© 2022 KMUW
Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations

How a nonprofit group has become the biggest repository for hacked Russian data

A MARTINEZ, HOST:

The war in Ukraine has inspired a global community of hackers to steal reams of sensitive data from deep inside Russia. Others are committed to getting that information out into the world. NPR cybersecurity correspondent Jenna McLaughlin spoke with members of a nonprofit that, since the start of the war, has become the biggest repository for hacked Russian data. And she asked about their place in the conflict and the future of journalism.

JENNA MCLAUGHLIN, BYLINE: On February 24, hackers around the world were ready to jump into action.

FREDDY MARTINEZ: Right after the invasion of Ukraine, there was a sort of online call for people to, in essence, hack or leak data around Russian targets.

MCLAUGHLIN: Freddy Martinez is an adviser to a group called Distributed Denial of Secrets. The name is a pun on a type of cyberattack where a victim is flooded with information. But in this case, the group, a transparency nonprofit, is the recipient of a tidal wave of hacked data - most of it, these days, from Russia.

F MARTINEZ: We've seen things like information about oligarchs hiding their money overseas or in superyachts or things like that.

MCLAUGHLIN: The group isn't the first to dedicate themselves to publishing leaked and stolen information. The name WikiLeaks might ring a bell. But Distributed Denial of Secrets, or DDoS, is a favorite for hackers because they use a peer-to-peer file-sharing method, like LimeWire or Pirate Bay. So the data isn't just stored in one place, and it's harder to delete. Now the group faces an historic moment - the war in Ukraine - and they're trying to figure out what role they should play.

F MARTINEZ: You know, there was some very spirited discussions about, do we even know the genesis of the data and whether or not we're supporting one side of a conflict or another?

MCLAUGHLIN: It's not like anyone in the group supported the war, but when it began, not everyone agreed they should publish the data they were receiving about Russian companies or government agencies. They were scared they might somehow get fooled with fake or misleading information, or end up as unwitting puppets in a geopolitical struggle.

EMMA BEST: We didn't want to be 2016-ed (ph).

MCLAUGHLIN: That's Emma Best, the co-founder of Distributed Denial of Secrets. She means that the group didn't want to become tools in a major influence operation like the one Russia executed during the 2016 U.S. presidential election.

BEST: We could always be wronged. We could always be tricked.

MCLAUGHLIN: Best knows the collective will get linked to WikiLeaks. But she says DDoS has tried to learn from how she believes WikiLeaks was compromised in 2016, when the group published Democratic emails but declined to publish potentially damaging information stolen from the Russian Interior Ministry. Right now, WikiLeaks isn't accepting new submissions. Julian Assange, its infamous leader, faces extradition to the U.S. from Britain. Groups like DDoS are now the future of this space.

BEST: Certainly we have tried to, you know, learn from WikiLeaks' mistakes. But DDoS' M.O. and WikiLeaks' M.O. have always been fairly different.

MCLAUGHLIN: Best says DDoS is very careful about what they publish. They don't release everything they get, and it has to be in the public interest. They often work with local journalists and researchers on specific datasets. As for Russia-related leaks, they have started putting a disclaimer on everything they release during the war, urging readers to take extra care and consider the context. While the collective has often been accused of hacking, they insist they never cross that line.

BEST: We are a journalist organization. We do not engage in offensive hacking or hacktivism.

MCLAUGHLIN: As for the impact, that's an open question.

STEFAN SOESANTO: And so there might be some documents that might be really interesting, but they're under this huge pile of garbage.

MCLAUGHLIN: Stefan Soesanto is a cyberdefense researcher based in Zurich, Switzerland. He doesn't think the data releases have tactical value to Ukrainians on the ground because it's been too challenging to dig through the dumps. Then again, it's a bit embarrassing for the Kremlin. Russia considers itself a major cyber power, but it hasn't been able to keep its data safe from hackers.

SOESANTO: Look what happens to the private sector. Look what happens to your local government. Look what happens to your courts.

MCLAUGHLIN: Basically, all targets of hacktivists.

SOESANTO: Look what happens to all the infrastructure that you have in the digital space and how much data is now out there.

MCLAUGHLIN: It may not be the key to winning a shooting war, but that doesn't mean it's not important.

GABRIELLA COLEMAN: I think history teaches us that these sorts of leaks can have consequences in the near future that are consequential and very hard to predict.

MCLAUGHLIN: That's Gabriella Coleman. She's a professor of anthropology at Harvard who studies the history and culture of hackers. She gave one example of this kind of unpredictable impact that predates cyberspace.

(SOUNDBITE OF ARCHIVED RECORDING)

WALTER CRONKITE: Last month, burglars hit an FBI resident office and took files which, subsequently, have been made public.

MCLAUGHLIN: That CBS' Walter Cronkite. The news was unprecedented - a sweeping counterintelligence program on U.S. citizens. In 1971, an activist group broke into an FBI field office. They stole a bunch of papers, revealing a massive illegal domestic surveillance program that took journalists years to investigate.

COLEMAN: So I think similarly, in this case, we don't know what's going to emerge, right? But I think something will, as well.

MCLAUGHLIN: Everyone expected cyberattacks to be a huge part of the war in Ukraine. But the digital conflict has been a lot more subtle compared to bombs and tanks. Experts say we'll be studying its impact for a long time. As for DDoS and hacktivism, data leaks are bound to be a major part of the future of warfare and journalism.

COLEMAN: Oh, absolutely. This model is here to stay.

MCLAUGHLIN: Again, Gabriella Coleman.

COLEMAN: And it's here to stay because we live in a society where there's so much digital information, and that's not going to go away.

MCLAUGHLIN: DDoS is a small collective - just around a dozen people - but they're committed to making an impact in the long term. When it comes to Russian war crimes, international courts might just look to evidence buried in troves of stolen data published by groups like DDoS. But first, it will require some serious digging from journalists and researchers all around the world.

Jenna McLaughlin, NPR News.

(SOUNDBITE OF SYNTHETIC EPIPHANY'S "BIPOLAR") Transcript provided by NPR, Copyright NPR.

Jenna McLaughlin
Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.