It’s not known for exactly how long the bucket was left exposed, but a text file left behind by an unnamed security researcher, dated September 2018, warned that the bucket was “not properly configured” which can have “dangerous security implications.”
So... this has been a known problem since 2018. Time to stop tilting at windmills.
If it's all theater, then it's worth pointing out the A/C/M times of files are easy to fake. A competent intruder can feather filesystem times and modify logs to point investigators toward the wrong conclusion.
> the timing of this seems to point to state sponsored hacking, no?
No.
The hack was obviously politically motivated, beyond that, nothing here points towards it being state sponsored. Non-state actors are equally motivated by the timing.
The idea that the Canadian government hacked GiveSendGo is also frankly ridiculous. Our government just isn't that lawless, and they could almost certainly get this data via legal means.
Both recent and historical evidence does not really support this claim. It is very very very easy to find many examples of governments breaking the law for their own benefit.
I don’t think it was the Canadian government either, but your logic does not seem good.
It could be state sponsored hacking, but I think it's more likely to be don't by someone who got annoyed by the protests.
If I had trucks honking in front of my window, I'd do whatever I could to get them to fuck off as well. No need for the state to get involved if you just piss off enough random people.
It's almost assuredly not done by someone who was directly 'annoyed' by the protests, that's a relatively small area, and hackers with skills are not that common.
The protests are an ideological touchstone, there are surely a lot of hackers in this world keen on 'exposing terrible people' (in their purview) and my money is on just some random 'hacker'.
I'm doubtful that it would be a government action, because those secrets are hard to keep and if it was leaked, the current political situation would collapse immediately. Trudeau & Co. would be gone for good. The details wouldn't really matter that much. I mean, he survived Blackface but he won't survive that kind of scandal.
That said, I'm pretty sure there was a de-facto systematic collusion between gov. offisials and GoFundMe etc. to shut down funding. The gov. can show GFM 'police reports' etc. and that can be used as a basis for cancellation. This is a bit problematic because all protests of a certain size have 'unlawful activity' and as soon as something is on the books, it's hard to put in context. This gives systems like GFM (or Apple, or Google or Amazon or VISA) the legitimate 'cover' to do kind of whatever.
I don't support the truckers, I see their TikTok's and they are rather uninformed antivaxxers, however, I kind of have to accept their right to protest.
Protesters in Portland literally took city blocks by force, threatened violence with serious weapons, two people died, there was tons of avoidable crime, police and rescue not allowed to enter etc. and they didn't seem to get quite the disdain that the truckers are, rather the press kind of just seemed to 'avoid them'. I understand every situation is different ... but still.
Truckers are dug in in Ottawa and Police are wary of confrontation, there's hints that the rank and file of Ott Police and RCMP are a bit sympathetic, and the Tow Trucker drivers are as well and don't want to face blowback. There is 'just enough empathy' among the Canadian public that it could 'tip in their favour' if we saw the firehoses or CS gas break out. It's definitely a very delicate political situation.
But in the end - Occam's Razor: some guy did this and leaked it, that's that.
I doubt someone who lived that close to the honking had the ability and chutzpah to do this.
After seeing how angry people got over Joe Rogan, I absolutely think there are militantly progressive people who are more concerned with the content of speech than the chilling effect of limiting free speech who would do this. Which isn't to say I agree with the Ottawa protesters or bridge blockaders; I think both went well outside the bounds of free speech.
I'd think it's far more likely that GiveSendGo doesn't have the most sophisticated and well maintained tech stack and an exploit was easily found by hacktivists engaging in defacement and doxxing.
Foreign support to this movement is not exactly a secret. They were waiving Trump flags, confederate flags and lots of MAGA signs were seen among the protesters. Also the movement has been publicized on Fox News and by famous right-wing people in the US, that's just normal that it would eventually lead to a lot of people in the US deciding to start donating. The simplest explanation is more likely than the conspiracy that the Canadian government had time to make up fake donations from the US.
This is a bit removed from your point about foreign support, but the flag thing appears to have been exaggerated for political purposes. The Confederate flag guy was shunned by the protestors and stood out like a sore thumb to begin with: https://twitter.com/VigilantFox/status/1487834109678395392. (I'm not endorsing that Twitter account - it's the only link I know of to the video, and the video is interesting.)
It has also been commonly reported that the protestors are Nazis carrying Nazi flags, but this reporting is also excessively politicized. Here's a first-person account giving a completely different picture: https://www.youtube.com/watch?v=TtN4VqBeCMg#t=6932.
