Euro Security Watch with Mathew J. Schwartz

Access Management , Cybercrime , Fraud Management & Cybercrime

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Hacktivism or Disinformation? Whoever Leaked the Data, It's Culled From Old Breaches
'Anonymous' Leak of Minneapolis Police Data Is a Hoax
Guy Fawkes, aka the face of Anonymous

Not all data breaches are what they might seem, and not all leakers are who they might claim to be.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

Take the doxing of the Minneapolis Police Department. In recent days, information on members of the police force was leaked online, including under the banner of Anonymous.

"Anonymous is back and have already h@cked the Minneapolis Police Department website," tweeted the Twitter account @pjnkmin, which may - or may not - be associated with Anonymous actors. At least until recently, the account and many others retweeting about the data dump appeared to be largely focused on K-pop, as in South Korean pop music and culture, rather than hacktivism.

Whoever assembled a collection of email account usernames and passwords for members of the Minneapolis Police Department, the information has been circulating widely online in recent days. The supposed doxing followed the death on May 25 of George Floyd, a black man who was in Minneapolis police custody. Four police officers present during his death have been fired, and one - Derek Chauvin - was charged on Friday with third-degree murder and second-degree manslaughter. The Department of Justice is investigating.

Floyd's death has led to protests across the United States and beyond.

'Anonymous Is Back'

Enter one or more individuals claiming to operate under the banner of Anonymous, the hacktivist collective where no one knows your true name (more on that shortly).

"Officers who kill people and commit other crimes need to be held accountable just like the rest of us, otherwise, they will believe they have a license to do whatever they want," the Anonymous post says to the Minneapolis police. "Unfortunately, we do not trust your corrupt organization to carry out justice, so we will be exposing your many crimes to the world."

One problem: Anonymous doesn't appear to have hacked anyone.

For breaches cataloged by Have I Been Pwned, individual email addresses appear in an average of two breaches. But the emails contained in the Minneapolis Police Department employee dump appear in an average of 5.5 breaches. (Source: Troy Hunt)

Of the 798 email addresses contained in the data dump, 689 are unique, and 87 appear multiple times, says Troy Hunt, who runs the free Have I Been Pwned breach-notification service. "Of the 689 unique email addresses, 654 of them are already in Have I Been Pwned," he says in a blog post. "That's a hit rate of 95%, which is massively higher than any all-new, legitimate breach," which at least in the U.S. would typically have a hit rate of 60% to 80%, he says.

The impetus for people wanting to believe that above-the-law hackers might be holding people in power to account, however, is powerful.

"This is getting traction because emotions are high; public outrage is driving a desire for this to be true, even if it's not," Hunt says. "Hash-tagging it 'Anonymous' implies social justice, even if the whole thing is a hoax."

Anonymity May Be Only Skin Deep

A big caveat remains for anyone who might want to set their hack cannons to lulz: Anonymous members who have experienced "OPSEC fail" by failing to practice sufficiently good operational security, and who have broken the law, have found themselves getting outed, charged, arrested and serving jail time, as the "PayPal 14" and Hector "Sabu" Monsegur, former leader the collective's LulzSec spinoff, can attest.

And of course, anyone can still claim to be part of Anonymous and make their communications look official by ending any missives with this tagline: "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us."

This "hyperbolic rhetoric" is part of what came to define Anonymous, as well as to make its video pronouncements go viral in the late 2000s and early 2010s, according to anthropologist Gabriella Coleman, who's a professor at Montreal's McGill University.

"It is difficult to boil down the workings of anonymity within Anonymous to a single logic: Whatever formulation you come up with, it can always be adopted and repurposed, in different ways and towards different ends, by whoever wants to use it," Coleman writes in "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous," her 2014 take on the history of the collective.

Because by definition Anonymous is anonymous, "the ideal itself is thus, in some ways, incorruptible (or endlessly corruptible) - always outside the reach of power, even if those temporarily experiencing it, or who believe themselves to be experiencing it, can themselves be grasped," Coleman writes.

Down and Out in Hacktivist Land

The anonymity implied by Anonymous, of course, means that the supposed social justice aims can - and have been - suborned by individuals with other goals.

Indeed, the faked Minneapolis Police Department data leak isn't the first hoax in recent times involving supposed activist hackers. Over the course of the last decade, bona fide hacktivism plummeted, while nation-state false flag operations conducted under the guise of hacktivism have skyrocketed, threat intelligence firm Recorded Future reported last year.

Source: Recorded Future

Given the guise of anonymity, reliably knowing when hackers are at work, versus nation-state groups or state-sponsored troll farms, can be tough.

For starters, that's because disinformation campaigns typically don't make things up from scratch, but rather make use of existing social and political divisions. The Kremlin's 4D campaigns - for dismiss, distort, distract and dismay - are designed to amplify already existing debates, for example, to undermine U.S. elections, spread vaccine misinformation or blame foreigners for COVID-19.

Existing Debates Get Amplified

Again, however, foreign powers with their own agenda didn't start these fights; they're just trying to turn them to their own advantage.

The same likely holds for current protests in the U.S. and beyond. "Are foreign state actors amplifying narratives around the protests for their own gain? Absolutely! It's become an international media event that aligns neatly with their broader political agendas," tweets Lee Foster, an information operations intelligence analyst for cybersecurity firm FireEye.

But for anyone looking to blame the protests on foreign actors, "stop looking externally for the enemy within," he says. "That's a reference to societal systems of oppression, for those that can't read between the lines."



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.