How 'Kind of Everything Went Wrong' With the Turkey Data Dump
The incident highlights the nuances and differing morality of those who dump or spread hacked data.
Photo: Shutterstock/Tomo Jesenicnik
Dumping hacked data can get real messy. Earlier this week, the Internet Archive removed several files uploaded by an activist after it was revealed they included vast amounts of personal information of Turkish citizens, including a database of most of the country's adult women.
"Kind of everything went wrong," Michael Best, the freedom of information activist who uploaded the files to the Internet Archive told Motherboard.
This data wasn't the cache of emails released by WikiLeaks shortly before, although WikiLeaks did tweet a link to the files. Regardless, the incident highlights the nuances and differing morality of those who dump or spread hacked data.
Here's what happened:
First, Phineas Fisher, the hacker notorious for breaching surveillance companies Hacking Team and FinFisher, penetrated a network of the AKP, Turkey's ruling party, according to their own statement. The hacker was sharing data with others in Rojava and Bakur, Turkey; there was apparently a bit of miscommunication, and someone sent a large file containing around half of akparti.org.tr's emails to WikiLeaks.
WikiLeaks then published these emails on July 19, and as some pointed out, the emails didn't actually seem to contain much public interest material.
"The series of mistakes may have shown one of the worst sides of the internet's best intentions"
Then Phineas Fisher dumped more files themselves. Thomas White, a UK-based activist also known as The Cthulhu, also dumped a mirror of the data, including the contentious databases of personal info. This is where Best, who uploaded a copy to the Internet Archive, comes in.
Best said he didn't check the contents of the data beforehand in part because the files had already been released.
"I was archiving public information," he said. "Given the volume, the source, the language barrier and the fact that it was being publicly circulated already, I basically took it on faith and archived a copy of it."
According to Best, the Internet Archive emailed him and offered to discuss whether the files should be removed. Under the circumstances, Best didn't object, and the databases were taken down.
"I don't know what the public interest value would be in this instance, but I do see how the information's availability through the Internet Archive could create additional harm that I'm powerless to justify in any way," he admitted.
White, meanwhile, is still hosting the data. He argues that, unless his source has directed otherwise, he won't prohibit the flow of information.
"The torrent has remained up and will continue to do so unless requested it be removed by the source," White told Motherboard in an online chat. "To remove the data without his consent is akin to censoring it in my view. Removing the torrent is not possible anyway now, I could remove my own link but it won't stop propagation of the file in any way."
"What I am shocked by is that nobody seems to have paid any attention to the fact WikiLeaks just went against the wishes of a source and published anyway," White added.
WikiLeaks did not respond to a request for comment.
For his part, Best said he thinks Fisher's original plan "would've been best." As Best understood it, Fisher was going to hold onto the data as he worked with locals to determine its contents and what should be done with it. (Phineas Fisher did not immediately respond to a request for clarification.)
That, of course, is not what happened. Instead, various people published the data in different ways, and took different stances on whether it should remain online or not. As a result, arguably innocent Turkish citizens were harmed.
"The series of mistakes may have shown one of the worst sides of the internet's best intentions," Best said. "But it also showcased the internet's capability for self-correction."