Disqus breach + IRS theft = fraudulently obtained credit reports and political coercion in Sweden
When I wrote about the Disqus compromise last month, I wrote purely from an infosec viewpoint (What lessons should we learn from the Disqus security breach?). Disqus had been breached by a group called Researchgruppen, which seemed to describe itself as “investigative journalists”. That post received a number of comments, almost unanimously from a political viewpoint. The view presented was of neither a happy nor relaxed society in Sweden. Sweden, it would seem, has been hijacked by the progressives; and God help anyone who dissents.
Typical of the comments to my post is this:
Researchgruppen was, at it has been pointed out, called AFA Documentation up until a few years ago.
The leaders of this far-left intelligence service are known AFA members, previously convicted of political crimes like for example assault with iron rods.
‘AFA’ is a worldwide organization known as Anti-Fascist Action, usually described as militant marxists; and it is almost certain that Researchgruppen, if not affiliated, shares the same views.
It rapidly became clear that Researchgruppen’s Disqus activity was blackhat behaviour and not in any way whitehat security research. Martin Fredriksson, leader of the group, has not (in a comment on this site) denied blackhat (“We focused on swedish hate sites and didn’t really know what to do with the comments from media sources”), but implied whitehat (“Just downloaded it to ‘prove a point'”).
The problem, however, is what has been done with that information. Very soon after the group, in conjunction with the Expressen newspaper, started naming people who had thought they were commenting anonymously via Disqus, one victim had a bomb dropped through his letterbox, and others have resigned or been sacked from their jobs. Their crime, it appears, is to voice non-progressive views on things like immigration, Islam, Israel and all of the other subjects for which there is an official progressive line.
The progressive agenda, incidentally, is defined by what is known as the ‘autonomous Left’, and includes the AFA.
On Friday I received an email, anonymously, from Sweden. The author added, “please keep me as anonymous as you can. In Sweden you can lose your job, be excluded from the unions and lose your benefits for leaking this.” It would seem that he also contacted databreaches.net, which also covered the Disqus breach.
What he said was that there have been around 400 cases of fraudulently obtained credit reports in Sweden recently, and that
Its a huge scandal in Sweden because mainstream media is cover this up. Reason is that they have used research group as “dirty” intelligence to get to swedendemocrats politicians, Sweden third largetst party and critical to Swedish current immigrationspolitic.
I can find no information about these credit reports; but he sounds credible, and that merely supports the assertion of a cover-up. However, he goes further:
It could be connected to one of the biggest breach in Swedish history — hacking the Swedish IRS by the Pirate Bay founder Gottfried Svartholm Warg, who right now is doing time in prison. It is believed that Gottfried got data on every Swedish citizen. And it could have been used in this project.
There is no evidence to substantiate this suggestion. But Martin Fredriksson of Researchgruppen was, with Svartholm, a co-founder of The Pirate Bay in 2003. It is a reasonable assumption that if anyone could get access to the IRS breached data, it would be him.
“You don’t pick up 400 social security numbers from the street just like that in Sweden,” said my contact. His suggestion is that by combining the personal data from the Disqus breach with social security numbers from the IRS breach, AFA affiliates have been able to fraudulently obtain certain credit reports.
No Swedish journalist or newspaper would dare to write about this. They will lose their jobs. Or they will be attacked by AFA and Revolution front. Most mainstream media in Sweden is left wing (83%) and are unofficial supporting these kind of things.
Now, if you think that this is just paranoid ramblings, consider the report Våldsbejakande
extremism i Sverige (Violence-promoting extremism in Sweden). This is a government report prepared by the Swedish Justice Department. It is almost entirely written in Swedish, but has a Summary in English. When you read it, remember that the ‘autonomous movement’ is the ‘autonomous Left’ (you might prefer to think of this as ‘militant marxist’).
the autonomous movement is a threat to some of the fundamental functions of the democratic system. This movement also has the ability to act in a coordinated and systematic manner. Attacks from the autonomous movement occur through illicit influence targeting officials, elected representatives, people who are politically active and other individuals. The autonomous movement therefore also represents a threat to individuals.
This year is a ‘super election year’ in Sweden, when European elections coincide with national elections. There is no better time for the politically-motivated to attempt to influence public opinion. What may be happening in Sweden is an attempt by the autonomous Left to coerce rather than just influence that opinion.
Martin Fredriksson has tweeted: “Mailade den här liraren igår”. I don’t know what ‘liraren’ means, but I assume it is some variation on ‘liar’ – in which case he is saying “[I] emailed this liar yesterday.”
For this reason I post below that complete conversation:
By what source of information do you connect Researchgruppen to AFA?
You write that we were formerly called “AFA Dokumentation”, on what basis?
If it’s not true, please feel free to say so in the comments. Alternatively, you could give me a statement and I’ll add it as an ‘update’.
Would you also care to comment on the suggestion that you might have access to the IRS breach data?
I take it you have no basis of information. The IRS breach? Why do you want to spread around speculations like that without any credible source? I take it you can present some facts to back it up.
I say, “There is no evidence to substantiate this suggestion.”
I am now inviting you to deny it. If you do deny it, I will publish that denial in full. What more do you want?
Interesting publishing policy. You make unfounded speculations, I deny.
This is a blog not a newspaper. It contains my opinions — and speculations.
But you are absolutely free to denounce them if you wish.
I think that answers my original question.