There are hundreds of hours of livestreams on youtube showing the protests. Anyone can dip in at random and get a sense. That's how I ran across that last link of the guy talking about the swastika flag. From the livestreams it seems clear that this is an authentic and peaceful working class protest, not some far right "insurrection" (a word that has also been chosen for political reasons). The most fascinating aspect of this event is what it reveals about the class divide in Canada, and the West in general, since each country has its own version of this right now.
The protest is super unpopular in canada. It could just as easily be a random canadian citizen who is pissed about the protest and wants to prove that the protest is not grass roots but foreign meddling.
The polls I've seen had ~half of Canadians sympathetic to the protests [1], and about 20% strongly supporting. It's completely true that it could be one highly motivated individual, but that has nothing to do with your first assertion (which is a mixed truth at best). I think that the government's claim (echoed by many media outlets) that this is purely a fringe movement has added fuel to the fire.
The protest is super unpopular among certain politicians, certain state sponsored media, and certain supporters of those politicians and media. However, there are a very large number who support ending all lockdowns and mandates immediately - as evidenced by their ability to raise money, repeatedly, as well as by the physical presence of so many supporters across the globe.
That said, I agree this is most likely the work of an individual. For all its usefulness in raising money, GSG has probably never been subjected to a real-world pentest by a highly motivated attacker. Not to mention the legions of attackers one would expect from such a polarising subject. This was unfortunate but entirely predictable.
Unpopular with wealthier people who are inconvenienced, very popular amongst what the media like to call 'populists' - ie the people who deliver the rich people's chattels
Given the unfair media coverage, is it any wonder?
There seems to be, including in your own post, a lot of ad hominem attacks ("one person had a confederate flag! some people in the US support the cause too! this means it's totally evil") rather than addressing the human rights the protestors are fighting for, and it's a shame. But it's no surprise given the opposite media coverage for the opposite type of protest (violent riots) two summers ago.
Also, "the state" seems to tacitly support the protests. Others have rightly pointed out, that had this been a left-wing protest, "the state" response would have been brutal and decisive. So it's kind of hard to see why they'd do it this way rather than taking a much more direct approach.
I have no doubts that the true culprits for this hack will be found and the punishment will be orders of magnitude worse than anything the truckers will receive.
Are there non-authoritarians that want jab mandates so badly that they will hack websites to doxx innocent protestors? Could be, I haven't met any (thankfully)
> the timing of this seems to point to state sponsored hacking, no?
what does hack timing have to do with the state? I don't follow your logic at all. I would never make that connection. It's just an insecure website and server, anyone can run their testing suite and have gotten the same info. Why rationalize incompetence with state sponsored?
I'm really about to sell some Q branded coffee mugs to everyone with an email address in this leak, so fckin gullible.
There's plenty of techies in Ottawa with the means, motives and opportunities to perform this action. People over there are quite annoyed at the truckers, so I wouldn't be surprised if it's someone related who's annoyed at the whole situation. No need for state sponsorship to find poorly secured data.
wouldn't take state sponsored hacking to do this to most startups, probably just a few people using open source tools to look for basic stuff
people love to dunk on companies in situations like this but probably 95% of startups would get hacked like this if the MSM put a bunch of attention on them and made them a target. Even huge companies get pwned due to basic security issues
The gov't doesn't need to crack in this case. They shut down the funds through the courts. These "donation" sites (gofundme/givesendgo) are going to be scrutinized much more closely from this point forward.
1024core|4 years ago
It’s not known for exactly how long the bucket was left exposed, but a text file left behind by an unnamed security researcher, dated September 2018, warned that the bucket was “not properly configured” which can have “dangerous security implications.”
So... this has been a known problem since 2018. Time to stop tilting at windmills.
arbitrage|4 years ago
gpm|4 years ago
No.
The hack was obviously politically motivated, beyond that, nothing here points towards it being state sponsored. Non-state actors are equally motivated by the timing.
The idea that the Canadian government hacked GiveSendGo is also frankly ridiculous. Our government just isn't that lawless, and they could almost certainly get this data via legal means.
rajin444|4 years ago
Both recent and historical evidence does not really support this claim. It is very very very easy to find many examples of governments breaking the law for their own benefit.
I don’t think it was the Canadian government either, but your logic does not seem good.
jeroenhd|4 years ago
If I had trucks honking in front of my window, I'd do whatever I could to get them to fuck off as well. No need for the state to get involved if you just piss off enough random people.
btbuildem|4 years ago
jollybean|4 years ago
The protests are an ideological touchstone, there are surely a lot of hackers in this world keen on 'exposing terrible people' (in their purview) and my money is on just some random 'hacker'.
I'm doubtful that it would be a government action, because those secrets are hard to keep and if it was leaked, the current political situation would collapse immediately. Trudeau & Co. would be gone for good. The details wouldn't really matter that much. I mean, he survived Blackface but he won't survive that kind of scandal.
