Monthly Archives: August 2022

Cloudflare and Kiwifarms: An Ominous Cloudflare Executive?

Posted on by
4
KiwiFarmsTwitter

Kiwi Farms is run by paedophile sadist Joshua Conner Moon and exists to harass the disabled. Click for full size.

#DropKiwiFarms has been trending on Twitter for some time now. The movement seeks to shut down Kiwi Farms – an evil website that this site has been campaigning against since 2016. Members of the campaign have been pushing for support services and providers to terminate the site – in particular Cloudflare. Cloudflare has today released a response (archive) that many have interpreted as a veiled refusal – essentially saying that it is dangerous and not their job to ban websites. In this article I muse on and recap on some of the Kiwis worst hits and recount a disturbing rumour about Cloudflare that some readers might want to look into. It is alleged that a particular Cloudflare user is a Cloudflare executive.

Kiwifarms markets itself as for, “gossip and exploitation of the mentally handicapped for amusement purposes”. Users of the site would defame and manipulate persons with serious disabilities living in the community – female members would even meet them and record ‘dates’ for cruel entertainment. The most well-known victim of the site was Christian Weston Chandler (CWC or Chris-chan), a vulnerable autistic man, now known as Christine whose life became a goldfish bowl – almost a real-life Truman-show. CWC is currently on trial for alleged incest with his mother. He is innocent until proven guilty, but there is substantial evidence that Kiwi Farms users sought to persuade him to commit the act. If he is guilty, it is beyond doubt that the Kiwis bear moral responsibility and likely legal responsibility.

The campaign by Keffals has been supported by some and criticised by others. It is a source of interest to me because I have seen both sides of this argument. Suing and campaigning to silence false and defamatory speech, whilst also wanting to protect controversial speech including, for example, Milo Yiannopoulos. I do not agree with a lot of what Milo says but he did not deserve to be banned from Twitter. I have been reflecting on the moral line. What is the difference? It is this –

What would happen to me if I started a website called SamsDrugsRUs.com and sold cocaine online? I would be arrested. Any service provider that found out would ban me. I would have my door kicked in by police and spend decades in prison. There is a reason drugs markets are on the darknet. There is no country in the world where that is legal. There is no country that will enforce a contract that one party is using for illegal purposes. You can evict a tenant who is running an illegal brothel or a crack-den. You can drop a website that is engaging in copyright violations.

The line with Kiwi Farms is the blatant illegality on the site itself and the spin-offs. Marjorie Taylor Greene is not the first politician targeted in connection with the site. Kiwi Farms owner Joshua Conner Moon set up a site called 9chan where users made a forum called /leftnudes/ for stalking left-wing politicians and boasted about trying to break in to British Member of Parliament Jess Phillips’ house.

Members of sinister Kiwi Farms sister-site 9chan (also owned by Joshua Conner Moon) claim that they tried to break in to Jess Phillips' house.

Members of sinister Kiwi Farms sister-site 9chan (also owned by Joshua Conner Moon) claim that they tried to break in to Jess Phillips’ house.

Continue reading

Share Button

Brand New Tube CEO Muhammad Butt in Bizarre Statement: Time Travelling Predators Involved in Hack of Website

Posted on by
1

In a bizarre video statement today, Brand New Tube CEO Muhammad Butt tried to link the recent hack of his video sharing website BrandNewTube.com (BNT) to a disclosure made after the hack. A reminder for readers – at some point this year, no later than 14 August 2022, Brand New Tube was hacked. The hackers posted a thread online on their website that day and then defaced Brand New Tube to redirect to it. The hack was allegedly done the same way as an earlier hack of BNT in 2020, using a vulnerability that had not been fixed, involving ‘nulled’ (pirate) software installed by BNT on its servers. It later emerged that a large number of user identity documents uploaded by BNT customers had been negligently published to the world at large for the past two years on Brand New Tube’s Content Delivery Network (CDN). Bizarrely, Butt’s statement sought to link the hack to a disclosure of VIP abuse made 11 days after the hack on 25 August 2022 – meaning a predator not only with powerful friends but the ability to time travel.

In his bizarre official statement today, Muhammad Butt looked far greyer than he did only two years ago.

In his bizarre official statement today, Muhammad Butt, Brand New Tube CEO, looked far greyer than he did only two years ago. Picture used for the purposes of criticism of the video.

