A mail server vulnerability has publicly uncovered greater than a yr’s value of e-mail logs, in addition to highlighted safety and infrastructure points, confronted by the directors and maintainers of controversial web sites corresponding to 8kun.
The logs, which have been publicly seen earlier than the vulnerability was patched final month, present hundreds of e-mail contacts made by 8kun directors in addition to by an tackle that seems to belong to 8kun proprietor Jim Watkins.
While it’s doable to see who’s emailing who and when in the logs, it’s not doable to view the contents of emails.
The logs present admin accounts for the likes of 8kun and “Is It Wet Yet” (IIWY), the dad or mum firm of 8kun which can also be owned by Watkins, partaking with quite a lot of e-mail addresses. Many seem to indicate inside communications however others present contacts with obvious industrial companions and quite a lot of outdoors addresses. There are additionally one-off contacts with no less than two regulation enforcement companies.
Separately, Watkins’ e-mail tackle, which was used to reply to questions relating to this text, may be seen in contact with a lot of avid QAnon conspiracy fans, together with one who seems to be a contract specialist in a task with the US Army. Further contacts with Q influencers with far bigger followings are seen in the logs as properly, though these look like extra restricted in quantity.
In whole, the logs revealed 2,664 mail occasions despatched from 30 addresses, which are a part of Watkins’ firms, to 665 different e-mail addresses. More than 1,100 of the mails logged got here from Watkins’ personal tackle.
The vulnerability additionally uncovered issues corresponding to config directories, which comprise particulars of how personal information on the likes of the 8kun web site is saved. Error logs, in the meantime, revealed issues like SQL instructions, session credentials, IP addresses and listing particulars on 8kun.
Although 8kun, which was beforehand referred to as 8chan, has lengthy been recognized to host nameless boards riddled with racist, neo-Nazi and anti-Semitic content material in addition to posts that encourage and have fun mass shootings, it has extra not too long ago grow to be house to the QAnon conspiracy The false and baseless idea posits that secret and satanic pedophile cabals are operating the US and {that a} excessive stage official referred to as Q is leaking details about the battle to cease these secretive, deep state teams on 8kun. Despite missing any foundation in reality, the Q conspiracy has spread across the US and beyond. QAnon adherents have been pictured contained in the US Senate after right-wing protesters stormed the US Capitol on January 6 and it has beforehand been linked with a lot of violent incidents.
Yet the id of the particular person or folks posting on 8kun as Q for now, stays a thriller. Some, together with the unique founding father of 8chan who has since turned in opposition to it, Frederick Brennan, have speculated that Watkins may himself be acting as Q or would at least be able to find out Q’s real identity, although Watkins has long denied this. Previous media experiences, in the meantime, have suggested Watkins might be facilitating QAnon group hubs.
In an emailed response to this text, Watkins stated: “I’m not Qanon and don’t establish as such. That is a key phrase on twitter [sic]. I’m additionally not Q.”
A video revealed on-line shortly after a request for remark relating to this text was made final month appeared to indicate Watkins discussing the logs and stating that there was nothing of notice in his emails. The video additionally contained a promotion for 8kun and Q face masks.
A screen grab from a video posted to the Tiger Network that featured Jim Watkins showing to debate leaked e-mail logs and containing an advert for Q and 8kun masks. Credit: Tora3/Newsnetwork
The susceptible log directories have been posted on the 420chan picture board, in addition to on Twitter, by Aubrey Cottle, the reported co-founder of Anonymous and 420chan. Cottle has declared war on QAnon, which he not too long ago instructed Gizmodo was “warping minds around the globe.”
Cottle found that Is It Wet Yet (IIWY) — an organization founded, owned and operated by Watkins and which in the end controls 8kun and different web sites — was publicly exposing greater than 4 Roundcube mail server logs it hosts and administers.
The authors of this text have been capable of verify the general public nature of logs as a result of unpatched model of Roundcube the IIWY mail server was operating. This bug is detailed in CVE-2015-5383 and was patched by Roundcube in model 1.1.2.
In response to the uncovered logs, Watkins stated it appears “there was a vulnerability in the Roundcube e-mail server that I used to be utilizing and I believe hundreds of different firms as properly. Instead of reporting this vulnerability, I used to be stalked by the person you’ll use as your supply,” in possible reference to Cottle. Watkins continued that these logs doubtless impacted hundreds of different firms however have been launched in order to “embarrass me and a few of my buddies and those who have emailed me.” This was not one thing “that ought to be inspired,” he added, in addition to stating he had reported the matter. Watkins additionally acknowledged that the final time Bellingcat reported on him it led to folks he knew being harm, though he didn’t specify what experiences he was referring to. The full response, which Watkins additionally posted to Twitter, may be seen right here.
