The Washington PostDemocracy Dies in Darkness

Hackers post hundreds of pages of purported internal D.C. police documents

A view D.C. police car.
A view D.C. police car. (Peter Hermann/The Washington Post)

Hackers who infiltrated the D.C. police department’s computer network have posted a trove of purported department documents, including some containing information related to street crews and others with raw intelligence on threats following the Jan. 6 attack on the U.S. Capitol.

The overnight data dump by the group called Babuk apparently came after negotiations with District officials broke down. The group, which made its theft of documents known last month, had already made public some internal files dealing with job candidates.

The group repeatedly threatened to release more data if its demands for money were not met. Among files made public on Thursday are more than three dozen of the police chief’s daily intelligence briefing papers, which are among the most recently dated documents.

“We publish the full data of the police department,” the group’s latest posting reads. In broken syntax, the group indicated that the District made some monetary offer, “but the amount turned out to be too small.” It added, “There is no way back you had very many chances.”

District officials on Thursday declined to comment on any negotiations with the group and have not confirmed the authenticity of the posted documents. City officials previously said they have closed off Babuk’s entry point into the police computer system.

Babuk insinuated that it has posted all the stolen files, titling its missive: “PD last part (all data).” There is no way to verify independently whether that claim is true. Babuk also claimed to have given the tool it used to break into the police computer to other groups.

Cybersecurity experts say that instead of crippling a computer system, such as hackers did Friday to the Colonial Pipeline, shutting down one of the nation’s biggest fuel pipelines, Babuk stole data and held it hostage. The experts warn that paying the ransom provides no guarantee that the hackers will not make new demands or sell the data elsewhere.

It appears the files were chosen at random — a job applicant’s résumé, a map of the locations of sex crimes, PowerPoint presentations on how to dig deep into social media, the use of facial recognition software and “street interview tactics.”

One file contains a decade-old list of homicide victims and statistics from last year’s summer crime-prevention initiative, information readily available to the public.

The stolen files Babuk previously posted include information about more than two dozen officers that was collected when they applied to the force. Those documents contain home addresses, cellphone numbers, financial data, medical histories and many other personal details.

D.C. Police Chief Robert J. Contee III has said those affected directly by the data theft would be contacted individually and offered guidance. “I recognize this is extremely stressful and concerning to our members,” Contee wrote last month in an email to the 3,600-member force.

Greggory Pemberton, the chairman of the police union, said in a statement that “it is incredibly disappointing to see how careless D.C. government officials can be when it comes to protecting such sensitive information,” adding that it appears city leaders are “unable to … be trusted with protecting our data.”

Pemberton said officials need to determine how the breach occurred and how to prevent a recurrence. He called for an investigation by the inspector general into how the District negotiated or dealt with the group, saying it appears talks, if they occurred, were handled “in an amateurish and unsuccessful manner.”

Most problematic for police could be the release of gang files, some of which list suspects not under arrest, identify witnesses to crimes, and schools and students affiliated with street crews. Another list details retaliatory shootings between gangs and maps of their territories.

Hackers threaten to release trove of D.C. police data if ransom demands not met

“Police go to great lengths to protect information” related to gangs and witnesses to crimes, said J. Thomas Manger, the former police chief in Montgomery County, Md., and former head of the Major Cities Chiefs Association. “To have this information get out could be very dangerous for some folks.”

Babuk, which emerged earlier this year, first made contact with the District in late April. The hacking group claimed it had files containing information about gangs and the identities of confidential informants. Babuk posted screenshots of the files, apparently to prove it had broken into an account, but it was not clear whether the group actually had gained access to documents.

Early Thursday, the group posted a password to open a large file that was available for download from its site.

That batch of documents includes unvetted intelligence information provided to Contee in the aftermath of the Jan. 6 assault on the U.S. Capitol by people loyal to then-President Donald Trump.

The documents indicate that police were monitoring potential threats to the Capitol in the run-up to the presidential inauguration and to President Biden’s address to Congress. Those threats did not appear to have manifested themselves in attempted attacks.

Information in the documents about street crews in the District also appear to be recent, with some files dated this year. Files contain lists of crews and people affiliated with them, their criminal histories and crimes that police have linked to alleged crew members.

Other reports list students with crew affiliations, even detailing hallway fistfights involving gang members and how those disputes could carry over to the streets. Many of the documents have mug shots and pictures taken off social media showing people flashing gang signs. One file is called “Running resume” of offenses linked to crews.

Raj Samani, a chief scientist and cybersecurity fellow at Mc­Afee Corp., a computer security company, said in an interview by email that his team has been tracking Babuk since it surfaced this year. He said Babuk operated in the United States, Western Europe and in some countries in Asia, targeting hospitals, libraries, law firms, small businesses and police departments.

Samani said Babuk’s approach to ransomware is the “threat of publishing data as their sole motivator to force victims to pay.”

Hundreds of people stormed the Capitol. Most won’t face hefty prison terms, legal experts say.

Released early after a murder conviction, D.C. man is charged in new homicide

‘Thin blue line’ masks, clothing banned for staff in Maryland district courts