the FBI already has access to IP addresses on 8chan: Why Josh left 8ch, and possibly some insight on why 8ch got hacked recently

8ch’s worker “C!Odemonkey” wrote:

About Sunshine
Earlier, Sunshine came to my attention again after the source code for it was posted on freech’s /intb/ board ( Since users were concerned about it, I investigated the Sunshine code and looked back through my logs to figure out exactly when it was created, why it was created, for what purpose, and exactly what it does.
Sunshine was created on October 9, 2015.
On October 8, 2015, the 8chan Administrator (who, at the time, was Hotwheels) received an email from the American authorities, who were concerned about a post on 8chan threatening an attack against a school in the Houston area ( Because of their incompetence, the 8chan Admin received a scanned picture of a photocopy of a printed 8chan post (pic related). The post in the picture (dated October 1, 2015) indeed contained a threat against a school in the Houston area, but due to the bureaucracy of the authorities, it arrived approximately a week too late and the original post had already been deleted.
Sunshine was created by Hotwheels on October 9, 2015 after we discussed a way to make sure kids didn’t get killed. It was meant to help prevent potential school shootings in the future if the shooter(s) happened to post specific threats on 8chan (i.e., bomb threats, shootings, etc.). Sunshine was neither an imposition nor a request by third parties. The pros of Sunshine were believed to outweigh the cons.
What Does It Do?
Sunshine takes the IP address and message of a poster, pads it with a few bytes of junk data, encrypts it using a RSA pub key, then stores the encrypted data. This data remains in encrypted form with decryption only possible by Hotwheels. With the way it is set up, nobody will be able to read anything on the Sunshine database unless they get access to Hotwheels’ laptop.
Sunshine Security
When creating Sunshine, Hotwheels used a 2048-bit RSA public/private key pair with the openssl_private_decrypt() and openssl_public_encrypt() functions. The public key was stored on the server as sunshine.pem and the private key was stored on Hotwheels’ laptop offsite – precisely because Hotwheels thought 8chan could be hacked one day (it was and here we are). Hotwheels told me which folder the key was in on his laptop in case he ever suddenly died and I needed to use Sunshine.
When Was It Used?
8chan gets around half a dozen requests per year from the authorities, mostly because of threats. Usually the authorities are quick and the data is still on the boards. According to my records, Sunshine was successfully used exactly once to help the Australian authorities.
How Long Was Sunshine Active?
Sunshine ran from its inception until early 2016, a period of turmoil for 8chan. During the Great Posting Crisis, it was culled to gain performance and improve posting. Sunshine was re-enabled in September 2016 and remained active until April 1, 2017. Sunshine is now disabled and will remain disabled on 8chan.
The Way Forward
I will be open-sourcing 8chan again and Sunshine will be included as a commit with instructions for any future imageboard admins who might want to use it. I have since asked Hotwheels to destroy the Sunshine private key and, on April 4, 2017 at exactly 09:56am GMT, Hotwheels destroyed it, thus ensuring Sunshine can never be unencrypted.
Of course, I have chat logs and emails to back this up, which is why I am able to give you so many details on such short notice.
Now that this is out of the way, I have mod.php to fix, boards to restore, and a website to run.

Original post:

Josh, a coder for 8ch, wrote the following:

let me clear up some misconceptions:

1. Frederick has a tranny gf: No, this is not true. He did engage in “relations” with a ftm hooker but it was by mistake. He get’s really sensitive when this is brought up (it’s why he added signature verification in January, because a user was spreading rumors) so please stop saying it.

2. 8chan is selling your user data: Again, not true, but only because there is nothing to sell. This will change with infinity next, and there are legitimate data protection issues with 8chan which I’ll address below.

3. Jim owns 8chan: No, he owns the server 8chan runs on. You guys need to stop falling for every trick /ints/ plays. Now theoretically he could seize the domain as he did with 2chan but he already calls the shots anyways so I don’t see why he would.

Now that everything is cleared up, let me tell you what finally forced me to quit. I could handle the incompetence, I could even handle the lifestyle, but I could not — I repeat, I could not — program malware into infinity next while lying to the userbase. I was asked to do it, and I had to say no. As you all know the FBI already has access to IP addresses on 8chan (yes, the FBI actually does have global moderator status funnily enough…), but infinity next is going to go further.

