Category Archives: Human Rights

Solicitors Regulatory Authority – “Gathering Information” Over Alleged Gerald Shamash Letter to @Women4Wes

Posted on by
Reply

As a Conservative law blogger, I read left-wing Labour blog the Skwawkbox surprisingly often, usually in an attempt to convince Labour-backing family members that Keir Starmer is a bad man and they should consider that, “other” party. Earlier today, I happened to notice a story about a Twitter account called @Women4Wes and a letter the operator had allegedly received from solicitor Gerald Shamash from Edwards Duthie Shamash. The letter was so plainly deficient that I reported it to the SRA, since if he really wrote it, I felt it should be investigated as a conduct issue. The SRA have now confirmed they are gathering further information. At the same time, Edwards Duthie Shamash (EDS) have contacted me saying that the letter is a forgery, which I find to be a plausible explanation. Either way, someone is in trouble.

A letter allegedly from Gerald Shamash, solicitor, to a Twitter user. The letter opens by purporting to be an order.

A letter allegedly from Gerald Shamash, solicitor, to a Twitter user. The letter opens by purporting to be an order. Mr Shamash’s law firm, EDS, say it is forged and he did not write it.

This is a really bad solicitors letter. So bad, I was not certain that a real solicitor wrote it. The letter does not clearly identify a head of claim, although it refers to harassment and content which, “infringes” on their client’s character. It does not refer to a statute or to my mind comply with adequate clarity with the Practice Direction on Pre-action Conduct or any pre-action protocol. For example, I am not clear how a site called, @Women4Wes can be said to be pretending to be Wes Streeting. If I was writing this letter for myself or someone I was charitably assisting as a McKenzie Friend, I would comply fully with the Pre-action Protocol for Media and Communications claims. There would probably be a schedule of harassing tweets and also defamatory tweets.

However, the real flaw is in the opening five words, “This CEASE AND DESIST ORDER […]. I’m a gonna lay it out there. This letter is not a court order. Solicitors generally do not and cannot make, “cease and desist” orders. Judges do. Anyone with a reasonable familiarity with the legal system should know this and critically, a solicitor ought to know this is not appropriate. A legally ignorant, poorly educated, recipient might well confuse this with a court order such as a restraining order. It is on headed notepaper, apparently from a real firm of solicitors. It looks, “official”.

That is not to endorse the @Women4Wes account, which has to my mind made some very unwise posts. I did see, within moments of reading it, what I thought was an actionable post (albeit, not actionable by Mr Streeting). That is no excuse for this letter. If I was an aggrieved politician and I paid a solicitor to write a letter and they sent me this as a draft I would terminate the instruction on the spot citing a loss of confidence in their competence and then I would demand a full refund of the retainer.

I put the allegation to Gerald Shamash of Edwards Duthie Shamash and to his senior partner, Shaun Murphy, asking if they really wrote this letter. I received a letter from an associate denying it. I also put the allegation to the SRA press office. Taking my points, they confirm that they are looking into the matter. An SRA spokesperson said: “Now we aware of this, we will gather all relevant information before deciding on any next steps.”

Share Button

With Spectacular Incompetence, Brand New Tube Republishes Customer Identity Documents

Posted on by
8

You literally could not make it up. Last month the troubled video sharing site BrandNewTube.com (BNT) was hacked. As a result of the hack it emerged that Brand New tube had been retaining customer identity documents such as driving licenses since 2020 and publishing them online with no security or password needed to view them. The documents were finally taken down by BNT earlier this week. Today, I have been tipped off that with Baldrick like incompetence, BNT have republished them. I was tipped off three times, once by a fellow blogger, once by a whistleblower, and finally by a lengthy and profane post on the hackers’ web-forum, which is open for the world to see. Regardless, it is true. They have actually done it. Brand New Tube, under its CEO Muhammad Butt, has republished the user driving licenses. The hackers have used a third party page freezing / escrow service archive.ph to freeze a record of the URLs. It is incontrovertible. I think the Information Commissioner needs to terminate their business.

