UnPato Writting


SiegedSec: The Gay Furry Hackers

First of all, thanks to Vio for helping me with everything, this wouldn't have been able to be written without him<3

About the group

The activists group SiegedSec is a proudly self described "gay furry hackers", said by them and also seen in the Telegram's group description. They defend the rights of trans people, women being able to abort, more human rights, and are pretty against the government. The name SiegedSec comes from the motto Sieging Our Victims Security, which was inspired in the group LulzSec. The name was decided by the (now-removed) co-founder sryakarad. 
Even though some articles have said that they mainly use SQL Injection, Cross-Site Scripting, this is not true, since they've only used it once or twice. This was confirmed by vio himself when I asked him about it, which he responded:

>"we dont often use sql injection or xss. if i recall correctly, this was put on an article about us without any proof. we've never used xss in an attack, and only sql injection like once or twice."

Instead, their most used methods of carrying out attacks are through many different methods, such as API vulnerabilities, doxxes and some more.Their skillset has been compared with some groups such as Lulzsec (a black hat group that would target high profiles such as Playstation and CIA). 
One of the main characteristics that distiguishes them is how when posting a new target being pawned, they usually add some edited the images of evidences with the character “BoyKisser”. Their style of writting the news is in a really "cute" way and always putting some ":3". 
            

Members

The number of members and leaders isn't exact due to them not wanting to show it for security reasons. 
I had read some articles about SiegedSec, and saw one on DarkOwl, talking about them, and they mentioned some members, and decided to ask him about them, this was his response: 

>"unfortunately none of those members still remain. most left after we started getting mass attention from media and law enforcement. others, like sry and rootsauce, were removed for lack of contribution. we've recruited more members thankfully"

I heard that the last co-owner, instead of leaving the group, he got kicked, and decided to ask about it:

>"sryakarad didnt fit with what SiegedSec's direction was. i wanted SiegedSec to lean in more of a kind group, where members could feel welcome and friendly. sry didnt fit that, as he was condescending and unwelcoming. he also didnt contribute to the group at all, aside from the name and motto"

Even tho i thought that they didn't recruit people, staying always the same members in the group, but i was wrong, this was his answer to my question: 

>"we are always looking for new recruits, our recruitment process could take a long time so its constantly ongoing to ensure new members to improve our future work"

Black hat hackers ususally end up getting caught due to different reasons, so i decided to ask him if any of the SiegedSec's members had ever been arrested, and he denied it

>"fortunately, no SiegedSec member has ever been arrested"
            

Philosophy of the group

Hacking groups usually have different reasons for attacking their targets, can be either for fun, extorting them for money, or political/ideological reasons. I asked vio about it with the next question: 

How would you describe the philosophy of SiegedSec? Is there any no-no targets? And main targets?

>"our philosophy is to fight for minority groups, and deliver justice in the best way we know how; hacktivism. our current restricted targets is anything involving minors and healthcare. in the past we used to target healthcare, which is often brought up to discredit our hacktivism, however we've reworked our "rules of engagement" with hacking. our current main targets are government facilities, telecommunication companies, and bigoted organisations"

I also asked them about the money, if they ever tried to get some, and they said 

>"money isnt our goal and never will be. our only profit from hacking is donations from the public"

I also asked if they had ever donated any money from the targets (i know it's similar from the last one, but its not the same concept)

>"we have not, we've not made any money from our hacking. the donations we recieve is sent to friends of ours who need the money. if we come across the opportunity to obtain money from targets, we'd absolutely send the majority, if not all, to a charity to support the LGBTQ+ community or Palestine. "

I asked the public leader vio (later will be talked about him) about their type of attacking their targets, if it would always remain the same, and this was his response:

Will you always remain in data breaches and doxxes, or will you ever try any other. Like ransomware for example

>"we'll likely remain in data breaches and doxxes, ransomware isnt something we're looking to focus on, and other areas of attacks arent of interest for us"

This can show us how their main objective isn't just doing harm/getting money, but more for their activist reasons by now.