When Google blacklisted 8chan, Jim went apoplectic — literally throwing things around the office in rage. He assumed the costs of running 8chan on the expectation that captcha and ad-sense could be integrated into its successor, infinity next, in order to run a profit. Now that dream was dead, and ever since then both Jim and Frederick have been on a PR “offensive” to get 8chan off the shit list, so to say. Finally an opportunity came up that would allow them to alleviate Google’s concerns about illicit content: a backdoor.

A front for the NSA.

A company known as “Red Hat” — famous for developing the Fedora linux distro — contacted Frederick (presumably at the behest of some alphabet agency) offering to sell what amounts to a keylogger program that could be inserted into infinity next’s code. It would store every single post made by every single user on a database run by Red Hat for the use of law enforcement agencies should they require. After a bit of research I learned that Red Hat is itself an NSA subsidiary, and that the same program has been used by 4chan since 2010. This was presented as an opportunity to “legitimize” 8chan, and thus remove it from the Google blacklist (and perhaps regain access to funding sites that have shut out 8chan).

I was asked to insert this code by Jim personally. I was afraid to say no, so I said I’d get to it, but went straight home and booked a flight. 8chan had become a shadow of what it once was, and I wasn’t about to betray the userbase and become a lackey for the US government. To be honest, I don’t think Frederick wants this either — but what choice does he have? He is heavily disabled, alone in a foreign third world country, and completely dependent on Jim. He’s trapped.

Anyways, that’s my story. I wish it didn’t end this way, I really do. I had to move back in with my mother, who I don’t get along with, and now I have to find an actual job…but I felt obliged to tell you all the truth, and to apologize for the way things turned out. I won’t tell you to quit 8chan like I did, but you should at least know what’s really happening.


View profile at

Actually, it turns out that I should have been more wary of RedHat. Consider the following old story from 2015:


Red Hat and NSA: This is Not News

Posted in GNU/Linux, Red Hat, Security at 6:47 am by Dr. Roy Schestowitz

Red Hat and back doors: poll from FOSS Force

Red Hat poll

Summary: The return of XKEYSCORE to some media outlets (not news anymore) brings us back to debating Red Hat’s role (also not really news)

QUITE a few sites (see [1-3] below) seem to be talking about Red Hat’s special (but no longer secret) relationship with the NSA, which is not at all news. The NSA uses a lot of RHEL (and also Fedora) on some malicious spying equipment, based on various NSA leaks. We already wrote a great deal about this back in 2013 [1, 2, 3, 4]. The only new thing we learn from the latest articles is that Red Hat continues to refuse to remark on the subject, even when asked by journalists (see the first article below).

Related/contextual items from the news:

  1. NSA runs its spying activities on Red Hat Linux

    A little over two years ago, the first disclosures about the massive surveillance operation being carried out by the NSA were made in the Guardian, thanks to an intrepid contractor named Edward Snowden.

    Now comes the rather disturbing information that the NSA runs its XKEYSCORE program — an application that the Intercept, the website run by journalist Glenn Greenwald, describes as NSA’s Google for private communications — for the most part on Red Hat Linux servers.

  2. Evil NSA runs on saintly Linux, Apache, MySQL

    If report is correct, Red Hat’s marketing department has a very tricky customer reference

  3. Red Hat Used by NSA Spies, SELinux Possibly Bypassed

    SELinux is a product of the NSA and some worried when it was added to Red Hat, Fedora, and later many other distributions. Even before Snowden revealed the massive government spying, having the NSA anywhere near Linux activated certain Spidey-senses. Now we learn that SELinux may have had an exploit for bypassing the security enforcements. Italian software company Hacking Team, who admits to providing “technology to the worldwide law enforcement and intelligence communities,” has been selling technology to governments (most with bad human rights records) to assist in gathering surveillance data on citizens, groups, journalists, and other governments. Recently Hacking Team was hacked and their information has been leaked onto the Internet. Besides the SELinux exploit, it’s been reported that the FBI, U.S. Army, and the Drug Enforcement Agency are or were customers of Hacking Team’s services.

This entry was posted in current events. Bookmark the permalink.