The Trump Admin's Signal Clone Was Hacked

Packages by Expedia.

You were made to occasionally take the hard route to the top of the Eiffel Tower.

We were made to easily bundle your trip.

Expedia.

Made to travel.

Flight-inclusive packages are at all protected.

In today's world, data breaches happen all the time, and even the most secure companies can't always protect their employees' personal information from ending up in the wrong hands.

That's where DeleteMe comes in.

DeleteMe is a service that removes your employees' sensitive information from hundreds of data broker websites.

Sites where hackers can find phone numbers and emails within seconds.

Rachel Toback, CEO of Social Proof Security, says attackers use this data to target employees with phishing messages and AI-powered phone scams.

But DeleteMe makes it harder for these bad actors by scrubbing your employees' details regularly.

It's simple.

Attackers are lazy.

If it's too hard to find contact info, they'll move on to easier targets.

DeleteMe takes care of this for you, doing the heavy lifting so you don't have to.

And over time, they keep removing the information so it stays down, protecting your team from constant exposure.

If your business has a social presence or deals with clients, you need Delete Me.

Visit deleteme.com slash 404 Media and start safeguarding your team's information today.

That's deleteme.com/slash 404media.

Welcome to the 404 Media Podcast, where we bring you unparalleled access to hidden worlds, both online and IRL.

404 Media is a journalist-founded company and needs your support.

To subscribe, go to 404media.co.

As well as bonus content every single week, subscribers also get access to additional episodes where we respond to their best comments.

Gain access to that content at 404media.co.

I'm your host, Joseph, and with me are 404 Media co-founders Sam Cole.

Hello.

Emmanuel Mayberg.

Hello.

And Jason Kebler.

What's up?

I don't think we've anything to announce.

So, Emmanuel, do you want to take us into this first story?

Yeah, our first story today, the headline is

the signal clone the Trump admin uses was hacked.

This is a collaboration between Joseph and Michael Lee.

Before I get to these questions, Joe,

how would you describe Michael Lee other than a collaborator and a friend of the site?

I would say Micah Lee is a very accomplished technologist and journalist.

He used to work at the

intercept

and working with a lot of hacked and leaked data and that sort of thing.

And that's where I first knew about his work.

And then he actually published a book, which is very, very useful.

I'm actually going to bring it up now, The Art of Analyzing Hacked Data, Hacked and Leaked Data.

And I mean, it's phenomenal.

I need to go back and work through more of it, but it provides journalists like all of these different scripts and guides on how to analyze leaked information.

So he's very, very experienced in this world.

You know, in the same way we are.

We're very experienced in verifying data, but he brings a much more

technical frame of mind to all, you know, and technical expertise for sure.

Yeah, it was really nice working with him.

Hopefully we can have him on the pod at some point.

So last week, you discovered via an image that Reuters took that the Trump admin was using a signal clone to communicate.

And this was made by a company called Telemessage.

What is Telemessage and how do we know about it?

Yeah,

when I zoomed into the photo, and I think some other people did on Blue Sky, and they were like, oh, look, they're using Signal.

When I looked at it, I was like, huh, there's something odd about that.

And it said something like verify TM signal pin.

And then that's how we determined it was actually a different version of Signal.

And what this is, at least I'll do it.

I'll explain in the way the telemessage explains it, which is that this is an ordinary version of Signal, a complete copy, except it does one thing, which is archive your messages, right?

And they say they do that securely.

And the idea is that, well, if you're a government agency, you need to keep copies of messages for record-keeping purposes, for legal reasons as well.

And maybe if you work in a regulated industry like finance or something, cryptocurrency, that sort of thing, you probably need to keep records of messages as well, you know, under SEC regulations and that sort of thing.

So the idea is it provides a secure way to chat while also meeting those archiving requirements.

Yeah.

So we were already having kind of a busy weekend, but then

this blew up on Sunday.

What happened on Sunday?

Yeah, on Sunday,

Micah reached out to us

and then me and you spoke about this.

And basically, what had happened was that a hacker had managed to breach telemessage in some sort of way.

And we didn't have all of the specifics immediately.

That only became clearer later.