A profane but informative out post on the hackers' forum. Offensive portions and some links redacted by MHN.

A profane but informative post on the hackers’ forum. Offensive portions and some links redacted by MHN.

In his bizarre official statement today, Muhammad Butt looked far greyer than he did only two years ago.

In his bizarre official statement yesterday, Muhammad Butt, Brand New Tube CEO, looked far greyer than he did only two years ago. Picture used for the purposes of criticism of the video. Also, are those pictures in the painting behind him meant to be content creators or stolen user driving licenses?

Share Button

I Voted for Rishi Sunak

Posted on by
Reply

Today, MHN editor Sam Smith, having met both candidates, voted for Rishi Sunak in the Conservative Party leadership election. It was a decision on a narrow balance, and should not be seen as disparagement of the other side, but here are the reasons why.

MHN Editor met Rishi Sunak at an event organised by Grant Shapps MP, in the beautiful grounds of Brocket Hall in Hertfordshire. Picture shows Rishi speaking to party members.

MHN Editor met Rishi Sunak at an event organised by Grant Shapps MP, in the beautiful grounds of Brocket Hall in Hertfordshire. Picture shows Rishi speaking to party members.

Firstly, kudos to Welwyn-Hatfield MP and Secretary of State for Transport Grant Shapps. Thanks to him, local Conservative party members have had the chance to meet both candidates for leader – Liz Truss at the Christmas Party and, at a lunchtime event on Tuesday, Rishi Sunak. Sunak spoke to members in a room in beautiful Brocket Hall and afterwards spoke to members in the grounds. Kudos also to both candidates for meeting members.

The beautiful grounds of Brocket Hall in summer. Auberge-du-Lac restaurant is on the other side of the lake. Picture by MHN.

The beautiful grounds of Brocket Hall in summer. Auberge-du-Lac restaurant is on the other side of the lake. Picture by MHN.

Nonetheless, how to vote was a difficult decision because neither candidate shares my view – at least openly – on the issue most important to me. That issue is the Ukraine war and the linked cost-of-living crisis. My view is that our policy is wrong. Whilst Putin may well be a deplorable dictator, the Ukraine war and the consequent global energy, economic and cost-of-living crisis is the West’s fault.

Firstly, let us be clear. Ukrainian president Volodymyr Oleksandrovych Zelenskyy, who took power in 2019, is no heroic democrat. Forget Russian propaganda – readers need only look at what Amnesty International and the United Nations said about the Ukraine under his rule.

From the Amnesty International report on Ukraine 2021 (archive) –

Continue reading

Share Button

Cloudflare and Kiwifarms: An Ominous Cloudflare Executive?

Posted on by
4
KiwiFarmsTwitter

Kiwi Farms is run by paedophile sadist Joshua Conner Moon and exists to harass the disabled. Click for full size.

#DropKiwiFarms has been trending on Twitter for some time now. The movement seeks to shut down Kiwi Farms – an evil website that this site has been campaigning against since 2016. Members of the campaign have been pushing for support services and providers to terminate the site – in particular Cloudflare. Cloudflare has today released a response (archive) that many have interpreted as a veiled refusal – essentially saying that it is dangerous and not their job to ban websites. In this article I muse on and recap on some of the Kiwis worst hits and recount a disturbing rumour about Cloudflare that some readers might want to look into. It is alleged that a particular Cloudflare user is a Cloudflare executive.

Kiwifarms markets itself as for, “gossip and exploitation of the mentally handicapped for amusement purposes”. Users of the site would defame and manipulate persons with serious disabilities living in the community – female members would even meet them and record ‘dates’ for cruel entertainment. The most well-known victim of the site was Christian Weston Chandler (CWC or Chris-chan), a vulnerable autistic man, now known as Christine whose life became a goldfish bowl – almost a real-life Truman-show. CWC is currently on trial for alleged incest with his mother. He is innocent until proven guilty, but there is substantial evidence that Kiwi Farms users sought to persuade him to commit the act. If he is guilty, it is beyond doubt that the Kiwis bear moral responsibility and likely legal responsibility.

