That’s it. That’s all Signal turned over because that’s all Signal itself had access to. As Signal’s website puts it, “It’s impossible to turn over data that we never had access to in the first place.” It wasn’t the first time Signal has received data requests from the government, nor was it the last. In all cases, Signal handed over just those two pieces of data about accounts, or nothing at all.

Signal is the gold standard for secure messaging apps because not only are messages encrypted, but so is pretty much everything else. Signal doesn’t know your name or profile photo, who any of your contacts are, which Signal groups you’re in, or who you talk to and when. (This isn’t true for WhatsApp, Telegram, iMessage, and nearly every other messaging app.)

Still, one of the main issues with Signal is its reliance on phone numbers. When activists join Signal groups for organizing, they’ve been forced to share their phone number with people they don’t yet know and trust. Journalists have had to choose between soliciting tips by publishing their private numbers to their readers — and therefore inviting harassment and cyberattacks — or setting up a second Signal number, a challenging and time-consuming prospect. Most journalists simply don’t publish a Signal number at all. That’s all about to change.

With the long-awaited announcement that usernames are coming to Signal — over four years in the making — Signal employed the same careful cryptography engineering it’s famous for, ensuring that the service continues to learn as little information about its users as possible.

“Doing it encrypted is the boss level. We had to change fundamental pieces of our architecture.”

“Doing it encrypted is the boss level,” said Meredith Whittaker, president of the nonprofit Signal Foundation, which makes the app. “We had to change fundamental pieces of our architecture.”

If Signal receives a government request for information about an account based on an active username, Signal will be able to hand over that account’s phone number along with its creation date and last connection date. So being able to use Signal through usernames doesn’t mean your phone number becomes subpoena-proof — at least not without using the new ability to change your username at will.

That’s because the new Signal usernames are designed to be ephemeral. You can set one, delete it, and change it to something else, as often as you want.

Signal usernames are supported in the latest versions of the Signal desktop and mobile apps— make sure to update your app, in case you’re using an older version. My username is micah.01, if you want to drop me a message.

Signal’s New Phone Number Privacy

With the new version of Signal, you will no longer broadcast your phone number to everyone you send messages to by default, though you can choose to if you want. Your phone number will still be displayed to contacts who already have it stored in their phones. Going forward, however, when you start a new conversation on Signal, your number won’t be shared at all: Contacts will just see the name you use when you set up your Signal profile. So even if your contact is using a custom Signal client, for example, they still won’t be able to discover your phone number since the service will never tell it to them.

You also now have the option to set a username, which Signal lets you change whenever you want and delete when you don’t want it anymore. Rather than directly storing your username as part of your account details, Signal stores a cryptographic hash of your username instead; Signal uses the Ristretto 25519 hashing algorithm, essentially storing a random block of data instead of usernames themselves. This is like how online services can confirm a user’s password is valid without storing a copy of the actual password itself.

“As far as we’re aware, we’re the only messaging platform that now has support for usernames that doesn’t know everyone’s usernames by default.”

“As far as we’re aware, we’re the only messaging platform that now has support for usernames that doesn’t know everyone’s usernames by default,” said Josh Lund, a senior technologist at Signal.

The move is yet another piece of the Signal ethos to keep as little data on hand as it can, lest the authorities try to intrude on the company. Whittaker explained, “We don’t want to be forced to enumerate a directory of usernames.”

To prevent people from squatting on high value usernames — like taylorswift, for example — all usernames are required to have a number at the end of them, like taylorswift.89. Once you’ve set a username, other Signal users can start a conversation with you by searching for your username, all without learning your phone number.

Since usernames are designed to be ephemeral, you can set a new username specifically for a conference you’re attending, or for a party. People can connect with you using it, and then you delete it when you’re done and set it to something else later.

There are some cases you might want your username to be permanent. For example, it makes sense for journalists to create a username that they never change and publish it widely so sources can reach out to them. Journalists can now do that without having to share their private phone number. It makes sense for sources, on the other hand, to only set a username when they specifically want to connect with someone, then delete it afterward.

You can also create a link or QR code that people can scan to add you as a contact. These, too, are ephemeral. You can send someone your Signal link in an insecure channel, and, as soon as they contact you, you can reset your link and get a new one, without needing to change your username.

Finally, while you’ll still need a phone number to create a Signal account, you’ll have the option to prevent anyone from finding you on Signal using your phone number.

Can Signal Hand Over Your Phone Number Based on a Username?

Whenever Signal receives a properly served subpoena, they work closely with the American Civil Liberties Union to challenge and respond to it, handing over as little user data as possible. Signal publishes a post to the “Government Requests” section of their website (signal.org/bigbrother) whenever they’re legally forced to provide user data to governments, so long as they’re allowed to. Some of the examples include challenges to gag orders, allowing Signal to publish the previously sealed court orders.

If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user’s phone number, along with the account creation date and the last connection date. Whittaker stressed that this is “a pretty narrow pipeline that is guarded viciously by ACLU lawyers,” just to obtain a phone number based on a username.

Signal, though, can’t confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn’t even be able to confirm that it was ever in use to begin with, much less which accounts had used it before.

If the Signal user briefly used a username and then deleted it, Signal wouldn’t even be able to confirm that it was ever in use to begin with.

In short, if you’re worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username.

Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with.

If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account’s username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it’s real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables.

Why Does Signal Require Phone Numbers at All?

Signal’s leadership is aware that its critics’ most persistent complaint is the phone number requirement, and they’ll readily admit that optional usernames are only a partial fix. But because phone numbers make it simpler for most people to use Signal, and harder for spammers to make fake accounts, the phone number requirement is here to stay for the foreseeable future.

Signal doesn’t publish how many users it has, but the Android app boasts over 100 million downloads. It has achieved this scale largely because all you need to do is install the Signal app and you can immediately send encrypted messages to the other Signal users in your phone’s contacts — based on phone numbers.

“You reach a threshold where you’re actually reducing privacy.”

This ease of use also makes Signal more secure. If Signal removed phone numbers, making it more difficult for Signal users to find each other compared to using alternative messaging apps, there could be a price to pay. “You reach a threshold where you’re actually reducing privacy,” Whittaker said. She gave an example of a person who faces severe threats and normally maintains vigilance but whose mother is only on WhatsApp because she can’t figure out the numberless Signal. The high-threat person would be stuck using the less secure option more often.

Requiring phone numbers also makes it considerably harder for spammers to abuse Signal. “The existence of a handful of small apps that don’t really have a large scale of users, that don’t require phone numbers, I don’t think is proof that it’s actually workable for a large-scale app,” Whittaker said.

It’s entirely possible to build a version of Signal that doesn’t require phone numbers, but Whittaker is concerned that without the friction of obtaining fresh phone numbers, spammers would immediately overwhelm the network. Signal engineers have discussed possible alternatives to phone numbers that would maintain that friction, including paid options, but nothing is currently on their road map.

“That’s actually the nexus of a very gnarly problem space that I haven’t seen a real solution for from any alternatives, and we would want to tread very, very cautiously,” Whittaker said. “There’s one Signal. We’re the gold standard for private messaging, and we have achieved critical mass at a pretty large scale. Those things couldn’t easily be recreated if we fuck this up by making a rash decision that then makes it a spammy ghost town. That’s the concern we’re wrestling with here.”

Update: March 5, 2024
This story has been updated to reflect that Signal’s username function is now available across its various apps.

The post Signal’s New Usernames Help Keep the Cops Out of Your Data appeared first on The Intercept.

Unlike any other point in history, hackers, whistleblowers, and archivists now routinely make off with terabytes of data from governments, corporations, and extremist groups. These datasets often contain gold mines of revelations in the public interest and in many cases are freely available for anyone to download. 

Revelations based on leaked datasets can change the course of history. In 1971, Daniel Ellsberg’s leak of military documents known as the Pentagon Papers led to the end of the Vietnam War. The same year, an underground activist group called the Citizens’ Commission to Investigate the FBI broke into a Federal Bureau of Investigation field office, stole secret documents, and leaked them to the media. This dataset mentioned COINTELPRO. NBC reporter Carl Stern used Freedom of Information Act requests to publicly reveal that COINTELPRO was a secret FBI operation devoted to surveilling, infiltrating, and discrediting left-wing political groups. This stolen FBI dataset also led to the creation of the Church Committee, a Senate committee that investigated these abuses and reined them in. 

Huge data leaks like these used to be rare, but today they’re increasingly common. More recently, Chelsea Manning’s 2010 leaks of Iraq and Afghanistan documents helped spark the Arab Spring, documents and emails stolen by Russian military hackers helped elect Donald Trump as U.S. president in 2016, and the Panama Papers and Paradise Papers exposed how the rich and powerful use offshore shell companies for tax evasion.

Yet these digital tomes can prove extremely difficult to analyze or interpret, and few people today have the skills to do so. I spent the last two years writing the book “Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data” to teach journalists, researchers, and activists the technologies and coding skills required to do just this. While these topics are technical, my book doesn’t assume any prior knowledge: all you need is a computer, an internet connection, and the will to learn. Throughout the book, you’ll download and analyze real datasets — including those from police departments, fascist groups, militias, a Russian ransomware gang, and social networks — as practice. Throughout, you’ll engage head-on with the dumpster fire that is 21st-century current events: the rise of neofascism and the rejection of objective reality, the extreme partisan divide, and an internet overflowing with misinformation.

My book officially comes out January 9, but it’s shipping today if you order it from the publisher here. Add the code INTERCEPT25 for a special 25 percent discount.

The following is a lightly edited excerpt from the first chapter of “Hacks, Leaks, and Revelations” about a crucial and often underappreciated part of working with leaked data: how to verify that it’s authentic.

You can’t believe everything you read on the internet, and juicy documents or datasets that anonymous people send you are no exception. Disinformation is prevalent.

How you go about verifying that a dataset is authentic completely depends on what the data is. You have to approach the problem on a case-by-case basis. The best way to verify a dataset is to use open source intelligence (OSINT), or publicly available information that anyone with enough skill can find. 

This might mean scouring social media accounts, consulting the Internet Archive’s Wayback Machine, inspecting metadata of public images or documents, paying services for historical domain name registration data, or viewing other types of public records. If your dataset includes a database taken from a website, for instance, you might be able to compare information in that database with publicly available information on the website itself to confirm that they match. (Michael Bazzell also has great resources on the tools and techniques of OSINT.)

Below, I share two examples of authenticating data from my own experience: one about a dataset from the anti-vaccine group America’s Frontline Doctors, and another about leaked chat logs from a WikiLeaks Twitter group. 

In my work at The Intercept, I encounter datasets so frequently I feel like I’m drowning in data, and I simply ignore most of them because it’s impossible for me to investigate them all. Unfortunately, this often means that no one will report on them, and their secrets will remain hidden forever. I hope “Hacks, Leaks, and Revelations” helps to change that. 

The America’s Frontline Doctors Dataset

In late 2021, in the midst of the Covid-19 pandemic, an anonymous hacker sent me hundreds of thousands of patient and prescription records from telehealth companies working with America’s Frontline Doctors (AFLDS). AFLDS is a far-right anti-vaccine group that misleads people about Covid-19 vaccine safety and tricks patients into paying millions of dollars for drugs like ivermectin and hydroxychloroquine, which are ineffective at preventing or treating the virus. The group was initially formed to help Donald Trump’s 2020 reelection campaign, and the group’s leader, Simone Gold, was arrested for storming the U.S. Capitol on January 6, 2021. In 2022, she served two months in prison for her role in the attack.

My source told me that they got the data by writing a program that made thousands of web requests to a website run by one of the telehealth companies, Cadence Health. Each request returned data about a different patient. To see whether that was true, I made an account on the Cadence Health website myself. Everything looked legitimate to me. The information I had about each of the 255,000 patients was the exact information I was asked to provide when I created my account on the service, and various category names and IDs in the dataset matched what I could see on the website. But how could I be confident that the patient data itself was real, that these people weren’t just made up?

I wrote a simple Python script to loop through the 72,000 patients (those who had paid for fake health care) and put each of their email addresses in a text file. I then cross-referenced these email addresses with a totally separate dataset containing personal identifying information from members of Gab, a social network popular among fascists, anti-democracy activists, and anti-vaxxers. In early 2021, a hacktivist who went by the name “JaXpArO and My Little Anonymous Revival Project” had hacked Gab and made off with 65GB of data, including about 38,000 Gab users’ email addresses. Thinking there might be overlap between AFLDS and Gab users, I wrote another simple Python program that compared the email addresses from each group and showed me all of the addresses that were in both lists. There were several.

Armed with this information, I started scouring the public Gab timelines of users whose email addresses had appeared in both datasets, looking for posts about AFLDS. Using this technique, I found multiple AFLDS patients who posted about their experience on Gab, leading me to believe that the data was authentic. For example, according to consultation notes from the hacked dataset, one patient created an account on the telehealth site and four days later had a telehealth consultation. About a month after that, they posted to Gab saying, “Front line doctors finally came through with HCQ/Zinc delivery” (HCQ is an abbreviation for hydroxychloroquine).

Having a number of examples like this gave us confidence that the dataset of patient records was, in fact, legitimate. You can read our AFLDS reporting at The Intercept — which led to a congressional investigation into the group — here.

The WikiLeaks Twitter Group Chat

In late 2017, journalist Julia Ioffe published a revelation in The Atlantic: WikiLeaks had slid into Donald Trump Jr.’s Twitter DMs. Among other things, before the 2016 election, WikiLeaks suggested to Trump Jr. that even if his father lost the election, he shouldn’t concede. “Hi Don,” the verified @wikileaks Twitter account wrote, “if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do.”

A long-term WikiLeaks volunteer who went by the pseudonym Hazelpress started a private Twitter group with WikiLeaks and its biggest supporters in mid-2015. After watching the group become more right-wing, conspiratorial, and unethical, and specifically after learning about WikiLeaks’ secret DMs with Trump Jr., Hazelpress decided to blow the whistle on the whistleblowing group itself. She has since publicly come forward as Mary-Emma Holly, an artist who spent years as a volunteer legal researcher for WikiLeaks.

To carry out the WikiLeaks leak, Holly logged in to her Twitter account, made it private, unfollowed everyone, and deleted all of her tweets. She also deleted all of her DMs except for the private WikiLeaks Twitter group and changed her Twitter username. Using the Firefox web browser, she then went to the DM conversation — which contained 11,000 messages and had been going on for two-and-a-half years — and saw the latest messages in the group. She scrolled up, waited for Twitter to load more messages, scrolled up again, and kept doing this for four hours until she reached the very first message in the group. She then used Firefox’s Save Page As function to save an HTML version of the webpage, as well as a folder full of resources like images that were posted in the group.

Now that she had a local, offline copy of all the messages in the DM group, Holly leaked it to the media. In early 2018, she sent a Signal message to the phone number listed on The Intercept’s tips page. At that time, I happened to be the one checking Signal for incoming tips. Using OnionShare — software that I developed for this purpose — she sent me an encrypted and compressed file, along with the password to decrypt it. After extracting it, I found a 37MB HTML file — so big that it made my web browser unresponsive when I tried opening it and which I later split into separate files to make it easier to work with — and a folder with 82MB of resources.

How could I verify the authenticity of such a huge HTML file? If I could somehow access the same data directly from Twitter’s servers, that would do it; only an insider at Twitter would be in a position to create fake DMs that show up on Twitter’s website, and even that would be extremely challenging. When I explained this to Holly (who, at the time, I still knew only as Hazelpress), she gave me her Twitter username and password. She had already deleted all the other information from that account. With her consent, I logged in to Twitter with her credentials, went to her DMs, and found the Twitter group in question. It immediately looked like it contained the same messages as the HTML file, and I confirmed that the verified account @wikileaks frequently posted to the group.

Following these steps made me extremely confident in the authenticity of the dataset, but I decided to take verification one step further. Could I download a separate copy of the Twitter group myself in order to compare it with the version Holly had sent me? I searched around and found DMArchiver, a Python program that could do just that. Using this program, along with Holly’s username and password, I downloaded a text version of all of the DMs in the Twitter group. It took only a few minutes to run this tool, rather than four hours of scrolling up in a web browser.

Note: After this investigation, the DMArchiver program stopped working due to changes on Twitter’s end, and today the project is abandoned. However, if you’re faced with a similar challenge in a future investigation, search for a tool that might work for you. 

The output from DMArchiver, a 1.7MB text file, was much easier to work with compared to the enormous HTML file, and it also included exact time stamps. Here’s a snippet of the text version:

[2015-11-19 13:46:39] <WikiLeaks> We believe it would be much better for GOP to win.

[2015-11-19 13:47:28] <WikiLeaks> Dems+Media+liberals woudl then form a block to reign in their worst qualities.

[2015-11-19 13:48:22] <WikiLeaks> With Hillary in charge, GOP will be pushing for her worst qualities., dems+media+neoliberals will be mute.

[2015-11-19 13:50:18] <WikiLeaks> She’s a bright, well connected, sadistic sociopath.

I could view the HTML version in a web browser to see it exactly as it had originally looked on Twitter, which was also useful for taking screenshots to include in our final report.

A screenshot of the leaked HTML file.

Along with the talented reporter Cora Currier, I started the long process of reading all 11,000 chat messages, paying closest attention to the 10 percent of them from the @wikileaks account — which was presumably controlled by Julian Assange, WikiLeaks’s editor — and picking out everything in the public interest. We discovered the following details:

• Assange expressed a desire for Republicans to win the 2016 presidential election.
• Assange and his supporters were intensely focused on discrediting two Swedish women who had accused him of rape and molestation, as well as discrediting their lawyers. Assange and his defenders spent weeks discussing ways to sabotage articles about his rape case that feminist journalists were writing.
• After Associated Press journalist Raphael Satter wrote a story about harm caused when WikiLeaks publishes personal identifiable information, Assange called him a “rat” and said that “he’s Jewish and engaged in the ((())) issue,” referring to an antisemitic neo-Nazi meme. He then told his supporters to “bog him down. Get him to show his bias.”

You can read our reporting on this dataset at The Intercept. After The Intercept published this article, Assange and his supporters also targeted me personally with antisemitic abuse, and Russia Today, the state-run TV station, ran a segment about me. 

The techniques you can use to authenticate datasets vary greatly depending on the situation. Sometimes you can rely on OSINT, sometimes you can rely on help from your source, and sometimes you’ll need to come up with an entirely different method.

Regardless, it’s important to explain in your published report, at least briefly, what makes you confident in the data. If you can’t authenticate it but still want to publish your report in case it’s real — or in case others can authenticate it — make that clear. When in doubt, err on the side of transparency.

My book, “Hacks, Leaks, and Revelations,” officially comes out on January 9, but it’s shipping today if you order it from the publisher here. Add the code INTERCEPT25 for a special 25 percent discount.

The post How to Authenticate Large Datasets appeared first on The Intercept.

View this post on Instagram

A post shared by Jewish Voice for Peace (@jewishvoiceforpeace)

The Anti-Defamation League has classified the event — and dozens of other protests led by Jewish groups like Jewish Voice for Peace and IfNotNow — as “anti-Israel,” according to an analysis by The Intercept, and added them to their database documenting rising antisemitism across the U.S.

“We’re seeing a genuine rise in antisemitic attacks and white nationalist, white supremacist, antisemitic hate and violence,” Eva Borgwardt, the national spokesperson for IfNotNow, told me. “When white nationalism is on the rise, to cheapen the accusation of antisemitism by applying it to Palestinian rights advocates, including Jews, is incredibly irresponsible and dangerous.”

Since Hamas’s brutal October 7 attack on southern Israel where Palestinian militants killed over 1,200 Israelis — most of them civilians — and took over 200 hostages, the Anti-Defamation League, a Jewish advocacy group that tracks antisemitism and extremism, has been keeping track of the alarming rise of antisemitic incidents.

In 2020, over 100 progressive organizations — including the Movement for Black Lives, Democratic Socialists of America, and Center for Constitutional Rights — signed an open letter asking the progressive community to not partner with ADL because the group “has a history and ongoing pattern of attacking social justice movements led by communities of color, queer people, immigrants, Muslims, Arabs, and other marginalized groups, while aligning itself with police, right-wing leaders, and perpetrators of state violence.” Now, ADL is targeting a new group of people: progressive Jews.

