In December 2018, DDoSecrets listed a leak from Russia's Ministry of Internal Affairs,[3] portions of which detailed the deployment of Russian troops to Ukraine at a time when the Kremlin was denying a military presence there. About half of the material from that leak was published in 2014; the other half emerged in 2016.[4]WikiLeaks reportedly rejected a request to host the full cache of files in 2016,[4] at a time when founder Julian Assange was focused on exposing Democratic Party documents passed to WikiLeaks by Kremlin hackers.[5]
2019
"Dark Side of the Kremlin"
In January 2019, DDoSecrets published hundreds of gigabytes of hacked Russian documents and emails from pro-Kremlin journalists, oligarchs, and militias.[5]The New York Times called the release "a symbolic counterstrike against Russia's dissemination of hacked emails to influence the American presidential election in 2016", though DDoSecrets founder Emma Best stated it was not a retaliatory action. According to the Times, the documents exposed new information on the Russo-Ukrainian War, connections between the Kremlin and the Russian Orthodox Church, and oligarchs' business activities.[3] According to an internal bulletin issued by the United States Department of Homeland Security, the "hack-and-leak activity" was conducted by DDoSecrets, though the organization says it is not involved in hacking, and reporting by Al Jazeera andThe Daily Beast identified several independent hacktivists and hacker groups as responsible for the hacks.[6][5][7][8]
Investigation of the leak led to a calls for increased audits of the rich.[11]Belgian tax authorities initiated an investigation based on the CNB leak and the "#29 Leaks" the following month.[14]
Formations House
In December 2019, DDoSecrets published "#29 Leaks" in partnership with the Organized Crime and Corruption Reporting Project.[15] The 450 gigabytes of data came from Formations House (now The London Office), a "company mill" which registered and operated companies for clients included organized crime groups, state-owned oil companies, and fraudulent banks.[16][17][18] The leak included emails, documents, faxes, and recordings of phone calls.[16] Investigations revealed the firm ran a web of companies registered in Hong Kong, Cyprus, the British Virgin Islands and Pakistan,[19] helped clients avoid anti-money laundering rules[20] and had created banks in The Gambia in an attempt to create a tax haven.[19][21] According to The Times, there was no evidence that Formations House did anything illegal[22] but their investigation
highlighted worrying vulnerabilities in the UK’s defences against money laundering. For those looking to launder their ill-gotten gains, Britain offers many advantages. It can cost as little as £20 to register a company via a formation agent. Formations House can also offer off-the-shelf companies that have previously been incorporated and come complete with trading histories, nominee directors, an address and an attached bank account.[22]
The release was compared to both the Panama Papers and the Paradise Papers.[16][17][18]Belgian tax authorities initiated an investigation based on data from this leak and from the Cayman National Bank and Trust leak published by DDoSecrets the prior month.[14] Politicians in Sweden and the UK, including anti-corruption chief John Penrose said the leak showed the need for reforms on company creation and registration.[19][23]
Chilean police and military
In December 2019, DDoSecrets published "PacoLeaks" and "MilicoLeaks": data from Chilean military police and military. PacoLeaks revealed police personnel data, extensive police files on activist groups and leaders, and evidence that the police had infiltrated activist groups[24] MilicoLeaks included details on Chilean army intelligence, including operations, finance and international relations.[25][26]
2020
Bahamas corporate registries
In 2020, DDoSecrets published a copy of the Bahamas corporate registry. DDoSecrets partnered with European Investigative Collaborations and the German Henri-Nannen-Schule journalism school to create the Tax Evader Radar, a project to review the dataset of almost one million documents.[27] The project exposed the offshore holdings of prominent Germans,[28] the tax activities of ExxonMobil,[29] as well as offshore business entities belonging to the DeVos and Prince families.[30]
Myanmar Investment Commission
In March 2020, DDoSecrets published 156 gigabytes of data hacked from the Myanmar Investment Commission.[31] The release included investment management documents, permits, and proposals. As a result of the leak, Justice For Myanmar added 26 companies to its list of business associates of the Myanmar military.[32][33]