I also asked him if they ever seek money to verify my latest thought, which by all the info that I had seen, there wasn't any extortion (appart from the demand of investigation for "creating irl catgirls" as they did with the Nuclear Lab Breach), and this was his response:

>"money isnt our goal and never will be. our only profit from hacking is donations from the public"
            

Vio - Main public character

The main public character of the group is “vio”, also known as “YourAnonWolf”. He usually talks in the group chat of SiegedSec with all the users.  He started getting into cybersecurity in 2020, when Operation Minneapolis was been done by Anonymous. He got inspired by them, getting into hacking, fueling even further his love for computes and access to nonpublic data. 
From my point of view, with all the convesations that I've had with him, he's a really skilled individual in privacy and cibersecurity terms, being able to help and explain different questions. 
He has 2 different twitter accounts, @YourAnonWolf_ and @cybercrimecat, but he currently use only the seccond account, @YourAnonWolf_'s latest post being the 6th of september of 2022

What inspired you to establish SiegedSec
>"i wanted to create a group that represented who i am, doing hacks for the lulz, and have a community based around my group. GhostSec and LulzSec inspired the creation, however i wanted to run the group differently than them"

Vio is inspired by being able to fight for the people and the benefit of society and creating a mark in the hacking history. 
Vio defines himself not as the "boss" or leader of SiegedSec, but instead he tries to make an environment of a bunch of friends to "fuck around". He doesnt usually enforce requirements to contribute, that anyone can help. He still does take responsability as the leader, sometimes getting overwhelmed with his duties, but he can always work through it though. I talked for a while with vio, and he told me that most hacks were done by him, but he would sometimes get help from other members, or they would hack the targets by themselves, but mostly vio does everything.

I decided to ask him about his difficulties that he could have since he had mentioned them, and this was his response: 

>"a difficulty ive had is the stress. it comes as no surprise that people targeting siegedsec will aim for the leader, and that has stressed me. along with the responsibilities that come with leadership, sometimes i get overwhelmed with the responsibilities. i can always work through it though ;D"

He seems to be mentally able to go through all his activities. You might question if SiegedSec was his first group, but no it wasn't, he had been member of other groups, mostly being skid groups, such as BreachSec, HackersGhost25, AxoSec and GhostSec. Vio said that he had never putten so much effort as he is doing with siegedsec though.

I also asked him if he had learnt by himself or if someone had helped/teached him, and this is what he responded:

>"i learned everything by myself. from hacking, to leading a group, to opsec. there was never someone there to teach me, i learned by countless hours of research and watching the hackers around me."

Has there been any target that you've pawned only by yourself before SiegedSec and you'd like to say

>"i did many attacks as myself back before SiegedSec was created, too many to list. i suppose the most notable attacks were the first OpColombia attacks, when i hacked the Colombian president's website a few times and other government servers"

If someone wanted to start and get to your level of coding/knowledge (either white/black hat), what would you recommend and/or tell them

>"i recommend getting as much real world experience as possible. also being a cat usually helps :3"
            

History

The group was created in febrary of 2022. Some people think that their first attack was the Row v Wade, due to it being the first attack being posted getting so much attention, being written on the news. The oldest attacks that are remembered were announced in BreachForums, the targets being 17 different companies or organizations, this ones being: 
- Rulmeca Corp, Crane Building Company Inc, MaxPro Films, McKinley Building Corporation, NHC Emergency Services, ACAP (NewityMarket), Alpine Resort, ATS Coop (Meridian Coop), Brush Dental Care, Cameron Management, The Law Group, The Loan Source, Tribute Construction, ValSource, VEL CashPlease, West Mark Corporation and ZipQuest

The 20 of December of 2023, in SiegedSec's blog a post was published, talking about how they only accepted people who were attracted to kids or zoo/babyfurs, being part of MAP (minor attracted person) community or be a zoofur, and some more stuff. The post is the next image:


Shortly after this post, the Five Families posted the next text on their Telegram channel: 


SiegedSec responded 1 hour later, denying this blog post being posted but them, but rather coming from the hosting provider, all explained in their Telegram channel:


Shortly after, the blog post was proven that it was written by Kmeta, who talked about the situation in BreachForums. When he was asked about why he did that, he responded that it was due to him  disgusting all the jokes about zoophilia that they made on the group chat.
            

