ALL BLOG POSTS AND COMMENTS COPYRIGHT (C) 2003-2020 VOX DAY. ALL RIGHTS RESERVED. REPRODUCTION WITHOUT WRITTEN PERMISSION IS EXPRESSLY PROHIBITED.

Monday, March 01, 2021

Social media hacks

This is just one of the many reasons SocialGalactic has a Clean Speech policy. Because if it's on the Internet, you have to assume it will be made public sooner or later:

The Gab accounts of Donald Trump and Gab’s own CEO are among those “compromised” by a hack of the microblogging service popular among US conservatives and right-wingers. The data is being offered to researchers and journalists.

A 70-gigabyte trove of data dubbed “Gableaks” includes public posts on the platform, but also “private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups,”according to an entity called DDoSecrets. The information was allegedly stolen by a third party and leaked to the group, which operates similarly to WikiLeaks. The leak was described in detail by Wired, which was given access to a sample of the dataset.

Gab is a competitor of Twitter that caters to users who feel their freedom of speech is being unduly restricted by Big Tech. Critics call it a hotbed of far-right extremism that is flourishing thanks to the company policies encouraging user anonymity and a lack of content moderation.

Like it's better-known counterpart Parler, Gab saw an influx of new users after Silicon Valley launched a crackdown on undesirable voices in the wake of the January 6 riot at the Capitol. When Parler was effectively deplatformed shortly afterwards, some of its users went to Gab.

The Gableaks trove “contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content," DDoSecrets cofounder Emma Best told the tech news website. “It's another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything surrounding January 6.”

According to Wired, the data in DDoSecrets’ possession was obtained through a technique called “SQL injection,” which tricks a website into executing malicious code sent as user input. In a Friday statement, Gab said it was “aware of a vulnerability in this area and patched it last week.” DDoSecrets says the hacking was done by “JaXpArO (they/them) & My Little Anonymous Revival Project.”

There isn't any point in complaining about the media utilizing black hat hackers. They are, by their own admission, the enemy, and as such they are going to engage in enemy action. And all the so-called privacy policies will be denied and deemed to be irrelevant by the companies no matter what they say; if there is one thing we have learned from the Bears' battle with Patreon, it is that the tech companies will assert, at every single point, that their behavior is not restricted in any way by their own contracts no matter what those contracts clearly say.

The only thing that actually restricts them is the intersection of those contracts with the law, to the extent that judges and arbitrators are actually willing to apply the latter. And that is very, very far from a sure thing.

The answer is very simple. Never post or comment anything that you would be hesitant to state in a courtroom before a judge under oath. And if the post or comment could cost you your job if it comes to light, then keep it to yourself. You simply cannot reasonably expect privacy in the Global Panopticon.

Labels: ,

59 Comments:

Blogger Daniele Grech Pereira March 01, 2021 6:01 AM  

SQL injection? That is the easiest kind of attack to defend against.

Blogger SonyAD March 01, 2021 6:07 AM  

Sounds like an inside job to me. Someone who infiltrated GAB as an employee with the aforethought of abusing and betraying the trust invested in them. We are in a post-justice, post-rules, post-principles, post-dignity, post-honour, post-trust era. Such people deserve consequences befitting their actions - at least jail time, which they will not get in today's world.

Blogger Arthur Isaac March 01, 2021 6:15 AM  

To be fair, suggesting that people should be kind to their neighbors is white supremacy and will cause one to be subject to immediate termination. What can we actually say on social media? Precisely nothing. Be circumspect yes. Also be ready to find or actually have a new way to support yourself.

I'm losing my job. The mystery is precisely how. And how God will faithfully continue to provide after my cancellation.

Blogger urthshu March 01, 2021 7:10 AM  

>>>Never post or comment anything that

And remember always that your public utterances are the actionable ones that are collected. All smart devices passively collect everything else within range.

Blogger John Cunningham March 01, 2021 7:15 AM  

I used to be a business agent for a faculty union at a college. It was several very weird years. When I held meetings on avoiding charges of sexual harassment, I always told the "genius profs" to ask themselves whether they would it their emails or verbal comments on billboards on campus. A quick cand easy test

Blogger Unknown March 01, 2021 7:19 AM  

Leave the West guys, it's over. Many countries around the World would be happy to get your talents and money, provided you have any...

