SiegedSec, who describe themselves as “gay furry hackers,” claimed responsibility for a cyberattack on The Heritage Foundation before the hacktivist group promptly disbanded.
The Heritage Foundation cyberattack surfaced on July 2, 2024, when SiegedSec allegedly released two gigabytes of the conservative think tank’s internal data.
The Heritage Foundation was specifically targeted because of its “Project 2025” plans, which SiegedSec views as a blueprint for Donald Trump to implement sweeping far-right reforms should he win another term as president. According to the hacktivist group, these plans align with anti-trans and anti-abortion policies they are actively opposing through their cyber campaign.
SiegedSec’s Cyberattack on The Heritage Foundation Explained
On July 2, SiegedSec released an alleged leak from The Heritage Foundation’s blogs and material related to ‘The Daily Signal’, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022.
The leak exposed sensitive information, including full names, email addresses, passwords, and usernames of individuals associated with The Heritage Foundation, including users with U.S. government email addresses.
In its Telegram channel, SiegedSec explained its motives, saying, “Project 2025 threatens the rights of abortion healthcare and LGBTQ+ communities in particular. So of course, we won’t stand for that!”
However, according to an article in Fudzilla, a Heritage spokesperson refuted the claims, stating that “an organized group stumbled upon a two-year-old archive of The Daily Signal website available on a public-facing website owned by a contractor.”
The spokesperson said no Heritage systems were breached at any time, dismissing the hack as “a false exaggeration by a group of criminal trolls seeking attention.”
SiegedSec Announces Retirement, Exposes Chats with The Heritage Foundation
Following the alleged data breach, SiegedSec surprisingly announced the group’s disbanding on July 11.
“Yes, this is a sudden announcement. We planned to disband later today or tomorrow, but given the circumstances, I believe its best we do so now.
“I’ve been considering quitting cybercrime lately, and the other members have agreed it’s time to let SiegedSec rest for good,” the group posted on its Telegram account.
The group then invited The Heritage Foundation to contact them over the leak, which is when one Mike Howell, an investigative columnist for the Daily Signal, contacted SiegedSec over the messaging app Signal.
In a conversation with Vio, a spokesperson for SiegedSec, Howell said that The Heritage Foundation was “in the process of identifying and outting [sic] members of your group” and working with the FBI.
In its Telegram post on July 11, SiegedSec said, “Mike Howell reached out to us, at first to ask questions to understand our motives and why we breached his organization. Then, he proceeded to throw insults, threats, and claimed our existence was against nature.”
“We tried answering things in a way to hopefully help him understand. But as his insults grew, so did our impatience. So we are releasing all of our chat logs with Mike Howell.”
Chat Logs of SiegedSec vs Heritage Foundation Response
The chat logs appear to support the claims made by SiegedSec. The chat transcript showed Mike Howell using offensive language to describe SiegedSec members. Howell also threatened to expose the identities of the hackers, using a homophobic slur in the process.
Following an exchange where Howell issued a violent threat, SiegedSec member vio queried whether Howell would object to the conversation being made public.
“Please share widely,” Howell responded, “I hope the word spreads as fast as the STDs do in your degenerate furry community.”
Howell reposted this information on Twitter, quoting the lyrics of the song “The Way I Am” by Eminem. Howell’s retweet essentially confirmed the authenticity of the chat logs.
SiegedSec, however, maintained that their decision to disband was pre-planned.
“While this announcement may seem abrupt,” SiegedSec explained, “we had already planned to disband within the next day or two. Given the recent developments, including the intense media attention and the potential for FBI involvement, we believe disbanding now is the best course of action for our mental wellbeing.”
The group elaborated that they had been contemplating ending their cybercrime activities for some time, and the other members agreed it was time to permanently shut down SiegedSec’s operations.
History of SiegedSec’s Cyberattacks
SiegedSec, a hacktivist collective led by “YourAnonWolf,” gained prominence shortly before the Russian invasion of Ukraine. The group, humorously labeling themselves as “gay furry hackers,” quickly amassed a following and claimed responsibility for various cyber attacks.
Operating with affiliations to groups like GhostSec, SiegedSec is known for its witty slogans and profane communication style. The collective predominantly comprises members in the 18-26 age bracket, showcasing a youthful and dynamic approach to their hacking activities.
Some of the organizations associated with SiegedSec’s cyberattacks include NATO, River Valley Church in the U.S. for its alleged anti-trans stand, AirAsia Berhad, Murphy Oil Corporation and Telerad Bangladesh Ltd.