BlueLeaks: San Diego fusion center's records hacked, posted online

A massive leak of law enforcement records, called BlueLeaks, is shedding new light on criminal threats targeting San Diego County.

The records included intelligence reports distributed to law enforcement agencies nationwide through taxpayer-funded fusion centers.

The BlueLeaks data dump in June included 269 gigabytes of records taken from some 250 law enforcement agencies, reportedly hacked from insecure servers in Houston.

Dozens of fusion centers had their records breached and published online, said Dave Maass, a senior investigative researcher at the Electronic Frontier Foundation (EFF).

Based in San Francisco, EFF is a non-profit that advocates for privacy in the digital world.

Fusion centers are super-secret intelligence hubs scattered all over the country — including one in Kearny Mesa called the San Diego Law Enforcement Coordination Center (SD-LECC) — created in the wake of 9/11 to fight terrorism. 

We're not necessarily sure who works there. We're not necessarily sure what they're working on.  It's often hard to get records from these agencies, Maass said.

“These are little technology hubs that gather intelligence information, and often coordinate the use of surveillance technology, but often they just issue these intelligence reports about protests and other types of activities, even though they're supposed to be focused on national security issues,” said Maass.

A County of San Diego video featuring Sheriff Bill Gore, posted online in 2017, encouraged local residents to report suspicious activities to San Diego’s fusion center.

Suspicious doesn't necessarily mean criminal. It is often people reporting perfectly innocuous activities, Maas said.

SD-LECC frequently distributes intelligence bulletins, labeled sensitive and for law enforcement use only.  Thousands of these types of bulletins were posted online as part of BlueLeaks.

The local bulletins included statistics on the prevalence of school threats in San Diego.  One 2019 bulletin displayed a photo of a school student holding a fake gun — which had been posted on Facebook — as well as a so-called hit list found on a San Diego middle-school student.

Another bulletin from March listed hate groups in San Diego that might be prone to violence.


A bulletin from April detailed acts of violence sparked by the coronavirus pandemic, including a report of a man who lost his job and fired a bullet at a police helicopter.  The same bulletin described a social media campaign, #filmyourhospital, which targeted local hospitals treating COVID-19 patients.

An FBI bulletin from last year warned police officers that the Poway synagogue gunman had posted messages on a website called 8-chan, known for extremist hate speech.

Representatives with San Diego’s fusion center, SD-LECC, declined to be interviewed by News 8.

The SD-LECC website says the agency's mission is to protect the people and infrastructure of San Diego and Imperial Counties from criminal activity, terrorism, and potential hazards.

The agency also provides first responder training in terrorism awareness and intelligence briefings, according to the website.

A lot of these intelligence products are so broad, that they're just saying that this person might have anarchist leanings, so we're going to document the way they talk online, said Maass, the EFF researcher.

Maass questioned one of the BlueLeaks documents, in particular: a joint intelligence bulletin analyzing the criminal use of emojis on the Internet.

Clearly there's somebody in the San Diego fusion center who's spending maybe a touch too much time analyzing emojis, including an emoji that me and my colleagues use all the time, which is the Metallica ‘rock-on’ emoji, said Maas.

The Electronic Frontier Foundation recently launched the Atlas of Surveillance online map, which shines light on police agencies nationwide — including agencies in San Diego County — using surveillance technology.

BlueLeaks: San Diego fusion center's records hacked, posted online

BlueLeaks: San Diego fusion center's records hacked, posted online

A massive leak of law enforcement records, called BlueLeaks, is shedding new light on criminal threats targeting San Diego County.

The records included intelligence reports distributed to law enforcement agencies nationwide through taxpayer-funded fusion centers.

The BlueLeaks data dump in June included 269 gigabytes of records taken from some 250 law enforcement agencies, reportedly hacked from insecure servers in Houston.

Dozens of fusion centers had their records breached and published online, said Dave Maass, a senior investigative researcher at the Electronic Frontier Foundation (EFF).

Based in San Francisco, EFF is a non-profit that advocates for privacy in the digital world.

Fusion centers are super-secret intelligence hubs scattered all over the country — including one in Kearny Mesa called the San Diego Law Enforcement Coordination Center (SD-LECC) — created in the wake of 9/11 to fight terrorism. 

We're not necessarily sure who works there. We're not necessarily sure what they're working on.  It's often hard to get records from these agencies, Maass said.

“These are little technology hubs that gather intelligence information, and often coordinate the use of surveillance technology, but often they just issue these intelligence reports about protests and other types of activities, even though they're supposed to be focused on national security issues,” said Maass.

A County of San Diego video featuring Sheriff Bill Gore, posted online in 2017, encouraged local residents to report suspicious activities to San Diego’s fusion center.

Suspicious doesn't necessarily mean criminal. It is often people reporting perfectly innocuous activities, Maas said.

SD-LECC frequently distributes intelligence bulletins, labeled sensitive and for law enforcement use only.  Thousands of these types of bulletins were posted online as part of BlueLeaks.

The local bulletins included statistics on the prevalence of school threats in San Diego.  One 2019 bulletin displayed a photo of a school student holding a fake gun — which had been posted on Facebook — as well as a so-called hit list found on a San Diego middle-school student.

Another bulletin from March listed hate groups in San Diego that might be prone to violence.


A bulletin from April detailed acts of violence sparked by the coronavirus pandemic, including a report of a man who lost his job and fired a bullet at a police helicopter.  The same bulletin described a social media campaign, #filmyourhospital, which targeted local hospitals treating COVID-19 patients.

An FBI bulletin from last year warned police officers that the Poway synagogue gunman had posted messages on a website called 8-chan, known for extremist hate speech.

Representatives with San Diego’s fusion center, SD-LECC, declined to be interviewed by News 8.

The SD-LECC website says the agency's mission is to protect the people and infrastructure of San Diego and Imperial Counties from criminal activity, terrorism, and potential hazards.

The agency also provides first responder training in terrorism awareness and intelligence briefings, according to the website.

A lot of these intelligence products are so broad, that they're just saying that this person might have anarchist leanings, so we're going to document the way they talk online, said Maass, the EFF researcher.

Maass questioned one of the BlueLeaks documents, in particular: a joint intelligence bulletin analyzing the criminal use of emojis on the Internet.

Clearly there's somebody in the San Diego fusion center who's spending maybe a touch too much time analyzing emojis, including an emoji that me and my colleagues use all the time, which is the Metallica ‘rock-on’ emoji, said Maas.

The Electronic Frontier Foundation recently launched the Atlas of Surveillance online map, which shines light on police agencies nationwide — including agencies in San Diego County — using surveillance technology.