Hackers with the Babuk Locker ransomware gang claim to have stolen 250GB of sensitive internal documents belonging to the Metropolitan Police Department in Washington, DC, and are now extorting the public agency for an unknown sum of money.
The stolen documents that the cybercriminals are now threatening to publish include intelligence on urban gang activity, local police informants, disciplinary files on the MPD’s own officers, and what appears to be information on the agency’s response to the violent Jan. 6 Capitol riot.
Screenshots of some of the data were posted on the gang’s dark web “leak site” on Monday afternoon, in an effort to goad police into complying with their demands.
Babuk, which is a relatively new ransomware gang, has been referred to as a “Big Game Hunter” for its strategy of targeting prominent institutions to secure bigger payouts. As part of its extortion strategy against MPD, the gang is currently threatening to expose government informants embedded within local criminal networks if their ransom request is not met in a period of three days. On its site, hackers wrote in broken English that it was “0 day” for its victims:
We have downloaded a sufficient amount of information from your internal networks, and we advise you to contact us as soon as possible, to prevent leakage, if no response is received within 3 days, we will start to contact gangs in order to drain the informants, we will continue to attack the state sector of the usa, fbi csa, we find 0 day before you, even larger attacks await you soon..
When questioned about the incident by email, an MPD spokesperson confirmed that the police department had been hacked. “We are aware of unauthorized access on our server. While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter,” said Sean Hickman, a public information officer.
There’s a lot going on in the screenshots posted by the hackers, and you could definitely see how these documents, if authentic, would prove problematic, were they released. Some of this includes:
- A section of files that are dated close to the period directly after the Jan. 6 insurrection. Multiple files reference some sort of law enforcement operation, dubbed “Operation Stormbreaker,” including a “Target chart” and a “Target list.” Another Word document is simply titled “FBI Arrests as of morning of 1-13-2021.”
- A wealth of documents that reference intelligence work related to local gang activity in the metro area. File folders with titles like “STREET GANGS,” “Latino Gangs,” “Gang Conflict Report,” “BLOODS,” and one entitled “BEEFS - CONFLICTS,” are included. One is labeled “District Intelligence Officers Program,” which, according to one member’s LinkedIn profile, focuses on “street level criminal intelligence and public safety information aggregation.”
- Other files seem like weird, perfect easter eggs for internet paranoiacs. Probably most intriguing for the tinfoil hat crowd is one folder simply labeled “Comet Conspiracy.” One can’t help but be reminded of the “Pizzagate” conspiracy theory, the central premise of which was that devil-worshipping sex traffickers worked out of the nonexistent basement of a DC-based pizzeria, Comet Ping Pong (commonly called “Comet Pizza”).
- There is also a significant list of files that appear to be disciplinary dossiers on metro police officers—including full names.
The police are certainly in a tough position. Paying off cybercriminal gangs is generally not something that law enforcement agencies are supposed to do. On the other hand, if they don’t pay, and these documents are published (and if they are legitimate), they have the potential to create all sorts of chaos. It would be particularly bad for the agency to get dozens of officer disciplinary files leaked all over the internet, given the politically explosive nature of policing in America right now. Similarly, the threat of outing police informants poses a slew of problems for MPD—and may push ransomware extortion strategies into uncharted territory.