Anonymous Release 10TB Leaked Data Exposing Kremlin Assets, Russian Businesses
trendsnewsline.comI downloaded and extracted the files in a fresh Linux virtual machine with tools for viewing Word, Excel, and PDF documents. After reviewing the contents for about 30 minutes, the data appears technically authentic—not AI-generated—but nothing particularly noteworthy stood out.
The files "Vulnerabilities/Fetched Data.txt" appear to be output from an automated security scanner that targeted public-facing web servers. Some directory labels are inaccurate. For instance, a company listed as a crypto exchange—Cryptopro—is actually an IT consulting firm focused on cryptography and PKI.
A number of Word, Excel, and PDF files containing corporate reports and similar materials appear to be publicly accessible online and even indexed by search engines. I was able to locate several by searching their titles.
One file, "Part 1/Report those Russian ringleaders/russRingleadersPerDFUNAFO.txt", seems to be the likely source of the "Kremlin Assets in the West" mention. It’s a brief list of Twitter accounts and may have been assembled through open-source intelligence methods.
While the leak might contain some mistakenly published or sensitive material, I didn’t come across anything as significant or dramatic as implied by the article linked.
Who woulda thunk the AI generated article doesn't know what it's talking about
From a quick scan of the file listing of the 18GB compressed folder linked for download elsewhere, looks like it's a collection of completely random data hacked over a number of years from various accounts that may or may not be connected with Russia (Guy Ritchie? Kanye West? Why?).
Also, why a PNG?
2022-12-02 10:25:11 ....A 10530 10092 Leaked Data of corrupt officials/Part 1/Leaked Data of Kanye West's Instagram account/IP, Port, Hostname.png
2022-12-02 10:26:08 ....A 39852 37635 Leaked Data of corrupt officials/Part 1/Leaked Data of Kanye West's Instagram account/SSL info.png
2022-12-02 10:27:01 ....A 124662 114729 Leaked Data of corrupt officials/Part 1/Leaked Data of Kanye West's Instagram account/Vulnerabilities.png
10TB seems just plain wrong (didn't bother downloading the whole thing, though).
> Vulnerabilities.png
Clever. Instagram is an image hosting platform. At the firewall, guards watching the network traffic wouldn't notice png encrypted screenshots of cracked IP addresses being exfiltrated, drifting in plain sight in the usual pixel streams.
I didn't bother looking at the files, but I would wager that it's not as clever as you suggested here. If there's gold in this leak, I'd suggest it's buried in an Everest of crap.
Sorry, I tried humor.
Oops, totally whooshed over my head.
Yikes, the archive article asked me to install Abobe Flash, and I am on Linux. I guess it is really from Russia :)
It's an article from an Indian right wing conspiracy news website. Check out their other hard hitting journalism: https://archive.ph/8RGAb
oufff, okay, this puts the reliability of the article much lower now.
Well gentlemen, we will always remember this as the day we almost caught Donald J. Trump, again.
Brilliantly said.
Seems very dubious, new accounts in the comments urging people to download it ( u/Sonnigeszeug) all the 'sources' go back to the same file, claims it is on torrent trackers yet providing no evidence for? A very sensational article with no proof and if it was true downloading russian government data with no idea whats in it? the sweetest of honey right here
I am sure the other reports from the website are very real: https://archive.ph/8RGAb
Most people have absolutely no way to handle a 10TB file, anyway. Even 1TB csv files can be a challenge. Need to use DuckDB or chunk it somehow.
A lot of ways to hide nasty surprises in such a file, too.
Pack it into a nice executable "csv" and you've got baby's first malware
What baby?
Dude... i'm a software engineere in germany.
I create new accounts because i spend too much time on hn...
I suggest to download stuff because i assume people on HN are well equiped to check it out.
Click yourself some cheap vm in the cloud, download it, check it out. Cost involved? $10
Do you expect journalists with less it knowledge to do this? I mean yeah they can and should but people on hn should do too
> i'm a software engineere in germany.
Fake German detected. A true one would write "I'M A Software Engineer In Germany".
they said he is a software engineer in germany. they didn't say they are from germany.
"Leaked data" seems like a stretch. Sounds like someone ran a vulnerability scanner on some Twitter accounts. Don't have time to go through all the data though, so maybe there are interesting things in there.
It is is a real thing though that Russian databases are routinely compromised or stolen.
People that engage in tax fraud in places like Mexico and Russia often legitimately do it because they do not want the mob/cartels to find out how much money they have and then extort them. The data gets out.
Yeah, from the screenshots on Twitter a lot of it looks like archives of publicly accessible Twitter and Telegram accounts, plus data from old breaches. That makes it seem pretty unlikely there will be anything new and valuable here.
Any validity besides one news article? seems to be getting the hug of death atm.
Hugged? Or DOSed?
Just download the data and validate it yourself if you are skeptical? I guess that's why they released it...
