Hacking/crime/privacy journalist. Author of DARK WIRE. Co-founder of @404mediaco. Signal: +44 20 8133 5190. Email: joseph@404media.co
7 subscribers
Nov 7 • 4 tweets • 3 min read
New from 404 Media: police freaking out at iPhones stored for forensic examination mysteriously rebooting themselves. This makes brute forcing much harder. Cops hypothesize Apple pushed an update that tells nearby iPhones to reboot if not on phone network 404media.co/police-freak-o…
Here is the law enforcement document I obtained. It says that a bunch of iPhones were in an AFU state (easier to get data from). Then a bunch of them rebooted into a BFU state (much harder if not impossible to get data from) 404media.co/police-freak-o…
Nov 6 • 4 tweets • 2 min read
Did you vote in America yesterday? If so, you just got doxed
This site takes voter records that can be hard to source and puts them all into one place. Name, address, voter history, for free. It turns voting into a privacy and security risk 404media.co/voted-in-ameri…
Taking data that is only technically a public record and making it easier to access qualitatively changes it. It becomes literally public. It can be the difference between a data point somewhere, and harassment, suppression, threats 404media.co/voted-in-ameri…
Oct 23 • 10 tweets • 6 min read
New: inside the US government-bought tool that can track phones at abortion clinics. Called Locate X, it tracks phones around the world without a warrant. Leakers showed it in action, we watched a phone go from Alabama, to an abortion clinic, back again 404media.co/inside-the-u-s…
This is the strongest demonstration of the power of phone location data yet. Locate X is a tool used by lots of US agencies (ICE, CBP, etc). Sources got access, filmed themselves using it, leaked us hours of footage. Monitored mosques, synagogues, more 404media.co/inside-the-u-s…
Oct 18 • 4 tweets • 3 min read
New from 404 Media: we've found exactly how a Musk-funded PAC is microtargeting Muslims & Jews with opposing messages. Happening with adverts on Snapchat; digging through data we found the exact ZIP codes the PAC is targeting. Includes areas with mosques 404media.co/this-is-exactl…
Here are ads Jewish voters in Pennsylvania are getting 404media.co/this-is-exactl…
Oct 2 • 5 tweets • 3 min read
New from 404 Media: someone put facial recognition on Meta's smart glasses to instantly dox strangers. You look at them, sends face to a facial recognition tool. LLM infers name, sends to people site. Gets phone number, address. I've seen it in action 404media.co/someone-put-fa…
This is absolutely one of the craziest privacy stories I've ever reported, and craziest privacy projects I've ever seen. You can see my face while they demo'd the product to me. Mostly using off-the-shelf tech. People can do this now 404media.co/someone-put-fa…
Sep 23 • 4 tweets • 2 min read
New from 404 Media: in a massive shift, Telegram says it now *will* provide user data to authorities in response to legal orders. Includes IP addresses and phone numbers. Yesterday privacy policy said just terror suspects. Now it is crimes more broadly 404media.co/telegram-chang…
Just last week I found a U.S. demand for Telegram data. It appears to relate to child abuse image crimes. Documents are sealed, but order granted the application for a search warrant for user data 404media.co/telegram-chang…
Jul 12 • 10 tweets • 5 min read
Breaking: hackers stole call and text records for "nearly all" AT&T customers. Shows which phone numbers a customer called or texted. A staggering and unprecedented data breach. Data usually only available to authorities; now hackers got it 404media.co/hackers-steal-…
AT&T says it learned of the breach in April. It found hackers had broken into a third-party cloud service used by the telecom giant (AT&T told me it was Snowflake, the center of an ever increasing number of high profile breaches). Here is what AT&T said 404media.co/hackers-steal-…
Apr 23 • 10 tweets • 4 min read
This is the story of when I first realized how throughly compromised ANOM, the encrypted chat app the FBI secretly ran, really was. It was the moment I saw a mass of messages and data gathered by the app.
It starts with Christof, who was clearly hungover
1/
We were sat on a hotel terrace overlooking the ocean. At the start Christof would only make occasional eye contact with me—he was a seller for Anom, a person who sells encrypted phones to organized crime. He had no idea he had been essentially doing the FBI's work for it.
