There has been some speculation that the documents released to the Web via Anonymous are something other than public information. Based on the contents of the 1.2 GB Torrent, what was released rested entirely in the public domain. There was no compromise of the ALEC or U.S. Chamber systems, just a massive document harvest using publically available tools.
On Friday evening, a Torrent file was released containing PDF files, Word documents, PowerPoint presentations, and more. The documents belong to the U.S. Chamber of Commerce, the American Legislative Exchange Council (ALEC), and the Michigan-based Mackinac Center for Public Policy.
All three of the organizations are linked to anti-union sentiment, a topic that has seen a good deal of coverage and debate recently, on both sides of the political spectrum and in the public. The contents of the distributed files are debate worthy and, depending on a person’s views, controversial. However, there is nothing earthshaking about the documents, especially if they are to be compared to the emails released after the HBGary incident.
Based on the information released with the re-published documents, there are two ties with Anonymous. The first tie is the password on the encrypted files themselves. Whoever released the document collection encrypted it with TrueCrypt, using Barrett Brown as a password. In addition, Brown’s cell phone number is also used as a password. The second tie with Anonymous is an informational document signed by Kayla, a name associated with the compromise of HBGary and HBGary Federal.
However, when The Tech Herald caught up with Brown on Saturday, he explained that the documents didn’t originate with him.
“I was informed last night via Twitter by someone I'd never heard of [Source] that a file had been acquired containing files leaked from the Chamber of Commerce and other entities; the person wanted me to release it through Anonymous and other means. I told him to go ahead and put it out and I'd take a look when I had a chance,” Brown said, explaining his part in the documents.
“When I woke up today, there was all of this discussion on Reddit and DailyKos about the files, which were being perceived as indeed containing formerly secret data from the Chamber. I started to download the torrent to have a look before making any announcements, and then I'm informed by a couple of colleagues that the information is all essentially public, taken from the Web.”
This recent document re-release tied to Anonymous came from nowhere. Previously, Anonymous has made document releases a public event, announcing them before they are available, and promoting them afterwards in an effort to spread the information. For the U.S. Chamber and ALEC leak, this never happened.
The sudden emergence of the documents has led some to speculate on their contents and the motive of the person(s) who released them. Given the previous plans by Team Themis, when they were gunning for WikiLeaks, there is a healthy dose of skepticism associated with any “new” details that may be “discovered” within the re-published documents, some of them dating back to 2003.
Team Themis, better known as Palantir Technologies, HBGary Federal, and Berico Technologies, proposed disinformation and submitting fake documents as just two of the potential proactive tactics to use when attacking an organization. [More Details]
All of the documents in this re-release were collected using a tool called FOCA (Fingerprinting Organizations with Collected Archives). It’s a powerful tool, which can be used by both internal and external sources.
Internally, it can be used to see what types of potentially sensitive data is leaking to the public about an organization. Externally, the same data can be used to help map a plan of attack. In either case, it is a way to collect and examine OSINT, or Open Source Intelligence.
FOCA project files were included in the document release, adding additional proof that the collected data came from public sources. Additionally, by nature of the FOCA tool itself, some interesting details about the three organizations were also made available.
For example, Windows XP and outdated versions of Adobe and Microsoft Office software are widely adopted. This information isn’t major, but the other details released could be considered sensitive, including network mapping data (server shares and IP addresses), email addresses, and user ID naming conventions.
There are more than 1,500 files in the Torrent published to the Web. Again, based on the FOCA project files, all of them are currently in the public domain on their own.
If anything, this Torrent will offer anyone researching the three organizations a solid starting point with a massive collection of data. Yet, one should still treat the information contained in the re-published documents with a grain of salt.