Israel’s indiscriminate massacre of civilians in Gaza — killing over 10,000 Palestinians so far in the densely populated Gaza Strip, including over 4,000 children — has led to the largest anti-war protests in the U.S. since the Iraq War, including a surge of renewed activism from progressive Jewish groups. Israel has bombed Gaza nonstop since the October 7 attack, ordered the relocation of over 1 million civilians, launched a ground invasion, and is blocking food, water, medical supplies, and fuel from making it into Gaza, triggering a humanitarian crisis and leading to what legal scholars call a genocide against Palestinians.

While the ADL told The Intercept that it does not consider the ceasefire protests “antisemitic,” just “anti-Israel,” its CEO, Jonathan Greenblatt, has said otherwise. After several thousand Jews and their allies marched on the U.S. Capitol on October 18 calling for a ceasefire, ADL DC released a statement equating anti-Zionism with antisemitism. Greenblatt piled on, calling the groups that organized the protest, including Jewish Voice for Peace, “hate groups.”

Roughly 500 Jews, including 25 rabbis, were arrested at the Capitol protest.

View this post on Instagram

A post shared by Jewish Voice for Peace NYC (@jvpny)

“It is important to note that these are radical fringe Jewish organizations and being Jewish does not exempt an organization or a person from being antisemitic,” an ADL spokesperson told The Intercept.

A 2021 poll of Jewish voters, conducted by the nonpartisan Jewish Electorate Institute, shows that pro-Palestinian views in the American Jewish community are far from fringe. At the time, 25 percent of the Jews surveyed believed Israel was an apartheid state, 34 percent believed that Israel’s treatment of Palestinians was similar to racism in the U.S., and 22 percent thought that Israel was committing genocide against Palestinians. These numbers are even starker for younger American Jews. This poll doesn’t reflect changes in how American Jews feel after Hamas’s brutal October 7 attack against Israel, or Israel’s subsequent massacre of thousands of Palestinian civilians in Gaza.

Another poll, conducted by Data for Progress after the Israel–Gaza war broke out, shows that two-thirds of American voters as a whole support a ceasefire in Gaza, including 80 percent of Democrats, 56 percent of Republicans, and 57 percent of independents — despite President Joe Biden and most members of Congress, in both parties, opposing it.

Like much of the American Jewish community, progressive Jews who are protesting the genocide in Gaza are also grieving loved ones who were murdered by Hamas on October 7. “In the days after the [Hamas] attack, people on [IfNotNow’s] staff were finding out that they had relatives and friends, and those people’s kids, who were murdered on October 7,” Borgwardt said. “This was extremely close to home and painful.”

ADL’s “Stand With Israel” Map

On October 24, ADL published a press release noting a “nearly 400 percent increase in preliminary antisemitic incidents” across the U.S. since October 7, compared to the same period last year. The source for that statistic was ADL’s own dataset, published as an interactive map, of “Antisemitic Incidents and Anti-Israel Rallies in the U.S. Since Hamas’s Attack on Israel.”

While ADL doesn’t distribute its raw data in a usable format, when you load the map in a web browser, behind the scenes your browser downloads a copy of it. By monitoring what my browser downloaded while loading the map, I was able to extract a copy of the data and save it as a spreadsheet. The raw data is full of duplicates. After de-duplicating it, I ended up with a spreadsheet with 1,163 “antisemitic incidents and anti-Israel rallies.” ADL continuously updates the map, and the data I’m working with was last updated on November 9.

The data plotted in the map is split into the categories of “Assault,” “Harassment,” “Vandalism,” “Anti-Israel Rallies,” and “Anti-Israel Rallies w. Support for Terror.”

The assault, harassment, and vandalism categories, which made up 46 percent of the points on the map, are full of alarming evidence of the dramatic rise in antisemitism and white supremacy that the U.S. has been seeing, particularly since Donald Trump’s 2016 election. For example, according to ADL’s data:

• On October 8 in Salt Lake City, Utah, someone called in a bomb threat to a synagogue.
• On October 13 in Beverly Hills, California, someone yelled “kike” at a visibly Jewish family taking on walk on Shabbat.
• On October 18 in Manhattan, New York, someone found the words “Kill the Jews” written on the wall of a subway station.
• On October 23 in Washington, D.C., someone drew a swastika at an elementary school.
• On October 25 in White Plains, New York, a “car featuring a swastika and a Palestinian flag drove near a vigil for abducted Israelis.”
• On October 28 in Knoxville, Tennessee, members of the antisemitic hate group Goyim Defense League distributed flyers saying “Every single aspect of the LGBTQ+ movement is Jewish.”
• On November 3 in Seattle, Washington, a synagogue “received a suspicious letter containing white powder.”

The remaining 54 percent of the points on the map are Palestine solidarity protests which ADL dubs “anti-Israel rallies” (39 percent) and “anti-Israel rallies with support for terror” (15 percent). At these rallies, protesters have been calling for a ceasefire, the end of unconditional U.S. military aid to Israel, and the end of the genocide in Gaza.

“If an event is marked only as an ‘anti-Israel rally,’ then we do not consider it antisemitic,” the ADL spokesperson said.

By scouring the social media accounts of national and regional Jewish Voice for Peace and IfNotNow groups, I was able to match rallies led by Jewish groups with the dates and locations of dozens of the rallies listed on ADL’s map — making up around 10 percent of all the rallies listed. ADL declined to provide a full dataset, so it’s possible that for some of the “anti-Israel rallies” organized by Jews I found, the corresponding ADL datapoints are actually referring to different events that happened in the same cities on the same days.

ADL confirmed to The Intercept that several massive Jewish protests, including the march on the U.S. Capitol on October 18 and the sit-in at Grand Central Station on October 27, are included in its map.

Here are a few of the ceasefire and anti-genocide protests that American Jews have organized since Israel started its indiscriminate bombing of Gaza, also confirmed by ADL:

On October 13, a group of 15 Jews occupied the office of Sen. Patty Murray, D-Wash., in Seattle demanding that she support a ceasefire, and that the U.S. stop arming Israel while the country has “openly declared their intention to commit war crimes.” Six were arrested.

View this post on Instagram

A post shared by Jewish Voice for Peace Seattle (@jvpseattle)

On October 16, over 1,000 Jews and their allies blockaded entrances to the White House, demanding that Biden support a ceasefire. In a tweet, IfNotNow stated, “We are also here raising our voices for our Israeli siblings — while burying their loved ones and awaiting news of those kidnapped — are screaming at their government for the bombs to stop.” At least 30 were arrested.

On October 23, hundreds of Jews protested outside the office of Rep. Troy Carter, D-La., in New Orleans demanding that he support a ceasefire, and a group of Jews occupied his office.

View this post on Instagram

A post shared by JVP new orleans (@jvpnola)

ADL’s dataset does not include dozens of similar Jewish-organized ceasefire protests I found on social media. For example, on October 13, thousands of Jews shut down the street outside the Brooklyn home of Sen. Chuck Schumer, D-N.Y., demanding that he support a ceasefire in Gaza. Dozens of Jews were arrested, including rabbis and the descendants of Holocaust survivors. And on October 19, Jews protested outside the Los Angeles home of Vice President Kamala Harris and her husband Doug Emhoff, who is also Jewish, demanding that she support a ceasefire. Neither of these protests, along with dozens of others like them, appear on ADL’s map.

“Support for Terror”

The Intercept also found some rallies organized by American Jews that ADL appeared to classify as “supporting terror.”

“Regarding our criteria for ‘w. support for terror:’ we include in this category when rally-goers use language or imagery that justifies or celebrates the Hamas massacre on October 7; there is rhetoric supportive of armed confrontation with Israel; or the flag of a U.S.-designated terror organization is identified,” an ADL spokesperson told The Intercept.

When asked specifically if ADL considers the phrase “from the river to the sea” in support of terrorism, the spokesperson said that it did. “In the immediate aftermath of the October 7 massacre of Israelis at the hands of Hamas, we interpreted calls for further Palestinian resistance and efforts to liberate the land, including the phrase ‘from the river to the sea,’ as implicit calls for violence against Israelis and support for Hamas’ actions,” the spokesperson said, “and therefore included rallies where those phrases were used in the category of ‘support for terror.’”

The phrase “from the river to the sea” has long been used in the pro-Palestinian movement to mean that Palestinians should be allowed to live in their homeland as free and equal citizens alongside Israelis. At the same time, Hamas, whose leaders aim to destroy Israel and make Palestine an Islamic nation, has adopted the phrase as slogan, and many Israelis and Jews know it only with the connotation of forced removal of Jews from Israel.

It is also worth noting that, since the October 7 attack, neo-Nazis have been attempting to insert themselves into Palestine solidarity protests — not because they care about Palestinians but because they hate Jews — as reported by Vice. For example, on October 28, roughly 40 members of the neo-Nazi group National Justice Party attempted to hijack a protest in front of the White House where they made antisemitic statements over a PA system; the hundreds of other protesters calling for a ceasefire had nothing to do with them. Likewise, neo-Nazi groups including NSC-131, National Socialist Florida, and White Lives Matter have all used pro-Palestinian language in their recent propaganda attacking Jews.

A Surge in Jewish Activism for Ceasefire and Against Genocide

In a recent episode of “On the Nose,” a podcast hosted by the magazine Jewish Currents, Elena Stein, director of organizing strategy for Jewish Voice for Peace, said that after the Hamas attack it was “immediately clear” that “the lives of Palestinians and Israelis are completely intertwined.” She said that Israeli apartheid and settler colonialism “enact daily horrifying violence against Palestinians” and “doesn’t make Israelis safer either.”

Stein argued that American Jews have an important role in stopping the violence and genocide in Israel and Palestine, and that this is important to protect the lives of both Palestinians and Israelis. “It’s on us — especially those of us here in the U.S. whose government is funding this, is fueling this, is protecting the Israeli apartheid government from accountability at all levels — to stop the complicity that puts Palestinians’ lives in danger every day and also puts Israelis’ lives in direct danger,” she said.

Jewish anti-war activism calling for a ceasefire and against the genocide in Gaza shows no sign of slowing down. On Monday, hundreds of Jews and their allies took over the Statue of Liberty calling for a ceasefire, with a banner saying “Never Again for Anyone.”

View this post on Instagram

A post shared by Jewish Voice for Peace (@jewishvoiceforpeace)

Update: November 13, 2023
On Friday, Israel indicated the death toll of Hamas’s October 7 attack was closer to 1,200, not 1,400 as initially reported. The story has been updated.

The post Anti-Defamation League Maps Jewish Peace Rallies With Antisemitic Attacks appeared first on The Intercept.

It has published datasets that shed light on law enforcement fusion centers spying on Black Lives Matter activists, revealed Oath Keepers supporters among law enforcement and elected officials, and exposed thousands of videos from January 6 rioters, including many that were used as evidence in Donald Trump’s second impeachment inquiry. (Disclosure: I’m an adviser to DDoSecrets.)

But not everyone is a fan. DDoSecrets has powerful enemies and has found itself censored by some of the world’s biggest tech companies, including X (formerly Twitter) and Reddit. The governments of Russia and Indonesia are also censoring access to its website.

X Blocks DDoSecrets Links

Shortly before the 2020 election, Twitter prevented users from posting links to a New York Post article based on documents stolen from Hunter Biden’s laptop, citing a violation of the company’s hacked materials policy. After intense pressure from Republicans, Twitter reversed course two days later. This was widely covered in the media and even led to congressional hearings.

What’s less well known is that earlier in 2020, in the midst of the Black Lives Matter uprising, Twitter used the same hacked materials policy to not only permanently ban the @DDoSecrets account, but also prevent users from posting any links to ddosecrets.com. This was in response to the collective publishing the BlueLeaks dataset, a collection of 270GB of documents from over 200 law enforcement agencies. (German authorities also seized a DDoSecrets server after the release of BlueLeaks, bringing the collective’s data server temporarily offline.)

When Elon Musk bought Twitter, which he has since renamed X, he promised that he would restore “free speech” to the platform. But Musk’s company is still censoring DDoSecrets; links to the website have been blocked on the platform for over three years. Lorax Horne, an editor at DDoSecrets, told The Intercept that they are “not surprised” that Musk isn’t interested in ending the censorship. “We afflict the comfortable, and we include a lot of trans people,” they said. “Transparency is not comforting to the richest people in the world.”

If you try to post a DDoSecrets link to X, you’ll receive an error message stating, “We can’t complete this request because this link has been identified by Twitter or our partners as being potentially harmful.” The same thing happens if you try sending a DDoSecrets link in a direct message. X did not respond to a request for comment.

“There’s no doubt that ddosecrets.com being blocked on Twitter impacts our ability to connect with journalists,” Horne told The Intercept. “In the last week, I’ve had to explain to new reporters why they can’t post our link.”

Reddit Shadow-Bans DDoSecrets

X isn’t the only company that has been censoring DDoSecrets since it published BlueLeaks in 2020. The popular social news aggregator Reddit has been doing the same, only more subtly.

As an example, I posted a link to the DDoSecrets website in the r/journalism subreddit. I also posted two comments on that post, one that included a link to the DDoSecrets BlueLeaks page and another that didn’t. While logged in to my Reddit account, I can see my post in the subreddit, and I can view both comments.

However, when I view the r/journalism subreddit while logged in to a different Reddit account, or while not logged in at all, my post isn’t displayed. If I load the post link directly, I can see it, but the link to ddosecrets.com isn’t there, and the comment that included the link to BlueLeaks is hidden.

“People can link to news articles that use our documents but can’t link to the source,” Horne said when asked about Reddit’s censorship, which “impedes people finding verified links to our archive” and “inevitably will stop some people from finding us.”

In October 2020, while I was in the midst of reporting on BlueLeaks, I did a Reddit “ask me anything,” an open conversation for members of the r/privacy community to ask about my work. At the time, we had trouble getting the AMA started because of Reddit’s censorship of DDoSecrets. Eventually, we had to start the AMA over with a new post that did not include any DDoSecrets links in the description, and I had to refrain from posting links in the comments.

“Reddit’s sitewide policies strictly prohibit posting someone’s personal information,” a Reddit spokesperson told The Intercept. “Our dedicated internal Safety teams enforce these policies through a combination of automated tooling and human review. This includes blocking links to offsite domains that break our policies.”

Like X, Reddit is inconsistent in enforcing its policy. After receiving Reddit’s statement, I posted a link in the r/journalism subreddit to the WikiLeaks website. Unlike DDoSecrets, which distributes most datasets that contain people’s private information only to journalists and researchers who request access, WikiLeaks published everything for anyone to download. In 2016, for example, the group published a dataset that included private information, including addresses and cellphone numbers, for 20 million female voters in Turkey.

But Reddit doesn’t censor links to WikiLeaks like it does with DDoSecrets; if I view the r/journalism subreddit while not logged in to a Reddit account, my post with the link shows up.

Russia and Indonesia Bar Access

After Russia invaded Ukraine in February 2022, hackers, most claiming to be hacktivists, compromised dozens of Russian organizations, including government agencies, oil and gas companies, and financial institutions. They flooded DDoSecrets with terabytes of Russian data, which the collective published.

One of the hacked organizations was Roskomnadzor, the Russian government agency responsible for spying on and censoring the internet and other mass media in Russia. The most recent leak of data from this agency (DDoSecrets hosts three separate leaks) includes information about Russia censoring DDoSecrets itself.

“Colleagues, good morning! Please include links in the register of violators,” a Russian censor wrote in an August 2022 email buried in a collection of 335GB of data from the General Radio Frequency Center of Roskomnadzor. A scanned court document adding ddosecrets.com to Russia’s censorship list was attached to the email.

“It was only a matter of time,” Horne said of Russia blocking access to DDoSecrets. “Our partners like IStories, OCCRP, and Meduza have it worse and have been placed on the undesirable organizations list. We are lucky that we have no staff in Russia and haven’t had to move anyone out of the country.”

Roskomnadzor did not respond to a request for comment.

Indonesia has also blocked access to the DDoSecrets website since July 21, 2023, according to data collected by the Open Observatory of Network Interference, a project that monitors internet censorship by analyzing data from probes located around the world.

Indonesia’s Ministry of Communication and Informatics, the government agency responsible for internet censorship, did not respond to a request for comment.

On July 18, three days before the block went into effect, DDoSecrets published over half a million emails from the Jhonlin Group, a coal mining and palm oil conglomerate that has been criticized by Reporters Without Borders and Human Rights Watch for using police to jail journalists.

The post Tech Companies and Governments Are Censoring the Journalist Collective DDoSecrets appeared first on The Intercept.

Parker’s wife, Jelena Hatfield, and their three children sued AFLDS and Culver a year after his death, claiming that it “was caused by the negligence of Dr. Culver and by falsehoods spread by America’s Frontline Doctors.” The wrongful death lawsuit claims that Culver never performed a physical examination of Parker, then 52 years old, nor did she run any diagnostic tests to ensure that drug would be safe to prescribe.

AFLDS records, provided to The Intercept by an anonymous hacker in September 2021, corroborate parts of Hatfield’s account. Culver is included in the list of 225 AFLDS physicians who prescribed disproven Covid-19 drugs, and consultation notes from Parker’s telehealth appointment confirm that no physical examination took place. While the hacked data — hundreds of thousands of medical and prescription records from AFLDS’s telehealth partners — includes lists of physicians and patients, it doesn’t link physicians to specific patients.

“It’s disappointing that people like America’s Frontline Doctors were able to get away with this for so long,” Hatfield told The Intercept. “How many other people are there out there that have gone through this? That have lost their husband, or their wife, or daughter, or mother? They really pulled the wool over everyone’s eyes.”

In a court filing responding to Hatfield’s lawsuit, AFLDS described itself as “a civil liberties organization with a purpose of providing Americans with independent information regarding health care from the top experts in medicine and law” and stated that it “is not a medical organization that consults with patients, provides diagnosis, or prescribes treatment.” In short, AFLDS denied that it prescribed hydroxychloroquine to Parker, claiming that it only provided him with medical information and opinions, despite the evidence to the contrary.

Culver and AFLDS did not respond to The Intercept’s request for comment. In June, a judge denied both of their efforts to get the lawsuit thrown out. Culver then filed an emergency petition asking Nevada’s Supreme Court to challenge the denial, but a judge denied that petition as well on August 4.

Dr. Jonathan Howard, an associate professor of neurology and psychiatry at NYU Langone Health and the chief of neurology at Bellevue Hospital, told The Intercept that the biggest issue is that a doctor prescribed hydroxychloroquine to Parker for Covid-19 at all, since the medication had been shown to be ineffective at treating the virus. Howard also pointed out the the consultation notes don’t mention any discussion about the risks and benefits. “Any small risk posed by the medication outweighed the benefits,” Howard wrote, “which were zero.”

Hydroxychloroquine is commonly used to treat malaria and lupus, but it has “not been shown to be safe and effective for treating or preventing COVID-19,” according to the Food and Drug Administration. Well into the Covid-19 pandemic, AFLDS — as well as former President Donald Trump — falsely promoted the drug as an alternative to vaccines, despite the fact that by mid-2020, the FDA revoked its emergency use authorization and warned against using it to treat Covid-19 “due to risk of heart rhythm problems.” (Parker’s autopsy revealed a small abnormality in his heart, the Washington Post reported.)

In 2021, The Intercept revealed that AFLDS and its network of health care providers charged patients at least $6.7 million — though likely much more — for telehealth appointments. The investigation also showed that Ravkoo, the online pharmacy that filled Parker’s hydroxychloroquine prescription, charged patients at least $8.6 million for similar ineffective Covid-19 drugs. The House Select Subcommittee on the Coronavirus Crisis launched an investigation into AFLDS and the telehealth companies it worked with, citing The Intercept’s reporting.

Hatfield’s lawsuit says that “on or about August 26,” Parker connected with Culver through AFLDS, though the hacked data shows that the appointment happened the next day. According to Parker’s patient record, he had a telehealth consultation with an AFLDS-trained physician on August 27, 2021, at 4:02:50 Pacific time. The attached notes include almost no information about Parker’s health history. The records say that Parker had been exposed to someone who tested positive for Covid but that he had no symptoms himself and that he requested hydroxychloroquine, a drug that may have contributed to his death, according to his death certificate.

