HackerLeaks

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

Anonymous Launches A WikiLeaks For Hackers: HackerLeaks

HackerLeaks openly invites data thieves to upload documents through its submission system, so that they can be analyzed and publicized. “You download it, we’ll disclose it for you,” the site’s homepage reads, listing potential booty such as “databases, exploits, security flaws, documents, and email spools.”

This site has an almost identical structure to that of the slightly earlier LocalLeaks.tk and uses several different websites and web services, in different legal jurisdictions to provide different parts of the site:

Domain Name and home page URL link frameset: http://HackerLeaks.tk - Netherlands

Navigation pages content: http://hackerleaks.udderweb.com - USA

Secure Dropbox (up to 2 MB): https://privacybox.de/hackerleaks.msg - Germany

Larger files - http://www.hidemyass.com/upload/ - USA

email: HackerLeaks@cyber-rights.net - (a Hushmail Private Label email service set up in the United Kingdom, using Hushmail in Canada)

Actual publishing and content analysis Blog - http://hackerleaks2011.blogspot.com/ - USA

IRC chat channel - http://hackerleaks.udderweb.com/irc/irc.html - USA

N.B. given how many IRC logs and IP address details etc. have been intercepted or betrayed by other IRC channel members or operators, any whistleblower would be wise to stay well clear of this or any other IRC channel

Contact Details

website
http://www.hackerleaks.tk
Press inquiries
email: HackerLeaks@cyber-rights.net
General inquiries
telephone: None
fax: None
email address: HackerLeaks@cyber-rights.net

source: http://hackerleaks.udderweb.com/submit.html

Postal Address:

None

Social Networking publicity

Twitter

No

FaceBook

No

Blog / RSS

http://hackerleaks2011.blogspot.com/

Financial Donation methods

Only the the technically clever, but untrustworthy BitCoin, is offered as a method of financial donation.

The actual BitCoin displayed belongs to that of the sister website LocalLeaks.tk

LocalLeaks BitCoin Address: 1JmHoXcpWkFXZRsBs5rHFLJg7JDsSAaA3h


Currently accepting submissions of whistleblower leaks ?

Yes

Restrictive legal Terms & Conditions

No

Practical Advice on preserving Whistleblower Anonymity

None

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

No

Only the third party PrivacyBox.de account is encrypted

Qualsys SSLLabs SSL Server Test rating:

https://www.ssllabs.com/ssldb/analyze.html?d=privacybox.de

Overall rating: [A] 85

Certificate: 100

Protocol Support: 85

Key Exchange: 80

Cipher Strength: 90

PGP Public Encryption Key

None

TOR Hidden Service

via PrivacyBox.de

http://c4wcxidkfhvmzhw6.onion/cgi-bin/tram_msg.pl?mobi=0&sus=hackerleaks&lang=en

I2P eepsite

via PrivacyBox.de

http://privacybox.i2p/cgi-bin/tram_msg.pl?mobi=0&sus=hackerleaks&lang=en

PrivacyBox.de

https://privacybox.de/cgi-bin/tram_msg.pl?sus=hackerleaks

Hushmail Secure Form

No

HidemyAss Upload

For files larger than 2 Mb (up to 400 Mb) hackerleaks.tk points visitors to a file sharing service

http://www.hidemyass.com/upload/

Although this does have some https:// TLS c/ SSL options, these are not enabled by default and it is very easy to upload a file and have the web file location short URL and the password (if set) displayed unencrypted.

Unless you are using Tor or other open proxy servers, then you should not use this


Leak Submission Anonymity

TOR users blocked from access

PrivacyBox.de - No

3rd Party or persistent tracking cookies or graphics

PrivacyBox.de - No

CAPTCHA graphics generated from another website e.g. Google Re-Captcha

PrivacyBox.de - No

Mixed mode non-SSL graphics or style sheets

PrivacyBox.de - No

Embedded video clips etc. from another website e.g. YouTube

PrivacyBox.de - No

Flash file uploader class

PrivacyBox.de - No

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

PrivacyBox.de - No

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

PrivacyBox.de - No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

PrivacyBox.de - No


Domain Name Resilience

Domain Name Registrar

Multiple Internet Service Providers, in different legal jurisdictions ?

hackerleaks.tk [93.170.52.30] is from Netherlands(NL)


Domain Name Server(s) & jurisdiction(s)
    NS01.DOT.TK
     NS02.DOT.TK
     NS03.DOT.TK
     NS04.DOT.TK

BV Dot TK in Amsterdam, Netherlands. offers free domain name registration

Web Server hosting jurisdiction(s)

Domain Name and home page URL link frameset: http://HackerLeaks.tk - Netherlands

Navigation pages content: http://hackerleaks.udderweb.com - USA

Actual publishing and content analysis Blog - http://hackerleaks2011.blogspot.com/ - USA (with links to pastebin and other file sharing sites)

Alternate Domain Name aliases

None

Actual Physical Mirrors of the website:

No

Content officially available via BitTorrent etc P2P etc.

No

Personal tools