Activities

I decided to ask them a bit related to how they would get into their victims system, etc, making different questions, which thought that it would be helpful for new people in the cibersecurity scene or companies that want to remain safe.

Whats the main vulnerability that you’ve saw in multiple companies and how could it be fixed

>"A vulnerability i commonly find in companies is Insecure Direct Object Reference (IDOR). this can be fixed by implementing permission checks whenever a user accesses an object. it often has a high impact and the complexity can range from basic to advanced."

Whats the main way you hack your targets

> "*this depends a lot on the target, but often we find and exploit API vulns, directory traversal, and exposed directories. "

What process do you usually follow for finding a target and then hack them
> "*usually we start out with a certain target criteria, for example lets take Operation Trans Rights; we begin looking for targets by searching for known anti-LGBT hate groups, news of transphobic abuse, and also asking the public to report targets. 
> once we have a list, we go through each target individually. we often spend the first hour or two working on recon, and if we cant find anything then we move on to the next target. but if we do find something, we can spend many hours straight hacking away :3. 
> if the target is successfully hacked, we take a moment to rest, then we go back to take screenshots and begin writing the telegram post for it. after its ready, we often wait until some time has passed before releasing it, to pace our posts. * "

Do u always follow the same path when hacking a target or does it depend
> "*its often the same, with a few exceptions if necessary. with webapps, we do lots of recon on the services running, subdomains, exposed directories/files, leaked credentials, monitoring the http requests, etc. with mobile apps, we decompile it, do a thorough search of the source code, and run the app while monitoring requests."

I also decided to ask if there was any target that could be said to the public, and this was their response, it seems like it's gonna be an interesting event and that they'll countinue with their *Operation TransRights2*:

> "*although i cannot confirm any exact target names, we have another church hack to be released soon, as well as a anti-LGBT conversion camp. the conversion camp hack will be huge, but take a lot of time to prepare ;D"
            

Targets

Their targets has been from different sectors and countries. The most targeted one is United States, with 31%.

Source: SOCRadar’s article “Threat Actor Profile SiegedSec”

The main target being PublicAdministration, with almost 30 attacks.

Source: SOCRadar’s article “Threat Actor Profile SiegedSec”

One of the "main" targets from all, we could be it could be NATO, since they've attacked them at least 2 times, and I've been told that they are still going for them. 
I asked vio about it and he responded

>"yes i do believe NATO is the most attacked target by SiegedSec. they deserve even more <3"

Their latest attack was to the Westboro Baptist Church, they decided this target due to them being known as an anti-LGBTQ hate group, being this told by different people that they through email. From this hack they got the WBC database, the whole's website source code and some private files from them.

(https://t.me/SiegedSecurity/111)

I also asked different questions of different attaks they did:

Which was the hack that took you the longest and how much time was it
>"the longest hack was probably the second NATO hack. that required tons of social engineering, which required osint, planning, response waiting time, and post exploitation. in a technical level though, the longest hack was TheTruthSpy, initial exploitation was quick but it took over a week of constant exfiltration"

And the shortest?
>"the shortest hack is tough to decide, many times the hack is as simple as a broken auth exploit to bypass the login, or using leaked credentials to easily login, or even a hacker reporting the vulnerability to us to immediately exploit. there are many short hacks to choose from"

And the most difficult one?
>"the most difficult hack is not public yet, so i cant give much information. its on a U.S government contractor, involving a complex windows network. this attack utilizes multiple exploits and requires careful planning to not mess it up"

And the easiest one?
>"the easiest falls under the short category, there are plenty of easy hacks we've done. easy can also mean different things. to us, a lfi exploit paired with insecure deserialisation using an environment file to get rce may be easy, but to others it may be difficult"
            

Who are they with

SiegedSec used to be part of the family named "Five Families", which was formed by ThreatSec, GhostSec, Stormous, Blackforums and SiegedSec. I decided to ask vio about any other collaboration and about "Five Families" and if there were any group that they'd like to collaborate with, this was their response:

>"nowadays we arent close with any of the Five Families, we'd like to distance from them and be much more careful with who we put our trust in and collaborate with. in the past, we've also worked with KittenSec, ByteMeCrew, and Anonymous Sudan. at the moment, theres no group we are looking to work with, however we're open for new opportunities."

