Hacktivists leak US police data.
A leak site known as "Distributed Denial of Secrets" (DDoSecrets) has published nearly 270 gigabytes of data stolen from US police departments, fusion centers, and other law enforcement support entities, KrebsOnSecurity reports. The files in the leak were compiled between August 1996 and June 19th, 2020. Krebs cites an internal alert from the National Fusion Center Association (NFCA) which states, "Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports."
The files were apparently leaked after a hacker gained access to a user account at Netsential, a web development contractor widely used by state fusion centers and other government agencies. According to the NFCA, "Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data." This seems to indicate that the attacker exploited a vulnerability in Netsential's platform, although the company hasn't commented.
Twitter told ZDNet that the social network has permanently banned DDoSecrets' account for violating Twitter's policy against distribution of hacked material. According to Wired, the leakers' intent was to expose "legal but controversial" police conduct, but some observers point out that the data trove probably contains a great deal that will be of interest to organized crime, including information about witnesses, suspects, and victims. DDoSecrets' co-founder Emma Best told Wired that they spent a week redacting sensitive information about crime victims and children, but she admitted, "Due to the size of the dataset, we probably missed things."