Posted on 06/24/2020 7:24:32 PM PDT by gandalftb
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed BlueLeaks and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.
The collection nearly 270 gigabytes in total is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.
The archive indexes ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources, and that among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.
the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.
Additionally, the data dump contains emails and associated attachments, the alert reads. Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.
(Excerpt) Read more at krebsonsecurity.com ...
>> Its always the fault of the coding team.
I suppose you have your reasons for believing that, but you’re factually incorrect.
A careless or malicious administrator could have facilitated the breach. Or an e-mail account was hacked that contained security details about the storage.
Also take into consideration the remote @home work sessions. Maybe someone in management had an Antifa brat at home that decided to browse an active VPN connection.
"Juan Pablo Dávila of Chile, tireless trader of financial futures and former employee of the state-owned company Codelco, for instructing his computer to "buy" when he meant "sell". He subsequently attempted to recoup his losses by making increasingly unprofitable trades that ultimately lost 0.5 percent of Chile's gross national product. Davila's relentless achievement inspired his countrymen to coin a new verb, "davilar", meaning "to botch things up royally".https://en.wikipedia.org/wiki/List_of_Ig_Nobel_Prize_winners
“Also take into consideration the remote @home work sessions. Maybe someone in management had an Antifa brat at home that decided to browse an active VPN connection.”
There’s a vector to be considered...
Tata, Infosys, and other H-1B pimps have no size requirements.
My understanding is that an authorized user was compromised somehow and gave access to a bad actor.
............
Really wasn’t a hack, very short list of suspects, maybe a dozen. Damage is done, the torrent file was loading out last night at a terrific rate, about 10,000% of normal traffic from that site.
...........
These fusion sites grew their databases so fast they had to hire outside admins to manage it. The mistake was that they didn’t compartment and firewall the data at all.
............
Any access is complete access to all 200 police departments.
That will teach them to sanitize their inputs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.