The distance from the Five Families was due to a controversy they had, which will be written afterwards.

Also, GhostSec, the group they used to partner with, they ended up separating from them due to being hated by this group. And also since vio exposed sebby, the leader as an scammer, as well as other nonpublic issues. 
>"the whole alliance is just a terrible group to be around"

Interesting fact: while i was writting this, sebby, the owner of GhostSec DWC was exposed for being an scammer. 
            

Community

The group is also known for their group chat. I’ve been taking part of this community since some months ago, and honestly, SiegedSec has one of the nicest communities that I’ve ever seen. They are all nice and chill, time to time there’s sexual jokes that’s true, but everyone’s okay with it. The group having a nice community is probably due to its leader, who always tries to talk in a nice way, and if theres any problem with any user, he’ll deal with it. I’ve been talking with vio from time to time since some months ago, and he’s always been helpful with anything I needed related to coding or opsec.
            

Questions to members

I decided to make different questions that would vary depending of each one's opinion. For security and privacy reasons, for not saying how many members there are on the group, it was only answered by vio and 2 anonymous members. 

♡ Vio

1 - Are your activities worth/have there been any changes after doing an attack >"yes i believe our activities are worth it. most of the time, our goal is delivering justice and encouraging protesters, and we achieve this often. these goals are a small step towards making change, it wont be the sole reason for change but an additional factor" 2 - Is there any moment in which you guys will decide to stop or leave the community for going on your daily life >"i dont think ill ever stop hacking, ill stay in this until i physically cant anymore. perhaps someday i may leave the cybercrime community but i will always be into cybersecurity" 3 - How far or close do you think police is to find you for your activities >"i believe law enforcement is close. they may arrest us but they wont kill our spirit :3" 4 - Which would you call your most successful hack in terms of how much data? And of how satisfied you were of completing it >"i believe the most successful hack we've done, in terms of how satisfied we are with the execution, is the river valley church hack. stolen money, leaked user data, and doxxed pastor, perfect combination :3 the entire team collaborated on that hack too, we all put a little love into it. personally im also very proud of the nuclear lab breach. the high value target and the publicity was great, even though the collaboration and overall impact wasnt as high as i wanted" 5 - When did you get in the cybersecurity/hacking community/environment >"i first started getting into cybersecurity back in 2020, when OpMinneapolis was in action by Anonymous. i was inspired by Anonymous to get into hacking, and fueled even further by my love for computers and love for accessing nonpublic stuff." 6 - Any advice for the people that are starting with cybersecurity >"real world experience is worth far more than experience in practice environments. when possible, practice exploits on real world targets" 7 - Any tips for the best opsec, like the best things to have and tips? >"shut the fuck up. assume everything you say will be used against you. also other lame things like vpn, encrypt everything, use e2e encrypted platforms, stuff like that" 8 - Any advice that you guys should give to business owners to keep themselves safe and have a good security >"business owners need to understand that improving their cybersecurity is an expense that will save you from having to pay even more. put more money towards cybersecurity, so you dont have to deal with a data breach"

