In November, Reuters published a special investigative feature headlined, “How an Indian startup hacked the world.” The story alleged that a hacking-for-hire firm called Appin had stolen secrets from executives, politicians, military officials, and wealthy elites around the globe. (Appin has denied this.) A few weeks later, however, the story was taken down and replaced by an editor’s note saying that it had been “temporarily removed” following an order issued by a district court in New Delhi. The order, Reuters said, was issued amid a court case that was originally brought against the news agency a year earlier. Reuters said that its hacking-for-hire story was based on thousands of documents and interviews with hundreds of people, including cybersecurity firms, adding that it stood by its reporting and planned to appeal. (Reuters did not respond to a request for comment.)
According to the Daily Beast and other media outlets, the initial lawsuit against Reuters is part of a broader legal war launched by Rajat Khare, co-founder of Appin, and lawyers including Clare Locke LLP, which boasts of its track record in its website. “Murderous stories” about his clients. The Daily Beast reported that references to Khare were removed in a collaborative investigation between the Sunday Times of London and the nonprofit Bureau of Investigative Journalism; a report published in Luxembourg; and a report from the Swiss national channel. Semafor reported, meanwhile, that Clare Locke sent legal threats to The New Yorker over an article about India’s hacking industry. (The New Yorker article is still online; Khare’s lawyer told Semafor that Khare “does not comment on actual or alleged legal proceedings” but is “judicially defending himself before all competent courts against any attack that” lawfare also edited an article he published to remove main points from the Reuters report. And the Internet Archive, which hosted a backup copy of the Reuters article, removed it (the article has been replaced with the message: “This URL has been excluded from the Wayback Machine” ).
For Emma Best, co-founder of a leak-hosting site called Distributed Denial of Secrets, or DDoSecrets, seeing Reuters delete her story reinforced her preference for publishing what would become the Greenhouse Project, a special segment of the DDoSecrets site committed to publishing. They broadcast reports that have been censored. DDoSecrets, which subsequently took over a server in Germany and has been erroneously classified as a “criminal hacker group” by the U. S. National Security Breakdown, has been released from the U. S. Department of Homeland Security. The U. S. Department of Homeland Security sees Project Greenhouse as part of its broader project to ensure free data transfer around the world. . public interest acting as a “publisher of last resort”. He chose the call because he hopes to create a “warming effect to counteract the deterrent effects of censorship. “
The Reuters article (along with supporting documents) is the first look at the project, which was unveiled last week, but Best said it’s just the tip of the iceberg. (On the Appin front alone, she provided me with a list of about a dozen media articles that were either edited to suppress facts about Appin or were completely unpublished. ) Recently, I spoke with Best about DDoSecrets’ goals, the launch of Project Greenhouse, and why she hopes it becomes redundant. The following is a transcript of our discussion, which took place over the Signal messaging app and has been edited for length and clarity.
MI: So the removal of the Reuters story sparked your interest in hosting this material at DDoSecrets?
EB: The Reuters article caught my eye before it was deleted; This is part of a series of reports that I considered important in the first place. It was provocative to see him eliminated like this (although I don’t blame Reuters for doing what it had to do). Seeing the Reuters article – and especially all the secondary reports that were also censored – be removed showed that such a thing was necessary.
Can you give us a little background on DDoSecrets, what it does, and how it came to be?
DDoSecrets is just over five years old and was introduced in December 2018. We’ve published over a hundred million files leaked from our sources and we still have many more that we’re running on. We use a blended distribution model, publishing data to the general public and restricting some data to researchers and researchers when there is a lot of sensitive data. Some of those cases involve ten million files, so it’s simply not imaginable to read and redact them properly. Together with individual media outlets, we have collaborated with organizations such as the Platform for Whistleblower Protection in Africa, the International Consortium of Investigative Journalists, and the Organized Crime and Corruption Reporting Project. In 2020, we were identified as a 501c3 [charity]. Some of our most prominent publications are indexed on the site.
Can I assume that, much like WikiLeaks, this kind of thing hasn’t made you very popular with governments and other entities?
We are banned in Indonesia and Russia, as well as on Twitter and Reddit. You can’t post our URL on Twitter yet, and any Reddit post that contains it is banned [downgraded, so it’s hard to locate and can’t be shared]. I don’t know exactly why; I found out last year when The Intercept reported it. A subreddit dedicated to BlueLeaks [a DDoS task in 2020 that published around 300 gigabytes of internal U. S. law enforcement documents]In the U. S. ] forbidden; I wouldn’t be surprised if [the shadow ban] happened at that time, but I don’t have any ‘receipts’ [evidence]. Last year, the Department of Defense asked us to delete the Pentagon leaks, but we simply ignored them.
How is DDoSecrets funded?
The first year or two, they usually did it out of their own pocket. We’ve won some Bitcoin donations; I think a big challenge helped for a while, but things were minimal enough during the first year that it wasn’t too bad. Now, it’s just donations. They gave us DonorBox and OpenCollective, we’re going through Substack, but I think we’re going to move away from that altogether [because of the platform’s resolution to host Nazi and white supremacist content]. We have some crypto options, however, we don’t appeal to NFT and crypto enthusiasts.
In 2021, we received a grant from [Calyx Institute, a nonprofit focused on virtual security], but we are chronically bankrupt. I think we might have ten thousand dollars available, give or take. Right now, only two of us are paid, everyone else is a volunteer. Or we work full time, but our salary is less than the minimum wage equivalent. I make $400 a week before taxes. We are looking to get investment from outside groups, but have been unsuccessful so far. One base said they would reimburse us for some meetings and trips; That’s the only explanation why we did it, but they never gave us our money back. Probably our biggest source of investment was the Calyx grant. Unfortunately, there isn’t a lot of cash (or recognition) in the publishing sector, and many big sponsors are attracted to the concept of other people who have leaked (or just divulged) their friends’ secrets.
What are your plans if DDoSecrets gets sued by Khare or someone else over the censored stories it publishes?
We’re not going to pre-litigate anything, but it’s worth noting that we have no people or physical presence in India. And the files and the article have both been made into a torrent [a file that can be easily shared] that can’t really be censored. Even if it’s somehow removed from our servers, we couldn’t take it back if we wanted to. As I recall, the Los Angeles Police Department filed a lawsuit [in which it tried to retract some documents that were released through the Freedom of Information Act, which DDoSecrets published] but never even bothered to include DDoSecrets or go after us in any way. As for where it’s hosted, our domain is registered through a company in Iceland. The wiki [the site runs on software similar to Wikipedia] is kept separate from everything else for security reasons.
Will more censored DDoSecrets be uploaded to Project Greenhouse?
I wish this task did not have to be extended. If it’s never needed again, it would be better for everyone. We say internally that we’d like DDoSecrets to become obsolete due to a globally replaced, whether it’s a buildup in transparency, or some other organization that improves the style in some way. But as long as the desire is there. . .
Other notable stories:
ICYMI: Hiba Morgan on Sudan’s Forgotten War
The Voice of Journalism, since 1961