrets official account for violating the microblogging platform's "distribution of hacked materials" policy.