Micah Lee

Twitter Thread: The BlueLeaks hack of 251 law enforcement websites exposes personal data of over 700,000 cops

Posted July 15, 2020 in twitter-threads

Background: This is an archived Twitter thread. For more information, read: Elon banned me from Twitter for doing journalism. Good riddance.

Original URL of Twitter thread: https://twitter.com/micahflee/status/1283418665212211200

The BlueLeaks hack of 251 law enforcement websites exposes personal data of over 700,000 cops. Here is my analysis of the massive 269gb data set https://theintercept.com/2020/07/15/blueleaks-anonymous-ddos-law-enforcement-hack/

Posted 8:10 AM · Jul 15, 2020, 558 Retweets, 1,068 Likes

The hacked websites were built and hosted by Texas web development firm Netsentiel. They're written in ASPNET/VBScript and running on Windows servers. They all run the same custom, insecure CMS, which is likely why they all got hacked with their data exfiltrated

Posted 8:14 AM · Jul 15, 2020, 29 Retweets, 155 Likes

The hacked websites are mostly for "fusion centers" designed to share intelligence between feds and state and local cops. Many are devoted specifically to protecting oil companies, banks, and other industry

Posted 8:16 AM · Jul 15, 2020, 54 Retweets, 167 Likes

Here is an anecdote I discovered in the data, among hundreds of thousands of others. A week after George Floyd's murder, a student in Oregon contacted law firms asking for consent to add them to a list of pro bono legal resources for protesters

Posted 8:24 AM · Jul 15, 2020, 148 Retweets, 393 Likes

A Bay Area lawyer who received this message was pissed. He mailed this anonymous, unhinged, all-caps rant to the Marin County DA -- "CANNOT RISK THIS PIECE OF SHIT ANTIFA [...] FILING A BAR COMPLAINT AGAINST ME". He ended it with "HAPPY HUNTING"

Posted 8:24 AM · Jul 15, 2020, 96 Retweets, 371 Likes

An investigator at the DA's office must have thought that this was useful intelligence. She uploaded a scan of the letter to the Northern California Regional Intelligence Center (one of the hacked fusion centers) as a "Suspicious Activity Report"

Posted 8:24 AM · Jul 15, 2020, 39 Retweets, 282 Likes

Under category she put "Radicalization/Extremism", and under Subject she put the Oregon student's name, writing that the student "appears to be a member of the Antifa group and is assisting in planning protesting efforts in the Bay Area despite living in Oregon"

Posted 8:24 AM · Jul 15, 2020, 46 Retweets, 303 Likes

The unhinged Bay Area lawyer apparently isn't suspected of radicalization/extremism (even though he's clearly a right-wing extremist), but the polite college student is.

The return address on the envelope is the SF DA's office -- we couldn't confirm if the lawyer works with them

Posted 8:26 AM · Jul 15, 2020, 76 Retweets, 523 Likes

Micah Lee is a security engineer, software developer, and a journalist. He's the author of Hacks, Leaks, and Revelations. Read more →

Buy Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data

Creative Commons License

Unless otherwise specified, blog posts are licensed under Creative Commons Attribution-NonCommercial. You are free to share and adapt this content, but you must give me credit, you can't use it for commercial purposes, and if you make adaptations (like a translation), you must make it clear that it has been modified.

Subscribe to feed