Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Social Networks The Internet

Far-Right Platform Gab Has Been Hacked (wired.com) 208

The far-right social media platform Gab says a trove of its contents has been stolen in a security breach -- including passwords and private communications. Wired reports: On Sunday night the WikiLeaks-style group Distributed Denial of Secrets is revealing what it calls GabLeaks, a collection of more than 70 gigabytes of Gab data representing more than 40 million posts. DDoSecrets says a hacktivist who self-identifies as "JaXpArO and My Little Anonymous Revival Project" siphoned that data out of Gab's backend databases in an effort to expose the platform's largely right-wing users. Those Gab patrons, whose numbers have swelled after Parler went offline, include large numbers of Qanon conspiracy theorists, white nationalists, and promoters of former president Donald Trump's election-stealing conspiracies that resulted in the January 6 riot on Capitol Hill.

DDoSecrets cofounder Emma Best says that the hacked data includes not only all of Gab's public posts and profiles -- with the exception of any photos or videos uploaded to the site -- but also private group and private individual account posts and messages, as well as user passwords and group passwords. "It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content," Best wrote in a text message interview with WIRED. "It's another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6." DDoSecrets says it's not publicly releasing the data due to its sensitivity and the vast amounts of private information it contains. Instead the group says it will selectively share it with journalists, social scientists, and researchers.

According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL injection vulnerability in the siteâ"a common web bug in which a text field on a site doesn't differentiate between a user's input and commands in the site's code, allowing a hacker to reach in and meddle with its backend SQL database. Despite the hacker's reference to an "Anonymous Revival Project," they're not associated with the loose hacker collective Anonymous, they told Best, but do "want to represent the nameless struggling masses against capitalists and fascists." The company's CEO, Andrew Torba, responded in a public statement on the company's blog that "reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users."

This discussion has been archived. No new comments can be posted.

Far-Right Platform Gab Has Been Hacked

Comments Filter:
  • by packrat0x ( 798359 ) on Monday March 01, 2021 @06:22PM (#61113554)

    The company's CEO, Andrew Torba, responded in a public statement on the company's blog that "reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users."

    Which may very well be true, but your site was still hacked by Bobby Tables [xkcd.com].

    • By his mom I believe. First thing I thought of when I read the article.
      Well done with a great first post.

    • Re: (Score:2, Informative)

      by cfalcon ( 779563 )

      I've been assuming this article is truthful- after all, we've seen a lot of rightwing websites (or alot of rightwing websites, if you'd like to picture an alot with a bunch of stupid alt-web labels all over it) get turned off by banks, turned off by Visa and Mastercard, had their web hosting pulled, had their virtual machines pulled, had their domain names stolen, and last I checked there was a guy on twitter trying to find whomever owned the building that gab's physical servers were in, in a hilarious thre

    • Re:Bobby Tables (Score:4, Interesting)

      by Darinbob ( 1142669 ) on Monday March 01, 2021 @08:30PM (#61114114)

      Ah, because every attack on the far right is clearly being controlled by the secretive Lamestream Media Cabal! No one on a conspiratorial mindset ever goes for the simplest option, Occam being a foreigner and all.

      The funniest I heard yesterday was the guy at CPAC claiming that Biden was just a puppet of ... wait for it ... Obama! "It's so obvious but no one sees it!" Seriously, the most sinister guy behind the scenes he could think of was Obama??? At least the guy claiming China was pulling Biden's strings could possibly be scary if true. But Obama pulling the streams, possibly one of the most popular presidents ever, and also a very centrist guy like Biden, is decidedly not very scary at all (although mixed-race is a scary concept to some people). I mean even Hillary in pastel pant suits controlling Biden from a email server in the basement of a pizza parlor is scarier than Obama.

      • The funniest I heard yesterday was the guy at CPAC claiming that Biden was just a puppet of ... wait for it ... Obama!

        The funniest I heard, in person, during a taxi ride in a foreign country where I really didn't want to upset the driver, just before Obama was elected, the driver informed me that Obama was a muslim. But not just any muslim, he was a jewish muslim, and they are the worst kind of muslims! I nodded, he dropped me off where I needed to get, I left and I just couldn't believe the stupidity.

    • by AmiMoJo ( 196126 )

      He also referred to them as "demonic tranny hackers" in a tweet, so... Maybe not the best source of info on this one.

  • by 140Mandak262Jamuna ( 970587 ) on Monday March 01, 2021 @06:38PM (#61113646) Journal
    This is clearly a deception operation. The Capitol attackers and seditionists are the pawns in the hand of these deep players. The dimwits who stormed the Capitol are expected sing like a canary implicating the ring leaders and the mob bosses and criminal puppet masters.

    By leaking all this info including passwords, now the ring leaders have a plausible deniability. Any incriminating evidence the Fed turns up will be blamed on the hackers who planted it after the breach.

    These QAnon puppet masters are far more sinister fiends than the dimwitted QAnon puppets. Never confuse the two.

    • Re: (Score:2, Troll)

      All the dimwits and morons they arrested claim Trump told them it was ok to storm the capitol.

