- Over 100 DHS Fusion Center siteswere involved in the recent #BlueLeaks database breach. All of the sites were ultimately hosted on a computer server in a Data Foundry data center in Houston. Data Foundry, also called GigaNews, is a central Texas based operator of several data centers.
- Despite its small size, Data Foundry appears to be one of the larger distributors of child pornography in the world via the Usenet groups it hosts. This claim was already made before in some detail back in2014 by a former engineer, as well as in 2018 by theOAG of New Mexico.
- Data Foundry at one time served as one of the world’s largest bulk intel metadata collection points for the NSA program “BOUNDLESS INFORMANT” and was given the codename WAXTITAN. This was revealed as part of the Snowden leaks in 2013.
- Data Foundry has an unusual history with mainland China. The Yokubaitis family, which runs the company (along with other related firms) have frequently attendedPeking University. This school is probably the 2nd most prestigious in all of China (behind Tsinghua), and has developed most of the breakthroughs for China’s nuclear weapons program over the last three decades. During SXSW 2015 it was mentioned that their 2nd largest customer base is in China. This is unusual as no effective marketing seems to take place there, raising the question of how these customers are acquired. The sysadmin who first made claims against Data Foundry in 2014 alleged that their facilities would follow requests made from the datacenter in Hong Kong they colocate with, Powerline HK. Such requests could only come from the government of China, which raises serious questions regarding the independence and what could and could not be accessed.
- We find thestory of Nick Caputohighly credible as all of the technical information can be verified, even years later. Other messages throughout the years on UseNet, Reddit, and elsewhere seem to corroborate the general story / character of the firm as well. Additionally the unregistered FBI office address he provides in his original message (12515 Research Blvd) actually turns up dozens of times in the #BlueLeaks files for FBI agents. We are unsure if these are police impersonators or simply a unit that is operating out of scope and without authority (more likely the latter). We have reached out to law enforcement officials in Australia and Britain in the meanwhile out of an abundance of caution.
Recently, a Dutch security researcher accidentally discovered the back door account of the Kremlin, referring to its servers that the government can use to access local and foreign companies operating in Russia. It is reported that security researchers have discovered these backdoor accounts (Admin@kremlin.ru) in thousands of MongoDB databases. The database is scattered on the Internet and can be accessed without a password.
In other words, any hacker who can use this account to access sensitive information from thousands of businesses operating in Russia. In an interview with ZDNet, Victor Gevers said:
“The first time I saw these credentials was in the user table of a Russian Lotto website, I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions.”
After the initial discovery, Victor Gevers found the same firstname.lastname@example.org account in more than 2,000 other MongoDB databases. These databases have been circulated on the Internet, and they are known to be involved in local and foreign companies operating in Russia, including local banks, financial institutions, large telecom companies, and even Disney’s databases.