Twitter responds to @DDosSecrets distributing hacked content, including police data, in violation of Twitter's policies.
Summary: Late in June 2020, a leak-focused group known as "Distributed Denial of Secrets" (a.k.a., "DDoSecrets") published a large collection of law enforcement documents apparently obtained by the hacking collective Anonymous.
The DDoSecrets' data dump was timely, released as protests over the killing of a Black man by a white police officer continued around the nation neared their second consecutive month. Links to the files hosted at DDoSecrets' website spread quickly across Twitter, identified by the hashtag #BlueLeaks.
The 269-gigabyte trove of law enforcement data, emails, and other documents was taken from Netsential, which confirmed a security breach had led to the exfiltration of these files. The exfiltration was further acknowledged by the National Fusion Center Association, which told affected government agencies the stash included personally identifiable information. While this trove of data proved useful to activists and others seeking uncensored information about police activities, some expressed concern the personal info could be used to identify undercover officers or jeopardize ongoing investigations.
The first response from Twitter was to mark links to the DDoSecret files as potentially harmful to users. Users clicking on links to the data were told it might be unsafe to continue. The warning suggested the site might steal passwords, install malicious software, or harvest personal data. The final item on the list in the warning was a more accurate representation of the link destination: it said the link led to content that violated Twitter's terms of service.
Twitter's terms of service forbid users from "distributing" hacked content. This ban includes links to other sites hosting hacked content, as well as screenshots of forbidden content residing elsewhere on the web.
Shortly after the initial publication of the document trove, Twitter went further. It permanently banned DDoSecrets' Twitter account over its tweets about the hacked data. It also began removing tweets from other accounts that linked to the site.
Decisions to be made by Twitter:
Questions and policy implications to consider:
Resolution: While DDoSecrets' site remains up and running, its Twitter account does not. The permanent suspension of the account and additional moderation efforts have limited the spread of URLs linking to the apparently illicitly-obtained documents.
We just sent you an email. Please click the link in the email to confirm your subscription!