Breach Notification Website LeakedSource Allegedly Raided By Feds

Breach notification service LeakedSource may be permanently shut down after the owner of the site was raided earlier this week. "At the start of the new year, LeakedSource indexed more than 3 billion records," reports CSO Online. "Their collection is the result of information sharing between a number of sources, including those who hacked the data themselves. Access to the full archive requires a membership fee." From the report: On the OGFlip forum Thursday, a user posted vague details about the LeakedSource raid, but Salted Hash has been unable to verify the claims. The U.S. Department of Justice will not comment, refusing to confirm or deny any investigations related to LeakedSource. The operators of the notification service itself have been offline for several days, and the LeakedSource website stopped working late Tuesday evening. The message from OGF reads as follows: âoeLeakedsource is down forever and won't be coming back. Owner raided early this morning. Wasn't arrested, but all SSD's got taken, and Leakedsource servers got subpoena'd and placed under federal investigation. If somehow he recovers from this and launches LS again, then I'll be wrong. But I am not wrong. (sic)"

Non-story, for now

It's unclear that a raid occurred, and it's being suggested that this may be the result of trolls making up a story. It's also very unclear why they would have been the target of a raid, though I can think of a few ideas. It seems like this is one situation where we ought to wait a bit until the details are clearer before believing that a raid occurred. I can also think of why criminals might want to create a hoax like this, too, due to the nature of the site and how it might be harmful to them for it to exist. It just seems like details are so few that there's not much useful or constructive to be said absent more credible information to explain the downtime.

For now, it seems like there are other things worth discussing. Please consider supporting the Scientists' March on Washington!

Re:Non-story, for now

You do realize the criminals who find that site harmful *do* include the feds, as well as the new administration.

Re:Non-story, for now

You're right that none of us knows what's going on; what's hinky is that the people who do know aren't talking. The timing lends credibility to this being a DOJ action. January 28th is "Data Privacy Day," which is being hyped in government IT circles. Watch for a press release tomorrow or Saturday where the DOJ pats themselves on the back for shutting down "a vast online marketplace of hacked and leaked personal data" just in time for Data Privacy Day, despite this site only leaking shit that was already online elsewhere.

Recent govspam follows.

As Data Privacy Day (DPD) approaches, US-CERT recommends that users and businesses learn more about how to protect their privacy and personal information. DPD is celebrated every January 28 and is an international effort to promote the importance of data privacy. DPD is sponsored by the National Cyber Security Alliance https://staysafeonline.org/ (NCSA), and the theme for this year's DPD is Respecting Privacy, Safeguarding Data, and Enabling Trust https://staysafeonline.org/dat... .

Not surprised, LeakedSource seemed rotten

Not surprised they got raided. LeakedSource always seemed to give me a sort of rotten vibe, that something was off. The fact they wanted money upfront and seemed to be double-dealing made me wonder about them. At least Troy Hunt's alternative is both free and seems way more legitimate, if not as comprehensive.

Re: firstpost

Oh, knock it off.

As for the actual issue, this seems like it's the work of trolls. I may be wrong, but it looks suspicious to me. Here's another link on the topic, with more information: http://www.zdnet.com/article/breach-site-leakedsource-raided-by-feds/

If the owner wasn't arrested, it should be possible to confirm that the site isn't coming back or to make some sort of statement. Also, the note makes me very suspicious. Consider this: if I start a statement by saying, "I'm not racist, but...," it usually means I'm about to make a racist comment. If I include works like "honestly" and "actually" when nobody has questioned my credibility, it's an indication that I'm hiding something and being untruthful. In this case, the note ended by denying it was a troll, which makes me believe it's a troll and consider it less credible than I otherwise would. Until there are more credible details, this is an unverified rumor at best.

Slashdot Afraid to Post?

[BoRegardless]

Feds got your tongue?

Bullshit reporting

So a journalist published an article based on a forum post and pastebin link... that sounds about right... modern-day media... go figure. No wonder the term fake news exists.

Re:Bullshit reporting

modern-day media.

Modern-day, eh?

Guess again, been a lot more.

Re:Bullshit reporting

I think the term fake news was first coined as a synonym for Fox News

too late

this should have happened in 2015.