The lawsuit, filed in Nevada, accuses Culver and AFLDS of wrongful death and professional negligence and seeks money damages. It includes a declaration from Bruce Bannister, a medical doctor and volunteer faculty member with the University of Nevada, Reno School of Medicine. Bannister wrote that Parker should not have been prescribed hydroxychloroquine without an examination to determine that it would be safe. If a physical exam wasn’t possible because it was a remote visit, Bannister noted, the doctor should have at least obtained an electrocardiogram and other labs to ensure there were no heart abnormalities. And if none of these resources were available, the doctor should have told the patient to seek care where they could. Bannister concluded “to a reasonable degree of medical probability, that his ingestion of hydroxychloroquine caused Mr. Parker’s death.”

AFLDS, a group with ties to Trump’s 2020 reelection campaign, has a history with the far right. Two members of AFLDS were convicted for their involvement in the January 6 insurrection at the U.S. Capitol. Simone Gold, the group’s founder, pleaded guilty to a misdemeanor trespassing charge and served two months in prison. John Strand, a former underwear model and the group’s creative director, was found guilty of obstructing an official proceeding — a felony — and four misdemeanors and is currently serving a 32-month sentence at a federal prison in Miami.

Spreading pandemic disinformation and promoting the sale of drugs like hydroxychloroquine and ivermectin as an alternative to vaccines was extremely lucrative. According to a recent profile in the Financial Times, Gold was receiving a $600,000 annual salary by 2021. She lived in a $3.6 million mansion in Naples, Florida, with Strand, with whom she was romantically involved, drove multiple cars including a Mercedes-Benz, traveled by private jet, and had tens of thousands of dollars in monthly expenses — all paid for with AFLDS charity funds.

Here are the complete notes from Parker’s August 27, 2021, telehealth appointment:

Patient has + exposure, no symptoms, wants HCQ [hydroxychloroquine] + Zinc

Occupation: unsure

Chronic Medical illnesses: none per patient report

Patient still has no symptoms

Associated symptoms — none

ROS: All systems reviewed and negative except HPI

The post Hacked Records Corroborate Claims in Hydroxychloroquine Wrongful Death Suit appeared first on The Intercept.

Like Mastodon, Bluesky is an open-source, decentralized social network. Unlike Mastodon, which is notoriously confusing for the uninitiated, it’s simple to get started on Bluesky. The user interface is clean and familiar to people accustomed to modern commercial apps. Bluesky embraces user control over their timelines, both in terms of algorithmic choice — the Mastodon project is hostile to algorithms — and customizable content moderation.

There are other fundamental differences between the two projects. While Mastodon is a scrappy nonprofit, Bluesky PBLLC is a for-profit startup. And while Mastodon is a vibrant network of thousands of independent social media that federate with each other, Bluesky’s “decentralization” is only in theory. So far there’s only one site that uses Bluesky’s decentralized AT Protocol, and that site is Bluesky Social.

It is mostly for these and related reasons that people on Mastodon get very defensive when Bluesky comes up. “Why are you helping oligarchs test their products? Are they paying you or do you do it out of sheer loyalty?” one stranger asked me when I posted about some of Bluesky’s creative moderation features that had recently dropped.

Amid the noise, though, there are genuine concerns about how Bluesky is operated and what the people behind it aim to do. It’s wise to remember that the company started off with $13 million of funding from pre-Musk Twitter, when Jack Dorsey, who is now at Bluesky, was CEO.

The history and the arrangement raise several questions: Who owns Bluesky PBLLC? What is the role of Dorsey, who famously tweeted about Musk’s purchase of Twitter that “Elon is the singular solution I trust”? What is Bluesky’s business model? What prevents another Elon Musk from buying Bluesky PBLLC and destroying it 10 years down the line? Many of the answers are out there — many even posted to Bluesky itself by its employees. Since Bluesky is still a private invite-only site, here are some of these answers for Bluesky skeptics to see.

Who Owns Bluesky?

“Bluesky, the company, is a Public Benefit LLC. It is owned by Jay Graber and the Bluesky team,” according to the site’s Frequently Asked Questions page. This is exactly what Jeromy Johnson, a former engineer for the distributed file system IPFS and a technical adviser to Bluesky who goes by Whyrusleeping, said when asked in early April.

One user — who like nearly everyone else on the site was psyched to be essentially tweeting but without having to deal with Twitter — inquired who owns Bluesky. Why said that “the founding team holds the equity” and that Dorsey himself is not an owner. (You can verify that Why is part of the Bluesky team because of how self-verifying handles work in the AT Protocol; only people who control the domain name bsky.team are able to have handles like that.)

When asked for clarification about Bluesky’s ownership, Emily Liu, another member of the Bluesky team, told me that Bluesky has been offering employees equity as part of their compensation packages, as is a common practice with startups. She also confirmed that Bluesky PBLLC’s board consists of Graber, Dorsey, and Jeremie Miller, inventor of the open and decentralized chat protocol Jabber.

For burgeoning Twitter skeptics, this should be good news: a much better arrangement than if it were owned by Dorsey or, worse yet, if it were a subsidiary of Twitter. The arrangement also explains why Bluesky PBLLC appears on Dun & Bradstreet’s list of minority and women-owned businesses: Jay Graber, Bluesky PBLLC’s CEO and primary owner, is a woman of color.

What About Twitter’s Role?

In December 2019, Dorsey, who was Twitter’s CEO at the time, announced that the company was funding Bluesky, which he described as “a small independent team of up to five open source architects, engineers, and designers to develop an open and decentralized standard for social media.”

This ultimately turned into the independent company Bluesky PBLLC, incorporated in late 2021, with $13 million in initial funding from Twitter.

Does Twitter, with Musk at the helm, have any power over Bluesky now? As is the habit of other Bluesky team members, Graber explained the situation on Bluesky. According to Graber, she “spent 6 mo of 2021 negotiating for bluesky to be built in an org independent from twitter, and boy was that the right decision.” In response to another question, Graber confirmed that Bluesky doesn’t “owe” Twitter anything.

Bluesky PBLLC is 100 percent independent from Twitter and Elon Musk.

What is a Public Benefit LLC?

In the name Bluesky PBLLC, PB stands for Public Benefit. PBLLCs are a relatively new type of corporation that’s designed for companies that want to promote a general or specific public benefit as opposed to just making a profit.

When whistleblower Chelsea Manning asked why Bluesky chose to incorporate as a PBLLC, Graber explained her reasoning.

According to Graber, they chose PBLLC because it was fast to form and because “being Public Benefit means shareholders can’t sue us for pursing mission over profit.” The mission appears to be the design and promotion of the AT Protocol and its ecosystem of (eventually) other social networks that federate with Bluesky Social, along with the larger Bluesky developer community that has sprung up.

Liu, who answered some of my questions, did not respond when I asked for the exact language the Bluesky PBLLC used to describe its public benefit mission when incorporating the company. She also didn’t say whether the company would publish its annual benefits reports — reports that PBLLCs are required to create each year, but PBLLCs incorporated in Delaware, where Bluesky was incorporated, are not required to make them public.

In her email, Liu said, “We’re generally not taking interviews right now because we’re heads down on work.”

Bluesky’s Business Model

AT Protocol is open, and the code that powers Bluesky Social is open source. Yet Bluesky PBLLC is still a for-profit company. How do they plan to make money? “We’ll be publishing a blog post on our monetization plans in a few weeks, and we’ll share more then,” Liu told me.

In the meantime, the team has openly discussed hints of some of their potential plans on Bluesky. According to Why, advertising might play a role in the future.

And Paul Frazee, an engineer who’s been livestreaming his Bluesky coding, hinted that the company may be considering some sort of paid subscription component. “[H]ypothetically speaking,” Frazee asked in a post, “if bluesky ever did a paid subscription thing, what would we call it.” Though Frazee was also quick to point out that he’s not as terrible at business as Musk is and wouldn’t use paid subscriptions to destroy the product — à la Twitter’s $8-a-month “verified” blue checkmarks.

Regardless of how Bluesky PBLLC eventually monetizes its product, if it gets its way, this monetization would only affect users of Bluesky Social. In the future, if you didn’t like the ads you were seeing in Bluesky, for example, the AT Protocol would allow you to take your account, including your handle, your followers, and all your posts, and move to a different social network you like better, so long as it also used the AT Protocol.

Resilient to Billionaires?

If we learned anything from Twitter over this last year, it’s that you can’t trust billionaires. By all accounts, the owners of Bluesky appear to be genuinely interested in remaking social media so that users have control instead of big tech companies like Twitter. But it’s possible that one day they could become seduced by obscene amounts of money to sell their shares of the company to an Elon Musk character who is hellbent on owning the libs. What would happen then?

Part of the problem with Twitter’s demise is that so many people have spent the last decade building up an audience there, making it very hard to finally pull the plug and start over from scratch somewhere else — even after several months of Musk’s policies have rapidly made the site more toxic and less useful at the same time.

The whole idea behind the AT Protocol, though, is that if you don’t like Bluesky Social for whatever reason, you can simply move to a rival social media site without losing your data or social graph. This is called “account portability,” and it’s baked into the core of the AT Protocol. It’s also a feature that Mastodon doesn’t support; it is possible to move your Mastodon account from one server to another and keep your followers, but only if your original server cooperates, and you’re willing to lose your old data.

So hypothetically, if a billionaire one day buys Bluesky PBLLC and ruins it, it won’t matter. Anyone who doesn’t like how Bluesky Social is run can simply switch to a rival service without losing their post history or their followers. When Musk took over Twitter and starting bringing back neo-Nazis and banning antifascists, imagine if you could have simply ported your account over to another social media site and then just kept tweeting like normal. That’s the promise of the AT Protocol.

Account portability is exactly how, once it begins to federate with other servers, Bluesky hopes to avoid the confusion that Mastodon is famous for. As Frazee explained, keeping Bluesky easy to use is a top priority.

Bluesky’s usability plan is simple: When you install the app and create an account, you’ll get an account on the default server, Bluesky Social (unless you already have a preference). Then, at any point after that, you can simply move your account to any other server that you prefer.

Of course, account portability is only possible if there are other AT Protocol sites to port your account to, and so far, Bluesky Social is the only one.

“Right now, Bluesky is the only option because we haven’t launched federation yet, but we’ll be starting with a sandbox environment for federation soon,” Liu told me, mentioning a recent blog post that gives an overview of how it will work. “Other companies are working on Bluesky and atproto integrations already, and when the federation sandbox launches, we’ll work with community developers and external teams to build more on the AT Protocol.”

It’s too early to tell whether Bluesky will succeed, but if it works out the way the team hopes, social media users will have far more power and tech companies — and the billionaires who own them — will have far less.

The post Is Bluesky Billionaire-Proof? appeared first on The Intercept.

The city’s lawsuit was denounced as meritless by First Amendment experts. “Once the government gives you information in good faith, you have the right to publish it under the First Amendment,” David Loy, legal director of the First Amendment Coalition, told The Intercept. “This is not even a close case.”

The Stop LAPD Spying Coalition launched a website called Watch the Watchers that includes the LAPD headshots. The dataset has also been published by Distributed Denial of Secrets, or DDoSecrets, using the censorship-resistant technology BitTorrent, and posted on the Internet Archive. Even if the court ruled in favor of the city, these public records have long since escaped the LAPD’s grasp.

“This lawsuit is a political stunt. It’s a desperation play,” Loy said. “And as a practical matter, there’s nothing a court can do. You cannot scrub the internet of everything.”

“This lawsuit is a political stunt. It’s a desperation play.”

Meanwhile, the Los Angeles Police Protective League, a private police union that lobbies on behalf of LAPD officers, has launched its own lawsuit against the city and the LAPD for releasing the records, and 321 allegedly undercover LAPD officers announced their intention to file a separate class-action suit seeking damages for negligence.

Camacho believes that the city is attempting to “save face on the other front that they’re fighting with the police union.” He told The Intercept that he sees the lawsuit against him as “intimidation and scapegoating.” In addition to demanding that he “give everything back and delete copies,” Camacho said, the lawsuit insisted that he “never, ever share these photos ever again. That’s a huge violation of my First Amendment freedom of the press.”

At its core, this case appears to be about the definition of the word “undercover.” The flash drive full of LAPD headshots that the city gave Camacho excluded undercover officers. But after the police union took note of the Watch the Watchers website, they argued for a vastly expanded definition of the word in an effort to claw back the public records.

According to an interview in the Los Angeles Times by the union’s legal counsel, Robert Rico, the expanded definition of “undercover” includes any officer who conducts surveillance (even if they wear normal police uniforms) and any officer who has worked undercover or at a sensitive assignment in the past. The union’s director, Jamie McBride, argued in a TV interview that it should also include any officer who may work undercover in the future.

“While there is strong public interest in governmental transparency, there is equally strong interest in the safety of LAPD officers, especially those in sensitive and undercover assignments,” a spokesperson for the Los Angeles City Attorney’s Office wrote in an email to The Intercept. “That is why we brought this suit — to have the photos of officers immediately removed from the website and to have the flash drive containing them returned.” LAPD’s media relations division declined to comment, citing ongoing litigation. The police union did not respond to a request for comment.

To Shakeer Rahman, an attorney with the Stop LAPD Spying Coalition, the implications are troubling. “They’re openly calling for a secret police force,” Rahman said.

California Public Records Act

Camacho is an LA-based journalist and filmmaker who writes for the local nonprofit newsroom Knock LA. Last year, he published a detailed investigation into a group of Santa Ana police officers who received numerous complaints without facing any discipline — and who all shared gang-like skull tattoos. In one incident, five off-duty members of this police gang allegedly harassed two 15-year-old girls at a restaurant, one of whom said she was sexually assaulted. Camacho’s reporting relied in part on Santa Ana police officer headshots, which he had obtained through a California Public Records Act request.

In October 2021, Camacho filed a similar request to the LAPD. According to the lawsuit Camacho later filed against Los Angeles, the city initially refused to hand over the headshots, claiming that the department did not have any responsive records. LAPD further claimed that it didn’t possess any headshots in digital format and that locating the “negatives” would be “unduly burdensome.”

Camacho’s Public Records Act lawsuit argued that LAPD’s response was “utterly implausible” because the police department regularly published headshots of its officers in its own promotional material. Camacho pointed to headshots of LAPD command staff on the department’s website and headshots of officers published on Facebook and Twitter.

In the resulting settlement, the city agreed to hand over photos of all LAPD officers except for those who worked undercover. The city’s attorney estimated that fewer than 100 officers were working undercover and would be excluded from the release, according to an email Camacho published on Twitter.

In September 2022, Los Angeles gave Camacho a flash drive containing 9,310 headshots of LAPD officers. It wasn’t until six months later that the city, the LAPD, and the police union all claimed that headshots of undercover officers were accidentally included on the drive.

Watching the Watchers

Last month, the Stop LAPD Spying Coalition launched Watch the Watchers, which allows the public to look up LAPD officers by name to see their headshots and includes information such as serial numbers, ranks, ethnicities, and email addresses — all public information that LAPD itself publishes. “This website is intended as a tool to empower community members engaged in copwatch and other countersurveillance practices,” the website states. “You can use it to identify officers who are causing harm in your community.”

“LAPD has always published full rosters of all of its officers,” Rahman said. “They had already published a roster of all of those names, identities, rank, positions, division. These aren’t secret identities. They’re very, very public.”

“These aren’t secret identities. They’re very, very public.”

The day after the website launched, Los Angeles Police Chief Michel Moore apologized in an email to LAPD personnel and announced an internal investigation into how the headshots got released. During a March 21 meeting of Los Angeles police commissioners, Commission President William Briggs characterized the lawfully obtained public records as “private data” and argued that Watch the Watchers would be used to harm officers and their families, aid foreign spies, and help cartels and other criminal organizations. At the same meeting, Moore emphasized that release of the LAPD headshots was “consistent with the California Public Records Act request and is a requirement as a public agency.”

“The Police Commission believes in transparency and we welcome the public’s interest and questions,” Briggs said in a statement to The Intercept. “However, the commission is right to question the intent behind the availability of this disclosure and to be concerned about the safety and wellbeing of the officers and their families.”

The Stop LAPD Spying Coalition insists that access to the headshots is necessary because oversight bodies have routinely failed to keep police misconduct in check. “We’re not publishing their home addresses, we’re not publishing things that are outside their role as police officers,” Hamid Khan, a coordinator with Stop LAPD Spying, told the Los Angeles Times.

Things only heated up from there.

The police union launched a lawsuit against the city of Los Angeles and the police chief on March 28, claiming that the city had “perpetrated one of the worst security breaches in recent memory, releasing service photographs of undercover officers pursuant to California Public Records Act request,” and that undercover officers “now face potentially grave risks as a direct result of the City’s actions.” On April 4, 321 LAPD officers whose headshots were published on the Watch the Watchers site, who allegedly do undercover police work, announced their intention to file a class-action lawsuit against the city, the LAPD, and its leadership.

Changing the Rules

Two days after the police union filed suit, an attorney for the city sent Camacho a letter threatening legal action if he did not return the flash drive and “all digital copies of records obtained from that drive.”

The attorney argued that in the Public Records Act settlement, the city had agreed to exclude undercover officers but had accidentally included some anyway. Because of this, he argued that the dataset Camacho had was illegally obtained. He stated that the city could only give Camacho a copy of the headshots of high-ranking officers that are already published on the LAPD website and that it couldn’t release headshots for anyone else — otherwise, it would be possible to figure out who the undercover officers were based on which headshots were excluded. In other words, the attorney argued that the city didn’t need to comply with the settlement.

Loy, the legal director of First Amendment Coalition, said that the city initially did exactly what it agreed to do: It provided Camacho with photos of officers who weren’t undercover. But after other officers complained, “they tried to change the rules in the middle of the game” by redefining what “undercover” means after the fact. “This was not a genuinely inadvertent disclosure. This is a case where they made a choice. They just now want to take their choice back.”

On April 5, the city of Los Angeles filed a lawsuit against Camacho and the Stop LAPD Spying Coalition, demanding that they immediately return the flash drive and all digital copies of the LAPD headshots. Notably, the complaint demanded the return of all these public records, not just those related to undercover officers.

The following day, DDoSecrets published the LAPD headshots both on its website as well as using BitTorrent. With BitTorrent, internet users around the world collectively host copies of the same files, making attempts at censoring those files nearly impossible so long as enough people are participating.

This isn’t the first time DDoSecrets has published law enforcement data. In 2020, during the height of the Black Lives Matter uprising sparked by the police murder of George Floyd, DDoSecrets published 270GB of documents from hundreds of law enforcement fusion center websites known collectively as BlueLeaks. Many newsrooms, including The Intercept, reported extensively on that dataset. At the request of the FBI, German authorities seized a server operated by DDoSecrets in order to suppress BlueLeaks. But since the BlueLeaks data was also shared on BitTorrent, that censorship effort failed. And unlike the BlueLeaks data, which was illegally obtained by a hacker, the LAPD headshots are lawfully obtained public records.

A copy of the LAPD headshots was also posted to the Internet Archive, an online digital library that has a strong history of fighting legal requests.

The LAPD headshots have already spread far beyond the reach of the LAPD. Considering that the Watch the Watchers website has been up for weeks and that Camacho also posted a raw copy of the dataset on Twitter, it should be clear to the city’s attorneys that they’re not going to be able to put the toothpaste back in the tube.

“The reason that they’re suing us is not because it’s practically feasible to bring the records down,” Rahman, the Stop LAPD Spying Coalition attorney, told The Intercept. “They’re working to appease the very powerful police union. … No matter how legally frivolous it is, it’s politically worth it for them for that reason. Hopefully, at some point, they wake up and realize that calculus is wrong and that suing community groups and journalists for publishing public records that they themselves made public is absolutely absurd.”

Update: April 11, 2023, 7:40 p.m. ET
This article has been updated with comments from the Los Angeles City Attorney’s Office received after publication.

The post Los Angeles Tries to Claw Back Public Records After Police Invent New Definition of “Undercover” appeared first on The Intercept.