Although the uncovered logs and vulnerabilities have been solely not too long ago discovered, the date vary contained in the emails would appear to suggest that the publicity existed when 8kun was administered by Jim Watkins’ son, Ron.
Ron introduced he was not 8kun admin earlier this yr and has since gone on to hawk conspiracies concerning the outcomes of the US election and framed himself as a technical skilled. One of his current appearances on the right-wing OANN information channel the place he spoke about alleged election fraud was retweeted by President Donald Trump. We reached out to Ron Watkins for this text through Twitter direct message however didn’t obtain a response earlier than publication.
Mail Servers aren’t supposed to be public
Verifying the email logs was possible by reaching out to some of those contained within them. One email exchange showed Jim Watkins’ email address in touch with a reporter at HuffPo and their corrections inbox.
We asked the reporter who appeared to be involved in this correspondence if they could confirm the emails, which they did — an email was sent from Watkins to the corrections inbox at the time noted in the mail log on 25 October 2019. Bizarrely, the email contained a scrawled letter from Watkins on what seems to be parchment with Roman glyphs for the date. A tweet exhibiting this letter was revealed on the IIWY Twitter account whereas Watkins additionally appeared to put up a video of himself writing the letter on YouTube. We additional adopted up with a journalist with CNET whose e-mail tackle appeared in the logs. They additionally confirmed to us they’d been in contact with this e-mail on the IIWY servers on the date detailed.
Only (you) can forestall #8KDS pic.twitter.com/8yUpmFklqn
— Is It Wet Yet? (@isitwetyet) October 25, 2019
The e-mail logs present a peak of exercise to an unusually lengthy string of diverse emails from the admin account at IIWY on November 26, 2019 that stands out dramatically in opposition to the remainder of the information. When taking a look at Ron Watkins’ Twitter exercise round that point, he claims to have rotated all of the salts (an encryption associated piece of knowledge for accounts) and been underneath a distributed denial of service (DDoS) attack.
This would doubtless be one thing 8kun board homeowners would wish to learn about and could clarify the lengthy chain of emails on that day — though this could’t be conclusively confirmed with out seeing the contents of the emails. Some recipients of emails from this account on November 26, 2019 embody .edu accounts from Australia and Brazil. These are more likely to be owned by college students or individuals who work in academia. Again, it’s not doable to know if these addresses are associated to board homeowners.
From the logs it can be seen that admin emails for 8chan and IIWY talk with numerous cock.li related domains, a typical email provider for members of the 4chan and 8kun communities.
Log Breakdown
The particular person most in contact with Jim Watkins’ e-mail tackle in the logs was a girl named Priscilla Adams Dumont. Between her two e-mail addresses, DuMont exchanged 126 emails with Watkins’ account on the IIWY area between November 2019 and August 2020.
A dig into DuMont’s net footprint reveals a Facebook web page and two sparsely adopted Twitter accounts registered underneath the emails listed for her in the 8kun logs.
Though one Twitter account is locked down, the other, shaped in November, 2019 exhibits an lively historical past of posting about QAnon and different conspiracies. She can be seen partaking with well-liked QAnon accounts. Looking on the frequency of when Watkins and DuMont are emailing, there’s a peak round April 17, 2020. Again, it’s not doable to know what the pair have been emailing about, solely that they have been corresponding at the moment. On the identical day, nevertheless, DuMont’s open Twitter account tweeted that she was watching a dialog surrounding Watkins’ failed Disarm the Deep State Super PAC.
DuMont’s Twitter also shows her trying to curry donations for a corporation referred to as Redstone Arsenal Military and Civilians Club in November 2019. Her Linkedin profile additional particulars her place as Contracting Officer of the Army Contracting Command- Redstone Arsenal in Alabama. Previously her project was US Army Space & Missile Defense Command in the Contract Acquisition and Management Office (CAMO).
A 2018 Facebook post from US Army Contracting Command, in the meantime, particulars a Priscilla Adams DuMont being awarded the Order of St Barbara. Below the put up, the identical Priscilla Adams DuMont Facebook account that hyperlinks to the emails in the uncovered logs may be seen thanking folks for his or her congratulations in the feedback.
Although the conspiracy idea suggests Q has “Q stage” clearance inside the strictures of the US authorities and entry to navy intelligence, the e-mail logs don’t in any method recommend this particular person might be Q.
DuMont’s personal public postings on Twitter, whereas displaying a transparent enthusiasm for Q content material and different conspiracies, seem to indicate a technical limitation so far as the usage of boards corresponding to 8kun are involved. One tweet from November 2019 exhibits her asking for a hyperlink to the “Q boards on 8kun.”