Backup backup backup

[Bruce66423]

The main moral to take from this story is that if you are going to upset people who have legal powers, make sure that your data is held in a way that is beyond their powers to get at. One of the more interesting possibilities lies in the 'Principality of Sealand' - https://en.wikipedia.org/wiki/... whose legal status is... interesting. If your data was there and you upset Uncle Sam enough, would he try to invade - and would the UK let him!!

Re:Backup backup backup

Yes, and hell yes.

Re:Backup backup backup

[geekmux]

...If your data was there and you upset Uncle Sam enough, would he try to invade - and would the UK let him!!

HavenCo has a rather interesting history of trying to host a data center there...

Re:Backup backup backup

[coofercat]

Sealand might be a possible replication destination, but I doubt you'd want to actually host there for a number of reasons:
1) It's dependent on the UK mainland for just about everything (including an internet connection)
2) If it becomes too much of a problem for the UK government (or their puppet master, like the US), then there'll be an industrial accident where a container ship bumps into it, or the navy dives under it and damages it, or just straight-out blows it up and claims it was a natural disaster or some such.

For more solid foundations, right now, I'd say Iceland is the place to host stuff. They might not be the strongest country (militarily), but they're not dependent on the US to such a degree that they won't say 'no' a few times. I'm not sure where you'd be best off putting a warm-standby though...? Maybe Argentina or somewhere might work, I'm not sure - would have to look into it.

Either way, though, for anything other than mainline-consumer-friendly stuff, consider not hosting in the US (unless you're backed by a large multinational corporation).

Re:Backup backup backup

I vote for Venezuela! I hear they are they are doing pretty well with that whole socialism thing.

Re:Backup backup backup

It'd be easier to just "accidentally" cut the internet cables connecting to the derelict oil rig, if it was a few times then nobody will trust you to store their data. No "invasion" necessary.

The '90s called. They said it's the 21st century

Despite what it says in TFS, the message from OGF does not say "âoeLeakedsource is down forever...". There's a double-quote where /. says the source reads "âoe".

How can so much of the rest of the web properly handle text that falls outside basic ASCII yet /. continues to mangle it?

Misandry

Please consider supporting the Scientists' March on Washington

Why just a Scientists March?! Non-scientists are people too! How about just a Peoples March on Washington where non-scientists, and like men, are welcome to drain the swamp too?

Re:Doesn't surprise me

You make it sound like the EPA is a good thing. As long as they are a proxy for Agenda 2030 they are NOT a good thing.

Second you don't encrypt jack shit when you work for the EPA. You are going to use the software the agency gives you to use. it actually sounds more to me, like you don't know jack shit about Federal Government employee SOP's.

  TSP boys have the tops rolling, getting ready to POP AX on muh G fyund bytchez..

what you mean 60+ fool

Third the 60- crowd can't engineer their way out of a wet paper bag without a computer simulation for everything. Child you were in Diapers when I rolled out the yellow and black Wildcat 1.0

You can't visualize raw ROCKS, SAND and WATER, CEMENT and STEEL, nor Power and Frequency. If your talking encryption you dropped the ball personally yourself.

Lets see you have a
Drivers license
hunting license
fishing license
ham license
drone license

no? you must have skipped boy scouts then. I doubt your prepared today. Got a garden? Lazy you call us LAZY?

You don't know or get who trump hired because you still don't know (blissful ignorance) who hired TRUMP. You'll get the message soon enough.

Those cute little commie marxists with their "peaceful protest" have all grown up and are splitting skulls and attacking everyone. I don't care if they lose their obamacare and get deported. The alternative is a CIVIL WAR

You are uninformed about encryption. I and others can write a encryption program the NSA doesn't know. Good grief what are you doing on slashdot?

We are going to be restoring the republic. Traitors are going to get crushed along the way. You just keep thinking what ever you want to think, it will be great when you get a surprise that you were incorrect.

The "Womens protest" was hijacked by the MUSLIM DEATH CULT to bring SHARIA LAW to AMERICA.
Makes ya uninformed again or with marxist communists. If uninformed, Go hang out near the relocation centers and see how VILE these migrants are, they DO NPT WANT TO BE AMERICANS.

FIND A REFUGEE PLACEMENT OFFICE NEAR YOU.
https://refugeeresettlementwat...

They desire to RAPE your daughter cut her clitoris off and cut your head off. (your really pissing me off I served this country!)

