BlueLeaks

BlueLeaks, sometimes referred to by the Twitter hashtag #BlueLeaks, refers to 269.21 gibibytes of internal U.S. law enforcement data obtained by the hacker collective Anonymous and released on June 19, 2020, by the activist group Distributed Denial of Secrets, which called it the "largest published hack of American law enforcement agencies".

The data — internal intelligence, bulletins, emails, and reports — was produced between August 1996 and June 2020 by more than 200 law enforcement agencies, which provided it to fusion centers. It was obtained through a security breach of Netsential, a web developer that works with fusion centers and law enforcement.

The leaks were released at hunter.ddosecrets.com and announced on the @DDoSecrets Twitter account. The account was banned shortly after for "dissemination of hacked materials" and "information that could have put individuals at risk of real-world harm." Wired reported that Distributed Denial of Secrets attempted to remove sensitive information from the data before publication. National Fusion Center Association (NFCA) officials confirmed the authenticity of the data, according to documents obtained by security journalist Brian Krebs; the organization warned its members that hackers may use the leaked information to target them.

Background
The Blue Leaks data comes largely from the intelligence gathered by fusion centers. After the September 11 attacks, the United States government sought to improve communication between different levels of law enforcement to better discover and prevent terrorist attacks. They encouraged state and local governments to create fusion centers: physical locations where representatives of different law enforcement agencies share and collectively analyze intelligence before distributing reports back to their respective agencies. Fusion centers have since begun working with private data brokers with little public oversight.

Fusion centers have been criticized as privacy-invading, ineffective, and targeted at political groups. In 2012, the Senate Permanent Subcommittee on Investigations found that over the 13 months of review, fusion centers did not contribute to the identification or prevention of a terrorist plot, and that of the 386 unclassified fusion center reports it reviewed, three-quarters had no connection to terrorism at all. In 2008, the Department of Homeland Security identified a number of privacy-related concerns created by fusion centers. The department noted that the excessive secrecy of fusion centers led to comparisons with COINTELPRO, and that fusion center reports sometimes distribute inaccurate or incomplete information. The 2012 Senate report points to a report issued by an Illinois fusion center in 2011. The report wrongly claimed that Russian hackers were to blame for a broken water pump, and despite the Department of Homeland Security publicly stating the report was false, its Office of Intelligence and Analysis included the claims in its report to Congress.

After the murder of George Floyd and other instances of police violence in 2020, law enforcement in the United States came under renewed scrutiny. In early June, the hacker collective Anonymous announced its intent to expose police misconduct. The collective did high-profile hacks in the 2000s and early 2010s. In 2011, Antisec, a subgroup of Anonymous, released law enforcement information in support of Occupy Wall Street protestors, but the collective had few significant operations within the United States since then.

Findings
The BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. More than one million documents were leaked from law enforcement fusion centers. In leaked documents, officers track individual, group, and event pages with protest or anti-law enforcement rhetoric. Some of the documents contain material related to the attitudes of law enforcement and their response to the Black Lives Matter movement, George Floyd protests, and COVID-19 pandemic.

During the George Floyd protests, law enforcement agencies monitored protesters' communications over social media and messaging apps. Reports leaked found that the police were aware of the potential for their surveillance to violate the Constitution. They distributed documents to police filled with rumors and warnings that the protests would become violent, sparking fear among police officers.

The documents also show a much broader trend of surveillance. They show details about the data that police can obtain from social media sites including Facebook, Twitter, TikTok, Reddit and Tumblr, among others. Fusion centers also collect and distribute detailed data from automatic license plate readers.

Surveys from law enforcement training programs reveal that some instructors were prejudiced and unprofessional. Classes taught biased, outdated, and incorrect content. Some contain sexual content unrelated to the class, and there was one report of an instructor admitting to lying in court frequently.

In Maine, legislators took interest in BlueLeaks thanks to details about the Maine Information and Analysis Center, which is under investigation. The leaks showed the fusion center was spying on and keeping records on people who had been legally protesting or had been "suspicious" but committed no crime.

Documents also contain reports about other countries from the Department of Homeland Security, U.S. Department of State and other agencies. Officials discussed cyber attacks from Iran and concerns about further attacks in early 2020. Another report discusses possible Chinese espionage at natural gas facilities. Homeland Security also discussed Russian interference with American elections, attempts to hack the 2020 census, and manipulation of social media discussion.

Google's CyberCrime Investigation Group
On August 21, The Guardian revealed, based on the leaked documents, the existence of Google's "CyberCrime Investigation Group" (CIG). The group focused on voluntarily forwarding detailed information of Google, YouTube, and Gmail users, among other products, to members of the Northern California Regional Intelligence, a counter-terrorist fusion center, for content threatening violence or otherwise expressing extremist views, often associated with the far right. The company has also been said to report users who appeared to be in mental distress, indicating suicidal thoughts or intent to commit self-harm.

One way Google identified its users in order to report them to law enforcement was by cross-referencing different Gmail accounts, which eventually led them to a single Android phone. In some cases, the company did not ban the users they reported to the authorities, and some were said to still have accounts on YouTube, Gmail, and other services.

Response
Shortly after the leaks were released, on June 23, Twitter permanently banned DDoSecrets's Twitter account for distributing hacked materials. Twitter also censored all links to the DDoSecrets website.

German authorities seized a server used by DDoSecrets at the request of U.S. authorities. The server had hosted the BlueLeaks files, but the documents remained available for download through BitTorrent and other websites.

Reddit banned r/BlueLeaks, a community created to discuss BlueLeaks, claiming they had posted personal information.

There is a federal investigation relating to BlueLeaks. Various Freedom of Information Act requests filed about BlueLeaks and DDoSecrets were rejected due to an ongoing federal investigation. Homeland Security Investigations has questioned at least one person, seeking information about BlueLeaks, DDoSecrets, and one of its founders, Emma Best.

The editor for The Intercept described BlueLeaks as the law enforcement equivalent to the Pentagon Papers.