The Prepper Website Threat

Facebook Twitter Tumblr Pinterest Email Plusone Stumbleupon Digg

The Prepper Website Threat

You all have your favorite prepper website, and we can only hope that favorite prepper website is usCrow.org but to each his own.  However, after we launched Elite Membership we had several comments and emails asking why we made such a drastic change, and what truly made usCrow.org stand out above the rest.  My simple but albeit controversial response is this, every other prepper website is a threat to your security.

Why your favorite prepper website is a threat

I’m no proponent of fear mongering, nor am I too keen on having this website ostracized by every other site out there, but we’re not here for them…we’re here for Americans.  Here’s the deal, have you ever wondered why usCrow.org doesn’t have ads?  We have over 50,000 visitors a month and we’d surely profit from it, yet we will don’t have ads.  Why?  Other than my profound OCD, it is a huge threat to our readers’ security…

Data Mining aided by your favorite Prepper Website

Believe it or not, even if you are the greyest guy on the web, the minute you visit their site big data mining is at work.  99% of the sites you visit are using an Amazon Affiliate account for displaying Amazon ads on their websites.  In order for the ads to work they have to have their website connected to AWS (Amazon Web Services) via a API Key (Application Programming Interface).  Ever notice how Amazon ads always display something you’d be interested in? Why do you think that is?

That website’s content is scanned via AWS, in addition to behavioral targeting aided by cookies stored on your computer, your IP and MAC Address all to form a massive amount of data about you.  Who has access to this wealth of information about you?  Along with everyone in the Fortune 500, the United States Federal Government.

Now, before you say it there are links throughout our site that list products that will direct you to items  listed on Amazon.  However, these are only one way links and are not a part of the AWS data mining system.

Why data mining effects you

We are all wary of the government having any information about us, but in an article we wrote a couple years ago ‘The American Government is Targeting Preppers’ revealed the DHS (Department of Homeland Security) considered people who purchase in bulk, or buy military items are considered a danger to the state, which could possibly get a few of us (myself included) added to a government watch-list.  Could this be paranoia or prudent vigilance? Maybe both, but only time will tell if those who aired on the side of caution were right or wrong.

The unsecure prepper website

I guess what sets this site apart is that we’ve learned from our mistakes, and we put our users’ security first.  We learned about a year ago that we needed to beef up our security policy and hire some folks to protect our users information, and connections.  Let’s be real, no one has ever tried to nationally organize militia elements on such a scale, nor has any other website offered the type of specialized content we offer so security is a big deal…

The only SSL SHA2 encrypted prepper website

I was completely astonished to find out that we really are the only prepper website with SSL SHA2 security.  I mean come on!  Websites like SHTFPlan.com get over a million users and they can’t spend a little money to secure their site users?  These people are putting in their email addresses, names, and various bits of information about themselves over unsecured connections without blinking an eye.  Oh, how they grey aren’t so grey.

What’s even worse?  A couple of these sites are active militia coordination sites, and one of which is infested with intelligence gathering accounts. Think I’m lying, look at the sites listed below, that green lock and the https prefix is only next to usCrow.org and none of the others.  If you visit any of these sites and hover over the page icon it will specifically your ‘Your connection to this site is not secure’

A secure prepper websiteAmerican Prepper NetworkOathKeepersSHTF Plan

WRAM Site

Major security holes that only we have addressed

SSL SHA2 data encryption is not everything by any means, and it seems we are the only ones who have taken additional steps to protect our readers.  Websites are vulnerable to all kinds of different attacks, so we took it a step further and hired a company to perform daily malware scans/removals, install web application firewalls, and protect against DDoS attacks.

Long story short, nothing happens on this site that we are not aware of and are not protected against.  However, there is nothing I’ll put past US CYBERCOM but either way they can’t get to our data without breaking a litany of laws and without being detected.  The last and final step we will take to protect our users as our site grows will be to migrate the site to private servers with additional layers of encryption, but for that Elite Membership needs be at a minimum of 1,000 members.

In closing…

This article wasn’t written to put any other prepper website out there on blast by any means!  However, if you are profiting from your site you should at the very least provide your users a little protection.  My hope is as people click the images above of the unsecured websites the webmasters of those sites will see the incoming traffic from this article, read it, and fix the issue.   Should they do so, I will take them off the list of unsecured prepper websites.

This article has been read [3216] times.

7 votes

About Administrator Ryan

Administrator Ryan has a Bachelor of Science Degree in Emergency Administration and Management from the University of Kentucky, and has been the primary handler for usCrow.org since it's founding. Professional background includes over a decade's experience in survival and preparedness, graphic design, computer programming, website coding, and asset management. Personal background in mountaineering, climbing, rappelling, combat training, and big game hunting.

16 thoughts on “The Prepper Website Threat

  1. Not sure why a poster thinking Crow “sold out”.I see a lot of info. here and ,yes other sites that am sure raises many hackles in govt. and gets their interest,nothing wrong with trying to raise your security levels as long as site still operable.I though not a computer guy believe it is just like mice(evil minded hackers,some do good)that no matter how many holes /entrances you block they want in your home some day they will get in,tis a battle of evermore.This though is a good opportunity to remind folks,info that you find valuable,print it up/study it/lock it also in brain pan.I am guilty to a degree as am sure others always expect the net and answers to be up,really trying to get the most valuable info. into as many baskets as possible.

