Guntrader breach perp: I don't think it's a crime to dump 111k people's details online in Google Earth format

Plus: Police aren't treating breaches as terror offence


The person who reformatted the Guntrader hack data as a Google Earth-compatible CSV has said they are prepared to go to prison – while denying their actions amounted to a criminal offence.

The pseudonymous person spoke to The Register by email late last week after dumping the personal data of 111,000 UK firearm and shotgun certificate owners online in a CSV formatted for ease of importing into Google Earth, pinpointing gun owners' homes.

They told us: "If a judge and jury of our peers finds us guilty of any offense, we will of course accept the punishment with good grace and apologise to anyone who can be defined as a victim. However we don’t see what we have done is criminal."

Although the person used the pseudonym Ernie Goldman, their responses used the royal "we". Their blog is called Hunting Leaks and was featured in news reports earlier this year when it first emerged as a platform for doxxing fox-hunting supporters.

When asked who they were, "Ernie" told The Reg: "We are people who are angry with the Countryside Alliance, for spying and building up illegal databases on hunt saboteurs, we remain anonymous to protect ourselves from the people we are up against, namely those involved in fox hunting and the wider hunting community."

The Countryside Alliance allegedly maintains a database of people who turn up to countryside fox hunts (in the traditional English sense involving hunters on horseback and packs of hounds) and attempt to disrupt them.

"Ernie" claimed to have been alerted to the leak by press coverage. The original file, as we reported first, appeared to be a dump of a SQL database saved as a CSV file. The latest leak saw columns in that file re-ordered to make it easier for Google Earth to ingest, displaying location information as pinpoints on a map of Britain.

"Our desired goal was to provide a database that can be used as a reference point by people who are trying to stop wildlife from being killed. If for example you are involved in trying to stop the badger cull, spot who you thought was a shooter's car parked up at a house you could check the database to see if they are gun owners," wrote "Ernie".

On their blog they had encouraged fellow travellers to contact firearm owners and demand information about their activities.

Although no agreed figures are readily available, many tens of thousands of firearm owners around the country either shoot rifle range targets or clay pigeons. Some of those don't agree with shooting live quarry and take no part in it.

The activist added, of the inclusion of those people in his data dump: "The reverse is obviously not true, not everyone on the databse [sic] will be involved in shooting wildlife, that should be obvious by the very nature of the database and who is on it."

It is not obvious from the database's contents. Those are simply rows of personal information including names, phone numbers, login credentials, postal addresses, geo-location coordinates collected by Guntrader, and more.

Whatever, I'm just like the news

The activist did not express remorse over the inclusion of five-year-old data in the file, which included location and address information of Guntrader users stretching between 2016 and July this year, writing: "The date modified column would indicate to anyone looking at the database how recently the person used the guntrader site."

Aside from the obvious potential problem of targeting people who have never shot at animals in their lives, the inclusion of five-year-old addresses puts at risk those who may have moved into a home after a gun owner moved out. It raises the spectre of robbers demanding homeowners hand over something they simply don't have.

"Ernie" also sought to paint themselves as morally equivalent to the news media, blaming The Register for reporting the breach, which was circulating on various social media platforms after criminals first obtained the database and hosted it on the clearnet.

When asked if they had any regrets about other criminals or terrorists possibly obtaining and using the data, "Ernie" said: "Probably about the same as you, or any other journalist or blogger commenting and drawing attention to a hack that had nothing to do with us."

Responsible journalism does not involve publishing the stolen personal data of hundreds of thousands of people in an easy-to-make-into-a-map format. Neither does it include denying responsibility for the consequences of that action; two days after "Ernie" dumped the data online, a domestic home included in the breach was targeted during a burglary where a shotgun was stolen from a locked gun cabinet during a one-hour time window.

Police: We're on it and we've told licensing units

Detective Inspector Louise Boyce from the South West Regional Cyber Crime Unit (SW RCCU) told The Register last week: "Our criminal investigation into the Guntrader data breach continues and we are pursuing a number of lines of enquiry to identify those responsible for both the original offence and further publishing of the stolen data online."

"We continue to work closely with the National Crime Agency to manage any risk associated with the incident and all local police force Firearms Licensing Units have been made aware of the breach and publication of user data," she added.

An NCA spokesperson said: "The NCA is aware that information has been published online as a result of a recent data breach which impacted Guntrader. We are working closely with the South West Regional Cyber Crime Unit (SWRCCU), who are leading the criminal investigation, to support the organisation and manage any risk."

Martin Parker, the British Association for Shooting and Conservation's head of firearms, said in a statement: "We will remain in contact with the NCA and SWRCCU as the situation develops and we are pressing to ensure the agencies get to the bottom of this. It was already a significant breach of data, but this latest development is particularly concerning."

Advice from the NCA to firearm and shotgun certificate holders includes double-checking all doors and windows are locked when you leave the home; keeping gun cabinet keys secured away from the safe itself in a discreet location; being aware of "any suspicious activity such as people watching your property, or following you back from places where the shotgun may have been used/seen"; and not leaving firearms or shotguns unattended in a vehicle.

BASC has also published detailed security advice for firearm and shotgun certificate holders.

Not a terror crime?

SWRCCU confirmed to The Register that it is not treating the latest Guntrader data dump as a terrorism offence. Section 58 of the Terrorism Act 2000 prohibits the collecting of information likely to be useful to a terrorist, and a map of potential firearm storage locations, stolen from a firearms sales website and pinpointed on a Google Earth map seemingly would be useful to a would-be terrorist.

Some might also argue the publication by “Ernie” may be intended to intimidate the 111,000 members of the public included in it, meeting the definition of terrorism in section 1(1)(b) of the act.

The breach remains one of the worst-case data breaches in recent infosec history. While small on the grand scale of things, what makes this data leak unique is its publication in circumstances where ne'er-do-wells were urged to act on the data and use it to intimidate (or worse) members of the public doing their own thing.

The Information Commissioner's Office is aware of the Guntrader breach. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021