Jump to content
Sign in to follow this  
HipKat

Parlor hack reveals all identifying info of all users

Recommended Posts

 

From r/Parlerwatch

Here is a description of what went down according to someone with far greater technical knowledge than me:

"so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account.

Well, because of that access, it gave them access to the behind the login box API that is used to deliver content -- ALL CONTENT (parleys, video, images, user profiles, user information, etc) --. But what it also did was revealed which USERS had "Administration" rights, "Moderation" rights.

Well, then what happened, those user accounts that had Administration rights to the entire platform... The hackers, internet warriors, call it what you will, was able to use the forgot password link to change the password. Why? Because Twilio was no longer authenticating emails. This meant, they'd get directly to the reset password screen of that Administration user.

This group of Internet Warriors then used that account, to create a handful of other ADMINISTRATION accounts, and then created a script that ended up creating MILLIONS of fake administration accounts.

Now that they had a way of creating admin accounts without interruption, they created a Docker Image (basically a virtual machine) called a Warrior, that anyone could download, and when fired up, would immediately start collecting data off of Parlre, in a coordinated fashion.

Consider it like SETI (Search for Extra-Terrestrial Intelligence) that people used to load up as screen savers when their computers were not being used. Same concept, crowdsourcing.

All of this data, the videos, the images, the posts, the metadata (including the GEO location of all images and videos, and the connections to the accounts that posted it, has been (since midnight) being uploaded to various cloud drives and storage arrays for the purposes of Archiving this information, for later retrieval by law enforcement, by the public, by Open Source Intelligence communities.

And the kicker.. is this: all of this information was thought to be secure and private by individuals who were making the posts. A significant number of those individuals went through the process of being a "Verified Citizen" on Parler. What does that mean?

It means they uploaded a picture of the front and back of their REAL State Driver's License........ Let that sink in for a second.

I am positive the FBI has been actively soaking in this information along with the Internet Warriors, but this is how they are going to officially track down.

And it's how the FBI, DHS, and FAA have been able to immediately and exhaustively create no-fly lists. Every verified attendee of the Capitol riot where they can find a real name has been placed on No-Fly Lists.

It might seem like a small geeky glitch or hack.. but in the age of Information warfare... this is the silver bullet for the people who used Parler as a place to organize their efforts.

Also, a lot of posts were deleted by Parler members after the riots on the 6th. Turned out... Parler didn't actually delete anything.. just set a bit as deleted.

Guess what has access to all "deleted" content?

Administrator accounts."

 

 

  • Thanks 1

“There he goes. One of God's own prototypes.

A high-powered mutant of some kind, never even considered for mass production.

Too weird to live, and too rare to die.”

 

Twitter: @HKTheResistance

 

HipKat, on *** other h***, is genuine, unapoli***tically nasty, and w**** his hea** on his ******. jc856

I’ll just forward them to Bridgett. comssvet11

Seek help. soflabillsfan

Share this post


Link to post
Share on other sites

 


“There he goes. One of God's own prototypes.

A high-powered mutant of some kind, never even considered for mass production.

Too weird to live, and too rare to die.”

 

Twitter: @HKTheResistance

 

HipKat, on *** other h***, is genuine, unapoli***tically nasty, and w**** his hea** on his ******. jc856

I’ll just forward them to Bridgett. comssvet11

Seek help. soflabillsfan

Share this post


Link to post
Share on other sites

Sure hope none of the Trumpsters here are on Parler

 

70TB of Parler users’ messages, videos, and posts leaked by security researchers

 

Parler, a social network used to plan the storming of the U.S. Capitol last week, has been hit by a massive data scrape. Security researchers collected swaths of user data before the network went dark Monday morning after Amazon, Google, and Apple booted the platform. 

The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken. 

 

“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors. 

Security researchers claim that the scrapped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license. 

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

 

Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence. 

Parler, which claims to have over 10 million users, has lax rules over content, making the platform very attractive to far-right groups. Google and Apple removed Parler’s smartphone app from their app stores, claiming that the platform allowed posting that seeks to “incite ongoing violence in the U.S..” Amazon took similar measures, removing Parler from its hosting service.

