The roughly 5GB of data, which was provided by the hacker to the journalist and transparency collective Distributed Denial of Secrets (DDoSecrets), contains everything from emails and internal chats to details on the organization’s members and donors.
Composed of current and former military and police who believe they are defending the U.S. Constitution against a tyrannical government, the Oath Keepers have become a focal point of the ongoing federal investigation into the Capitol riot after at least 19 members were charged for their alleged involvement.
The hack includes, among other things, the militia’s Rocket.Chat server, an open source communication platform where members coalesce. An older archive details messages made in June 2020 while a second cache shows messages sent from March 2021 up until Sept. 19.
More than 10,000 emails from the inboxes of high-profile members including state chapter leaders were also found in the breach, with dates ranging from Jan. 13 to Sept. 19.
A membership list for the organization contains more than 38,000 email addresses, although it’s unclear which are linked to current and former members. The email addresses in some instances are also tied to names, physical addresses, phone numbers, IP addresses, and donation amounts made to the militia. Official U.S. military email addresses are also littered throughout the breach.
Days after the failed insurrection, Oath Keepers founder Stewart Rhodes alleged that the organization’s website had been taken offline by the hosting service LiquidWeb. The paramilitary group would eventually transfer its web presence over to Epik, the controversial domain registrar known for offering refuge to far-right social media platforms such as Parler, Gab, and previously 8chan.
The hacking collective Anonymous took credit for breaching Epik on Sept. 13, resulting in the leak of more than a decade’s worth of data. The cache exposed over 15 million unique email addresses as well as names, phone numbers, physical addresses, passwords, and credit card numbers.
The leak showed domains targeted with subpoenas as well as attempts by prominent far-right figures to scrub their ties to dozens of websites in the wake of Jan. 6. The leak has already led one Florida man to lose his real estate job after he was linked to numerous anti-Semitic websites.
Although the Oath Keepers online infrastructure is hosted with Epik, the Daily Dot was unable to confirm whether the leak of the group’s data was tied to the same hacking campaign that targeted the web host. The dates found within the breach, however, largely line up with the Oath Keeper’s migration to Epik in January.
Using a phone number shared by a Rocket.Chat user listed as Rhodes, the Daily Dot attempted to reach the Oath Keepers founder but did not receive a response.
The Department of Justice (DOJ) has accused Rhodes of helping coordinate the attack on Jan. 6 while outside the Capitol, according to USA Today. Specifically, prosecutors say Rhodes advised his militiamen on what weapons to bring and which entrances would be easily breached. Rhodes, who has not been charged thus far, denies that the group had made plans ahead of time to storm the Capitol.
DDoSecrets co-founder Emma Best told the Daily Dot that the hacked data will help shed new light on the inner-workings of the paramilitary group.
“The Oath Keepers leak provides an unprecedented view of the groups’ members, donors, structure and operations, both in the months prior to and immediately following the January 6th insurrection attempt,” Best said. “While some questions will remain, the answers it can provide about one of the largest far-right groups that counts current and former law enforcement and military among its ranks will provide ample fuel for both national and local journalists.”
Best added that DDoSecrets has made the chat logs and emails available to the general public on its website, while the member list as well as donor and financial information will only be accessible to journalists and researchers.