Distributed Denial of Secrets

Distributed Denial of Secrets, abbreviated DDoSecrets, is a nonprofit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.

Sometimes called a successor to WikiLeaks,   it came to international attention for its June 2020 publication of internal police documents, known as BlueLeaks. The group has also published data on Russian oligarchs, fascist groups, shell companies, tax havens and banking in the Cayman Islands, as well as data scraped from Parler in January 2021 and from the February 2021 Gab leak. The group is also known for publishing emails from military officials, City Hall in Chicago and the Washington D.C. Metropolitan Police Department.

The site's leaks have resulted in or contributed to multiple government investigations, including the second impeachment of President Donald Trump. During the Russo-Ukrainian War, it was considered one of the best public repositories of all the Russian files leaked since the invasion began.

History
Distributed Denial of Secrets was founded by Emma Best, an American national security reporter known for filing prolific freedom of information requests, and another member of the group known as The Architect. According to Best, The Architect, who they already knew, approached them and expressed their desire to see a new platform for leaked and hacked materials, along with other relevant datasets. The Architect provided the initial technical expertise for the project. At its public launch in December 2018, the site held more than a terabyte of data from many of the highest-profile leaks. The site originally considered making all of the data public, but after feedback made some of it available only to journalists and researchers.

Best has served as a public face of the group, which lists its members. In February 2019, they told Columbia Journalism Review that fewer than 20 people worked on the project. According to Best, several early members of the project were driven to radical transparency work by their past background with the state, which they compared to Chelsea Manning and other whistleblowers. Best said, "Those associations all ended well prior to DDoSecrets coming together and were internally disclosed early on." In April 2021, the website listed 10 members and advisors.

In December 2019, Distributed Denial of Secrets announced its collaboration with the Organized Crime and Corruption Reporting Project. In May 2020, DDoSecrets partnered with European Investigative Collaborations and the Henri-Nannen-Journalistenschule journalism school.

In December 2020, the group announced its affiliation with Harvard University's Institute for Quantitative Social Science.

Responses
DDoSecrets and the people behind the project have been described by Wired as a "transparency collective of data activists" and a successor to WikiLeaks, by the Congressional Research Service, Organized Crime and Corruption Reporting Project, Human Rights Watch and The Nation as a "transparency collective", by The Hill as a "leaktivist collective", by Columbia Journalism Review as a "journalist collective", by Brookings Institution as "a WikiLeaks-style journalist collective," by the New York Times as a "watchdog group", and Business Insider as a "freedom-of-information advocacy group", as an "alternative to WikiLeaks" by Columbia Journalism Review, Krebs On Security, ZDNet, and Forbes, and as "the most influential leaking organization on the internet" by VICE News."

Government responses
In 2019, the Congressional Research Service recognized Distributed Denial of Secrets as a transparency collective. In December 2019, politicians in Sweden and the UK, including anti-corruption chief John Penrose said that leaks published by Distributed Denial of Secrets showed the need for reforms on company creation and registration. That month, Belgian tax authorities initiated an investigation based on data published by DDoSecrets the prior month.

In 2020, the U.S. counterintelligence strategy described leaktivists and public disclosure organizations like Distributed Denial of Secrets as "significant threats," alongside five countries, three terrorist groups, and "transnational criminal organizations." A June 2020 bulletin created by the Department of Homeland Security's Office of Intelligence and Analysis erroneously described them as a "criminal hacker group". Elements of the report were challenged as inaccurate by media such as The Verge. On July 3, German authorities seized a public server used by Distributed Denial of Secrets at the request of the US government. The same month, the Internal Revenue Service (IRS) recognized the group as a 501(c)(3) non-profit.

In 2021, legislators in Maine introduced a bill to close the state's fusion center in response to BlueLeaks and whistleblower reports.

In 2022, law enforcement agencies in New York, New Jersey, Washington and Oregon launched investigations into officers who appeared in the leaked Oath Keepers records published by DDoSecrets.

In November 2023, governments including Cyprus president Nikos Christodoulides and European lawmakers began responding to the Cyprus Confidential findings in less than 24 hours after it was released, calling for a crackdown on financial corruption and launching criminal probes into allegations of money laundering. According to Emma Best, the Department of Defense asked DDoSecrets to remove the 2022–2023 Pentagon document leaks, but DDoSecrets "basically just ignored them".

Censorship
In June 2020, the organization was banned from Twitter in response to BlueLeaks, citing a breach of their policies against "distribution of hacked material" in a move that was criticized as setting a "dangerous precedent." In September 2023, The Intercept reported that access to the organization's website was blocked by Indonesia and Russia and censored by Twitter and Reddit.

