- 70GB of data deriving from a hack against Gab, the far-right social media network, is now in the hands of ‘DDoSecrets.’
- The collective has shared the dataset with Wired and will carefully and selectively publish the rest in the upcoming period.
- Gab has opted to launch attacks against the ethics of the hackers, completely ignoring the exploited vulnerabilities.
Hacktivists “JaXpArO” and “My Little Anonymous Revival Project” have broken into the systems of Gab after they exploited an SQL injection flaw, stealing 70 GB comprising 40 million public and private posts, 15,000 user profiles, hashed passwords, 70,000 direct messages, and the plaintext passwords of group admins of the far-right social media network.
Gab acknowledged the hack and claimed that its backend databases were accessed by the DDoSecrets collective, who allegedly demanded a ransom of nearly $500,000 in Bitcoin. Gab’s CEO, Andrew Torba, stated that they will not negotiate with the infiltrators and will instead notify the federal law enforcement. In reality, DDoSecrets was entrusted with the data and also shared the set with Wired to have an independent reporter confirm their validity.
The collective’s main goal wasn’t to extort Gab for money but to expose information relevant to the January 6, 2021, Capitol storming event, neo-Nazi propaganda, the dissemination of baseless and dangerous QAnon theories, and any calls for far-right, racist militia action. It is an interesting move from the particular group, as DDoSecrets hasn’t demonstrated a political leaning in the past – although one of their previous leaks, “BlueLeaks,” exposed U.S. law enforcement agencies.
This data exfiltration and subsequent leak come soon after “Parler,” another right-wing social media platform, had to deal with similar trouble. Many of Parler’s users migrated to Gab, so some of these people have now been exposed twice.
The goal of the “leaktivists” is to help the authorities link Gab profiles to real identities, figure out everyone who was involved in the January events, arrest and prosecute them. However, the group has clarified that the distribution of “GabLeaks” will be limited and careful to help protect the privacy of innocent Gab users.
Andrew Barratt, Managing Principal, Solutions and Investigations at Coalfire told us:
It’s an interesting case of ‘hacktivism’ that could put the DDoS Secrets team in an interesting position politically in the future. I think the level of data alleged to be stolen is down to accurate, and it’s likely that a prolonged compromise took place. If it was a simple SQL injection attack that was used to haul data from them, they really need to take a prolonged look at their security posture as well as perhaps consider themselves a more likely target for other attacks in the future.
Gab has decided to respond to the situation by calling the hackers “devils,” citing verses from the Bible and completely ignoring all technical aspects of the attack and their own failure to detect and stop it. Judging from that, it may take Gab quite some time to actually strengthen its security.