She additionally seems to have minimal on-line impression or attain. Both Twitter accounts have a mixed follower rely of simply 185, whereas the account that is still publicly seen hasn’t tweeted since June final yr.
While it’s definitely noteworthy that a person who seems to be a contract specialist with the US Army is a eager follower of the conspiracy and in contact with the proprietor of the web site that hosts Q posts, there may be nothing in DuMont’s noticed on-line exercise that means she is a crucial cog in the story of Q. It can also be not doable to know whether or not Watkins is aware of something about her skilled position.
We tried to contact DuMont by e-mail, on Twitter and through a telephone quantity listed for her on-line to allow her to touch upon the main points in this story in addition to ask why she seemed to be in such frequent contact with Watkins. However, we didn’t obtain a solution or response earlier than publication.
The logs present a lot of different addresses that seem to belong to Q fans, some embody well-liked Q phrases corresponding to WWG1WGA or hyperlink again comprise the identify of blogs devoted to the topic, though none have been contacted as frequently as DuMont.
Other info from the logs seem to indicate additional communication with Q believers and influencers. For instance, Watkins and DuMont look like concerned in e-mail exchanges with distinguished QAnon figures corresponding to: Blessed to Teach, Citizen’s IReport, The Patriot Hour, The Black Conservative, QTheMoreYouKnow, and In Pursuit of Truth. Another person included in these group emails was “The Growing Awareness,” who posts prolonged videos with titles corresponding to, “Hospital tried to kidnap and drug our new born.” Though not in emails with DuMont, Watkins can be seen to be in contact with Neon Revolt, the Q evangelist with over 200k followers on Gab. We reached out to all the QAnon figures above through the emails listed for them in the logs however didn’t obtain any response earlier than publication.
The logs present an extra menagerie of curious e-mail exchanges between IIWY and 8kun admin accounts that are doubtless largely responses to emails first obtained. Many have fascist, racist, or weird, names and domains corresponding to: hitler.rocks, rape.lol, ni**e.rs, and many from cock.li.
One e-mail tackle that begins, “adolsefstalitler” was on the area “tfwno.gf” or “that feeling when no girlfriend.” Others seem to element issues corresponding to monetary streams round IIWY and 8kun. These embody paymentcloudinc.com, Paypal, goodstuffcoffee.com (the place they promote 8chan branded espresso), P2P Printing (a Qanon merchandise firm), and all the adverts associated emails from adverts tackle for 8kun.
Other addresses seemingly in correspondence with IIWY domains embody varied police and authorities companies together with the FBI, Department of Justice, Poland’s cyber-crime unit and even the Canadian baby sexual abuse tipline.
There are additionally many emails between Watkins and contacts at Lokinet with whom IIWY has tried to create a distributed censorship resistance platform.
IP addresses
According to the error logs which are additionally uncovered in the information, it’s doable to see failed entry makes an attempt to the Roundcube mail servers as properly. More merely put — these error logs present which e-mail tried to login, from which IP tackle and at what time.
We mapped the IP addresses in the leaked error logs to their related networking info. Somewhat surprisingly, it appeared that no two e-mail tackle domains had Internet Service Provider (ISP) overlap. In different phrases, a number of customers from totally different “@domains” have been logging in to the identical IIWY roundcube server from totally different IP addresses. Additionally, this seems to point that the identical IIWY personal e-mail server was used for various organizations.
Watkins is understood to personal numerous web sites, domains and internet hosting constructions. And whereas most addresses mapped appeared to fall underneath internet hosting suppliers he has beforehand been related to, corresponding to NT Technologies, others appeared to return from outdoors companies (corresponding to Cloudflare, AT&T and Charter) indicating that IIWY could have relied on different internet hosting suppliers periodically or reflecting the IP addresses at time of login.
Takeaways
What’s clear is that IIWY left important vulnerabilities that leaked intimate details about their organizational construction in addition to that of the 8kun boards themselves.
The information exhibits that the 8kun proprietor, Jim Watkins, in e-mail contact with Q fans in addition to distinguished Q influencers.
Other correspondence, though not the contents of stated correspondence, might be noticed between IIWY addresses and their industrial companions in addition to with regulation enforcement companies.
Watkins has denied being Q. These logs don’t present any trace as to the id of the particular person or folks posing as Q, which stays a thriller.
:max_bytes(150000):strip_icc()/HowtoSpecifyaPreferredSMTPServerforaMacOSXMailAccount2016-01-04-568a7f403df78ccc153b7b78.png)