      • All the dimwits and morons they arrested claim Trump told them it was ok to storm the capitol.

        I'm guessing that would be an example of an unlawful order ... The President is suppose to enforce the law, not break it or encourage others to break it -- and storming The Capital building certainly falls under that. Even doing so under the guise of righting a (perceived) wrong (of a "stolen" election) doesn't make it right or lawful. I'm also guessing any arguments to the effect of the above as a defense would/will get ignored by the courts.

        • he gets a little more security because he's a high value assassination target but at the end of the day he's just another US Citizen. Nothing special about him and he is in no way above the law.
          • he gets a little more security because he's a high value assassination target but at the end of the day he's just another US Citizen. Nothing special about him and he is in no way above the law.

            Anyone tell the previous President that? Asking for +81M voters ... :-)

            • Well, after so many decades of breaking the law I doubt he's going to let such a petty thing get in his way.

        • All the dimwits and morons they arrested claim Trump told them it was ok to storm the capitol.

          I'm guessing that would be an example of an unlawful order ... The President is suppose to enforce the law, not break it or encourage others to break it -- and storming The Capital building certainly falls under that. Even doing so under the guise of righting a (perceived) wrong (of a "stolen" election) doesn't make it right or lawful. I'm also guessing any arguments to the effect of the above as a defense would/will get ignored by the courts.

          I'm pretty sure that as Trump sees it the law does not apply to him. However, considering how fond he is of using lawsuits as a bludgeon to get his way, the law does in his estimation seem to apply to everybody else.

      • Part of this is actually baffling. The excuse that the President told them to do something is absurd. Did they hop to attention when Obama, Bush, or Clinton spoke? I doubt it. Do they think that the Commander in Chief can give orders to civilans? The Commander in Chief can't even give direct orders to actual soldiers. There's little reason for anyone, even supporters, to lift a finger merely because a mere human being suggested something should happen. These people sound almost like the brownshirts (no

      • Except that he explicitly and repeatedly said otherwise.
    • by AmiMoJo ( 196126 )

      There are no puppet masters. It's a Distributed Denial Of Sanity attack.

      Someone starts posting QAnon stuff as a joke. The early "encrypted" posts are consistent with someone mashing a QWERTY keyboard. It becomes a meme, and then a movement in the GOP. Members of the GOP, seeing it as an opportunity to boost their own profile and campaign funds, join in. The rhetoric keeps ramping up, they keep hinting at great things to come, building up Trump as the saviour of the United States, a genius winning a 4D game

  • by Frank Burly ( 4247955 ) on Monday March 01, 2021 @06:48PM (#61113700)
    Wingers should just go pro with their terrorist opsec and use whatsapp.
    • Gab's not done (Score:5, Informative)

      by DeplorableCodeMonkey ( 4828467 ) on Monday March 01, 2021 @07:36PM (#61113908)

      I'm on Gab. Not a single user has freaked out about this that I have seen. Far more users laughing it off and saying "bound to happen, change your passwords."

      Gab absorbed a lot of Parler users, but Gab was already big before Parler went down. The Gab old guard are actually closer to the left than mainstream conservatives in understanding how the interwebz work. The normies who flooded from Parler are also now eyes wide open.

      TL;DR Gab's not going down over this.

  • foreach (opponent in database.oppenents) {
    result = multiLine("
    $opponent are a bunch of gay losers! They
    tell lies and post fake news. $opponent bribed
    our judges, burned our votes, and bugged our
    offices. My grandfather saw them! Let's hunt
    down $opponent and give those commie
    wimps a piece of our mind, and boots!
    ");
    result = applyRandomMisspellings(result);

    • by BlackBilly ( 7624958 ) on Monday March 01, 2021 @07:35PM (#61113904)
      Having been what would be considered a Liberal, and also what would be considered a Conservative, one clear pattern I noticed from both sides is that most people on each side make wild assumptions about the other, then blindly apply that to the whole team, just as you have done here.
      Don't make that same rookie error. This is what is contributing the decline of our society.

      foreach (opponent in database.oppenents) { result = applyRandomMisspellings(result);

      Because you could easily end up looking as foolish as your 'oppenents' [sic]

      • It looks to me like your "result" will actually be an unexpected EOF.

  • "reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users."

    For someone who likes to claim their site is a free speech zone, it's hilarious how he thinks people are trying to smear his business and hurt his users by displaying that free speech.

    • You can't have an echo chamber if someone keeps kicking open the door.

    • Re: (Score:3, Informative)

      by c-A-d ( 77980 )

      Except that they are trying to smear his business and even shut him down because he's committed to free speech, unlike Twitter and Facebook.

    • "reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users."

      For someone who likes to claim their site is a free speech zone, it's hilarious how he thinks people are trying to smear his business and hurt his users by displaying that free speech.

      Why do so many people not understand how free speech works? The quote you provided is also free speech, since he is free to tell his users his opinion of the matter.

      • I never said what he said isn't free speech. What I said was about his whining.

        "You are free to say whatever you want on this site."

        "Oh no! People are going to use what we say on this site against us!"