But Micah

put us in touch with the hacker and provided information that this person had provided.

And I think we'll talk about, you know, what was hacked and all of that sort of stuff in a minute.

But it was immediately clear from seeing the screenshots, some of which we published redacted versions of in the article itself, that

this looked pretty serious.

And as the headline says, and just like really to put a pin on it, the app that at least some members of the Trump administration are using, and in that Reuters photo, Mike Waltz, it appears he's speaking or has chats with JD Vance,

Tulsi Gabbard,

and Marco Rubio as well, obviously all

incredibly senior members of the Trump administration.

those conversations potentially, or at least people in the Trump administration, are using an app which now, it seems, has been hacked, which

changed our weekend plans.

Yeah, so I say that.

So you talk to this hacker.

What are they saying?

What are they showing us that

makes this seem like big news?

Yeah, so they told me how they did it.

And in the article, we don't go into a great amount of detail about that because at the time we were very concerned that, you know, maybe somebody else could reproduce this or go hack telemessage in the same sort of way.

As we'll probably get to, that's less of a concern now because telemessage has basically suspended operations in response to all of this.

But the hacker said it took them, I don't know, 15 to 20 minutes to actually perform this hack, which I don't know, on one side, it's like time doesn't really matter for hacking.

I mean, it's a a computer, it's instantaneous.

Like, what does that even mean?

On the other, what the hacker's really referring to is probing the servers and the systems and trying to figure out

what's an issue here.

And that's actually a much more human process than it is, like a tool-driven one or an automated one.

But yeah, they said it was very, very quick.

And then they provided a couple of things.

First were these screenshots of a telemessage back end, and one showed

a bunch of contact details for customs and border protection officials.

There were some Coinbase

ones as well.

And then

what looked to be messages sent between people using

the telemessage

service, it seems.

That's the high level, anyway.

Yeah, just in terms of the 15 to 20 minutes, I think a good comparison is sometimes we talk about

iOS zero days, and that's a situation where countless

people of the highest level of skill in terms of pen testing and hacking are constantly trying to find vulnerabilities.

So I don't know if you can put a number on it, but it's just like many, many, many, many, many hours of trying to find a vulnerability.

This is not that.

This is someone saying, like, oh, look at this thing that is in the news that seems seems important.

I'm just going to poke around.

And they poked around for 15 minutes and it was not secure.

So

what do we know about the actual vulnerability?

And

what more did we see in the hack materials?

Yeah.

Micah did a really good way of phrasing because, of course, the balance here is that Micah Lee is very, very technically minded, but they're also very, very good at writing for a general audience.

And, like, I appreciate that.

And we took that and

maybe we broadened it.

I can't quite remember.

But basically, we all landed on describing the data as sort of snapshots, as in this was snapshots of data, telemessage data going across a server that the hacker, through this vulnerability, which we're not going to really explain,

was managed to lift those essentially.

And

to us, it was almost like kind of random random what data they got potentially but what they did get were these series

of messages and group chats and I'll just say straight away like we don't know the identity of the hacker and we don't think they have you know Mike Waltz's signal group chats or anything like that

but

Seeing a signal group chat from this app is obviously highly, highly concerning.

Jason, you actually looked a bit more in-depth into one of the messages.

You came into the article and then you kind of pulled out this signal message.

What was that one?

And why was that interesting to you?

Yeah, I mean, it was super interesting.

It came ostensibly from this company called Galaxy Digital, which is a massive crypto VC firm, I believe.

notably

did some stuff with Vice back when we were there that we weren't involved in.

We weren't involved with it in any way, but they were basically

like they've been around for a long time.

And one of the things that they do is they try to make crypto more like mainstream and normalized.

Like they're very interested in

stablecoins and in sort of like

making sure that crypto is not overly regulated, but is treated sort of like other investments by the government.

And so there's currently this really important

stablecoin bill called the Genius Act that is before the Senate right now.

And so they're trying to get 60 senators to vote on it.

And there are messages.

This one said, quote, need seven dems to get to 60, would be very close.

