Twitter Thread: "Freedom Convoy" and the GiveSendGo hacks

Posted February 15, 2022 in twitter-threads

Background: This is an archived Twitter thread. For more information, read: Elon banned me from Twitter for doing journalism. Good riddance.

Original URL of Twitter thread: https://twitter.com/micahflee/status/1493654096078721027


Donation site used by Freedom Convoy suffers 3rd data leak in two weeks. The new hack includes "a full 2.5 GB MySQL database dump, source code for their Bitbucket repo, information from their customer service systems” and limited credit card data https://www.dailydot.com/debug/givesendgo-trucker-convoy-hack-leak/

Posted 10:31 AM · Feb 15, 2022, 203 Retweets, 470 Likes


I'm starting to look at the latest GiveSendGo leak. The MySQL dump, called gsg_prod_v4_20220211.sql, appears to be a complete dump of their production database. It includes the entire donor history of everyone who's donated to any campaign before February 11, last Friday

Posted 2:46 PM · Feb 15, 2022, 68 Retweets, 204 Likes


The tbl_users table has 170,944 rows -- this is probably everyone who has made an account on GiveSendGo... and everyone's passwords are hashed with md5, though at least they're salted

Posted 2:48 PM · Feb 15, 2022, 20 Retweets, 126 Likes


Here are the campaigns that brought in the most money.

  • #1: Freedom Convoy 2022
  • #2: Abbichuu Gypsum Board Company (???)
  • #3: Adopt a trucker (another Freedom Convoy one)
  • #4: Voter Integrity Project
  • #5: Kyle Rittenhouse Legal Defense

Posted 2:58 PM · Feb 15, 2022, 59 Retweets, 152 Likes


Here are the campaigns that have attracted most individual donors:

  • #1: Freedom Convoy 2022
  • #2: Kyle Rittenhouse Legal Defense
  • #3: Support COVID19 Federal Whistleblower Jodi Omalley
  • #4: Facebook Whistleblower Support Fund Morgan Kahmann
  • #5: Pfizer Whistleblower Melissa

Posted 3:01 PM · Feb 15, 2022, 43 Retweets, 129 Likes


This leak also contains about 3GB of images of identification docs, about 1,400 of them, I believe from people who run campaigns. Here's a random sampling

Posted 3:27 PM · Feb 15, 2022, 49 Retweets, 154 Likes


There's also a TON of Stripe data. Like, type of CC, last 4 digits, billing address, etc. This is from an interesting summary.txt from Stripe, specifically for the Freedom Convoy 2020 campaign

Posted 3:34 PM · Feb 15, 2022, 28 Retweets, 114 Likes


Oh and those unredacted (I did the redaction above) photos of gov issued IDs? The hacker included the script they used to download them all using curl, over Tor, without any authentication.

When @MikaelThalen told GiveSendGo about this issue they called it "fake news"

Posted 3:51 PM · Feb 15, 2022, 36 Retweets, 181 Likes


The death threats have started and I haven't even published my article yet

Posted 3:32 PM · Feb 16, 2022, 7 Retweets, 56 Likes


Because the GiveSendGo dataset is full of private info it isn't available to the public. DDoSecrets is only distributing it to journalists and researchers. If you'd like to request access, email [email protected]

Posted 3:45 PM · Feb 16, 2022, 6 Retweets, 44 Likes


Just published my first article based on the GiveSendGo dataset: Oath Keepers, anti-democracy activists, and others on the far right are funding Canada’s “Freedom Convoy” https://theintercept.com/2022/02/17/freedom-convoy-givesendgo-canada-oath-keepers-funding/

Posted 10:33 AM · Feb 17, 2022, 28 Retweets, 62 Likes