Posted on July 16, 2020 at 1:49 PM
The US government discovered that it had an information-sharing problem after failing to stop the 2011 September 11 attack. Federal, local, and state law enforcement agencies were equipped with separate surveillance databases that could have prevented the attack. However, they were unable to communicate the information and share it with each other.
As a result, the USA congress directed the newly established Department of Homeland Security to set up a fashion center where information can be shared among the agencies.
The centers were to collaborate with federal agencies such as FBI sand DHS, as well as local and police departments.
But in 2012, the Senate discovered that the fusion centers had not produced enough intelligence to offer support for federal counterterrorism efforts.
269 Gigabytes of law enforcement agency data exposed.
Last month, 269 gigabytes of law enforcement data were published by the transparency collective, DDoSecrets on its website.
The published data was retrieved from 251 different law enforcement by the hacking group commonly known as Anonymous. As the report revealed, the data was stolen from websites of fusion centers, which included those listed on the DHS website.
After the publication of the stolen data, Twitter suspended DDoSecret’s Twitter account indefinitely and cited that the account went against its policy against publishing hacked material. The social media giant also went ahead to block all links coming to the DDoS secret website, falsely telling users the site contains malicious content.
But the action of Twitter on the DDoSecret Twitter account is a random one since some other similar accounts have been left functional. For instance, WikiLeaks has published a series of hacked materials but the website and its Twitter account is still accessible.
Stolen data includes Netsential’s data
The stolen data includes a huge amount of law enforcement documents. Most of them date back to 2007 with some as recent as last month, which includes some data collected during the George Floyd protest.
The data also includes the Netsential’s custom CMS source code.
“Netsential can confirm its web servers were recently compromised,” The firm revealed in a statement. Netsential said its seriously collaborating with law enforcement agencies concerning the infiltration.
The company also said it has beefed up the security infrastructure to prevent future attacks on the servers. Netsential said it will not provide any further information about the breach, as the investigation is still ongoing.
Founder and Chief Executive Officer of Policing Equity, Philip Atiba Goff, commented on the hacking incident. He said the recent data breach is a big blow for law enforcement, especially from a PR perspective. He said law enforcement agencies should be a fortress against hacking incidents because of the nature of the organizations.
Center for Policing Equity is an organization that utilizes data science to fight racial inequity in U.S. police departments.
700,000 Law Enforcement Officers Exposed
Most of the users of the hacked websites are law enforcement officers, and the CMS portal of Netsential stores a huge number of personal information on each account.
Some details in the hacked data include the full name of the police officer, email address, rank, phone number, home address, a password hash, and the IP address from where the account was created.
Although the users’ passwords were not included in the breach, hashed passwords can be used to get the main password. This is possible when the original password is leaked. With the potential huge list of weak passwords within the account, the hackers can have a field day cracking the accounts and exposing the users even further.
But the most worrying thing is the fact that the BlueLeaks data contains similar information from 137 different websites. Some of the sites may have lesser information or lesser details of users than others.
One of the biggest databases is from the counterdrug training program website of the National Guard, as over 200,000 accounts were exposed.