And then another one said, just spoke to a D staffer on the Senate side, so Democratic staffer on the Senate side, two co-sponsors, also Brooks, who's Angela also Brooks, and then Kirsten Gillibrand, who that's the Maryland senator and the New York senator, both Democrats,

quote, did not sign the opposition letter.

So they think the spill still has a good chance of

passage to the Senate with five more Ds supporting it.

You know, there's some typos in there that I just tried to read.

But essentially, this was them talking about this bill that is really important right now for this company, that has had a lot of news coverage about it, a lot of hype on Capitol Hill.

And they're talking about like behind the scenes machinations of trying to get this bill passed.

And so pretty wild.

Like this is a peek into the legislative process in DC.

We don't know exactly like who said what or what's going on here, but it just goes to show that the types of information being shared on Signal via the telemessage app

is really sensitive, potentially very sensitive.

So what are the implications of this, given Jason's example and other examples that we've seen?

Yeah.

Well, I think the main one is that these messages are seemingly not as secure as Telemessage has claimed or would probably like some people to believe.

So we first broke news of Mike Waltz using this tool.

And then there was various pieces of media coverage after that.

One was a New York Times piece that talked about the potential security risks, right?

And they have a quote from the president of Smarsh's Enterprise Business.

That's the company that owns Telemessage.

And they said, we do not de-encrypt, which is a very weird term, obviously.

But the implication being that, well, we take the messages they encrypted and then we archive them.

We're not like, you know, unencrypting them then re-encrypting or doing something like that basically they are saying or suggesting that the messages are secure well

I think that that doesn't really square with the fact that we have a screenshot that is showing a signal message basically.

I don't think you can really combine those together

So that's you know obviously the first major thing that messages going across the service are not being properly secured.

Then from there, it balloons out to, again,

as far as we know, the hacker doesn't have Mike Waltz's messages or anything like that, but it does bring up the idea of:

well, could other people's messages have been exposed, not necessarily to this hacker, but to someone else, because these very senior officials were using the app.

And then I think almost maybe the final thing is that

if this hacker can identify this issue and exploit it in 15 to 20 minutes,

what can a foreign adversarial intelligence agency like China or Russia or Iran do

with the knowledge that the US government uses telemessage and

this company seemingly has serious, serious security issues?

It's answered a bunch of questions.

It's shown that there is not a theoretical risk here.

It is really, really real and tangible.

But now it brings up even more questions as well, almost.

Yeah, I mean, I don't, we don't have any evidence to suggest that anyone else knew about this vulnerability before

our story, before this hacker found it.

But I don't know, if a hacker found it in 15 minutes, are we to assume that no state actor ever tried poking around here or doesn't know that the government uses this or other corporations use it?

It just,

it's what makes the story really scary.

Joe, just to like, I'm sorry to make you play like armchair CSO for a second, but I'm not deep in the weeds on this type of security and privacy stuff.

And when you filed your first story last week, I just looked at Telemessages' website and it sort of inherently doesn't make sense, even with what little I know about security.

If you're an organization

that

wants to to communicate securely over messaging, but also for legal reasons has to keep a record of all those messages,

how would you do this?

Like, does this seem like a sensible way to do this?

Is there a better way to do this, do you think?

It's really, really hard because I think kind of what you suggest is that

introducing a third party to a chat like this, which is supposed to be a chat between two signal users or two WhatsApp users or whatever, adding a third party to that,

be that another person, be that a phone that's been affected with malware, or in this case, a server that's archiving messages, that inherently introduces some sort of risk.

That being said,

the risk is going to be different depending on the implementation, right?

Let's say that the service that's archiving the messages is part of that group chat.

So

it has the content and then it passes it to a server um securely which also has the key which then decrypts it so it's whenever it's moving from place to place it's still encrypted um that's a very very general um

sort of explanation or diagram of it but you know that could be one way to do it or maybe this is a better way of doing it there are probably better ways to do it than what telemessage did which is somehow letting the plain text of the signal message go across this server but yeah inherently there is a problem here.

Absolutely.

Yeah.

I think, I mean, you brought this up and it's like, we don't have any evidence that Mike Waltz's messages were stolen.

Like, make that very clear.