The leak also revealed how millions of dollars allegedly flowed from Mytel subscribers to Myanmar military generals,[34] and exposed business dealings of family members of prominent military leaders. The data from the leak was later used to highlight companies tied to family members of military leaders, who likely profited from the 2021 coup d'état and associated internet blackouts.[35] The leak also led to allegations of profiteering which resulted in policy changes that cost Myanmar generals millions of dollars.[36][37][38] The data also revealed that Thai state-owned companies were funding the Myanmar junta.[39]
Neo-Nazi and QAnon Discord messages
In April 2020, DDoSecrets published almost 10million messages from more than 100 Discord servers used by neo-Nazi and QAnon conspiracy theorist groups.[40] The leaked chats showed threats of violence and attempts to influence the 2018 United States midterm elections.[41]
On June 19, 2020, DDoSecrets released BlueLeaks, which consisted of 269 gigabytes of internal U.S. law enforcement data obtained from fusion centers by the hacker collective Anonymous. DDoSecrets called it the "largest published hack of American law enforcement agencies."[42]Betsy Reed described BlueLeaks as the U.S. law enforcement equivalent to the Pentagon Papers.[43]
A DDoSecrets server hosting BlueLeaks data for public download was located in Germany, and German authorities seized it at the request of the United States. DDoSecrets co-founder Emma Best reported that it was the group's "primary public download server".[44][45][46]
After the leak, Twitter suspended DDoSecrets' account.[47][48][49][50][51][52] Twitter cited its terms of service, which explicitly bars the distributing of "content obtained through hacking that contains private information, may put people in harm or danger, or contains trade secrets." However, Best called Twitter's actions "heavy-handed", as they suspended users who tweeted links to archived copies of the leaked material or who merely mentioned the leak.[53] On July 9, Reddit banned /r/BlueLeaks, a community created to discuss BlueLeaks, claiming they had posted personal information.[54]
Julian Assange and WikiLeaks
In July 2020, DDoSecrets released documents relating to the United States' case against WikiLeaks founder Julian Assange. The release also included chat logs and letters between Assange and various sources.[55]
In February 2021, DDoSecrets gave journalists access to hundreds of thousands of financial documents from the Myanmar Directorate of Investment and Company Administration (DICA). These showed that Google was allowing coup leaders and Myanmar military leaders to use Gmail addresses and Blogger sites, which activists said indirectly supported the Myanmar coup.[58] Google subsequently disabled the blog, which a Google spokesperson said was in response to a presidential executive order concerning Myanmar."[59]Justice For Myanmar called the release "biggest leak in Myanmar history."[60]
On February 28, DDoSecrets revealed "GabLeaks", a collection of more than 70 gigabytes of data from Gab, including more than 40 million posts, passwords, private messages, and other leaked information. The data was given to the group by a hacktivist self-identifying as "JaXpArO", titling the leak "JaXpArO and My Little Anonymous Revival Project". JaXpArO retrieved the data from Gab's back-end databases to expose the platform's largely right-wing userbase. Best called GabLeaks "another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything surrounding January 6."[61]
The group said that they would not release the data publicly because it contained a large amount of private and sensitive information, and instead shared the data with select journalists, social scientists, and researchers. Andy Greenberg from Wired confirmed that the data "does appear to contain Gab users' individual and group profiles—their descriptions and privacy settings—public and private posts, and passwords".[61]
GiveSendGo
