Takedown notice from mSpy
We have received a takedown notice from the company mSpy, alleging that the domain ddosecrets.com, specifically the section https://data.ddosecrets.com/MSpy/, is hosting stolen personal and corporate data belonging to them.
We frequently receive takedown notices for various reasons. With our customers’ consent, we sometimes publish these notices to shed light on the increasing misuse of the law to silence media, NGOs, and activists. This highlights the growing trend of censorship through legal pressures.
Who is DDoSecrets?
DDoSecrets, is an independent, non-profit collective dedicated to publishing leaked and hacked data in the public interest. Founded with the mission of promoting transparency and accountability by making information, often censored or hidden, accessible to the public.
They aim to empower citizens with knowledge, holding powerful entities accountable and promoting justice and transparency in areas where information is often obscured or manipulated. Their Greenhouse Project, focuses on the preservation of data related to environmental issues, corruption, and corporate misconduct.
DDoSecrets is committed to fighting censorship with the Greenhouse Project.
Launched in January 2024, the Greenhouse Project is an initiative by Distributed Denial of Secrets aimed at combating censorship. It embodies the “publisher of last resort” concept, originally proposed by George Buchanan in 2007, ensuring that censored reporting and source files are preserved. By doing so, the project works to counteract the chilling effects of censorship and promote the free transmission of data in the public interest.
More information here 👉https://www.cjr.org/the_media_today/qa_emma_best_ddosecrets.php
https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal
Historically, DDoSecrets been censored by entities with questionable records when it comes to human rights, including Russia, Indonesia and Elon Musk.
Outside of the complaint itself, mSpy has also made sensationalist claims about the data and its source, downplaying the authenticity of the data leak and framing it as a politically motivated attack towards the Ukranian Army, rather than addressing the actual security concerns and privacy violations associated with the breach.
👉https://www.currenttime.tv/a/rossiya-prilozhenie-mspy/33050441.html
Who is mSpy?
mSpy has a negative trackrecord when it comes to securing data secretly collected by it’s spyware (passwords, call logs, text messages, and location data). Despite previous security breaches in 2015, mSpy failed to secure its systems adequately again in 2018, exposing without authentication, customer details. When alerted to the leak, the company followed the same pattern, downplaying its severity.
As always, we have forwarded the request to our client for comment:
“We don’t have the time, energy or the inclination for tripe. Nevertheless, we may be found at magnet:?xt=urn:btih:BBDC678EC3E0EC699611631C45137B0A018CD47E”, said Emma Best of Distributed Denial of Secrets.”
We have decided to ignore this takedown notice for the following reasons:
- Public Interest and Transparency: The data hosted on ddosecrets.com exposes the reprehensible practices of mSpy. This is not just a matter of public interest; it is a public necessity. People have a right to be informed about the unethical and potentially illegal activities of companies that invade their privacy.
- mSpy’s Questionable Practices: mSpy, a notorious spyware maker, has a history of unethical behavior, including the covert collection and misuse of personal data. This takedown notice is a blatant attempt by mSpy to cover up their misdeeds. We refuse to be complicit in their scheme to silence the truth.
- Protection of Whistleblowers: The dissemination of this data appears to have been done by whistleblowers aiming to expose the questionable practices of mSpy. Whistleblowers play a crucial role in maintaining transparency and upholding ethical standards in society. We stand by the principle of protecting those who bring critical issues to light, especially when it concerns public safety and privacy.
- Misinterpretation of Legal Protections: While mSpy cites various data protection laws such as GDPR and CCPA, the context of this data publication is crucial. mSpy’s invocation of GDPR, CCPA, and other data protection laws is a transparent ploy to manipulate legal frameworks designed to protect individuals, not corporations that engage in surveillance and data exploitation. The public interest in exposing mSpy’s actions far outweighs their claims of legal protection.
- Commitment to Free Speech: As a network service provider, we are committed to upholding the principles of free speech and expression. Censoring content that reveals significant issues about corporate misconduct goes against these principles. We vehemently support the principles of free speech and will not be bullied into censoring content that reveals corporate corruption and privacy violations.
- Preventing Misuse of Takedown Mechanisms: The misuse of takedown notices by entities like mSpy to suppress information about their unethical practices is a concerning trend. This takedown notice is a textbook example of a company trying to intimidate and silence critics through legal threats. We categorically reject this and will not allow mSpy to misuse takedown mechanisms to hide their unethical behavior.