But

like, this is what a hacker was able to steal in a few minutes.

And so I think that that is like, we can't say for certain that this couldn't have been like way worse and that with that a better hacker or sorry, like someone who wanted to cause more damage than this hacker did could have done something much worse than this.

Like

they were in there for not that long and they got, you know, quite interesting stuff.

I mean, I just

can't help but think that this is like a monumental fuck up.

Like, this is a really, really bad hack.

And I don't want to, I don't want to minimize it by just saying, like, oh, we don't have evidence that anything serious was taken because something very serious easily could have been.

Just on that monumental fuck-up idea, I think the account Swift on Security shared this the other day, but it was like a CNN article from 2014 where the person who worked on Obama's Blackberry like spoke a DEF CON or something, and they were talking.

I read it.

I was like, wow, I don't think I've ever seen this.

And it's discussing the time from, you know, when Obama comes into power and you're like, I really, really want this BlackBerry.

And and the NSA has to go away and figure out a way to do it more securely.

So the president at the time can communicate with various people on this device of choice.

And that was like a massive pain in the ass, it seems, from everything in that article.

They had to design additions or modifications.

They had to implement it.

And like, it took months and months and months to be able to do that.

And then you compare that to what's what's going on here.

And we don't know exactly the procurement process of telemessage.

Sure, it looks like they just bought this tool, which is now doing this crazy, insecure stuff.

And

I don't know.

I don't know if even if I really want to make a broader point about,

you know, the systemic approach to security.

It's definitely not how it was in previous administrations.

I'll say.

Well, we were talking about this amongst ourselves where it's like

they ostensibly have telemessage because the government has retention rules and banks have retention rules for like compliance purposes and things like that.

But it,

as you said, it like flies in the face of how this very secure messaging app is designed.

It's like undermining that

at least has the potential to undermine that type of security because you're making copies of the messages and putting them somewhere.

And it's just like, I guess it sort of speaks to the fact that

government workers, they're just like us, like I hate to say, where it's like they don't want to do all of their communication like in a skiff, like in person.

Like they, they are trying to

talk to each other

over regular messaging apps on their phone.

And it just like runs in the face of

the type of security that you

would ideally hope for for like highly sensitive information.

It's just like, there's not a good way, at least that I know of, to archive this stuff with a third party in the cloud,

like without adding additional attack surface.

You know, I, I, like Emmanuel and I were just shooting this shit.

And I'll like say it, I think it, it's like, I'm curious what people think, but it's like,

you know, you can archive it on the phone and then have the, have the government workers turn in in their phones at some point and forbid them from using disappearing messages or something like that.

But it's just like, I don't see how a security setup like this, where you're just like making copies and having them be transmitted to a third-party service that is not operated by the government is like a good security design.

To be clear, we've said it in the copy many times.

I think we said it on the podcast already, but Signal has nothing to do with this fuck up.

But I do think there's an element here of the Signal brand being so strong and being the default secure messaging app that whoever did the procurement was like, we need to have Signal, but we also need to archive everything.

So let's turn to this solution, which is what would come up if you were looking for something like that.

But it completely undermines

the point of Signal and the reason that it is the gold standard for end-to-end encryption and messaging.

It's very interesting to me that this app even works with Signal.

And I guess that's just because it's an open source piece of software.

But it's like, it's

interesting to me that this can work with Signal, like that, that you can essentially clone or fork Signal.

And I don't want to get...

too speculative or like out over my skis and talk about stuff I don't know anything about, but it is surprising to me that

it's just like a different client that is interoperable with Signal.

It's just like, I was surprised to learn that when you first reported it last week, Joseph.

Sorry.

So, just to

establish what a big fuck-up it is, I think a lot of that was made clear by looking at what happened after we published this story.

Joe, do you want to go through some of the

impact we've already seen?

Yeah.

So, first of all, first of all, was

NBC News actually followed up with a report on Monday, and they said that another hacker had also managed to get into Telemessage's system.

And

it sounds like they got the same information about Queenbase employees that we got.

That was another piece of contact information in there and potentially some other stuff as well, but NBC didn't go into detail on that, or maybe the hacker hadn't described it at that point.

