[BreachExchange] Famous 'cyberterrorist' goes on TikTok to take credit for GiveSendGo hack

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Feb 17 09:28:35 EST 2022


https://www.washingtonexaminer.com/news/famous-cyberterrorist-goes-on-tiktok-to-take-credit-for-givesendgo-hack

A self-described "cyberterrorist" who rose to infamy as a member of the
hacktivist group Anonymous is taking credit for the recent breach of
GiveSendGo that released the names of donors to the Canadian trucker convoy.

In a video posted to his TikTok account, Aubrey Cottle claimed he hacked
the fundraising website that the "Freedom Convoy" truckers used to raise
money for their protests.

"Yes, I tossed the trucker. I hacked GiveSendGo, and I'd do it again. I'd
do it a hundred times. I did it. I did it. Come at me. What are you going
to do to me?" Cottle, also known as "Kirtaner," said in the video. "I'm
literally a famous f***ing cyberterrorist, and you think that you can scare
me?"

Cottle previously posted a TikTok video on Feb. 7 saying, "It would be a
real shame if something were to happen to GiveSendGo." On Sunday,
GiveSendGo was hacked, and over 92,000 names of donors on the platform were
leaked online. The hack also redirected the GiveSendGo.com visitors to a
new webpage featuring an essay criticizing the platform posted over a video
of Disney's Frozen.

"The Canadian government has informed you that the money you a-holes raise
to fund an insurrection is frozen,” the essay said. "You are committed to
funding anything that keeps the raging fire of misinformation going until
it burns the world’s collective democracies down."


GiveSendGo managed to get its website back up on Tuesday. The "Freedom
Convoy" has raised nearly $9.5 million on the platform, topping the nearly
$9 million the protesters raised on GoFundMe before being booted from the
platform.

An additional 5GB of data from GiveSendGo was also leaked Wednesday that
included "limited credit card data" and source code for the website, Vice
News reported. GiveSendGo founder Jacob Wells called on the FBI to
investigate the hack and said the company will take legal action.

In a statement Wednesday, GiveSendGo acknowledged that its website was
hacked Sunday but said "no credit card information was leaked. No money was
stolen." It said the company shut down the website following the hack and
conducted several security audits before bringing the website back online.

"We are in a battle. We didn’t expect it to be easy. This has not caused us
to be afraid. Instead, it’s made it even more evident that we can not back
down. Thank you for your continued support, prayers, and the countless
emails letting us know you are standing with us," the company said.

Cottle did not elaborate on whether he acted alone in the hack. He said he
also hacked Gab, Parler, Truth Social, and Epic Hosting, web services run
by conservatives often founded due to concerns with anti-conservative
content moderation policies on other social media platforms. He did not
elaborate on his motivations. Last week, he posted one video expressing his
joy that an Ontario court froze donations to the "Freedom Convoy" from
GiveSendGo.

The Washington Post has been emailing individuals who appeared in the
GiveSendGo leak.

The "Freedom Convoy" is a protest led by Canadian truckers that started
against a vaccine or test mandate for truckers but has since expanded to
include demonstrations against broader COVID-19 policies in Canada. The
heart of the protests has taken place in Canada's capital Ottawa, in which
many truckers have parked their rigs in the middle of critical
intersections and roads.

Top Canadian officials including Prime Minister Justin Trudeau have
described the truckers' actions in Ottawa as a "blockade" and said they
must stop blocking the streets. Trudeau invoked the Emergencies Act on
Monday, giving the Canadian government the power to take aggressive actions
against the truckers, including freezing their bank accounts, towing away
vehicles, and arresting them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220217/2c8da504/attachment.html>


More information about the BreachExchange mailing list