In April 2021, Distributed Denial of Secrets made donor information from the Christian crowdfunding site GiveSendGo available to journalists and researchers. The information identified previously anonymous high-dollar donors to far-right actors including members of the Proud Boys, many of whose fundraising efforts were directly related to the 2021 United States Capitol attack.[62] The platform had previously been criticized for its refusal to restrict use by far-right extremists.[63][64] The leak also revealed that police officers and public officials in the United States had donated to Kyle Rittenhouse.[65][66] In May 2021, USA Today used the GiveSendGo data to report that nearly $100,000 was raised for the Proud Boys on GiveSendGo from people of Chinese descent in the days before the 2021 Capitol attack.[67] The following month, they used the data to report that a member of the Koch family had anonymously donated to a crowdfunding campaign supporting 2020 election fraud conspiracy theories.[68]
Chicago City Hall emails
In April 2021, DDoSecrets published a cache of emails from Chicago City Hall.[69][70] The emails revealed that the city's handling of fatal shootings by police officers violates state law and a federal consent decree.[71] The emails also exposed the Mayor's secret lobbying for qualified immunity,[72] a secret drone program funded with off-the-books cash,[73] and the city's problems with police chases and the George Floyd protests.[74][75] The emails also revealed that the Mayor's office was unaware of the CPD's use of facial recognition software from Clearview AI until after receiving inquiries from journalists.[76]
Washington, D.C. police
In May 2021, DDoSecrets republished the leak of Washington D.C.'s Metropolitan Police Department, including over 90,000 emails. Among other things, the files revealed details of surveillance of right-wing extremists and the response to the 2021 United States Capitol attack.[77][78] Reporting based on the files led to D.C. passing a budget that reformed parts of the city's gang database management.[79]
LineStar Integrity Services
In June 2021, DDoSecrets released 73,500 emails, accounting files, contracts, and other business documents and around 19 gigabytes of source code and data from the oil pipeline services firm LineStar Integrity Services. They also released 10 gigabytes of employee data.[80]
Presque Isle, Maine police
In June 2021, 200 gigabytes of data from the Presque Isle Police Department was posted online, including 15,000 emails, police reports, witness statements from the 1970s to the present. DDoSecrets mirrored the files and gave them to journalists, but did not repost them publicly, citing privacy concerns.[81]
Oath Keepers
In September 2021, DDoSecrets publicly released emails and chat logs from the American far-right Oath Keepers organization to the public. They also provided member and donor data to the press. This exposed hundreds of members in law enforcement, over a hundred members with ties to the military and dozens in political office.[82][83][84]
Aerial surveillance footage
In November 2021, DDoSecrets released 1.8 terabytes of police helicopter surveillance footage from the Dallas Police Department and the Georgia State Patrol.[85] According to Wired, the footage showed helicopters capturing everything from cars lined up at a drive-through, and people standing in their yards and on the street.[86] Non-profit advocacy group Fight for the Future called the leak "a crystal-clear example of why mass surveillance makes our society less safe, not more safe."[86]
2022
GiveSendGo
In February 2022, after many anonymous donors supported the 2022 Freedom Convoy, DDoSecrets began providing journalists and researchers with a hacked list of donors' personal information from GiveSendGo. Later that month, GiveSendGo was hacked again, exposing donors for every campaign in the site's history, which DDoSecrets gave to journalists and researchers.[87]
Russian leaks
During the Russo-Ukrainian War, DDoSecrets published more than 40 datasets of Russian leaks, totaling at least 5.8 terabytes.[2][88][89] Emma Best estimated that the group had published over six million Russian documents in under two months after the war began.[89]
NBC News reported that the site "might be the single best public repository of all the Russian files purportedly leaked since the start of the invasion",[90] and The Intercept wrote that it had become the "de facto home" for Russian leaks.[89]
Tetraedr
On February 26, 2022, two days after the Russian invasion of Ukraine began, DDoSecrets indexed emails, missile testing footage and PDF schematics for weapons systems from Belarusian weapons manufacturer Tetraedr. The data was hacked and released by Anonymous Liberland and the Pwn-Bär Hack Team.[89]
Roskomnadzor
