EXCLUSIVE: Infamous Hacker Detox Ransome Stole Democrat Databases in 2015

July 28, 2016 Updated: July 28, 2016

In September 2015, a hacker known as “Detox Ransome” breached a service connected to the Democratic National Committee and was able to steal large databases of emails, usernames, and passwords from people connected to major services and organizations connected to the DNC.

Screenshots, chat logs, and video evidence of the attack were provided to Epoch Times by Edward Alexander, a cybersecurity expert who runs the world’s largest known team of darknet cybercrime undercover investigators. The darknet is a large segment of the internet only accessible with special software, which is often used by criminal groups to conspire and sell illicit goods and services.

“I know he was sitting on those databases, I know he had them, and after he and I parted ways I’m sure he tried to monetize them somehow,” Alexander said.

As his name suggests, Detox Ransome has made a career in cybercrime by hacking systems and holding them for ransom. He became famous after he hacked security company Bitdefender in July 2015, and threatened to leak its customer information unless the company paid $15,000.

Alexander was introduced to Detox Ransome around that time by another well-known hacker. Alexander was in close communication with Detox Ransome while conducting his investigation.

In September 2015, Detox Ransome excitedly told Alexander over an online chat that he had hacked a site that was “all political.” Detox Ransome said it contained “Obama and Hilary campaign people” and had “millions of emails.”

The site that Detox Ransome had found was that of Rogue Global Solutions, which according to its website was founded by campaign staff of President Barack Obama “with the desire to bring the technical innovations of the campaign to other political, governmental, and international organizations.”

“We tried to alert Rogue Solutions, but that’s when we found out they were no longer around and had folded up shop,” Alexander said.

With their servers and website still online, the site was left vulnerable. “Security patches came out, Heartbleed came out, and nobody was there to patch it,” Alexander said. Heartbleed is a security bug that was disclosed in April 2014.

Detox Ransome stumbled across the site while searching for a target. He used a free tool, the Heartbleed vulnerability scanner, to search for sites that had been left vulnerable to the bug.

“He was scanning, and it just happened to turn up,” Alexander said. “He saw all this political stuff and thought he hit the jackpot.”

The system contained more than 1GB of data in its databases that contained login credentials for key members of organizations and services connected to the DNC.

When Detox Ransome was exfiltrating data from the networks of Rogue Global Solutions, he used a screenshare program to show Alexander what he had found. Alexander recorded the session for evidence and has provided Epoch Times with the video.

Detox Ransome wasn’t known for leaking information for political reasons. His motivation was money, and during Alexander’s investigations he saw the hacker was willing to sell to nearly anyone if the price was right.

Follow Joshua on Twitter: @JoshJPhilipp