Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - US
The Guardian - US
World
Jason Wilson

‘Gay furries’ group hacks agencies in US states attacking gender-affirming care

The SiegedSec Telegram account has posted dozens of links to data breaches and leaks, and claimed responsibility for defacing a range of websites.
The SiegedSec Telegram account has posted dozens of links to data breaches and leaks, and claimed responsibility for defacing a range of websites. Photograph: Cultura/REX/Shutterstock

A group of self-described anti-US government “gay furries” have distributed hacked materials from agencies in six US states in recent days, citing legislative attacks on gender-affirming care as their motive.

The data released by the group, which calls itself SiegedSec, includes South Carolina police files, a list of licensed therapists in Texas and contact details for court officials in Nebraska. The Guardian’s review of that data has substantiated the group’s claims that the materials sourced from state and local agencies are genuine.

A post to SiegedSec’s Telegram channel on Tuesday night announced that “MOAR DAMAGE MUST BE DONE!” and “Our next attack on the U.S government has arrived!” Furries are a subculture united by passion for anthropomorphism.

In another recent post announcing a distribution of data breached from a system used by the city government of Fort Worth in Texas, SiegedSec said its motive was “to make a message towards the US government”, adding: “Texas happens to be one of the largest states banning gender-affirming care, and for that, we have made Texas our target.”

The Guardian emailed an address provided on SiegedSec’s Telegram to ask for more information about the group. A reply from the alias “youranonwolf” read: “SiegedSec is a small tight-knit group, aside from that, I’d prefer not to give much about our group away.”

In June, Texas’s rightwing Republican governor, Greg Abbott, signed a law that restricts transgender minors from accessing gender-affirming treatments. Previously, the state’s attorney general, Ken Paxton, launched an investigation into gender-affirming care at an Austin clinic after it was targeted by the rightwing propaganda outlet Project Veritas.

Tuesday’s Telegram post claimed that SiegedSec had also breached security at Pennsylvania Provider Self-Service, a platform hosted by the Pennsylvania department of human services (DHS) that, according to the program’s manual, allows childcare providers to “manage [their] working relationship with the department and [their] clients”.

The post also claimed the group had carried out another security breach by defacing the South Dakota boards and commissions (BAC) website, which provides a consolidated calendar for the state’s administrative and professional boards.

While the South Dakota governor, Kristi Noem, signed laws banning gender-affirming treatments for minors in February, LGBTQ+ groups have praised Pennsylvania’s moves to enshrine LGBTQ+ non-discrimination provisions in law.

Asked why Pennsylvania had been targeted when it was moving in the opposite direction to many red states on LGBTQ+ rights, “youranonwolf”, the SiegedSec spokesperson, wrote: “The goal of that attack on the Pennsylvania DHS was to simply spread our message, and hopefully encourage others to do the same.”

They added: “We will refrain from targeting states allowing gender-affirming care, but with Pennsylvania we saw a good opportunity that would result in minimum damage.”

The Guardian emailed the South Dakota BAC website administrator and Pennsylvania’s DHS for comment, but received no immediate response.

Beyond these security breaches, however, SiegedSec’s post contained a link to a repository of material from agencies in South Carolina, Nebraska and Texas. The Guardian downloaded the material from an encrypted cloud storage platform where it was stored.

The most substantial dump comes from South Carolina’s criminal justice information services (CJIS), a branch of the state law enforcement division (Sled), South Carolina’s state police.

According to CJIS’s website, the agency “serves as the central state criminal justice information repository – collecting, processing, storing and disseminating crime data and criminal identification and record information”.

The website also outlines agency activities including storing and serving fingerprint data, maintaining the state’s sex offender registry, collating crime reports and feeding information to the National Crime Information Center.

One folder in the leak includes a questionnaire to be given to individuals to acknowledge their membership in gangs. Another folder contains instructions and forms for officers looking to fly on commercial aircraft with firearms.

A folder labeled “Conferences” contains presentation slide decks created by the FBI and state agencies on topics from how to handle juvenile offenders’ fingerprints to how to administer federal background checks on firearms purchasers. Meanwhile, a folder labeled “SEX OFFENDER REGISTRY” contains nationwide contacts at law enforcement agencies around the country.

Anti-LGBTQ+ bills currently before the South Carolina statehouse include SC 4047, which would criminalize the provision of gender-affirming care to minors.

The Guardian emailed Sled for comment on the breach, but received no response.

Another part of the leak is data from the Nebraska supreme court intranet, which includes the software infrastructure for the platform the court uses to communicate with its personnel, and a list of staff working in Nebraska’s probation system.

Last May, Nebraska’s governor signed a law passed by the legislature earlier that month enacting a 12-week abortion ban and restrictions on gender-affirming care for minors.

The hackers claimed that another part of the cache comprises data from the Texas behavioral health executive council (BHEC), a body created in 2019 as an umbrella for professional boards governing marriage and family therapists, counselors, psychologists and social workers.

A large text document lists the details of thousands of therapists, and the data matches up with information retrieved in license searches on the site of the Texas executive council of physical therapy and occupational therapy examiners, a parallel body to the BHEC covering other therapeutic disciplines, and is likely a scrape of that body’s website.

The Guardian emailed a request for comment to the BHEC ahead of publication, but received no immediate response. In a subsequent email the agency denied that any security breach had taken place on its systems.

The BHEC was embroiled in controversy in 2020 when one of its member boards, the board of social work examiners, repealed a section of its code of conduct that forbade discrimination on the grounds of sexual orientation, gender identity and disability.

The repeal – made on the recommendation of Republican governor Greg Abbott – triggered an outcry from LGBTQ+ groups and professional bodies in Texas and beyond, and was soon repealed.

The SiegedSec Telegram account was opened on 2 April 2022. In the months since, the account has posted dozens of links to data breaches and leaks, and claimed responsibility for defacing a range of websites.

Only a portion of the attacks are presented as politically motivated “hacktivism”, in which the targets are often state governments that have made moves to restrict abortion or LGBTQ+ rights.

Tuesday’s post promises more breaches aimed at governments passing anti-LGBTQ+ laws.

“We have planned the next attacks carefully,” the post reads.

• This article was amended on 2 July 2023 to note that the information that the hacker group claimed it had acquired from a hack of the BHEC matches up with searches of information from another Texas agency, and to add a comment from the BHEC which said that no security breach had taken place on its systems.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.