Kiwi Farms Breached; Assume Passwords, Emails, IP Addresses Have Leaked (arstechnica.com) 76
ArsTechnica reports: The head of Kiwi Farms said the site experienced a breach that allowed hackers to access his administrator account and possibly the accounts of all other users. On the site, creator Joshua Moon wrote: "The forum was hacked. You should assume the following. Assume your password for the Kiwi Farms has been stolen. Assume your email has been leaked. Assume any IP you've used on your Kiwi Farms account in the last month has been leaked."
Moon said that the unknown individual or individuals behind the hack gained access to his admin account by using a technique known as session hijacking, in which an attacker obtains the authentication cookies a site sets after an account holder enters valid credentials and successfully completes any two-factor authentication requirements. The session hijacking was made possible after uploading malicious content to XenForo, a site Kiwi Farms uses to power its user forums.
Moon said that the unknown individual or individuals behind the hack gained access to his admin account by using a technique known as session hijacking, in which an attacker obtains the authentication cookies a site sets after an account holder enters valid credentials and successfully completes any two-factor authentication requirements. The session hijacking was made possible after uploading malicious content to XenForo, a site Kiwi Farms uses to power its user forums.
Kiwi Farms? (Score:1)
Re: (Score:3)
Kiwi Farms is where people go who think parler, 4chan and 8chan are bastions of dangerous woke (liberal) thinking.
Re: (Score:2)
Updates on the Fediverse (Score:1)
Josh Moon posts through the node/instance Poast and his ongoing description of the attack can be read here:
https://poa.st/users/josh [poa.st]
N.B. Poast is the horror that 4chan wishes it could be. They banned me last week for not being anti-Semitic, "racist," and fundie evangelical enough.
Re: (Score:2)
You may know them as the website kicked off of cloudflare from a story featured on slashdot a couple weeks ago
oh my, how terrible... (Score:3)
Couldn't have happened to better people? (Score:1, Informative)
Re:Couldn't have happened to better people? (Score:5, Insightful)
Well there was the Swattings (Score:4, Informative)
Oh, and the longstanding campaigns to get people to kill themselves. 3 or 4 of which were successful.
And all the IRL stalking. That too. What good's Doxing if you're not gonna follow through on Stochastic Terrorism.
Re: Well there was the Swattings (Score:3)
Re: (Score:2)
It wasn't even stochastic a lot of the time. People would put out calls for anyone in an area who could go harass or assault someone for them.
Re:Couldn't have happened to better people? (Score:4, Insightful)
unless you cared about free speech
You conflate "freedom of speech" and "freedom of consequences". I'm not wishing physical harm on anybody, but it wouldn't break my heart to see some high-profile figures linked to their online Kiwi-persona. Again, Karma can be a bitch.
I have never been on the site, so I really don't know what it has to "offer". But seeing it compared to the *chan sites is enough for me to know the world is better off without it. To each their own.
Mostly faked (Score:1, Interesting)
> So you're saying all the vile shit listed on the wiki page I linked is just overblown woke-ism?
Depends on which things you're talking about, but they presented evidence that makes it appear that the most recent doxxing of Keffals was staged, given how quickly the un-downrated post (which was quickly downrated) of the doxx was screencapped, posted by Keffals, then deleted with an old account that had posted only once prior in 2 years, possibly harvested from the various password attacks that have been g
Re: (Score:1)
The more you dig into this, the more it looks like people with grudges did stuff to get KF in trouble.
By using their actual words and actions to point out what they're actually like. Not doing all those awful things to people would have made it less likely that they would "get into trouble" wouldn't it?
Re: (Score:1)
Re: Couldn't have happened to better people? (Score:2)
Re: (Score:1)
And what got him kicked off Cloudflare was a false flag according to the site owner - "Null". The account doing that was a sleeper, posted very rarely, was reported by seven people and was banned within an hour. Here's the statement [archive.is] from him directly about the matter.
He's surprised with Matthew's (Cloudflare's) d
Re: (Score:2)
Re:Couldn't have happened to better people? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Yeah. Harassment is against the rules. Except in this case, it's a lot like starting a sentence with, "You know I'm not a pedophile, but..."
Re: (Score:1, Flamebait)
Bull fucking shit. They only "harass" those troons that throw themselves at children.
Fuck groomers. They deserve to be exposed and deplatformed.
Re: (Score:3)
Re: (Score:1)
Why would some filthy degenerate engage in such activities for children, if not to groom them?
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:1)
They want to make those 8 year olds view drag queens in a fun sexual way so that when they get to be about 14 or so they are more amenable to fucking around with a 30 year old troon. ie grooming.
Kiwi farms? (Score:2)
Re: (Score:2)
But do you farm New Zealanders? It would apply then.
(I have no idea what the fuck "Kiwi Farms" is, and the "editor" who posted the summary couldn't be fucked to tell us, and I can't be fucked to go look)
Re: (Score:2)
Did you know that the Kiwifruit was originally called the Chinese Gooseberry/
and they are grown in orchards, not farms.
