Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Germany Seizes Server Hosting Pilfered U.S. Police Files

At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last month.

At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last month.

The server was being used by a WikiLeaks-like data transparency collective called Distributed Denial of Secrets to share documents — many tagged “For Official Use Only” — that shed light on U.S. police practices.

The data, dating back to 1996, include emails, audio and video files and police and FBI intelligence reports. DDoSecrets founder Emma Best said the data, dubbed “BlueLeaks,” comes from more than 200 agencies. It has been stripped of references to sexual assault cases and references to children but names, phone numbers and emails of police officers were not redacted, said Best, who uses they/their pronouns.

Best said that DDoSecrets obtained the data from an outside individual who sympathized with nationwide protests against police killings of unarmed Black people. Some of the files offer insights into the police response to those protests, they said.

While hacking into computers and stealing data is a federal crime, U.S. courts have consistently ruled that journalists may publish stolen documents as long as they are not involved in their theft. DDoSecrets says it is a journalistic organization that shares documents in the public interest, as WikiLeaks did before being exploited by Russian agents to influence the 2016 U.S. presidential campaign.

The documents came to light via a breach of Houston web-design company Netsential, which hosts portals for law enforcement agencies and “fusion centers,” state-run operations created after the 9/11 attacks to share threat intelligence with local and state police and private-sector partners.

The prosecutor’s office in Zwickau, a German city near the Czech border, said in an emailed statement Wednesday that the server was confiscated July 3 in the town of Falkenstein following a request from U.S. authorities.

The FBI declined to comment. A U.S. Embassy spokesperson in Berlin did not respond to phone calls and emails seeking comment.

Advertisement. Scroll to continue reading.

The Zwickau prosecutors’ statement said it would be up to German judicial authorities to decide whether to hand the server over to U.S. authorities. It said it would not disclose the reason for the U.S. request. Neither would a representative of Hetzner Online, the company that hosted the server.

Best said they assume the seizure was related to the posting of the BlueLeaks documents. They said the files show “a lot of things that are entirely legal and normal and horrifying,” including police surveillance and police intelligence of dubious origin. Best said none were classified.

The document dump helps expose “the United States’ overdeveloped police intelligence apparatus,” said Brendan McQuade, a criminology professor at the University of Southern Maine who has viewed the documents. The files do not include high-level intelligence but provide a window into the relationship between law enforcement at all levels, he said — one that he believes the FBI doesn’t want the public to see lest it ”add more fuel to the protests” against police brutality and racism in policing.

Best said the files remain publicly accessible through more complicated means such as BitTorrent and the Tor network, both of which complicate censorship efforts. Best said the organization is now rebuilding its infrastructure for public access. “All they cost us is time,” they said.

Shortly after DDoSecrets posted the data, Twitter permanently suspended the organization’s account for publishing links and images from the collection, citing a ban on the posting of hacked material.

One U.S. law enforcement agency affected by the breach is the Iowa Law Enforcement Academy. Its director, Judy Bradshaw, told The Associated Press the breach revealed names of students in academy courses and their drivers licenses, but no financial information.

She said Netsential had scores of clients in law enforcement, where it was a strong niche provider. Netsential itself confirmed the breach in an undated statement on its bare-bones website and said it was assisting the investigation but would provide no further information “due to the sensitivity of client information.”

Executives of the National Fusion Centers Association did not respond to emails and phone calls seeking comment on whether any sensitive investigations may have been compromised by the breach. But Maine State Police said in a statement on June 26 that the FBI was investigating and that affected bulletins may “contain identifying information, such as full name and date of birth of people under investigation by other law enforcement agencies.” It said they “may also involve individuals wanted for criminal activity.”

DDoSecrets was created in late 2018 by Best, a journalist specializing in freedom-of-information petitions. It has worked on various investigations with established media organizations including the German newsmagazine Der Spiegel and the U.S. news organization McClatchy.

Previous DDoSecrets releases include data on offshore Bahamas accounts used as tax havens, files hacked from Chilean police and data from a British provider of offshore financial services that has drawn comparisons, on a smaller scale, to the 2016 Panama Papers leak.

Related: Twitter Suspends Account of Organization Behind Police Leaks

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.