Ddosecrets Wikileakslike 1tbgreenbergwired: In December 2016, a hacker group calling itself Shadow Brokers released what were claimed to be the “full” online credentials for a series of hacking tools used by the NSA and other agencies. In June 2017, Shadow Broker’s leaked data was published on a WikiLeaks-like website called DDoSecrets, run by transparency activists. The website began publishing more than 1TB of data from these companies over the following weeks.
DDoSecrets published data from five companies and more data is awaited. The leaked data from these companies included credentials for accessing some of their internal network and infrastructure, as well as logins for high-profile customers like the U.S. Department of Defense, NASA and mobile carriers T-Mobile and Verizon.
DDoSecrets is run by a small group of activists, including “The Jester” (@th3j35t3r), an online vigilante who publishes leaks from hacktivists and cyber criminals every Friday, and “Chino,” a hacker with a background in telecommunication security. Users can search the database of leaked data and download specific files. In a recent post, DDoSecrets asked for help to decrypt some of the files they had published, saying they were “running out of time”.
Due to their small size, the site is not well known, but the leak has received some coverage in the media. The Verge wrote an article about DDoSecrets in June 2017, stating that it investigated the website and did not find evidence that they sold user data or used brute force attacks to obtain accounts. In July 2018, Forbes wrote a post titled “The Secret Government Data-Dumping Site WikiLeaks Cloned” discussing how WikiLeaks moved to the same data hosting provider in March 2017, only four months after they released their initial data.
In December 2018, the website published more than 1TB of data from phone company TeliaSonera. The leak contained access credentials for more than 23 million accounts (but not for TeliaSonera customers) and an internal network map of TeliaSonera’s network. Just days later, DDoSecrets published more data from telecom company Vodafone Spain. The leak contained billing and internal network credentials for more than 4 million accounts.
DDoSecrets users have published a range of information from the data they have acquired, including sensitive emails between engineers at the Boeing corporation and passwords to satellite ground stations around the world. The situation has caused concerns in the media about how companies are treating this information and what steps they are taking to safeguard these kinds of credentials.
DDoSecrets is associated with Hacktivist Underground (also known as “hackint.li”), an online vigilante group that publishes leaks of sensitive information and security databases publicly, to raise awareness of the vulnerabilities in critical infrastructure such as power stations and data centers. Hackint.li was accused by WikiLeaks of being a sock puppet for Anonymous, which has a history of impersonating WikiLeaks and its affiliates via hacking attacks in retaliation for perceived mistreatment or censorship by WikiLeaks or supporters.