The Kiwi is a nocturnal flightless bird, almost extinct. and only found in captivity or in a couple of small islands that have been cleared of predators like cats or weasels.
Of course it was doing ok before humans came to NZ bringing said predators.
Well then (Score:2)
I am not going to celebrate any hack, but I will say it couldn't have happened to a nicer bunch of people. I'm sure whoever did this will take good care of their information and treat the members of the forum as nicely as they have everyone else.
Re: (Score:2, Informative)
They're a white supremacist forum.
Re: (Score:2, Flamebait)
That explains why PASSWORDS were leaked. I assume they kept those in plain text, because, well, lack of brains and the shit they were peddling go hand in hand.
Probably thanks to .... (Score:2, Informative)
Wired, which just recently published this article about the whole Kiwi Farms thing:
https://www.wired.com/story/ke... [wired.com]
Sounds to me like their site's days were numbered regardless of this hack, if they upset people enough that even Cloudflare agreed to block them.
Re: (Score:1)
Maybe, just because a lot of people have a hateboner for them, just as they have in return, but it looks like some of the stuff that went on may have been staged. You can see their side of things here [t.me].
Re: (Score:2)
Doesn't Cloudflare host that outstanding site Stormfront? I would have find it hard to believe that would continue to host these bunch of wonderful people while giving a bunch of poor kiwi farmers the boot.
Yes, I'm being facetious.
For those out of the loop, Stormfront is a lame ass white surpremest site featuring a bunch of knuckle dragging racists. I've never been to kiwi farms but if what they where doing over there was so bad that Cloudflare gave them to boot while keeping stormfront around, it mu
Kiwi farms hacked? (Score:3, Funny)
Oh no. That's terrible. What a shame.
Re: (Score:2)
Anyway...
Langley (Score:3)
So I'm guessing there are a couple departments at the FBI where people will be moving and changing their names?
Re: (Score:2)
You would hope that the FBI was monitoring posts on that forum as a matter of routine, but it appears not.
So far the only prosecution has been by German authorities, and they had the evidence handed to them. It's only a prosecution for trolling too, not murder.
Oh no (Score:2)
Anyways...
3 out of first 5 replies (Score:1)
Because the "Editor" either does not know their audience.
Or doesn't want to do their job.
Or does not give a shit.
Re: (Score:2)
A modern version of the old saying... (Score:2)
Those who live by the sword, die by the sword.
Those who live by the dox, die by the dox.
Goose/gander (Score:2)
It does seem like they've philosophically already opted out of the luxury of anonymity.
Tie Session to IP Address or Device ID... (Score:2)
A solution that would make this kind of thing more difficult would be to tie the session to an IP address, or possibly even device ID for mobiles. It wouldn't protect against this kind of thing happening, but it would require another level for the hacker to spoof these values when using the session token...
With only IP address verification, mobile users would have to re-login when they transitioned from wifi to cell and back, but for administrative accounts like his, this would be a small price to pay to pr
iframe (Score:2)
Blocked and Reported podcast episodes on KiwiFarms (Score:2)
Blocked and Reported podcast just did a two-part series on the Kiwi Farms / Keffals incidents that were in the news lately. It's a complicated saga involving some weird characters. There's a lot more detail to it than what was reported in the major news media. Here's part 1:
https://www.blockedandreported.org/p/episode-131-who-is-stalking-the-twitch#details [blockedandreported.org]
For anyone wondering why it's a big deal (Score:3, Insightful)
First and foremost the site is fully of overt white supremacists. Many of who would like to keep that on the down low.
But it's also where you went to commit crimes. Lots of them. Swattings, Doxxing, cyber stalking and IRL stalking. You name it.
If this data makes it's way into law enforcement's hands a whole lot of people are gonna get a visit from your friendly neighborhood policemen. Which is ironic since publicly these are all "back the blue" types.
Re: (Score:2)
There are other sites which do that. In most of cases, a waste of time IMHO. It is like watching HoneyBooBoo. Most of the people described there are of no interest.
The reason kiwi farms mattered (Score:2)
Crowdsourcing is why
Re: (Score:2)
That is not what i was talking about.
I meant that the content of KiwiFarms is a) Extremely boring. They self describe as people who like watching the trash TV of the internet and indeed it looks like trash TV
b) available elsewhere. No need of KiwiFarms. This insane slashdot thread got me curious about that uninteresting keffals guy/gal and his or her behaviour is copiously documented. Streisand effect i guess. Not surprising he or she has plenty of enemies.
Of course i don't condone swatting and doxing. I am
Re: (Score:2)
First and foremost the site is fully of overt white supremacists. [...] gonna get a visit from your friendly neighborhood policemen.
Why, are they planning on having a BBQ? The police bend over backwards to protect white supremacists. There's not going to be any fallout from this beyond a few very liberal district attorneys shaking a finger at these guys, and the cops predictably shrugging over it.
Good. (Score:2)
Where... (Score:1)
Dox them right back (Score:2)
Domains (Score:2)