A Deep Dive Into The "Ryushi" Twitter Hack
A Series On Misinformation, Disinformation and Subterfuge
On November 23, 2022 Chad Loder, an associate of Remi Barrette, announced on Twitter he was in possession of hacked materials. These contained over 400 million accounts email and handle along with roughly 200 million phone numbers.
Chad posted five times in this particular thread before he was banned internally, kept offline for just over two hours. Conspirator0, who maintains full access to Twitter’s internal systems restored the account. In the thread Chad claimed the “hack” happened after 2021, that the data stolen was not a match to other data thefts, and implied falsely that the attack used a known vulnerability Twitter had repaired.
When Chad came back he posted a pic of a hat saying “Kill All Cops” then crowed too much about his unbanning.
Here was another post that did get archived.
The above on the left is a lie, created by Remi Barrette unbanning the account via console, a tool allowing him full access to hijack, ban, spy on DMs, anything an employee or user is capable of doing. The receipt indicates the account was banned for Spam and Manipulation, one of the few codes that causes a permanent ban and requires a human to implement (the code bypasses internal strike rules).
The above receipt on the right is also technically a lie because Chad was banned specifically for platform manipulation the first time. Because Twitter does not act on most abuses, any report filed remains backlogged in the system. In a rare case where an account is banned, everyone that has backlogged reports gets issued notification receipts always showing violation found.
Things heated up after the permanent ban. Chad over on Mastodon acknowledged factually who ordered his account banned. It was Musk. Chad knew that because a banner had been added to his account to prevent reinstatement by third party console access.
The following day a new narrative began spreading of a mass Hitlist of leftist accounts, some 5000 accounts strong. This deception was built on a smaller list that only named Yonder and theNoNewsNetwork operative accounts, made by Zanting, after Remi Barrette on behalf on Yonder banned every single one of his accounts.
Besides having QAnon leftist disinformation mule amplifying the fake list, all the main accounts Zanting’s list had on it connected to Yonder had been removed.
Chad used Business Insider, December 1st, to falsely claim a group called Zanting was to blame for his suspension. Zanting was part of the network of Chad’s pals that built QAnon on behalf of Mike Flynn. After he exposed parts of the operation to the press he became somewhat of a pariah, explaining why Yonder would hunt down each of his accounts banning them. Zanting wasn’t the cause of either of Chad’s bans. Musk was.
Chad then manipulated the Washington Post into writing it into an article on Peiter “Mudge” Zatko joining Loder’s business, that Musk was indeed responsible for ordering the ban under the direction of Andy Ngo. No one likely read past the headline, so he then sent Bloomberg a picture of his account taken by Remi Barrette, lying saying it was from an employee, not a third party.
One major piece that ties this all together is having a motive. In a Newsweek article as a subtweet to controlled opposition “researcher” Caroline Orr Bueno, Remi Barrette’s Conspirator0 account is featured sneakily without attribution highlighting the results of stochastic terrorism directed against Yoel Roth by Elon Musk for his disgust. Frankly we were all disgusted by that, though only Remi went out there and harmed 400 million more people because he was big mad.
The entire operation’s purpose of exposing Musk for a hack they likely committed, up until this point had not caught mainstream attention. Enter Ryushi.
Like Tea Leaves, Ryushi is a narrative vehicle to reduce the likelihood of proper attribution. Mainstream reporting began around December 23, a full month after Chad Loder admitted to being in possession of stolen materials.
Remi Barrette has consistently demonstrated his personal possession of the tools needed to complete the “hack” and give the stolen data to his pal. Here is one example of that.
The answer is yes.
Remi Barrette whose 2016 account creation date meant he could not have acquired a Firehose tool without working for a “research” org like Yonder. He used the tool until Twitter turned off API access announced the following day after my January 31, 2023 email to Ella Irwin. She hasn't however turned off Remi’s console allowing him to continue spying on, banning and removing user’s internal credentials.
All API tools save a Firehose have restrictions. Hoaxy similarly had a seven day limit to pulling data to create a graphic organizer. Remi’s Firehose tool allows him to cheat, pulling from the entire website. Along with a console, used to ban Rebekah Jones, Jim Stewartson, BNN, and a pile of other accounts, Remi was able to pull 400 million user’s data, give it to his buddy Chad Loder and hope no one would notice the similarities to either Barrette Brown’s Strafor hack nor Weev’s AT&T that both led to lengthy convictions that came from the same extended network of operators.