Hacktivism or Disinformation? Whoever Leaked the Data, It’s Culled From Old Breaches
Guy Fawkes, aka the face of Anonymous
Not all data breaches are what they might seem, and not all leakers are who they might claim to be.
Take the doxing of the Minneapolis Police Department. In recent days, information on members of the police force was leaked online, including under the banner of Anonymous.
“Anonymous is back and have already h@cked the Minneapolis Police Department website,” tweeted the Twitter account @pjnkmin, which may – or may not – be associated with Anonymous actors. At least until recently, the account and many others retweeting about the data dump appeared to be largely focused on K-pop, as in South Korean pop music and culture, rather than hacktivism.
Whoever assembled a collection of email account usernames and passwords for members of the Minneapolis Police Department, the information has been circulating widely online in recent days. The supposed doxing followed the death on May 25 of George Floyd, a black man who was in Minneapolis police custody. Four police officers present during his death have been fired, and one – Derek Chauvin – was charged on Friday with third-degree murder and second-degree manslaughter. The Department of Justice is investigating.
Floyd’s death has led to protests across the United States and beyond.
‘Anonymous Is Back’
Enter one or more individuals claiming to operate under the banner of Anonymous, the hacktivist collective where no one knows your true name (more on that shortly).
ANONYMOUS IS BACK AND HAVE ALREADY H@CKED THE MINNEAPOLIS POLICE DEPARTMENT WEBSITEpic.twitter.com/W7AcHyh3gV
— nutella7 IA | BLM (@pjnkmin) May 31, 2020
“Officers who kill people and commit other crimes need to be held accountable just like the rest of us, otherwise, they will believe they have a license to do whatever they want,” the Anonymous post says to the Minneapolis police. “Unfortunately, we do not trust your corrupt organization to carry out justice, so we will be exposing your many crimes to the world.”
One problem: Anonymous doesn’t appear to have hacked anyone.
For breaches cataloged by Have I Been Pwned, individual email addresses appear in an average of two breaches. But the emails contained in the Minneapolis Police Department employee dump appear in an average of 5.5 breaches. (Source: Troy Hunt)
Of the 798 email addresses contained in the data dump, 689 are unique, and 87 appear multiple times, says Troy Hunt, who runs the free Have I Been Pwned breach-notification service. “Of the 689 unique email addresses, 654 of them are already in Have I Been Pwned,” he says in a blog post. “That’s a hit rate of 95%, which is massively higher than any all-new, legitimate breach,” which at least in the U.S. would typically have a hit rate of 60% to 80%, he says.
What we almost certainly have here is the result of someone selecting every https://t.co/PLqgtO3KjG email address from old breaches or credential stuffing lists and passing it off as something it isn’t. There’s no evidence whatsoever to suggest this is legitimate.
— Troy Hunt (@troyhunt) May 31, 2020
The impetus for people wanting to believe that above-the-law hackers might be holding people in power to account, however, is powerful.
“This is getting traction because emotions are high; public outrage is driving a desire for this to be true, even if it’s not,” Hunt says. “Hash-tagging it ‘Anonymous’ implies social justice, even if the whole thing is a hoax.”
Anonymity May Be Only Skin Deep
A big caveat remains for anyone who might want to set their hack cannons to lulz: Anonymous members who have experienced “OPSEC fail” by failing to practice sufficiently good operational security, and who have broken the law, have found themselves getting outed, charged, arrested and serving jail time, as the “PayPal 14” and Hector “Sabu” Monsegur, former leader the collective’s LulzSec spinoff, can attest.
And of course, anyone can still claim to be part of Anonymous and make their communications look official by ending any missives with this tagline: “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”
This “hyperbolic rhetoric” is part of what came to define Anonymous, as well as to make its video pronouncements go viral in the late 2000s and early 2010s, according to anthropologist Gabriella Coleman, who’s a professor at Montreal’s McGill University.
“It is difficult to boil down the workings of anonymity within Anonymous to a single logic: Whatever formulation you come up with, it can always be adopted and repurposed, in different ways and towards different ends, by whoever wants to use it,” Coleman writes in “Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous,” her 2014 take on the history of the collective.
Because by definition Anonymous is anonymous, “the ideal itself is thus, in some ways, incorruptible (or endlessly corruptible) – always outside the reach of power, even if those temporarily experiencing it, or who believe themselves to be experiencing it, can themselves be grasped,” Coleman writes.
Down and Out in Hacktivist Land
The anonymity implied by Anonymous, of course, means that the supposed social justice aims can – and have been – suborned by individuals with other goals.
Indeed, the faked Minneapolis Police Department data leak isn’t the first hoax in recent times involving supposed activist hackers. Over the course of the last decade, bona fide hacktivism plummeted, while nation-state false flag operations conducted under the guise of hacktivism have skyrocketed, threat intelligence firm Recorded Future reported last year.
Source: Recorded Future
Given the guise of anonymity, reliably knowing when hackers are at work, versus nation-state groups or state-sponsored troll farms, can be tough.
For starters, that’s because disinformation campaigns typically don’t make things up from scratch, but rather make use of existing social and political divisions. The Kremlin’s 4D campaigns – for dismiss, distort, distract and dismay – are designed to amplify already existing debates, for example, to undermine U.S. elections, spread vaccine misinformation or blame foreigners for COVID-19.
Existing Debates Get Amplified
Again, however, foreign powers with their own agenda didn’t start these fights; they’re just trying to turn them to their own advantage.
The same likely holds for current protests in the U.S. and beyond. “Are foreign state actors amplifying narratives around the protests for their own gain? Absolutely! It’s become an international media event that aligns neatly with their broader political agendas,” tweets Lee Foster, an information operations intelligence analyst for cybersecurity firm FireEye.
But for anyone looking to blame the protests on foreign actors, “stop looking externally for the enemy within,” he says. “That’s a reference to societal systems of oppression, for those that can’t read between the lines.”