Earlier this week, Brand New Tube tweeted (archive) that the controversial and troubled site would be returning at 6pm today. It has not. Instead there was a bizarre statement by Muhammad Butt about, essentially, two things.

The first was an allegation that on 25 August 2022 Mr Butt received an allegation against a politician by a woman. Assuming that is true, (and it sounds disturbingly like Exaro News) that can have no bearing on the hack. The woman is said to claim she was abused by a man she feared had powerful friends. Even if true, it is unclear how the politician could find about this and then travel back in time to early August to arrange the hack of Brand New Tube. In short it is an irrelevant red herring.

The second remark was that Muhammad and Sonia had been libelled on blogs. It was also alleged that hackers had uploaded documents that Brand New Tube had never possessed. I do hope Muhammad is not denying that Brand New Tube negligently published driving licenses of customers on its CDN because the whistle-blower who contacted MHN had archives. MHN has provided those archive to the Office of the Information Commissioner. Perhaps Muhammad needs to think again.

There was no answer on the allegations of use of nulled software (pirate software illegally hacked to remove the copy protection), a sidelong allusion to passwords being compromised, and no answer to the allegation that Brand New Tube had been failing to fix security bugs it was notified of for two years – only vague allegations of death threats and blackmail – and an assertion police are involved. Of course, Sonia and Muhammad have often complained of death threats, but Sonia’s allegations have often seemed far less sinister under scrutiny. MHN challenges Sonia and Muhammad to publish the alleged threats so the public can make up their own mind.

The public are invited to remember the old saying that, “no answer is an answer”, and to never, ever, use Brand New Tube.

Share Button

Driving License / Identity Document Breach Quietly Closed by Brand New Tube but No Apology from Muhammad Butt or Answer Over Pirate Software Allegations

Posted on by
Reply

Brand New Tube has finally removed the collection of customer personal identity documents – some as old as 2020 – it had accidentally posted online. The controversial site has announced a planned return on Tuesday at 6pm. Those users unwise enough to remain members will likely be hoping there are no further security breaches. Key questions remain unanswered by the usually irrepressible Muhammad Butt.

Muhammad Butt seen giving an update from his car, about his low rent video sharing website. Whilst Mr Butt has been prominent seen 2020, he has yet to actually set out a clear answer on the 'pirate software' issue. Image used for the purposes of criticism and review of the video and Brand New Tube.

Muhammad Butt seen giving an update from his car, about his low rent video sharing website. Whilst Mr Butt has been prominent since 2020, he has yet to actually set out a clear answer on the ‘pirate software’ issue. Image used for the purposes of criticism and review of the video and Brand New Tube.

Although the site is returning, there has been no apology nor admission by Muhammad Butt as to the breach of personal documents. There has also been no response to allegations by the hackers and by users (archive) that Brand New Tube they were using ‘nulled’, that is pirate, hacked components. As well as being illegal risk, such alleged practises (if true) create a security risk to the site and its users.

Mr Butt is usually a plain spoken man. In his strange, low-rent but blunt video above from 2020, Mr Butt was happy to engage stridently with critics. So, Muhammad, why no answers? Why have you not clearly disclosed the personal identity document breach publicly? Was Brand New Tube using, ‘nulled’ scripts?

Share Button

Explosive: More Brand New Tube Revelations – List of Security Warnings Since 2020 Revealed – Driving Licenses Still Online!

Posted on by
4

Yesterday, MHN revealed information provided by a whistleblower. In a shocking development to the Brand New Tube story it has emerged that up to thousands of identity documents of Brand New Tube users, including passports, were published online without the knowledge or consent of those users (and indeed, likely without incompetent Brand New Tube’s knowledge). In a shocking update today, a different source has provided a publicly available list of reported bugs on Brand New Tube that have largely gone unfixed since 2020!

The list of errors can be found on a public bug bounty site called www.openbugbounty.org (archive).

Brand New Tube Bugs List From OpenBugBounty.org

A list of Brand New Tube vulnerabilities reported on OpenBugBounty.org. These have gone unpatched in some cases for nearly two years after being reported.

MHN texts BNT lawyer Jeffrey Smele, Partner at Simons Muirhead and Burton

MHN has now had to go so far as texting BNT lawyers on the weekend about the scale of the breach. Click for full size.

This only fuels concern as to Brand New Tube’s poor security policies. Tests today reveal that Brand New Tube are still publishing unsecured identity documents online. Nothing has changed since the MHN article yesterday.

