Was the hacking of Ottawa trucker convoy donors a US-Canadian intelligence operation?

Aubrey Cottle, the hacker claiming credit for stealing convoy donor info, has boasted of work with the FBI and Canadian law enforcement. The data was published by DDoSecrets, an anti-Wikileaks non-profit whose founder has disclosed “work in national security/counter-intelligence.”

On February 13th, the names and personal details of almost 100,000 individuals who donated sums to support the Canadian truckers’ protest against vaccine mandates through the crowdfunding site GiveSendGo appeared online via Distributed Denial of Secrets (DDoSecrets), an online archive seeking to easily connect journalists and researchers with leaked information.

The mainstream media used the trove to frame the convoy as essentially foreign-funded, and harass small donors from average backgrounds. Numerous fascinating nuggets, such as the gifting of $215,000 by a donor whose identity, email, IP address and ZIP code was not recorded by the website, unlike every other giver, were in the process ignored.

The hack-and-leak represented just the latest broadside against the convoy activists. Hours later, Canadian Prime Minister Justin Trudeau activated the Emergencies Act for the very first time in Canadian history, an unprecedented move effectively suspending the civil rights of the protesters and granting federal law enforcement the power to seize their bank accounts without a court order. 

An alleged founder of hacktivist collective Anonymous, Canadian Aubrey Cottle, took credit for the hack of the convoy donors’ information in the form of an online “manifesto” and accompanying video overlaying a clip from the Disney musical Frozen. Echoing Liberal Canadian politicians, Cottle accused the convoy of holding Ottawa “hostage for weeks while terrorizing the peaceful citizens who live there.”

The hacker went on to baselessly allege the donations were being used “to fund an insurrection,” and that individuals who had contributed had also bankrolled the January 6th, 2021 riot at the US Capitol. 

Next, Cottle warned without evidence that the global “convoy movement” could be “a cover for a type of Trojan Horse attack where extremists and militia groups arrive in large numbers with weapons,” as “large convoys of trucks moving in capital cities will look normal given the theme of these world wide protests.”

It was a characteristically volatile outburst from the eccentric hacker, who has been praised in mainstream media for taking on the far-right despite his history of overtly anti-Semitic commentary.

Operating in broad daylight for many years, the prolific cyber-warrior has somehow been able to function freely without any legal repercussions.

Cottle’s impunity may stem in part from his apparently intimate relationship with a variety of intelligence services. In 2007, Cottle was reportedly visited at home by a representative of Canada’s Security Intelligence Service, the nation’s equivalent to the CIA, which wished to exploit his hacking nous to battle “al-Qaeda and terrorist groups.” He allegedly declined the offer after some consideration.

Nonetheless, Cottle claims to have “often…dealt with feds” such as the FBI and Royal Canadian Mountain Police. His activities include running “child porn honeypot operations” involving multiple sites that “still give [him] nightmares.”

“I’ve done work for the fbi before and i give zero fucks,” Cottle wrote on Twitter on January 20, 2017.

As the right-wing outlet American Greatness noted, Cottle has boasted that he has been “lucky” enough to be granted “the blessing of alphabet agencies” – slang for intelligence services – to “weaponize Anonymous” for “antiterrorism” purposes.

Further indications of Cottle’s ties to law enforcement arrived in July 2021 when journalist Barrett Brown released documents revealing how the hacker had collaborated with notorious neo-Nazi cyber-activist “weev” to conduct major hacks that could be blamed on Antifa. Brown suggests this “just happened” via GiveSendGo.

Cottle has recently taken to Twitter to praise the Canadian government for activating the Emergencies Act. The hacker declared that “THEY F***ED AROUND AND FOUND OUT.” Though his Twitter account has since been locked, he has continued to brag about his GiveSendGo hack in a series of bizarre videos.

In another possible hint of national security state involvement, a non-profit self-styled whistleblower site called Distributed Denial of Secrets, or DDoSecrets, has taken possession of the information supposedly obtained by Cottle, and begun distributing it to mainstream media outlets.

Besides targeting right-wing websites, DDoSecrets has previously been implicated in hacking operations against the Russian government. Its founder, Emma Best, has disclosed a record of “work in national security/counter-intelligence” in court documents. Further, Best is a vitriolic antagonist of Julian Assange and has gone to extreme lengths to paint him as an asset of the Kremlin.  

Emma Best of DDoSecrets

DDoSecrets’ founder smears Assange, implicates Wikileaks

Before its role in publicizing the GiveSendGo donors list, DDoSecrets published lists of GiveSendGo donors to causes such as the heavily-FBI penetrated Proud Boys, Kyle Rittenhouse, and an effort to fight “voter fraud” in the 2020 US Presidential election.

Clearly aligned with liberal and Democratic Party objectives, DDoSecrets has also been a key hosting ground for terabytes of hacked data on private and public communications between members of militias, neo-Nazi and far-right groups hacked from social networks Gab and Parler, which Cottle claims to have obtained themself. Data scraped from Parler, including video from the January 6th riot, was subsequently used in the second impeachment trial of Donald Trump in February 20201.

