The activist group Distributed Denial of Secrets, perhaps better known by their shorter but clumsy moniker DDoSecrets, has been permanently banned from Twitter.
The self-declared “transparency collective”, which published leaked and hacked data it claimed was of public interest, earned its banishment from Twitter after it distributed a gigantic collection of sensitive documents related to police and law enforcement across the United States.
As we previously reported, the 270GB data dump (dubbed “BlueLeaks”) contains many years worth of information from over 200 US police departments, FBI reports, and other law enforcement agencies.
As investigative journalist Brian Krebs reports, the data appears to have been exfiltrated following a security breach at web development firm Netsential.
The publication of the data appears to have been deliberately timed by DDoSecrets to coincide with “Juneteenth”, the United States’s national day of commemoration of the ending of slavery, June 19th.
Unfortunately, the group’s haste to release the data in time appears to have overtaken any desire to redact details which could put innocent parties at risk: such as images of suspects in police investigations, banking details, and other personally identifiable information (PII).
There are additionally concerns that the breach could endanger ongoing police investigations, and the lives of law enforcement officers.
And as the dumped data contains information reaching back as far as perhaps the mid-1990s, there is additionally the risk that information may be completely out-of-date.
Speaking to Wired, DDOSecrets founder Emma Best admitted that the group had probably failed to redact all information related to crime victims, children, and unrelated private businesses:
“Due to the size of the dataset, we probably missed things. I wish we could have done more, but I’m pleased with what we did and that we continue to learn.”
That’s a startling admission of failure. More clearly could have been done, but from the sound of things DDoSecrets and its supporters were working to too tight a deadline.
And clearly Twitter was not impressed to see the dissemination of the hacked data, which is in conflict with its policies.
Having been criticised in the past for its tardy response in banning other hacking groups, such as The Dark Overlord, DC Leaks, and Guccifer 2.0, Twitter clearly felt it couldn’t stand silent while the BlueLeaks data leak was being so overtly disseminated on its platform.
Such a ban, however, may not silence DDoSecrets permanently. Don’t be surprised if they pop up again, in a new guise, to share stolen secrets on Twitter.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: https://hotforsecurity.bitdefender.com/blog/ddosecrets-thrown-off-twitter-after-distributing-269gb-blueleaks-data-dump-23577.html