[UPDATE 15:05 27 August 2022] In light of the breached personal identity document still being online, MHN has contacted Muhammad Butt’s and Brand New Tube’s lawyers by text, to warn them and to create evidence of their negligence.

MHN will be posting daily call-outs until the personal identity documents are removed.

Brand New Tube’s negligence is shocking.

Share Button

Explosive! All Brand New Tube User Identity Documents Available Online … and ICO is Failing

Posted on by
1

The Information Commmissioner’s Office (ICO) and Brand New Tube (https://brandnewtube.com, BNT) face questions after whistleblowing information revealed damning new information about the scale of BNT’s recent data breach. British video sharing website Brand New Tube was hacked in 2020, and again earlier this month by a different group. The hackers emailed users and posted some details online. However, based on information MHN received from a whistle-blower last night, BNT’s disclosures on the scale of its security problems and the recent hack are seriously incomplete. Right now, if you have ever uploaded an identity document to BNT for monetisation, it is likely available online. Disturbingly, it has been quite hard to get the ICO to do something about this. The poor communications and processes reflect badly on Head of Communications Tim Bowden and Chief Executive John Edwards, albeit not as badly as on Brand New Tube CEO Muhammad Butt.

A driving license of a BNT user available from BNT CDN servers this morning, anonymised by MHN.

A driving license of a BNT user available from BNT CDN servers this morning, anonymised by MHN.

Obviously, you would expect the ICO to do something about this pretty promptly. I got in touch this morning with their press office by email. I got a boilerplate message back. Now, just to explain the ICO are embarrassed because last week they wrongly told MHN in writing that Brand New Tube had not disclosed the hack. This was wrong and the ICO had to withdraw it. However, the story has moved on and they need to actually read inquiries. So I called them up and had a few words. I sent in a further inquiry. I just got another boilerplate, “We have nothing further to add to our statement”. As opposed to, for example, “thank you for this new information – we confirm it has been passed urgently to the relevant team to see what can be done and will be looked at today”.

Based on the information from the whistle-blower, Brand New Tube has failed to disclose the fact that it has never deleted user documents, and never put them, y’know, behind a password. It appears that they can all be downloaded. This morning, multiple bloggers and journalists have downloaded multiple identity documents – taking appropriate records for evidence.

The passport above was downloaded this morning. There was no hacking. I just typed in the URL to a BNT server. They have published these peoples’ documents to the world. Then I forwarded it to the ICO. I have anonymised it for this article, and before processing the data, I considered the Editor’s Code and MHN’s policies in accordance with the Data Protection Act 2018 (DPA). I consider it reasonable and in the public interest to process this document to report it to the ICO. I consider it reasonable and in the public interest to process it in anonymised form in the article in order to give a concrete example of BNT’s failure to appreciate or disclose the scale of the breach, and of their security issues. Others are doing the same. There are thousands of ID documents. Anyone who has ever monetised at BNT as far as we can tell. All available online without so much as a password prompt.

Continue reading

Share Button

Whistleblower Sends Evidence BNT Held Personal Identity Document for Years

Posted on by
2

It is late, and I was only up watching TV. I have just received a whistleblower email making an incredibly serious allegation about Brand New Tube, the troubled online video sharing website hacked in 2020 and again earlier this month, that hosts controversial fringe content like ‘journalist’ Sonia Poulton. This is bad stuff.

I had to check a couple of things because I frankly did not believe it and I needed to check some HTML quickly from a third party site. I will need to call the ICO in the morning. I can say this goes way beyond passwords and emails. Full details tomorrow but there is incontrovertible proof that a lot of data was held that Brand New Tube did not declare as breached.

Share Button

Could the UK High Court Case of Smith v Baker Determine the Delaware Case of Twitter v Musk et al and the Fate of Twitter’s Vijaya Gadde?

Posted on by
2
Vijaya Gadde at a Fortune Event

Vijaya Gadde at a Fortune Brainstorm Tech event. Would she be such a popular speaker if she was properly no-platformed due to her allowing vile stalking and racism against a child rape victim as well as anti-Semitism? Picture by Photograph by Kevin Moloney/Fortune Brainstorm TECH. (NC License here).