  2. I get 90% of all my info from UsCrow . and as a vet I already have combat exp . but im always ready to learn more .

  3. I visit this site often. Your articles are easy to read and understand. I have learned much from this site. Keep up the good work. Also I was hoping you can do an article or two on different types of physical training for beginners, and slightly older person.

    • Samantha,without knowing your condition /stamina would recommend walking,easy on joints and builds up stamina /muscles,you have access also swimming a great/low impact start to getting into condition,can go to harder challenges as conditioning gets you stronger.Hiking a great way to spend time,see the world around you,and as condition improves/strength builds add a light pack and work up the weight over time.I am lucky that I love to hike/camp and work as a carpenter and thus get a fair amount of conditioning doing what I love,I add in some martial training and feel good and strong but can always be stronger,good luck with what ever you do.

  4. So you have a valid point on SSL and securing a web site but when you have other assets on your site that are not accessed via HTTPS which you do have some based on the review of your source as well as the big message that accompanies the lock at the top of users browsers when a user clicked on it. This by it self still means your site is not fully secure so I would recommend correcting those (probably most are in your theme you use and accessed by HTTP protocol instead of HTTPS).

    After reading your article about what you guys are doing and what others are not you are a step a head but personally as a security expert I would have suggested doing DB changes to encrypt users personal data as a primary thing to have accomplished, but based on your article it looks as though that is something that will come in the future.

    Just remember when someone wants something they can get it and evening with precautions to mitigate some of that there will always be people who will put your security to a test when you have publicized what you have done.

    • No doubt, I’m trying to find the source for the warning and have yet to find it. My only suspicion is it lies in the outbound links, but that’s not my area of expertise, but according to them the theme code will have to be rewritten as to not affect the look and layout of the site. We’re aggressively taking steps to get this to be more secure than any other site around.

      • I absolutely love this site. Never been a prepper or anything like that but I am a firearm enthusiast and a firm believer in our original constitution and a phrase that used to be rightly embedded into our government but is impossible to find now called “in god we trust”. I’m most definetly prepared to fight for the republic our country should be and die fighting instead of blindly running into trees with my cellphone in my face while the islamists take over what was once upon a time the greatest country in the world. I would also like to add that I love love love your articles administrator Ryan. You have a brilliant style of writing and are always well researched and on point. Hoping to get an elite membership asap. Thank you uscrow for all this amazing advice and inspiration.

    • This is the kind of stuff I get when bringing up DB encryption, which I think will be remedied when we can migrate to private servers…

      While you cannot encrypt the web.config file (which may be due to the medium-trust level for .net 2.0 on our servers), the IIS configuration on our shared servers will not allow it to be served to a visitor of your website. The only way to access the web.config file would either be through FTP or a script that you would first need to upload to your account as the administrator.

      As for your question regarding decompilation software that may compromise your web.config file, we are not aware of any such security risks or software. The permissions placed on your folder on the shared server ensures that no other users on the system will be able to access it’s contents.

    • How so? The site still doesn’t charge for the original content we’ve written. Every article, download, and resource is still readily available to anyone with or without an account. However, one thing you need to realize is having a secure site is not cheap by any means. Hosting videos on your own site is not cheap. We started offering Elite Membership to pay for the many goals we have. What’s there to complain about? The free stuff is still free and if you happen to join Elite you get a massive amount of content for $5 a month, small price to pay in my world. Two hour long tactical videos, thousands of downloadable guides/manuals, and a secure forum that is apparently the most secure forum of its kind.

      So again, what’s there to complain about?

      • I think his feelings are more hurt about calling out other prepper websites. Look buddy I had my pick of sites to write for and I believed in this sites goals and its purpose. We all work closely to create something never done before while the other guys are out there having a circle jerk over lizard men and false flag bullshit. This site has been and continues to be the most legit one I know of an is beyond reproach. Shit man, half this technical garbage goes over my head but the last thing I want to do is to shoot the shit over unsecure comms which was ryans point. Ryans always wrote about things that others wouldnt so whats so bad with him pointing out that these other sites arent protecting the people paying their bills. No one writes the articles we write for free and no one tries to do what we do so get your shit wired straight buddy. Rgr!

      • I read about 2 hours a night online and off. Other then James Rawles site you guys blow the other sites away. Most of those sites are all articles with very little real source or content. This site is based on fact and real common sense. I.E. The article I belive Ryan wrote about JH 15 and the great articles about Thermite and Napalm. I have learned more on this site then I have on any of the others. Everyone should be really careful with OPSEC especially online. Also another good recommendation is to use a onion browser. They help hide your presence online but as always assume someone is always watching.

    • Dude WTF are you talking about???? Us crow is an awesome site. Me and my wife started prepping because of this site!! We’ve learned more from this site than anywhere else and their admins are always willing to help. Your opinions seems a little bias dude!

  5. How can anyone be against OPSEC or security? We all need all the protection from the Internet we can get. Someone is writing “code” right now to try and destroy or humble the financial business we trust. Hackers are everywhere trying to steal our hard-earned dollars instead of putting their knowledge to better mankind. White Collar crime does hurt people !

Leave a Reply

Your email address will not be published.