Four days after leak publisher DDoSecrets circulated private documents from more than 200 law enforcement agencies across the United States, Twitter has permanently suspended its account and falsely claimed that the site may infect users with malware.
“Your account, DDoSecrets, has been suspended for violating the Twitter rules,” this email, which Twitter sent to the account holders, said. The message cited rules against “distribution of hacked material” and went on to say:
We don’t permit the use of our services to directly distribute content obtained through hacking that contains private information, may put people in physical harm or danger, or contains trade secrets.
Note that if you attempt to evade a permanent suspension by creating new accounts, we will suspend your new accounts. If you wish to appeal this suspension, please contact our support team.
BlueLeaks asks: Why us and not WikiLeaks?
DDoSecrets describes itself as a “transparency collective, aimed at enabling the free transmission of data in the public interest.” On Friday, it published BlueLeaks, a 269-gigabyte trove of documents that KrebsOnSecurity reported was obtained through the hack of a Web development company that hosted documents on behalf of police departments. Some of the documents exposed police candidly discussing responses to demonstrations protesting what a Minnesota district attorney has charged was the murder of George Floyd, a Black man who died while handcuffed as a Minneapolis Police Department officer pressed a knee on his neck for nearly nine minutes. As of Tuesday, Derek Chauvin, who has since been fired, had not entered a plea.
A Twitter spokesperson confirmed that the company had permanently suspended the DDoSecrets account for violating the social media site’s rules barring hacked materials. The spokesperson said the material (1) contained unredacted information that could put people at risk of real-world harm and (2) ran afoul of a policy that forbids the distribution of material that is obtained through technical breaches and hacks, as publishers of DDoSecrets claimed had been done.
DDoSecrets co-founder Emma Best criticized the suspension and noted that the Twitter account for WikiLeaks remains active despite its publishing vast troves of private information resulting from the 2016 hack of the Democratic National Committee and members of the Hillary Clinton campaign. WikiLeaks has also tweeted links to its Vault 7 series, which published details about closely guarded CIA hacking programs.
Other accounts associated with the Anonymous hacking movement have also escaped suspensions. Twitter was also slow to suspend from Guccifer 2.0 and the Dark Overlord, the monikers of two purported hackers, both of whom also published extensive amounts of personal information obtained through hacking and tweeted the links.
“@DDoSecrets has worked with dozens of major news outlets across the world and published terabytes of data uncovering money laundering schemes, corruption, and more,” Best tweated. “Now we’re being censored for publishing the #BlueLeaks files about law enforcement.”
.@DDoSecrets has worked with dozens of major news outlets across the world and published terabytes of data uncovering money laundering schemes, corruption, and more.
— Emma Best (Mx. Yzptlk) (@NatSecGeek) June 23, 2020
Twitter users who clicked on tweeted links to the DDoSecrets.com site received a message from Twitter warning, with no evidence, that the site may install malware, steal passwords or other sensitive data, or collect personal data for purposes of sending spam.
This security check from Web security firm Sucuri found no malware on the site, although the firm did note that it was blocked by fellow security firm McAfee.
Best said the only malware on the site are binary samples of malware such as the Stuxnet worm that infected Iran about a decade ago and attachments found in emails posted to the site. Best said that DDoSecrets critics have been falsely reporting to security firms that the site is malicious in an attempt to make the site unavailable to users of antivirus products.
The Twitter spokesperson didn’t answer questions about the basis for the claims. The spokesperson also didn’t say what distinguished materials published by DDoSecrets from those published by WikiLeaks. McAfee representatives weren’t immediately available for comment.
Best told Wired that prior to publishing BlueLeaks, DDoSecrets spent a week scrubbing about 50 gigabytes of material disclosing sensitive details about crime victims, children, unrelated private businesses, health care companies, and retired veterans’ associations. The co-founder conceded, however, that the team “probably missed things.”
Critics have increasingly complained that Twitter’s rules for removing tweets and accounts it deems abusive or harmful are inconsistent. The social media site’s permanent suspension of DDoSecrets and its unsubstantiated warnings the site may engage in malicious behavior is only going to further those charges.