We had all pointed out that Musk censored a Twitter account, @ElonJet, which used public data to post the location of his private jet, but that @ElonJet had moved to rival social networks, like Mastodon, that didn’t censor the account. Musk accused us of “doxxing” him by posting “assassination coordinates” and then tried to blame his outburst on an alleged stalking incident that had nothing to do with the @ElonJet account.

My suspension lasted just a few days before my account was reinstated. When people visit my Twitter profile, it no longer says “account suspended,” and it looks as if I’m back on the platform. Friends and strangers alike have reached out to me saying it’s good to see that I’m back on Twitter. It’s an illusion.

In reality, I’m still locked out of my Twitter account unless I agree to delete a specific tweet at the behest of the billionaire. Several of the other suspended journalists are in the same boat. (Twitter, where the communications team was decimated by Musk’s layoffs, did not immediately reply to a message for comment.)

When I log in to my Twitter account, the site is replaced with the message: “Your account has been locked.” Twitter accuses me of violating its rules against posting private information. (In the 13 years that I’ve used Twitter, I’ve never violated any rules, and my account has never been suspended or locked until now.)

To unlock my account, I must remove the offending tweet, which in my case said, “Twitter just banned Mastodon’s official Twitter account @joinmastodon with 174,000 followers, probably because it tweeted a link to @ElonJet’s Mastodon account. Twitter is now censoring posting the link, but the user is @elonjet@mastodon.social.”

My alleged offense is that I posted private information to Twitter by linking to @ElotJet’s account on Mastodon or, in my case, mentioning the username and showing the link in a screenshot. This is on its face absurd — I didn’t post private information, much less “assassination coordinates” — but a quick Twitter search for https://mastodon.social/@ElonJet shows that plenty of other accounts have posted this same link yet aren’t locked out.

I’m not the only suspended journalist that’s locked out of my account. Some journalists like Drew Harwell of the Washington Post have written on Mastodon about being locked out. “For anyone wondering,” Harwell wrote, “I’m still unable to access Twitter until I delete this tweet, which is factual journalism that doesn’t even break the location rule Twitter enacted a few days ago.” He appended a screenshot of the tweet.

And in an interview on CNN, Donie O’Sullivan, another suspended journalist, explained that his account is locked as well. “Right now, unless I agree to remove that tweet at the behest of the billionaire, I won’t be allowed to tweet on the platform,” he said. He also submitted an appeal.

Mashable’s Matt Binder was unsuspended following the mass banning, but he wrote on Mastodon that when he wrote to a Twitter official to ask how he had broken company policy, he was then locked out. “Seems they forgot to force me to delete the tweet the first time, like they did the other suspended journalists,” he wrote.

Steve Herman of Voice of America, whose account was also suspended last week, told CNN over the weekend: “When I got up this morning, I saw a bunch of news stories that my account had been reinstated with those of the others. Well, that’s not exactly true.” Herman explained that Musk was demanding he delete three offending tweets, all about @ElotJet.

The New York Times reported that the account of its suspended journalist, Ryan Mac, was also locked, contingent on whether he chooses to delete posts that Twitter flagged as violating rules against posting private information.

Other journalists who were suspended for their @ElonJet-related tweets are now fully back, including Aaron Rupar and Tony Webster.

I personally don’t plan on submitting to Musk’s petty demands. We’ll see if anything changes. In the meantime, you can follow me on Mastodon at @micahflee@infosec.exchange, and The Intercept at @theintercept@journa.host.

The post Elon Musk Is Still Silencing the Journalists He Banned From Twitter appeared first on The Intercept.

The suspensions made clear that, with the self-styled “free speech absolutist” at the helm, Twitter users are now subject to arbitrary censorship based on his whims. It all started when Musk suspended @ElonJet, an account that automatically tweeted the location of Musk’s personal private jet, using public flight information, along with college sophomore Jack Sweeney, who created that account. Musk then revised Twitter’s policy to justify his decision.

This sudden change to Twitter’s rules undercut a pledge Musk had made just six weeks earlier, when he tweeted, shortly after purchasing Twitter for $44 billion: “My commitment to free speech extends even to not banning the account following my plane.”

Shortly before I was suspended, I posted about Twitter banning the account of a competitor, Mastodon. Mastodon is a decentralized social network where millions of Twitter users have fled since Musk’s purchase. Before it was banned, Mastodon’s pinned tweet read, “At Mastodon, we present a vision of social media that cannot be bought and owned by any billionaire.”

As far as I can tell, Twitter probably banned Mastodon’s account because it had tweeted, “Did you know? You can follow @ElonJet on Mastodon over at https://mastodon.social/@ElonJet.” My tweet pointed out this latest example of Twitter censorship. Here’s what it said:

Then, after @ElonJet and reporters who wrote about it were suspended from the platform, Musk claimed that Sweeney and the journalists who reported on the account had “posted my exact real-time location, basically assassination coordinates.”

Musk also briefly joined a public Twitter Spaces audio discussion on Thursday night, which included Sweeney and at least two of the tech journalists suspended for reporting on the suspension of his accounts. Twitter’s owner insisted that he had been “doxxed” by the @ElonJet account and said that he would ban “so-called journalists” who provided links to other sites where the flight-tracking information showing his private jet’s location could be found.

Musk’s claim that he had been doxxed was challenged by Drew Harwell, a Washington Post reporter whose account was suspended for reporting on the @ElonJet account. When Harwell said that he had never shared Musk’s address, Musk suggested that any links to the flight-tracking data was the same as giving out his address. Musk abruptly left the chat after Harwell pointed out that Twitter had blocked links to the flight-tracking data on Instagram and Mastodon, “using the same exact link-blocking technique that you have criticized as part of the Hunter Biden New York Post story in 2020.”

I’ve spent the last month writing articles that point out Musk’s hypocrisy as someone who promised to be “fighting for free speech in America.” While my reporting may not have provided the direct impetus for my suspension, it’s clear Musk was taking aim specifically at journalists who have covered him critically. And the best response to that is to read the work that billionaires would prefer you don’t:

Distributed Denial of Secrets

In November, I wrote about how even though Musk restored popular far-right accounts like Donald Trump and Marjorie Taylor Greene, he refused to restore the account of Distributed Denial of Secrets or to stop suppressing links to its website. DDoSecrets is a nonprofit transparency collective that distributes leaked and hacked documents to journalists and researchers. (I’m an adviser to DDoSecrets.)

During the Black Lives Matter protests in the summer of 2020, DDoSecrets published BlueLeaks, a leak of documents from over 200 law enforcement agencies that revealed police misconduct, including spying on activists. In response to apparent law enforcement pressure, Twitter permanently banned @ddosecrets and suppressed all links to ddosecrets.com.

The censorship of DDoSecrets is still happening today, two and a half years later.

Silencing of Left-Wing Voices

Two weeks ago, my Intercept colleague Robert Mackey and I wrote about how prominent left-wing accounts were kicked off Twitter after Musk personally invited Andy Ngo, the far-right writer and conspiracy theorist who popularized the myth that “antifa” a secret army of domestic terrorists, to tell him which accounts to ban.

Twitter suspended the accounts of the antifascist researcher Chad Loder and the video journalist Vishal Pratap Singh. Twitter also suspended the account of the Elm Fork John Brown Gun Club, an antifascist group that provides armed security for LGBTQ+ events in North Texas, and CrimethInc, an anarchist collective that has published and distributed anarchist and anti-authoritarian zines, books, posters, and podcasts since the mid-1990s.

None of these accounts violated Twitter’s rules.

Covid-19 Misinformation

Yesterday, the same day I was suspended from Twitter, I wrote about how convicted U.S. Capitol insurrectionist Simone Gold, founder of the vaccine disinformation group America’s Frontline Doctors, offered to help Musk assemble a team of doctors to fact-check medical information on Twitter.

While the article was mostly about the ludicrous alternate reality of Covid deniers, it also pointed out various ways Musk himself has allowed Covid misinformation to flourish on Twitter. This includes Twitter restoring the accounts of two prominent anti-vaccine doctors, each with over a half a million followers, and one of whom falsely claimed that Covid-19 vaccines are “causing a form of AIDS.” It also details some of Musk’s own history with Covid misinformation, such as when he falsely claimed that “kids are essentially immune” to Covid, or when he promoted the discredited drug hydroxychloroquine as a Covid cure.

Maybe my Twitter account will become live again at some point. But for now, you can find me on Mastodon.

The post Elon Musk Is Taking Aim at Journalists. I’m One of Them. appeared first on The Intercept.

“If you would like to put together a group of honest, brilliant, courageous doctors to ‘fact check,’ then I would be glad to assist you,” wrote Gold in a December 5 letter to Musk that she shared with her 587,000 Twitter followers and over 1 million email subscribers. “Medicine will not advance unless unbiased scientists are able to resist special interest groups and the media.”

Gold is the ringleader of a network of right-wing health-care providers that have made millions selling so-called alternatives to vaccines, like ivermectin and hydroxychloroquine, which have been repeatedly discredited as treatments for Covid. Gold has referred to Covid-19 vaccines as “experimental biological agents.” She’s also currently in a legal fight with AFLDS and its board chair who are suing her, alleging extravagant spending and that she lives rent-free in a $3.6 million house bought with AFLDS charity funds.

Gold’s appeal to Twitter’s owner was not in response to any public plans to create a medical fact-checking team — Musk hasn’t said anything along those lines. Rather, billionaire Mark Cuban tweeted a suggestion to Musk, and a cryptocurrency influencer who noticed that Musk liked that tweet announced it as breaking news.

Cuban suggested that Musk compile a Twitter list of doctors to participate in public polls on issues like vaccine safety and masking. Musk liked Cuban’s tweet. Cuban did not advocate for fact-checking medical information being shared on Twitter. But Matt Wallace, who charges between $19.99 and $299.99 a month to teach “the art of crypto trading,” then posted “breaking” news that Musk “is considering putting together a team of medical experts to fact check all the false things government officials have been saying!” When asked by a Twitter user whether the information was verified, Wallace cited Musk’s like of Cuban’s tweet. Wallace’s tweet has gotten almost 200,000 likes.

Yes, he liked this Tweet pic.twitter.com/Vg4vnALND6

— Matt Wallace (@MattWallace888) December 5, 2022

Misinformation Run Amok

While there’s little evidence that Musk plans to convene the fact-checking team, he has already made decisions that enable the spread of Covid misinformation on Twitter. In fact, one of Musk’s first changes after taking over Twitter was to scrap the site’s Covid misinformation policy — essentially removing Twitter’s existing fact-checking system for medical information. Twitter’s Trust and Safety team, which is responsible for moderating misinformation, has also been depleted by layoffs and mass resignations.

Musk also immediately restored accounts that were banned for Covid misinformation, including Georgia Rep. Marjorie Taylor Greene’s personal account. Throughout the pandemic, the Republican lawmaker repeatedly posted false information to her hundreds of thousands of followers, including that Covid vaccines are deadly and that ivermectin, an anti-parasitic drug primarily used to treat livestock, is a miracle cure for Covid-19.

On Monday, Musk’s Twitter restored the accounts of prominent doctors known for spreading Covid misinformation. One was Peter McCullough, a doctor whose former employer sued him for claiming to represent them while giving interviews encouraging people not to get vaccinated and falsely claiming that 50,000 people had died from Covid-19 vaccines. The other is Robert Malone, a doctor who participated in early mRNA vaccine research 30 years ago, but more recently falsely claimed that the vaccines are “causing a form of AIDS.” After Malone did an interview on Joe Rogan’s podcast, 270 physicians, scientists, and academics wrote an open letter to Spotify, which exclusively hosts the podcast, demanding that the audio streaming service “immediately establish a clear and public policy to moderate misinformation.”

Since being reinstated, McCullough, who has 640,000 followers, and Malone, who has 686,000 followers, are both already back to spreading discredited conspiracy theories about Covid.

Musk himself has also frequently tweeted Covid misinformation and antagonized evidence-based health-care professionals. Over the weekend, Musk flirted with the anti-vaccine crowd by tweeting, “My pronouns are Prosecute/Fauci” — an apparent call to prosecute the chief medical adviser to the president, Anthony Fauci, mixed with some transphobia for good measure. The refrain to take Fauci to court for how he managed the pandemic is popular on the far right.

Musk’s spread of false information goes back to the beginning of the pandemic. On March 19, 2020, he predicted that “based on current trends, probably close to zero new cases in US too by end of April” and falsely claimed that “kids are essentially immune.” According to data from the Centers for Disease Control and Prevention, by the end of April 2020, there were nearly 200,000 weekly new cases and more than 64,000 Americans had died from Covid. Over a million more Americans have died from Covid since then.

Musk has also promoted hydroxychloroquine, an anti-malaria drug that’s also used to treat autoimmune diseases like lupus, as a miracle cure for Covid-19. Like ivermectin, hydroxychloroquine is ineffective at preventing or treating Covid-19.

“Freedom Physicians”

This brings us back to Gold and America’s Frontline Doctors. In September 2021, The Intercept obtained hacked data revealing that AFLDS and a small network of telehealth companies convinced tens of thousands of people to spend at least $15 million on phone consultations and prescriptions for ivermectin and hydroxychloroquine. This reporting contributed to a congressional investigation into AFLDS.

In Gold’s letter to Musk, she says she works with “freedom physicians across the nation and world.” Gold launched AFLDS with a July 2020 press conference on the steps of the Supreme Court, where she and other “freedom physicians,” wearing white lab coats, promoted fake remedies for Covid and opposed public health measures like masking and lockdowns. Then-President Donald Trump shared videos of the event, which were viewed millions of times before Twitter and Facebook took them down for violating Covid misinformation policies.

One of the doctors at Gold’s side, Stella Immanuel, has claimed that people develop gynecological problems like cysts and endometriosis after having sex in their dreams with demons and witches.

Also at the event was Dr. Joseph Lapado, Florida Gov. Ron DeSantis’s surgeon general. Lapado has been accused of misrepresenting his experience treating Covid patients at UCLA, argued for “herd immunity” by letting Covid spread completely unchecked, and falsely claimed that Covid-19 vaccines are dangerous. Lapado’s anti-science op-eds for the Wall Street Journal caught the attention of DeSantis, who subsequently hired him as Florida’s top health-care official, according to the Washington Post. In March, Florida became the first state to defy CDC guidance when Lapado said that healthy kids don’t need to get vaccinated for Covid.

In addition to running an organization dedicated to medical disinformation, Gold faces allegations from her own organization over a misuse of funds. While Gold served two months in prison for storming the U.S. Capitol on January 6, 2021, AFLDS’s board audited her use of its funds. A lawsuit filed last month alleges that she lives rent-free in a $3.6 million mansion purchased using AFLDS charity funds in Naples, Florida. Her boyfriend, John Strand, a former underwear model who hosts misinformation videos for AFLDS and is facing 24 years in prison for his role in the insurrection, lives with her. The lawsuit accuses Gold of using AFLDS’s money to spend $12,000 a month on a bodyguard, $5,600 a month for a housekeeper, and $50,000 a month on credit card expenses, as well as purchasing three cars, including a Mercedes-Benz, and taking unauthorized flights on private jets, including a single trip that cost $100,000.

“Just as the mother lioness will not let her baby lion be murdered, neither will I,” Gold wrote in an email demanding that three AFLDS board members resign, which was made public as an exhibit in the lawsuit.

On December 6, a federal judge dismissed the lawsuit for lack of jurisdiction, making it clear that the court didn’t consider the accusations. Neither side could make a convincing argument for whether AFLDS is based in Florida or Nevada.

Since taking over Twitter, Musk has dismantled the infrastructure that prevented users from lying about vaccine safety or profiting off fake treatments for Covid-19 — things that Gold has built her recent career doing. If Musk put her in charge of a new medical fact-checking team, it would be like putting a lioness in charge of protecting gazelles.

The post Covid Disinformation Doctor Wants to Help Elon Musk Do Medical Fact-Checks on Twitter appeared first on The Intercept.

Musk has not, however, reversed the suspension of Distributed Denial of Secrets, the nonprofit transparency collective that distributes leaked and hacked documents to journalists and researchers. During the Black Lives Matter protests in the summer of 2020, DDoSecrets published BlueLeaks, a set of documents from over 200 law enforcement agencies that revealed police misconduct, including spying on activists. Revelations from BlueLeaks were widely reported in outlets including The Intercept, The Associated Press, The Guardian, The Daily Dot, The Hill, Business Insider, The Nation, Mashable, The Daily Beast, and Reuters. (I’m an adviser to DDoSecrets.)

In response to apparent pressure from law enforcement, Twitter not only permanently suspended the @DDoSecrets account, citing its policy against distributing hacked material, but also took the extraordinary step of preventing users from posting links to ddosecrets.com. If you try tweeting DDoSecrets links or even sending them to someone in a direct message, Twitter shows the error message: “We can’t complete this request because this link has been identified by Twitter or our partners as being potentially harmful. Visit our Help Center to learn more.”

The DDoSecrets website has never been malicious or harmful; rather, it’s a vital resource for journalists, researchers, and the public. In order to censor links to ddosecrets.com, Twitter relied on a security feature that was designed to block actual malicious links, such as scams or sites trying to trick visitors into installing viruses.

Twitter’s link-blocking policy states that it may block websites that distribute hacked material, but this policy has never been consistently enforced. Links to wikileaks.com, for example, have not faced similar censorship, despite that site hosting troves of data hacked from Hillary Clinton’s 2016 presidential campaign as well as a dataset of CIA hacking tools known as Vault 7.

The most high-profile case of Twitter enforcing this policy was in October 2020, three weeks before the election, when the New York Post published a story based on documents stolen from Hunter Biden’s laptop. Citing its hacked material policy, Twitter blocked access to the article in question. But the decision was short-lived: After two days of Republican outrage and accusations of censorship, Twitter reversed course and restored access to the article. The incident is still a popular talking point in conservative media about Big Tech censorship.

But while Twitter censored a New York Post article for two days, the entire DDoSecrets website has been censored for nearly two and a half years, and there’s no sign that this will change any time soon. Twitter did not respond to questions about the company’s censorship of DDoSecrets.

Here are a few of the datasets that DDoSecrets has published while it has been censored by Twitter:

• Over a million videos scraped from Parler, the far-right social network that anti-democracy activists used to organize the January 6 riot at the U.S. Capitol. Videos from this dataset were used as evidence in Trump’s second impeachment inquiry.
• Emails, chat logs, donor lists, and membership records for the Oath Keepers, the far-right militia that participated in the January 6 attack. This dataset exposed hundreds of current and former law enforcement officers, members of the military, and elected officials as members of the extremist group. It was covered by news outlets including the Washington Post, ProPublica, NPR, BuzzFeed News, Rolling Stone, and Ars Technica.
• Dozens of datasets containing terabytes of data hacked from Russian corporations and government agencies in the aftermath of Russia’s invasion of Ukraine. The Intercept is part of an international consortium of newsrooms investigating the Russian documents and has published new information based on the leaks about Yevgeny Prigozhin, the Russian oligarch and Vladimir Putin ally who founded the infamous mercenary company known as the Wagner Group.
• Six terabytes of emails from the Mexican government agency in charge of the military, Secretaría de la Defensa Nacional. This dataset has been covered by dozens of Spanish-language news outfits.

Despite Musk’s lip service in support of free speech, for some reason he’s only ever expressed an interest in restoring the accounts of people on the far-right who are known for posting conspiracy theories or inciting violence.

The post Elon Musk’s “Free Speech” Twitter Is Still Censoring DDoSecrets appeared first on The Intercept.

“Noticing a worrying trend of far-right and anti-abortion activists aligning themselves with the evangelical Christian movement, hiding their funding sources behind laws that allow church ministries to keep their donations secret,” the hacker wrote in a press release, “we decided to bring about some much-needed radical transparency.”

In addition to fighting abortion, Liberty Counsel — a Southern Poverty Law Center-designated hate group — has focused its legal efforts on challenging LGBTQ+ rights and vaccine mandates in the name of religious freedom. Because it is registered with the IRS as an “association of churches,” Liberty Counsel is not required to file a public tax return, meaning that its finances are largely shielded from the scrutiny applied to other tax-exempt organizations.

The hacked data includes content from Liberty Counsel’s website, emails the group sent to its supporters, and documentation of about $12 million in donations from some 44,000 donors since 2015. These donations, limited to those tracked on Liberty Counsel’s digital platform, represent only a portion of those the organization receives.

