An impressive leak due to its volume, and with potentially serious consequences in the United States because of its content. This is how we can summarize the “BlueLeaks”, a set of data and documents weighing nearly 269 gigabytes, published in free access while they come from the inner workings of dozens of police agencies spread all over the territory of the United States.
The data was released on Friday, June 19, the day of the commemoration of the abolition of slavery in the United States. Ceremonies that took place in the very specific context linked to the Black Lives Mater movement and denunciations of police violence against black communities, after the death of George Floyd, in late May.
Collective Distributed Denial of Secrets (DDoSecrets), an organization campaigning for more "transparency", known for having already published different databases – on the model of WikiLeaks, but with different ideological and editorial choices – chose today to publish the "BlueLeaks", in a downloadable version, but also available on a search engine. Its access has since been highly random due to the instability of the website.
Page Contents
One million documents
An internal memo from the National Fusion Center Association (NFCA – the institution that represents the centers for the sharing of judicial information between federal and local agencies in the United States) was consulted by American journalist Brian Krebs, a recognized cybersecurity expert. This note attests to the authenticity of the "BlueLeaks," he said in a June 22 article, while indicating that according to the NFCA, the published police files contain police documents dating back to August 1996.
All this information is suspected to have been stolen from the servers of the company Netsential
The specialist magazine Wired spoke of the presence of a million text, audio and video documents in this dataset, drawn from the archives of nearly two hundred American police agencies working at various levels (local, federal, regional, etc.). All of this information is believed to have been stolen from Netsential’s servers, which host many platforms for exchange between local police and federal agencies.
Five days after the “BlueLeaks” were put online, Netsential, which also claims to count among its clients both large American companies that small businesses and associations, published on the home page of its website a statement confirming that "Its web servers had recently been compromised".
According to Wired, the hacking at the origin of the "BlueLeaks" was, meanwhile, claimed by a person presenting himself under the pseudonym of "Capital A Anonymous" (capital letter A Anonymous), eponymous of the "movement" Anonymous – the famous mobility of "Hackers" who recognize themselves with the symbol of Guy Fawkes' mask, but each of whom can claim to be involved and whose action is not centralized by a common authority.
Information on police practices
The co-founder of DDoSecrets, known under the name of Emma Best, explained to the magazine Wired than the main purpose of these documents is not to reveal illegal actions of the American police, but to inform the public about what the latter are doing "Did and did lawfully", through police reports showing their daily functioning.
A member of the ACLU (a major association for the defense of civil liberties), interviewed by a Maine television station, was therefore concerned, after having consulted these data, about the number of information collected by local and federal police authorities on people issuing "Critical" against government policies.
Initial information from the “BlueLeaks” published by the site The Intercept, which focus on files dated May 27 to June 6, 2020, highlight the police’s recent handling of anti-racism protests in the United States and their gathering of information.
In a document from the Minnesota law enforcement, it says, for example, that a "Federal partner" warns other agencies of possible attacks by"Antifa" using car bombs, with fake license plates; the FBI, for its part, is concerned about messages posted on Facebook by people supposedly close to the bikers of the Hells Angels, seeking to protect their illegal activities while the demonstrations (and the police presence) are becoming more present.
Many personal data
DDoSecrets portal co-founder Emma Best said during her interview with Wired that she and her team spent a week browsing the files " BlueLeaks "to purge personally identifiable information, including that of victims of crime and children. It is for this reason that 50 gigabytes of data transmitted to them by Capital A Anonymous has not been made public. Emma Best admits, however, that"Due to the size of the database" and from the date of publication chosen (June 19), the collective "Probably missed things" before publishing this data.
In the "BlueLeaks", we find a lot of personal data related to the American police personnel.
In all these documents making up the "BlueLeaks", we find a great deal of personal data related to American police personnel, but also to the files in progress concerning other American citizens: addresses, diplomas, declarations, full contact details, photographs … The world was able, for example, to identify, on several occasions, the names and addresses of people who contacted the police for assistance.
Some observers have pointed out the risks inherent in publishing such data: the disclosure of this type of personal information that could expose affected US citizens to online scams based on their personal information. Above all, the data made public can also pose risks for the conduct of ongoing police investigations. Documents, especially the most recent, which can not only give information to criminal organizations or individuals about investigations concerning them, or the methods used in such cases.
Methods that have already been debated
Appeared online in late 2018, the DDoSecret movement stood out a few months later with the publication of "Dark Side of the Kremlin": a compilation of tens of thousands of e-mails, as well as internal documents from the Russian government and separatist groups in eastern Ukraine, which the organization “WikiLeaks” had refused to share on its platform. Emma Best had previously accused the NGO founded by Julian Assange of having sought to destabilize the presidential campaign of Hillary Clinton: DDoSecrets had also published numerous documents against the founder of "WikiLeaks".
DDoSecrets has acquired a bad reputation by hosting files whose public utility is more than questionable
Then, over the months, DDoSecrets, which has aggregated on its site a lot of pirated data already published on other platforms (such as "MacronLeaks"), has acquired a bad reputation by hosting files whose public utility is more than questionable. This was particularly the case with old data from the hacking of the extramarital relationship site Ashley Madison, which had resulted in 2015 to many blackmail, as well as to the suicide of several people, or even those stolen from the dating site Muslim Match.
Due to media criticism, the group of activists had finally resigned themselves to making this type of data available only to journalists and researchers through its website, provided they made a reasoned request. A method which was not retained for these "BlueLeaks".
Moderated links on Twitter
The nature of the information contained in this database has in any case led to its moderation: four days after sharing the download link for "BlueLeaks", the DDoSecrets Twitter account has been permanently closed. In addition, hyperlinks to the DDoSecrets site are now blocked by Twitter and are flagged as potentially harmful.
The social network of Jack Dorsey justified its decision by referring to the conditions of use of the social network, which stipulate that they "Do not allow(ent) not the use of (their) services for directly disseminating content obtained by pirating ». This while, as several Internet users point out, the “WikiLeaks” account is still very present on Twitter despite publications that could be described as similar.