The campaign by Keffals has been supported by some and criticised by others. It is a source of interest to me because I have seen both sides of this argument. Suing and campaigning to silence false and defamatory speech, whilst also wanting to protect controversial speech including, for example, Milo Yiannopoulos. I do not agree with a lot of what Milo says but he did not deserve to be banned from Twitter. I have been reflecting on the moral line. What is the difference? It is this –

What would happen to me if I started a website called SamsDrugsRUs.com and sold cocaine online? I would be arrested. Any service provider that found out would ban me. I would have my door kicked in by police and spend decades in prison. There is a reason drugs markets are on the darknet. There is no country in the world where that is legal. There is no country that will enforce a contract that one party is using for illegal purposes. You can evict a tenant who is running an illegal brothel or a crack-den. You can drop a website that is engaging in copyright violations.

The line with Kiwi Farms is the blatant illegality on the site itself and the spin-offs. Marjorie Taylor Greene is not the first politician targeted in connection with the site. Kiwi Farms owner Joshua Conner Moon set up a site called 9chan where users made a forum called /leftnudes/ for stalking left-wing politicians and boasted about trying to break in to British Member of Parliament Jess Phillips’ house.

Members of sinister Kiwi Farms sister-site 9chan (also owned by Joshua Conner Moon) claim that they tried to break in to Jess Phillips' house.

Members of sinister Kiwi Farms sister-site 9chan (also owned by Joshua Conner Moon) claim that they tried to break in to Jess Phillips’ house.

Continue reading

Share Button

Brand New Tube CEO Muhammad Butt in Bizarre Statement: Time Travelling Predators Involved in Hack of Website

Posted on by
1

In a bizarre video statement today, Brand New Tube CEO Muhammad Butt tried to link the recent hack of his video sharing website BrandNewTube.com (BNT) to a disclosure made after the hack. A reminder for readers – at some point this year, no later than 14 August 2022, Brand New Tube was hacked. The hackers posted a thread online on their website that day and then defaced Brand New Tube to redirect to it. The hack was allegedly done the same way as an earlier hack of BNT in 2020, using a vulnerability that had not been fixed, involving ‘nulled’ (pirate) software installed by BNT on its servers. It later emerged that a large number of user identity documents uploaded by BNT customers had been negligently published to the world at large for the past two years on Brand New Tube’s Content Delivery Network (CDN). Bizarrely, Butt’s statement sought to link the hack to a disclosure of VIP abuse made 11 days after the hack on 25 August 2022 – meaning a predator not only with powerful friends but the ability to time travel.

In his bizarre official statement today, Muhammad Butt looked far greyer than he did only two years ago.

In his bizarre official statement today, Muhammad Butt, Brand New Tube CEO, looked far greyer than he did only two years ago. Picture used for the purposes of criticism of the video.

Earlier this week, Brand New Tube tweeted (archive) that the controversial and troubled site would be returning at 6pm today. It has not. Instead there was a bizarre statement by Muhammad Butt about, essentially, two things.

The first was an allegation that on 25 August 2022 Mr Butt received an allegation against a politician by a woman. Assuming that is true, (and it sounds disturbingly like Exaro News) that can have no bearing on the hack. The woman is said to claim she was abused by a man she feared had powerful friends. Even if true, it is unclear how the politician could find about this and then travel back in time to early August to arrange the hack of Brand New Tube. In short it is an irrelevant red herring.

The second remark was that Muhammad and Sonia had been libelled on blogs. It was also alleged that hackers had uploaded documents that Brand New Tube had never possessed. I do hope Muhammad is not denying that Brand New Tube negligently published driving licenses of customers on its CDN because the whistle-blower who contacted MHN had archives. MHN has provided those archive to the Office of the Information Commissioner. Perhaps Muhammad needs to think again.

