A mysterious hacker has published today a database dump of one of the internet’s most infamous neo-nazi meeting places — the IronMarch forum.
The data published today includes a full copy of its content, including sensitive details such as emails, IP addresses, usernames, and private messages.
The database dump is currently being analyzed by a multitude of entities, including law enforcement, in the hopes of linking forum members to accounts on other sites and potentially exposing their real-world identities.
The drive to unmask forum members comes from the fact that IronMarch, while a little-known site to most internet users, has been the birthplace of two of today’s most extreme far-right neo-nazi movements — the Atomwaffen Division and SIEGE Culture — with the first being accused of orchestrating at least eight murders around the world.
A short history of the IronMarch forum
The IronMarch forum was officially launched in the fall of 2011 and is the creation of Russian national Alexander Slavros.
For most of its lifetime, the forum never became popular and lived in the shadow of other more well-known neo-nazi meeting sites like Stormfront, 4chan, 8chan, and Reddit.
This isolation allowed the forum to “thrive” and take a different direction from the other neo-nazi and white supremacy communities, which received a lot more media attention and were generally more tame in the content they published.
Slowly, through the years, the IronMarch forum developed a culture of advocating violence, murder, and extreme racism, something that other sites wouldn’t generally tolerate.
In 2015, forum members founded the “Atomwaffen Division,” a neo-nazi group that has been recently labeled a terrorist network due to its involvement in multiple murders.
The forum spawned a second extremist group in July 2017, when several IronMarch members created another neo-nazi group with violent tendencies called SIEGE Culture, inspired by the writings of neo-nazi author James Mason.
As the world slowly learned of the forum’s existence through the exploits of its various members, the site went down in November 2017.
At the time, there was no announcement. Some speculated that the site shut down on its own to avoid a law enforcement investigation. Others thought that some foul play was involved.
Today’s dump lends credence to the latter theory that a hack might have been involved, although we may never be 100% sure.
Looking at the data
The forum’s data was published earlier today on the file-hosting section of the Internet Archive portal.
The published information includes a carbon copy of the site, from user details to forum posts, and from private messages to multi-factor authentication settings and forum management logs (see image below).
The forum’s database includes details on 3,548 registered profiles. The last user’s database ID is 15,218; however, the dump only included details on 3,548 accounts — most likely due to spam or deleted profiles.
The registration date for the last user is November 20, 2017, suggesting the database is a copy of the site near the time it went offline.
The search for members’ identities begins
While many forum members are very likely to have used a VPN or Tor to access the forum, some analysts looking at the data are hoping they can find clues to users’ identities through the emails they used to register, the nickname they chose on the site, and the forum posts and private messages they’ve sent each other.
This search will take extensive data mining and a deep analysis of the released information; however, many are willing to put in the work, hoping to track down some of society’s most dangerous sociopaths.
Slowly but surely, such details are have begun showing up already. According to a list of email domains used to register accounts on the forum, some analysts have spotted at least one email address registered to a Long Island-based community college (sunysuffolk.edu), which narrows down the search for that particular member from tens of millions of possibilities to only a few thousand.
And, then there’s this…