Blogger Doktor Jeep March 01, 2021 7:25 AM  

Black hats can be fame whores. If no black hats group takes credit then it was deep state.

Blogger Canada78Bear March 01, 2021 7:28 AM  

Gab being compromised by SQL injection is a lie. They gave it up voluntarily.

There are tools in place to guard at this and an SQL injection attack is amateur hour.
Or GAB employees are the most incompetent on earth.

Non tech analogy: they fell for an attack 20+ years old and feel into that same hole. BS.

Blogger Harris March 01, 2021 7:29 AM  

Great advice. I work for a converged organization. I don't expose myself online with my comments. I'm about 5 years away from being in a more secure financial position, and act acxordingly for the meantime.

Blogger Attila is my bro March 01, 2021 7:29 AM  

>>According to Wired, the data in DDoSecrets’ possession was obtained through a technique called “SQL injection,”

2004 called. They want their hacks back.

Blogger Doktor Jeep March 01, 2021 7:33 AM  

Ah I didn't see the end part.
So....where are the patriot hackers?
Oh. Being little goodie two shoes bowties who would never do such a thing. That's where.

Blogger Bezzle March 01, 2021 7:33 AM  

DDoSecrets says the hacking was done by “JaXpArO (they/them)....

...Jack Sparrow?

*groan*

There are days when I am convinced that the Amish are the only bunch doing things right.

Blogger urthshu March 01, 2021 7:59 AM  

>>Also be ready to find or actually have a new way to support yourself

There's always things like landlording. It'll be ironic when actual structural racism results from the current BS

Anonymous Anonymous March 01, 2021 8:32 AM  

I wonder when the right wing will realize it needs cybersecurity consulting. This is the third time a web app has gotten exploited. PB’s crappy Wordpress site, then Parler, now Gab. They’re cutting through you like butter, because a lot of the top infosec guys are flaming SJW’s. I’ve offered my services gratis to several organizations (not uatv), but have been ignored. I now have minimal sympathy for these guys. They’re basically overconfident, uninformed boomers when it comes to technology.

Blogger tuberman March 01, 2021 8:34 AM  

>> SQL injection? That is the easiest kind of attack to defend against.

Torba and his 'programmers' are extremely amateur in managing their site. It barely works (often you can't scroll past the first page, and the search tool is weak), many 'vulnerabilities' and they chose bad times to do updates. Lack of seeing ahead to problems involved with scaling up, or they had years to anticipate huge growth, yet weren't ready in the least.

Blogger ChewbacaTW March 01, 2021 8:46 AM  

Yeah I was surprised by that too. Apparently a vulnerability that's as old as web applications that's been all but written out of most frameworks is responsible for this? I know that security is a "nice to have" for most development efforts, but come on... This level of stupidity is bordering on the malicious.

Anonymous Anonymous March 01, 2021 8:51 AM  

I hope they performed full incident response and didn’t just patch the code. Depending on the DB’s configuration you can sometimes leverage SQL injection to get code execution. Unless they have a reason to be certain that didn’t happen, they should reinstall the DB’s operating system and check if the attacker moved laterally to any other servers they have. I doubt they’ll do any of this, and would bet that they’ll have a silent hacker on their systems for years without ever detecting him.

Blogger Pathfinderlight March 01, 2021 8:59 AM  

Any justice system that starts protecting criminals to create an environment to abuse people needs to be replaced. Frontier justice can easily be substituted and applied where necessary.

A few years ago, Roissy coined the jumbotron theory where if your communications were plastered on the jumbotron for all to see would cause you to be embarrassed, you're communicating wrong. An enemy culture bent on destroying you is as ruthless as any shit test.

Blogger FacelessBro March 01, 2021 9:13 AM  

"Never post or comment anything that you would be hesitant to state in a courtroom before a judge under oath. And if the post or comment could cost you your job if it comes to light, then keep it to yourself."

As someone currently going through the hiring process, this is extremely important advice.

