HackerLeaks
From LeakDirectory
General Notes
Anonymous Launches A WikiLeaks For Hackers: HackerLeaks
HackerLeaks openly invites data thieves to upload documents through its submission system, so that they can be analyzed and publicized. “You download it, we’ll disclose it for you,” the site’s homepage reads, listing potential booty such as “databases, exploits, security flaws, documents, and email spools.”
This site has an almost identical structure to that of the slightly earlier LocalLeaks.tk and uses several different websites and web services, in different legal jurisdictions to provide different parts of the site:
Domain Name and home page URL link frameset: http://HackerLeaks.tk - Netherlands
Navigation pages content: http://hackerleaks.udderweb.com - USA
Secure Dropbox (up to 2 MB): https://privacybox.de/hackerleaks.msg - Germany
Larger files - http://www.hidemyass.com/upload/ - USA
email: HackerLeaks@cyber-rights.net - (a Hushmail Private Label email service set up in the United Kingdom, using Hushmail in Canada)
Actual publishing and content analysis Blog - http://hackerleaks2011.blogspot.com/ - USA
IRC chat channel - http://hackerleaks.udderweb.com/irc/irc.html - USA
N.B. given how many IRC logs and IP address details etc. have been intercepted or betrayed by other IRC channel members or operators, any whistleblower would be wise to stay well clear of this or any other IRC channel
Contact Details
- website
- http://www.hackerleaks.tk
- Press inquiries
- email: HackerLeaks@cyber-rights.net
- General inquiries
- telephone: None
- fax: None
- email address: HackerLeaks@cyber-rights.net
source: http://hackerleaks.udderweb.com/submit.html
Postal Address:
None
Social Networking publicity
No
No
Blog / RSS
http://hackerleaks2011.blogspot.com/
Financial Donation methods
Only the the technically clever, but untrustworthy BitCoin, is offered as a method of financial donation.
The actual BitCoin displayed belongs to that of the sister website LocalLeaks.tk
LocalLeaks BitCoin Address: 1JmHoXcpWkFXZRsBs5rHFLJg7JDsSAaA3h
Currently accepting submissions of whistleblower leaks ?
Yes
Restrictive legal Terms & Conditions
No
Practical Advice on preserving Whistleblower Anonymity
None
Leak Submission Encryption
Digital Certificate fingerprints published on their website:
No
Only the third party PrivacyBox.de account is encrypted
Qualsys SSLLabs SSL Server Test rating:
https://www.ssllabs.com/ssldb/analyze.html?d=privacybox.de
Overall rating: [A] 85
Certificate: 100
Protocol Support: 85
Key Exchange: 80
Cipher Strength: 90
PGP Public Encryption Key
None
TOR Hidden Service
via PrivacyBox.de
http://c4wcxidkfhvmzhw6.onion/cgi-bin/tram_msg.pl?mobi=0&sus=hackerleaks&lang=en
I2P eepsite
via PrivacyBox.de
http://privacybox.i2p/cgi-bin/tram_msg.pl?mobi=0&sus=hackerleaks&lang=en
PrivacyBox.de
https://privacybox.de/cgi-bin/tram_msg.pl?sus=hackerleaks
Hushmail Secure Form
No
HidemyAss Upload
For files larger than 2 Mb (up to 400 Mb) hackerleaks.tk points visitors to a file sharing service
http://www.hidemyass.com/upload/
Although this does have some https:// TLS c/ SSL options, these are not enabled by default and it is very easy to upload a file and have the web file location short URL and the password (if set) displayed unencrypted.
Unless you are using Tor or other open proxy servers, then you should not use this
Leak Submission Anonymity
TOR users blocked from access
PrivacyBox.de - No
3rd Party or persistent tracking cookies or graphics
PrivacyBox.de - No
CAPTCHA graphics generated from another website e.g. Google Re-Captcha
PrivacyBox.de - No
Mixed mode non-SSL graphics or style sheets
PrivacyBox.de - No
Embedded video clips etc. from another website e.g. YouTube
PrivacyBox.de - No
Flash file uploader class
PrivacyBox.de - No
Communications / Acknowledgement back to the whistleblower via the website
Acknowledgement of receipt of information
e.g. file upload success indicator - has the leak message or upload actually been received successfully ?
PrivacyBox.de - No
Leak analysis work flow status reporting
e.g. Has anyone actually looked at what the whistleblower has submitted ?
PrivacyBox.de - No
Private message box
e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.
PrivacyBox.de - No
Domain Name Resilience
Domain Name Registrar
Multiple Internet Service Providers, in different legal jurisdictions ?
hackerleaks.tk [93.170.52.30] is from Netherlands(NL)
Domain Name Server(s) & jurisdiction(s)
NS01.DOT.TK
NS02.DOT.TK
NS03.DOT.TK
NS04.DOT.TK
BV Dot TK in Amsterdam, Netherlands. offers free domain name registration
Web Server hosting jurisdiction(s)
Domain Name and home page URL link frameset: http://HackerLeaks.tk - Netherlands
Navigation pages content: http://hackerleaks.udderweb.com - USA
Actual publishing and content analysis Blog - http://hackerleaks2011.blogspot.com/ - USA (with links to pastebin and other file sharing sites)
Alternate Domain Name aliases
None
Actual Physical Mirrors of the website:
No
Content officially available via BitTorrent etc P2P etc.
No