A new group devoted to transparency is exposing secrets Wikileaks chose to keep

Photo: Adobe Stock This article is the second in a series focusing on notable forensic journalists for the Tow Center for Digital Journalism.

“The truth is its own goal,” Emma Best says of the new journalist collective, Distributed Denial of Secrets. Think of DDoSecrets (a play on the name of a type of cyberattack called a “distributed denial of service”) as an alternative to Wikileaks—indeed, in some cases it hosts the same material—that devotes more attention to explaining its standards for the material it distributes and less to eye-catching press releases. It distributes caches of previously secret data—emails, government records, contracts—some via direct download through the site linked above, some by carefully vetted request. “We simply want to make the information available, and to prevent it from disappearing,” Best, who is the only non-pseudonymous member, says.

The site, which has existed since December of last year, publishes huge volumes of raw data through Tor Hidden Services, an encrypted amenity provided by the Tor Project. In January, for instance, DDoSecrets released a huge dump of emails and messages from Russian officials that Wikileaks had declined to host on the grounds that they were “already public” (many were not), detailing the deployment of Russian troops to Ukraine in 2014, which the Kremlin categorically denied was happening at the time.

Reportage and opinion based on that data is left to traditional deadline journalists, but DDoSecrets’s archive, which includes dozens of document troves from around the world, is carefully—journalistically, even—designed. State-sponsored hacks are flagged, as are hacked materials that cannot be verified and may be adulterated. Independent journalists like Marcy Wheeler and major organizations like The New York Times have built stories on DDoSecrets’s publications. Wikileaks, too, has been the source for major news stories, but it has consistently earned criticism for not vetting its sources in the way that DDoSecrets claims to do. (Wikileaks did not respond to request for comment.)

Best says she and another member, called The Architect, began the project last year. “In 2018, The Architect came to me with their desire to see a new platform for leaked and hacked materials, along with other relevant datasets,” she says. “We’ve known each other for some time, and they were willing to bring their technical expertise to the project. We pooled our resources, along with those of people who chose to not be directly acknowledged, and worked on the initial archive which publicly launched in early December 2018.”

Best’s reputation as a national security journalist and dogged FOIA filer precedes her. Now, she is the public face of DDOS’s otherwise anonymous or pseudonymous collective, both writing about the group’s newest data cache releases and helping to acquire them. On her MuckRock page are both newsy investigations and several indexes of organizational recordkeeping manuals—unglamorous to publish and arduous to acquire but priceless to fellow FOIA filers. Her most recent work to catch the broader public eye was about another nontraditional journalistic operation: Wikileaks—which, Best reported, had sent out a list of 140 things the organization considered “false and defamatory” when said about Wikileaks founder Julian Assange. (Hilarity ensued.) She had reported skeptically on the organization before, noting among other things the incomplete nature of its archive of John Podesta’s emails.

The project has met with high praise from Best’s peers. “People are quick to call it the work of ‘transparency activists,’ which really disappears a lot of labor,” Wheeler, who covers national security from an outsider perspective at her blog Emptywheel, says.

Sign up for CJR's daily email

“Journalism is changing, and maybe it’s comfortable [for institutional journalists] to dismiss that.” Some of DDoSecrets’s most scandalous Russian documents had already been made public, Wheeler says—two Ukrainians brought them to the BBC. But DDoS’s freely available download of the entire cache, which had been available only piecemeal and through dodgy websites hosted in Russia and Ukraine, got the attention of The New York Times, Foreign Policy, The Daily Beast, and other high-profile newsrooms.

Like Wikileaks, DDoSecrets is cagey about the nature of its operations—always a paradox for organizations that promote transparency. Best says there are “fewer than 20” people working with the collective. And while Best knows who “The Architect” is, she’s not sure whether it’s the same “Architect” who was a founding employee of Wikileaks—and acrimoniously departed in 2010. “I understand people would like that narrative. But an answer would need info I don’t have,” she tells CJR during an interview conducted using the secure messaging app Signal. She knows the identity of her Architect, but not Wikileaks’s. “If I can’t relay the info and don’t have a need to know, I try not to even ask..”

Some of Best’s colleagues have backgrounds working for state authorities. “Those experiences are a big part of what drove some of us to (sometimes radical) transparency work, as they did for Chelsea Manning and Ed Snowden (neither of whom are part of DDoSecrets, to be clear),” she writes via Signal. “Those associations all ended well prior to DDoSecrets coming together and were internally disclosed early on.”.

At the moment, the entire project is a labor of love for Best, The—or at least or at least an—Architect, and their undisclosed colleagues. “Everything is out of pocket for the time being,” she says. “We haven’t setup any mechanisms for people to provide financial support, and we’ve rejected offers from people who were willing to pay for access to our LIMDIS [limited distribution—available by request only, but listed on the site] data sets or for us to perform searches on them.”

The DDoSecrets website also includes a “Wanted” section—a list of hacked documents the group is actively seeking. Best cautions CJR that the group does not steal or solicit theft. “Our “Wanted” page lists only materials known to exist from preexisting breaches and leaks for this reason – there are ethical (not to mention legal) lines that would be crossed in soliciting or committing the actual theft of data.” No one in the group, she says, has even suggested stealing or copying information in a way that would break the law.

With all this data-gathering firepower, why has DDoSecrets not simply set up a news site? There are, after all, only a few journalist teams capable of navigating the multilingual, technically complex tranches of information that DDoSecrets has made available, and DDoSecrets has one of them. “Agendas creep into press releases, and biases, misrepresentations or misunderstandings get repeated,” Best says. “We’ve seen this with releases from some other platforms. By simply saying, ‘Here’s the data, it should speak for itself,’ it’s easier to accept.”

 

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Sam Thielman is the Tow editor at the Columbia Journalism Review.