Blogger Grandpa Lampshade March 01, 2021 9:14 AM  

Deleted my GAB account at the first of the year. While there are plenty of good people on there and I get wanting some sort of platform to be able to post on, the amount of obvious fed fishing posts seemed to be increasing daily (Torba has been pretty open about his willingness to work with the feds, no warrant required). The thing is, it's no longer just what you post. You can and will get heat over simply who follows you or posts in your feed. The days of fun trolling and shit posting to trigger the commies is pretty much over. Unsurprisingly the time spent posting on social media is now being spent much more productively. This incident is just one more check mark in the "that was a good call" column.

Blogger ND March 01, 2021 9:23 AM  

Arthur, be encouraged, our little growing family has seen God faithfully provide over and over and over. I could recount so many very specific examples of how our needs have been met in bleakest times because, like you said, God is faithful!

Blogger Shane Bradman March 01, 2021 9:32 AM  

Meanwhile, /pol/ is the only real bastion of free speech, and can remain so because it's anonymous. Nobody knows who anyone is, which makes it completely useless if it were to be brought up in a courtroom. However, while /pol/ is free, that doesn't make it clean or pleasant. The amount of filth on there is disturbing, that's the sacrifice you make when you want a free platform. /pol/ makes a lot of people reconsider their obsession with freedom and that's a good outcome.

Blogger RC March 01, 2021 9:33 AM  

@Arthur - May God guide your search and help you be or become a man of action.

Blogger Reph March 01, 2021 9:35 AM  

You would be surprised at how many sites are still being written with security holes as basic as this...

Blogger nono March 01, 2021 9:44 AM  

The answer is very simple. Never post or comment anything that you would be hesitant to state in a courtroom before a judge under oath.

Back in 87 we had a lawyer come in from corporate headquarters and talk for over an hour about what not to put in emails. When he asked for questions the Sysadmin waved his arms for no. When the lawyer left the room he summed up what the lawyer had said as:

"Never put anything in an email that you would not want to explain to a jury or you husband/boyfriend or wife/girlfriend."

I have tried to follow that advice for the past 34 years, some of the best advice have ever received.

Blogger NoobishTitan March 01, 2021 9:52 AM  

"MLARP"

Blogger hi March 01, 2021 9:56 AM  

According to Gab they're not aware of a data breach. Consider the possibility that the enemy is spreading FUD in order to stop people from talking about "they who shall not be named."

https://news.gab.com/2021/02/26/alleged-data-breach-26-february-2021/

Blogger Gettimothy March 01, 2021 10:28 AM  

tabgentially related and cool.

E. Michael Jones links to his infogalactic page from his Gab profile.

https://gab.com/EMichaelJones

https://infogalactic.com/info/E._Michael_Jones

Iirc wikipedia nuked him





Blogger Jeroth March 01, 2021 10:31 AM  

Arthur Isaac wrote:I'm losing my job. The mystery is precisely how. And how God will faithfully continue to provide after my cancellation.

This is the mindset I've had for a while. Almost all of us have posted full blown secular heresy hundreds of times, and if someone had NSA level access to our online presence, we would be done. I mean, posting something as fundamental as homosexuality is wrong could cost you your job in this environment.

Blogger SonyAD March 01, 2021 10:38 AM  

I don't believe the claim the data was compromised by way of an SQL injection attack. I think that's a cover story to try and deflect from the perpetrators being on the inside.

Blogger SonyAD March 01, 2021 10:41 AM  

In fact, I'm not even convinced the alleged breach isn't a complete fabrication meant to try and besmirch GAB. It'll be interesting to see how this story develops over the coming days and weeks.

Blogger FALPhil March 01, 2021 10:56 AM  

SonyAD wrote:Sounds like an inside job to me.

Most security breeches are. Your other points are very valid, too.

Blogger Dafo March 01, 2021 11:07 AM  

They keep looking for the far right boogeyman. They probably didn’t find anything so they had to resort to “we hacked you.” I wonder how many of these media idiots truly believe that their ridiculous cause is real. Truly the enemy of the people.

Blogger Meanoldbasterd March 01, 2021 11:12 AM  

God may just provide a path to heaven and that's it... Let's call it: the good news

Blogger LZ March 01, 2021 11:13 AM  

The civil war has already started in the realm of information.

Blogger Damelon Brinn March 01, 2021 11:19 AM  

In fact, I'm not even convinced the alleged breach isn't a complete fabrication meant to try and besmirch GAB.

