Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Jackie Singh @KinexisAI Profile picture
@HackingButLegal
Jul 10, 2024 18 tweets 6 min read Read on X
Scrolly
I am reviewing this alleged hack of The Heritage Foundation.

I have identified very embarrassing data within this dataset. Why so many Chinese IP addresses? 🤔
The zipped file contains one single file:

"daily-signal_dev_database_new.sql"

This appears to be a combined set of exports from a SQL database. Here are the first lines Image
Because this is a combined export (likely from the command line) of various tables, the file is not readable by a typical SQL editor, and needs to be split into pieces to make it so.

I'd rather just turn it into CSV chunks to start cleaning up the dataset for further analysis
There are 215,000 lines or so in the WordPress Comments table. As you can see, comment_author_IP is available, which is broadly useful to get a sense of where people posting replies to the Heritage blog are coming from in the world.

Earliest date: 2008-01-04. Newest: 2022-11-09 Image
After creating a CSV chunk with only the WP comments table, now I can view columns and extract their content as needed. After extracting IP addresses from the author column, I can eliminate duplicates and work on analyzing their presumed geo origin, which is of interest to me Image
Dataset was a little dirty and a hassle to clean up.

Here are the 60K extracted IPs from the WP Comments table:

#HeritageFoundation defuse.ca/b/PTrmvlbs
Image
Sample geolocations from the first 100 IPs (these are sorted 'low to high', and many Asia-based netblocks start with the number 1) Image
Spies in the dataset

Here are the 69.5K email addresses present within the complete dataset:



🤔 235 .mil and .gov email addresses
🤔 95 .ru and .cn email addresses

#HeritageFoundationdefuse.ca/b/mLXCi0iXsGFj…
Linked below is a statistical breakdown of the domain names associated with all email addresses in the dataset.

Stacking and counting are basic analytical tools which can help analysts identify outliers.

defuse.ca/b/GMCj2uAfvELn…
Image
I have a script running to grab geolocation information and will tweet when it finishes.

Those working at big companies with access to certain commercial tools can do this more quickly than I can.
Because the original host took the file down, you can now find it here:

This is a 368 MB .zip file which uncompresses to a single 1.94 GB flat file.

SHA256: 3dcc258331d9139a654402d20b756b57ca17228aa9e2f80a4b6451b96c8eac70tan-medieval-hornet-252.mypinata.cloud/ipfs/QmVwiYsr4…
The hacker group claiming responsibility for this action has released new information on their Telegram channel. Image
Here is the list of Administrators.

defuse.ca/b/ely6s7iwqpLF…
BREAKING: SiegedSec claims to have officially disbanded.

#HeritageFoundation
Image
Image
Updated download link
@CloudsEdgeArt1 I am the first person covering this.
@loudmog cloudflare-ipfs.com/ipfs/QmVwiYsr4…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jackie Singh @KinexisAI

Jackie Singh @KinexisAI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackingButLegal

Jackie Singh @KinexisAI Profile picture
Mar 14
1/🧐 "The cybersecurity experts weren't enough"

Let's do the *actual math* on @ThisWillHold2's "irrefutable" Amendment 4 fraud claim because the numbers they cite are publicly available and tell a totally different story.

🧵 Thread:
2/ They claim 6,371,645 R+D early votes "coincidentally" equals the 60% threshold for Amendment 4, which got 6,070,758 YES out of 10,619,137 votes cast. The actual 60% bar was 6,371,482.

Their magic number is off by ~163 votes from the threshold. That's their "irrefutable" math.
3/ @ThisWillHold2 says 6,371,645 was used as a ceiling so Amendment 4 would land exactly at 60%. But the real 60% threshold was 6,371,482, and Amendment 4 only got 6,070,758 YES. That is a 300,724 vote gap.

The outcome wasn't even close to the bar.
Read 14 tweets
Jackie Singh @KinexisAI Profile picture
Mar 12
Do you want to know how I tweeted that we did the attack on the school before it was confirmed? 'Twas a strong hunch based on TikTok comments posted to videos showing immediate aftermath of the event, like, "that doesn't look like Iran" to confuse viewers and avoid attribution.
By the time the news started filtering out internationally, Hegseth already knew DoD had made a mistake, and (U.S. or Israeli) bots started covering for the crime pretty much immediately using the deescalation tactics I further describe in the linked thread above.
On X, the bots covering had an Israeli vibe based on profile content and feed (like this one below). In hindsight, they may have been sent to confuse attribution but seemed more concerned with avoiding the world thinking Israel had been the one to bomb the school. Image
Image
Read 5 tweets
Jackie Singh @KinexisAI Profile picture
Feb 28
I have established that Donald Trump's statement of war against Iran which was broadcast in the wee hours of this morning is an AI deepfake.



1/🧵 How can we know it's a fake? 👀👇
2/ There is a complete absence of natural breathing patterns, spontaneous illustrators, or small fluctuations in Trump's facial musculature. His delivery remains highly monotonous in rhythm. Facial expressions are limited to rhythmic brow lowering and lip tightening and...
3/ ...lack natural spontaneous variation. His visual presentation shows a lack of natural breathing pauses or any of the shifts in weight that are typical of a live speech. Trump maintains a rigid, forward-facing posture with minimal body movement throughout.
Read 6 tweets
Jackie Singh @KinexisAI Profile picture
Feb 21
"I am fully aware of the charges to which Ghislaine has been found guilty. Despite this fact, I continue to hold my sister in the highest regard."

"I am of course aware of the charges of which she has been found guilty at jury trial. I have been present at every ..." (Cont.) 👇
"... one of the pretrial and trial court days. Notwithstanding the jury's verdict, I continue to hold Ghislaine in the highest regard and I believe very strongly that she still has much of value to contribute in the world."

🤡 EFTA02838285.pdf
"I write this letter in support of my sister, Ghislaine, aware of the charges she was been found guilty of, noting too that she has no prior criminal convictions in any jurisdiction. ..." (Cont.)
Read 10 tweets
Jackie Singh @KinexisAI Profile picture
Feb 15
BULLETIN: Those promoting the acronym "TND" are associated with Russia's Wagner Group. They are running rampant— Involved in child abuse via 764/Temple ov Blood, and have been working hard to radicalize (brainwash/abuse) trans youth into ?mass murdering others and themselves. Image
They also appear to have a woman deployed to perform narrative control on this topic. The goal is to ensure the public is not aware of the relationship between Russia and the child abuse conducted from afar.
Another related acronym is "DNB" (don't ask what it stands for). Note the original poster with a trans flag in bio. They actively hunt for vulnerable Western children. Image
Image
Read 9 tweets
Jackie Singh @KinexisAI Profile picture
Feb 11
1/🧵 Breaking analysis from @guardian:

Epstein Files describe a pattern of behavior around Kimbal Musk and the Tesla/SpaceX world that raise serious natsec and corruption concerns. Image
2/🚩 The behavior described looks very similar to how powerful people are identified, studied, and slowly drawn into compromising relationships—
Especially through their close friends and family.
3/🚩 Warning signs can include the use of controlled romantic or sexual partners, mixing social access with business opportunities, and maintaining close contact with a known predator.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(