That said, I'm pretty sure there was a de-facto systematic collusion between gov. offisials and GoFundMe etc. to shut down funding. The gov. can show GFM 'police reports' etc. and that can be used as a basis for cancellation. This is a bit problematic because all protests of a certain size have 'unlawful activity' and as soon as something is on the books, it's hard to put in context. This gives systems like GFM (or Apple, or Google or Amazon or VISA) the legitimate 'cover' to do kind of whatever.
I don't support the truckers, I see their TikTok's and they are rather uninformed antivaxxers, however, I kind of have to accept their right to protest.
Protesters in Portland literally took city blocks by force, threatened violence with serious weapons, two people died, there was tons of avoidable crime, police and rescue not allowed to enter etc. and they didn't seem to get quite the disdain that the truckers are, rather the press kind of just seemed to 'avoid them'. I understand every situation is different ... but still.
Truckers are dug in in Ottawa and Police are wary of confrontation, there's hints that the rank and file of Ott Police and RCMP are a bit sympathetic, and the Tow Trucker drivers are as well and don't want to face blowback. There is 'just enough empathy' among the Canadian public that it could 'tip in their favour' if we saw the firehoses or CS gas break out. It's definitely a very delicate political situation.
But in the end - Occam's Razor: some guy did this and leaked it, that's that.
They will eventually go home.
dehrmann|4 years ago
After seeing how angry people got over Joe Rogan, I absolutely think there are militantly progressive people who are more concerned with the content of speech than the chilling effect of limiting free speech who would do this. Which isn't to say I agree with the Ottawa protesters or bridge blockaders; I think both went well outside the bounds of free speech.
albroland|4 years ago
nostrademons|4 years ago
https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-con...
jeromegv|4 years ago
blast|4 years ago
It has also been commonly reported that the protestors are Nazis carrying Nazi flags, but this reporting is also excessively politicized. Here's a first-person account giving a completely different picture: https://www.youtube.com/watch?v=TtN4VqBeCMg#t=6932.
There are hundreds of hours of livestreams on youtube showing the protests. Anyone can dip in at random and get a sense. That's how I ran across that last link of the guy talking about the swastika flag. From the livestreams it seems clear that this is an authentic and peaceful working class protest, not some far right "insurrection" (a word that has also been chosen for political reasons). The most fascinating aspect of this event is what it reveals about the class divide in Canada, and the West in general, since each country has its own version of this right now.
mrtesthah|4 years ago
Isn't it convenient how all contradicting evidence is dismissed by evidence-free conspiracy theories?
https://www.wired.com/video/watch/why-you-can-never-argue-wi...
And the evidence from the leak is fully testable and falsifiable! You could literally just email people who donated and ask them.
hammock|4 years ago
[deleted]
bawolff|4 years ago
amscanne|4 years ago
[1] https://globalnews.ca/news/8610727/ipsos-poll-trucker-convoy...
0xbadc0de5|4 years ago
That said, I agree this is most likely the work of an individual. For all its usefulness in raising money, GSG has probably never been subjected to a real-world pentest by a highly motivated attacker. Not to mention the legions of attackers one would expect from such a polarising subject. This was unfortunate but entirely predictable.
nathanaldensr|4 years ago
olivermarks|4 years ago
coolso|4 years ago
Given the unfair media coverage, is it any wonder?
There seems to be, including in your own post, a lot of ad hominem attacks ("one person had a confederate flag! some people in the US support the cause too! this means it's totally evil") rather than addressing the human rights the protestors are fighting for, and it's a shame. But it's no surprise given the opposite media coverage for the opposite type of protest (violent riots) two summers ago.
ineedasername|4 years ago
mywittyname|4 years ago
I have no doubts that the true culprits for this hack will be found and the punishment will be orders of magnitude worse than anything the truckers will receive.
hammock|4 years ago
vmception|4 years ago
what does hack timing have to do with the state? I don't follow your logic at all. I would never make that connection. It's just an insecure website and server, anyone can run their testing suite and have gotten the same info. Why rationalize incompetence with state sponsored?
I'm really about to sell some Q branded coffee mugs to everyone with an email address in this leak, so fckin gullible.
AYBABTME|4 years ago
msie|4 years ago
https://www.clickondetroit.com/news/politics/2022/02/12/repo...
ren_engineer|4 years ago
people love to dunk on companies in situations like this but probably 95% of startups would get hacked like this if the MSM put a bunch of attention on them and made them a target. Even huge companies get pwned due to basic security issues
throw7|4 years ago
barbazoo|4 years ago
_moof|4 years ago
jagger27|4 years ago
alisonkisk|4 years ago
[deleted]