For years, radical activists focused on transparency like WikiLeaks blurred the line between denunciation and piracy. Often they have published data that they deem to be of public interest, no matter how doubtful the source. But now, a leak-focused group is exploring a controversial new vein of secrets: the massive caches of data stolen by ransomware teams and dumped online when victims refuse to pay.
Today, the transparency collective of data activists known as distributed denial of secrets has posted a massive new set of data on its website, all collected from dark web sites where information was originally leaked online by ransomware hackers. DDoSecrets made approximately 1 terabyte of this data available, including more than 750,000 emails, photos and documents from five companies. The group also proposes to privately share an additional 1.9 terabytes of data from more than a dozen other companies with selected journalists or academic researchers. In total, the giant data collection covers industries such as pharmaceuticals, manufacturing, finance, software, retail, real estate, and oil and gas.
All of this data, plus terabytes more that DDoSecrets expects to deliver in the weeks and months to come, comes from an increasingly common practice. among cybercriminal ransomware operations. Beyond just encrypting victim machines and paying for decryption keys, ransomware hackers often steal large collections of victim data and threaten to post it online unless their hack targets pay. In many cases, victims refuse this extortion, and cybercriminals follow through on their threat. The result is tens, if not hundreds, of terabytes of internal corporate data dumped on dark web servers whose web addresses are passed on to hackers and security researchers.
DDoSecrets co-founder Emma Best argues that the trail of dumped data that ransomware leaves in its wake often contains information worth investigating and, in some cases, being revealed to the public. “Ignoring valuable data that can inform the public about how industries work is not something we can afford to do,” Best wrote in a text exchange with WIRED. Best, who uses the pronoun they have, could not in many cases say exactly what potential public interest secrets these huge data sets might contain, given that there is too much data for DDoSecrets to be able to. walk alone. But they argue that any evidence of corporate malfeasance these documents might reveal, or even intellectual property that may serve the public good, should be seen as fair game.
“Whether it’s a pharmaceutical or petroleum company, or a company whose technical data and specifications can accelerate the progress of an entire industry or make everyone safer by sharing research,” says Best , “We have a duty to make them available to researchers. , journalists and academics so that they can learn more about how the generally opaque industries (many of which control important aspects of our lives and the future of the planet) work. “
However, for those battling the growing global epidemic of ransomware attacks, exploiting the data leaks left behind by cybercriminal hackers poses new ethical questions. Allan Liska, analyst and researcher for security firm Recorded Future, says he has seen firsthand the devastating effects of ransomware attacks on businesses large and small, and argues that amplifying ransomware group leaks do that encourage them to threaten these leaks against more victims. “Personally, I think it’s wrong,” Liska says. “Even if you think your intentions are good, I think you are taking advantage of someone who has committed a crime against them.
Better to say that DDoSecrets does not publish any data that has not already been made public by these hackers. “All data is stuff that ransomware hackers have already posted,” they say. “We don’t get anything directly from them or work with them in any way. We take data that journalists cannot or are afraid to access and make it available. Best adds that in the majority of cases, DDoSecrets will not release the data itself, but will share most of the leaks privately with reporters and researchers. In these cases, they will ask those posting the data to strike out anything that is too sensitive – such as personally identifiable information – and that has no public interest value. But the group does not rule out publishing this sensitive information itself if it make see it as a public interest value, and it plans to offer the same publishing discretion to journalists and academics with whom it shares data.