After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down.
“They remind me of the people who were risking a lot for WikiLeaks back in the day.”
Birgitta Jonsdottir, DDoSecrets adviser
For the past year, WikiLeaks founder Julian Assange has sat in a London jail awaiting extradition to the US. This week, the US Justice Department piled on yet more hacking conspiracy allegationsagainst him, all related to his decade-plus at the helm of an organization that exposed reams of government and corporate secrets to the public. But in Assange’s absence, another group has picked up where WikiLeaks left off—and is also picking new fights.
For roughly the past year and a half, a small group of activists known as Distributed Denial of Secrets, or DDoSecrets, has quietly but steadily released a stream of hacked and leaked documents, from Russian oligarchs’ emails to the stolen communications of Chilean military leaders to shell company databases. Late last week, the group unleashed its most high-profile leak yet: BlueLeaks, a 269-gigabyte collection of more than a million police files provided to DDoSecrets by a source aligned with the hacktivist group Anonymous, spanning emails, audio files, and interagency memos largely pulled from law enforcement “fusion centers,” which serve as intelligence-sharing hubs. According to DDoSecrets, it represents the largest-ever release of hacked US police data. It may put DDoSecrets on the map as the heir to WikiLeaks’ mission—or at least the one it adhered to in its earlier, more idealistic years—and the inheritor of its never-ending battles against critics and censors.
“Our role is to archive and publish leaked and hacked data of potential public interest,” writes the group’s cofounder, Emma Best, a longtime transparency activist, in a text message interview with WIRED. “We want to inspire people to come forward, and release accurate information regardless of its source.”
In another message, Best sums up that mission in a Latin phrase that better captures the adversarial nature—and inherent controversy—of DDoSecrets’ work: “Veritatem cognoscere ruat cælum et pereat mundus.” Best translates the slogan to, “Know the truth, though the heavens may fall and the world burn.”
For DDoSecrets, the firefight has already started. On Tuesday evening, as media attention grew around the BlueLeaks release, Twitter banned the group’s account, citing a policy that it doesn’t allow the publication of hacked information. The company followed up with an even more drastic step, removing tweets that link to the DDoSecrets website, which maintains a searchable database of all of its leaks, and suspending some accounts retroactively for linking to the group’s material.
Best says DDoSecrets, an organization with no address and whose shoestring budget runs mostly on donations, is still strategizing a response and the best workaround to publicize its leaks—potentially shifting to Telegram or Reddit—but has no intention of letting the ban halt its work. “‘Too dangerous for Twitter’ is some Nixonian shit I didn’t expect,” Best says.
From the start, DDoSecrets has distinguished itself by its willingness to publish not just the same sort of raw leaks and hacked files that WikiLeaks published for years, but also some that even WikiLeaks refused to. The group’s first major release after its founding in late 2018 was a 175-gigabyte cache of Russian emails that included a collection of Russian political leaders’ and oligarchs’ communications, from the Russian interior ministry to arms exporter Rosoboronexport, provided by the Russian hacktivist group Sholtai Boltai along with other unknown sources.
WikiLeaks had obtained but declined to publish some of the same documents, Foreign Policy revealed in 2017, stating that it “rejects submissions that have already been published elsewhere or which are likely to be considered insignificant.” But when DDoSecrets published the full Russian collection in early 2019, The New York Times covered the document dump as a kind of counterblow to the Kremlin’s hacking and leaking operations that targeted the 2016 election.
Six months later, DDoSecrets returned with what it called #29 Leaks, a collection of 15 years of hacked emails from Formations House, a London financial firm involved in the creation of shell companies. Those shell companies had been tied to allegations of money laundering, including by arms dealers, car smugglers, and the ousted Ukrainian president Viktor Yanukovych.
“Valid information is valid regardless of the source.”
Emma Best, DDoSecrets
A few months after that, the pseudonymous hacktivist Phineas Fisher revealed that they had broken into the network of the Cayman National Bank and Trust, another player in the world of offshore banking. Fisher gave the resulting 2-terabyte trove of stolen data to DDoSecrets. The files revealed, among other things, how the former head of Azerbaijan’s national security agency allegedly used embezzled funds to buy UK properties. DDoSecrets’ Best says that journalists are still digging into the massive data set today.
