Cyber Incident Victim: United States Department of Justice
Date:
Jun 2020
Location:
United States of America
Summary
A hacktivist group operating under the Anonymous banner stole and leaked a massive trove of law enforcement data, subsequently published by Distributed Denial of Secrets (DDOSecrets). The breach involved 269 gigabytes of internal documents, communications, and multimedia files from over 200 federal, state, and local agencies, primarily sourced from fusion centers via a compromised web development firm. Leaked materials exposed sensitive operational details, including FBI monitoring of protest-related social media activity, tracking of cryptocurrency donations to activist groups, and internal warnings about white supremacists impersonating Antifa. While DDOSecrets redacted some personally identifiable information and victim data prior to release, the published files contained financial records and officer identities, justified as serving public interest through transparency about police practices. The incident marked Anonymous' most significant U.S. action in years, echoing prior hacktivist operations targeting law enforcement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 19, 2020, the activist group Distributed Denial of Secrets (DDOSecrets) published a 269-gigabyte data trove containing over a million law enforcement files, including emails, audio, video, and intelligence documents. The data originated from a hack of Netsential, a web development firm that hosted information for US law enforcement agencies, as confirmed by a National Fusion Center Association memo. DDOSecrets attributed the source to an individual claiming affiliation with Anonymous, though the decentralized nature of the group made verification impossible. The leaked data spanned more than 200 federal, state, and local agencies, with significant contributions from regional intelligence fusion centers such as the Missouri Information Analysis Center, Northern California Regional Intelligence Center, and Austin Regional Intelligence Center. FBI-associated entities like Infragard and FBI Academy alumni associations were also impacted. DDOSecrets spent a week redacting sensitive material related to crime victims, children, healthcare, and veterans before release but intentionally retained police officers' personally identifiable information and financial data, arguing public interest justified its disclosure.
The leak, branded #BlueLeaks on social media, exposed extensive law enforcement monitoring activities during the 2020 George Floyd protests. Documents revealed FBI tracking of protesters' social media accounts and Bitcoin donations to activist groups, alongside internal warnings about white supremacists impersonating Antifa to incite violence. The National Fusion Center Association warned that unredacted files contained bank account details, criminal suspect images, and operational intelligence, posing risks beyond reputational damage. DDOSecrets acknowledged potential oversights in data scrubbing due to the dataset's size but defended publication as a means to enable public scrutiny of police conduct. The action drew parallels to prior Anonymous operations, particularly Jeremy Hammond's 2011 law enforcement hacks, with Hammond's supporters promoting the leak during his imprisonment. While no direct containment efforts were described, the publication triggered widespread analysis by activists and journalists examining agency responses to COVID-19 and racial justice protests.