Publications
, the site hosts dozens of terabytes of data from over 200 organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.

2018
In December 2018, DDoSecrets listed a leak from Russia's Ministry of Internal Affairs, portions of which detailed the deployment of Russian troops to Ukraine at a time when the Kremlin was denying a military presence there. About half of the material from that leak was published in 2014; the other half emerged in 2016. WikiLeaks reportedly rejected a request to host the full cache of files in 2016, at a time when founder Julian Assange was focused on exposing Democratic Party documents passed to WikiLeaks by Kremlin hackers.

2019
In January 2019, DDoSecrets published hundreds of gigabytes of hacked Russian documents and emails from pro-Kremlin journalists, oligarchs, and militias.

In November 2019, DDoSecrets published over 2 terabytes of data from the Cayman National Bank and Trust. The files were provided by the hacktivist known as Phineas Fisher, and included lists of the bank's politically exposed clients. The leak was used by researchers to study how elites use offshore banking.

In December 2019, DDoSecrets published "#29 Leaks" in partnership with the Organized Crime and Corruption Reporting Project and more than 20 outlets in 18 countries. The 450 gigabytes of data came from Formations House (now The London Office), a "company mill" which registered and operated companies for clients included organized crime groups, state-owned oil companies, and fraudulent banks. The release was compared to both the Panama Papers and the Paradise Papers. Belgian tax authorities initiated an investigation based on the Cayman bank and Formations House leaks.

In December 2019, DDoSecrets published "PacoLeaks" and "MilicoLeaks": data from Chilean military police and military. PacoLeaks revealed police personnel data, extensive police files on activist groups and leaders, and evidence that the police had infiltrated activist groups MilicoLeaks included details on Chilean army intelligence, including operations, finance and international relations.

2020
In 2020, DDoSecrets published a copy of the Bahamas corporate registry. DDoSecrets partnered with European Investigative Collaborations and the German Henri-Nannen-Schule journalism school to create the Tax Evader Radar, a project to review the dataset of almost one million documents. The project exposed the offshore holdings of prominent Germans, the tax activities of ExxonMobil, as well as offshore business entities belonging to the DeVos and Prince families.

In March 2020, DDoSecrets published 156 gigabytes of data hacked from the Myanmar Investment Commission. The leak also revealed how millions of dollars allegedly flowed from Mytel subscribers to Myanmar military generals, and exposed business dealings of family members of prominent military leaders.

In April 2020, DDoSecrets published almost 10million messages from more than 100 Discord servers used by neo-Nazi and QAnon conspiracy theorist groups. The leaked chats showed threats of violence and attempts to influence the 2018 United States midterm elections.

On June 19, 2020, DDoSecrets released BlueLeaks, which consisted of 269 gigabytes of internal U.S. law enforcement data obtained from fusion centers by the hacker collective Anonymous. DDoSecrets called it the "largest published hack of American law enforcement agencies." Betsy Reed described BlueLeaks as the U.S. law enforcement equivalent to the Pentagon Papers.

In July 2020, DDoSecrets released documents relating to the United States' case against WikiLeaks founder Julian Assange. The release also included chat logs and letters between Assange and various sources.

2021
In January 2021, DDoSecrets made videos scraped from Parler available to journalists. Some of these videos were later used as evidence during the second impeachment trial of Donald Trump.

In February 2021, DDoSecrets gave journalists access to hundreds of thousands of financial documents from the Myanmar Directorate of Investment and Company Administration (DICA). Justice For Myanmar called the release "biggest leak in Myanmar history."

On February 28, DDoSecrets revealed "GabLeaks", a collection of more than 70 gigabytes of data from Gab, including more than 40 million posts, passwords, private messages, and other leaked information. The group said that they would not release the data publicly because it contained a large amount of private and sensitive information, and instead shared the data with select journalists, social scientists, and researchers.

In April 2021, Distributed Denial of Secrets made donor information from the Christian crowdfunding site GiveSendGo available to journalists and researchers. The information identified previously anonymous high-dollar donors to far-right actors including members of the Proud Boys, many of whose fundraising efforts were directly related to the 2021 United States Capitol attack.

Also in April 2021, DDoSecrets published a cache of emails from Chicago City Hall. The emails revealed that the city's handling of fatal shootings by police officers violates state law and a federal consent decree. The emails also exposed the Mayor's secret lobbying for qualified immunity, a secret drone program funded with off-the-books cash, and the city's problems with police chases and the George Floyd protests.

