There have been some messages going round about a propourted “operation pridefall” event in which alleges that members of the LGBTQIA+community and or allies, starting 07/06/2022, will undergo attacks on their social media platforms with attempts to grab IP addresses, hack accounts, dox them, etc.
Upon researching I can find 0 credible sources regarding this alleged attack in 2022 and most articles point back to a post on alt-right 4Chan in 2020. So much so that I cannot find anything about it on even PinkNews other than this piece from 2020 (I assume that Pink News is still OK enough within the community?) and if we want to go more “main stream” VICE also posted an article back in 2020. I do not however consider either outlet to be specifically a source of information regarding cyber attack information, but simply a reference in this instance for this particular report.
Based on this, and that none of the usual sources for cyber sec news are reporting on this, its likely that this report is fake. Previous years have resulted in minimal / no action in the reported manner.
So do I need to do anything?
Well, my suggestion is BE CAUTIOUS AS ALWAYS.
I do have some tips for you though, which can be applied to this situation if you are concerned, but are generally just good practice.
If you stream on Twitch
Prepare a “hate raid” button or “panic button” incase the worst does happen. There are multiple methods of doing this. The linked video is just one way of doing it. You should make sure your “panic button” also disables your auto shout outs for follows on any bots you may be using.
Bots such as sery_bot can auto ban known bad actors from chat for you.
Consider using automod for Twitch and increasing levels that automod will ban / block for. It’s easier to allow things through that are OK, than it is to be dealing with mass removal of nasty messages.
Additionally make sure your mod are on hand to remove bad actors from your chat.
If you have a Discord server
Make sure that you have set your verification level requirements for people joining to the highest possible options or at least a HIGH setting. You can do this from Server settings > Moderation
Ensure that nobody in your server (other than your trusted moderators) have the ability / permissions to use TTS or the ability to @ everyone or @ here.
Depending on how your Discord is setup you may need to do this channel by channel or per permission. TTS on or ability to tag everyone can spam all your members automatically, or even allow you to hear TTS sent in Discord when you stream. This is not a good idea in general and I would advise EVERYONE turns this off anyways.
Be cautious of any links from new joiners or DM requests. This is common sense as you would be cautious of links in any emails, the same goes for ANY other channel.
Report bad actors that send harassing messages as you ban them to the discord security team! Discord are pretty hot on removing / revoking access to these accounts
What about other social media?
Blocking and reporting harassment is your friend in these instances. You aren’t really in control of the content you are exposed to outside of using the tools provided there. But use them if you have to!
Anything else?
Good security practice on EVERYTHING you do is always advised regardless of any alleged attacks. The smaller you make the attack surface, the harder it is.
This means setting up things like 2FA if your platform supports it for logging in. Most platforms support it in some form. SMS is considered the least secure, with OTP generation using specific tools like Authy or Google Authenticator (others are available of course) being most preferable.
Good password security on top of your 2FA is also highly recommended. This means using some type of password manager and generating complex passwords for all of your logins separately for each platform so that you do not even know the passwords yourself. There are many good options out there that you do not have to manage yourself, some free, some paid, and some open source that you have to manage yourself (which comes with its own complexity). You should decide which is right for you to mitigate risks.
A VPN could be an option if you want to mitigate against IP grabbing attacks. Most likely an IP grabbing attack will result in something such as being DDOS attack. MOST service providers will use a dynamically assigned IP address and leaving your modem / router off for 30 minutes will change it. HOWEVER this isn’t always the case! Again, caution is the best approach with anything. Only you can decide if you consider it enough of a threat to use a VPN.
Make sure your router cannot have its admin portal accessed via the internet. Check your manufacturer for instructions on how to do this! Most only allow access within your local network anyway so it shouln’t be too much of an issue. But it’s worth checking if there is an option for “allow remote managemet” or similar enabled, and if there is, to turn it off.
There are other things you can do such as turning off uPnP and removing port forwarding, as they also present a possible point of entry to your home LAN. However these are considered a little more on the side of advanced and I would encourate you do your own research before changing any options like this!
Stay safe one and all!
Note: Any brands mentioned (unless otherwise stated) does not constitute a recommendation of a specific product, merely a point of reference for you to perform your own research and decide on best options for yourself. I try to stay as neutral as possible for research and discussion articles.