On March 10, 2022, the hacking group Anonymous claimed responsibility for the theft and publication of around 820 gigabytes of documents from the Russian government agency Roskomnadzor. This group performed various cyberattacks against Russian websites during the 2022 Russian invasion of Ukraine.[91][92][93] The leak revealed a previously unknown online surveillance system which has been tracking anti-war sentiment and other "threats" to Russian stability and the Putin regime since at least 2020.[94]
Other leaks in March
79 gigabytes of emails from Omega Co., the research and development branch of oil pipeline company Transneft[89]
5.9 gigabytes of emails from investment firm Thozis Corporation[89]
110 gigabytes of emails from oil mining equipment manufacturer MashOil[89]
339 gigabytes of data from travel agency Continent Express[89]
107 gigabytes of emails from oil, gas, and drilling engineering company Neocom Geoservice[89]
1.2 gigabytes of data from Belarusian surveillance system developer Synesis[89]
9.5 gigabytes of emails from General Department of Troops and Civil Construction, a Russian Ministry of Defense-owned construction company[89]
160 gigabytes of emails from financial and banking document processing company Tendertech[89]
130 gigabytes of emails from investment firm Worldwide Invest[89]
432 gigabytes of emails from property management firm Sawatzky[89]
221 gigabytes of emails from commercial real estate investment company Accent Capital[89]
342 gigabytes of emails from hydraulic tools producer Enerpred[89]
Hunter Biden emails and laptop
In May 2022, DDoSecrets published 128,700 emails allegedly associated with a Hunter Biden laptop that were being circulated by allies of and former staff of President Donald Trump. DDoSecrets said it published the emails "to counteract possible deceptions by persons with an agenda who are currently distributing the dataset without the relevant context or warnings," because there were "considerable issues with this dataset including signs of tampering" and "more than one altered or implanted emails".[97]
DDoSecrets also made a copy of the alleged laptop available to journalists and researchers.[98]
Fuerzas Represivas
In September 2022, DDoSecrets published Fuerzas Represivas, a collection of military documents from Latin America and Mexico totaling more than 13 terabytes, which Emma Best called "the largest leak in history."[99]
Joint Chiefs of Staff of Chile
The Fuerzas Represivas leak included emails sent and received between 2012 and May 2022 by Chilean Joint Chiefs of Staff (EMCO), the agency in charge of Chile's intelligence, operations and logistics for national defence purposes.[99][100] General Guillermo Paiva Hernández, head of the country’s Joint Chiefs of Staff, resigned in response to the leak.[99][101]
SEDENA Leaks
The Fuerzas Reprisivas leak included six terabytes of internal communications and documents from the Mexican Ministry of National Defense's email servers from 2010 to 2022, and is considered the largest in the history of Mexico.[99][102]
Known as the "SEDENA Leaks" or the "Guacamaya Leaks," the data set reveals the Mexican military's links to criminal organizations and the army's surveillance of opposition groups, politicians, journalists, and activists.[103][104][105] Among the revelations, the leaks demonstrate widespread sexual abuse within the army and the targeting of feminists groups as subversive organizations that pose a threat equal to cartels.[106][107] They also show the military's use of the Pegasus spyware and its deployment against journalists, human rights activists, and government officials.[108][109][110] The leak reveals new details of the army's role in the Ayotzinapa case where forty-three students were forcibly disappeared.[111][112][113] Information on the health of President Andrés Manuel López Obrador, army contracts for the construction of the Mayan train, and the military's development of a tourist business, including parks, a national airline, museums, and hotels are also included in the leaked data.[114][115]
The Mexican government's response to the hack has attempted to minimize and even deny the revelations. López Obrador, whose presidential campaign promised to end state surveillance of private citizens, continues to insist that his administration "does not spy."[116][117]
Joint Command of the Armed Forces of Peru
In October 2022, La Encerrona revealed that the Fuerzas Reprisivas leak included a massive leak of military intelligence data Joint Command of the Armed Forces of Peru (CCFFAA).[99][118] The report gave special focus to the Southern Operational Command of the Army.[118] The leaks revealed the military was monitoring reporters, left-wing parties and figures, and that they labeled civil organizations as a threat because they "infiltrate and advise the population against mining." The Peruvian military threatened to bring treason charges against a journalist with the independent Peruvian news outlet La Encerrona for reporting on the leak.[119]