10 TB file from a random website that I have never heard of? Seems like if someone was to leak this a more reputable news agency would have been notified instead of... trendsnewsline
You don't have to download the whole 10TB...
Seems very odd an ai account?* is posting a seemingly unknown 'news' site to a very large unverified file that didn't seem to pass the desk of any major news org and all the 'sources' of this leak come from the same mediafire link, not even a torrent?
*account details looks odd, copy and pasting ai summary of article
Who if not people / experts reading on hn?
Click yourself any server anywhere, download it, analyse it, share your findings.
Right because we all have the time, memory, and sandboxed virtual machine to test this safely without getting hacked.
Obvious honeypot is obvious. If you want (technical) people to download your malware you're gonna have to do better than this.
This goes for me in direction of civil service tbh. and if someone should do something and support, this is the thing we should do.
If people on hn, knowing how things work, are skiddisch, what normal people will do? even less.
To me it goes beyond "civil service" and becomes more like "military service" - you're directly putting yourself in harms way for the collective good. It's not reasonable to expect many users on HN have the setup required to investigate this - sure we're all interested in technology. But we're not all cybersecurity experts.
This is the equivalent of your grandma thinking you're a tech genius because you can restart the router. The skills required for this kind of work are specialised.
Why asking people to do something you should have done first? If there's anything worthy in it, then point to those interesting documents where HN community would be more than happy to help.
I didn't. Someone else did.
I clarified the effort and that we all should do it because we are probably the best people to do so.
That's a fast way to get hacked or become a target. We can do better in this forum security-wise
We are on a forum were most users should know how to operate data that has the probability of malware in it...
You'd think so but it appears they just don't click on strange links instead.
Just now you commented (and removed) that it's improbable that a file this big would be a honeypot, I don't think most users here know how to operate data safely.
I deleted it because the discussion is void. The data is on torrent trackers and on shared file hosters. You can download single files in the torrent and if you can't handle a txt file without getting an anxiety attack that's on you.
I'm not interested in the content but you are, share your findings in place of asking ppl to do that. Why there are so many profiles (many of them green) hurrying people to stop thinking about risks and just open the files? Shouldn't they just open it and see?
Edit as I can't reply: your behavior is quite suspicious and so is some of the new green users commenting. That is exactly what someone embedded in the hacker culture would conclude after analyzing, not feel challenged by you to hurry and open the files.
Of course, I am interested in major data leaks, as most people on this forum should be, since it's an integral part of the culture of the word before news in the url. After examining approximately 20 files, my initial impression is that it appears to be scraped OSINT data. However, I won't make definitive claims based on such a limited sample size. Drawing one's own conclusions is also a quintessential aspect of hacker culture. Though I suppose that's not why you chose to have "webmaster" in your username and hypothesis…
That's fun. Someone feeling up to feeding the 90k trump files into an LLM for a synopsis?
> the 90k trump files
Just a question I asked below. That's the size column in WinRAR (left of the Compressed column). Is it by coincidence also the number of files?
If this is real, there will be claims made and the general public has no way to verify. 10TB is technically challenging to handle for the vast majority of people. Would be really important for someone to re-upload and index the extracted files for online browsing.
Just like the Panama Papers?
Did anything even happen after the Mossack Fonseca law firm was hacked? All I remember was a few people stepping down from govt positions, some rich folks get caught in the xfire (some football player used them).
But nobody went to jail.
>Did anything even happen after the Mossack Fonseca law firm was hacked?
Yes, the journalist who reported on it was killed
https://en.wikipedia.org/wiki/Daphne_Caruana_Galizia#Panama_...
"If this is real". Do you think this is real: https://archive.ph/8RGAb ?
So do we have a verdict yet? Anything more than scraped osint and telegram chats?
Finally. More than 3 years to get russia hacked properly is a bit much. I think IT security got a bit too secure for the safety of freedom.
One ai slop article, and an 18gb mediafirelink from some twitter literally who. Taking bets for complete nothingburger...
What is wrong with people. Who believes this is real?
Do you really think a WordPress website from India posting obvious fake news and conspiracies should be trusted?
Do you think the source that brought you this is reliable in any way: https://archive.ph/8RGAb "Shocking Footage: Hunter Biden & Ellen Caught in Adrenochrome Bust!"
People need to believe someone else out there will solve their geopolitical problems for them.
I thought at least people on this website would be able decipher that this is an obvious fake news website, it also posts some of the most generic right wing conspiracy theories. Quite disappointing to be honest.
> Do you really think a WordPress website from India posting obvious fake news and conspiracies should be trusted?
Depends. Does it validate my Russian collusion delusion?
Trump has ~91k files in the data
https://pbs.twimg.com/media/GomVrWxWMAA5S-_?format=jpg&name=...
[edit] site down - reddit link to the 10tb
https://www.reddit.com/r/worldnews/comments/1k0h9uu/anonymou...
Also x link to data
I'll happily wait for someone else to open that archive and let us know whats in the folder.
