Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Jackie Singh (Inactive) Profile picture
@HackingButLegal
Jul 10, 2024 18 tweets 6 min read Read on X
I am reviewing this alleged hack of The Heritage Foundation.

I have identified very embarrassing data within this dataset. Why so many Chinese IP addresses? 🤔
The zipped file contains one single file:

"daily-signal_dev_database_new.sql"

This appears to be a combined set of exports from a SQL database. Here are the first lines Image
Because this is a combined export (likely from the command line) of various tables, the file is not readable by a typical SQL editor, and needs to be split into pieces to make it so.

I'd rather just turn it into CSV chunks to start cleaning up the dataset for further analysis
There are 215,000 lines or so in the WordPress Comments table. As you can see, comment_author_IP is available, which is broadly useful to get a sense of where people posting replies to the Heritage blog are coming from in the world.

Earliest date: 2008-01-04. Newest: 2022-11-09 Image
After creating a CSV chunk with only the WP comments table, now I can view columns and extract their content as needed. After extracting IP addresses from the author column, I can eliminate duplicates and work on analyzing their presumed geo origin, which is of interest to me Image
Dataset was a little dirty and a hassle to clean up.

Here are the 60K extracted IPs from the WP Comments table:

#HeritageFoundation defuse.ca/b/PTrmvlbs
Image
Sample geolocations from the first 100 IPs (these are sorted 'low to high', and many Asia-based netblocks start with the number 1) Image
Spies in the dataset

Here are the 69.5K email addresses present within the complete dataset:



🤔 235 .mil and .gov email addresses
🤔 95 .ru and .cn email addresses

#HeritageFoundationdefuse.ca/b/mLXCi0iXsGFj…
Linked below is a statistical breakdown of the domain names associated with all email addresses in the dataset.

Stacking and counting are basic analytical tools which can help analysts identify outliers.

defuse.ca/b/GMCj2uAfvELn…
Image
I have a script running to grab geolocation information and will tweet when it finishes.

Those working at big companies with access to certain commercial tools can do this more quickly than I can.
Because the original host took the file down, you can now find it here:

This is a 368 MB .zip file which uncompresses to a single 1.94 GB flat file.

SHA256: 3dcc258331d9139a654402d20b756b57ca17228aa9e2f80a4b6451b96c8eac70tan-medieval-hornet-252.mypinata.cloud/ipfs/QmVwiYsr4…
The hacker group claiming responsibility for this action has released new information on their Telegram channel. Image
Here is the list of Administrators.

defuse.ca/b/ely6s7iwqpLF…
BREAKING: SiegedSec claims to have officially disbanded.

#HeritageFoundation
Image
Image
Updated download link
@CloudsEdgeArt1 I am the first person covering this.
@loudmog cloudflare-ipfs.com/ipfs/QmVwiYsr4…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jackie Singh (Inactive)

Jackie Singh (Inactive) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackingButLegal

Jackie Singh (Inactive) Profile picture
Nov 20
🚨 THREAD: NEW preprint paper by Cornell University researchers found that @elonmusk's @Grokipedia cited the white nationalist site VDare 107 times, the neo-Nazi site Stormfront 42 times, and the conspiracy site Infowars 34 times. 👀👇 1/🧵

#AdversarialML #AIethics Image
2/ Their analysis of over 880K articles revealed 12,522 citations to sources deemed low-credibility by academic research (3x higher than Wikipedia). They found ~5.5% of Grokipedia articles have citations to sources strictly blacklisted by the Wiki community for unreliability. Image
3/ Unlike Wikipedia's volunteer-based system, Grokipedia centralizes control through Elon Musk’s xAI.

Researchers identified 1,050 instances where Grokipedia cited AI conversations with the Grok chatbot as authoritative sources. Image
Read 7 tweets
Jackie Singh (Inactive) Profile picture
Nov 20
There are so many wild details in here, holy shit.
Legacy reporters ignored while the new MAGA-friendly press corps boasts of a direct hotline to officials. Access is now a reward for loyalty. The govt has created an information asymmetry where approved narratives get speed and access; critical inquiry gets the silent treatment.
New press badges have been issued to outlets linked to conspiracy theories and defamation. The official record of US military action is now curated by outlets prioritizing partisan activism over objective fact-finding. Conspiracy theories are entering the official briefing room.
Read 8 tweets
Jackie Singh (Inactive) Profile picture
Nov 16
We keep talking about "Russian hybrid warfare" but what we are facing is a deliberate pincer designed to break states without ever declaring war.​ Four blades close simultaneously: institutional capture, disinformation & psyops, legal attacks, and physical acts of sabotage.​ 1/🧵
2/ First axis: institutional capture.​

Moscow cultivates political parties, media outlets, churches, business lobbies, and "cultural" fronts that gradually bend key nodes of our own systems toward Russian interests while retaining plausible deniability.
3/ This capture often runs through oligarch money, energy dependence, and elite networks rather than open ideology.​ Intelligence-linked orgs, "patriotic" NGOs, and Orthodox-aligned initiatives provide cover for recruitment, financing, and narrative shaping inside target states.
Read 17 tweets
Jackie Singh (Inactive) Profile picture
Nov 11
Alaska Airlines Flight 1282 revealed a deeper problem: Boeing couldn't identify who reinstalled the door plug that blew off mid-flight. The NTSB found no names, no records, no footage.

Similar gaps echo across other airlines and incidents. 🧵
The 737 MAX-9 lost its door plug minutes after takeoff. Nine passengers sustained minor injuries. Boeing admitted it had no record of who performed the door work. 25 unidentified personnel, overwritten video, missing oversight.
Heathrow, March 2023: a 777 returned for emergency inspection after an engine oil system anomaly; no casualties. Logs lacked technician IDs. Surveillance footage for the repair period was "lost" due to a storage error, preventing verification of who handled the engine system.
Read 13 tweets
Jackie Singh (Inactive) Profile picture
Nov 7
THREAD: The Trump admin is systematically defying federal court orders at an unprecedented rate. Of 165 cases where judges ruled against Trump, approximately 57 cases (35%) involved the administration defying, ignoring, or circumventing judicial orders.

1/🧵 Unroll at the end👇
VENEZUELAN DEPORTATIONS: Judge Boasberg found probable cause of criminal contempt in April when Trump deported alleged Tren de Aragua gang members w/o due process despite a restraining order. The admin hastily sent them to CECOT prison before they could contest removals in court.
ICE DETENTION: Trump repeatedly violated court orders requiring due process hearings for detained immigrants. Judge William H. Orrick issued directives that the admin circumvented thru procedural delays and maneuvers-denying detained people their constitutional right to hearings.
Read 23 tweets
Jackie Singh (Inactive) Profile picture
Oct 31
Let's talk about the government shutdown happening RIGHT NOW and who's REALLY shutting it down.

The GOP says Democrats are blocking it.

But here's what's actually happening... 🧵
FACT: Republicans control the House AND the Senate. They have the power to pass a budget. So if they truly don't need Democrats, they can pass one.

They're not. Why?

Because they've ENGINEERED this shutdown to accomplish things they couldn't do in normal times.
Here's the math: The Senate needs 60 votes to pass a bill. Republicans have 51. They need 9 Dem votes. Instead of negotiating, Trump told Republicans: "Don't even bother dealing with them." He REFUSES to compromise.

That's not Dems blocking, that's Repubs choosing confrontation.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(