In June 2023, DDoSecrets published data from the spyware company LetMeSpy.[133]
In August 2023, DDoSecrets published over 500,000 documents and other files from the National Police of Paraguay[134] and files from the spyware company 'WebDetetive' (sic).[135]
In October 2023, DDoSecrets published the Patron Papers, intelligence documents about investigations involving former president of Paraguay Horacio Cartes.[136] They also published emails and documents from Ethiopia's Financial Intelligence Service.[137][138]
NarcoFiles
In November 2023, the Organized Crime and Corruption Reporting Project joined with more than 40 media partners including Cerosetenta / 070, Vorágine, the Centro Latinoamericano de Investigación Periodística (CLIP) and Distributed Denial of Secrets and journalists in 23 countries and territories for the largest investigative project on organized crime to originate in Latin America, producing the 'NarcoFiles' report. The investigation was based on more than seven million emails from the Colombian prosecutor’s office which had been hacked by Guacamaya, including correspondence with embassies and authorities around the world. The files dated from 2001–2022 and included audio clips, PDFs, spreadsheets, and calendars.[139][140] The investigation revealed new details about the global drug trade and over 44 tons of "controlled deliveries" carried out to infiltrate the drug trade[141][142] and how criminals corrupt politicians, bankers, accountants, lawyers, law enforcement agents, hackers, logistics experts, and journalists in order to use logistical, financial, and digital infrastructures.[143]
In November 2023, ICIJ and 68 partners reported on the financial network which supports the regime of Vladimir Putin.[144] The roughly 3.6 million leaked documents were obtained variously via Distributed Denial of Secrets, Paper Trail Media [de], and the Organized Crime and Corruption Reporting Project (OCCRP). They contain confidential information from financial services companies, mostly with connections to Cyprus, and show that country to have strong links with high-up figures in the Kremlin, some of whom have been sanctioned.[145] The investigation purports to show "how 67 of the 105 Russian billionaires on the 2023 Forbes World’s Billionaires List used financial services firms on the island to hide their wealth and keep it out of reach from Western sanctions".[146] The investigation was initiated by ZDF, Der Spiegel and ICIJ, and involved more than 270 journalists from 69 media companies worldwide, including the political journal "frontal", the Washington Post, the Guardian, the Austrian Der Standard and the Swiss research network Tamedia.[147]
2024
In 2024, DDoSecrets launched the "Greenhouse Project" to preserve censored information and create a "warming effect to reverse the chilling effects of censorship" as part of its broader mission to ensure the free transmission of data in the public interest by making itself a "publisher of last resort". The first entry in the project was a November 16, 2023 Reuters story that alleged that a hacking-for-hire firm called Appin had stolen secrets from executives, politicians, military officials, and wealthy elites around the globe and supporting documents. The story was removed by Reuters following an order from a district court in New Delhi, India.[148]
In May 2024, DDoSecrets published a leak of Mexican Defense Ministry intelligence on gun shops and smugglers from the United States that illegally sold weapons, often to cartels, in Mexico.[149]
At the Hackers On Planet Earth (HOPE) conference in June, DDoSecrets announced that the next entry in the Greenhouse Project was mirroring all of WikiLeaks' data after datasets became unavailable to download from the site and Julian Assange's plea deal required the organization to remove information. Emma Best said that the goal was making the WikiLeaks data more accessible and resilient against additional censorship and future website failures. Some of the data were things that DDoSecrets said they "would have handled that data differently than WikiLeaks did, the data is out there and we shouldn't act as censors for it".[150]
^"Nota aclaratoria" [Disclaimer], ¡A esta santa Bárbara jamás me encomendé!, Editorial Universidad del Rosario, pp. XIII–XIV, June 30, 2020, doi:10.2307/j.ctv1675c6d.3, retrieved October 8, 2023