In May 2021, DDoSecrets republished the leak of Washington D.C.'s Metropolitan Police Department, including over 90,000 emails. Among other things, the files revealed details of surveillance of right-wing extremists and the response to the 2021 United States Capitol attack.

In September 2021, DDoSecrets publicly released emails and chat logs from the American far-right Oath Keepers organization to the public. They also provided member and donor data to the press. This exposed hundreds of members in law enforcement, over a hundred members with ties to the military and dozens in political office.

In November 2021, DDoSecrets released 1.8 terabytes of police helicopter surveillance footage from the Dallas Police Department and the Georgia State Patrol.

2022
In February 2022, after many anonymous donors supported the 2022 Freedom Convoy, DDoSecrets began providing journalists and researchers with a hacked list of donors' personal information from GiveSendGo. Later that month, GiveSendGo was hacked again, exposing donors for every campaign in the site's history, which DDoSecrets gave to journalists and researchers.

In May 2022, DDoSecrets published 128,700 emails allegedly associated with a Hunter Biden laptop that were being circulated by allies of and former staff of President Donald Trump. DDoSecrets said it published the emails "to counteract possible deceptions by persons with an agenda who are currently distributing the dataset without the relevant context or warnings," because there were "considerable issues with this dataset including signs of tampering" and "more than one altered or implanted emails". DDoSecrets also made a copy of the alleged laptop available to journalists and researchers.

During the Russo-Ukrainian War, DDoSecrets published more than 40 datasets of Russian leaks, totaling at least 5.8 terabytes. Emma Best estimated that the group had published over six million Russian documents in under two months after the war began. NBC News reported that the site "might be the single best public repository of all the Russian files purportedly leaked since the start of the invasion", and The Intercept wrote that it had become the "de facto home" for Russian leaks.

In September, they published Fuerzas Represivas, a collection of military documents from Latin America and Mexico totaling more than 13 terabytes, which Emma Best called "the largest leak in history". The leak included the Chilean Joint Chiefs of Staff, the Mexican Ministry of National Defense and the Joint Command of the Armed Forces of Peru.

In November, they published documents from Innwa Bank in Myanmar and republished files from Liberty Counsel.

2023
In January 2023, DDoSecrets published files from ODIN Intelligence, a contractor for law enforcement and police departments. They also published files from the Cyprus-based corporate service provider MeritServus.

In February 2023, DDoSecrets published documents from the 2022–2023 Pentagon document leak, and tax records from Myanmar.

In August 2023, DDoSecrets published over 500,000 documents and other files from the National Police of Paraguay. In October, they published intelligence documents about investigations involving former president of Paraguay Horacio Cartes. They also published emails and documents from Ethiopia's Financial Intelligence Service.

In November 2023, the Organized Crime and Corruption Reporting Project joined with more than 40 media partners including Cerosetenta / 070, Vorágine, the Centro Latinoamericano de Investigación Periodística (CLIP) and Distributed Denial of Secrets and journalists in 23 countries and territories for the largest investigative project on organized crime to originate in Latin America, producing the 'NarcoFiles' report. The investigation was based on more than seven million emails from the Colombian prosecutor's office which had been hacked by Guacamaya, including correspondence with embassies and authorities around the world. The files dated from 2001-2022 and included audio clips, PDFs, spreadsheets, and calendars. The investigation revealed new details about the global drug trade and over 44 tons of "controlled deliveries" carried out to infiltrate the drug trade and how criminals corrupt politicians, bankers, accountants, lawyers, law enforcement agents, hackers, logistics experts, and journalists in order to use logistical, financial, and digital infrastructures.

Also in November 2023, the International Consortium of Investigative Journalists, Paper trail media and 69 media partners including Distributed Denial of Secrets and the OCCRP and more than 270 journalists in 55 countries and territories produced the 'Cyprus Confidential' report on the financial network which supports the regime of Vladimir Putin, mostly with connections to Cyprus, and showed Cyprus to have strong links with high-up figures in the Kremlin, some of whom have been sanctioned. Government officials including Cyprus president Nikos Christodoulides and European lawmakers began responding to the investigation's findings in less than 24 hours, calling for reforms and launching probes.

2024
In 2024, DDoSecrets launched the "Greenhouse Project" to preserve censored information and create a "warming effect to reverse the chilling effects of censorship" as part of its broader mission to ensure the free transmission of data in the public interest by making itself a "publisher of last resort". The first entry in the project was a November 16, 2023 Reuters story that alleged that a hacking-for-hire firm called Appin had stolen secrets from executives, politicians, military officials, and wealthy elites around the globe and supporting documents. The story was removed by Reuters following an order from a district court in New Delhi, India.