Ding ding.

Blogger Doktor Jeep March 01, 2021 11:32 AM  

It certainly is feasible that GAB could fall to an SQL injection attack considering how it seems that GAB is run by people who demonstrate their lack of skills almost daily.

Blogger oldcorps76 March 01, 2021 11:37 AM  

From JaXpArO: "FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA."

Tells one pretty much what one needs to know.

Blogger Newscaper312 March 01, 2021 11:43 AM  

Hey Vox
Over at Instapundit is a story about a Wikipedia founder wanting to start a less politicized alternative. I think in a Sarah Hoyt post.

Several commenters pointed out InfoGalactic already exists.

Blogger Cappuccinobear March 01, 2021 11:44 AM  

SQL injection? Sounds kinda gay.

Blogger Newscaper312 March 01, 2021 11:47 AM  

@Bezzle

Also "My Little Anonymous Revival Project."
My LARP

Blogger Ray - SoCal March 01, 2021 11:47 AM  

Great choice of words, and so true!

You simply cannot reasonably expect privacy in the Global Panopticon

Blogger JaimeInTexas March 01, 2021 12:21 PM  

Gab's internet web app using queries open to SQL injection? Sheesh.

Blogger Akulkis March 01, 2021 1:04 PM  

>> Such people deserve consequences befitting their actions - at least jail time, which they will not get in today's world.

Dude, the purpose of this is to rile up mobs to go after people, which will soon be deadly.

The only suitable punishment is death. Preferably by being dragged behind a vehicle at high speed down a dirt road -- because it will be slower than on pavement.

Blogger Didas Kalos March 01, 2021 1:07 PM  

@25 Nono. your company had/used email in 1987? are you sure you didn't mean 1997?

https://www.theguardian.com/technology/2016/mar/07/email-ray-tomlinson-history

Blogger ml chemist March 01, 2021 1:12 PM  

X wrote:I hope they performed full incident response and didn’t just patch the code. Depending on the DB’s configuration you can sometimes leverage SQL injection to get code execution. Unless they have a reason to be certain that didn’t happen, they should reinstall the DB’s operating system and check if the attacker moved laterally to any other servers they have. I doubt they’ll do any of this, and would bet that they’ll have a silent hacker on their systems for years without ever detecting him.

Yay venture-capitalized high growth start-up models! Gotta move fast and break things, and 'be like Facebook.'

I literally heard this from our CEO, once. He kept waving his hands, saying things like "make it bigger..FASTER," and then asking for internal dashboards for his own personal metrics with SQL queries that were stupid expensive. I was reviewing and accepting PRs from multiple locations around the world. We were using ORM libraries that sanitized input. That didn't stop contract coders from trying to write those queries with custom code because it was faster for them so they could get back to writing code for projects that paid better.

This is (one way) how SQL injections get into code. Your tech co-founder is inexperienced (I wasn't). The team is too small. Too much of the code is coming from outside the team, directly. The CEO is only concerned with the next venture round, holding on to the majority of shares, meanwhile everyone else is calculating how much dilution will impact their post-money valuation.

Yes, SQL injection is ancient. Yes, it still happens today.

I've long since left that company.Hopefully, they've written out all my code.

Blogger Doktor Jeep March 01, 2021 1:47 PM  

"SQL injection? Sounds kinda gay"
Only if they used the back door.

Blogger James Dixon March 01, 2021 3:06 PM  

> and the search tool is weak

That's deliberate. There's no reason to make it easy for your enemies to search your posts.

> Or GAB employees are the most incompetent on earth.

I don't think Gab has more than half a dozen employees. Even if they're competent, they're stretched way too thin.

> I'm not even convinced the alleged breach isn't a complete fabrication meant to try and besmirch GAB.

The odds are at least 50/50.

Blogger Rule of Wrist March 01, 2021 3:54 PM  

It is good advice, but alas it only prevails when there is a set code of what is bad and what is good. There isn't. It's an ever shifting standard that changes whenever the left wants a scalp.

Someone brought up the homosexuality example and that's a good one. Would you swear in court under oath that you think homosexuality is a sin and is wrong? I bet you would. You would have to if you're following your convictions. I would. Annnd you're done at that point, canceled, deplatformed, un-banked, ostracized, fired, and whatever else they can think of.

