SiegedSec, a group of “gay furry hackers,” was banned from X after alluding to information they had obtained from a variety of entities, including the right-wing think tank Heritage Foundation, the primary organization behind the infamous “Project 2025” agenda. 

“SiegedSec account suspended,” SiegedSec member vio wrote on their personal X account. “this current account will be used as a backup until a new one is set up :3.” However, vio’s account was also quickly suspended.

X has previously suspended users for posting data related to hacks or security breaches.

In a screenshot shared with tech news site Daily Dot, X stated that a user had reported SiegedSec’s account for violating its “rules against posting private information.”

The accounts were banned following a multi-day hacking campaign during which the group leaked data from Amplify AI, a company that provides AI-driven comment moderation solutions for Facebook and Instagram. It included basic account information, such as email addresses for company employees. 

A screenshot shared on SiegedSec’s Telegram also suggested the group had gained access to Amplify AI company source code and an administrator portal, which allegedly included direct messages from an account run by President Joe Biden’s campaign.

SiegedSec also leaked data that it allegedly obtained from the North Atlantic Treaty Organization (NATO), which the group has targeted in the past. A Daily Dot analysis found that the data contains contact information, including email addresses and phone numbers, for high-ranking military officials worldwide and various unclassified documents.

But SiegedSec claims that its members believe one hack in particular led to the suspension of their accounts on X.

Following several months of teasing its social media followers, the group announced that it had obtained data from the Heritage Foundation, and had promised, on its X account, to publish the data on July 10.

“they didnt want us posting the heritage hack tomorrow,” vio wrote on their account.

According to the Daily Dot, SiegedSec leaked about 200 gigabytes of data on their Telegram account, containing information from between 2007 and 2022, focusing primarily around the think tank’s news wing, The Daily Signal.

The data includes commenters’ emails and IP addresses, full names, usernames, and passwords, as well as information about those who posted articles on the site.

Cybersecurity expert Jackie Singh, who reviewed the data from the breach, commented on X that she had “identified very embarrassing data within this dataset,” adding, “Why so many Chinese IP addresses?”

I am reviewing this alleged hack of The Heritage Foundation.

I have identified very embarrassing data within this dataset. Why so many Chinese IP addresses? 🤔 https://t.co/M2MXK3g4mA

— Jackie Singh (@HackingButLegal) July 10, 2024

“Sample geolocations from the first 100 IPs (these are sorted ‘low to high’, and many Asia-based netblocks start with the number 1),” Singh added in a thread, following up on the earlier post. 

Sample geolocations from the first 100 IPs (these are sorted 'low to high', and many Asia-based netblocks start with the number 1) pic.twitter.com/hcPhdOPQWv

Read Next

Meet J.D. Vance, Trump’s Anti-LGBTQ Running Mate

— Jackie Singh (@HackingButLegal) July 10, 2024

Singh also noted that some suspicious IP addresses of commenters on the Heritage Foundation’s website appear to have come from individuals abroad, including Kathmandu, Nepal, and Hong Kong. 

“This breach can help shine light on who exactly is supporting Heritage, and also encourage people to fight against them even more than before,” vio told LGBTQ Nation. “I believe it’s also worth noting, this could help show the amount of support Heritage has that’s provided by malicious users or bots from China.”

SiegedSec claims the majority of leaked data is “mostly useless” information that it will not be releasing, although vio did tell LGBTQ Nation that the user data “has many people of interest,” including members of the U.S. House of Representatives, federal government employees, and Kevin Roberts, president of Heritage Foundation.

The hack of Heritage was part of a campaign known as #OpTransRights, which targets groups opposed to transgender rights, including the right-wing channel “Real America’s Voice” and a Minnesota church whose pastor has made anti-transgender comments. 

The Heritage Foundation was reportedly targeted for its creation of Project 2025, a plan that seeks to reshape the United States government in the mold of modern-day right-wing regimes, with a unitary executive at the top and party loyalists installed into various federal agencies in place of longtime government employees.

Project 2025’s policy reforms include erasing protections for LGBTQ individuals, banning LGBTQ-related information, especially in schools, and the full erasure of transgender identity.

SiegedSec posted a transcript of a chat, conducted on the messaging app Signal, between “vio” and Mike Howell, the executive director of the Heritage Oversight Project, the think tank’s investigative arm. In that exchange, vio revealed that the hack was done due to SiegedSec’s opposition to Project 2025.

Howell allegedly threatened to expose members of the hacktivist group, saying they had “turned against nature.”

“We are in the process of identifying and outting (sic) members of your group,” Howell wrote. “Reputations and lives will be destroyed. Closeted Furries will be presented to the world for the degenerate perverts they are. You cannot hide. Your means are miniscule (sic) compared to mine. You now can either turn yourself in or you can cooperate.”

He threatened to place members of SiegedSec in jail.

“Are you aware that you won’t be able to wear a furry tiger costume when you’re getting pounded in the ass in the federal prison I put you in next year?” he wrote.

When vio asked if it was okay to share the transcript, Howell allegedly wrote, “Please share widely. I hope the word spreads as fast as the STDs do in your degenerate furry community.”

Howell also said he was contacting the FBI issuing a “2702 order” on vio’s social media.

“You aren’t that sneaky for your line of work,” he wrote, providing a screenshot of SiegedSec’s bitcoin wallet’s transactions.

“omg you learned how to look up the public history of my bitcoin address!!! good job pal im proud of you :D” vio responded.

A Heritage Foundation spokesperson released the following statement to Metro Weekly in an email:

“The Heritage Foundation was not hacked,” the spokesperson wrote. “An organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor. The information obtained was limited to usernames, names, email addresses, and incomplete password information of both Heritage and non-Heritage content contributors, as well as article comments and the IP address of the commenter.

“No Heritage systems were breached at any time, and all Heritage databases and websites remain secure, including Project 2025. The data at issue has been taken down, and additional security steps have since been taken as a precaution. The story of a ‘hack’ is a false narrative and exaggeration by a group of criminal trolls trying to get attention.”

The Heritage spokesperson did not address questions sent by Metro Weekly regarding Howell’s chat with vio or his threats to involve the FBI.

SiegedSec has since posted a message on its Telegram channels that it plans to disband, saying they were doing so “for our own mental health, the stress of mass publicity, and to avoid the eye of the FBI.”

“I’ve been considering quitting cybercrime lately, and the other members have agreed its time to let SiegedSec rest for good,” the message reads.

“In the past, I have tried quitting cybercrime a few times, and I’ve always been unable to fully quit. This time, hopefully I am able to stay away from it for my own wellbeing. We may not be a cybercriminal group anymore, but we will always [be] hackers and always fighting for the rights of others.

“Within the past week, we have posted the last of our breaches every day,” the message concludes. “We hope you enjoy all of it :3 We also have a couple more private breaches that have been sent to journalists, they’ll handle the rest from there. The channel, all leaks, and our community’s chats will remain open. Feel free to join.”