On 4 April 2020, I published the article, “Twitter’s Del Harvey / Alison Shea and Vijaya Gadde Openly Back Child Rape Stalker and Anti-Semite Racist”. Multiple parties, including Twitter, threatened lawsuits. Twitter did not make good on their threats. Esther Baker attempted to do so. The lawsuit over the article, brought by Esther Baker in the High Court in London, was commenced in 2020 (before the Twitter purchase was proposed) and determined in my favour last week. The lawsuit has the potential to harm Twitter’s reputation. So, did Twitter know about it, and did they disclose it to Elon Musk when they formed the purchase agreement between Twitter and Musk currently being litigated in Delaware in the United States? Did Twitter notify Musk of the legal risks arising from the matters in this article – “Labour’s Secret Deal with Twitter and Facebook to Surveil its own members”? The article ended with an express threat to draw it to the attention of the relevant regulatory law enforcement body.

It is worth recapping for new readers. In 2020 I was covering a significant amount of what, in my opinion, was wrongdoing by Twitter. The Labour Party head office team had been using an in-house application that used their database of member emails, cross-referenced with privileged access to the Twitter API, to scan their members’ tweets for statements warranting disciplinary action. It is unclear if members’ consent was ever clearly sought for this by either the Labour Party or Twitter, or whether they were told about it. It is likely that would have been a legal requirement for processing to be compliant with the General Data Protection Regulation (GDPR).

The second issue was Twitter’s inconsistent handling of complaints of breaches of its rules. Esther Baker, had, at the time, been made subject to two restraining orders by UK courts. One was for libel and the other was for, in the words of His Honour Judge Gargan, “particularly malevolent” and “racist” stalking. One of her supporters, Alan Goodwin, had made plainly anti-Semitic posts including gratuitous, utterly baseless, speculation that a senior British government minister had conspired with Mossad to cover up child abuse. The actions of Esther Baker (@Esther9982) and her supporter Alan Goodwin (@Ciabaudo), followed by Twitter lawyer Vijaya Gadde’s failure to deal with them even after being thoroughly put on notice, were the subjects of my 4 April article.

Around 8pm on 1 May 2020, I received a letter from UK lawyers Bristows telling me that my article was libellous and there was, “no conceivable chance of defending” it as truth or honest opinion and saying it should be, “removed immediately”. I refused, and published the relevant section of the letter and mocked them in this article. I then requested further information under UK pre-action rules. Much as Elon Musk complains, Twitter were curiously reluctant to answer my questions and backed off as I detailed in my later article, “Twitter and Bristows in Humiliating Libel Climb Down”.

Extract from Bristows' Email of 6 May 2020

Bristows now claim they were never threatening to sue me on behalf of Twitter. That letter they sent me late on a Friday night was just abstract information shootin’ the breeze.

Bristows are a proper libel law firm and therefore know better than to test me in court. I stand by the article. Vijaya and her colleagues have in effect supported the actions of Esther Baker and Alan Goodwin by not banning / permanently suspending them from Twitter, when others have been banned without recourse for far lesser wrongdoing. In fact Twitter did not even remove the tweets that were the actus re of the stalking, just made them inaccessible in the UK.

Continue reading

Share Button

Statement on Brand New Tube Hack – Long Video Coming Soon

Posted on by
3

I have had a number of people contact me about an alleged hack of Brand New Tube (‘BNT’) last week. They are concerned about their data security. I covered a previous hack of the platform in 2020 and made a video. Readers may rely on that video, because BNT supremo Muhammad Butt sued me in the High Court using expensive lawyers. I defended myself and won, he lost – filing notice of discontinuance and throwing in the towel. Today the ICO have confirmed that Brand New Tube has failed to notify it of the data breach. If true, they have breached data protection law once again. [UPDATE 23 August 2022 – The ICO have corrected themselves. Their initial email was wrong. Brand New Tube did in fact report the incident by 17 August. However, all the other criticisms in this article remain unchanged. In particular, Brand New Tube have failed to answer whether they received concerns in December 2021 about the website’s security.]

ICO Press Officer Rashana Confirms No Mandatory Report was Made

The ICO confirms no report was made. The ICO was asked very specific questions and given My Media World’s registration number. The ICO initially said no report was received. It now admits this was wrong.

I want to confirm to supporters that I am preparing a lengthy video on this. However, I have already verified certain facts. Brand New Tube has been hacked – their Twitter account confirmed it on 14 August 2022 (archive). The hackers claim to have obtained the database including SHA-1 password hashes, and to have been able to extract the passwords. They claim to have extracted over 200,000 customer passwords (it is possible to de-hash unsalted hashed passwords using tools such as rainbow tables). If true, this would only be possible due to negligence of a very serious kind.