Hell, they're currently trying to do this for merely existing as a white person.


I don't have a good solution, but a solution must be found that doesn't involve ceding moral authority to excommunicate people from the internet to the left and their toadies for wrongspeak.

Blogger SacrificialLamb March 01, 2021 4:19 PM  

The article that Vox links to has this title:

‘Pretty-much everything on Gab’: Leaks publisher offers private data of ‘alt-tech Twitter’ users to researchers of ‘neo-Nazis’

This was always one of the purposes of Gab, which is a Mossad front. That's why (((Gab))) isn't constantly banning people. It's because the "Chosen People" are using Gab to dox and research "neo-Nazis". In other words, they're collecting data on ordinary gentiles who might be patriotic or Christian or white, and who might be racially realistic, and who might not be mentally enslaved enough by "God's Chosen People". The best way to fight the opposition is to study it, dox it, and control it.

And Mossad controls Gab.

Blogger Cloudswrest March 01, 2021 4:40 PM  

#5 "whether they would it their emails or verbal comments on billboards on campus."

Heartiste calls this "The Jumbotron Test".

Blogger Teleport me off this rock March 01, 2021 5:02 PM  

I guess a nop slope was just too sophisticated for 'em. But the "truth" of this little teapot tempest is irrelevant, what is vital is Vox's point: like it or not, we're all secret agents now. Guard every utterance, always watch your back, and hoard your trust like gold.

Blogger Silent Draco March 01, 2021 5:59 PM  

Learn to Code has entirely separate sets of meanings.

Blogger SCBen March 01, 2021 7:14 PM  

There should be only ONE penalty for hackers - DEATH! Think how many people have had heart attacks and died due to the results of hackers! The deaths may not be made public but I guarantee there have been some. The act of hacking either for profit or perverted pleasure should not be tolerated. Death assure ONE THING - NO REPEAT OFFENDERS!!

Blogger CynicalMan March 01, 2021 7:29 PM  

Privacy is White privilege and racist so it must be cancelled.

Blogger Akulkis March 01, 2021 8:38 PM  

>> I mean, posting something as fundamental as homosexuality is wrong could cost you your job in this environment.

Even more controversial -- feminINE women are the most suitable for dating and marriage, and very, very few American women pass this test.

Blogger papabear March 01, 2021 10:03 PM  

Did they hire H1b visa-holders?

Blogger Darren March 02, 2021 10:12 AM  

2021 is surprising, legacy media is no longer a liar by default? "According to Wired..." is what many are overlooking here. They accept the standard framing done by the enemy. Or am I missing something?

Wired is just another legacy media outlet, converged and part of the problem, used by the enemy to attack anything Good Beautiful True or remotely liberty-minded.

Yet what Wired reports and claims is accepted as the objective truth? This isn't much different than Wikipedia editors getting to write the final draft of the Narrative. "Critics of Xyz say..." is all this is, propaganda war, claiming the enemy has taken a fatal blow etc.

Plus less than 100GB of data total for more than 1 million users -- simple math, not exactly room for a ton of personally-revealing data.

But let's all panic that Gab is a Parler-level honeypot (even though ignored for 5 years by every High Profile Normie-Con -- unlike the latter).

And what about the actual response by the CEO was to this -- can't imagine he and his business are under attack for any particular reason, you know, the guy who openly praises Jesus Christ in every mass email he sends, in every rare interview he does. Along the same lines, I guess everything legacy media says about RooshV, or Mike Lindell is true too, my recent MyPillow purchase is endorsing hate speech or something...

Blogger Darren March 02, 2021 10:47 AM  

What a strange coincidence the timing on an alleged hack of Gab -- less than 3 days after Andrew Torba posted this:

https://news.gab.com/2021/02/25/why-the-oligarchs-fear-christianity/

Also LOL looks like Torba is having fun in this Rhetoric War -- look at the password he set for the Gab source code. And guess how leftist social media is reeeeeesponding...
https://twitter.com/RealOGAnonymous/status/1366669167336767491
https://code.gab.com/gab/gab-open-source
The password for the March 2021 release is: JesusChristIsKingTrumpWonTheElection

Post a Comment

Rules of the blog

<< Home

Newer Posts Older Posts