♡ Anonymous 1

1 - Are your activities worth/have there been any changes after doing an attack >"We have made positive changes, sometimes ppl don't appreciate the methods we use to get our messages across, (that being hacking) but it gets to the point where we can't sit around anymore watching our rights getting taken away" 2 - Is there any moment in which you guys will decide to stop or leave the community for going on your daily life >"I personally don't think I ever will, hacktivism is fun to me, it means I can make a difference while also doing what I love with computers" 3 - How far or close do you think police is to find you for your activities >"I believe the cops are very interested in us, it's been quite obvious sometimes especially in the public telegram chat we have, also p.s to the FBI, !!!!FUCK THE POLICE!!!!" 4 - Which would you call your most successful hack in terms of how much data? And of how satisfied you were of completing it >"I'm not going to speak of my personal satisfaction but as a group I definitely think it was the INL hack that was a funny one X3" 5 - When did you get in the cybersecurity/hacking community/environment >"I have been interested in hacking ever since I was a child, it's something you get an itch for, most hackers early on start by modding popular games and then progress into the more either black hat or white hat elements of the cybersec world. I personally fell into gray/black hat activities because it gave me more freedom to do what I want, I hate being bound by rules and laws :P" 6 - Any advice for the people that are starting with cybersecurity >"Get an account on tryhackme as soon as you can, it is the best way to learn a mass amount of irl pentesting methods and also goes into the theory side of cybersec" 7 - Any tips for the best opsec, like the best things to have and tips? >"Mullvad VPN is a must, it logs absolutely nothing and if you need a free VPS best ones that are secure and you can throw away instantly are the ones from THC[.]org. also make sure not to cross contaminate your main system with hacked files/anything incriminating " 8 - Any advice that you guys should give to business owners to keep themselves safe and have a good security >"It seems very easy to say but most of the time it comes down to this, just make sure your shit is up-to-date and also don't fuck about otherwise you WILL find out, pissing off groups or individuals will definitely get you on someone's target list"

♡ Anonymous 2

1 - Are your activities worth/have there been any changes after doing an attack >"Changes from the targets themselves, mostly no. They just usually block the place where the attack has been done, and if the attack doesn't gain much traction they just move on as if it was nothing to worry about. But to the public perception, it does change since it causes public distrust depending on the target that was attacked, many times affecting the target's income directly in the process." 2 - Is there any moment in which you guys will decide to stop or leave the community for going on your daily life > (Skip) 3 - How far or close do you think police is to find you for your activities > (Skip) 4 - Which would you call your most successful hack in terms of how much data? And of how satisfied you were of completing it >"That would be the Westboro Church, or as they like to call their website, God Hates Fags. It was the hack that most helped me move out of the recon phase and actually strike and test new skills" 5 - When did you get in the cybersecurity/hacking community/environment >"I don't know exactly, but i'd say still as a kid/teenager where i first saw those movies about hacking and those documentaries about people who used to distribute malware." 6 - Any advice for the people that are starting with cybersecurity >"If you have a computer and a dream, you can accomplish anything. Find places where you can test your skills, take courses and don't hold yourself back in terms of experimenting new things, and most importantly, have fun!!" 7 - Any tips for the best opsec, like the best things to have and tips? >"Yeah. Don't choose names that could be easily linked any personal information and if you send screenshots, obscure/remove timestamps if there are any" 8 - Any advice that you guys should give to business owners to keep themselves safe and have a good security >"Any advice that you guys should give to business owners to keep themselves safe and have a good security?"

Future of SiegedSec

How do u see the group in 1 year
>"if the group isnt shut down by feds by then, i hope itd be a thriving hacker group with an amazing and large community. "

Anything that you'd like SiegedSec to focus on/get better at
>"i'd like SiegedSec to improve with attack complexity and even higher value targets."

Has there ever been any problem with an activity that would make longer than expected finish
>"with a nonpublic target, we have a shell on the target's system and are trying to exfiltrate the mass amount of data on it. however due to the sheer size of all the files, its difficult to get literally anything done. so its taking a really long time"

And any flaws in the group that u see as one of the leads? and parts SS is best at
>"i feel as though the group as a whole isnt as skilled as i'd prefer. more experience, practice, learning, and additional members would greatly help :3"

And parts SiegedSec is best at
>"as for what i feel SiegedSec is best at; perhaps making funny headlines and having a welcoming community :D"

Seems like vio has a lot of faith in his group, and as other writters has said, they seem to have a lot of potential

And this are some words for everyone who is reading this:

>"be gay do crime :3 oh and also protest authority, however you know how, when your rights are at risk."
            

History of attacks

Not every attack will be able to be written in this list, since their first telegram channel got terminated, which made them have to make a new one, loosing all what they had written. Vio was able to tell me which ones where the ones he reposted after creating the new channel, but told me that not every hack was there.