Reddit users claim that the scrape was made possible due Twilio, an American cloud communications platform that provided the platform with phone number verification services, cutting ties with Parler.

 

n a press release announcing the decision, Twilio revealed which services Parler was using. This information allowed hackers to deduct that it was possible to create users and verified accounts without actual verification.

With this type of access, newly minted users were able to get behind the login box API used for content delivery. That allowed them to see which users had moderator rights and this in turn allowed them to reset passwords of existing users with simple “forgot password” function. Since Twilio no longer authenticated emails, hackers were able to access admin accounts with ease.

A question of ethics

Even though the stated purpose of the data scrape is to keep proof of wrongdoing, a question remains: do the ends justify the means?

On the one hand, some of the people whose data got scraped actively planned acts of violence. On the other, some people joined Parler only out of curiosity or professional obligation, such as journalists. However, the data scrape was universal, without hackers paying attention to the real intentions of account holders.

“From what I‘m reading, these weren‘t hacking in a sense we think about state-sponsored hacking, involving phishing or active deception, or anything like that. There was a glaring gap in the security of the platform, and @don_enby and a few others noticed it and used it,” Ali Alkhatib, data ethicist and a research fellow at the Center for Applied Data Ethics, explained to CyberNews.

Since @don_enby did not carry out the data scrape secretively, there’s little to worry about from an ethics perspective. However, Alkhatib agrees that if the data scrape was targeted towards minority groups, there’d be a lot more to worry about.

“To me, this is a little more like the Ashley Madison debacle, but for white supremacists,” he explained.

Afraid your online presence was compromised? Check if your data has been leaked.

 

 

 

 


“There he goes. One of God's own prototypes.

A high-powered mutant of some kind, never even considered for mass production.

Too weird to live, and too rare to die.”

 

Twitter: @HKTheResistance

 

HipKat, on *** other h***, is genuine, unapoli***tically nasty, and w**** his hea** on his ******. jc856

I’ll just forward them to Bridgett. comssvet11

Seek help. soflabillsfan

Share this post


Link to post
Share on other sites
1 minute ago, jayhall93 said:

Maybe Parler was a Trojan horse / it’s dead now. Big Tech is King.

Anyone that thought it was a good idea to join a Cambridge-Analytica linked site deserve the end game of having their personal info stolen. Unless they think it;s a GOOD idea to scan your driver's license and post it on a social media site host by a former CIA agent....

  • Thanks 1

“There he goes. One of God's own prototypes.

A high-powered mutant of some kind, never even considered for mass production.

Too weird to live, and too rare to die.”

 

Twitter: @HKTheResistance

 

HipKat, on *** other h***, is genuine, unapoli***tically nasty, and w**** his hea** on his ******. jc856

I’ll just forward them to Bridgett. comssvet11

Seek help. soflabillsfan

Share this post


Link to post
Share on other sites
17 minutes ago, Angry Byrds said:

He loves himself some government. 

When it comes to doxxing nazis, sure do.

I bet the citizens in 1930s and 40s Germany did more to fight back against the fascists huh?

  • Barf 1

81Yi-LuxR2L._SY355_.jpg

Share this post


Link to post
Share on other sites
1 minute ago, f8ta1ity54 said:

When it comes to doxxing nazis, sure do.

I bet the citizens in 1930s and 40s Germany did more to fight back against the fascists huh?

Freedom of speech means freedom of speech. As long as nobody gets hurt, then I don’t care who is in the parade.

  • Thanks 1

 

 

Share this post


Link to post
Share on other sites
12 minutes ago, Angry Byrds said:

Freedom of speech means freedom of speech. As long as nobody gets hurt, then I don’t care who is in the parade.

Not the libs.  Fuck them.

Share this post


Link to post
Share on other sites
26 minutes ago, Angry Byrds said:

Freedom of speech means freedom of speech. As long as nobody gets hurt, then I don’t care who is in the parade.

Have all the freedom of speech you want...but you don't have the right to a platform, and you don't have the right to no consequences.


81Yi-LuxR2L._SY355_.jpg

Share this post


Link to post
Share on other sites
14 minutes ago, f8ta1ity54 said:

Have all the freedom of speech you want...but you don't have the right to a platform, and you don't have the right to no consequences.

