“Gay Furry Hackers” Claim Credit for Hacking Heritage Foundation Files Over Project 2025

The hacker collective SiegedSec says it infiltrated the conservative think tank to oppose its campaign against trans rights.

Heritage Foundation President Kevin Roberts introduces former Vice President Mike Pence during an event to promote his new book at the conservative think tank on October 19, 2022 in Washington, DC.
Heritage Foundation President Kevin Roberts introduces former Vice President Mike Pence during an event to promote his new book at the conservative think tank on Oct. 19, 2022 in Washington, D.C. (Photo by Chip Somodevilla/Getty Images)

SiegedSec, a collective of self-proclaimed “gay furry hackers,” has claimed credit for breaching online databases of the Heritage Foundation, the conservative think tank that spearheaded the right-wing Project 2025 playbook. SiegedSec released a cache of Heritage Foundation material as part of a string of hacks aimed at organizations that oppose transgender rights, although Heritage disputed that its own systems were breached.

In a post to Telegram announcing the hack, SiegedSec called Project 2025 “an authoritarian Christian nationalist plan to reform the United States government.” The attack was part of the group’s #OpTransRights campaign, which recently targeted right-wing media outlet Real America’s Voice, the Hillsong megachurch, and a Minnesota pastor.

In his foreword to the Project 2025 manifesto, the Heritage Foundation’s president, Kevin Roberts, rails against “the toxic normalization of transgenderism” and “the omnipresent propagation of transgender ideology.” The playbook’s other contributors call on “the next conservative administration” to roll back certain policies, including allowing trans people to serve in the military.

“We’re strongly against Project 2025 and everything the Heritage Foundation stands for,” one of SiegedSec’s leaders, who goes by the handle “vio,” told The Intercept.

In its Telegram post, SiegedSec said it obtained passwords and other user information for “every user” of a Heritage Foundation database, including Roberts and some U.S. government employees. Heritage Foundation said in statement Wednesday that SiegedSec only obtained incomplete password information.

The remainder of more than 200GB of files the hackers obtained were “mostly useless,” SiegedSec said.

The Intercept reviewed copies of files provided to the transparency collective Distributed Denial of Secrets. They included an archive of the Heritage Foundation’s blogs and a Heritage-aligned media site, The Daily Signal, as of November 2022.

This is at least the second hack against the Heritage Foundation this year. In April, Heritage shut down its network following a cyberattack tentatively attributed to nation-state hackers. SiegedSec targeted the Heritage Foundation in early June, according to vio, who denied involvement in the earlier attack.

A spokesperson for the Heritage Foundation said Wednesday that the files were not obtained by hacking its systems, but that SiegedSec discovered them on a third party’s site.

“An organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor,” said Noah Weinrich, a Heritage spokesperson. “No Heritage systems were breached at any time, and all Heritage databases and websites remain secure, including Project 2025. The data at issue has been taken down, and additional security steps have since been taken as a precaution.”

SiegedSec’s other recent operations have targeted NATO and Israeli companies to oppose the war in Gaza. 

Update: Wednesday, July 10, 6:36 p.m. ET

This article was updated to include comment from the Heritage Foundation disputing that the files released by SiegedSec were the result of a hack of its systems and were hosted instead on a third party’s website.

Latest Stories

Join The Conversation