So another hacker got in, basically.

Around this time, telemessage

suspends service.

And we kind of saw the contours of this when their website suddenly became basically like a static page and you couldn't navigate to anything.

It seems in the background

that they had shut stuff down or something.

And I actually got an internal customer FAQ.

that I was sent.

And it's kind of hard to tell the timeline, but it was basically like, oh, you can still send messages, but the archiving is not working potentially.

So there's a little bit of nuance there that I'm still looking into.

But the main thing is that Senator Ron Wyden announced in a letter that was given to the Washington Post, and then we wrote it up as well, that he's demanding an investigation from the DOJ into this whole debacle.

And that includes the national security risk that telemessage poses, the counterintelligence risk, and you know, the potential Israeli connection, which

I don't know, it's kind of theoretical at this point, you know, and I'm not super in favor of being like, oh, well, it's from this country or has some sort of connection to this country, so XYZ.

I don't know.

It kind of need to see the consequences of that afterwards.

That being said, the security risks were very theoretical until they became very, very real on Sunday night.

So, you know, I guess we'll see.

And whether this investigation goes anywhere, I mean, I don't know, you know, like in the previous administration or in other ones before that, or even like the first Trump administration, you'd be like, oh, well, they'll investigate.

You know, I have no idea at this point.

I think what country doesn't matter so much as the fact that the administration knowingly was using a messaging app

at the highest, most secure levels that is managed by a foreign company based in a foreign country with great interest into those messages that we now know they could have seen.

So it doesn't, I think, really matter which country it is.

It just it's it's a crazy thing to manage uh

communication security uh in this way.

Yeah, it would it would almost be

it would still be a massive, massive news story if the serve if the company was British or Canadian or any other of the members of the Five Eyes alliance, let alone one that's outside of that intelligence sharing alliance as well.

All right.

Should we leave that there?

When we come back, we're going to talk about another hack.

It's been a very, very crazy couple of days here.

This is about the hack of an airline that's providing a ton of support to Trump's deportations.

We'll be right back after

this.

Starting your own business is one of the biggest steps into the exciting unknown that you can take.

It helps to have proven experts help navigate that great unknown.

For millions of businesses, Shopify is their guide, a tool that simplifies and supercharges your business.

Shopify is the commerce platform behind millions of businesses around the world and 10% of all e-commerce in the US, including 404 Media's own merch store.

Setting up and managing our store couldn't have been easier thanks to Shopify's powerful, user-friendly interface.

Get started with your own design studio.

With hundreds of ready-to-use templates, Shopify helps you build a beautiful online store to match your brand style.

Get the word out like you have a marketing team behind you.

Easily create email and social media campaigns wherever your customers are scrolling or strolling.

And best yet, Shopify is your commerce expert expert with world-class expertise in everything from managing inventory to international shipping to processing returns and beyond.

If you're ready to sell, you're ready for Shopify.

Turn your big business idea into

with Shopify on your side.

Sign up for your $1 per month trial and start selling today at shopify.com slash media.

Go to shopify.com/slash media.

Shopify.com/slash media.

The 404 Media podcast is sponsored by BetterHelp.

Tariffs are driving the cost of everything up, and who knows what will happen next.

Processing all of this can be tough, and it's made harder when there's stress on your finances.

But the most secure type of investment you can make is an investment in yourself with therapy.

Traditional in-person therapy can cost between $100 and $250 per session.

BetterHelp's online therapy can save you up to 50% per session.

With BetterHelp, you pay a flat fee for weekly sessions, saving you big and simplifying your budget.

BetterHelp seeks to make therapy accessible, not a luxury, helping you get quality care at a price that makes sense.

Talk therapy can help us process stress, anxiety, and an uncertain world.

With over 30,000 therapists, BetterHelp is the world's largest online platform, having served over 5 million people globally.

BetterHelp is fully online, making therapy affordable and convenient, serving over 5 million people worldwide.

Easily switch therapists at any time at no extra cost.

Your well-being is worth it.

Visit betterhelp.com slash 404 media today to get 10% off your first month.

That's betterhelp h-e-l-p.com slash 404 media.

