Popular furry art-sharing platform FurAffinity (FA) faced a multi-pronged cyberattack Wednesday (Aug 21, 2024).
The website’s domain (furaffinity.net) has been redirected to Kiwifarms, a controversial US-based anonymous web forum. The platform’s X (formerly Twitter) account has been compromised.
FurAffinity assured users that their personal details and passwords remain secure. However, the compromised X account has been posting pornographic images and its handle has been changed from “@Furaffinity” to “@ilovekiwi4lunch”.
A furry named Whanos has taken over the original “@Furaffinity” handle to prevent further misuse. Some furries have mistakenly attacked Whanos as the perpetrator. Meanwhile, FurAffinity worked with Whanos to protect the account handle, and has urged the community not to harass them.
Approximately 7,000 new users joined FurAffinity’s Discord server for updates on the situation. In response, FA temporarily limited access to certain features, like video and voice calling channels. These features were reopened on Aug 22.
Users were advised to avoid interacting with FurAffinity’s website and X account. They should rely on information released on their Discord server for all FurAffinity-related matters.
Restoring control
10 hours later, FurAffinity Discord server admin Luffy says the platform’s tech team regained control of the domain furaffinity.net and temporarily locked down the website.
FurAffinity restored control of their X account and their X account handle, @/FurAffinity a day later on Aug 22, 2024.
On Aug 23, 2024, FurAffinity restored control of their website and domain.
Speculation ensued, but no answer still
Despite this call, speculation happened – involving NullBulge, described as a “Russian“, “furry” hacktivist group. The entity is opposed to AI development. It aims to “(protect) artists’ rights” and “(ensure) fair compensation for their work.”
As a cybercriminal threat group, NullBulge inserts malware into the development cycle within AI and gaming-focused communities. They extort money from their targets in the name of activism, wrote SentinelOne, US-based cybersecurity company.
NullBulge named “Ploopy,” or “Le Honque”, as the supposed perpetrator. In their now-deleted X post, Ploopy was doxxed. The entity targeted them for art supposedly made with AI. They also focused on their supposed participation in AI-focused groups.
Nullbulge connected Ploopy with an internet forum user called “NSJAP”. NSJAP has a profile picture seemingly identical to an image Ploopy made before for a meme. It was four black squares in a white circle surrounded by a red background.
NullBulge thus assumed Ploopy was the same person as NSJAP. But comparing NSJAP and Ploopy’s pictures, a X user points out these are separately produced images. The images do not fit each other when superimposed.
NullBulge adds that Ploopy “posts kiwi style memes”, or memes apparently characteristic of those posted on KiwiFarms.
As NSJAP is apparently a Kiwifarms user, NSJAP’s profile picture is apparently identical to an image Ploopy produced, and the FurAffinity site was once redirected to Kiwifarms, NullBulge asserted therefore that Ploopy is guilty of hacking FurAffinity.
So, thief caught, hooray and victory? No. In fact, NullBulge was met with frustration from both furries and non-furries.
Aside from Nullbulge’s assumptions, there is no direct evidence clarifying that Ploopy was guilty of hacking FurAffinity.
A collection of posts on X emerged not long after. These posts stated that Ploopy is apparently transgender and apparently aged 15. Anger ensued among X users under the viewpoint that NullBulge had targeted the wrong person, who is also a minor.
There is no direct evidence clarifying that Ploopy is a minor.
NullBulge then asserted, the items used as evidence to support their claim about Ploopy was “beyond a reasonable doubt.” Yet, it was also “(neither) a confirmation nor a concrete evidence.”
So who was the perpetrator behind FurAffinity’s hacking? No concrete answers.
Posts, for example this one, say the perpetrator was a “teenager”.
There is no direct evidence proving the perpetrator was a teenager, let alone who they are.
“NullBulge was the work of one…”
NullBulge’s actions detailed above made many people dislike them. Furries then tried to find out who’s behind this “hacktivist” group.
