Cyber Incident Victim: Kiwi Farms
Date:
Aug 2022
Location:
Canada
Summary
Kiwi Farms experienced a service disruption attributed to a DDoS attack and network intrusions, leading its upstream ISPs to block routing to its servers, effectively forcing the site offline. The forum, known for hosting harassment campaigns and doxxing against marginalized individuals—including a high-profile swatting incident—faced public pressure urging Cloudflare to revoke its security services, with activists highlighting the platform's role in enabling real-world harm. While Anonymous affiliates commented on the incident, no group claimed responsibility for the attacks, and the hosting provider’s actions appeared motivated by mitigating collateral damage from the sustained cyber assaults.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Kiwi Farms experienced a significant service disruption beginning on August 26, 2022, when the forum became inaccessible due to upstream internet service providers (ISPs) blackholing network routes to its servers. Administrators reported the outage resulted from deliberate actions by their hosting provider, which ceased responding to communications. Prior to this disruption, the site had been targeted by a distributed denial-of-service (DDoS) attack and other attempted network intrusions. Forum operators speculated these malicious activities prompted the ISP to block access to protect other customers, though no formal explanation was provided by the host. The blackholing technique prevented global network traffic from reaching Kiwi Farms’ infrastructure, rendering it offline. Administrators publicly disclosed these technical challenges but did not identify specific threat actors responsible for the attacks. Concurrently, social media accounts associated with the Anonymous movement, including @YourAnonNews, referenced the incident but denied confirmed involvement by their affiliates. The outage persisted through at least August 29, 2022, with no restoration timeline provided.
The incident occurred amid sustained criticism of Kiwi Farms’ operations, particularly its facilitation of doxxing and harassment campaigns against targeted individuals and groups. The forum had recently published the hotel location of Clara Sorrenti (known as Keffals), a transgender activist who was swatted and arrested in London, Ontario, on August 5, 2022. This event intensified existing pressure campaigns urging Cloudflare—Kiwi Farms’ DDoS protection provider—to terminate services. Activists and organizations, including the Dolphin Emulator project, utilized the #DropKiwifarms hashtag to highlight alleged connections between the forum’s activities and real-world harms, citing cases of suicide following prolonged harassment. Cloudflare faced direct public appeals to cease providing security services but had not issued statements regarding Kiwi Farms’ content or service status by the time of the outage. The technical disruption via ISP intervention represented an escalation beyond previous content moderation challenges, though the precise relationship between the DDoS attacks, hosting termination, and activist campaigns remained unconfirmed by technical evidence or provider disclosures.