Home > All, Politics, Security Issues > Disqus breach + IRS theft = fraudulently obtained credit reports and political coercion in Sweden

Disqus breach + IRS theft = fraudulently obtained credit reports and political coercion in Sweden

February 9, 2014 Leave a comment Go to comments

When I wrote about the Disqus compromise last month, I wrote purely from an infosec viewpoint (What lessons should we learn from the Disqus security breach?). Disqus had been breached by a group called Researchgruppen, which seemed to describe itself as “investigative journalists”. That post received a number of comments, almost unanimously from a political viewpoint. The view presented was of neither a happy nor relaxed society in Sweden. Sweden, it would seem, has been hijacked by the progressives; and God help anyone who dissents.

Typical of the comments to my post is this:

Researchgruppen was, at it has been pointed out, called AFA Documentation up until a few years ago.

The leaders of this far-left intelligence service are known AFA members, previously convicted of political crimes like for example assault with iron rods.

‘AFA’ is a worldwide organization known as Anti-Fascist Action, usually described as militant marxists; and it is almost certain that Researchgruppen, if not affiliated, shares the same views.

It rapidly became clear that Researchgruppen’s Disqus activity was blackhat behaviour and not in any way whitehat security research. Martin Fredriksson, leader of the group, has not (in a comment on this site) denied blackhat (“We focused on swedish hate sites and didn’t really know what to do with the comments from media sources”), but implied whitehat (“Just downloaded it to ‘prove a point'”).

The problem, however, is what has been done with that information. Very soon after the group, in conjunction with the Expressen newspaper, started naming people who had thought they were commenting anonymously via Disqus, one victim had a bomb dropped through his letterbox, and others have resigned or been sacked from their jobs. Their crime, it appears, is to voice non-progressive views on things like immigration, Islam, Israel and all of the other subjects for which there is an official progressive line.

The progressive agenda, incidentally, is defined by what is known as the ‘autonomous Left’, and includes the AFA.

On Friday I received an email, anonymously, from Sweden. The author added, “please keep me as anonymous as you can. In Sweden you can lose your job, be excluded from the unions and lose your benefits for leaking this.” It would seem that he also contacted databreaches.net, which also covered the Disqus breach.

What he said was that there have been around 400 cases of fraudulently obtained credit reports in Sweden recently, and that

Its a huge scandal in Sweden because mainstream media is cover this up. Reason is that they have used research group as “dirty” intelligence to get to swedendemocrats politicians, Sweden third largetst party and critical to Swedish current immigrationspolitic.

I can find no information about these credit reports; but he sounds credible, and that merely supports the assertion of a cover-up. However, he goes further:

It could be connected to one of the biggest breach in Swedish history — hacking the Swedish IRS by the Pirate Bay founder Gottfried Svartholm Warg, who right now is doing time in prison. It is believed that Gottfried got data on every Swedish citizen. And it could have been used in this project.

There is no evidence to substantiate this suggestion. But Martin Fredriksson of Researchgruppen was, with Svartholm, a co-founder of The Pirate Bay in 2003. It is a reasonable assumption that if anyone could get access to the IRS breached data, it would be him.

“You don’t pick up 400 social security numbers from the street just like that in Sweden,” said my contact. His suggestion is that by combining the personal data from the Disqus breach with social security numbers from the IRS breach, AFA affiliates have been able to fraudulently obtain certain credit reports.

No Swedish journalist or newspaper would dare to write about this. They will lose their jobs. Or they will be attacked by AFA and Revolution front. Most mainstream media in Sweden is left wing (83%) and are unofficial supporting these kind of things.

Now, if you think that this is just paranoid ramblings, consider the report Våldsbejakande
extremism i Sverige (Violence-promoting extremism in Sweden). This is a government report prepared by the Swedish Justice Department. It is almost entirely written in Swedish, but has a Summary in English. When you read it, remember that the ‘autonomous movement’ is the ‘autonomous Left’ (you might prefer to think of this as ‘militant marxist’).

the autonomous movement is a threat to some of the fundamental functions of the democratic system. This movement also has the ability to act in a coordinated and systematic manner. Attacks from the autonomous movement occur through illicit influence targeting officials, elected representatives, people who are politically active and other individuals. The autonomous movement therefore also represents a threat to individuals.

This year is a ‘super election year’ in Sweden, when European elections coincide with national elections. There is no better time for the politically-motivated to attempt to influence public opinion. What may be happening in Sweden is an attempt by the autonomous Left to coerce rather than just influence that opinion.

Martin Fredriksson has tweeted: “Mailade den här liraren igår”. I don’t know what ‘liraren’ means, but I assume it is some variation on ‘liar’ – in which case he is saying “[I] emailed this liar yesterday.”

For this reason I post below that complete conversation:

By what source of information do you connect Researchgruppen to AFA?

You write that we were formerly called “AFA Dokumentation”, on what basis?

Hi Martin

If it’s not true, please feel free to say so in the comments. Alternatively, you could give me a statement and I’ll add it as an ‘update’.

Would you also care to comment on the suggestion that you might have access to the IRS breach data?

I take it you have no basis of information. The IRS breach? Why do you want to spread around speculations like that without any credible source? I take it you can present some facts to back it up.

I say, “There is no evidence to substantiate this suggestion.”

I am now inviting you to deny it. If you do deny it, I will publish that denial in full. What more do you want?

Interesting publishing policy. You make unfounded speculations, I deny.

This is a blog not a newspaper. It contains my opinions — and speculations.

But you are absolutely free to denounce them if you wish.

I think that answers my original question.

Categories: All, Politics, Security Issues
  1. Daniel
    April 3, 2014 at 5:55 am

    The social security number for Martin Fredriksson is xxxxxx-xxxx. He is a board member of the Piscatus AB (= LLC). The first six digits is date of birth, YYMMDD.


    You can see that under the tab “Funktioner”

    “Styrelseledamot Fredriksson, Martin Anders, ej folkbokförd ”

    This says he is board member and not a resident of Sweden. This means that he has registered himself in another country to hide his address, which of course is illegal if you reside in Sweden.


  2. Daniel
    April 3, 2014 at 5:25 am

    It Sweden it is quite easy to get social security numbers of any person. There are online credit reporting sites where you can get that info for $5/person. Researchgruppen contacted a private dept collection agency to get credit reports on all the persons in there register. This is known because the dept collection agency have to inform the person.

    “Lirare” literary means player, as in sports; in this context the equivalent English meaning would be ‘dude’.


  3. Swedish Angina Pectoris
    March 10, 2014 at 2:37 pm

    For proof of the hacking, see “Half a million sensitive data stolen from the Enforcement” reported on Thursday 5 dec 2013 at


    Translated by GoogleTranslate, it says, in part:

    Full Enforcement database of indebted Swedes has been stolen by hackers. The registry of information about a half million people and businesses was leaked during the great hacking in the Tax servers just under two years ago [Dec 2011]. The Authority has since quieted down the scope for the public, police and prosecutors.

    It was described as one of the largest data breaches in Swedish history. Piratebay founder Geoffrey Svartholm – Warg had managed to break into the IT company Logica’s servers where multiple agencies kept the amounts of sensitive data. He came including the National Tax records with 10,000 protected personal identification and lists of police employees. On the same server were also Enforcement databases of indebted individuals and businesses.


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s