The records show that 501(c)(3) nonprofit organizations controlled by Liberty Counsel encouraged supporters to vote for former President Donald Trump despite IRS rules that prohibit such entities from directly or indirectly endorsing candidates for political office. They also reveal how Liberty Counsel has skillfully employed misinformation and partisan polarization over election integrity and the Covid-19 pandemic to build its email list and raise millions of dollars in small contributions — and done so at a breakneck pace since November 2020.

Liberty Counsel did not respond to multiple requests for comment for this article.

Apart from Liberty Counsel’s data, the hack includes another 425 gigabytes of records from dozens of Christian organizations that used the same customer relationship management software, many of them mission agencies aimed at converting humanity to Christianity.

The Guise of Religious Liberty

After the Supreme Court overturned Roe, Peggy Nienaber, vice president of Liberty Counsel’s Faith & Liberty ministry, was caught on a hot mic at an evangelical victory party bragging that her ministry prayed with sitting Supreme Court justices. Nienaber’s claim, first reported by Rolling Stone, suggested a troubling conflict of interest, considering that the court cited a Liberty Counsel brief in its decision to end 50 years of constitutional protection for abortion.

Faith & Liberty denied that it prayed with members of the court, claiming that the incidents described took place before Liberty Counsel acquired the ministry.

Mat Staver, Liberty Counsel’s founder and chair, has said that he went to law school to further the “pro-life” cause. The organization’s amicus brief in Dobbs v. Jackson Women’s Health Organization, filed on behalf of a group of religious organizations, was a work of dubious scholarship that argued that abortion is a racist tool of eugenics.

Liberty Counsel fought against anti-LGBTQ+ hate crime legislation, calling it a “radical homosexual anarchist agenda.”

Liberty Counsel has also defended so-called sidewalk counselors, who troll outside abortion clinics creating a hostile environment for those seeking care, and challenged the Freedom of Access to Clinic Entrances Act, enacted in the wake of the 1993 murder of Florida abortion provider Dr. David Gunn.

Liberty Counsel’s virulently anti-LGBTQ+ rhetoric and efforts to legalize discrimination in the name of religious freedom led the Southern Poverty Law Center to designate it as a hate group. “The organizations on our hate group list vilify others because of their race, religion, ethnicity, sexual orientation, or gender identity — this includes Liberty Counsel and their vilification of LGBTQ+ people,” said Rachel Carroll Rivas, interim deputy director of research for the SPLC’s Intelligence Project.

Staver has advocated criminalizing homosexuality with harsh punishments as well as “curing” LGBTQ+ people, “a practice that has been condemned by every major medical and mental health organization in the country,” according to the Human Rights Campaign. Liberty Counsel fought against anti-LGBTQ+ hate crime legislation, calling it a “radical homosexual anarchist agenda.” After the Supreme Court legalized gay marriage in 2015, Liberty Counsel represented Kim Davis, a county clerk in Kentucky who refused to issue a marriage license to a gay couple.

More recently, Liberty Counsel has been involved in other right-wing causes. The day after the deadly January 6, 2021, attack on the U.S. Capitol, Staver sent an email to supporters stating that “our research and legal staff have been deeply engaged in stopping the steal of our 2020 elections.” The email, later published as a blog post, stressed that Trump could remain in power if God intervened: “We know God can intervene and turn what looks like a hopeless cause into a miraculous victory!”

During the pandemic, Liberty Counsel lawsuits successfully forced Louisiana State University’s School of Dentistry and Loyola University to abandon their vaccine mandates on religious freedom grounds. Liberty Counsel is currently suing the U.S. government over the military’s vaccine mandate.

Election Intervention

Liberty Counsel, a 501(c)(3) nonprofit, serves as an umbrella to a number of smaller groups, including Liberty Counsel Action, Faith & Liberty, and Christians in Defense of Israel, all of which share the same hacked database. Of these, only Liberty Counsel Action, a 501(c)(4), has an IRS status that allows it to endorse or oppose candidates for office.

While churches and other 501(c)(3) organizations are allowed to take stands on issues like abortion, same-sex marriage, and gun control, the IRS’s Internal Revenue Code prohibits these organizations from engaging in political campaign activity. “Because the IRS has not been very diligent in enforcing the law, many 501(c)(3) groups are pushing the envelope when it comes to politics,” Rob Boston, a senior adviser at Americans United for Separation of Church and State, told The Intercept.

After reviewing the email newsletters and blog posts in the Liberty Counsel data, The Intercept found communications in which both Faith & Liberty and Christians in Defense of Israel encouraged their supporters to vote for Trump during the 2020 election.

“Many 501(c)(3) groups are pushing the envelope when it comes to politics.”

“Today could be a turning point in the history of America. In this great country we have the freedom to vote,” a Faith & Liberty newsletter from Election Day 2020 stated. “A great responsibility rests on our shoulders. Our decision will determine who will nominate judges, and so much more.” The email went on the offensive against then-candidate Joe Biden, referencing reporting from right-wing media about the contents of Hunter Biden’s laptop. It claimed that Biden used “American tax-dollars to bribe foreign nationals to protect his son’s behavior” and “felt so comfortable with this level of corruption that he even bragged about it, on camera.”

During the two weeks before Election Day, Christians in Defense of Israel, also a 501(c)(3), was even more explicit in a series of newsletters. The emails, which promised that a second Trump term would bring peace to the Middle East, outlined points made by David Friedman, the Trump-appointed former U.S. ambassador to Israel. Friedman was also an adviser to Trump’s 2016 election campaign and had previously represented the Trump Organization as a bankruptcy lawyer.

“Israeli Jews support President Trump, because they know under a Trump administration, America has Israel’s back … and peace in the Middle East is on the near horizon,” one of the emails said. “But only if Donald Trump wins. As U.S. citizens, our vote this election will greatly affect Israel’s future, according to the ambassador.” Another email warned that “on November 3, the Holy Land is counting on YOU to choose the presidential candidate who will support Israel and complete the work of achieving peace in the Middle East.”

“Some groups will attack a candidate in harsh terms but stop short of telling people not to vote for him/her,” Boston said. “I would interpret this as an obvious backdoor attempt to intervene in an election, but I’m not aware of the IRS interpreting the law that strictly.”

Behind the Scenes

Liberty Counsel’s website is based on the customer relationship management software Site Stacker, which is developed by WMTEK, a company that builds software and services exclusively for Christian nonprofits. WMTEK claims that 33 percent of Christian mission agencies use Site Stacker.

The Anonymous hacker first discovered vulnerabilities in Liberty Counsel’s Site Stacker website — among them, an administrator user who worked for WMTEK used the password “Password1” — and then realized that the rest of WMTEK’s clients were also vulnerable. So the hacker made off with membership and donor records for more than 90 other Christian nonprofits.

In all, the data shows donations to the organizations totaling over $748 million from roughly 409,000 donors, the earliest dating to September 2015. It also includes private information like names, addresses, and phone numbers for about 1.3 million people.

“We have initiated a forensic investigation into these claims,” Dan Pennell, WMTEK’s CEO, told The Intercept in response to questions about the hack. “We will be unable to comment further until we conclude our investigation.”

An administrator user who worked for WMTEK used the password “Password1.”

The security lapses weren’t limited to WMTEK. The hacked data set includes the Site Stacker source code as well as 46 gigabytes of files that were publicly available on Liberty Counsel’s website. The Intercept discovered a folder within these files containing 100 photos of U.S. passports and confirmed that these images were publicly accessible with the right web address — poor protection for such sensitive documents.

While Liberty Counsel is best known for legal battles over abortion and LGBTQ+ rights, the hacked data shows more than $1.6 million in donations resulting from petition and fax campaigns built around dubious claims about the pandemic and election integrity. These campaigns — from Liberty Counsel and its 501(c)(4) affiliate, Liberty Counsel Action — drew more than 15,000 unique donors.

The largest petition included in the data set, launched on the eve of Biden’s inauguration, makes no mention of religion: It warns of “giant pharmaceutical companies in partnership with government officials sweeping harmful and even deadly COVID-19 vaccine reactions under the rug” and demands that politicians oppose unspecified efforts “to make COVID shots mandatory, to require a Vaccine Passport or to electronically track and trace my movements.” Of the 38,000 signatures the petition received, more than 60 percent were new to Liberty Counsel’s email list.

After signing, “freedom-loving patriots” are invited to make a donation. Existing supporters are asked to pay to send a fax, with options ranging from a $5 “basic level” fax to House and Senate leaders up to a “gold level” $75 fax that also includes the Senate Judiciary Committee, all 50 governors, and all Republican members of Congress.

Some donors used their official government email accounts to make contributions.

As email sign-ups increased, digital giving swelled from a monthly average of about $100,000 pre-pandemic to more than $400,000 in the months leading up to the hack. Of the 44,000 donors included in the hack, more than 70 percent appear not to have given before the pandemic.

Some donors used their official government email accounts to make contributions, the hacked records show. Email addresses associated with the departments of Defense, Energy, Health and Human Services, Homeland Security, Interior, Justice, State, Treasury, Transportation, and Veterans Affairs were among those included in the data.

Email addresses associated with state and local governments also made an appearance, including one belonging to Republican Terry Rice, a current Arkansas state senator, whose donation came via a petition decrying “the Democrat push to legalize election fraud.” Rice told The Intercept that he might have made a small donation to Liberty Counsel but doesn’t remember. “I don’t know what business it is of yours,” he said.

The post Liberty Counsel’s Donor Records and Pro-Trump Election Messaging Exposed in Data Breach appeared first on The Intercept.

The 1917 Espionage Act has become controversial. Despite its name, it isn’t really used much anymore to prosecute spies. In recent years, both Democratic and Republican administrations wielded it as a weapon to intimidate media as well as sources who have provided important information to the public — raising the ire of civil rights advocates.

This isn’t Trump’s first brush with the Espionage Act, though it is the first time he’s the one being accused. According to the U.S. Press Freedom Tracker, Trump’s Department of Justice charged five journalist sources — none of them spies — under the Espionage Act. (Several more journalistic sources were prosecuted under lesser statutes.) Here’s how the Espionage Act charges went for the people Trump used it against.

Reality Winner

During the 2016 presidential election, Russia’s Main Intelligence Directorate of the General Staff, or GRU, launched cyberattacks in support of Trump’s campaign. In one of them, GRU sent spearphishing emails to local election officials in swing states hoping to trick them into opening the malicious attachment that would hack their computers. At the time, Trump called all of this “fake news.”

In 2017, then-National Security Agency contractor and whistleblower Reality Winner, who was 26, leaked a classified NSA document to The Intercept that described this GRU plot in detail. Trump’s Justice Department charged and convicted her under the Espionage Act. Midway through a trial, Winner entered into a plea agreement with prosecutors and pleaded guilty to one charge. She was sentenced to five years and three months in prison, and three years of supervised release: the longest sentence ever given for the unauthorized release of classified documents to the media. (In June 2021, Winner was released early from prison.)

State election officials first learned about GRU’s spearphishing attack against them because of media reports, but only thanks to Winner; the NSA had failed to warn them. Two former election officials told CBS News’s “60 Minutes” that Winner’s disclosure helped secure the 2018 midterm election.

Terry Albury

In early 2017, The Intercept published a series of revelations based on confidential FBI guidelines from an internal FBI whistleblower, including details about controversial tactics for investigating minorities and spying on journalists.

In 2018, Trump’s Justice Department charged and convicted Terry Albury, at the time an FBI special agent, under the Espionage Act for leaking. After pleading guilty, he was sentenced to four years in prison and three years of supervised release.

During Albury’s distinguished 16-year counterterrorism career at the FBI, he “often observed or experienced racism and discrimination within the Bureau,” according to court documents. The only Black FBI special agent in the Minneapolis field office, he was especially disturbed by what he saw as “systemic biases” within the bureau, particularly when it came to the FBI’s mistreatment of informants.

Joshua Schulte

In early 2017, WikiLeaks began publishing a series of documents and hacking tools detailing the CIA’s offensive cyber capabilities, collectively known as Vault 7 — the single largest leak of classified information in CIA history. These releases lead Trump’s CIA Director Mike Pompeo to declare WikiLeaks a “hostile intelligence service.” The CIA even considered kidnapping or assassinating Julian Assange, the WikiLeaks founder, over this release of documents and hacking tools.

This was a wild reversal of Trump’s attitude towards WikiLeaks. Less than a year earlier, during the 2016 election, WikiLeaks had published GRU-hacked emails from the Democratic National Committee, perfectly timed to distract the public from a video of Trump bragging about sexual assault. Trump declared, “I love WikiLeaks.”

In 2018, the disgruntled CIA software developer Joshua Schulte, who worked on programming the hacking tools that WikiLeaks published, was charged under the Espionage Act for leaking the Vault 7 documents to WikiLeaks. Last month, Schulte was convicted in a trial by jury on nine Espionage Act counts. He hasn’t been sentenced yet, but he faces up to 80 years in prison. He also faces additional charges related to sexual assault and child pornography.

Daniel Hale

In 2015, The Intercept published a series of stories that provided the most detail ever made public about the U.S. government’s unaccountable program for targeting and killing people around the world, including U.S. citizens, with drones. The disclosures were based on leaked classified documents.

In 2014, FBI agents raided the home of whistleblower Daniel Hale, a former NSA drone operator and later an outspoken anti-war activist, who they suspected of being the source. President Barack Obama’s Justice Department, though, declined to file any charges. The Trump administration, on the other hand, was more than happy to prosecute the case. In 2019, Trump’s Justice Department charged Hale under the Espionage Act. After pleading guilty to one of the charges, he was sentenced to three years and nine months in prison.

Henry Kyle Frese

In 2018, CNBC published eight articles containing classified information about China’s weapons systems, including that China had installed anti-ship cruise missiles and surface-to-air missile system in the South China Sea.

In 2019, Henry Kyle Frese, a counterterrorism analyst for the U.S. Defense Intelligence Agency, was charged under the Espionage Act for leaking documents about China’s weapons systems to the CNBC reporter, who he was dating, and her colleague at NBC News. Frese pleaded guilty and was sentenced to two years and six months in prison.

Donald Trump

Now, Trump has found himself on the other end of an Espionage Act investigation. (President Joe Biden’s Justice Department authorized a search of Mar-a-Lago that cited the Espionage Act in its justification, but no charges against Trump have been filed yet.)

Unlike most of the people charged with the Espionage Act under the Trump administration, except perhaps Schulte, Trump’s theft of classified documents wasn’t aimed at exposing attacks on democracy, shining a light on government atrocities, or adding anything newsworthy to the public discourse.

In their allegations, authorities have not offered any explanations about Trump’s motives for retaining classified documents on his way out of the White House in 2020. Knowing Trump, it wasn’t anything altruistic. We do, however, know that Section 793 of the Espionage Act carries a maximum sentence of 10 years in prison.

The post Donald Trump Has His Own History With the Espionage Act appeared first on The Intercept.

Distributed Denial of Secrets, the transparency collective that’s best known for its 2020 release of 270 gigabytes of U.S. law enforcement data (in the midst of racial justice protests following the murder of George Floyd), has become the de facto home of the hacked datasets from Russia. The datasets are submitted to DDoSecrets mostly by anonymous hackers, and those datasets are then made available to the public on the collective’s website and distributed using BitTorrent. (I am an adviser to DDoSecrets).

“The flood of Russian data has meant a lot of sleepless nights, and it’s truly overwhelming,” Emma Best, co-founder of DDoSecrets, told The Intercept via an encrypted messaging app. “In its first 10 years, WikiLeaks claimed to publish 10 million documents. In the less than two months since the invasion began, we’ve published over 6 million Russian documents — and it absolutely feels like it.”

After receiving a dataset, DDoSecrets organizes and compresses the data; it then starts distributing the data using BitTorrent for public consumption, publicizes it, and helps journalists at a wide range of newsrooms access and report on it. DDoSecrets has published about 30 hacked datasets from Russia since its invasion of Ukraine began in late February.

The vast majority of sources who provided the hacked Russian data appear to be anonymous individuals, many self-identifying as part of the Anonymous hacktivist movement. Some sources provide email addresses or other contact information as part of the dumped data, and some, like Network Battalion 65, have their own social media presence.

JSC Bank PSCB, you are now controlled by Network Battalion 65. We're very thankful that you store so many credentials in Chrome. Well done.

It's obvious that incident response has started. Good luck getting your data back without us.
Tell your government to GTFO of #Ukraine pic.twitter.com/1HYikMU99N

— NB65 (@xxNB65) April 18, 2022

Still, with so many datasets submitted by anonymous hackers, it’s impossible to be certain about their motives or if they’re even truly hacktivists. For instance, in 2016 hackers compromised the network of the Democratic National Committee and leaked stolen emails to WikiLeaks in an attempt to hurt Hillary Clinton’s presidential campaign. Guccifer 2.0, the hacker persona responsible, claimed to be a lone actor but was later revealed to be an invention of the GRU, Russia’s military intelligence agency.

For this reason, the recent Russian datasets published by DDoSecrets include a disclaimer: “This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data.”

Hacks Begin in February

On February 26, two days after Russia’s invasion started, DDoSecrets published 200 gigabytes of emails from the Belarus weapons manufacturer Tetraedr, submitted by the hacktivist persona Anonymous Liberland and the Pwn-Bär Hack Team. Belarus is a close ally to Russia in its war against Ukraine. A message published with the dataset announced “#OpCyberBullyPutin.”

The contents of this leak do appear to be legitimate.

Emails from the inboxes of employees at the Belarusian weapons manufacturer Tetraedr.

Have seen missile testing footage, PDF schematics for weapons systems, and detailed brochures for armored vehicles. https://t.co/wGTa9ilFyE

— Mikael Thalen (@MikaelThalen) February 26, 2022

On February 25, the notorious Russian ransomware gang known as Conti publicly expressed its support for Russia’s war, and two days later, on February 27, an anonymous Ukrainian security researcher who had hacked Conti’s internal infrastructure leaked two years of Conti chat logs, along with training documentation, hacking tools, and source code from the criminal hackers. “I cannot shoot anything, but I can fight with a keyboard and mouse,” the anonymous researcher told CNN on March 30 before he safely slipped out of Ukraine.

In early March, DDoSecrets published 817 gigabytes of hacked data from Roskomnadzor, the Russian federal agency responsible for monitoring, controlling, and censoring Russian mass media. This data specifically came from the regional branch of the agency in the Republic of Bashkortostan. The Intercept made this dataset searchable and shared access with independent Russian journalists from Meduza who reported that Roskomnadzor had been monitoring the internet for “antimilitarism” since at least 2020. In early March, Roskomnadzor began censoring access to Meduza from inside Russia “due to systematic spread of fakes about the special operation in Ukraine,” a spokesperson for the agency told the Russian news site RIA Novosti.

The hacks continued. In mid-March, DDoSecrets published 79 gigabytes of emails from the Omega Co., the research and development wing of the world’s largest oil pipeline company, Transneft, which is state-controlled in Russia. In the second half of March, hacktivism against Russia began to heat up. DDoSecrets published an additional five datasets:

• 5.9 gigabytes of emails from Thozis Corp., a Russian investment firm owned by billionaire oligarch Zakhar Smushkin.
• 110 gigabytes of emails from MashOil, a Russian firm that designs and manufactures equipment for the drilling, mining, and fracking industries.
• 22.5 gigabytes of data allegedly from the central bank of Russia. The source for this data is the persona The Black Rabbit World on Twitter.
• 2.5 gigabytes of emails from RostProekt, a Russian construction firm. The source for this data is the persona @DepaixPorteur on Twitter.
• 15.3 gigabytes of data from Rosatom State Nuclear Energy Corp., Russia’s state-run company that specializes in nuclear energy and makes up 20 percent of the country’s domestic electricity production. It’s also one of the world’s largest exporters of nuclear technology products. The source for this data included an email address hosted at the free encrypted email provider ProtonMail.

On the last day of March, the transparency collective also published 51.9 gigabytes of emails from the Marathon Group, an investment firm owned by sanctioned Russian oligarch Alexander Vinokurov.

