Readers are probably aware that Gab, the popular social media platform, was hacked last week. Allegedly its entire database was copied, although the encrypted details it contained (user passwords, etc.) have apparently not been penetrated. The hackers, a group calling themselves Distributed Denial of Secrets (previously labeled as a "criminal hacker group" by the Department of Homeland Security), appear to have timed releasing the news to coincide with the CPAC conservative political conference last weekend. They announced triumphantly that they would make the entire database available to "researchers", to identify "far-right-wing extremists" who use Gab, and all the rest of the usual leftist nonsense:
"It's another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6." ... The hacked data also includes a chatlogs.txt file that appears to contain private conversations between the site's users. That file's contents begin with an added note from JaXpArO [one of the hackers]: "F*** TRUMP. F*** COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA."
Unsurprisingly, DDoS lied - or were, at least, "economical with the truth", as Winston Churchill would have said. They (or someone at least associated with their hacking efforts) appear(s) to have attempted to extort about US $500,000 in Bitcoin from Gab head honcho Andrew Torba, in exchange for not releasing the database. They also appear to have used criminal hacking techniques to gain access to the database, not mere "innocent" tools and tricks. I'm hazy on the latter, not being an expert, but apparently more will come out in the wash. Even stranger, they've stated that they will not publicly release the entire Gab database, on the grounds of privacy. Seems strange for them to be concerned about "privacy" after ignoring it by criminally hacking the database in the first place!
What's worse from their point of view is that Andrew Torba didn't take their nonsense lying down.
Torba has condemned threats of violence against them (or against anyone, for that matter), but some of his fans are taking matters into their own hands. They're tracking down everyone involved and publishing online as much information about them as they can find. Personally, I can't help but regard that as entirely appropriate. To paraphrase a Biblical theme, "Do not hack, lest ye be hacked yourselves"!
The term "weaponized autism" has been used to describe 4Chan and its enthusiastic tech geeks. Gab appears to have more than a few of its own. They've been digging up all sorts of information about the Distributed Denial of Secrets crowd, some of which is now online at https://yourdaddyjoey.com/Emma-Best/. Here's what one of their number had to say (click the screenshot below to be taken to the original social media post, and read the responses).
DDoS certainly seems to be a weird bunch, by anyone's standards. Here, for example is "Emma Best". Click the image for a larger view.
You can read more about "her" at the link above. Emma's "husband" has since protested online (too much, methinks):
As the post acknowledges, Gab (and Andrew Torba) have explicitly disclaimed violence and doxing - but the DDoS crowd doesn't appear to accept that. Instead, they seem to believe it's fine for them to hack others, but not nearly so fine for others to employ similar techniques against them. What can I say except, "Boo hoo"? I suggest their chosen user names, and their criminal actions, reflect very clearly the kind of people they are.
I've been on Gab since 2016. It's certainly got plenty of "right-wing extremists" on the site, but it also has perfectly normal non-extremist folks in even greater numbers. Those of us in the latter category have become used to being tarred with the "extremist" brush by those who want to shut down free speech altogether in favor of political correctness, of whom the DDoS hackers appear to be just the latest incarnation. I don't care. Gab is one of the few social media platforms that explicitly and specifically embraces free speech, without censorship and without restriction, as far as US law will permit. That's why I'm there.
I'll change my Gab login password out of an abundance of caution, as Andrew Torba advises, and go to two-factor authentication, but I haven't experienced any negative consequences (so far) from this hack. As for my posts? Every one is in the public domain - I see no reason to use private posts. If anyone wants to use them to "expose" me, good luck to them! They'll find the content pretty much mirrors what they'll find on this blog.
The moral of the story? When a bunch of deranged idiots criminal hackers make deranged, idiotic claims, they should automatically be regarded with suspicion. When (as now) that suspicion is substantiated as credible, they should be ignored. They're not worth the waste of your time and attention. (We had another recent example of that in Jason Sanford, the author who attacked the Baen's Bar forum for hosting what he alleged were extremist right-wing views. Turns out he's hardly a knight in shining armor, which calls his motives into very serious question.) Always ask the question: who's accusing whom, and what possible motives might they have for doing so? The answers can be very revealing.
Peter
Based on what I've read elsewhere - e.g. arstechnica - the gab hack appears to have knowlingly taken advantage of a programming error to exract data that they knew was supposed to be protected. That is almost certainly (99.9%) a violation of the CFAA and there's caselaw (again 99.9% confident in this) that this taking advantage of a bug like this is a violation of the CFAA when it is deliberate.
ReplyDeleteIf the blackmail threat can also be proven with the evidence of text messages/emails and the like then that's even more of a slam dunk criminal act
Assuming Torba and Gab have the funds and the lawyers (and I suspect if they don't they can get them via some kind of crowdfunding) then they should be able to nail these people and even if the lawsuits eventually fail (which I don't expect but is I suppose possible) the process of suing them will be extremely painful and expensive. Lawfare has usually been a strategy of the left but I see no reason at all why it would also no tbe a valid strategy against the left too
Classic leftist. When they hack and dox someone it's just fine, but as soon as the tables are turned they scream about their victimhood.
ReplyDeleteThanks Francis for the sea technica read!
ReplyDeleteInsightful...
https://arstechnica.com/gadgets/2021/03/rookie-coding-mistake-prior-to-gab-hack-came-from-sites-cto/
I read on slashdot that the call to sanitize SQL queries was removed in Feb, and replaced with a call to Ruby "find_by_sql", which allows unsanitized inputs directly to the database.
ReplyDeleteWhen I read that, my immediate thought was that the deep state deliberately put in the backdoor to allow the hack to occur, with plausible deniability as to the source. I thought this because it has happened multiple times over the years, allowing the NSA & CIA to bypass security.
And the saying "What's good for the goose is good for the gander." Would seem to apply here.
ReplyDeleteI believe it was Leftist darling Saul Alinsky who suggested that you should make your political opponents live by their own rules and standards. Broken clocks.
ReplyDeleteLive by the doxx, die by the doxx.
ReplyDeletePerhaps literally.
ZFG.
Well, just signed up to GAB so's I can read the comments.
ReplyDeleteWhat a bunch of maroons. They basically did the old 'lemon juice to the face so the cameras can't see me' trick, with as much success.
Jesus said to turn the other cheek. He didn't say totally ignore wankers who are attacking you, actually he specifically said to 'buy a sword.' So, well, totally Christian. At least the Gabbites aren't calling for the DDOSsers to be burnt at the stake, or hung, or any other quite appropriate Christian methods of discouraging continuation of bad behavior in this life.
"Click the image for a larger view."
ReplyDeleteYea,uh, No thanks.
If I may borrow a line from the left. "It's not Doxing, it's CONSEQUENCES."
ReplyDelete