Hey, it's Joseph again.

If you're a new listener to the 404 Media podcast or even a long time one, you might not be aware of all of the impact our journalism has had recently or how we even got here in the first place.

In 2023, the four of us quit corporate media to go independent.

We were sick of working for a VC-backed company that put profits before journalism.

That gave birth to 404 Media.

Since then, we've stopped the spread of AI books in public libraries, triggered class action lawsuits against AI companies, got Congress to pressure big tech in various ways, and we've even shut down surveillance companies.

This real-world impact is only possible because of our paying subscribers.

As a journalist-owned business, they are the engine that powers our journalism and where the vast, vast majority of our revenue comes from.

So please consider signing up today for $10 a month or $100 a year at 404media.co/slash membership and get bonus content every week and access to all of our articles.

Thank you and enjoy the rest of the podcast.

All right, and we are back.

This is one that me and Jason wrote.

The headline is Global X, airline for Trump's deportations hacked.

I'll just very briefly explain what GlobalX

is.

So there's a company called CSI Aviation, and they get this big, big contract from Trump and ICE, basically, to you know deport people or remove people and put them on flights and then that company in turn subcontracts with um a bunch of other um companies as well and one of those is global x air and i've actually been looking into them a little bit looking at flight data and i was actually preparing to write about them this week and then

by pure coincidence um a hacker reaches out to us and we believe other journalists are prompted and says they've stolen a bunch of this data.

Jason, we're sent this data.

I was sort of doing other things while I was writing this story.

I was more talking to the hacker, asking about their motivation, looking at the defacement they put on.

You were looking at the data.

What do you see when you open it up?

When you open it up exactly,

yeah,

so it was a bunch of JSON files and text mess.txt files.

And so JSON is database format, file format, and it's organized by day.

And so there's like a bunch of folders from like January, February, March, which is important because a lot of these flights took place in March, a lot of the most important ones at least.

And then April and May.

So the data goes up until like

three days ago, like pretty recent.

and you open that up and it basically has

uh flight data for each individual flight that global x flew and so the flight data includes like the originating airport the scheduled time the plane flown the number of passengers booked on the plane i don't know if you'd say booked but that's what they say.

It's like the number of passengers on the plane.

And then

like scheduled departure time, scheduled arrival time, et cetera, et cetera.

And then for each of those, there's a passenger list as well.

And so the passenger list includes a bunch of guards, so people who worked on the plane, and then the names of everyone who was on it.

And so, I mean, this is really

important.

It's really important because

we don't know necessarily every single person who has been deported by the Trump administration.

There's been conflicting information about who was put on what flight, where they ended up, things like that.

And so basically, like when I started looking at this, I was like, how can we confirm that this is real?

Like with it, that this is real information.

And I think that

we knew that Global X got hacked because their website got defaced, as you mentioned.

So very notably, Anonymous, like, who knows, but you know, the hacktivist group Anonymous claimed credit for this and they put, quote, Anonymous has decided to enforce the judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans.

And then, some other stuff, Guy Fox Mask, the sort of like standard anonymous, I believe they also included, like, we do not forgive, we do not forget, we are Legion.

They have

the classic anonymous taglines at the bottom of the defacement.

Yeah.

Right.

And it's been a long time since we've seen, since I've seen that on like a notable hack, I would say.

So, I mean, who knows, who knows who like actually did this hack, but that was notable to me.

But that, that was like

confirmation that they did hack this company in some way, shape, or form.

But just because you deface a website does not mean

that

you were able to steal data.

And it does not mean that the data was real.

And so I got to work just trying to confirm that it was real.

And the way that I did that was I cross-referenced

names that I could find in court cases of people who are known to be on specific flights.

Like I was able to find Kilmar Obrego Garcia on a specific flight.

I was able to find a few other people whose names were much less known.

Like, you know, I found their names kind of deep in different court cases.

There was also a CBS news article that had the names of over 100 people, 100 Venezuelans who were on an internal deport list from the administration that they published.

And all of them were on,

or all the ones I checked, I checked a few dozen,

were on one of these flights.