The rest of the brainwashing is complete for now all they have to do is Call you a NAZI and then they justify punching you. Check out ANTI-FA how twisted their version of the word FASCISM and FASCIST is. The word along with NAZI is now weaponized against their enemies -- the hell with truth.

Some now have meet mr CCW for their swan songs.
The Lesson here is they shouldn't "peacefully protest" by commiting 242's 415's on someone traveling to work and not expect to get a free ride to go meet Alah personally

Others traitors already heading to consequence alley for violating USC code and soon to pay with a dime and 25 G's. Paid to commit domestic treason. that's gonna sting.

you can call me a deplorable. OR someone sick of the crap.

I don't HIRE, nor do business with snowflakes or their pals. The more they talk the stupider they look.

Note: If RESPONSIBLE ADULTS find FACTS that are incorrect you got my permission to FIX em to the TRUTH otherwise I don't give a fudge bar what you think, your mind is too small to be able to think.

Re:Doesn't surprise me

Can I have some of whatever you're on, please? It's obviously good shit!

Wow.

What a stupid article

[kronix1986]

This "breach notification site" SOLD password caches to third parties - and even cracked the password hashes before selling them. Why doesn't the summary mention this? This site sold people's credentials passwords to spammers, fraudsters and other malicious actors: https://arstechnica.co.uk/secu...

Re:What a stupid article

Because Steve Ragan is a worthless journalist that publishes content based on random Pastebins.

Re: firstpost

[AmiMoJo]

Can someone explain why the feds would want to shut this site down? As far as I can tell from TFA and google, it seems that it merely collected leaked data sets and provided notifications to users when their data was being published or sold somewhere.

Troy Hunt's comments on this

[davecb]

https://www.troyhunt.com/thoug...

Why?

I don't get it, why were they raided? What is wrong with archives of public information, like archive.org? I assume the info on LeakedSource was in fact leaked and therefore public?

Re:Why?

'leaked' information doesn't magically become legally public information. Do you think the world operates on the legal principle 'finders keepers losers weepers'? With physical objects -or- digital data? No.

Re: firstpost

It sounds like a 'service' ripe for abuse. It's not exactly legal to hold on to copies of stolen data just because you claim your intentions are good. Suppose somebody broke into your house and photocopied all your records and then said "hey, I'm just helping you with off-site backup!" Why -wouldn't- the government shutdown a site doing almost the same thing?*

Re: firstpost

Forget about 'sounds':

https://arstechnica.co.uk/secu...

If this article is true I can't side with them at all. And I'm having a really hard time understanding the apologetics who think what they've done is legal or should be legal. You can provide awareness that a breach has occurred without actually storing the stolen data. If it's a database of user names and encrypted passwords for instance, trying to generate the plain-text passwords is plainly malicious, and why are you holding the encrypted passwords at all? Trash them.

To me a fair analogy would be a 'child porn prevention' site that actually held on to all the pictures it found (and sold them to interested parties, presumably just victims looking for evidence -right-), as a way to somehow help stop child porn. Seriously?

Where to begin...

Let's see. First off, thanks for the lovely copy-pasta. Can't wait to start trolling folks with it. Second, "your" is possessive. The contraction for "you are" that you're too fucking stupid to understand is Y O U (APOSTROPHE) R E you goddamn RETARD. Third, if you're over sixty, your Alzheimer's is kicking in hard. You might want to get that checked. Fourth, your post is a prime example of a large part of the problem with the world. Specifically, stupid and delusional people like you are too stupid and delusional to know they are stupid and delusional. Fifth, I think my favorite part of your rambling, incoherent, barely intelligible diatribe--if we can fairly call it that--is your claim that you can write an encryption program to foil the NSA. Seriously, anon, thanks for the laughs. Bruce and I will look back on this some day, wax nostalgic, and have a light chuckle over the fond memories of your inanity. I would explain why it's so funny but alas, you're retarded and incapable of understanding so it's a futile effort.

And finally, you really ought to shut the fuck up. As the quote goes: "Better to remain silent and be thought a fool than to speak out and remove all doubt." You, anon, have removed all doubt. Clearly Richard Spencer's dick is the smartest thing that ever came out of your mouth. I feel sorry for you.

Re: firstpost

Oh so you mean like that CP honeypot the Feds setup a while back?