There was no answer on the allegations of use of nulled software (pirate software illegally hacked to remove the copy protection), a sidelong allusion to passwords being compromised, and no answer to the allegation that Brand New Tube had been failing to fix security bugs it was notified of for two years – only vague allegations of death threats and blackmail – and an assertion police are involved. Of course, Sonia and Muhammad have often complained of death threats, but Sonia’s allegations have often seemed far less sinister under scrutiny. MHN challenges Sonia and Muhammad to publish the alleged threats so the public can make up their own mind.

The public are invited to remember the old saying that, “no answer is an answer”, and to never, ever, use Brand New Tube.

Share Button

Driving License / Identity Document Breach Quietly Closed by Brand New Tube but No Apology from Muhammad Butt or Answer Over Pirate Software Allegations

Posted on by
Reply

Brand New Tube has finally removed the collection of customer personal identity documents – some as old as 2020 – it had accidentally posted online. The controversial site has announced a planned return on Tuesday at 6pm. Those users unwise enough to remain members will likely be hoping there are no further security breaches. Key questions remain unanswered by the usually irrepressible Muhammad Butt.

Muhammad Butt seen giving an update from his car, about his low rent video sharing website. Whilst Mr Butt has been prominent seen 2020, he has yet to actually set out a clear answer on the 'pirate software' issue. Image used for the purposes of criticism and review of the video and Brand New Tube.

Muhammad Butt seen giving an update from his car, about his low rent video sharing website. Whilst Mr Butt has been prominent since 2020, he has yet to actually set out a clear answer on the ‘pirate software’ issue. Image used for the purposes of criticism and review of the video and Brand New Tube.

Although the site is returning, there has been no apology nor admission by Muhammad Butt as to the breach of personal documents. There has also been no response to allegations by the hackers and by users (archive) that Brand New Tube they were using ‘nulled’, that is pirate, hacked components. As well as being illegal risk, such alleged practises (if true) create a security risk to the site and its users.

Mr Butt is usually a plain spoken man. In his strange, low-rent but blunt video above from 2020, Mr Butt was happy to engage stridently with critics. So, Muhammad, why no answers? Why have you not clearly disclosed the personal identity document breach publicly? Was Brand New Tube using, ‘nulled’ scripts?

Share Button

Explosive: More Brand New Tube Revelations – List of Security Warnings Since 2020 Revealed – Driving Licenses Still Online!

Posted on by
4

Yesterday, MHN revealed information provided by a whistleblower. In a shocking development to the Brand New Tube story it has emerged that up to thousands of identity documents of Brand New Tube users, including passports, were published online without the knowledge or consent of those users (and indeed, likely without incompetent Brand New Tube’s knowledge). In a shocking update today, a different source has provided a publicly available list of reported bugs on Brand New Tube that have largely gone unfixed since 2020!

The list of errors can be found on a public bug bounty site called www.openbugbounty.org (archive).

Brand New Tube Bugs List From OpenBugBounty.org

A list of Brand New Tube vulnerabilities reported on OpenBugBounty.org. These have gone unpatched in some cases for nearly two years after being reported.

MHN texts BNT lawyer Jeffrey Smele, Partner at Simons Muirhead and Burton

MHN has now had to go so far as texting BNT lawyers on the weekend about the scale of the breach. Click for full size.

This only fuels concern as to Brand New Tube’s poor security policies. Tests today reveal that Brand New Tube are still publishing unsecured identity documents online. Nothing has changed since the MHN article yesterday.

[UPDATE 15:05 27 August 2022] In light of the breached personal identity document still being online, MHN has contacted Muhammad Butt’s and Brand New Tube’s lawyers by text, to warn them and to create evidence of their negligence.

MHN will be posting daily call-outs until the personal identity documents are removed.

Brand New Tube’s negligence is shocking.

Share Button

Explosive! All Brand New Tube User Identity Documents Available Online … and ICO is Failing

Posted on by
1

The Information Commmissioner’s Office (ICO) and Brand New Tube (https://brandnewtube.com, BNT) face questions after whistleblowing information revealed damning new information about the scale of BNT’s recent data breach. British video sharing website Brand New Tube was hacked in 2020, and again earlier this month by a different group. The hackers emailed users and posted some details online. However, based on information MHN received from a whistle-blower last night, BNT’s disclosures on the scale of its security problems and the recent hack are seriously incomplete. Right now, if you have ever uploaded an identity document to BNT for monetisation, it is likely available online. Disturbingly, it has been quite hard to get the ICO to do something about this. The poor communications and processes reflect badly on Head of Communications Tim Bowden and Chief Executive John Edwards, albeit not as badly as on Brand New Tube CEO Muhammad Butt.