Somehow feels like a great way to get a bunch of people to download a rar with a zero day
Yes, an example:
https://blog.google/threat-analysis-group/government-backed-...
I also do not understand how Anonymous would sift through 10TB to confirm the validity of the claims.
> Instead of bailing out, ShellExecute proceeds to call “shell32!ApplyDefaultExts” which iterates through all files in a directory, finding and executing the first file with an extension matching any of the hardcoded ones: “.pif, .com, .exe, .bat, .lnk, .cmd”.
So the vulnerability is not in WinRAR, but rather in the ShellExecute windows code that desperately tries to find something else to run when asked to execute a file that does not exist.
As my security officer says at $dayJob, "having a security hole there for thirty years does not make it somehow less of a security hole".
So always wait for others to do something?
Don't just download it on your windows home pc with your private data of course.
In some cases, yes.
An unknown threat, potentially from the supposed nation-state target itself, has a very high risk.
I'm not versed in creating ultra-sterile lab conditions -- things can escape VMs, escape your network, nothing is impossible. Do I instead bring it to my employers systems and let them take the risk? And to what benefit, when I can just wait?
Cloud VM. Costs you a dollar per hour and has fast download speed.
We are experts on HN. If we don't do it, others with less knowledge might or not might.
And no, a archive file doesn't just include a zero day. A zero day is very valuable.
Fair enough, my morning brain didn't think cloud, though i guess one could argue you're still passing off the risk onto someone else. Either way, its not my expertise
Passing the risk for a price.
AWS is expensive, in my mind, because of stuff like this. They don't want you to nirror it on aws, so egress is expensive. The $/GB/month storage fees it'll cost to store this while exploring it is not cheap, either. And once you have an idea of the data you want to move out of the gap, you want to process /extract it quickly (because of $/GB/Month costs...)
I just thought about a spare machine I have with a 12TB spindle and an SSD not plugged into a network.
I understand how to airgap, and unless something can magically worm it's way through HDMI that's probably how I'd get data out, just to be annoying to everyone. To be fair.
A EC2 (vm) on aws with a little bit of CPU, Memory and enough storage attached, costs 1k per month which is something like $1.5 per Hour.
Its not necessarily about storing it longerm, its about 'looking into it'.
I don't get the Airgap thing though at all. There is a very minimal chance that this contains a zero day. The idea of a zero day is, that you can attack systems and you sell it to people who have high profile targets or systems.
Some random person downloading leaked data, everyone can download, is not a real target for a zero day.
And a zero day which breaks random unpacking tools and your vm/system, would be worth even more.
> I'm not versed in creating ultra-sterile lab conditions -- things can escape VMs, escape your network, nothing is impossible.
I suppose it is a bit hard to find hardware without integrated wifi these days. Maybe taking a sbc (pi or whatever) and wrapping it in tinfoil would work?
You could always cut the pcb lines if you want that guarantee.
I'm aware I'm being cautious to the point of paranoia, but anything with the Russian gov is just not something I feel like learning about the hard way, even if I think I'm able to make such a safe environment
How 18.84GB file is 10TB?
Probably mostly text, which is highly compressible.
> Trump has ~91k files in the data
That's the size column in WinRAR (left of the Compressed column). Is it by coincidence also the number of files?
Judging by the OP's profile, we should be happy that the "AI" managed to recognize a number :)
I am not an LLM [edit] ( as far as I know ;-), but thanks for the profile crit I probably should tidy it up.
Yep, the safe assumption with a profile like that is that it's something automated.
Also yes, that's the file size column. Uncompressed left, compressed right. It's a directory but the screenshot doesn't say how many files it contains.
Thank you German is not my strong point
Can't say I speak German, but at the top there is a Grose: nnn.nnn.nn.nn bytes.
how did this become popular in the first place? was it this user? was it a plant on reddit if it was a scam?
Archive, since the site appears to be down. It's AI-generated slop with basically no informational value though.
am I just being a newb or is OP god-tier with their WPM?
I really despise these things where its a drop n run, and all these yahoos in the comments just talk oblivious towards the fact that person who submitted it remains silent about it..
like... this looks like a sweaty guessing game with everyone in the comments, especially over something that's very likely just troubled/plagued assets to begin with
like, just ask the dude who submitted the shit about more information first or something
I wish they’d leak Trump’s grades from college. And his associates’s trades around his tariff announcements, and all the things.
https://archive.ph/8RGAb here is the other reporting from the website. How high would you rate their faith that they accurately reported in this case?
The they here I meant was anonymous not this random site.
CAREFUL - it could very well be an attempt to get you to download malware.
- As pointed out by constantcrying, this was published by Trendsnewsline, "an Indian right wing conspiracy news website": https://archive.ph/8RGAb
- New account Sonnigeszeug encouraging downloading of the archive
I'd recommend you avoid downloading anything unless you understand the potential consequences. Ideally do so in a sandboxed environment.