[BreachExchange] German authorities seize 'BlueLeaks' server that hosted data on US cops

Mon Jul 13 10:08:43 EDT 2020

https://www.zdnet.com/article/german-authorities-seize-blueleaks-server-that-hosted-data-on-us-cops/

German authorities have seized today a web server that hosted
BlueLeaks, a website that provided access to internal documents stolen
from US police departments.

The server belonged to DDoSecrets (Distributed Denial of Secrets), an
activist group that published the files last month, in mid-June.

The server seizure was announced today by investigative journalist
Emma Best, one of the DDoSecrets public figureheads.

"We have received official confirmation that #DDoSecrets' primary
public download server was seized by German authorities (Department of
Public Prosecution Zwickau file number AZ 210 AR 396/20)," Best wrote
on Twitter today.

"The server was used ONLY to distribute data to the public. It had no
contact with sources and was involved in nothing more than
enlightening the public through journalistic publishing," she added.

We don't have the seizure order ATM. Just this:
https://t.co/Ju45LlcJHG pic.twitter.com/uUHYElcret

— Emma Best 🏳️‍🌈🏴 (Mx. Yzptlk) (@NatSecGeek) July 7, 2020

Following today's action, the BlueLeaks portal is now currently down.

The website was active since June 19, when DDoSecrets published more
than 269 GB of data containing more than one million files.

DDoSecrets said it received the files from the Anonymous hacker
collective. The files included scanned documents, videos, emails,
audio files, training materials, private law enforcement alerts, and
more, and are believed to contain data from more than 200 US police
departments and law enforcement fusion centers.

The BlueLeaks data is believed to have been stolen from a Houston
company that provided web hosting services to US law enforcement
agencies.

Four days after the BlueLeaks data was published, Twitter intervened
and imposed a permanent ban the official DDoSecrets Twitter account,
which the organization was using to promote the BlueLeaks portal.

Twitter said the account violated its platform policies regarding the
sharing of links to private data and hacked materials. Along with the
ban, Twitter also started blocking users from posting links to the
BlueLeaks website.

In an interview with Wired, Best admitted that the DDoSecrets team
might have missed sanitizing or removing files containing sensitive
information.

US authorities said last month they were looking into the BlueLeaks
security breach, but they never confirmed an official investigation,
as per policy. It is currently unclear if German authorities acted at
the request of their US colleagues; however, it is highly likely that
they did.

The Zwickau Department of Public Prosecution did not return a request
for comment sent after working hours. Best was not immediately
available for comment.