Skip to main content

Feds are treating BlueLeaks organization as ‘a criminal hacker group,’ documents show

Feds are treating BlueLeaks organization as ‘a criminal hacker group,’ documents show

/

The group says it’s not involved in hacking

Share this story

Photo illustration by William Joel / The Verge

The transparency activist organization Distributed Denial of Secrets (DDoSecrets) has been formally designated as a “criminal hacker group,” following the publication of 296 gigabytes of sensitive law enforcement data earlier this summer, known colloquially as “BlueLeaks.” The description comes from a bulletin circulated to fusion centers around the country in late June by the Department of Homeland Security’s Office of Intelligence and Analysis. The bulletin’s language mirrors earlier US government descriptions of WikiLeaks, Anonymous, and LulzSec.

“A criminal hacker group Distributed Denial of Secrets (DDS) on 19 June 2020 conducted a hack-and-leak operation targeting federal, state, and local law enforcement databases, probably in support of or in response to nationwide protests stemming from the death of George Floyd,” the bulletin reads. “DDS leaked ten years of data from 200 police departments, fusion centers, and other law enforcement training and support resources around the globe, according to initial media and DHS reporting. DDS previously conducted hack-and-leak activity against the Russian Government.”

The document was obtained by Lucy Parsons Lab researcher Brian Waters through an Illinois Freedom of Information Act request with the Cook County Sheriff’s Office.

“Calling us criminal hackers gives them the excuse to circumvent the First Amendment.”

The BlueLeaks data was reportedly provided to Distributed Denial of Secrets by a hacker claiming ties to Anonymous, comprising 10 years of information from more than 200 police departments and fusion centers. The records include police and FBI reports, bulletins, guides, and technical information about surveillance techniques and intelligence gathering. A number of news organizations have used BlueLeaks data to publish stories about law enforcement tactics, including the counter-surveillance methods of Black Lives Matter protesters, a skewed analysis on the antifa threat to law enforcement, and worries about widespread mask-wearing during the COVID-19 pandemic foiling facial recognition algorithms.

From the beginning, DDoSecrets has faced intense difficulties keeping the BlueLeaks material online. In late June, Twitter suspended DDoSecrets’s account in response to the leaks and mass-blocked hyperlinks to the leaked dataset, making it impossible to share on the platform. It was a remarkably draconian step for a company that has long allowed links to extremist content and active election interference efforts like DCLeaks to remain online. Last month, German authorities seized the DDoSecrets server that hosted the BlueLeaks data, effectively shutting down the organization’s online repository of the records. The seizure was made on the request of American authorities.

“Unlike WikiLeaks and Assange, we have no involvement in actual hacks.”

The bulletin’s description of “a criminal hacker group” will only strengthen suspicions that federal law enforcement is building a criminal case against DDoSecrets, particularly combined with the recent server seizures. Emma Best, one of DDoSecrets’s founders, told The Verge that they “absolutely” believe the document shows that American authorities are investigating their organization in the same manner as it did WikiLeaks, whose founder, Julian Assange, is charged with conspiring to steal and publish classified Pentagon documents.

Crucially, Best maintains that the group has never been involved in any intrusions to obtain documents and merely publishes files after they’ve been obtained by others. “Unlike WikiLeaks and Assange, we have no involvement in actual hacks and don’t provide material support to hackers,” they told The Verge.

It is not illegal to publish classified information in the United States, and most of the BlueLeaks data is marked “For Official Use Only” rather than classified.

Still, Best maintains that DDoSecrets is simply a publisher devoted to freedom of expression and transparency both at home and abroad. “Calling us “criminal hackers” (while ignoring the numerous facts and evidence that undermines that accusation) gives them the excuse to circumvent the First Amendment,” Best told The Verge.

One of the odder claims in the three-page bulletin is an assertion that Distributed Denial of Secrets conducted a similar “hack-and-leak” operation in 2019 on Russian government personnel. “Russian media speculated the incident was a response to Russia’s hack-and-leak activities targeting the Democratic Party to influence the outcome of the 2016 US presidential election” the bulletin reads.

The January 2019 DDoSecrets release referenced in the bulletin, called the Dark Side of the Kremlin, included 175 gigabytes of information — some previously released on Russian-language websites — about the dealings of the Kremlin, the Russian Orthodox Church, and Russia’s war in Ukraine. It included a significant amount of hacked material from the Russian Interior Ministry that WikiLeaks refused to release in 2016. According to media reports, the Russian hacking group Shaltai Boltai and other Eastern European hackers were responsible for the materials referenced in the bulletin.

The Department of Homeland Security did not respond to a request for comment.