Government


(for preventing legal problems, the info was censored, dont want to get sued) • Date: Unkown (was reposted after the first channel was terminated) • Leak: Kentucky's and Arkansas's government server docs • Link: https://t.me/SiegedSecurity/6

BesTel, Izzi Telecom and Telum


• Date: Unkown (was reposted after the first channel was terminated) • Leak: Employees data • Link: https://t.me/SiegedSecurity/7

NATO


• Date: Unkown (was reposted after the first channel was terminated) • Leak: Documents from NATO's COI portal • Link: https://t.me/SiegedSecurity/10

NATO


• Date: Unkown (was reposted after the first channel was terminated) • Leak: private docs • Link: https://t.me/SiegedSecurity/16

Faroe Islands


• Date: Unkown (was reposted after the first channel was terminated) • Leak: databases and source code • Link: https://t.me/SiegedSecurity/23

Atlassian


• Date: Unkown (was reposted after the first channel was terminated) • Leak: emplyees records • Link: https://t.me/SiegedSecurity/24

many Industrial Control Systems throughout the U.S.


• Date: Unkown (was reposted after the first channel was terminated) • Leak: nothing, they crashed and shut down control system • Link: https://t.me/SiegedSecurity/27

Israeli infrastructure


• Date: Unkown (was reposted after the first channel was terminated) • Leak: Israeli infrastructure • Link: https://t.me/SiegedSecurity/27

BEZEQ


• Date: Unkown (was reposted after the first channel was terminated) • Leak: customer database • Link: https://t.me/SiegedSecurity/32

Cellcom


• Date: Unkown (was reposted after the first channel was terminated) • Leak: customers records • Link: https://t.me/SiegedSecurity/39

Shufersal


• Date: Unkown (was reposted after the first channel was terminated) • Leak: docs with internal investigations, reports, etc • Link: https://t.me/SiegedSecurity/45

inl.gov


• Date: Unkown (was reposted after the first channel was terminated) • Leak: employee and citizen data • Link: https://t.me/SiegedSecurity/50

AOMEI


• Date: 1 december 2023 • Leak: users data • Link: https://t.me/SiegedSecurity/59

Idaho National Laboratory


• Date: 25 december 2023 • Leak: citizen data • Link: https://t.me/SiegedSecurity/63

PAVE


• Date: 11 january • Leak: personal info of sponsors, a lot of personal info and more • Link: https://t.me/SiegedSecurity/69

BrightStar Care


• Date: 24 january • Leak: nothing, decided to keep it • Link: https://t.me/SiegedSecurity/79

GLFconnect


• Date: 5 february • Leak: user database, source code, server files and more • Link: https://t.me/SiegedSecurity/82

TheTruthSpy


• Date: 12 february • Leak: nothing • Link: https://t.me/SiegedSecurity/85

education department of Cabuyao


• Date: 13 february • Leak: banking info, students info, courses, teachers and more • Link: https://t.me/SiegedSecurity/87

AirAsia


• Date: 11 march • Leak: hardcoded credentials, source code and more • Link: https://t.me/SiegedSecurity/91

TVC En Linea


• Date: 20 march • Leak: nothing, they shut down devices and cleared project info • Link: https://t.me/SiegedSecurity/97

River Valley church


• Date: April 1 • Leak: 15k records of users full names and prayer info • Link: https://t.me/SiegedSecurity/101

River Valley church (again)


• Date: April 8 • Leak: Full dox of Rob Ketterling • Link: https://t.me/SiegedSecurity/106

Real America's Voice


• Date: April 16 • Leak: Personal info of 1200+ app users • Link: https://t.me/SiegedSecurity/107

Westboro Baptist Church


• Date: April 29 • Leak: WBC Database, Website Source Code and Private Files • Link: https://t.me/SiegedSecurity/111

Sources

SiegedSec's TWitter
Cyberscoop
Them.us
Them.us
Lavanguardia.com
Webz.io
Therecord.io
Webz.io
Darkowl
Socradar
Socradar
DarkOwl
Observer.ug
Techmonitor
Newsweek
Visiontimes.com
Dailymail.co.uk
Databreaches.net