DDoSecrets is a largely opaque outfit. Operated by an almost entirely anonymous or pseudonymous team living across the globe, its founder, Emma Best, is the group’s most prominent public-facing member. A former WikiLeaks collaborator and prolific Freedom of Information requester, Best’s dissident bona fides seem on the surface to be beyond doubt.

In 2016, after hammering the FBI with seemingly endless FOI demands, the Bureau appears to have considered prosecuting Best for “vexsome” activities. Five years later, it outright banned Best from filing such requests at all, but the decision was later overturned. Best also played a pivotal role in compelling the CIA to publish its 13 million-strong declassified document archive online in 2017.

Likewise, DDoSecrets’ June 2020 release of 269 gigabytes of sensitive US law enforcement fusion center data – dubbed “BlueLeaks” – exposed all manner of abuses, corruption, criminality and excesses on the part of American police forces, leading to official investigations, and the seizure of servers hosting the information in Germany by local authorities.

So why have mainstream media enthusiastically embraced DDoSecrets while advancing the Western security state’s crusade against WikiLeaks? 

The latter organization has faced condemnation, censure, and designation by the CIA as a “non-state hostile intelligence agency,” leading to the Agency hatching plots to kidnap or even kill its founder, Julian Assange, while subjecting his collaborators to intensive surveillance and harassment.

By contrast, in 2019, the same year Julian Assange was arrested in London’s Ecuadorian embassy and hauled off to Belmarsh Prison to face extradition to the US, the federally funded Congressional Research Service recognized Best’s organization as a legitimate “transparency collective” – and not long after the IRS granted it 501(c)(3) non-profit status.

The repeated hailing by mainstream and US government sources of DDoSecrets as a WikiLeaks successor – or even its replacement – is all the more perverse given that Best has repeatedly published private Twitter communications between the Wikileaks collaborators. 

The contents of these private discussions were dished out to corporate news outlets like Buzzfeed, which presented them as proof Assange was deliberately seeking to secure the election of Donald Trump, and knowingly collaborating with Russian intelligence to do so. 

Numerous interviews conducted by Best over the years amplified the fraudulent narratives used to frame Assange as a Russian asset. In the eyes of many, they have played a role in justifying or minimizing his life-threatening incarceration in Britain’s Gitmo on trumped up, bogus charges.

A handful of independent journalists have been harshly critical of Best as a result, wondering how the public interest was served by publishing private communications that implicated Wikileaks in a security state intrigue. The DDoSecrets founder has consistently attempted to parry criticism by claiming their actions were not an attempt to attack or undermine Assange, and were “curated for relevance.”

However, Best overwhelmingly curated comments and interactions painting Assange and WikiLeaks in the worst possible light, which inevitably proved extremely alluring to a hostile media. Any exculpatory content included in the leaks was summarily and unsurprisingly ignored. 

What’s more, the DDoSecrets founder’s own surging contempt for Assange is unambiguous. Over the years, Best has branded Assange as among things a “cowardly, transphobic, antisemitic trash person made of tepid mayo and a bleached wig.”

Court documents detail Best’s pursuit of “counter-intelligence work”

The Grayzone has obtained court documents from November 2013 related to Best’s application to change their name from Daniel Mac Curdy Burnet to Mike Best. The files indicate Best was “currently actively pursuing a course of study in national security and counter-intelligence work,” and intended to be employed full-time in the field of national security/counter-intelligence.”

Court documents filed in November 2013 by Emma Best (formerly Daniel Mac Curdy Barnet) requesting a name change

One of the reasons Best requested a name change was as follows: “[concerns] about possible harassment from extremist activists against his family and relatives as a result of his work in national security/counter-intelligence if a connection can be easily found through Google between his family birth name and his professional name.” 

This dubious background is referenced in a glowing May 2020 Der Spiegel article covering Best’s work in exposing the offshore financial arrangements of wealthy Germans. The report noted that “a few years ago,” Best had worked for subcontractors “hired by US counterintelligence,” but had left allegedly “after running into bureaucratic obstruction and disregard for source safety from an international organization.”

Without providing further detail, Best claimed to have not kept in touch with “old colleagues.” Nonetheless, in 2019, the digital activist embarked on a research project with an ex-NSA hacker to unearth US government documents related to historical cyberattacks.

On Twitter, Best batted away a request for comment by this reporter about the court documents detailing their “work in national security/counter-intelligence,” stating, “I don’t plan on answering all your inane questions.”

Whatever such activities entailed, Best’s DDoSecrets’s work has often advanced the critical priorities of US intelligence.

CIA hack-and-dump ops against Iran and Russia raise further suspicions

In November 2021, Yahoo! News reported that the administration of US President Donald Trump authorized the CIA to “run wild” with covert actions in a bid to destabilize Iran. In 2018, Trump sanctioned the Agency to conduct “much more aggressive” offensive cyber activities, leading to the CIA launching “covert hack-and-dump operations” against Iran and Russia and “cyberattacks on Iranian infrastructure” with “less White House oversight” than before.

