After Twitter blacklisted an emerging anti-secrecy group for distributing a vast collection of data stolen from U.S. law enforcement agencies, a co-founder of the WikiLeaks-style startup says it won’t go away quietly.
Emma Best, who helps lead Distributed Denial of Secrets, announced on a personal account Tuesday that Twitter had permanently banned the @DDoSecrets account for violating the company’s rules about distributing hacked materials. The move came four days after DDoSecrets published 269 GB of information, including training manuals and guides on containing protesters, initially taken from more than 200 U.S. police agencies.
That publication marked the most significant form of hacktivism in recent memory, inserting DDoSecrets into the national news cycle alongside reports about police officers killing unarmed Black Americans. Earlier this month, a Twitter account positing itself as tied to Anonymous claimed to leak data tied to the Minneapolis Police Department. That data turned out to be scraped from previous breaches.
DDoSecrets supports the general goals of the Anonymous movement, and has received data from members, but is an “entirely separate” entity, co-founder Emma Best told CyberScoop.
“[DDoSecrets is] absolutely the next step in all of this,” Gabriella Coleman, a longtime chronicler of digital activism, told CyberScoop. “They’re coming out of the hacker-fermenting-action world of 2013 and 2014. There is a complete and direct lineage.”
Twitter’s ban complicates the way that the group will distribute its material, and raise awareness about its mission.
The site removed the account for an apparent violation of a March 2019 policy that states Twitter may not be used for “threatening to publicly expose someone’s private information,” and another policy prohibiting the distribution of “content obtained through hacking that contains private information, may put people in physical harm or danger, or contains trade secrets.”
The company’s record on the topic is mixed. While Twitter previously removed an account belonging to a hacking group known as The Dark Overlord, it also allowed accounts belonging to WikiLeaks and Guccifer 2.0, later determined to be a Russian disinformation effort, to persist.
“It’s beyond excessive,” said Best. “I have to wonder if their buttons aren’t being pushed.”
The group is now examining its options for an appeal to Twitter and planning to set up an account on the social media site Mastodon.
“[U]ltimately our mission is unchanged,” Best added.
DDoSecrets made its public debut in December 2018, billing itself as a new leak site that would serve as a repository of previously private information while balancing individual privacy.
It has published materials purloined in a hack on the dating site Ashley Madison, a vast collection of hacked information about Russia’s war in Ukraine and the Kremlin’s ties to the Russian Orthodox Church, data stolen from the Cambodian government and hundreds of gigabytes of files from global corporations. The so-called “Blue Leaks” database published on June 19 contained millions of files reportedly originating in a breach at an IT services provider that worked with U.S. police fusion centers.
Best previously told Wired that DDoSecrets spent a week removing sensitive data about crime victims, children and unrelated businesses from the Blue Leaks files.
In previous data dumps, people have taken issue with lack of filtering done by hacktivist groups, with names and personal details of civilians made public despite being only tangentially related to the leak’s purpose. For instance, WikiLeaks was often derided for not editing any of its disclousures ahead of their publication.
DDoSecrets, meanwhile, has gone public with the names of many of its members in an apparent attempt to boost their credibility, and perhaps avoid the internal strife that has previously “poisoned” prior efforts, the group explained.
“They’re important because they’ve signaled to the hacktivist world that you don’t have to go to Wikileaks [to publish information],” Coleman, who wrote a book chronicling the rise of Anonymous, told CyberScoop. “They’ve been waiting for a big news item because once that happens, and they’re catapulted into more compromises, it puts them into a position to get more leaked data.”