Just weeks after releasing a 180-gigabyte treasure trove of data from the far-right’s preferred domain registrar and web host, the non-profit journalist collective Distributed Denial of Secrets (DDoSecrets) has uploaded a cache of data that was allegedly pilfered from the far-right, anti-government Oath Keepers group.
The Oath Keepers are best known for arriving in force at standoffs with public lands managers and demonstrations for far-right causes across the country, as well as showing up with guns at Black Lives Matter protests. They generally present themselves as a group of concerned citizens aiming to keep the peace, protect constitutional rights from a tyrannical government, and shield local businesses from looting—despite effectively operating as a band of unlicensed, armed-to-the-teeth vigilantes who try to raise posses of like-minded individuals, praise vigilante violence, and generally raise tensions wherever they go. According to the Washington Post, many longtime observers of Oath Keepers describe founder Stewart Rhodes as less a militia leader than a grifter who is talented at riling up extremists and exaggerates the size and influence of the group; other segments of the far-right, such as white supremacists, have derided them as delusional boomers.
Several Oath Keepers were present in the mob that stormed the Capitol on Jan. 6 hoping to pull off a coup that would land Donald Trump a second term in office. At least 22 alleged members or affiliates are facing or have already been convicted on federal charges in relation to the incident, with media reports documenting their extensive preparations for violence on the day of the riot. Rhodes has not been charged. But prosecutors have claimed he was on-site outside the Capitol on Jan. 6 and communicated at least 19 times via phone with other Oath Keepers during the riot, seemingly contradicting his statements that any members involved had not coordinated their actions with him.
The cache of internal Oath Keepers data, which was released to DDoSecrets by a hacker, is roughly 3.8 gigabytes and includes a sweeping amount of information about the organization and its members. The email archives for each chapter of the group and some of its leaders such as Rhodes are in the leak, comprising a total of around 10,000 emails. Messages from the group’s chat service “Rocket.Chat” are included from June 2020 and between March 2021 and mid-September.
Approximately 38,000 email addresses are in an additional file labeled as a membership list, many of which are tied to names, physical addresses, phone numbers, IP addresses, donation histories, and other information, according to the Daily Dot, but it’s not clear which of those entries are tied to current or former Oath Keepers. That number matches an internal Oath Keepers number cited in a report by the Center for Strategic and International Studies but is much higher than the Anti-Defamation League’s estimate of approximately 1,000-3,000 Oath Keepers. DDoSecrets co-founder Emma Best told the Daily Dot that the member list and other files with donor and financial information will only be released to journalists.
A June analysis by the Armed Conflict Location and Event Data Project didn’t guess at the organization’s total dues-paying membership, but noted it is largely composed of active-duty and former police and military personnel who “often appear to downplay their involvement in events, with Rhodes once suggesting that members ought to stay anonymous.” The report noted that whatever the scale of its actual membership, the Oath Keepers remain popular on social media—Rhodes has achieved minor celebrity status in Republican circles—and have leveraged that into attracting disproportionate attention from the press.
Gizmodo has reached out to the Oath Keepers organization for confirmation and comment but did not receive an immediate reply—we’ll update this post when we do.
The hack of Epik has begun to expose many far-right trolls who relied on the registrar’s willingness to anonymously register websites, such as a realtor in Florida named Joshua Alayon who was fired after being revealed as the owner of several racist and anti-Semitic websites. The group who released that data to DDoSecrets claimed to be affiliated with the loosely organized hacker collective Anonymous, though the Daily Dot reported there’s no evidence the Oath Keepers release was part of the same operation.
However, the Oath Keepers abruptly shut down their website less than a week after the failed Capitol insurrection, with Rhodes claiming that hosting service LiquidWeb had terminated its contract under pressure from leftists. The Oath Keepers eventually migrated to Epik, where sloppy security practices included storing massive amounts of user data including credit card numbers, emails, usernames, and passwords in insecure formats. So it’s pretty easy to see where the people behind this hack may have obtained account credentials or other information that could allow them to abscond with the Oath Keepers’ internal records.
“The Oath Keepers leak provides an unprecedented view of the groups’ members, donors, structure and operations, both in the months prior to and immediately following the January 6th insurrection attempt,” Best told the Daily Dot. “While some questions will remain, the answers it can provide about one of the largest far-right groups that counts current and former law enforcement and military among its ranks will provide ample fuel for both national and local journalists.”
Gizmodo has downloaded copies of the Oath Keepers data and will be assessing its content.