WikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets
For years, radical transparency-focused activists like WikiLeaks have blurred the line between whistle-blowing and hacking. Often, they've published any data they consider to be of public interest, no matter how questionable the source. But now one leak-focused group is mining a controversial new vein of secrets: the massive caches of data stolen by ransomware crews and dumped online when victims refuse to pay.
Today the transparency collective of data activists known as Distributed Denial of Secrets published a massive new set of data on its website, all collected from dark web sites where the information was originally leaked online by ransomware hackers. DDoSecrets has made available about 1 terabyte of that data, including more than 750,000 emails, photos, and documents from five companies. The group is also offering to privately share an additional 1.9 terabytes of data from more than a dozen other firms with selected journalists or academic researchers. In total, the giant data collection spans industries including pharmaceuticals, manufacturing, finance, software, retail, real estate, and oil and gas.
All of that data, along with terabytes more that DDoSecrets says it plans to offer in the coming weeks and months, is sourced from an increasingly common practice among cybercriminal ransomware operations. Beyond just encrypting victim machines and demanding a payment for the decryption keys, ransomware hackers now often steal vast collections of victim data and threaten to post it online unless their hacking targets pay. In many cases, the victims refuse that extortion, and the cybercriminals follow through on their threat. The result is dozens or even hundreds of terabytes of internal corporate data, spilled out onto dark web servers whose web addresses are passed around among hackers and security researchers.