There problem is that you're for only free speech with which you agree. 

But the whole Doxing thing is ridiculous.  If someone says something disgusting on line - in a perfect world they should be forced to say that to someone in person.   Most wouldn't.   That could be fear or simply when confronted with a human being, you don't want to ruin their day with your callousness. 

BTW, did these people think any of their data was secure?  I make no assumptions.   Would I like all of my posts read out loud in a staff meeting?  No, the brilliance would intimidate my colleagues. 

But none of my posts would get a knock on my door from the authorities.  

  • Like 1

Share this post


Link to post
Share on other sites
17 minutes ago, FanBack said:

There problem is that you're for only free speech with which you agree. 

But the whole Doxing thing is ridiculous.  If someone says something disgusting on line - in a perfect world they should be forced to say that to someone in person.   Most wouldn't.   That could be fear or simply when confronted with a human being, you don't want to ruin their day with your callousness. 

BTW, did these people think any of their data was secure?  I make no assumptions.   Would I like all of my posts read out loud in a staff meeting?  No, the brilliance would intimidate my colleagues. 

But none of my posts would get a knock on my door from the authorities.  

I'm against hate speech and speech related to CP. It has nothing to do with what I agree with or not. Thats just a strawman.

I dont feel bad for nazis getting doxxed. They should be shamed for their beliefs. If you find yourself defending the nazis, maybe you should reconsider which side you're on.

  • Barf 2

81Yi-LuxR2L._SY355_.jpg

Share this post


Link to post
Share on other sites
11 hours ago, HipKat said:

From r/Parlerwatch

Here is a description of what went down according to someone with far greater technical knowledge than me:

"so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account.

Well, because of that access, it gave them access to the behind the login box API that is used to deliver content -- ALL CONTENT (parleys, video, images, user profiles, user information, etc) --. But what it also did was revealed which USERS had "Administration" rights, "Moderation" rights.

Well, then what happened, those user accounts that had Administration rights to the entire platform... The hackers, internet warriors, call it what you will, was able to use the forgot password link to change the password. Why? Because Twilio was no longer authenticating emails. This meant, they'd get directly to the reset password screen of that Administration user.

This group of Internet Warriors then used that account, to create a handful of other ADMINISTRATION accounts, and then created a script that ended up creating MILLIONS of fake administration accounts.

Now that they had a way of creating admin accounts without interruption, they created a Docker Image (basically a virtual machine) called a Warrior, that anyone could download, and when fired up, would immediately start collecting data off of Parlre, in a coordinated fashion.

Consider it like SETI (Search for Extra-Terrestrial Intelligence) that people used to load up as screen savers when their computers were not being used. Same concept, crowdsourcing.

All of this data, the videos, the images, the posts, the metadata (including the GEO location of all images and videos, and the connections to the accounts that posted it, has been (since midnight) being uploaded to various cloud drives and storage arrays for the purposes of Archiving this information, for later retrieval by law enforcement, by the public, by Open Source Intelligence communities.

And the kicker.. is this: all of this information was thought to be secure and private by individuals who were making the posts. A significant number of those individuals went through the process of being a "Verified Citizen" on Parler. What does that mean?

It means they uploaded a picture of the front and back of their REAL State Driver's License........ Let that sink in for a second.

I am positive the FBI has been actively soaking in this information along with the Internet Warriors, but this is how they are going to officially track down.

And it's how the FBI, DHS, and FAA have been able to immediately and exhaustively create no-fly lists. Every verified attendee of the Capitol riot where they can find a real name has been placed on No-Fly Lists.

It might seem like a small geeky glitch or hack.. but in the age of Information warfare... this is the silver bullet for the people who used Parler as a place to organize their efforts.

Also, a lot of posts were deleted by Parler members after the riots on the 6th. Turned out... Parler didn't actually delete anything.. just set a bit as deleted.

Guess what has access to all "deleted" content?

Administrator accounts."

Try spelling Parler correctly.

Share this post


Link to post
Share on other sites
53 minutes ago, f8ta1ity54 said:

Have all the freedom of speech you want...but you don't have the right to a platform, and you don't have the right to no consequences.

