BlueLeaks: Distributed Denial of Secrets 269gb collection of police data
June 23, 2020 9:08 PM Subscribe
On June 19, 2020, Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks (Columbia Journalism Review) that publishes caches of previously secret data, released a partially scrubbed 269 gigabytes of data obtained from a security breach at Netsential (Krebs on Security), a Houston-based web development firm. Over the weekend, critics of police abuse took to social media to celebrate the leak and display documents that purportedly came from it (ArsTechnica), using the #BlueLeaks hashtag on Twitter.
Hack Brief: Anonymous Stole and Leaked a Megatrove of Police Documents -- The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. (Wired)
PC Mag notes that in March 2019, Twitter introduced rules forbidding users from posting files taken in a computer hack, which appears to be its justification from blocking users from sharing the links to the website hosting the dumped police files. Users who do will see an error with a warning that says the link has been identified as being "potentially harmful."
Hack Brief: Anonymous Stole and Leaked a Megatrove of Police Documents -- The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. (Wired)
DDOSecrets notes that none of the files appear to be classified, and Best concedes that they may not show illegal behavior on the part of police. But the group argues that the documents instead reveal legal but controversial practices, as well as the tone of police discussions around groups like Antifa—for instance, describing white nationalists like Richard Spencer as anti-Antifa, rather than acknowledging that Antifa expressly opposes groups like those who follow Spencer.Emma Best (Twitter) is the founder and public face of DDoSecrets, doubly so now that as reported by Gizmodo, Twitter confirmed on Tuesday night that it had permanently banned the account of Distributed Denial of Secrets.
"The underlying attitudes of law enforcement is one of the things I think BlueLeaks documents really well," Best writes. "I've seen a few comments about it being unlikely to uncover gross police misconduct, but I think those somewhat miss the point, or at least equate police misconduct solely with illegal behavior. Part of what a lot of the current protests are about is what police do and have done legally."
[...]
For those organizations and their members and employees, the effects could in some cases amount to more than mere embarrassment. The NFCA memo obtained by Krebs on Security warns that leaked files include "highly sensitive information" such as bank account routing numbers and other personally identifiable information, as well as images of criminal suspects. DDOSecrets' Best says that the group spent a week prior to publication, however, scrubbing the files for especially sensitive data about crime victims and children, as well as information about unrelated private businesses, health care, and retired veterans' associations.
"Due to the size of the dataset, we probably missed things," Best concedes. "I wish we could have done more, but I'm pleased with what we did and that we continue to learn." Best adds that the group pruned more than 50 gigabytes of data out of the files before publication out of what they describe as an abundance of caution, and will continue to scour that data for anything in the public interest that the group may publish later.
Best notes, however, that DDOSecrets published the financial information knowingly, arguing that it could be correlated with other information to further expose police behavior in ways that serve the public interest. "The potential of the data, especially in the long run and when correlated with other datasets, outweighs any downsides to allowing the public to examine it," Best argues.
They also have no qualms about publishing the personally identifiable information of police officers. "The public has an interest in the identities of public servants," they write.
PC Mag notes that in March 2019, Twitter introduced rules forbidding users from posting files taken in a computer hack, which appears to be its justification from blocking users from sharing the links to the website hosting the dumped police files. Users who do will see an error with a warning that says the link has been identified as being "potentially harmful."
PC Mag notes that in March 2019, Twitter introduced rules forbidding users from posting files taken in a computer hack, which appears to be its justification from blocking users from sharing the links to the website hosting the dumped police files.
Meanwhile, Wikileaks and every media organisation that participated in or linked to their release of materials taken from a computer hack are still there. Wikileaks' last tweet linking to the hacked cables was three days ago, which is well after the 2019 ban.
Once again we see that selectively applied "rules" are just a harassment tool. If it isn't consistent, it isn't a rule.
posted by Dysk at 9:39 PM on June 23, 2020 [40 favorites]
Meanwhile, Wikileaks and every media organisation that participated in or linked to their release of materials taken from a computer hack are still there. Wikileaks' last tweet linking to the hacked cables was three days ago, which is well after the 2019 ban.