Apr 2 • 5 tweets • 3 min read
It's finally here—my book on how the FBI secretly ran its own tech startup to wiretap the world. DARK WIRE reveals its true scale & stakes for the first time
Preorder now for bonus content on how I pulled back the curtain on this insane story. More below hachettebookgroup.com/titles/joseph-…
Some context: In 2018, a powerful app for secure communications called Anom took root among organized criminals. They believed Anom allowed them to conduct business in the shadows. Except for one thing: it was secretly run by the FBI hachettebookgroup.com/titles/joseph-…
Mar 13 • 6 tweets • 4 min read
New from 404 Media: two of the biggest safe lock manufacturers have backdoor codes. Available to police and a target for spies. Turns out, the DoD knows about the codes, bans the locks for government use, but deliberately withheld that info from the public 404media.co/massively-popu…
Senator Wyden is urging National Counterintelligence and Security Center to warn public about these backdoors, especially considering U.S. businesses may need to protect trade secrets. An infosec pro I spoke to said users often don't know about the codes 404media.co/massively-popu…
Mar 7 • 8 tweets • 5 min read
New from 404 Media: hackers are doxing doctors, gaining access to drug ordering platforms then buying (and selling) massive quantities of oxy, Adderall, more. Not just series of breaches across industry, but fundamental undermining of prescription system 404media.co/how-hackers-do…
I've been following this activity in Telegram groups and speaking to fraudsters for months. Constantly I see people selling controlled substances, but more interestingly, offering the chance to others to "tap in". They're accessing portals used by doctors 404media.co/how-hackers-do…
Feb 22 • 4 tweets • 2 min read
Today is the 6 month anniversary of me and a group of friends quitting corporate media and launching 404 Media. I can now say with confidence that 404 Media is the most impactful tech publication on the internet. Here's a list of our most recent impact, thanks to our subscribers—
I exposed Patternz, a global phone spy tool powered by ads inside ordinary apps. After my reporting, Google cut-off a company linked to the spying tech. That company is now "dead," its president said 404media.co/inside-global-…
Feb 5 • 9 tweets • 6 min read
New: inside the underground site where "neural networks" churn out fake IDs
- I tested, made two IDs in minutes
- used one to successfully bypass the identity verification check on a cryptocurrency exchange
- massive implications for crime, cybersecurity 404media.co/inside-the-und…
Here's the process of me successfully bypassing the identity verification on OKX, a cryptocurrency exchange I've noticed is being used by criminals
- Asks for passport
- I took photo of my fake British passport I made earlier (didn't need in hand) 404media.co/inside-the-und…
Jan 26 • 8 tweets • 5 min read
New: We Need Your Email Address
You may notice we're asking for your email to read much of 404 Media. This is an existential issue explained in this 3000 word article
- AI stealing our work
- social media collapse
- media industry tailspin
Please read it 404media.co/why-404-media-…
Obviously there ton of info in here. But to summarise parts: the primary use is to deliver our original articles directly to our readers. That is what we are trying to sell you. You see our insane scoops every day, you think it's worth supporting w/money 404media.co/why-404-media-…
Jan 24 • 4 tweets • 3 min read
New from 404 Media: inside a global phone spy tool that takes data from ads inside normal apps to monitor billions. Company removed videos while I was asking questions; we archived in the article. Google has now cut-off a connected company in response.
404media.co/inside-global-…
This is one of the clearest examinations of how ads in apps are powering mass surveillance yet. We follow through the apps, to ad companies, to the spy firm. It starts with these apps: 9gag, Kik, Truecaller. This is only demo numbers, total is 600k 404media.co/inside-global-…
Jan 18 • 5 tweets • 4 min read
New: Google News is boosting AI-generated garbage articles that rip-off other peoples' work. One company even admitted practice to me. Even wilder: Google says it doesn't focus on whether an article was made by AI or a human for News, opening way for more 404media.co/google-news-is…
Here's one example. Left: the homepage of site . Right: the homepage of (used to be legit news service; now domain used to churn out this stuff). Company behind Examiner admitted using AI to steal work Watcher.Guru Examiner.com 404media.co/google-news-is…
Dec 14, 2023 • 5 tweets • 3 min read
New: a marketing company claims it actually *is* listening to people through smartphone/smart TV microphones to hear what people are saying and target ads. From Cox Media, called Active Listening. According to material online and person pitched on product 404media.co/cmg-cox-media-…
For years, huge part of the public has believed that phones/speakers are listening in to target ads. No evidence that was the case, was more a sign of how powerful other tracking was. Now it might be a reality in some cases 404media.co/cmg-cox-media-…
Dec 7, 2023 • 9 tweets • 4 min read
I want to talk about a massive problem in tech journalism: access
For months we've investigated a16z-funded Civitai, an AI platform whose users made images that could be child pornography
VentureBeat then published this piece that uncritically printed the CEO's responses [cont]
You can read VB's piece here:
New huge AI story from 404 Media: leaked docs show Civitai, hot AI startup funded by VC firm a16z, generated images that could be child pornography. Even after this discovery, OctoML, the engine that powers the startup, decided to keep working w/ Civitai 404media.co/a16z-funded-ai…
This investigation is based upon:
- internal Slack chats for OctoML, the engine that powers a16z funded Civitai
- logs of the text prompts written by Civitai users that OctoML turned into images. These are graphic, please be warned 404media.co/a16z-funded-ai…
Nov 2, 2023 • 7 tweets • 5 min read
New: AI cameras took over one small American town. Now they're everywhere.
Hundreds of docs show how Fusus brings usually separate camera feeds (doorbells, CCTV, drones) into one central hub for cops and adds AI to them. Object recognition, "people" more 404media.co/fusus-ai-camer…
First, this article is based on hundreds of docs we got by doing FOIAs with police departments across the U.S. This work is expensive, and cost us hundreds of dollars (I know that sounds small, but it's not for us). Please subscribe to let us do this work: 404media.co/fusus-ai-camer…
Oct 20, 2023 • 9 tweets • 6 min read
New: an incredible court record pulls back the curtain on a $30 million dollar underground Bitcoin exchange running for years in the heart of New York. Massive bags of cash, drive-by pickups. This is what real criminals use, not services like Coinbase 404media.co/inside-a-30-mi…
The records provide rare insight into an often unseen part of the underworld: how hackers and drug traffickers convert their Bitcoin into cash outside of mainstream exchanges. While Coinbase etc will work with the police, these gangs typically won't 404media.co/inside-a-30-mi…