A driving license of a BNT user available from BNT CDN servers this morning, anonymised by MHN.

A driving license of a BNT user available from BNT CDN servers this morning, anonymised by MHN.

Obviously, you would expect the ICO to do something about this pretty promptly. I got in touch this morning with their press office by email. I got a boilerplate message back. Now, just to explain the ICO are embarrassed because last week they wrongly told MHN in writing that Brand New Tube had not disclosed the hack. This was wrong and the ICO had to withdraw it. However, the story has moved on and they need to actually read inquiries. So I called them up and had a few words. I sent in a further inquiry. I just got another boilerplate, “We have nothing further to add to our statement”. As opposed to, for example, “thank you for this new information – we confirm it has been passed urgently to the relevant team to see what can be done and will be looked at today”.

Based on the information from the whistle-blower, Brand New Tube has failed to disclose the fact that it has never deleted user documents, and never put them, y’know, behind a password. It appears that they can all be downloaded. This morning, multiple bloggers and journalists have downloaded multiple identity documents – taking appropriate records for evidence.

The passport above was downloaded this morning. There was no hacking. I just typed in the URL to a BNT server. They have published these peoples’ documents to the world. Then I forwarded it to the ICO. I have anonymised it for this article, and before processing the data, I considered the Editor’s Code and MHN’s policies in accordance with the Data Protection Act 2018 (DPA). I consider it reasonable and in the public interest to process this document to report it to the ICO. I consider it reasonable and in the public interest to process it in anonymised form in the article in order to give a concrete example of BNT’s failure to appreciate or disclose the scale of the breach, and of their security issues. Others are doing the same. There are thousands of ID documents. Anyone who has ever monetised at BNT as far as we can tell. All available online without so much as a password prompt.

Continue reading

Share Button

Could the UK High Court Case of Smith v Baker Determine the Delaware Case of Twitter v Musk et al and the Fate of Twitter’s Vijaya Gadde?

Posted on by
2
Vijaya Gadde at a Fortune Event

Vijaya Gadde at a Fortune Brainstorm Tech event. Would she be such a popular speaker if she was properly no-platformed due to her allowing vile stalking and racism against a child rape victim as well as anti-Semitism? Picture by Photograph by Kevin Moloney/Fortune Brainstorm TECH. (NC License here).

On 4 April 2020, I published the article, “Twitter’s Del Harvey / Alison Shea and Vijaya Gadde Openly Back Child Rape Stalker and Anti-Semite Racist”. Multiple parties, including Twitter, threatened lawsuits. Twitter did not make good on their threats. Esther Baker attempted to do so. The lawsuit over the article, brought by Esther Baker in the High Court in London, was commenced in 2020 (before the Twitter purchase was proposed) and determined in my favour last week. The lawsuit has the potential to harm Twitter’s reputation. So, did Twitter know about it, and did they disclose it to Elon Musk when they formed the purchase agreement between Twitter and Musk currently being litigated in Delaware in the United States? Did Twitter notify Musk of the legal risks arising from the matters in this article – “Labour’s Secret Deal with Twitter and Facebook to Surveil its own members”? The article ended with an express threat to draw it to the attention of the relevant regulatory law enforcement body.

It is worth recapping for new readers. In 2020 I was covering a significant amount of what, in my opinion, was wrongdoing by Twitter. The Labour Party head office team had been using an in-house application that used their database of member emails, cross-referenced with privileged access to the Twitter API, to scan their members’ tweets for statements warranting disciplinary action. It is unclear if members’ consent was ever clearly sought for this by either the Labour Party or Twitter, or whether they were told about it. It is likely that would have been a legal requirement for processing to be compliant with the General Data Protection Regulation (GDPR).

