Release: Harita Group (510 GB)

Emails from the Indonesian conglomerate involved in nickel, coal, and bauxite mining, ferronickel smelters, alumina refineries, logging, and palm oil plantations.

May 2014 protest by NT Borroloola Indigenous people against Harita partner Glencore in Sydney, Australia. Photo by by lockthegate licensed under CC BY 2.0.

Emails from the Harita Group, which primarily deals with nickel mining, bauxite mining, coal, ferronickel smelters,  alumina refineries, logging, and palm oil plantations.

Harita Group is a partner of the Swiss company Glencore International, which has been tied to numerous scandals and controversies and whose subsidiaries have plead guilty to multiple corruption and bribery charges related to activities throughout Africa.

This leak appeared on the new “Somos Malas … Podemos Ser Peores” ransomware blog on the Tor network. Editor’s note: An .onion link only opens in the Tor browser.

About the Harita Group dataset, the blog reads:

They act like they don’t see🙈 our ransom note🗒, or they just don’t negotiate🤝 with cyberterrorists💣. They restore their backups and think ignoring us🙉 makes us go away. So now we also restore their backups, for all of you.

Harita Group is dedicated to mining, logging rainforests🐒😭 to plant palm oil monocultures, coal, and anything else that’ll make them a profit through destroying their countries’ environment. Their Swiss🇨🇭 partner Glencore is well documented for it’s human rights and environmental abuses in Latin America, including hiring paramilitary killers to drive indigenous off their lands so they can steal it. We think it’s likely they operate the same in Indonesia and journalists will like to look through their emails.

On its home page, the blog expands on the group’s motivations:

We’re a new ransomware🔐 group that have been encrypting companies' computers🖥 to ask🙏 they donate money💸 to whoever they want 🤗

How can you do that?

We ask🙏 they make a donation💸 to a nonprofit of their choice, and then save the email📨 they get confirming the donation and send it to us so we can check the DKIM signature🔑 to make sure the email is real.

Do they pay?

Sometimes. It seems to work about as well as any other ransomware🔐. While some businessmen👨‍💼 are more willing to play along😻, for the most part they’re doing the same calculation🔢 as with any other ransomware🔐. They weigh⚖ the cost of decrypting🔓 their files📁 against the cost of restoring from backups and losing some data🗒🔥. They just want to keep as much profits💰 as possible, it doesn’t matter at all to them whether they are sending money💸 to criminals or to a charity of their own choice😕. So we start this blog🖊 so they can also weigh⚖ the cost of people looking🔎 through their emails📧 and dealing with regulators about their data breach😮.

Isn’t that illegal?

As some rich fuck (Warren Buffet) said: “There’s class warfare, all right, but it’s my class, the rich class, that’s making war, and we’re winning.”

They break and rewrite the law as they please. Laws that only serve to legitimize and perpetuate a system of death. Literally – mass extinctions in exchange for short-term profits for a few. In their senseless quest for money and power, they concede nothing – except when we have the power to force them to. That’s the power of a riot, the power of a union, the power of general strikes, of collective action, of sabotage, of fire, and of hacks.

…

Has it been effective? So far, no. There’s a few glaring problems:

1) We have no real guarantees they are actually sending the money

Most companies are lying to us about the simplest things, trying to claim they can’t afford it saying they are many times smaller then they actually are. They think we can’t read LinkedIn and zoominfo, or that we haven’t downloaded a list of their employees while we’re in their network… So they will probably also try to lie and cheat about sending the money. Sure we require reasonable proof that they have actually sent the money, but the company can always whine to the police, their bank, and the organization afterwards to get it reversed.

2) They won’t send money to genuine grass-roots organizations

To give an example, a few companies asked us to suggest an organization and we said Kenyan Peasants League. Don’t get mad at them or blame them for our actions, they have nothing to do with us and no company sent them money. Such an organization is unacceptable to companies, they will not send money to them, and we settle for companies donating to charities like Red Cross, and Doctors Without Borders. Companies will only donate to organizations like that… “solutions” offered by the same countries that are causing the problem. Those charities do meet some people’s material needs, but without at all challenging the system causing the problem, and often reinforcing the relations that perpetuate that system. Real grassroots organizations meeting peoples’ material needs while also addressing the root problems are unacceptable to companies. Consciously or not they know their own profits depend on global inequality and exploitation.

They are more willing to pay ransomware groups directly! Apolitical ransomware groups are easy for companies to understand. The pursuit of profit at the cost of others, to CEOs is just another business transaction.

So we will become just another ransomware group demanding payment in cryptocurrency. It is both the only way for us to verify that companies have made an irreversible payment, and the only way for us to get money to groups that have a hope of changing anything.

…

Why are you attacking my company and not ransoming Chevron to demand they pay the court judgement they refused to pay?

We’d love to! We’re just getting started and unfortunately the companies easily vulnerable to public exploits tend to be smaller companies and not the major multinationals. We’re learning and developing our abilities as fast as we can to be able to go after more deserving targets. But still we have some criteria in picking targets. We don’t target businesses in Africa, Latin America, and other colonized countries, with the exception of a few big ones of foreign investors or shitty industries. And we do target small companies of US, Russia, and Europe excluding Ukraine as they’re dealing with enough shit at the moment. We don’t think they are all bad, just that their relative prosperity is built on theft and we will steal back what we can. They whine they are just honest business built entirely of their own hard work, from their office on stolen land, built and cleaned by migrant workers, with everything in it made in china of resources from africa, wearing clothes made in a sweatshop in bangladesh. Anyways we don’t care, we have as much sympathy for them as they have for us. They can pay and get their files decrypted, or not and get them leaked.

Why are you writing all this nonsense when companies would rather pay profit-motivated criminals?

It will make some companies unwilling to pay us, but we aren’t writing it for them. We are writing it for other kids in Africa, Latin America, Palestine, and the world over: ransomware should not be the business of a few russian groups as now, it is a tool for all of us, to uplift our communities through robbing the countries that have pillaged ours.

Please torrent and seed.