NYT: Huge trove of leaked Russian documents is published by transparency advocates
A group of transparency advocates on Friday posted a mammoth collection of hacked and leaked documents from inside Russia, a release widely viewed as a sort of symbolic counterstrike against Russia's dissemination of hacked emails to influence the American presidential election in 2016.
Most of the material, which sheds light on Russia's war in Ukraine as well as ties between the Kremlin and the Russian Orthodox Church, the business dealings of oligarchs and much more, had been released in Russia, Ukraine and elsewhere, sometimes on obscure websites. There were no immediate reports of new bombshells from the collection, according to The New York Times.
But the sheer volume of the material – 175 gigabytes – and the technical challenges of searching it meant that its full impact may not be felt for some time. The volume is many times greater than the total known material stolen by Russian military intelligence from the Democratic National Committee and Hillary Clinton's presidential campaign nearly three years ago.
The core files from the new collection, called "The Dark Side of the Kremlin," included "hundreds of thousands of messages and files from Russian politicians, journalists, oligarchs, religious figures, and nationalists/terrorists in Ukraine," said the group that posted it, Distributed Denial of Secrets, or DDoSecrets. The name is a play on the term for a common cyberattack known as a distributed denial of service.
The documents include a voluminous archive of material hacked from Russia's Ministry of Internal Affairs that WikiLeaks had declined to publish in 2016, telling Foreign Policy magazine the next year that it "rejects all submissions that it cannot verify" or that it finds "insignificant."
Also posted are a large collection of Russian emails and other material obtained by Shaltai Boltai, a Russian hacking group; documents from the Russian arms exporting agency Rosoboronexport; and material obtained in what DDoSecrets called a "hacking spree" against Russian targets accused of falsifying the story of the downing in Ukraine of a passenger plane, Malaysia Airlines Flight 17, in 2014.
The Russian documents were posted simultaneously on the DDoSecrets website and on the Internet Archive.
Emma Best, a journalist and transparency advocate in Boston who helped organize Distributed Denial of Secrets late last year, said the Russian collection was not posted explicitly as payback for Russia's 2016 hacks and leaks, though she acknowledged "it does add some appreciable irony."
"Our motive is to collect and make available materials for a subject that was very underexplored – Russian power circles, how they interconnect, their influence operations," Ms. Best said. "People have a cursory understanding of that, but outside of a few experts it hasn't been looked at in detail and contextualized."
Ms. Best, 32, who has published at the investigative site MuckRock and elsewhere, noted that the Distributed Denial of Secrets site already hosts thousands of leaked documents from dozens of countries, the largest number from the United States.
The new site operates roughly on the model pioneered by WikiLeaks – inviting hackers and whistle-blowers to send confidential documents for posting. But Ms. Best has been quite critical of that site and its founder, Julian Assange, who played a central role in distributing the Democrats' emails that Russians hacked in 2016. Distributed Denial of Secrets has posted a large archive of internal documents from WikiLeaks itself.
"Personally, I am disappointed by what I see as dishonest and egotistic behavior from Julian Assange and WikiLeaks," Ms. Best said. But she added that she had made the Russian document collection available to WikiLeaks ahead of its public release on Friday, and had posted material favorable to Mr. Assange leaked from the Ecuadorean Embassy in London, where he has lived for more than six years to avoid arrest.
Russian and Eastern European hackers have for many years been among the world's most active, many operating, initially, from a criminal underground in search of profit. But over the last decade, Russian intelligence agencies have become adept at using cyberintrusions to pilfer documents abroad as part of intelligence gathering and to leak for political purposes.
While the 2016 American election attack, carried out by Russian military intelligence hackers from the agency known as the G.R.U., has gotten the most attention, similar hack-and-leak operations have been carried out on a daily or weekly basis for years in Eastern Europe. Ukrainian hackers have worked aggressively to expose Russian covert activities in Crimea and the regions of eastern Ukraine controlled by separatist rebels.
Business tycoons have used hackers to go after rivals. Activists have sought to expose wrongdoing by the police and security agencies. The resulting archives of emails and inside documents have been posted all over the web, and the new collection seeks to gather it all in one place.
Ms. Best said Distributed Denial of Secrets is operated by fewer than 20 people who live in multiple countries, most preferring to remain anonymous. She said the Russian project began last year when she connected with a journalist looking for a collection of emails hacked by Shaltai Boltai, the Russian group whose name means Humpty Dumpty.
She said she was able to find those emails and then "we decided to flesh out our Russian section a little bit." They put the word out that they were looking for additional hacked or leaked Russian documents to host and began to get submissions.
"At some point we thought we were ready to go," she said. "Then more rolled in."
Ms. Best said the group has not heard from Russian government officials about their project – not directly, at least. About two weeks ago, she said, after they had collected the Russian material but not yet posted it publicly, someone tried to erase one of the group's servers.
"We try not to draw solid conclusions, but we are obviously aware of the possibilities" as to who might have tried to disrupt their project, she said. The group accelerated the public posting by several weeks and have made sure to cache copies of the entire archive, in multiple places, to prevent its destruction, she said.