After An Alleged Hack, Data from Oath Keepers Exposed Online

After An Alleged Hack, Data from Oath Keepers Exposed Online

A hacker alleges to have acquired and released massive amounts of data from the Oath Keepers, a militia group whose associates were present at the capitol riots of January 6.

The hacker sent the journalist and transparency group Distributed Denial of Secrets (DDoSecrets) around 5GB of data. It includes emails, internal discussions, and information on the organization’s members and supporters.

The hack involves data from the militia’s Rocket.Chat server, an open-source communication platform where its members usually socialize. An earlier archive contains communications sent in June 2020, whereas messages sent from March 2021 to September 19 are detailed in a second cache.

The hack also exposed more than 10,000 emails from high-profile members’ inboxes, including regional leaders, ranging from January 13 to September 19.

The organization’s membership list has over 38,000 email addresses. However, it’s unclear which ones are related to current and past members. In some instances, email addresses are linked to identities, physical addresses, phone numbers, IP addresses, even donations made in favor of militia. There are also official US military email addresses scattered around the hack.

Days after the failed insurgency, Oath Keepers founder Stewart Rhodes said that the hosting firm LiquidWeb had pulled the organization’s website down. The paramilitary group’s website would later be transferred to Epik, a contentious domain registrar renowned for hosting far-right social media platforms like Parler, Gab, etc.

Even though Epik hosts the Oath Keepers’ online infrastructure, it is unclear if the data breach was linked to previously-occurred hacking efforts. The dates identified within the breach, on the other hand, roughly coincide with the Oath Keeper’s January relocation to Epik.

The Oath Keepers breach provides an unparalleled look at the organization’s members, funders, structure, and activities in the months running up to and immediately following the January 6 coup attempt.

The public can access the leaked emails and chat logs on the DDoSecrets’ website. However, only journalists and researchers will have access to the member list and financial information.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.