X user @QWIILXEY then named a person called Zacky, X username @zack3d, as apparently the culprit behind NullBulge . In a X post, user @QWIILXEY posted three screenshots.
One screenshot shows a post apparently sent by NullBulge on a forum, in which references cracked.io, a software cracking forum.
Another screenshot from the same post shows a Telegram account purportedly belonging to Zacky. The account sent a single message also referencing cracked.io.
@QWIILXEY asserts there is a connection between these two parties. This assertion is based on the two separate screenshots. Thus, they assumed that Zacky is behind NullBulge.
There is no direct evidence connecting Zacky with NullBulge.
In response, Zacky denied involvement with NullBulge.
They assert, because their Telegram account was compromised by NullBulge, it resulted in the message in question.
Zacky wrote in another post that they were also doxxed as a result.
Stop speculating, says FurAffinity
Speculation from the community in light of FurAffinity’s hacking incident has brought no answers. Instead, it has led to other people being harrassed. The furry art sharing platform affirmed this in an announcement.
The announcement writes, FurAffinity knows there are sources claiming to have identified the bad actor responsible for this attack. But they have no way to verify these accusations. They called on the community to avoid further speculation and harrassment.
FurAffinity is working with the US’ Federal Bureau of Intelligence (FBI) to locate the perpetrator. There are no updates about that so far.
On Aug 23, FurAffinity declared their website is safe to access.
Last updated Aug 23, 2024 11:24pm Singapore Time
Developing story. Watch this page and GFTV’s Telegram newsfeed for updates.
FurAffinity 遭攻击:网站被重定向,社交账号被盗
广受欢迎的毛兽艺术分享平台 FurAffinity (FA) 正遭受多重网络攻击。
该网站的域名 (furaffinity.net) 已被重定向到 KiwiFarms,一个备受争议的美国匿名网络论坛,其 X(原 Twitter)账号也已被盗用。
FA 向用户保证,他们的个人信息和密码仍然安全。然而,被盗的 X 账号一直在发布涉黄图片(pornography),其用户名也已从 “@Furaffinity” 改为 “@ilovekiwi4lunch”。
一位名叫 Whanos 的兽迷接管了原来的 “@Furaffinity” 用户名,以防止进一步的滥用,但却被一些用户误认为是肇事者而受到攻击。FA 目前正在与 Whanos 合作,并呼吁社区不要骚扰他们。
由于大约有 7,000 名新用户加入他们的 Discord 服务器以获取最新消息,FA 暂时限制了对某些功能的访问,例如视频和语音通话频道。这些功能将于明天(8 月 22 日)重新开放。