        Yeah buddy, that's how free speech works. You are free to say whatever you want. You are not free from the consequences of that speech.

        • I never said what he said isn't free speech. What I said was about his whining.

          "You are free to say whatever you want on this site."

          "Oh no! People are going to use what we say on this site against us!"

          Yeah buddy, that's how free speech works. You are free to say whatever you want. You are not free from the consequences of that speech.

          For instance, when someone who disagrees with one of your incalculably astute alcohol-fueled assertions, they are not necessarily protected from your close contact, spittle-riddled, derision of their, rather likely, uninformed opinion.

        • by BlackBilly ( 7624958 ) on Monday March 01, 2021 @08:03PM (#61114022)

          I never said what he said isn't free speech. What I said was about his whining.

          You said it was hypocrisy. Since whining is part free speech there is no hypocrisy.

      • As a follow up to my previous comment, this is a perfect illustration. Free speech and its consequences [9cache.com].

      • "Why do so many people not understand how free speech works?" - People do understand, but they are being purposely obtuse about it, because they are trying to promote their own agenda by shutting down debate. People on *both* sides, Dem and Rep, are no different from any of the old fascist orators.
  • How...? (Score:4, Interesting)

    by Beeftopia ( 1846720 ) on Monday March 01, 2021 @07:02PM (#61113774)

    I mean... after all these years of hammering on SQL injection... with the languages now all but forcing you into prepared statements / parametrized queries... how does a major NEW site like this (no legacy code) use unsafe queries? Surely the people putting this site together are somewhat talented. How is this even possible?

    • by c-A-d ( 77980 )

      Because people are imperfect and their code is imperfect. That's how it's possible.

      • Imperfect doesn't account for this error anymore. You actively need to maliciously ignore the coding 101 classes on how to use SQL to make this mistake. Kind of like people being imperfect doesn't account of someone using a 15 condition long If then elseif statement because they don't know of a select case.

        • by Bengie ( 1121981 )
          "Never attribute to malice that which is adequately explained by stupidity"
          "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former"
    • by eepok ( 545733 )

      I don't know!!!

      I don't even code, I even *I* know the parable of little Bobby Tables. There's no excuse for any system holding personal identifying information to be susceptible to SQL injection.

    • I'm equally confused.
      I swear it would take more effort these days to be able to write something susceptable to SQL injection than it would be to write something that's not.

      Maybe it was somebody who didn't believe in fangled libraries and did things with the most basic framework elements for the sake of low level purity.

    • I'm not surprised at all. Raw sql is easier, and if the project manager doesn't specifically ask for prepared statements, he won't get them. So any time the guy at the top is an idiot, this is the result.
      • by Cederic ( 9623 )

        wtf? The project manager doesn't need to know prepared statements exist. The users don't need to know, the project sponsor doesn't need to know, the test team don't need to know and the CIO doesn't need to know.

        The people that designed and developed the interactions between application and database need to know, and need to do that interaction properly. If they're working to a spec that doesn't require prepared statements then they can challenge the spec, implement the spec using prepared statements anyway

        • I don't agree. Gab is contracting cheap freelancers, they're certainly not hiring top-tier talent. These are fly-by-nights who don't know what they're doing, and getting bit in the ass goes with that territory. If they hired me to do it, and they haggled with me on price, I might just pull shit like this out of spite (not really because I'm too OCD to do that, but plenty of people would).

          And by the way, this could have been prevented by any number of obvious things, like WAF, in-house pair programming, co
    • How is this even possible?

      I imagine the people who put that site together glued together a bunch of 3rd-party components that appeared to function, but at least one of those 3rd-party components used inline SQL instead of prepared statements/parameterized queries. I takes only ONE inline SQL oversight to compromise an entire website.

  • Future /. headlines:

    "Apple pulls Gab from the app store"

    "Apple pulls RWChat from the app store"

    "Apple pulls Zwzzwoozoo from the App store"

  • Is what they said to the journalists. Now what will the journalists say to them?
  • How what IP addresses will track back to North Korea.

    Play your bets...

  • Hacker "JaXpArO" says, "FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA" (sic). https://www.wired.com/story/ga... [wired.com]. But while irresponsible actors in the media lazily attack Gab as "far-right," they appear to not consider the above at all problematic or extremist.

    • Just another ignorant idiot shat out by an educational system that has shifted its mission to political indoctrination. It's an attack on the foundation of modern democracy - speech - and for any media outlet to treat him as anything but the criminal turd he is... well, it's a disappointment.
    • Comment removed based on user account deletion
  • First off, I don't trust any claims that some target group is made up of "far-right extremists", or "white nationalists" anymore. It would be stupid to do so given how clearly the press has distorted those terms. But hey, if you're as far to the left as they are, even the center looks "far-right". They have called groups run by black people "white nationalists", called explicit condemnations of racism and any disagreement with specific partisan agendas "racist". They no longer use those terms in a way t
  • Meaning they are in a prime position to edit out all of the honeypot, Left-Wing instigators and other pot stirrers at their leisure.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...