In light of the above reasons, we believe it is in the best interest of the public to keep the information accessible. We encourage organizations to adopt ethical practices and transparency in their operations rather than attempting to hide behind legal threats.
The request (via Cloudflare):
Cloudflare received an abuse report regarding:
ddosecrets.comPlease be aware Cloudflare is a network provider offering a reverse proxy, pass-through security service. We are not a hosting provider. Cloudflare does not control the content of our customers.
Below is the report we received:
Reporter’s Name: Brainstack
Reporter’s Email Address: pr@brainstack.team
Reporter’s Company Name: BrainstackReported URLs:
https://data.ddosecrets.com/MSpy/Logs or Evidence of Abuse: Dear Cloudflare Team,
I am writing to formally lodge a complaint regarding the domain name ddosecrets.com, which appears to be utilizing your network services. The website, specifically the section found at https://data.ddosecrets.com/MSpy/, is currently hosting stolen data, including personal information of users and confidential corporate data belonging to MSpy, a brand of our company. The publication of this data is unauthorized and illegal under various data protection and privacy laws.
Publication of Stolen Personal Data:
The website hosts personal data of users, including but not limited to names, addresses, email addresses, and other sensitive information. This is a direct violation of privacy rights protected under laws such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, and other international data protection laws. According to GDPR (Articles 5 and 6), personal data must be processed lawfully, fairly, and transparently, with explicit consent required from data subjects for any public sharing. The unauthorized disclosure of this information poses severe risks, including identity theft, fraud, and other malicious activities that could harm individuals.Unauthorized Disclosure of Corporate Data:
Furthermore, the website contains proprietary and confidential information from MSpy, obtained and published without authorization. This breach of confidentiality and intellectual property rights disregards established trade secret laws and contractual obligations designed to protect corporate data from unauthorized dissemination. Such actions not only undermine our company’s competitive advantage but also violate our fundamental right to safeguard sensitive business information.Legal Implications:
The unauthorized hosting and publication of this data not only violate privacy and data protection laws but also constitute criminal offenses. Specifically, the Computer Fraud and Abuse Act (CFAA) in the United States (18 U.S.C. § 1030) criminalizes unauthorized access to computer systems and the theft of data. It is imperative to highlight that even though Cloudflare operates pass-through network services and not hosting services, your organization can still be implicated in criminal investigations related to data theft and unauthorized disclosure. By continuing to facilitate the operations of ddosecrets.com, your organization may be considered complicit in these illegal activities, potentially facing criminal charges as accomplices.It is important to emphasize that personal data is a highly sensitive matter globally, actively protected by robust legal frameworks aimed at safeguarding individual privacy and data security. The unauthorized disclosure and exploitation of personal data not only violate these legal protections but also undermine the fundamental rights and freedoms of individuals.
Given the gravity of this situation, we urgently request the following actions:
– Immediate Action: Take all necessary measures to prevent further unauthorized dissemination of stolen data by ceasing to provide network services to ddosecrets.com.
– Thorough Investigation: Conduct a comprehensive investigation into the circumstances surrounding the illegal activities. Identify the responsible parties and take decisive measures to prevent recurrence.
– Notification: Provide us with prompt updates on the actions taken to address this complaint and the safeguards implemented to prevent similar incidents in the future.Failure to address this issue promptly and effectively may lead to legal actions against all involved parties, including potential criminal charges for complicity in the unauthorized distribution of stolen data. We stress the critical legal and reputational risks associated with non-compliance with data protection laws and the facilitation of unauthorized content.
Thank you for your immediate attention to this matter. We trust that you will act swiftly and decisively to rectify this situation and prevent further harm.
Please address this issue with your customer.Regards,
Cloudflare Trust & Safety
Conclusion
In August 2024, the spyware company mSpy seeks legal takedown against the website ddosecrets.com, alleging that it hosted stolen personal and corporate data belonging to mSpy. We, FlokiNET, the hosting provider for ddosecrets.com, chose to ignore the notice, citing the public interest in exposing mSpy’s unethical practices and the importance of protecting whistleblowers. This incident highlights the increasing misuse of legal mechanisms to suppress information and the challenges faced by platforms in balancing legal compliance with the public’s right to know.
Pingback: Weekly Update 414 - Source: www.troyhunt.com - CISO2CISO.COM & CYBER SECURITY GROUP
Pingback: Weekly Replace 414 - Multicloud365