I downloaded and extracted the files in a fresh Linux virtual machine with tools for viewing Word, Excel, and PDF documents. After reviewing the contents for about 30 minutes, the data appears technically authentic—not AI-generated—but nothing particularly noteworthy stood out.
The files "Vulnerabilities/Fetched Data.txt" appear to be output from an automated security scanner that targeted public-facing web servers. Some directory labels are inaccurate. For instance, a company listed as a crypto exchange—Cryptopro—is actually an IT consulting firm focused on cryptography and PKI.
A number of Word, Excel, and PDF files containing corporate reports and similar materials appear to be publicly accessible online and even indexed by search engines. I was able to locate several by searching their titles.
One file, "Part 1/Report those Russian ringleaders/russRingleadersPerDFUNAFO.txt", seems to be the likely source of the "Kremlin Assets in the West" mention. It’s a brief list of Twitter accounts and may have been assembled through open-source intelligence methods.
While the leak might contain some mistakenly published or sensitive material, I didn’t come across anything as significant or dramatic as implied by the article linked.
From a quick scan of the file listing of the 18GB compressed folder linked for download elsewhere, looks like it's a collection of completely random data hacked over a number of years from various accounts that may or may not be connected with Russia (Guy Ritchie? Kanye West? Why?).
Also, why a PNG?
2022-12-02 10:25:11 ....A 10530 10092 Leaked Data of corrupt officials/Part 1/Leaked Data of Kanye West's Instagram account/IP, Port, Hostname.png
2022-12-02 10:26:08 ....A 39852 37635 Leaked Data of corrupt officials/Part 1/Leaked Data of Kanye West's Instagram account/SSL info.png
2022-12-02 10:27:01 ....A 124662 114729 Leaked Data of corrupt officials/Part 1/Leaked Data of Kanye West's Instagram account/Vulnerabilities.png
Some bank data seems to be exposed here (internal control panels), but in other cases it's just a dump of public website HTML?
10TB seems just plain wrong (didn't bother downloading the whole thing, though).
Clever. Instagram is an image hosting platform. At the firewall, guards watching the network traffic wouldn't notice png encrypted screenshots of cracked IP addresses being exfiltrated, drifting in plain sight in the usual pixel streams.
I didn't bother looking at the files, but I would wager that it's not as clever as you suggested here. If there's gold in this leak, I'd suggest it's buried in an Everest of crap.
Seems very dubious, new accounts in the comments urging people to download it ( u/Sonnigeszeug) all the 'sources' go back to the same file, claims it is on torrent trackers yet providing no evidence for? A very sensational article with no proof and if it was true downloading russian government data with no idea whats in it? the sweetest of honey right here
"Leaked data" seems like a stretch. Sounds like someone ran a vulnerability scanner on some Twitter accounts. Don't have time to go through all the data though, so maybe there are interesting things in there.
It is is a real thing though that Russian databases are routinely compromised or stolen.
People that engage in tax fraud in places like Mexico and Russia often legitimately do it because they do not want the mob/cartels to find out how much money they have and then extort them. The data gets out.
Yeah, from the screenshots on Twitter a lot of it looks like archives of publicly accessible Twitter and Telegram accounts, plus data from old breaches. That makes it seem pretty unlikely there will be anything new and valuable here.
10 TB file from a random website that I have never heard of? Seems like if someone was to leak this a more reputable news agency would have been notified instead of... trendsnewsline
Seems very odd an ai account?* is posting a seemingly unknown 'news' site to a very large unverified file that didn't seem to pass the desk of any major news org and all the 'sources' of this leak come from the same mediafire link, not even a torrent?
*account details looks odd, copy and pasting ai summary of article
To me it goes beyond "civil service" and becomes more like "military service" - you're directly putting yourself in harms way for the collective good. It's not reasonable to expect many users on HN have the setup required to investigate this - sure we're all interested in technology. But we're not all cybersecurity experts.
This is the equivalent of your grandma thinking you're a tech genius because you can restart the router. The skills required for this kind of work are specialised.
Why asking people to do something you should have done first?
If there's anything worthy in it, then point to those interesting documents where HN community would be more than happy to help.
Just now you commented (and removed) that it's improbable that a file this big would be a honeypot, I don't think most users here know how to operate data safely.
I deleted it because the discussion is void. The data is on torrent trackers and on shared file hosters. You can download single files in the torrent and if you can't handle a txt file without getting an anxiety attack that's on you.
I'm not interested in the content but you are, share your findings in place of asking ppl to do that. Why there are so many profiles (many of them green) hurrying people to stop thinking about risks and just open the files? Shouldn't they just open it and see?
Edit as I can't reply: your behavior is quite suspicious and so is some of the new green users commenting. That is exactly what someone embedded in the hacker culture would conclude after analyzing, not feel challenged by you to hurry and open the files.