April Is Cruel to Orthodox Church

On the first day of April, DDoSecrets published 15 gigabytes of emails from the charity wing of the Russian Orthodox Church. Because the emails might include sensitive and private information from individuals, DDoSecrets isn’t distributing this data to the public. Instead, journalists and researchers can contact DDoSecrets to request a copy of it.

On April 3, DDoSecrets published 483 gigabytes of emails and documents from Mosekspertiza, a state-owned corporation that provides expert services to the business community in Russia. On April 4, DDoSecrets published 786 gigabytes of documents and emails from the All-Russia State Television and Radio Broadcasting Co., referred to with the English acronym VGTRK. VGTRK is Russia’s state-owned broadcaster; it operates dozens of television and radio stations across Russia, including regional, national, and international stations in several languages. Former employees of VGTRK told the digital publication Colta.ru that the Kremlin frequently dictated how the news should be covered. Network Battalion 65 is the source for both the VGTRK and Mosekspertiza hacks.

The All-Russian State Television and Radio Broadcasting Company (VGTRK), propaganda branch of the Russian Federation can fuck themselves. @Telecomix is going to have some fun parsing through this. #datalove @YourAnonNews @ITarmyUA Glory to Ukraine! Full dump will be ready soon. pic.twitter.com/3foAOAYBDv

— NB65 (@xxNB65) March 25, 2022

Russia’s legal sector also got hacked. On April 8, DDoSecrets published 65 gigabytes of emails from the law firm Capital Legal Services. The persona wh1t3sh4d0w submitted the data to the transparency collective.

In the following days, DDoSecrets published three more datasets:

• 244 gigabytes of emails from Petrovsky Fort, an office building complex in St. Petersburg.
• 154 gigabytes of emails from Aerogas, an engineering company that works in the oil and gas industries.
• 35.7 gigabytes of emails from a Russian logging and wood manufacturing company called Forest.

By April 11, DDoSecrets had published another three datasets:

• 446 gigabytes of emails from the Ministry of Culture of the Russian Federation. This government agency is responsible for state policy regarding art, film, copyright, cultural heritage, and in some cases censorship.
• 150 gigabytes of emails from the city administration of Blagoveshchensk. This is in the same region of Russia that the Roskomnadzor dataset was hacked from.
• 116 gigabytes of emails from the governor’s office of Tver Oblast, a region of Russia northwest of Moscow.

In mid-April, DDoSecrets published several datasets from the oil and gas industries:

• 440 gigabytes of emails from Technotec, a group of companies that develops chemical reagents for and provides services to oil and gas companies.
• 728 gigabytes of emails from Gazprom Linde Engineering, a firm that designs gas and petrochemical processing facilities and oil refineries. This company was a joint venture between the state-owned Russian gas company Gazprom — the largest corporation in Russia — and the German company Linde. In late March, in response to economic sanctions against Russia, Linde announced that it was suspending its Russian business ventures.
• 222 gigabytes of data from Gazregion, a construction company that specializes in building gas pipelines and facilities. Three different sources — Network Battalion 65, @DepaixPorteur, and another anonymous hacker — hacked this company at roughly the same time and submitted data to DDoSecrets, which published all three overlapping datasets to “provide as complete a picture as possible, and to provide an opportunity for comparison and cross-checking.”

On April 16, DDoSecrets published two more datasets:

• 221 gigabytes of emails from the education department of the Russian city of Strezhevoy.
• 399 gigabytes of data from Continent Express, a Russian travel agency. This data was hacked by Network Battalion 65.

Just during the last week, DDoSecrets published these datasets:

• 107 gigabytes of emails from Neocom Geoservice, an engineering company that focuses on oil, gas, and drilling.
• 1.2 gigabytes of data from the Belarusian firm Synesis, which develops surveillance systems.
• 9.5 gigabytes of emails from the General Department of Troops and Civil Construction, a construction company owned by the Russian Ministry of Defense. This was hacked by @DepaixPorteur.
• 160 gigabytes of emails from Tendertech, a firm that processes financial and banking documents on behalf of businesses.
• 130 gigabytes of emails from Worldwide Invest, a Russian investment firm.
• 432 gigabytes of emails from the Russian property management firm Sawatzky. Its clients include major brands like Google, Microsoft, Samsung, and Johnson & Johnson
• 221 gigabytes of emails from Accent Capital, a Russian commercial real estate investment firm.

Earlier today, DDoSecrets published 342 gigabytes of emails from Enerpred, the largest producer of hydraulic tools in Russia that works in the energy, petrochemical, coal, gas and construction industries.

Researching the Hacked Data

Despite the massive scale of these Russian data leaks, very few journalists have reported on them so far. Since the war began, Russia has severely clamped down on its domestic media, introducing penalties of years in prison for journalists who use the wrong words when describing the war in Ukraine — like calling it a “war” instead of a “special military operation.” Russia has also ramped up its censorship efforts, blocking Twitter and Facebook and censoring access to international news sites, leaving the Russian public largely in the dark when it comes to views that aren’t sanctioned by the state.

One of the barriers for non-Russian news organizations is language: The hacked data is principally in Russian. Additionally, hacked datasets always come with considerable technical challenges. The Intercept, which was founded in part to report on the archive of National Security Agency documents leaked by Edward Snowden, has been using our technical resources to build out tools to make these Russian datasets searchable and then sharing access to these tools with other journalists. Russian-speaking journalists from Meduza — which is forced to operate in Latvia to avoid the Kremlin’s reach — have already published a story based on one of the datasets indexed by The Intercept.

It's going to take YEARS for journalists, researchers and the general public to go through all the Russian data that's being leaked in response to the invasion of Ukraine

— Emma Best @NatSecGeek@kolektiva.social ????? (@NatSecGeek) March 25, 2022

The post Russia Is Losing a War Against Hackers Stealing Huge Amounts of Data appeared first on The Intercept.

The logs were leaked late last month, reportedly by a Ukrainian security researcher, after Conti publicly announced its support for Putin’s invasion of Ukraine and threatened to retaliate against any cyber warfare targeted at the Russian-speaking world. The logs span two years and multiple chat services and were released alongside training documentation, hacking tools, and source code.

The Intercept reviewed the most recent month of logs, focusing on those originating from RocketChat, a group-chat system similar to Discord or Slack, that Conti hosted on the anonymity network Tor. The messages are full of typos, slang, and a heavy use of mat — vulgar Russian profanity. We translated these messages using Google Translate and DeepL, and then a native Russian speaker manually corrected them. As with any translations, there are sometimes multiple possible interpretations, so we are making the original Russian available here. All time stamps from chat messages are in Coordinated Universal Time.

Logs of only some chat rooms appear to have been leaked. Most of the recent messages are from the #general channel, a room where the hackers candidly discussed non-ransomware topics like drug use, pornography, cryptocurrency, an obsession with investigative journalist Brian Krebs, and occasionally technical topics. While the #general channel had 160 users — Conti is a very large criminal enterprise — only a handful of these users actually posted messages during the monthlong period.

The conversations quickly turned political on February 21 when Putin announced that Russia recognized the separatist territories Donetsk and Luhansk in eastern Ukraine as independent nations, and on February 24 when Russian troops invaded Ukraine. The Russian hackers openly repeated Putin’s falsehoods as fact, such as that Ukraine is run by a “neo-Nazi junta” and that its government is seeking nuclear weapons. Members of the chat continually shared news updates that exaggerated Russia’s success so far in the war.

The chat logs also include a heavy dose of misogyny, including discussions of child sexual abuse content and jokes about rape, as well as antisemitism aimed at Ukrainian President Volodymyr Zelenskyy.

Also on February 21, Conti announced internally to its employees that the leader of the criminal enterprise had gone into hiding. While it’s unclear exactly what happened, the announcement said that “close attention to the company from the outside has led to the fact that the boss apparently decided to lay low.” It added that Conti did not have enough money to pay everyone’s salaries and asked that they take two to three months of vacation. While Conti’s active operations had ceased, the server hosting RocketChat was still up, so the conversations after that were purely about Russia’s war in Ukraine. CyberScoop this week quoted sources saying Conti recovered from the leaks and is operational.

The Conti Ransomware Gang

Conti is the most successful ransomware gang in operation today. As Check Point Research has reported, the gang appears to operate much like a large corporation, with twice-monthly payroll, five-day workweeks, staggered shifts to ensure around-the-clock operation, and even physical offices. According to a 2022 report on cryptocurrency crime from the company Chainalysis, Conti extorted at least $180 million from its hacking victims last year.

Many of the victims have been in the health care sector, including, Ireland’s public care system. In May 2021, in the midst of the Covid-19 pandemic, Conti encrypted data on 85,000 Irish health care computers and demanded a $20 million ransom payment in exchange for the decryptor, according to a report in CPO Magazine. Ireland’s Health Service Executive refused to pay the ransom, but it’s still costing Ireland 100 million euros to recover from the attack. The FBI also warned that Conti ransomware attacks targeted at least 16 health care networks in the United States.

Conti employees appear to be active during work hours in the Moscow time zone and all internal communication is in Russian, though some people involved don’t live in Russia. One frequent poster in the chat rooms, who goes by the username “Patrick,” appears to be a Russian citizen living in Australia. An older member of Conti is a 55-year-old Latvian woman, according to reporting by Krebs. Based on these chat logs, Conti appears to be an independent criminal enterprise without formal ties to the Russian government.

But it appears that Russian intelligence reached out to members of Conti on at least one occasion. After the ContiLeaks were published, Christo Grozev, executive director of the investigative journalism group Bellingcat, tweeted that his organization had been warned that “a global cyber crime group acting on an FSB [Russia’s security agency] order has hacked one of your contributors,” and they were looking for information about Alexey Navalny, the imprisoned  Russian opposition leader. In 2020, FSB agents were implicated in a poisoning attack on Navalny.

Last year, we got an anonymous tip that "a global cyber crime group acting on an FSB order has hacked one of your contributors. The only thing they were interested on, was anything related to your @navalny investigation". We took enormous measures to upgrade our e-security (1/n)

— Christo Grozev (@christogrozev) February 28, 2022

Chat logs in ContiLeaks, from a chat service called Jabber, seem to indicate that Conti was this cybercrime group, acting on an order from the FSB. A user called “Mango” told a user called “Professor” that he had encrypted chat messages from a Bellingcat journalist but didn’t know how to decrypt them. Mango pasted a snippet from a separate chat that he had with a user called “Johnnyboy77,” who told him about targeting a Bellingcat journalist and mentioned “NAVALNI FSB.”

2021-04-09 18:13:13 mango: So, are we really interested in such data?
2021-04-09 18:13:24 mango: I mean, are we patriots or what?)))
2021-04-09 18:13:31 professor: Of course we are patriots
2021-04-09 18:13:49 mango: I understand. if they decipher it there – I will beacon
2021-04-09 18:14:23 mango: and I also wrote there the other day to you about the auction, but as I understand it, you are still busy and did not delve into)
2021-04-09 18:31:25 mango:
[21:21:02] <johnyboy77> in short, there is a person’s mail from bellingcat
[21:21:06] <johnyboy77> who specifically works in the RU and UA direction
[21:21:06] <johnyboy77> say so
[21:21:08] <johnyboy77> and all his passwords are
[21:21:17] <johnyboy77> and she’s still valid
[21:30:56] <mango> well, pull the correspondence, at least screen them
[21:31:05] <mango> need specifics bro what to talk about
[21:31:07] <johnyboy77> now download files
[21:31:12] <johnyboy77> NAVALNI FSB
[21:31:13] <johnyboy77> even this
[21:31:18] <johnyboy77> right now
2021-04-09 18:31:26 mango: :)
2021-04-09 18:35:42 professor: why not just dump the whole thing

The day after Russian troops began their invasion of Ukraine, Conti posted a statement on its website, a site normally used used for publishing data from companies that refuse to pay ransom. Conti announced its “full support of Russian government,” and warned that if anyone attacked Russia, cyber or otherwise, they would use “all possible resources to strike back at the critical infrastructures of an enemy.”

Hours later, they tempered their statement, but many had already noticed their unequivocal support for Russia in its war against Ukraine.

Repeating Putin’s Conspiratorial Lies

When Russian soldiers invaded Ukraine on February 24, people in Conti’s #general channel began discussing the war. One member of the chat, Patrick, was by far the most swayed by Putin’s lies about Ukraine. Patrick insisted that war was inevitable because Ukraine was attempting to obtain nuclear weapons. This is false, but this conspiracy theory made up a large part of a speech Putin gave on February 21 just prior to the invasion.

2022-02-24 09:53:54 patrick: war was inevitable, ukraine made an application for nuclear weapons
2022-02-24 09:54:37 patrick: in their possession
2022-02-24 09:55:00 weldon: monkeys don’t explain things, they climb trees
2022-02-24 09:55:02 elijah: @patrick well done and done. Still, no one will ever use it. Yes, just to scare
2022-02-24 09:56:38 elijah: Look, missiles from North Korea periodically arrive in the territorial waters of the Russian Federation. But no one cares. And they have nuclear weapons, by the way. But somehow no one was alarmed
2022-02-24 09:56:47 patrick: old man, you’re wrong, there is no doubt about north korea now
2022-02-24 09:58:42 patrick: no one is happy about the war, brothers, but it is high time to put this neo-Nazi gang of Canaris’s foster kids on trial

In his speech, Putin also falsely claimed that Ukraine’s democratic government is a neo-Nazi dictatorship. Throughout the first days of fighting, Patrick repeatedly insisted that Ukraine is run by a “neo-Nazi junta.” It’s not. Ukraine does a have a legitimate Nazi problem (so does the United States and Russia), but Ukranian neo-Nazis are a small minority and don’t hold any positions in government.

Zelenskyy is Jewish. His grandfather, Semyon Ivanovich Zelenskyy, fought the Nazis during World War II. All three of Zelenskyy’s grandfather’s brothers were shot and killed by Nazi soldiers occupying Ukraine.

2022-02-24 10:01:33 patrick: Putin will answer all questions today, I hope that by the evening Kyiv will be ours
2022-02-24 10:02:47 biggie: what’s the point
2022-02-24 10:03:02 elijah: `by the evening kiev will be ours` – and??? What is the profit in this, well, besides boosting the guy’s ego and an additional reason for the quilted jackets [patriots/nationalists] to fap on the king?
2022-02-24 10:03:07 biggie: only people will die and that’s it
2022-02-24 10:05:11 patrick: the neo-Nazi junta will be liquidated and prosecuted, civilians will not suffer

In another message, Patrick says he’s not fighting in the separatist regions of eastern Ukraine because he’s in Australia, donating money to “the victims of the genocide of the neo-Nazi junta.” Putin accused Ukraine of committing genocide against Russian-speaking civilians in Donbas—this also isn’t true.

2022-02-24 11:02:25 kermit: and why are you here and not a volunteer in the DNR or LNR?
2022-02-24 11:03:34 patrick: I’m in australia helping the the victims of the genocide of the neo-Nazi junta with money
2022-02-24 11:03:45 kermit: you’re hiding far away
2022-02-24 11:04:24 kermit: in any such movement you have to back it up with deeds. right now you’re just another spectator and instigator
2022-02-24 11:04:33 kermit: money is bullshit in a matter like this
2022-02-24 11:04:58 patrick: Zelia [Zelensky] is the one hiding, it’s his last day, our people are already in the suburbs of Kiev

Zelenskyy and Antisemitism

Although Putin has justified his invasion by framing it as a war on Nazi ideology, numerous discussions in the chats point toward antisemitic sentiment within Conti. Such bigotry has been a prominent part of an ascendant far-right movement throughout the U.S. and Europe, including in Russia and Ukraine. On February 21, a user named “Weldon” pointed out that Zelenskyy is Jewish. Several others joined in with antisemitic jokes.

2022-02-21 13:03:18 weldon: Zelensky is a jew
2022-02-21 13:03:24 kermit: oh fuck
2022-02-21 13:03:26 kermit: Jews
2022-02-21 13:03:28 kermit: great
2022-02-21 13:03:31 kermit: my favorite
2022-02-21 13:03:39 weldon: that’s right, not Jewish, but a Jew
2022-02-21 13:04:26 kermit: fuck, I wish I was a jew
2022-02-21 13:04:55 kermit: just be born Jewish and you’re considered a member of a secret society and you mess up the Russians’ life
2022-02-21 13:05:46 weldon: come on. A Tatar was born – a Jew cried :joy:
2022-02-21 13:06:58 kermit: a Crimean Tatar?
2022-02-21 13:08:07 gelmut: black Crimean Tatar born in Odessa, who received Russian citizenship :-D
2022-02-21 13:09:11 weldon: obama?
2022-02-21 13:19:39 gelmut: A Jewish boy approaches his parents and says – I want to be Russian. To which the parents reply: – If you want to be Russian, you go to the corner and stand there all day without food. Half a day later, his parents ask: “How do you live as a Russian? And the boy answers: – I’ve only been Russian for two hours, but I already hate you Jews!

After Russia’s invasion was in full swing, the topic of Jews appeared again. This time, Patrick suggested that Jews ruined the Russian empire, and a user named “Biggie” said that it’s necessary to “de-Jewishize” Israel by force. “Pindo” is a slightly pejorative term for an American, and “Pindostan” is slang for the United States.

2022-02-25 09:10:45 patrick: everyone, up to and including the pindostan [America], must answer for the destruction of my homeland – the USSR, so be it
2022-02-25 09:11:53 patrick: Vinnytsia is surrounded
2022-02-25 09:14:19 biggie: that’s how sovok [Soviet Union, or Soviet nationalists] responded to the breakup of the Russian empire
2022-02-25 09:14:41 biggie: All’s fair
2022-02-25 09:15:52 angelo: wait Soviet factories were built by Americans and Europeans with the hands of our comrades. The empire was ruined by Jews with English money
2022-02-25 09:15:59 angelo: I’m getting confused who got what for what and why.
2022-02-25 09:16:38 angelo: we need Jesus, only he will judge and tell the truth, who God is for!
2022-02-25 09:16:55 angelo: @jesus !
2022-02-25 09:17:18 biggie: yeah, that means we have to conduct a military operation in Israel for de-Jewishization

Earlier in the month, the user named “Thomas” joked with the user “Angelo” that he’d be sentenced to eight years in prison for “anti-patriotism” but quickly said he was kidding. Angelo said, “I know you’re kidding. We are brothers!” Thomas made a casual Nazi joke about being Aryan brothers, adding that “the skinhead theme is my favorite.”

2022-02-16 08:43:42 angelo: we are brothers!
2022-02-16 08:43:48 thomas: Slavs?
2022-02-16 08:43:51 thomas: or Aryans?
2022-02-16 08:44:01 thomas: Ooh, the skinhead theme is my favorite.
2022-02-16 08:44:05 thomas: whoever has cleaner blood

“It’s Gonna Be Sad Without” Zhirinovsky

In early February, the 75-year-old ultranationalist Vladimir Zhirinovsky, a demagogic politician and leader of Russia’s Liberal Democratic Party of Russia, was reportedly hospitalized for Covid-19 and in critical condition.

Zhirinovsky is a far-right authoritarian populist known for decades of controversial views. According to a 1994 article in the New York Times, Zhirinovsky called for “the preservation of the white race” in a 1992 television appearance to the U.S., which he warned was being turned over by the white population to black and Hispanic people. In 2016, Zhirinovsky strongly supported the election of Donald Trump for U.S. president over Hillary Clinton, telling Bloomberg, “Trump and I could impose order on the whole planet. … Everyone would shut up. There wouldn’t be any extremists, no Islamic State, and white Europeans could feel at ease as we’d send all the immigrants home.”

The Conti hackers seem more than just Putin-supporting Russian patriots — they identify with Zhirinovsky’s far-right, authoritarian, racist politics. In the chat room, they discussed Zhirinovsky’s condition, as well as conspiracy theories about why he’s really in the hospital and if he’s even really sick.

