go to sections menu

Blue Leaks, this is as bad as it gets from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Blue Leaks, this is as bad as it gets

Go to Homepage, contents or to navigation menu

Blue Leaks, this is as bad as it gets

I was doing some reading yesterday and when you see two articles covering one topic, you start to wonder. I was originally going to cover this just as an informational thing from one surce, but when I read the second article, I really started asking myself questions.

The first article in question comes from Cyberscoop. It is entitled: German police seize DDoSecrets server distributing ‘BlueLeaks’ files.

German law enforcement officials have seized a server belonging to an anti-secrecy organization that recently published a trove of data stolen from U.S.
police agencies, the group’s co-founder says.

German authorities’ action against DDoSecrets will “temporarily” affect the group’s distribution of the BlueLeaks documents, Best told CyberScoop. The
files remain available for download.

DDoSecrets follows in the tradition of Anonymous and WikiLeaks, the activist groups that started with the goal of publicizing official information normally
kept secret. Unlike those groups, DDoSecrets has publicly identified some of its members by name, while Best also says the group has taken care to remove
information from its files it deems irrelevant to a larger goal. It also has published files hacked from the Russian government, details about the 2015 Ashley Madison
breach and information about the inner workings of the Cambodian government.

This is just some of what this article goes in to, and why this agency if you call them that, is deciding to publish information about a well covered 2015 breach today is beyond me.

After reading this article, I thought nothing of it, until I came across ‘BlueLeaks’ Exposes Files from Hundreds of Police Departments which made me really think about who these people are.

The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an
alternative to Wikileaks that publishes caches of previously secret data.

DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and
support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

This just made me stop in my tracks! I mainly had to do a double take and ask myself what the motive is.

Here is the kicker which made me just want to throw my telephone right through my door.

KrebsOnSecurity obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), which confirmed the validity of the leaked data.
The NFCA alert noted that the dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents
include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.

24 years of data that was open to someone to just take? What were they thinking come the mid 2010’s when the breaches started? 24 years ago I could see people doing this, leaving files up so they can have access to it. After 2014-15, the shift changed with the leak of Target data, many different health care data, and lots of breaches that have been covered here from 2011 to today when this blog was recreated after our move back then.

Starting in 2015, I’d have thought about pulling these files off the open Internet, and securing them through another service such as Google or Dropbox just to name the two big ones. Of course, I could’ve backed them up using an alternative method, and I could look that up to see what met my needs at that time. I’m sure the landscape of backup services has changed quite a bit, and more services are out there today than there were 10 years ago.

“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain
highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable
information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.”

I don’t know about you, but it is time to train Law Enforcement to change a bit. This isn’t all their fault, they have a lot to do. It seems like there are more incidents today since the stay at home orders were in place, according to scanner traffic you can listen to using various apps. They have no idea about the threat landscape, they have no idea about protecting data, securing servers, or anything else unless those officers are trained in that to do very specific investigations on the Internet.

What do you think, dear readers? We’re talking about the mid 90s when security didn’t much matter and the Internet was still growing.I was moving to a GUI then and using Windows with programs like Internet Explorer or Netscape, and still probably on a dialup connection. Today, this needs to change, and I hope the proper police departments have been notified about this horrific find.I guess we’ll have to wait and see what happens.

Informazioni sull'articolo

Blue Leaks, this is as bad as it gets was released on July 10, 2020 at 10:05 am by tech in article commentary.
Last modified: July 10, 2020.

Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu