Homeland Security Subpoenas Twitter For Data Breach Finder's Account

An anonymous reader shares a report: Homeland Security has served Twitter with a subpoena, demanding the account information of a data breach finder, credited with finding several large caches of exposed and leaking data. The New Zealand national, whose name isn't known but goes by the handle Flash Gordon, revealed the subpoena in a tweet last month. The pseudonymous data breach finder regularly tweets about leaked data, found on exposed and unprotected servers. Last year, he found a trove of almost a million patients' data leaking from a medical telemarketing firm. A recent find included an exposed cache of law enforcement data by ALERRT, a Texas State University-based organization, which trains police and civilians against active shooters. The database, secured in March but reported last week, revealed that several police departments were under-resourced and unable to respond to active shooter situations.

Homeland Security's export control agency, Immigration and Customs Enforcement (ICE), served the subpoena to Twitter on April 24, demanding information about the data breach finder's account. ICE demanded Twitter turn over his screen name, address, phone number -- and any other identifying information about the account, including credit cards on the account. The subpoena also demanded the account's IP address history, member lists, and any complaints filed against the Twitter account.

No fan of an HSA TLAs

[TimMD909]

The Homeland Security crowd seems as focused on security as the Ministry of Truth was about truth.

Re:We'd all be better off

Government secrets used to be leaked in newspapers; burn all newspapers!

Incompetence?

[Maelwryth]

Someone should tell them what the wheel on the mouse does. It might save them having to use a lawyer every time they want some freely available info in a twitter feed....or they could just talk to him.

The horse is already out

[Nidi62]

In a sane world, they would be finding them to give them a medal. If he could find those leaks, there's a good chance somebody else already had. And these days it seems the only way to get companies to acknowledge and fix leaks is to make them public, otherwise they get swept under the rug.

On a side note, having a hard time seeing how this falls under the purview of ICE. And I'm sure the government will be going after the medical telemarketing firm for a breach of HIPAA

Remember, this is publicly accessible data

They're going after someone who walks down the virtual street pointing out things that are publicly accessible without a single functional access control mechanism. This isn't a "hacker," it's a person that points at something on the digital street that anyone could find and access anyway. This person has committed no crimes whatsoever in doing this.

Re:Remember, this is publicly accessible data

[BlueStrat]

They're going after someone who walks down the virtual street pointing out things that are publicly accessible without a single functional access control mechanism. This isn't a "hacker," it's a person that points at something on the digital street that anyone could find and access anyway. This person has committed no crimes whatsoever in doing this.

He committed the worst crime imaginable in the eyes of the US Government.

He revealed the incompetence and ineffectiveness of a US Government security agency. To those in government, there are few crimes as onerous as revealing their incompetence and lawbreaking for all to see.

It appears that the NSA and other US TLAs have been too busy with US domestic mass surveillance, data-farming, and domestic political shenanigans to bother with piddly things like securing national infrastructure and other mundane tasks they were created to perform. Very sad.

Strat