2022-02-16 13:59:48 kermit: everything is okay in the kremlin
2022-02-16 14:00:00 thomas: how’s Zhirik [Zhirinovsky] doing?
2022-02-16 14:00:03 thomas: is he alive?
2022-02-16 14:00:07 thomas: It’s gonna be sad without him.
2022-02-16 14:00:09 kermit: I don’t know, he’s sick
2022-02-16 14:00:15 kermit: he’s not in the kremlin
2022-02-16 14:00:32 thomas: there was a video that said he is not being treated for covid, his lovers poisoned him
2022-02-16 14:00:35 thomas: and on the news
2022-02-16 14:00:42 kermit: lol
2022-02-16 14:00:43 thomas: not mistresses but male lovers
2022-02-16 14:00:46 weldon: :joy:
2022-02-16 14:00:52 kermit: yeah that’s a known fact
2022-02-16 14:01:31 weldon: *Petrosyans *fuck with Stepanenkas :rofl:
2022-02-16 14:01:36 kermit: https://www.youtube.com/watch?v=8aDxfJ-eCxw
2022-02-16 14:07:11 gelmut: By the way, everything is bullshit about Zhirik. Their party man said that everything is fine with him, it’s just hype and journalist faggots. In fact he is just lying in the hospital just in case and working there, feeling fine. They bring him documents to sign right there.
2022-02-16 14:09:18 kermit: Trust the party members from the LDPR
2022-02-16 14:09:22 kermit: That’s just the way it is.
2022-02-16 14:10:01 kermit: They’ll tell you that Volfovich [Zhirinovsky] is dying out there and people don’t know what to do

Feeling the Sanctions

On February 24, at the very beginning of the West’s sanctions against Russia, members of Conti were clearly already feeling squeezed, including by their inability to buy digital gear from Apple. After urging from Ukraine, Apple had quickly cut off sales of products like iPhones and MacBooks to Russia. The value of Russian’s ruble had plummeted to 85 rubles for each U.S. dollar (by March 7, each dollar cost 150 rubles).

2022-02-24 07:04:43 angelo: I take it now the latest model iPhone and Macbook are the ones you have now and that’s it
2022-02-24 07:05:22 weldon: so it is
2022-02-24 07:10:26 biggie: as long as the dollar is 85
2022-02-24 07:11:09 weldon: screw GDP on the dollar
2022-02-24 07:11:25 biggie: What about the iPhone?
2022-02-24 07:12:07 weldon: Shove your iPhones up your ass
2022-02-24 07:12:58 biggie: what about macbooks

They joked about Russia joining NATO so they could switch from the free-falling ruble to the euro. Angelo said he couldn’t even buy a brand of juice because it’s American.

2022-02-24 07:17:23 biggie: we should join NATO, then the euro would replace the ruble and nothing would drop
2022-02-24 07:17:34 angelo: I even couldn’t buy Dobry Juice now – it’s American
2022-02-24 07:18:31 angelo: you should take Viagra, nothing will drop.
2022-02-24 07:19:20 weldon: @biggie you shouldn’t miss the shitter when you piss
2022-02-24 07:19:44 biggie: :smiley:
2022-02-24 07:43:20 biggie: “In half an hour, a quarter of Russia’s stock market is like a cow lapped it up… MOEX index -28,8%”.
2022-02-24 07:43:41 biggie: we’re broke.
2022-02-24 07:45:42 biggie: on the other hand we could soon be stocked up
2022-02-24 07:46:12 angelo: but
2022-02-24 07:46:15 angelo: but
2022-02-24 07:46:19 angelo: I haven’t fucking figured it out yet
2022-02-24 07:46:48 weldon: close up before they close you down

The Conti members even discussed a rumor that PornHub, the major American pornography site, would block Russian users. This was false; PornHub didn’t actually block Russians from using its service.

2022-02-24 22:02:38 thomas: Some American senators suggest blocking PornHub in Russia in addition to social networks!
2022-02-24 22:02:44 thomas: That’s it, we’re done)
2022-02-24 22:02:49 thomas: They will take away our last joys!

Obsession With Brian Krebs

In late January, during a conversation about drug use, the user “Kermit” said, “We should send our correspondence to Krebs.” Angelo replied, “The worst that can happen.” They’re referring to Krebs, the investigative journalist who covers cybercrime groups like Conti. This is especially interesting because since ContiLeaks was published, Krebs has, in fact, been analyzing the group’s correspondence.

2022-01-28 20:01:08 kermit: we should send our correspondence to krebs
2022-01-28 20:01:10 angelo: the worst that can happen
2022-01-28 20:02:03 angelo: I come back once in the evening,
Stoned on hash.
Life becomes beautiful
And it’s madly good.
2022-01-28 20:02:17 angelo: going….. smoking…
2022-01-28 20:02:26 angelo: he’s freaking out, he’s gonna say the Chelyabinsk delinquents
2022-01-28 20:02:48 stanton: Cannabis is supposed to be good for your head.
2022-01-28 20:03:04 angelo: everything is relative
2022-01-28 20:03:24 angelo: if you’re prone to schizophrenia you might end up in a mental hospital
2022-01-28 20:04:30 kermit: or join the KPRF [Communist Party of the Russian Federation]

It’s clear that members of Conti read Krebs’s work. They frequently mention him when they’re talking about anything particularly inappropriate. For example, on February 2, in a conversation about porn, masturbation and articles about performing oral sex on yourself, Kermit posted, “that’s the kind of correspondence krebs won’t leak :/”.

2022-02-02 20:56:41 elliott: :rofl:
2022-02-02 20:57:01 kermit: that’s the kind of correspondence krebs won’t leak :/
2022-02-02 20:57:08 angelo: he was reading something about giving himself a blowjob

On February 16, Conti members discussed how to remain anonymous using different Jabber clients, chat programs that can be used to connect decentralized chat servers. They discuss Jabber clients called Pidgin, Psi+, and MCabber, how cool and hackery using them looks, and how well their encryption plugins work. They also discuss how their different anonymous Jabber accounts could get linked if they lose internet access and disconnect from multiple accounts at once. Thomas described his technique for mitigating this threat as “Krebs level.”

2022-02-16 08:34:19 thomas: i have each Jabber account on a different client or in a different sandbox
2022-02-16 08:34:22 thomas: and turn them on manually
2022-02-16 08:34:27 thomas: so there could be no timing attacks
2022-02-16 08:34:34 thomas: no autostarts
2022-02-16 08:35:00 thomas: in short, the security is krebs level

Misogyny, Homophobia, Child Sexual Abuse

The messages in this RocketChat channel #general include the sort of misogyny, casual sexism, and crude anatomical references that have historically been endemic among certain groupings of young computer hackers. In one message, Angelo explained that the #general channel was for “pussy and boobs” and the #announcements channel and private messages were for work.

2022-02-08 14:56:47 angelo: you see, in general, pussy and boobs and announcements, in PM work

In one conversation on February 3, Angelo joked with others about raping a girl in her sleep. The replies included “iconic move” and “no, don’t touch them, they’re for meat when the pigeons and bums run out.”

Members of Conti also frequently used homophobic slurs in the chats. Human rights groups have denounced Russian prohibitions, under Putin, of so-called gay propaganda — acts considered to promote homosexuality — saying it contributes to an increasingly homophobic environment where acts of brutality against gay people are common.

On February 25, Patrick posted about how the Safe Internet League, an internet censorship organization in Russia, was going to declare Yuri Dud a foreign agent after a video he published about Ukraine. Dud is a well-known Russian journalist and YouTuber who identifies as Ukrainian. Patrick ended with “Kill the faggots!”

On February 28, Angelo and Kermit discussed child sexual abuse videos (what Kermit openly referred to as “child pornography”) and the ages of girls they liked to watch.

“The Boss” Is Missing

On February 21, the user “Frances,” who had only posted twice before that month strictly about work, posted a long and surprising update in the #general channel.

The “boss” of the Conti ransomware gang apparently disappeared and couldn’t be reached, probably because of “too much attention to the company from outside” and because of internal leaks. Conti didn’t have enough money in emergency reserves to even pay everyone’s salaries. Frances asked everyone to send him up-to-date contact information, take two to three months of vacation from work, and erase their tracks and clean up their accounts used for hacking in the meantime.

It’s unclear why Conti didn’t have enough money to pay salaries. John Shier, a senior security adviser at the security firm Sophos, told CyberScoop that Conti reportedly has a bitcoin wallet with $2 billion in it. And despite the request for employees to take vacation, there have been nearly two dozen news posts with hacked documents from ransomware victims on Conti’s extortion website since February 21.

2022-02-21 13:30:25 frances: @all
Friends!

I sincerely apologize for having to ignore your questions the last few days. About the boss, Silver, salaries, and everything else. I was forced to because I simply had nothing to say to you. I was dragging my feet, screwing around with the salary as best I could, hoping that the boss would show up and give us clarity on our next steps. But there is no boss, and the situation around us is not getting any softer, and pulling the cat by the balls further does not make sense.

We have a difficult situation, too much attention to the company from outside resulted in the fact that the boss has apparently decided to lay low. There have been many leaks, post-New Year’s receptions, and many other circumstances that incline us all to take some time off and wait for the situation to calm down.

The reserve money that was set aside for emergencies and urgent team needs was not even enough to cover the last paycheck. There is no boss, no clarity or certainty about what we will do in the future, no money either. We hope that the boss will appear and the company will continue to work, but in the meantime, on behalf of the company I apologize to all of you and ask for patience. All balances on wages will be paid, the only question is when.

Now I will ask all of you to write to me in person: (ideally on Jabber:))
– Up-to-date backup contact for communication (preferably register a fresh, uncontaminated public Jabber account
– Briefly your job responsibilities, projects, PL [programming language] (for coders). Who did what, literally in a nutshell

In the near future, we, with those team leaders, who stayed in line – will think how to restart all the work processes, where to find money for salary payments and with renewed vigor to run all our working projects. As soon as there is any news about payments, reorganization and getting back to work – I will contact everyone. In the meantime, I have to ask all of you to take 2-3 months off. We will try to get back to work as soon as possible. From you all, please be concerned about your personal safety! Clean up the working systems, change your accounts on the forums, VPNs, if necessary, phones and PCs. Your security is first and foremost your responsibility! To yourself, to your loved ones and to your team too!

Please do not ask about the boss in a private message – I will not say anything new to anyone, because I simply do not know. Once again, I apologize to my friends, I’m not excited about all these events, we will try to fix the situation. Those who do not want to move on with us – we naturally understand. Those who will wait – 2-3 months off, engaged in personal life and enjoy the freedom :)

All working rockets and internal Jabbers will soon be off, further communication – only on the private Jabbers. Peace be with you all!

The post Leaked Chats Show Russian Ransomware Gang Discussing Putin’s Invasion of Ukraine appeared first on The Intercept.

Richard Ciano, a prominent member of Canada’s conservative political circles, denied that he made this $100 donation, both to the Toronto Star and to the Global News. “I did not make any contributions whatsoever to the trucker convoy. I don’t know why or how my name appears on that list,” Ciano said.

Hacked list may be inaccurate. Former PC president Richard Ciano tells the ?@TorontoStar?: “I did not make any contributions whatsoever to the trucker convoy. I don't know why or how my name appears on that list.”#onpoli pic.twitter.com/3aimHFdGnK

— Robert Benzie (@robertbenzie) February 16, 2022

It appears that Ciano’s denial was false. An analysis of the hacked data from GiveSendGo shows that someone using the name Richard Ciano did, in fact, donate to the “Freedom Convoy.” The information in the donor listing matches information from other sources, such as Toronto public records, tied to Ciano. (Ciano did not immediately respond to a request for comment.)

Ciano is the former president of the Ontario chapter of the Progressive Conservative Party. He also runs the political strategy firm Campaign Research Inc., which the party uses for polling.

Evidence in the Data

The GiveSendGo data shows that on February 6, someone made a $100 donation, with a $5 tip, to GiveSendGo’s “Freedom Convoy 2022” campaign using an American Express credit card. The donor marked the gift as “anonymous” but entered the name “Richard Ciano” in the form. The donation listing uses Ciano’s email address at campaignresearch.ca, which is the website of his firm.

The donation record also lists a Canadian postal code as well as a unique identifier that represents a specific credit card charge associated with Stripe, the company that processes credit card payments for GiveSendGo.

The hacked data not only includes lists of GiveSendGo donors but also a separate database containing a wealth of detailed information about all Stripe transactions. By looking up the unique identifier from the donor rolls, it’s clear that Stripe successfully processed that transaction using the name “Richard Ciano” and the same postal code as the donor database.

The Stripe data also includes a link to the receipt for this transaction for $105 — $100 for the “Freedom Convoy” and an additional $5 for GiveSendGo. The receipt says, “Receipt from Jacob Wells.” Wells co-founded GiveSendGo.

Canadian Postal Codes

The postal code attached to the GiveSendGo donation to the “Freedom Convoy” is also tied to Ciano in several ways.

Unlike American ZIP codes, Canadian postal codes are extremely specific. The postal code listed on the Ciano donation can be mapped to a single city block in Toronto. Since the Stripe transaction successfully went through, whatever credit card was used to do the transaction was associated with the postal code in the donor rolls.

The city of Toronto runs a website on which the public can search for donations to municipal political campaigns. A search of donations made during the 2018 municipal elections for the postal code from GiveSendGo lists two donations from Ciano.

Either someone else who shares the same name as Richard Ciano, has a billing address on the same Toronto city block as him, and uses his email address donated to the “Freedom Convoy” — or Ciano’s denial about the donation was false.

Donations to Anti-Vaccine Doctor

The “Freedom Convoy” is the second donation to a GiveSendGo campaign from Ciano. The first donation, on December 23 for $50, was in support of Dr. Peter McCullough, a cardiologist from Dallas who was fired from Baylor University Medical Center for spreading misinformation about Covid-19 vaccines.

McCullough has repeatedly lied about Covid-19 vaccines. “With all due respect, none of McCullough’s ideas have been supported by any randomized, double-blind, controlled clinical trials,” Dr. Anuj Malik, an infectious disease physician, told the Bartlesville Examiner-Enterprise, an Oklahoma news outlet, in an interview about McCullough.

The GiveSendGo listing for the Ciano donation to McCullough used a different credit card than the one used for the December donation — a Visa instead of an American Express — but both donations were successfully processed by Stripe using the same postal code. The GiveSendGo data also shows that the Campaign Research email address was subscribed to the crowdfunding site’s email list twice: once in December after the McCullough donation and again this month after his “Freedom Convoy 2022” donation.

The post Canadian Conservative Denied Giving to “Freedom Convoy,” but His Name Was on Donor List appeared first on The Intercept.

On February 10, the Ontario Superior Court of Justice ordered GiveSendGo to freeze access to the money raised in both of these campaigns. “Know this! Canada has absolutely ZERO jurisdiction over how we manage our funds here at GiveSendGo,” the company tweeted in response. Shortly afterward, the hacker broke into the crowdfunding company’s website and stole the donation records — and a whole lot more.

Activists on the right are not happy about this.

https://twitter.com/coolfacejane/status/1493287833641046026?t=rjxtlusoobTwHKScU7jafg

The Intercept obtained the hacked donor data — including records of roughly 104,000 donors who gave $9.6 million to two separate GiveSendGo crowdfunding campaigns, “Freedom Convoy 2022” and “Adopt a Trucker” — from the transparency collective Distributed Denial of Secrets, which is releasing it to journalists and researchers who request access. (For the record, I’m an adviser to DDoSecrets.)

After analyzing the dataset, The Intercept discovered that the majority of donors to the “Freedom Convoy” included in the data are Americans, including U.S. billionaire Thomas Siebel, who is listed as donating $90,000, the largest individual donation. Hundreds of donors are members of the Oath Keepers, an American far-right paramilitary organization. Stewart Rhodes, the Oath Keepers’ founder, was the first January 6 insurrectionist to be charged with seditious conspiracy.

On Wednesday, a Washington Post analysis of U.S. ZIP codes in the data concluded that “the richer an American community was, the more likely residents there were to donate, and the biggest number of contributions often came from communities where registered Republicans made up solid majorities.”

“Freedom Convoy” donors also contributed $7.6 million to other fundraising campaigns on GiveSendGo’s platform.

Thousands of donors gave money to various anti-vaccine causes promoted by Project Veritas, a far-right group known for deceptively editing videos of its undercover operations. On Monday, The Intercept reported that Project Veritas has collaborated on a video project with America’s Frontline Doctors, a major anti-vaccine propaganda group that works with telehealth companies to rake in millions of dollars selling bogus treatments for Covid-19. After that article was published, Project Veritas and AFLDS both denied that they were working together despite the fact that the video trailer lists a Project Veritas staffer as a consulting producer and promotional materials prominently mention Project Veritas.

And thousands more helped fund efforts to overturn President Joe Biden’s 2020 electoral victory over Donald Trump. Many had also previously given in support of Kyle Rittenhouse, the far-right teenage vigilante who in 2020 shot three Black Lives Matter protesters, killing two of them, in Kenosha, Wisconsin. Rittenhouse was found not guilty on all counts.

Several donors used government email addresses from agencies like the Transportation Security Administration, the Department of Justice, the Federal Bureau of Prisons, and NASA. The Intercept found one donor who used an email address from the Correctional Service of Canada, the Canadian prison system.

Jacob Wells, co-founder of GiveSendGo, verified the authenticity of the hack to the Washington Post. The Globe and Mail confirmed that at least one donor listed in the hacked data donated to the campaign. Brad Howard, the president of a Canadian pressure washer company who donated $75,000 to the fund, issued a statement in support of the “Freedom Convoy.” Gizmodo reached out to several top donors listed in the data, but “only a single donor had responded—only to say Gizmodo should investigate Black Lives Matter instead.”

Most of the Money Came From Canadians

Of the 104,180 donations, 59 percent came from Americans, while only 39 percent came from Canadians. However, Canadians gave just over 50 percent, $4.8 million, of the total money raised, while American donations made up 44 percent, or $4.2 million.

The largest donation record in the hacked data is for $215,000 but does not include data about the donor or which country the money came from. The only information included is the note “Processed but not recorded.” Wells told the Washington Post that this isn’t a single donation at all but rather “an attempt by GiveSendGo to make the public-facing total amount raised accurate, lumping together many donations that came in offline or before its Freedom Convoy campaign page went live.”

Wells says there is no such donation! The line was an attempt by GiveSendGo to make the public-facing total amount raised accurate, lumping together many donations that came in offline or before its Freedom Convoy campaign page went live.

— Aaron C. Davis (@byaaroncdavis) February 16, 2022

The second-largest donation record is $90,000 from Siebel, a Silicon Valley billionaire who founded the enterprise software company Siebel Systems. The email address associated with his donation is hosted on the domain siebel.org. Siebel has supported right-wing causes in the past: In 2008 he hosted a fundraiser for then-vice presidential candidate Sarah Palin.

The third-largest donation record is $75,000 from Brad Howland, president of the Canadian pressure cleaner company Easy Kleen Pressure Systems. The hacked data marks Howland’s donation as “anonymous,” though he confirmed to the Globe and Mail that he made this donation and supports the “Freedom Convoy.” His donation included the comment “HOLD THE LINE!!!”

Hundreds of Oath Keepers Donated to the “Freedom Convoy”

By cross-referencing data from this hack with last year’s hack of the Oath Keepers, which included membership and donor records, The Intercept discovered 355 matches.

The Oath Keepers were key players in the deadly January 6 Capitol attack that was aimed at overturning Biden’s victory in the 2020 presidential election. Prosecutors allege that Oath Keepers stashed weapons at a nearby hotel as part of “quick reaction forces” that could activate if violence escalated.

Oath Keepers left comments with their donations such as: “NWO Tyrants need to be crushed by the fist of Liberty and Freedom. God bless these truckers and their supporters! Thank you!”; “Make Canada Great Again helps Make America Great Again”; and “The communist pigs in uniform are going to try and steal fuel and food. The Biden Junta is afraid of this happening here. this may be why DHS issued a domestic terrorist threat against americans exercising their first amendment rights. They want to silence free speech and separate people from forming groups to fight the communist coup.”

Thousands of “Freedom Convoy” Donors Gave to Other Anti-Vaccine and Far-Right Causes

The hacked data includes the history of every donation ever made through the GiveSendGo platform. “Freedom Convoy” donors gave a total of $7.6 million to other GiveSendGo campaigns as well as the $9.6 million to the “Freedom Convoy” campaigns.

By comparing the email addresses of “Freedom Convoy” donors with donations from other GiveSendGo campaigns, The Intercept discovered that many of the same donors also gave money to other anti-vaccine causes championed by Project Veritas.

