Who is Parler hacker @donk_enby? Deleted posts provide 'very incriminating' evidence against US Capitol riots
Right-wing social network platform, Parler, was taken offline in the early hours of Monday, January 12, at around 5 am EST, but not before a hacker found a way to retrieve all data posted by users including messages, images, videos and users’ location data shared during last week’s attack on the Capitol Hill building in Washington, DC.
The data taken from Parler is still being processed but President Donald Trump's followers are already voicing their concerns about what the data dump could reveal about them and their activity in Washington, DC last week. The app has already disappeared from the Apple and Google app stores after they cut ties with the right-wing platform.
In a series of tweets posted by a self-described hacker from Austria, @donk_enby claimed to have gained access to all of the "unprocessed, raw" video files uploaded to Parler "with all associated metadata". The hacker even included a link to the file library in order to prove that the data leak was real.
In a series of tweets, she wrote, "I am now crawling URLs of all videos uploaded to Parler. Sequentially from latest to oldest. VIDXXX.txt files coming up, 50k chunks, there will be 1.1M URLs total: https://donk.sh/06d639b2-0252-4b1e-883b-f275eff7e792/… This may include things from deleted/private posts."
She further said, "These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata," and "if you have the storage space for this, this is currently the best way to help out." She further continued: "I'd estimate the total size for this would be ~80TB, 4TB per chunk. It's S3/CloudFront so as much bandwidth as you can throw at it," and "The crawl is now complete. 1098552 video URLs."
@donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot — what she called a bevy of “very incriminating” evidence. According to the Atlantic Council’s Digital Forensic Research Lab, among other sources, Parler is one of several apps used by the rebellions to coordinate their breach of the Capitol, in a plan to overturn the 2020 election results and keep Donald Trump in power.
She began the work of archiving all of Parler’s posts, ultimately capturing around 99 percent of its content. @donk_enby later shared a screenshot showing the GPS position of a particular video, with coordinates in latitude and longitude.
@donk_enby describes herself as “someone with a creative, but skeptical attitude toward technology,” to paraphrase a definition offered by the Chaos Computer Club, Europe’s largest hacker association. “I want this to be a big middle finger to those who say hacking shouldn’t be political,” she said.
@donk_enby's work has aided other researchers, including one at New York University’s Center for Cybersecurity. Her work is documented on the website ArchiveTeam.org, according to which, the data will eventually be hosted by the Internet Archive.org.
@donk_enby told Gizmodo that she began investigating the social networking website after the company issued denials about an email leak found by the hacktivist Kirtaner, who has been credited with founding the hacker group Anonymous. @donk_enby said she was able to individually locate the same material herself at the time.
Kirtaner, who created 420chan aka Aubrey Cottle, reported getting 6.3 GB of Parler user data from an unsecured AWS server in November 2020. The leak reportedly contained passwords, photos and email addresses from several other companies as well.
Parler CEO and iOS developer John Matze had stated that it would take the company a week to get back up and running with a new provider after Amazon’s decision. But in his final post on Parler, before it went dark, the CEO was much less optimistic about coming back online.
A user on Reddit said, "When I first heard of Parler I assumed it was some encrypted anonymous board where everyone would use pseudo names. Instead, I think they were afraid to get infiltrated, so they wanted to authenticate everyone and then display their full names and job titles. And then chose to be hosted on AWS... I thought they were against surveillance and being tracked and all that?? And then they commit terrorism with no masks on during a time where there is a perfectly legal and valid reason to wear one. They even live stream themselves with their full names attached. I guess idiots are easier to brainwash..."
One shared a series of screenshots and said, "Remember how people were dunking on Parler for being built on WordPress? Well, through a plug-in exploit, literally all the user data (including photos of verified state id cards) has been retrieved by hackers and is being posted online. Lmao."
Another explained, "Here's an *actual* explanation of the Parler 'hack'. They didn't break into the site to mirror their data; it was Archive Team (heroes of the world wide web) using a poorly designed public API to enumerate and pull down everything on the website."
Remember how people were dunking on Parler for being built on WordPress? Well, through a plug-in exploit, literally all the user data (including photos of verified state id cards) has been retrieved by hackers and is being posted online. Lmao ♾️https://t.co/w1yexoUOxq pic.twitter.com/h2Mf7Fn1Sc
— Classic Bird Respecter (@BirdRespecter) January 11, 2021
Here's an *actual* explanation of the Parler "hack." They didn't break into the site to mirror their data; it was Archive Team (heroes of the world wide web) using a poorly designed public API to enumerate and pull down everything on the website. pic.twitter.com/OqHQa8cjUF
— site specific carnivorous occurrence (@atomicthumbs) January 11, 2021
Another tweeted: "Today it feels we’ve finally finished Black Mirror season and now we have a quick break for an episode of Mr. Robot #parlerhack." ith #ParlerHacked, one said, "Did you hear about the #Parler hack? It was so big, the data is being measured in Terrorbytes. #ParlerHacked."
Today it feels we’ve finally finished Black Mirror season and now we have a quick break for an episode of Mr. Robot #parlerhack
— Kacper Kula (@kulak_at) January 11, 2021
Did you hear about the #Parler hack? It was so big, the data is being measured in Terrorbytes. #ParlerHacked pic.twitter.com/XymCPAXeix
— Neo Phyte (@WestCoastForevs) January 11, 2021