Once again we see that selectively applied "rules" are just a harassment tool. If it isn't consistent, it isn't a rule.
posted by Dysk at 9:39 PM on June 23, 2020 [40 favorites]
Yeah, there will undoubtedly be harm done as a result of these leaks; a small org will simply fail at redacting this much data. A less harmful path to take would be to leak this to media orgs that will scour it for stories and only publish stuff they deem newsworthy. A minus to that approach is you are literally appointing the newspapers to be gatekeepers of this information; some of which may be averse to risk.
I hope that newsrooms across the country are working overtime to develop stories from this data; I'm sure there are plenty.
It certainly sounds as if this data was stores in a *very* insecure manner, and it would surprise me if foreign adversaries didn't already have this.
It's possible that activists will up their opsec (operational security) game as a result of these leaks; if that happens it's possible this will reduce the harm (done to activists that are engaging in constitutionally protected activities).
I'm glad folks aren't submitting this stuff to Wikileaks anymore though.
posted by el io at 9:49 PM on June 23, 2020 [7 favorites]
I hope that newsrooms across the country are working overtime to develop stories from this data; I'm sure there are plenty.
It certainly sounds as if this data was stores in a *very* insecure manner, and it would surprise me if foreign adversaries didn't already have this.
It's possible that activists will up their opsec (operational security) game as a result of these leaks; if that happens it's possible this will reduce the harm (done to activists that are engaging in constitutionally protected activities).
I'm glad folks aren't submitting this stuff to Wikileaks anymore though.
posted by el io at 9:49 PM on June 23, 2020 [7 favorites]
My default assumption in these things is to assume that if some anonymous hackavist, Edward Snowden or Chelsea Manning like insider leaks it; then this data was already long since compromised by those with more nefarious motives.
posted by interogative mood at 10:15 PM on June 23, 2020
posted by interogative mood at 10:15 PM on June 23, 2020
I honestly can't tell if I've slid over into "water fluoridation is a communist plot to undermine America" levels of paranoia or not, but every time I hear about an infodump release like this - particularly when it's exceedingly topical - I wonder if it's being released by malicious actors (sponsored by nation-state actors or not) attempting to inflame existing divisions in society and intentionally sow chaos.
posted by rmd1023 at 4:35 AM on June 24, 2020
posted by rmd1023 at 4:35 AM on June 24, 2020
rmd1023, that's definitely a possibility, and as NoxAeternum noted, there's the potential that victims could be re-targeted. But as latkes noted, protesters are using this data to actively call out and identify how many complaints there are against individual police.
I'm definitely torn on this. As el io suggested, a safer and cleaner route would be to work with journalists to provide this data, as to prevent personally identifying information (PII) from becoming public, but would protesters be able to query complaints against police like they are now? I don't think that's sufficient justification for this kind of hasty data dump. My ideal path would be to work with an outfit like ProPublica and/or police accountability groups.
As it stands, it looks like most of the coverage of this leaked data is from technology-focused publications/ sites, which implies that there's not much data-diving yet, or other media outlets are looking into the data and what they can share, before they do publish anything.
posted by filthy light thief at 8:05 AM on June 24, 2020 [1 favorite]
I'm definitely torn on this. As el io suggested, a safer and cleaner route would be to work with journalists to provide this data, as to prevent personally identifying information (PII) from becoming public, but would protesters be able to query complaints against police like they are now? I don't think that's sufficient justification for this kind of hasty data dump. My ideal path would be to work with an outfit like ProPublica and/or police accountability groups.
As it stands, it looks like most of the coverage of this leaked data is from technology-focused publications/ sites, which implies that there's not much data-diving yet, or other media outlets are looking into the data and what they can share, before they do publish anything.
posted by filthy light thief at 8:05 AM on June 24, 2020 [1 favorite]
Oh yeah, not saying the (non-PII) data shouldn't be public - it should be, and I absolutely support the transparency of being able to see what is being done in our communities with our tax dollars and in our name. And so far, the data doesn't seem to be getting hyped in full on "but her emails" levels of state-sponsored trolling, so I think it's probably not being done by IRA or other Russian-linked groups. It's just the fact that I end up even seriously considering this makes me wonder if I'm falling into some parallel to QAnon or if I'm actually being reasonably cautious and appropriately cynical.