• 1,693 “Freedom Convoy” donors also donated $63,000 to Morgan Kahmann, an anti-vaccine former Facebook employee and self-styled “whistleblower” who leaked an internal document about the social network’s Covid-19 misinformation moderation policy to Project Veritas. Kahmann’s GoSendMe campaign earned him over $500,000.
• 1,612 donors also gave $66,000 to Jodi O’Malley, who is described as a “Covid-19 Federal whistleblower.” O’Malley, a registered nurse who worked for Phoenix Indian Medical Center, recorded a video for Project Veritas making unsubstantiated claims that Covid-19 vaccines harmed patients and that ivermectin is an effective treatment for the virus. Public health experts advise against using ivermectin to treat Covid-19. O’Malley earned $475,000 from this GiveSendGo campaign.
• 1,532 donors also donated $55,000 to Melissa Strickler, a former Pfizer manufacturing quality auditor who leaked company emails to Project Veritas that she believed showed the vaccine contained aborted fetal cells. This is false, but she still earned $347,000 from her GiveSendGo campaign.

The Intercept also discovered that many donors gave to anti-democracy efforts in the U.S., legal defense funds for January 6 prisoners, the legal defense fund for Rittenhouse, and various funds supporting the Proud Boys, an American hate group that also played a role in the January 6 Capitol attack.

• Over 2,000 donors also gave more than $120,000 to campaigns aimed at reversing the 2020 election results. The most prominent campaign was for the Voter Integrity Project, run by former Trump campaign operative Matt Braynard. Braynard raised nearly $700,000 through GiveSendGo for his project, which he claimed would acquire voter data from swing states and use this data to prove that there was voter fraud in states where Trump lost to Biden. Braynard’s efforts have been widely discredited. In a Georgia case that cited his data, Democratic lawyers pointed out that “Braynard does not have the appropriate qualifications to opine on these topics, he does not follow standard methodology in the relevant scientific field, and the survey underlying several of his opinions is fatally flawed.” The case was eventually dismissed.
• Over 2,000 donors also gave more than $130,000 to campaigns related to supporting the legal defense of people arrested for participating in the January 6 Capitol attack, including a fund started by a lawyer representing Ashli Babbitt’s family. Babbitt was shot and killed by a Capitol Police officer on January 6 inside the U.S. Capitol.
• 1,166 donors also gave nearly $50,000 to Rittenhouse’s legal defense fund. This campaign raised a total of $629,000. Hundreds of donors also donated $16,000 to campaigns supporting the Proud Boys.

Donors Used Government Email Addresses

A handful of small donations were made using government email addresses.

Someone donated using an email address from the Correctional Service of Canada, the Canadian agency responsible for running prisons. While the user listed his real first and last name in the donation, he put “George Soros” as his display name.

Another person donated multiple times with their U.S. Department of Justice email address. Two people donated using Federal Bureau of Prisons email addresses, and two others donated using NASA email addresses. One donor used their delaware.gov email address. Someone with a U.S. Navy email address donated $50 and listed their display name as “Lets Go Brandon,” and someone with a U.S. Army email address donated $25.

One person used his TSA email address to donate $50 to the anti-vaccine mandate “Freedom Convoy.” The transportation agency has enforced mandates, like requiring passengers to remove their shoes when going through airport checkpoints, in the name of security since September 11, 2001.

So many of the people on this site bleating about mask mandates and freedom and tyranny were totally fine with TSA making us take our shoes off for the past two decades, after 3,000 people died from terrorism on one day, as opposed to 3,000 people now dying from Covid *every day*

— Mehdi Hasan (@mehdirhasan) February 13, 2022

The post Oath Keepers, Anti-Democracy Activists, and Others on the Far Right Are Funding Canada’s “Freedom Convoy” appeared first on The Intercept.

After publication, both AFLDS and Project Veritas disputed that they were working together, despite the fact that “Christian Hartsock, Project Veritas” was credited in the series trailer as a “consulting producer” and Project Veritas was prominently mentioned in promotional materials. An email received by The Intercept after signing up for a “Doc Tracy” promotions list stated: “Thank you for joining me and my fellow detectors on the Project Veritas Muckraker tour.” That reference has now been removed from the “Doc Tracy” promotional email and the consulting producer credit has been removed from the trailer. Neither Project Veritas nor AFLDS responded to requests for comment prior to publication.

The series stars Christopher Rake, a former anesthesiologist at UCLA Health. “I’m willing to lose everything — job, paycheck, freedom, even my life for this cause,” he said in a video he recorded of himself as UCLA staff escorted him out of the medical facility where he worked in October for refusing to take the Covid-19 vaccine. He’s the founder of the anti-vaccine group Citizens United for Freedom. In a crowdfunding campaign for his group, he wrote, “I’m a physician, a follower of Jesus, and a patriot who lost his job because I stood up for freedom.”

A trailer for the “Doc Tracy” video series — which the group released on January 29 to its more than 400,000 Twitter followers, its over 200,000 Telegram channel subscribers, and on its email newsletter — includes a few seconds of Kristina Lawson, president of California’s medical board, being accosted in a parking garage. On December 6, people who identified themselves as members of AFLDS followed and intimidated Lawson. In interviews and on a Twitter thread, Lawson said the group parked an SUV at the end of her driveway in Walnut Creek, California, flew a drone over her house, watched her children drive to school, and then followed her to work. When she left work, Lawson said, four men “ambushed” her in a dark parking garage with cameras, saying they wanted to interview her.

? On Monday, I was followed and confronted by a group that peddles medical disinformation, promotes fake COVID-19 treatments, and is under investigation by Congress for stealing millions of dollars from consumers. It was a terrifying experience. /1

— Kristina Lawson (@kdlaw) December 8, 2021

AFLDS’s founder, Dr. Simone Gold, who has reached a plea agreement for her role in the deadly January 6 attack on the U.S. Capitol, is a licensed medical doctor in the state of California. In September, The Intercept revealed that AFLDS works with a network of telehealth companies to rake in millions of dollars selling hydroxychloroquine, ivermectin, and online consultations to Covid-19 vaccine skeptics. Most doctors, as well as the Food and Drug Administration, National Institutes of Health, American Medical Association, and World Health Organization, advise against prescribing these two medicines to treat or prevent Covid-19. Because of Gold’s work with AFLDS spreading disinformation about the vaccine’s safety and efficacy and selling unproven treatments for Covid-19, the state medical board has been under pressure by other medical doctors and pro-science activists to strip her of her license. The Intercept confirmed that the board is actively investigating Gold.

The AFLDS website has a form to sign up for updates about the new “Doc Tracy” video series, which it says will be released this month. The form includes the question, “Are you a social media influencer (any size) and would you like to be involved (paid or unpaid) in promoting Doc Tracy?”

After signing up for updates, the website sent an automated email that stated, “Thank you for joining me and my fellow fraud detectors on the Project Veritas Muckraker Tour. What an event!” The email said the video series will ask “tough questions from people who really don’t want to answer them” and that “They’re going to cry crocodile tears like Kristina Lawson did.” Project Veritas subsequently denied involvement in the video series. AFLDS eventually removed references to Project Veritas from its promotional materials.

The trailer originally listed “Christian Hartsock, Project Veritas” as a consulting producer. Hartsock is a “senior investigative reporter” for Project Veritas. On February 1, just after promoting the trailer for the video series, Gold posted to Twitter and Telegram, “What a joy and an honor to join Project Veritas this week in the freedom state of Florida.”

The post includes a photo of Gold and her colleague John Strand — a professional model and actor who hosts short “fake news” segments for AFLDS and who has also been charged in the January 6 riot at the Capitol — standing with Rep. Matt Gaetz, R-Fla. Gaetz is currently under federal investigation for allegedly sex trafficking a 17-year-old girl.

Gold and Gaetz were likely attending an event related to the launch of Project Veritas founder James O’Keefe’s new book, “American Muckraker.” O’Keefe is calling his book tour the “Project Veritas Muckraker Tour.”

The trailer for the new AFLDS video series includes images of discredited scientist Dr. Robert Malone and his suspended Twitter account, while a voiceover says, “In a time where stating the facts is made illegal.”

On December 31, Malone was a guest on “The Joe Rogan Experience,” the $100 million Spotify podcast, where he used his credentials as an early researcher on mRNA gene transfer techniques to promote disinformation about Covid-19 vaccines. He also compared Covid-19 vaccination efforts in the U.S. to Germany when the Nazi Party rose to power.

In response to the episode, over 1,300 doctors, nurses, scientists, and professors signed an open letter to Spotify demanding that the company “immediately establish a clear and public policy to moderate misinformation on its platform.” This letter sparked a backlash against Spotify, with major artists including Neil Young and Joni Mitchell boycotting the platform and users canceling their accounts en masse.

Update: February 24, 2022

This article has been updated to reflect the fact that AFLDS has removed a credit listing “Christian Hartsock, Project Veritas” as consulting producer from the trailer promoting its new video series.

Update: February 22, 2022

This article has been updated to reflect the fact that AFLDS has removed references to Project Veritas from its Doc Tracy promotional emails.

Update: February 17, 2022

After publication, Project Veritas and AFLDS both denied that they were working together, despite the fact that the video trailer listed a Project Veritas staffer as a consulting producer and promotional materials prominently mentioned Project Veritas. The Intercept gave both AFLDS and Project Veritas ample opportunity to provide comments before publication, but neither group responded to our inquiries.

Winston Smith from Project Veritas provided the following statement: “The references to Project Veritas in America Frontline Doctors’ production was neither done with Project Veritas’ knowledge or approval. Project Veritas was not involved in the creation and production of Doc Tracy. Christian Hartsock is not a credited producer. This error is being corrected. Mr. Hartsock has had conversations with AFD about journalism, but his involvement goes no further.”

The post Disinformation Doctors and Project Veritas Deny Teaming Up to Harass Medical Officials appeared first on The Intercept.

The expansion comes amid increased scrutiny of AFLDS from the media, Congress, and the Medical Board of California. Doctors associated with AFLDS have prescribed hundreds of thousands of patients hydroxychloroquine and ivermectin through a telemedicine service, hacked records obtained by The Intercept revealed in September. And the network of online health care companies associated with AFLDS have charged patients millions of dollars. In October, citing The Intercept’s report and related reporting by Time magazine, the House Select Subcommittee on the Coronavirus Crisis announced an investigation into AFLDS and the companies it works with, calling them “predatory actors” that have been “touting misinformation and using it to market disproven and potentially hazardous coronavirus treatments.”

Pressure has been mounting for the California medical board to strip AFLDS’s founder, Simone Gold, of her license in the state. Gold, who was arrested and charged after the deadly attack on the U.S. Capitol on January 6, refers to Covid-19 vaccines as “experimental biological agents.” The Intercept confirmed that the board is actively investigating Gold, though it declined to share further information about the investigation or make any statements about Gold, saying that such matters are confidential until the state attorney general’s office files a complaint.

Earlier this month, the president of California’s medical board, Kristina Lawson, alleged that people who identified themselves as members of AFLDS followed and intimidated her. Lawson described the ordeal in a Twitter thread. She said the group parked an SUV at the end of her driveway in Walnut Creek, flew a drone over her house, watched her children drive to school, and then followed her to work. When she left work, she said four men “ambushed” her in a dark parking garage with cameras, saying they wanted to interview her. Lawson said they never contacted her, the medical board’s press office, or her company asking for an interview through professional channels. “I’m not going to be intimidated by these terrorizing tactics,” Lawson told MSNBC, noting that she has since hired private security. The California board declined to answer specific questions from The Intercept about the incident.

? On Monday, I was followed and confronted by a group that peddles medical disinformation, promotes fake COVID-19 treatments, and is under investigation by Congress for stealing millions of dollars from consumers. It was a terrifying experience. /1

— Kristina Lawson (@kdlaw) December 8, 2021

AFLDS did not respond to a request for comment.

State Medical Boards

In July, the Federation of State Medical Boards, the national organization representing all U.S. state medical boards, issued a statement saying that “physicians who generate and spread COVID-19 vaccine misinformation or disinformation are risking disciplinary action by state medical boards, including the suspension or revocation of their medical license” and that “spreading inaccurate COVID-19 vaccine information contradicts that responsibility, threatens to further erode public trust in the medical profession and puts all patients at risk.”

Last week, an organization founded by emergency room doctors working on the frontlines of the Covid-19 pandemic, No License for Disinformation, released a scathing new report urging state medical licensing bodies to investigate doctors who deliberately spread misleading or false Covid-19 information and hold them accountable. “State medical boards must act immediately to support the overwhelming, evidence-based medical consensus, stop the attack on science and medicine, and most importantly, prevent further unnecessary COVID-19 deaths,” the report, published in collaboration with the public health nonprofit the de Beaumont Foundation, states.

The report argues that a “small but vocal minority of physicians” — including those affiliated with AFLDS — “are intentionally and publicly spreading disinformation about COVID-19 and vaccines.” They are “putting lives at risk and violating their professional oath,” the report says, noting that state medical boards have so far failed to act. Nine out of 10 Americans believe that doctors who intentionally mislead the public about Covid-19 and vaccines should be held accountable, according to a poll included in the report, and 91 percent believe that doctors do not have the right to intentionally spread misinformation or false health information.

AFLDS’s Expanding Reach

In recent months, AFLDS has also ramped up its efforts to undermine the Covid-19 vaccine. AFLDS distributes high-quality propaganda videos to its more than 200,000 followers on Telegram, and to Gold’s 380,000-plus followers on Twitter, often publishing multiple videos a week. AFLDS “correspondent” John Strand, a professional model and actor, hosts short fake news segments called “Frontline Flash” about the dangers of Covid-19 vaccines. AFLDS also posts videos to social media under the brand “Frontline Films” showing seemingly ordinary Americans sharing anecdotes about ivermectin saving their lives.

In addition to the telemedicine provider SpeakWithAnMD, which The Intercept has previously reported on, AFLDS is also now using a second telemedicine platform, GoldCare Telemed. When visitors request medication through the AFLDS website, those who self-report symptoms are directed to SpeakWithAnMD, and asymptomatic people are sent to GoldCare Telemed, a new website set up in late November. The two sites appear to be using the same underlying platform. Like SpeakWithAnMD, GoldCare Telemed includes a disclaimer requiring patients to acknowledge that public health organizations deem ivermectin and hydroxychloroquine “Highly Not Recommended.”

AFLDS’s efforts have even edged their way into Pennsylvania’s state legislature. In July, Republican state Rep. Dawn Keefer introduced a bill in the Pennsylvania legislature that would allow doctors to prescribe ivermectin and hydroxychloroquine to treat Covid-19, despite both being ineffective at treating the virus, and would require pharmacists to dispense these medications.

The bill came up for debate last Monday. Dr. Robert Schmidt, a family medicine doctor who falsely claimed that hydroxychloroquine was an effective treatment for Covid-19 and brought up a discredited theory about ivermectin use in the Indian state of Uttar Pradesh, cited the story of Darla and Keith Smith. On November 10, the Pennsylvania couple both tested positive for Covid-19. It’s not known if they had been vaccinated against the virus. “We both did teleconsults with America’s Frontline Doctors and we both got ivermectin scripts approved, but it never came in the mail,” Darla told a local ABC News station. Keith, 52, was hospitalized. His condition deteriorated, and by November 21 he was transferred to the intensive care unit. When doctors at UPMC Memorial refused to treat him with ivermectin because it was not part of the hospital’s Covid-19 protocols, Darla sued the hospital and won.

On December 5, a nurse administered ivermectin to Keith, who at this point was in a medically induced coma, through his feeding tube. After he received a second dose, the doctor overseeing his ivermectin administration ended the treatment because his condition had deteriorated. Last Sunday, a week after receiving ivermectin, Keith Smith died of Covid-19.

The post America’s Frontline Doctors Plans to Open Clinics as California Medical Board Investigates Founder appeared first on The Intercept.

The committee, citing The Intercept, requested documents from America’s Frontline Doctors, or AFLDS, and SpeakWithAnMD about their business practices and profits. It wrote to the Federal Trade Commission requesting that the agency investigate whether these companies are in violation of federal laws.

“Attempts to monetize coronavirus misinformation have eroded public confidence in proven treatments and prevention measures and hindered efforts to control the pandemic,” Clyburn wrote in his letter to AFLDS. “Some Americans who have been influenced by misinformation have chosen not to get vaccinated, delayed receiving evidence-based treatment, and ingested unapproved substances in harmful quantities.”

An investigation by Time in August, also cited by Clyburn, revealed that hundreds of AFLDS patients paid SpeakWithAnMD $90 for Covid-19 consultations hoping to get ivermectin or hydroxychloroquine, which public health authorities say should not be taken to treat or prevent Covid-19, but never received the medicine. Some were charged for the consultations but never got a call back from a physician; others who did get prescriptions were charged up to $700 for the medication.

In September, The Intercept obtained hacked data revealing that the network of right-wing health care companies was making millions advertising, prescribing, and distributing ivermectin and hydroxychloroquine as an alternative to the highly effective Covid-19 vaccines. Between July and September, 72,000 patients whom AFLDS referred to SpeakWithAnMD were charged an estimated $6.7 million for telemedicine consultations alone. AFLDS began referring patients to SpeakWithAnMD in January, and The Intercept does not have data between January and July, so the total revenue from the operation is likely considerably higher.

SpeakWithAnMD then wrote prescriptions for the questionable treatments that were filled by the online pharmacy Ravkoo, which is not a subject of the House investigation. Ravkoo, according to the hacked data, charged patients an additional $4.7 million for ivermectin, $2.4 million for azithromycin, and $1.2 million for hydroxychloroquine between November and August.

The SpeakWithAnMD site was taken offline for a week after The Intercept’s story, which revealed security holes around sensitive patient data on SpeakWithAnMD.com and Ravkoo. Both sites are now up and running again. “[SpeakWithAnMD] is not part of the anti-vax movement, and we do not oppose vaccinations,” Jim Flinn, a public relations agent working for SpeakWithAnMD, told The Intercept. Alpesh Patel, Ravkoo’s CEO, told The Intercept that his online pharmacy no longer works with AFLDS.

In letters to Simone Gold and Jerome Corsi, the founders of AFLDS and SpeakWithAnMD, respectively, Clyburn requested detailed records from both companies, including documents related to ownership, organizational structure, and staffing; details about the doctors’ training and qualifications; numbers of patients and what they were prescribed; and descriptions of the companies’ total revenue and net income for each quarter.

The idea behind AFLDS was first floated during a May 11, 2020, conference call between a senior staffer in former President Donald Trump’s reelection campaign and the Republican activist group CNP Action, during which they reportedly discussed finding “extremely pro-Trump” doctors to go on TV and defend Trump’s plan to rapidly reopen the economy despite the more cautious safety guidance coming from the Centers for Disease Control and Prevention. Gold, who was arrested and charged after the deadly attack on the U.S. Capitol on January 6, calls Covid-19 vaccines “experimental biological agents.”

Corsi is a former host of InfoWars who reportedly spoke to Trump before he was elected president on several occasions about the false “birtherism” conspiracy theories about former President Barack Obama’s citizenship. Corsi was also caught up in special counsel Robert Mueller’s investigation into Russian interference in the 2016 election.

In another letter to Lina Khan, chair of the FTC, Clyburn requested that the agency “investigate the deceptive conduct of companies promoting and profiting from misinformation” about the pandemic, singling out AFLDS and SpeakWithAnMD. “Misinformation endangers public health and fuels vaccine hesitancy by promoting the false ideas that coronavirus vaccines are unsafe and ineffective and that alternative drugs can prevent or cure coronavirus infections,” Clyburn wrote. “Exploiting these falsehoods for financial gain puts American lives at risk and sets back our nation’s efforts to combat the spread of the coronavirus. I am concerned that these predatory practices are endangering American lives and harming our efforts to stop the spread of the virus.”

Clyburn’s letter says he believes that the companies’ deceptive practices could “violate the FTC Act, the COVID-19 Consumer Protection Act, or other relevant laws. For these reasons, I urge FTC to open an investigation into these matters and appropriately exercise its enforcement authority.”

The post House Coronavirus Committee Launches Investigation Into Organizations Pushing Hydroxychloroquine, Ivermectin appeared first on The Intercept.