Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Jackie Singh Profile picture
@HackingButLegal
Jul 10, 2024 18 tweets 6 min read Read on X
Scrolly
I am reviewing this alleged hack of The Heritage Foundation.

I have identified very embarrassing data within this dataset. Why so many Chinese IP addresses? 🤔
The zipped file contains one single file:

"daily-signal_dev_database_new.sql"

This appears to be a combined set of exports from a SQL database. Here are the first lines Image
Because this is a combined export (likely from the command line) of various tables, the file is not readable by a typical SQL editor, and needs to be split into pieces to make it so.

I'd rather just turn it into CSV chunks to start cleaning up the dataset for further analysis
There are 215,000 lines or so in the WordPress Comments table. As you can see, comment_author_IP is available, which is broadly useful to get a sense of where people posting replies to the Heritage blog are coming from in the world.

Earliest date: 2008-01-04. Newest: 2022-11-09 Image
After creating a CSV chunk with only the WP comments table, now I can view columns and extract their content as needed. After extracting IP addresses from the author column, I can eliminate duplicates and work on analyzing their presumed geo origin, which is of interest to me Image
Dataset was a little dirty and a hassle to clean up.

Here are the 60K extracted IPs from the WP Comments table:

#HeritageFoundation defuse.ca/b/PTrmvlbs
Image
Sample geolocations from the first 100 IPs (these are sorted 'low to high', and many Asia-based netblocks start with the number 1) Image
Spies in the dataset

Here are the 69.5K email addresses present within the complete dataset:



🤔 235 .mil and .gov email addresses
🤔 95 .ru and .cn email addresses

#HeritageFoundationdefuse.ca/b/mLXCi0iXsGFj…
Linked below is a statistical breakdown of the domain names associated with all email addresses in the dataset.

Stacking and counting are basic analytical tools which can help analysts identify outliers.

defuse.ca/b/GMCj2uAfvELn…
Image
I have a script running to grab geolocation information and will tweet when it finishes.

Those working at big companies with access to certain commercial tools can do this more quickly than I can.
Because the original host took the file down, you can now find it here:

This is a 368 MB .zip file which uncompresses to a single 1.94 GB flat file.

SHA256: 3dcc258331d9139a654402d20b756b57ca17228aa9e2f80a4b6451b96c8eac70tan-medieval-hornet-252.mypinata.cloud/ipfs/QmVwiYsr4…
The hacker group claiming responsibility for this action has released new information on their Telegram channel. Image
Here is the list of Administrators.

defuse.ca/b/ely6s7iwqpLF…
BREAKING: SiegedSec claims to have officially disbanded.

#HeritageFoundation
Image
Image
Updated download link
@CloudsEdgeArt1 I am the first person covering this.
@loudmog cloudflare-ipfs.com/ipfs/QmVwiYsr4…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jackie Singh

Jackie Singh Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackingButLegal

Jackie Singh Profile picture
Apr 14
Crypto influencer Joe McCann — who I met once while engaged in a short-lived crypto project — is currently under widespread suspicion of murdering his fiancée, social media influencer Ashlee Jenae (Ashly Robinson). Here is a retweet made by McCann's ex-wife during their divorce. Image
Content Warning: DV
'
'
'
'
Allegedly, they fought; hotel management separated them into different rooms. The police in Tanzania say she was found in critical condition inside her wardrobe in her hotel room after hanging herself using a piece of cloth from her dress on April 9. Image
Image
Police commander: Based on preliminary investigation, there is no evidence of a criminal act. The police do not currently have grounds to arrest or charge McCann, and “cannot take legal action or detain him under these circumstances.” mwananchi.co.tz/mw/zanzibar/po…
Read 48 tweets
Jackie Singh Profile picture
Apr 5
Hi, it's me again, an Army veteran. I did say it out loud — a full nine months ago.

🔗 Link below. Image
hackingbutlegal.com/p/tattooed-for…
"The systematic combination of crusader ideology, restorationist symbolism, and anti-government themes creates a visual manifesto that advocates for religious warfare, revolutionary action [...], and military authority superseding civilian democratic institutions."
Read 6 tweets
Jackie Singh Profile picture
Mar 31
🚩🚩🚩 There are major red flags in this story about an "ex-spy" who helped stop Iran from building a nuclear weapon. It is a very interesting piece—and I love The New Yorker—but please don't buy stories about intelligence professionals hook, line, and sinker 🎣
Believing that a story relitigating the success of previous CIA operations against Iran's nuclear program in public at the exactly moment when we are engaged in kinetic action against those same facilities is simply biographical stretches credulity.
Chalker claims he hasn't made a penny since the Broidy coverage. But his quantum cryptography startup Qrypt is HQ'ed at 1 World Trade Center, signed a major tech integration with NVIDIA in March, and added a former CIA Senior Exec to its board last year.
Read 19 tweets
Jackie Singh Profile picture
Mar 30
1/8 🧵 Right now, PHANTOM WAKE is showing 16 ships behaving very suspiciously near the underwater cables that carry ~95% of the world's internet traffic. These detections happened in a 19-hour window across 4 different oceans. Clustering here very likely not a coincidence #OSINT Image
2/8 First, what ARE these cables?
They're fiber-optic cables laid on the seafloor connecting every continent. When you video call someone in Europe from the US, your data travels through one. There are about 500 of them worldwide, and they're shockingly easy to damage
3/8 Here's the dirty secret: Easiest way to cut one is to drag an anchor over it. Slow a ship down to almost zero knots directly above the cable, drop the anchor, and let it scrape. Almost impossible to prove it was intentional! Russia & China have done it repeatedly since 2022
Read 9 tweets
Jackie Singh Profile picture
Mar 14
1/🧐 "The cybersecurity experts weren't enough"

Let's do the *actual math* on @ThisWillHold2's "irrefutable" Amendment 4 fraud claim because the numbers they cite are publicly available and tell a totally different story.

🧵 Thread:
2/ They claim 6,371,645 R+D early votes "coincidentally" equals the 60% threshold for Amendment 4, which got 6,070,758 YES out of 10,619,137 votes cast. The actual 60% bar was 6,371,482.

Their magic number is off by ~163 votes from the threshold. That's their "irrefutable" math.
3/ @ThisWillHold2 says 6,371,645 was used as a ceiling so Amendment 4 would land exactly at 60%. But the real 60% threshold was 6,371,482, and Amendment 4 only got 6,070,758 YES. That is a 300,724 vote gap.

The outcome wasn't even close to the bar.
Read 14 tweets
Jackie Singh Profile picture
Mar 12
Do you want to know how I tweeted that we did the attack on the school before it was confirmed? 'Twas a strong hunch based on TikTok comments posted to videos showing immediate aftermath of the event, like, "that doesn't look like Iran" to confuse viewers and avoid attribution.
By the time the news started filtering out internationally, Hegseth already knew DoD had made a mistake, and (U.S. or Israeli) bots started covering for the crime pretty much immediately using the deescalation tactics I further describe in the linked thread above.
On X, the bots covering had an Israeli vibe based on profile content and feed (like this one below). In hindsight, they may have been sent to confuse attribution but seemed more concerned with avoiding the world thinking Israel had been the one to bomb the school. Image
Image
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(