官方建议用户避免与 FA 的网站和 X 账号进行互动,并以他们在 Discord 服务器上发布的有关所有 FA 相关事宜的信息为准。
事后10小时,FurAffinity Discord 服务器管理员 Luffy 表示,该平台的技术团队已经重新获得了对域名 furaffinity.net 的控制权,并暂时锁定了网站。
FurAffinity 于次日(2024年8月22日)恢复了对其 X 账号和其用户名 @FurAffinity 的控制权。
FurAffinity 于 2024 年 8 月 23 日恢复了对其网站和域名的控制。
猜测接踵而至,但答案一无所获
这次涉及一个被描述为“(来自)俄罗斯”、“(由)兽迷(领导)”的黑客行动组织 NullBulge。该组织反对人工智能(AI)发展,旨在“(保护)艺术家的权利”和“(确保)他们的工作得到公平补偿”。
据美国网络安全公司 SentinelOne 称,作为一个网络犯罪威胁组织,NullBulge 将恶意软件插入到以 AI 和游戏为中心的社区的开发周期中。他们以行动主义的名义向目标勒索钱财。
NullBulge 将“Ploopy”或“Le Honque”称为所谓的肇事者。在他们现在已删除的 X 帖子中,Ploopy 的个人信息被曝光。该组织针对他们据称是用 AI 制作的艺术作品,还关注他们据称参与了以 AI 为中心的团体。
Nullbulge 将 Ploopy 与一个名为“NSJAP”的互联网论坛用户联系起来。 NSJAP 的头像似乎与 Ploopy 之前为模因而制作的图像相同。它是四个黑色方块,位于白色圆圈内,周围是红色背景。
NullBulge 因此认为 Ploopy 与 NSJAP 是同一个人。但通过比较 NSJAP 和 Ploopy 的图片,一位 X 用户指出这些图像是分别制作的。这些图像在叠加时并不吻合。
NullBulge 补充,Ploopy “(曾)发布过 kiwi 风格的模因(memes)”,换句话,他发的模因所谓符合 KiwiFarms 上发布的模因的刻板印象。
由于 NSJAP 似乎是 Kiwifarms 用户、NSJAP 的个人资料图片显然与 Ploopy 制作的图片似乎相同、并且 FurAffinity 网站曾经被重定向到 Kiwifarms,NullBulge 就因此断言 Ploopy 就是入侵 FurAffinity 的黑手。
那,小偷被抓,欢呼胜利?不是的。NullBulge 反而遭到了兽迷和非兽迷的挫败。
NullBulge 的假设除外,没有直接证据表明 Ploopy 就是入侵 FurAffinity 的幕后黑手。
不久后,X 上出现了一系列帖子。这些帖子称 Ploopy 是年仅 15 岁的跨性别者。不少 X 用户愤怒地认为 NullBulge 不但找错了人,更是攻击了未成年人。
没有直接证据表明 Ploopy 是未成年人。
NullBulge 然后断言,用作证据支持他们关于 Ploopy 的主张的帖子“毫无疑问”(beyond a resonable doubt)。然而,它也“(既不是)确认也不是具体证据”。
那么 FurAffinity 黑客攻击的幕后黑手是谁?没有确切的答案。
即使有不少帖子说肇事者是一名“青少年”,没有直接证据证明肇事者是青少年,更不用说他们是谁了。
“NullBulge 是一个人的工作……”
NullBudge 上述的行为导致很多人不喜欢他们。因此有些兽友就开始试图找出该组织背后是谁操控。
后来,X 用户@QWIILXEY 然后将一个名叫 Zacky 的人,X 用户名@zack3d,称为 NullBulge 背后的罪魁祸首。在 X 帖子中,用户@QWIILXEY 发布了三张屏幕截图。
一张屏幕截图显示了 NullBulge 显然在论坛上发送的帖子,其中引用了 cracked.io,一个软件破解论坛。
同一帖子中的另一张屏幕截图显示了一个据称属于 Zacky 的 Telegram 帐户。该帐户发送了一条也引用 cracked.io 的消息。
@QWIILXEY 断言这两方之间存在联系。此断言基于两个单独的屏幕截图。因此,他们认为 Zacky 是 NullBulge 的幕后黑手。
没有直接证据将 Zacky 与 NullBulge 联系起来。
作为回应,Zacky 否认与 NullBulge 有任何牵连。
他们断言,导致这个有问题的消息是因为他们的 Telegram 帐户被 NullBulge 入侵。
Zacky 在另一篇文章中写道,在这个情况下,他们的个人信息也被曝光了。
FurAffinity:不要再猜测了
FurAffinity 黑客事件发生后,社区的猜测没有带来任何答案。相反,它导致其他人无辜受骚扰。该毛兽艺术共享平台在公告中指出了这一点。
公告写道,FurAffinity 知道有消息来源声称已经确定了对此次攻击负责的坏人。但他们无法核实这些指控。他们呼吁社区避免进一步的猜测和骚扰。
FurAffinity 正在与美国联邦调查局 (FBI) 合作,以找到肇事者。目前还没有相关更新。
8 月 23 日,FurAffinity 宣布其网站可以安全访问。
更新时间: 新加坡时间 2024 年 8 月 23 日 下午11:24
故事正在发展当中——请关注本页面和兽视Telegram 新闻栏以了解最新进展。
Global Furry Television 