Monday, February 14, 2022



Civil servants, NASA employees and an American billionaire among donors leaked in GiveSendGo hack

Bryan Passifiume - 
National Post

An American tech billionaire, two NASA employees and Canadian civil servants are among a leaked list of nearly 100,000 Freedom Convoy donors, according to information released by hackers responsible for taking down the group’s crowdfunding site.

Late Sunday night, hackers took down the website of GiveSendGo, the U.S.-based crowdfunding website flocked to by convoy organizers after GoFundMe cancelled their multi-million dollar campaign earlier this month.


The hackers also released a spreadsheet of raw donor data containing names, emails and dollar amounts of nearly 93,000 individuals who purportedly donated money to the Freedom Convoy.

GiveSendGo’s website was still offline by late Monday afternoon.

On Sunday night the site’s homepage was replaced with “GiveSendGo IS NOW FROZEN!” in bold, blue text, as well as a manifesto scrolling over a clip from the Disney film Frozen II , depicting Elsa singing Show Yourself while riding across the Dark Sea on a horse made of water.

“Attention GiveSendGo grifters and hatriots,” read the manifesto.

“The Canadian government has informed you that the money you a–holes raise to fund an insurrection is frozen.”

The hacker accused Boston-based GiveSendGo of being complicit in funding last year’s Jan. 6 raid on the U.S. Capitol by Donald Trump supporters, and likewise funding of ongoing blockades and protests in Ottawa and across Canada.

“You are committed to funding anything that keeps the raging fire of misinformation going until that it burns the world’s collective democracies down,” the manifesto read.

While the hacker didn’t identify themselves, an individual claiming responsibility told British news outlet The Guardian they intended to prove Canada was’t immune to foreign political interference.

The immense spreadsheet, available for download Sunday night on GiveSendGo’s hacked website, accounts for $8,421,806.50 in donations from 92,844 individuals.

While most donations came from the United States — 52,000 American donors were listed compared to 36,000 originating in this country, Canadians gave the most money overall, about $4.3 million compared to $3.62 million from U.S. donors.


'An occupation': GoFundMe pulls plug on fundraiser for convoy protesters

Trudeau wants the 'foreign money' funding illegal protests in Canada to stop

While GiveSendGo has yet to issue a statement on the hack or the veracity of the leaked donors list, several names on the spreadsheet were independently confirmed as donors by the National Post. Inquiries for comment were also made to email addresses for major donors on the list but were not immediately acknowledged.

As well, it’s impossible to determine how many opted to donate via bank transfer or cryptocurrency.

All but 686 of received donations were under $1,000.

The largest donation is $215,000 made on Feb. 6, listed as ‘Processed but not recorded’ and without any further data.

The largest named donation — $90,000 — was apparently made on Feb. 9 by American tech billionaire Thomas Siebel, including a $9,000 donation towards GiveSendGo.

That same day saw the largest Canadian donation, $75,000 — plus an extra $1,000 in GiveSendGo’s tip jar— by the president of a New Brunswick-based pressure washer manufacturer.

Other large donations include $25,000 from a London, Ont. based vice-president of the AutoCanada car dealership chain, and $20,000 from the chair of a Cannington, Ont.-based community and family support organization.


Dallas, Texas-based construction magnate Ben Pogue appears to have donated $20,000. According to reports by both ABC News and the Associated Press, Pogue donated over $200,000 to help re-elect former U.S. president Donald Trump, including providing private jet access for Trump’s re-election campaign.

Canadian public employees are also listed as donors, including a Quebec man who used a Correctional Service of Canada email address to donate $102.


Several U.S. donors apparently gave money using U.S. government emails, including the U.S. Bureau of Prisons, the U.S. Department of Justice, and NASA.

A Conservative Party of Canada spokesperson confirmed a $200 donation from a “Candace Bergen” in Saskatchewan was not made by the interim CPC leader, pointing to differences in the spelling of her first name.


Sunday’s hack comes a little over a week after TechCrunch reported security lapses in GiveSendGo’s website , specifically 50 gigabytes of unencrypted cloud storage space that exposed thousands of scanned drivers’ licences and passports submitted by donors as part of the site’s payment process.

Experts say Sunday’s attack highlights the importance of security for those with high-profile online presences.

“Attackers only have to be right once, while defenders have to be right all of the time,” said Richard Henderson, chief information security officer with cybersecurity firm WithYouWithMe.

“It just takes a single mistake to allow a skilled attacker in, and once they’re inside its game over.”

The scope of the attack, which saw intruders not only take control of GiveSendGo’s DNS records but also get their hands on their donor lists, suggests they had “free rein” inside the company’s data.

“We’ve seen this multiple times in the past with other ‘copycat’ sites quickly thrown up rapidly by right-leaning groups,” he said.

“Get something online quick with little to no attention paid to security or secure deployment, and all it takes is a skilled hacker to come along and rip it all to shreds.”

As GiveSendGo’s first data leak involved thousands of donors’ scanned identity documents left out in the open, Henderson suggested people give serious thought about who they share sensitive information with online.

“People regularly just hand over their personal information without taking even an extra second to consider the security implications of doing so,” he said.

“You really have no idea what protections a company have in place to protect your personal information.

“Clearly in this case, there was very little.”

• Email: bpassifiume@postmedia.com


Feds go after blockade financing with expanded Fintrac powers, directions to banks

OTTAWA — The federal government is broadening the scope of anti-money laundering rules and directing banks to cut off services to those suspected of aiding the trucker protesters as it looks to put an end to what it says are illegal blockades.

Finance Minister Chrystia Freeland also said in a late afternoon news conference Monday that crowdfunding sites, some of which are being used to channel money to the protesters, will now be required to report to the Financial Transactions and Reports Analysis Centre of Canada


The move, to be made permanent, will allow Fintrac to make more information available to police and other enforcement agencies, she said.

"We are making these changes because we know that these platforms are being used to support illegal blockades and illegal activity, which is damaging the Canadian economy," she said.

Freeland said that under the Emergency Act, the government has also authorized banks to cut off services to both individual and business clients who they suspect are aiding the blockades.

She said the banks would be protected against civil liability in doing so.

The government has directed financial institutions to review their relationship with anyone involved in the blockades and to report findings to the RCMP or CSIS, she said.

"This is about following the money. This is about stopping financing of these illegal blockades."

The measures allow for such actions as an insurer suspending coverage and a bank freezing a truck owner's corporate or personal accounts.

As well as chartered banks and credit unions, Fintrac requires reporting from institutions such as insurers and securities dealers, and from professionals such as accountants and real estate brokers.

Freeland said federal institutions have broad new authority to share information with the banks and work to end funding for the groups behind the blockades.

Canada's big banks did not immediately respond to a request for comment. The Canadian Bankers Association declined to comment.

Prime Minister Justin Trudeau invoked the Emergencies Act to bring to an end to antigovernment blockades he says are illegal and not about peaceful protest.

This report by The Canadian Press was first published Feb. 14, 2022.

The Canadian Press


No comments:

Post a Comment