Given that DDoSecrets was launched in December that same year, the timing of the effort was striking. The first major coup of DDosSecrets arrived weeks later when it published 175 gigabytes of “messages and files from Russian politicians, journalists, oligarchs, religious figures, and nationalists/terrorists in Ukraine.” The collection was dubbed “The Dark Side of the Kremlin,” and avowedly sourced from a “hacking spree” conducted against Russian targets.

Best claimed to The New York Times that the tranche was not published “explicitly as payback” for Russia’s alleged release of the DNC emails in 2016, while remarking that “it does add some appreciable irony.” She also used the opportunity to take aim once again Assange and WikiLeaks, stating she was “disappointed” at their “dishonest and egotistic behavior.” 

Best insisted that her organization had also posted material favorable to Assange “leaked from the Ecuadorian Embassy in London.” This refers to internal files from National Intelligence Secretariat (SENAIN), a now-defunct Ecuadorian intelligence agency charged with protecting the WikiLeaks chief and extracting him to safety. The Guardian reported on these documents in 2018 and went to great pains to present SENAIN as villains in the process. 

Oddly, those files have since been removed from the DDoSecrets archive.

In November of that year, The Intercept and New York Times published a number of articles titled “The Iran Cables” based on an “unprecedented leak” of 700 pages of reports supposedly compiled by Tehran’s Ministry of Intelligence and Security. The series sought to expose the scale of Iranian “influence” in Iraq, in the process revealing “the surprising ways in which Iranian and US interests often aligned” in the years following the illegal war.

The release of the leaked files may have played a role in escalating conflict between the US and Iran. A New York Times story based on the material focused heavily on the alleged role of Iranian General Qasem Suleimani as the shadowy puppet master of the Iraqi government, claiming he “more than anyone else” had employed “the dark arts of espionage and covert military action to ensure that Shiite power remains ascendant.” Two months later, Soleimani was incinerated in an illegal US drone strike launched as he left Baghdad International Airport for a peace conference.

An Intercept article purporting to tell the true “story behind” the cables’ release wove a dramatic narrative straight out of a Le Carré novel, and which may have been just as fictional, claiming a nameless Iraqi approached the publication with the material in order to “let the world know what Iran is doing in my country.” 

Even if the outlet’s narrative was accurate, and the Russian and Iranian document troves had not been obtained through the CIA “hack-and-dump operations” sanctioned under Trump, it would be an extraordinary if not inexplicable coincidence that content which precisely matched that description was released the following year.

CIA hack-and-leak operations are an increasingly common information warfare tactic. For example, in June 2021 a US government official acknowledged Washington was secretly financing “investigative journalists and investigative NGOs” and employing “components of the intelligence community” including the Agency to expose corruption by public officials abroad, having created the Organized Crime and Corruption Project (OCCRP) to serve as a funnel for this material. 

OCCRP is funded by a welter of US intelligence cutouts, including the US Agency for International Development (USAID) and the National Endowment for Democracy. 

In October 2021, the OCCRP released the Pandora Papers, raising obvious questions about whether the underlying information was obtained through a US intelligence-related hack. 

Back in December 2019, DDoSecrets partnered with the OCCRP to publish documents and data related to the operations of Formations House, which registered and operated companies for organized crime syndicates, dubious state-owned companies, and fraudulent banks.

Whether DDoSecrets and its founder are witting or unwitting pawns of the CIA is a moot point. Its commitment to publishing and hosting as much leaked material as possible makes the organization an extremely attractive conduit for ill-gotten sensitive documents, and the origins of this material is never questioned by news outlets that report upon it. After all, the imprimatur of DDoSecrets lends its releases credibility and legitimacy. 

DDoSecrets has been scrupulous about attributing sources in particular cases. For example, the DDoSecrets entry on the DNC emails released by WikiLeaks forcefully asserts the documents were “hacked by Russian intelligence services.” This claim was undermined, however, by the admission of the CEO of CrowdStrike – the cybersecurity firm that made the attributions – admitting under oath there is no “concrete evidence” the emails were “actually exfiltrated” by anyone. 

Meanwhile, other entries are careful to note constituent material was released by individuals associated with Russian intelligence, and may include “forged” documents.

The only comparable disclaimer that can be found in respect of any Western intelligence service anywhere else on the DDoSecrets website today relates to Syrian government emails originally dumped by WikiLeaks. The emails now include an accompanying blurb noting “the hack itself was not [emphasis in original] directly sponsored or conducted” by Washington, although its subsequent release was “carried out under the direct supervision of the US via FBI informant Hector ‘Sabu’ Monsegur.”

Since its foundation, DDoSecrets has provided a reliable archive for compromising information and data tranches stolen from the servers of foreign states which happen to be in the US government’s crosshairs. 

Following Biden’s call to Trudeau, during which he demanded swift action against the truckers’ convoy filling downtown Ottawa and blockading US-Canadian border crossings in protest of vaccine mandates, DDoSecrets surfaced once again as a promotional platform for hacked data on convoy donors. 

And while Assange languishes in prison, DDoSecrets is once again shopping its data to mainstream media outlets and advancing the critical interests of crisis-wracked Western governments.