The second issue was Twitter’s inconsistent handling of complaints of breaches of its rules. Esther Baker, had, at the time, been made subject to two restraining orders by UK courts. One was for libel and the other was for, in the words of His Honour Judge Gargan, “particularly malevolent” and “racist” stalking. One of her supporters, Alan Goodwin, had made plainly anti-Semitic posts including gratuitous, utterly baseless, speculation that a senior British government minister had conspired with Mossad to cover up child abuse. The actions of Esther Baker (@Esther9982) and her supporter Alan Goodwin (@Ciabaudo), followed by Twitter lawyer Vijaya Gadde’s failure to deal with them even after being thoroughly put on notice, were the subjects of my 4 April article.

Around 8pm on 1 May 2020, I received a letter from UK lawyers Bristows telling me that my article was libellous and there was, “no conceivable chance of defending” it as truth or honest opinion and saying it should be, “removed immediately”. I refused, and published the relevant section of the letter and mocked them in this article. I then requested further information under UK pre-action rules. Much as Elon Musk complains, Twitter were curiously reluctant to answer my questions and backed off as I detailed in my later article, “Twitter and Bristows in Humiliating Libel Climb Down”.

Extract from Bristows' Email of 6 May 2020

Bristows now claim they were never threatening to sue me on behalf of Twitter. That letter they sent me late on a Friday night was just abstract information shootin’ the breeze.

Bristows are a proper libel law firm and therefore know better than to test me in court. I stand by the article. Vijaya and her colleagues have in effect supported the actions of Esther Baker and Alan Goodwin by not banning / permanently suspending them from Twitter, when others have been banned without recourse for far lesser wrongdoing. In fact Twitter did not even remove the tweets that were the actus re of the stalking, just made them inaccessible in the UK.

Continue reading

Share Button

Statement on Brand New Tube Hack – Long Video Coming Soon

Posted on by
3

I have had a number of people contact me about an alleged hack of Brand New Tube (‘BNT’) last week. They are concerned about their data security. I covered a previous hack of the platform in 2020 and made a video. Readers may rely on that video, because BNT supremo Muhammad Butt sued me in the High Court using expensive lawyers. I defended myself and won, he lost – filing notice of discontinuance and throwing in the towel. Today the ICO have confirmed that Brand New Tube has failed to notify it of the data breach. If true, they have breached data protection law once again. [UPDATE 23 August 2022 – The ICO have corrected themselves. Their initial email was wrong. Brand New Tube did in fact report the incident by 17 August. However, all the other criticisms in this article remain unchanged. In particular, Brand New Tube have failed to answer whether they received concerns in December 2021 about the website’s security.]

ICO Press Officer Rashana Confirms No Mandatory Report was Made

The ICO confirms no report was made. The ICO was asked very specific questions and given My Media World’s registration number. The ICO initially said no report was received. It now admits this was wrong.

I want to confirm to supporters that I am preparing a lengthy video on this. However, I have already verified certain facts. Brand New Tube has been hacked – their Twitter account confirmed it on 14 August 2022 (archive). The hackers claim to have obtained the database including SHA-1 password hashes, and to have been able to extract the passwords. They claim to have extracted over 200,000 customer passwords (it is possible to de-hash unsalted hashed passwords using tools such as rainbow tables). If true, this would only be possible due to negligence of a very serious kind.

In the UK, it is a mandatory legal requirement to report breaches to the ICO. The hackers and Brand New Tube customers on Twitter (archive) allege that BNT was warned months ago and failed to take action. That means at the latest the website operator should have disclosed to the ICO by Wednesday 17 August 2022. The ICO confirms they have not. [The ICO now confirms this was wrong and their initial email above was incorrect.] I also put the allegations to Brand New Tube via their lawyers on Friday and I can confirm that they have not denied being warned of a security breach in December 2021. The ICO was given My Media World Limited’s registration number and the website URL, and was asked very specific questions.

Continue reading

Share Button