Yesterday a mysterious poster offered the Kiwi Farms database for sale, “hypothetically”. In fact emails inviting bids in bitcoin have been circulating for some time, with the author suggesting they are willing to conduct the final transaction on one of the Darknet marketplaces. These are “reputable” markets for criminal goods, similar to the infamous ‘Silk Road’ where a third party holds funds in escrow until the vendor has proven they carried out a contract. Is it the real deal, however, or a hoax?
Who has a copy of the Kiwi Farms database? During the site’s recent closure, Joshua Conner Moon (Null) emailed me on 21/01/2017 to tell me this, “I don’t have a copy of the database but anonymous regents do. I don’t know any of them beyond their screen names. After you sabotaged a few server solutions I had set up, I created a living archive with a few people I called my regents.”
For Kiwi Farmers worried about the database, if you believe Null, he has put the database (including your futures) in the hands of anonymous strangers. Of course as Kiwi Farmers in good standing they are doubtless totally trustworthy. If we believe Null, even he cannot trace these people. So what happens if a ‘regent’ sells the database on /Baphomet/ or Hansa market? Answer – they get the money.
Of course some do not believe that the ‘regents’ exist or ever existed. Even so, in January there was a bona fide hack of a key Kiwi Farms server, as even Moon admitted. The only question is how deeply their systems were penetrated.
Moon admits that a hacker obtained the root password to the lolcow.email MySQL database and a minor account used to send forum emails, however he claims the TCP port configuration he had in place prevented the password being used. Whilst this may sound reassuring to the ignorant, Joshua Conner Moon is a man who did not even finish high school.
As well as his lack of formal qualifications, Null has suffered from severe public criticism by former clients such as 8chan, where he infamously failed to upgrade their software to the satisfaction of the owner or the user base. Can members really rely on a man noted for his technical failures? They are betting their careers and perhaps their lives on the answer.
Can we know if the current auction is a hoax? Are Kiwi Farmers’ reputations and safety truly being held to ransom by a satanic terrorist group? There is no way to tell, other than perhaps asking the vendor for a sample or bidding for the database. However, it does establish two important things. Firstly, Kiwi Farms is potentially an incredibly lucrative target for hackers. Secondly, the site is deeply insecure with multiple individuals having access to the database.
Despite his tough talk, Joshua Conner Moon (Ichverbot) recently took down his Facebook account as did other members of his family. His life continues to collapse as he clings to the comforting lie that things will settle down. This cannot happen – from pure mathematics as Kiwi Farms grows the problems Moon faces will increase as will the odds of a successful penetration. The only thing that will help Moon now is permanently closing the site.
Even if the current auction is a hoax, Kiwi Farms is an incredibly tempting and vulnerable target. For treacherous staff, selling the database offers money. For hackers also there is the opportunity to turn a profit by selling the database to victims or to blackmailers. For those motivated by ‘lulz’ and status, selling an archive of Moon’s emails and Kiwi Farms members is a passport to all the internet fame they could want.
Kiwi Farmers are not safe.