Authors:
(1) Anh V. Vu, University of Cambridge, Cambridge Cybercrime Centre ([email protected]);
(2) Alice Hutchings, University of Cambridge, Cambridge Cybercrime Centre ([email protected]);
(3) Ross Anderson, University of Cambridge, and University of Edinburgh ([email protected]).
Table of Links
Abstract and 1 Introduction
2. Deplatforming and the Impacts
2.1. Related Work
2.2. The Kiwi Farms Disruption
3. Methods, Datasets, and Ethics, and 3.1. Forum and Imageboard Discussions
3.2. Telegram Chats and 3.3. Web Traffic and Search Trends Analytics
3.4. Tweets Made by the Online Community and 3.5. Data Licensing
3.6. Ethical Considerations
4. The Impact on Forum Activity and Traffic, and 4.1. The Impact of Major Disruptions
4.2. Platform Displacement
4.3. Traffic Fragmentation
5. The Impacts on Relevant Stakeholders and 5.1. The Community that Started the Campaign
5.2. The Industry Responses
5.3. The Forum Operators
5.4. The Forum Members
6. Tensions, Challenges, and Implications and 6.1. The Efficacy of the Disruption
6.2. Censorship versus Free Speech
6.3. The Role of Industry in Content Moderation
6.4. Policy Implications
6.5. Limitations and Future Work
7. Conclusion, Acknowledgments, and References
Appendix A.
5.3. The Forum Operators
The disruption of KIWI FARMS led to a cat-and-mouse game where tech firms tried to shut it down by various means while the forum operators tried to get it back up. We extract messages of the forum operators from a Telegram channel activated after the Twitter campaign, where they posted 107 announcements during the period, mostly about when and where the forum was back, the ongoing issues (e.g., DDoS attacks, industry blocks), and their plans to fix.
The admins were very active, for example, sending seven consecutive messages on 23 August 2022 that mostly concerned the large DDoS attack on that day, see Figure 7. The
second peak was on 6 September 2022 after Cloudflare and DDoS-Guard’s withdrawal of service, mostly about forum availability. The number of announcements then gradually decreased, especially after the second recovery, with many days having no messages. A DDoS attack hitting the forum during Christmas 2022 caught the admins’ attention for a while. Their activity was inversely correlated with the forum’s stability; they were less active when the site was up and running stably or when there were no new incidents, for example, many announcements were posted in September, late October, and late December 2022, when the forum was under DDoS attacks and disruptions as shown in Figure 4.
We took a deductive approach based on the extracted announcements to comprehend the effort made by the forum operator to restore service. KIWI FARMS needed DDoS protection to hide its original IP address and evade cyberattacks, so the operators first switched their third-party DDoS protection to DDoS-Guard, then DiamWall, yet these firms also resigned their business. They then attempted to build an anti-bot mechanism themselves based on HAProxy – an open-source software to stop bots, spam, and DDoS using proof-of-work [80] – and claimed to be resilient to thousands of simultaneous connections. They also changed hosting providers to VanwaTech and eventually their own firm 1776 Solutions, and attempted to route their traffic through other ISPs. They were actively maintaining infrastructure, fixing bugs, and giving instructions to users to deal with their passwords when the forum experienced a breach. The operators’ effort seemed to be competent and consistent.
