![]() He estimates that one year of ransomware leaks alone adds up to between 100 and 200 terabytes of stolen data posted to various dark web sites. Just last year, more than 1,000 ransomware victims had their data spilled onto dark web sites, according to Recorded Future's Liska. With its new ransomware trove, it's also tapped into a huge new source of leaks. onion sites that hide the location of servers, making such seizures far more difficult in the future.ĭespite those hurdles, DDoSecrets remains undeterred in its larger mission. It now plans to host its data on Tor-protected. Shortly afterward, German prosecutors in the town of Zwickau ordered police to seize a server belonging to DDoSecrets that hosted many of its files and the search engine for its data collection, a significant setback for the group from which it's still working to recover. The 269-gigabyte collection of documents from 200 state and local police organizations led Twitter to ban the DDoSecrets account and even block all tweets containing links to its website. In June of this year, DDoSecrets published its own bombshell collection of hacked documents, a massive collection of law enforcement files known as BlueLeaks, given to the group by a hacker associated with Anonymous. "Whether it's a pharmaceutical company or petroleum company, or a company with technical data and specs that can speed progress for an entire industry or make everyone safer by sharing research," Best says, "then we have a duty to make that available to researchers, journalists, and scholars so they can learn about how typically opaque industries (many of which control significant aspects of our lives and the future of the planet) operate." ![]() But they argue that any evidence of corporate malfeasance that those documents might reveal, or even intellectual property that can serve the public good, should be considered fair game. Best, who uses the pronoun they, couldn't say in many cases exactly what secrets of potential public interest those massive data sets might contain, given that there's too much data for DDoSecrets to comb through on its own. "Ignoring valuable data that can inform the public about how industries operate isn't something we can afford to do," Best wrote in a text exchange with WIRED. The result is dozens or even hundreds of terabytes of internal corporate data, spilled out onto dark web servers whose web addresses are passed around among hackers and security researchers.ĭDoSecrets' cofounder Emma Best argues that the trail of dumped data that ransomware operations leave in their wake often contains information that deserves to be scrutinized and, in some cases, revealed to the public. In many cases, the victims refuse that extortion, and the cybercriminals follow through on their threat. Beyond just encrypting victim machines and demanding a payment for the decryption keys, ransomware hackers now often steal vast collections of victim data and threaten to post it online unless their hacking targets pay. In total, the giant data collection spans industries including pharmaceuticals, manufacturing, finance, software, retail, real estate, and oil and gas.Īll of that data, along with terabytes more that DDoSecrets says it plans to offer in the coming weeks and months, is sourced from an increasingly common practice among cybercriminal ransomware operations. ![]() The group is also offering to privately share an additional 1.9 terabytes of data from more than a dozen other firms with selected journalists or academic researchers. ![]() DDoSecrets has made available about 1 terabyte of that data, including more than 750,000 emails, photos, and documents from five companies. Today the transparency collective of data activists known as Distributed Denial of Secrets published a massive new set of data on its website, all collected from dark web sites where the information was originally leaked online by ransomware hackers. But now one leak-focused group is mining a controversial new vein of secrets: the massive caches of data stolen by ransomware crews and dumped online when victims refuse to pay. Often, they've published any data they consider to be of public interest, no matter how questionable the source. For years, radical transparency-focused activists like WikiLeaks have blurred the line between whistle-blowing and hacking. ![]()
0 Comments
Leave a Reply. |