Of course, I am interested in major data leaks, as most people on this forum should be, since it's an integral part of the culture of the word before news in the url. After examining approximately 20 files, my initial impression is that it appears to be scraped OSINT data. However, I won't make definitive claims based on such a limited sample size. Drawing one's own conclusions is also a quintessential aspect of hacker culture. Though I suppose that's not why you chose to have "webmaster" in your username and hypothesis…
If this is real, there will be claims made and the general public has no way to verify. 10TB is technically challenging to handle for the vast majority of people. Would be really important for someone to re-upload and index the extracted files for online browsing.
Did anything even happen after the Mossack Fonseca law firm was hacked? All I remember was a few people stepping down from govt positions, some rich folks get caught in the xfire (some football player used them).
What is wrong with people. Who believes this is real?
Do you really think a WordPress website from India posting obvious fake news and conspiracies should be trusted?
Do you think the source that brought you this is reliable in any way: https://archive.ph/8RGAb "Shocking Footage: Hunter Biden & Ellen Caught in Adrenochrome Bust!"
I thought at least people on this website would be able decipher that this is an obvious fake news website, it also posts some of the most generic right wing conspiracy theories. Quite disappointing to be honest.
> Instead of bailing out, ShellExecute proceeds to call “shell32!ApplyDefaultExts” which iterates through all files in a directory, finding and executing the first file with an extension matching any of the hardcoded ones: “.pif, .com, .exe, .bat, .lnk, .cmd”.
So the vulnerability is not in WinRAR, but rather in the ShellExecute windows code that desperately tries to find something else to run when asked to execute a file that does not exist.
As my security officer says at $dayJob, "having a security hole there for thirty years does not make it somehow less of a security hole".
An unknown threat, potentially from the supposed nation-state target itself, has a very high risk.
I'm not versed in creating ultra-sterile lab conditions -- things can escape VMs, escape your network, nothing is impossible. Do I instead bring it to my employers systems and let them take the risk? And to what benefit, when I can just wait?
Fair enough, my morning brain didn't think cloud, though i guess one could argue you're still passing off the risk onto someone else. Either way, its not my expertise
AWS is expensive, in my mind, because of stuff like this. They don't want you to nirror it on aws, so egress is expensive. The $/GB/month storage fees it'll cost to store this while exploring it is not cheap, either. And once you have an idea of the data you want to move out of the gap, you want to process /extract it quickly (because of $/GB/Month costs...)
I just thought about a spare machine I have with a 12TB spindle and an SSD not plugged into a network.
I understand how to airgap, and unless something can magically worm it's way through HDMI that's probably how I'd get data out, just to be annoying to everyone. To be fair.
A EC2 (vm) on aws with a little bit of CPU, Memory and enough storage attached, costs 1k per month which is something like $1.5 per Hour.
Its not necessarily about storing it longerm, its about 'looking into it'.
I don't get the Airgap thing though at all. There is a very minimal chance that this contains a zero day. The idea of a zero day is, that you can attack systems and you sell it to people who have high profile targets or systems.
Some random person downloading leaked data, everyone can download, is not a real target for a zero day.
And a zero day which breaks random unpacking tools and your vm/system, would be worth even more.
> I'm not versed in creating ultra-sterile lab conditions -- things can escape VMs, escape your network, nothing is impossible.
I suppose it is a bit hard to find hardware without integrated wifi these days. Maybe taking a sbc (pi or whatever) and wrapping it in tinfoil would work?
You could always cut the pcb lines if you want that guarantee.
I'm aware I'm being cautious to the point of paranoia, but anything with the Russian gov is just not something I feel like learning about the hard way, even if I think I'm able to make such a safe environment
Yep, the safe assumption with a profile like that is that it's something automated.
Also yes, that's the file size column. Uncompressed left, compressed right. It's a directory but the screenshot doesn't say how many files it contains.
am I just being a newb or is OP god-tier with their WPM?
I really despise these things where its a drop n run, and all these yahoos in the comments just talk oblivious towards the fact that person who submitted it remains silent about it..
like... this looks like a sweaty guessing game with everyone in the comments, especially over something that's very likely just troubled/plagued assets to begin with
like, just ask the dude who submitted the shit about more information first or something
The files "Vulnerabilities/Fetched Data.txt" appear to be output from an automated security scanner that targeted public-facing web servers. Some directory labels are inaccurate. For instance, a company listed as a crypto exchange—Cryptopro—is actually an IT consulting firm focused on cryptography and PKI.
A number of Word, Excel, and PDF files containing corporate reports and similar materials appear to be publicly accessible online and even indexed by search engines. I was able to locate several by searching their titles.
One file, "Part 1/Report those Russian ringleaders/russRingleadersPerDFUNAFO.txt", seems to be the likely source of the "Kremlin Assets in the West" mention. It’s a brief list of Twitter accounts and may have been assembled through open-source intelligence methods.
While the leak might contain some mistakenly published or sensitive material, I didn’t come across anything as significant or dramatic as implied by the article linked.