With BlueLeaks, however, DDoSecrets has, for the first time, published a major leak of files from US organizations, raising the stakes. Activists and journalists combing through the files immediately found evidence that the FBI had monitored the social accounts of protesters on behalf of local law enforcement and tracked bitcoin donations to protest groups. The leak also includes personally identifiable information about police officers and even banking details—though Best says BlueLeaks tried to redact all identifiable victim information—which has fueled controversy around the publication and no doubt contributed to the group’s Twitter ban. (Twitter did not respond to a request for comment.) “The public has an interest in the identities of public servants,” Best writes.
That red-hot disclosure, perfectly timed to follow the global protests in the wake of police killing of George Floyd, shows how the organization is coming into its own, says Birgitta Jonsdottir, a former member of WikiLeaks and the Icelandic parliament who now serves as an adviser to DDoSecrets. “They remind me of the people who were risking a lot for WikiLeaks back in the day,” Jonsdottir says. “There’s been a vacuum for a long time. So I’m just glad this is taking off, with this very important leak at this time.”
But Best, who identifies with the pronouns they/them, says that DDoSecrets has learned from WikiLeaks’ mistakes as well as its successes. Best has collaborated with WikiLeaks in the past—the relationship was complicated; Best later published a trove of the group’s own leaked chats in 2018—and points to a long list of what they see as WikiLeaks’ missteps: publishing materials without a source’s permission, as they found to be the case of the leak of emails from the Turkish government’s ruling party; inexplicably declining to publish leaked files, as with the Russia dump that DDoSecrets later published; or adding unnecessary editorial spin to documents, as they argue WikiLeaks did with the Vault7 leak of CIA secrets.
Best also faults Assange specifically for trying to hide the fact that certain documents are provided by state-sponsored hackers, as when he intimated that the documents take from the Democratic National Committee and the Clinton Campaign might have come from murdered Clinton staffer Seth Rich. In fact, Russian military intelligence hackers stole the documents and provided them to WikiLeaks. DDoSecrets, Best says, won’t shy away from publishing files stolen by state-sponsored hackers if they’re of real public interest. But those documents will be clearly labeled as coming from state-sponsored hackers when DDoSecrets can determine as much, they say, and will be kept on a portion of the site devoted to the spoils of government hacking. “Valid information is valid regardless of the source,” Best says. “But the source is important context.”
DDoSecrets is also taking a very different tack from WikiLeaks in protecting the anonymity of sources. It doesn’t host a WikiLeaks-style submission system on a server protected by the anonymity software Tor, as WikiLeaks and most other leaking sites have done. Best says they don’t actually believe that DDoSecrets, an organization without a physical presence or a headquarters, could sufficiently protect a physical server running an anonymous submission system such as SecureDrop. Instead, the group simply provides a list of security tool recommendations to sources like Tor and the anonymous, ephemeral operating system Tails, as well as variety of means to reach them via an encrypted message.
The approach hints that the group sees principled hackers as its core sources rather than non-technical leakers or whistleblowers inside of companies, says Gabriella Coleman, a hacker-focused anthropologist at McGill University who wrote a seminal book on the hacktivist group Anonymous and is friendly with some of DDoSecrets’ staff. The group’s name, a reference to the cybersecurity term “distributed denial of service,” and its relationship with Phineas Fisher further suggests an intended audience of hackers. “Using a name like that, it’s signaling a certain message to the hacker and hacktivist world, where they have certain relationships,” says Coleman. “They’re happy to accept leaks from whistleblowers, but they come from the hacker world. They’re going to be very well positioned to take leaks from more progressive hackers.” (Best declined to comment on the group’s sources, or what fraction are insider leakers versus outside hackers.)
Perhaps most importantly, Best says DDoSecrets wants to avoid the cult of personality that formed around Julian Assange. The WikiLeaks leader had exerted near-monarchic rule before being indicted for computer hacking conspiracy and arrested in London’s Ecuadorean embassy, where he had sought asylum, last spring. Best says DDoSecrets is moving toward a “co-op” model with a “horizontal structure” of leadership, with no single person in charge of the group’s direction.
Former WikiLeaker Jonsdottir, who has both criticized Assange and called for support for him after his arrest, believes this time will be different. “I don’t see anyone in the organization that can be made into the stories we had about Assange, a mysterious superhero,” Jonsdottir says. “Like Tina Turner said, we don’t need another hero.”
The Twitter ban following its BlueLeaks publication represents a setback for the group. But Jonsdottir says it also shows the importance of the work they’re doing. “They will definitely rise above this,” Jonsdottir says. “Somebody trusted them with a massive leak at a critical time. And I’m excited to see if it will help spawn more like it.”
All Rights Reserved for Andy Greenberg