In the UK, it is a mandatory legal requirement to report breaches to the ICO. The hackers and Brand New Tube customers on Twitter (archive) allege that BNT was warned months ago and failed to take action. That means at the latest the website operator should have disclosed to the ICO by Wednesday 17 August 2022. The ICO confirms they have not. [The ICO now confirms this was wrong and their initial email above was incorrect.] I also put the allegations to Brand New Tube via their lawyers on Friday and I can confirm that they have not denied being warned of a security breach in December 2021. The ICO was given My Media World Limited’s registration number and the website URL, and was asked very specific questions.

Continue reading

Share Button

Smith v Baker, Summary Judgement on the Counterclaim! MHN Wins. Devastation for David Hencke, Mark Watts and Sonia Poulton

Posted on by
8
BakerRestrained

Esther Baker has lost her claim over articles that meant (as the court found) that she is depraved, stalked a child abuse victim for years, is a racist stalker worse than most other racist stalkers, tried to undermine a paedophile priest’s criminal conviction, told deliberate and malicious lies on Twitter for the purpose of raising money under false pretences, has made numerous unfounded allegations of sexual abuse, children are being abused by paedophiles because money and police resources have been used up by Ms Baker’s groundless allegations instead of being available to protect them and that it is possible that some of these children have been raped as a result.

In 2020 I filed a lawsuit against Esther Baker for libel and harassment. I won, and she agreed to be restrained for life after her defences of Truth and Public Interest were struck out. That court order is here. However, a counterclaim by Baker against MHN editor Sam Smith continued. Now, in a judgement today of Mr Justice Griffiths, that too has been defeated after your author applied for strike-out and / or summary judgement. The case is over. Esther Baker loses. MHN editor Sam Smith wins. The result is a devastating humiliation for fringe journalists like Mark Watts, Sonia Poulton and David Hencke who have given her account credence over the years.

The result is also a vindication for victims of Baker like former MP John Hemming, Darren Laverty and Simon Just of Real Troll Exposure.  Each of these men has been subjected to substantial police involvement over the years due to Esther Baker’s false allegations. Now her supporters must suffer the consequences.

Baker and her supporters were cock-a-hoop earlier this year when Mr Justice Griffiths held that previous articles on this blog had defamatory meanings. Now, in today’s judgement the same judge has found that those meanings have been successfully defended, including via a defence of Truth –

“94. For these reasons, I am satisfied under CPR 3.9 that Ms Baker’s statements of case disclose no reasonable grounds for bringing the claim, that her statements of case are an abuse of the court’s process and are likely to obstruct the just disposal of the proceedings, and that they fail to comply with the requirements of Practice Direction 53B and the Griffiths Order. I am also satisfied under CPR 24 that Ms Baker has no real prospect of succeeding on her claims and there is no other compelling reason why the case should be disposed of at a trial.”

Furthermore, these are not mere technical findings because Baker failed to comply with court rules. The judge found that, had she complied and filed paperwork on time, she would still most likely have lost and had no realistic prospect of defeating my defence of Truth. As an example, Baker was suing me for saying that her mental illness caused her untrue allegations of child abuse. However, a medical report she had filed in other proceedings stated that she had decided to participate in IICSA (the Independent Inquiry into Child Sexual Abuse), because a voice in her head told her to. The evidence was simply overwhelming. She conceded her mental illness in her draft reply and told the judge at the hearing about the voices in her head.

It is also worth mentioning that before judgement, at several stages, I gave Baker the option to drop her counterclaim with no further order for costs. She was not forced to bring this – it was her claim. No one used expensive lawyers, I am a law graduate and I defended myself. Baker had many warnings. Hard working judges, High Court Master Lisa Sullivan and High Court Judge Martin Griffiths, both gave Baker many chances to correct her pleadings and reply coherently to my defence of Truth. They gave detailed judgements and guidance on what steps Baker should take. They made express allowances for Baker’s mental disabilities. Baker failed to follow the rules in the case she brought and had the opportunity to drop.

There are a lot of meanings spread across eleven articles. The meanings that have now been defended ought to devastate Baker’s reputation, shame her supporters and Staffordshire Police.

The imputations defended are as follows, in the judge’s words cut-and-paste from the judgement on meaning. Because there were 11 articles, some are repetitive or overlapping. Each meaning has a shield next to them to show they have been successfully defended in court and can be relied upon by readers –

Continue reading

Share Button