posted by rmd1023 at 9:33 AM on June 24, 2020 [1 favorite]
posted by rmd1023 at 9:33 AM on June 24, 2020 [1 favorite]
The link latkes posted is solid freaking gold and if you sleep on it, you will be missing one of the best parts of being alive today. It happened in Chicago and it's basically got a lot of us here cheering, hooting, fist pumping, etc. all damn day.
posted by DirtyOldTown at 10:01 AM on June 24, 2020 [10 favorites]
posted by DirtyOldTown at 10:01 AM on June 24, 2020 [10 favorites]
I am 100% for shining a light on bad cops by any means necessary (while also protecting victims). They should be afraid to walk down the street and their past should follow them around like a sex offender registry. I would also be okay with police getting proper training, being held accountable for their actions and going to jail if they do commit crimes.
posted by snofoam at 4:20 PM on June 24, 2020 [2 favorites]
posted by snofoam at 4:20 PM on June 24, 2020 [2 favorites]
I am 100% for shining a light on bad cops by any means necessary (while also protecting victims). They should be afraid to walk down the street and their past should follow them around like a sex offender registry. I would also be okay with police getting proper training, being held accountable for their actions and going to jail if they do commit crimes.
That's the problem with hero worship. The officers abuse the public trust. They violate an oath when they commit brutality. Why the hell isn't that an enhancement on a charge instead of a reason to let them off altogether? Because cops are "heroes".
posted by Your Childhood Pet Rock at 4:31 PM on June 24, 2020 [1 favorite]
That's the problem with hero worship. The officers abuse the public trust. They violate an oath when they commit brutality. Why the hell isn't that an enhancement on a charge instead of a reason to let them off altogether? Because cops are "heroes".
posted by Your Childhood Pet Rock at 4:31 PM on June 24, 2020 [1 favorite]
btw do not post any of these links on twitter anymore. they permanently banned the main DDoS account and they are locking any account that posts links to the data, even links in screenshots. it hit a bunch of security oriented accounts very fast. twitter is very quick on the draw and relentless in enforcement.
posted by krinklyfig at 9:16 AM on June 25, 2020
posted by krinklyfig at 9:16 AM on June 25, 2020
oops, i guess it's already in the main post that it was banned. well...
posted by krinklyfig at 9:18 AM on June 25, 2020
posted by krinklyfig at 9:18 AM on June 25, 2020
twitter is very quick on the draw and relentless in enforcement.
Well, they are for this specific issue. I fully expect they're still living down to their reputation for other community related issues.
posted by rmd1023 at 10:56 AM on June 25, 2020 [4 favorites]
Well, they are for this specific issue. I fully expect they're still living down to their reputation for other community related issues.
posted by rmd1023 at 10:56 AM on June 25, 2020 [4 favorites]
Am I missing something? I see a lot of links about the leaked data, but not to the data.
posted by ChrisR at 7:15 AM on June 26, 2020
posted by ChrisR at 7:15 AM on June 26, 2020
"Am I missing something? I see a lot of links about the leaked data, but not to the data."
I suspect that Metafilter's mods wouldn't want a direct link to the data (PII/'doxxing'), but I'm uncertain what exact rules look like these days. Googling: "site:ddosecrets.com blueleaks" will give it to you in the first response though. Site is super-slow as I imagine 10,000 journalists and random interested parties and activists (and law enforcement) are scouring through it now.
posted by el io at 12:03 AM on June 27, 2020
I suspect that Metafilter's mods wouldn't want a direct link to the data (PII/'doxxing'), but I'm uncertain what exact rules look like these days. Googling: "site:ddosecrets.com blueleaks" will give it to you in the first response though. Site is super-slow as I imagine 10,000 journalists and random interested parties and activists (and law enforcement) are scouring through it now.
posted by el io at 12:03 AM on June 27, 2020
Yes, I wasn't comfortable linking to it directly, as a number of articles did not. But it is in the Ars Technica article, which is in the 3rd link in the OP.
posted by filthy light thief at 12:21 PM on June 27, 2020
posted by filthy light thief at 12:21 PM on June 27, 2020
« Older Invoke ̶P̶r̶e̶j̶u̶d̶i̶c̶e̶ | パワハラ防止法 Newer »
This thread has been archived and is closed to new comments
posted by NoxAeternum at 9:38 PM on June 23, 2020 [10 favorites]