Say what?  LOL.  Is f8 about to hand down some punishments?????  :classic_laugh:

Share this post


Link to post
Share on other sites
12 minutes ago, f8ta1ity54 said:

I'm against hate speech and speech related to CP. It has nothing to do with what I agree with or not. Thats just a strawman.

I dont feel bad for nazis getting doxxed. They should be shamed for their beliefs. If you find yourself defending the nazis, maybe you should reconsider which side you're on.

All too often you confuse facts with OPINIONS.  Dumbass.

Share this post


Link to post
Share on other sites
14 minutes ago, Thebowflexbody said:

All too often you confuse facts with OPINIONS.  Dumbass.

Which part is just an opinion?


81Yi-LuxR2L._SY355_.jpg

Share this post


Link to post
Share on other sites
1 hour ago, Angry Byrds said:

Freedom of speech means freedom of speech. As long as nobody gets hurt, then I don’t care who is in the parade.

Well that sounds really cute and I'm sure that your fellow Republicans will pet you on the back for saying that but freedom of speech doesn't apply to privately owned enterprises.


“There he goes. One of God's own prototypes.

A high-powered mutant of some kind, never even considered for mass production.

Too weird to live, and too rare to die.”

 

Twitter: @HKTheResistance

 

HipKat, on *** other h***, is genuine, unapoli***tically nasty, and w**** his hea** on his ******. jc856

I’ll just forward them to Bridgett. comssvet11

Seek help. soflabillsfan

Share this post


Link to post
Share on other sites
20 minutes ago, Thebowflexbody said:

Try spelling Parler correctly.

Maybe they should start spelling it correctly


“There he goes. One of God's own prototypes.

A high-powered mutant of some kind, never even considered for mass production.

Too weird to live, and too rare to die.”

 

Twitter: @HKTheResistance

 

HipKat, on *** other h***, is genuine, unapoli***tically nasty, and w**** his hea** on his ******. jc856

I’ll just forward them to Bridgett. comssvet11

Seek help. soflabillsfan

Share this post


Link to post
Share on other sites
17 minutes ago, Thebowflexbody said:

All too often you confuse facts with OPINIONS.  Dumbass.

Bingo.

'That's hate speech.   Waaaah!!  You should be doxed.!!'

Who decides hate speech?  Why f8rltality does; to me he is hateful. 

  • Like 1

Share this post


Link to post
Share on other sites
4 minutes ago, HipKat said:

Well that sounds really cute and I'm sure that your fellow Republicans will pet you on the back for saying that but freedom of speech doesn't apply to privately owned enterprises.

I understand that dippy, but I was referring to what Lit said about censorship, and I have a problem with any kind of censorship. You should understand that being that you listen to metal. I agree that they should be able to deny service to who ever they want. Doesn’t mean I have to like it.


 

 

Share this post


Link to post
Share on other sites
8 minutes ago, FanBack said:

Bingo.

'That's hate speech.   Waaaah!!  You should be doxed.!!'

Who decides hate speech?  Why f8rltality does; to me he is hateful. 

f8 is not happy with the hand that life has dealt him.  He wants changes that elevate him and bring others down to his level.  His full support for kooky Bernie Sanders pretty much indicates he's a socialist.  He has obvious agendas he won't own up to.  Fuck him.  And I mean that in the nicest way.  LOL  :classic_laugh:

Share this post


Link to post
Share on other sites
13 minutes ago, HipKat said:

Well that sounds really cute and I'm sure that your fellow Republicans will pet you on the back for saying that but freedom of speech doesn't apply to privately owned enterprises.

But Your Lib friends will be so happy to see that you are in full agreement with bigger government, and censorship. Congratulations you are full fledged badge wearing Democrat.

  • Like 1

 

 

Share this post


Link to post
Share on other sites
11 minutes ago, FanBack said:

Bingo.

'That's hate speech.   Waaaah!!  You should be doxed.!!'

Who decides hate speech?  Why f8rltality does; to me he is hateful. 

So when neo nazis call for exterminating all jews and lynching black people, thats okay with you? That ideology is a call to violence. Therefore it should not be protected.


81Yi-LuxR2L._SY355_.jpg

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...