And then notably,

there's the Supreme Court case about the legality of these deportation flights and the sort of due process question, and we don't need to get into the specifics there, but

within those court records, there is references to specific Global X flights on specific days that has, you know, information about when they took off, when they landed, sort of confirmed as deportation flights.

And so all of that checked out as well.

And then

sort of later, there was the name of someone

whose name was previously not known publicly at all.

Well, and this came, so we're very confident in the hack because, as you say, of the defacement, that's really good.

And then we increasingly get more and more confident about the passenger names as well, to the point where we're like, okay, we're good.

Yeah, this is definitely publishable.

And then we do that.

And then

on Tuesday morning, Sam actually flags another story, which which had just come out.

And it talked about somebody who was deported.

And previously,

in the court case, they were only known as under a pseudonym.

Then this Politico report, and I presume others as well, include the name Daniel Lozano Camargo.

And that name was not known.

It was not public when this hack happened.

And when we got the data, I then looked through the data for that name.

And sure enough, there's an exact match of that name in this data.

And for me, that's like, oh, okay, this is somehow, we already knew it was good and verified, but this was damn, this was like the slam dunk, in my opinion.

What do you think of that, Jason?

Yeah, I mean, I agree with you.

That's sort of like 100% confirmation that this is, you know, real and taken from the company.

I think I was already incredibly confident that it was real just because,

I mean, you

it can be difficult because

there are people out there who just try to like fuck with journalists and would maybe fabricate data in some way or would maybe compile

database entries from previous hacks and things like that.

I was very, very, very confident that this was real even before that, just because a lot of the things that I was able to confirm were quite obscure.

It wasn't just the high-profile cases you were matching.

Yeah, and

some of the names and things I found like

deep in PACER, which is the

federal court records database.

And it's just like

in cases that have hundreds of different documents, I was able to find a name, you know, in document number 73 on page 95.

And it's just like that,

the idea that something so specific would be fabricated and and

everything that I looked at checked out like aligned exactly with reality as we knew it like it was just very very sophisticated and also

frankly there was a lot of data and so

it wasn't like oh there there's like one little piece that we can confirm here it was like everything was checking out but I mean that that's ultimately like

the slam dunk was this name that was previously not known publicly at all is in there.

It's like 100% in my opinion.

Yeah.

And I should say that GlobalX has not replied to a request for comment.

I sent multiple emails to them.

I phoned up the office, I think, of the CFO or at least an executive.

They weren't available, left a message on their voicemail,

asked

the assistant, Hey, well, so have you been hacked?

Like, I need to ask you that.

And she said, I don't have any information about that at the moment um which is not a yes or a no but it's a very email because of course we've independently um verified i guess just briefly on on the defacement um as well as showing that hey this hacker has some sort of access where they're able to upload something um

to the company's website.

I mean, the message on there as well sort of links it to this federal court ruling, you know, where a judge said the deportations, you know, basically were legal, right, under the Alien Enemies Act that Trump has been doing some of the deportations under.

So

I can't be 100% sure when the hack happened, but as you said, the data went up to a few days ago, and then that ruling was on May 1st.

So, you know, maybe it's in response to that.

That's at least what they're claiming.

The other thing I'll say, and this is a bit harder, and I'm sure reports about this will come out, but the hacker told me that they sent that defacement or that message to global x's employees and then they also sent something similar to pilots and crew members of global x flights and they say they did that by logging into i think it's called the nav blue account yeah and it's like a it's made by airbus and it's like a flight operations platform the use of flight tracking and that sort of thing um i haven't seen a screenshot screenshot of that message being sent to pilots, but the hacker did send screenshots of them apparently logged into this system

with a bunch of

information that relates to Global X.

So, you know, there was almost a wider compromise here than just the data and the website itself.

Jason, I mean, we're continuing to explore the data in the ways that we can, and which are in the public interest.

But what's your sort of takeaway from the data that we have at the moment?

Is it just like the scale of the data or how detailed it is?

Or like, what's your takeaway from it at the moment?

I mean, sort of similar to the signal telemessage, not the signal hack, but the telemessage hack.

Like, I think it's a pretty big deal.

I mean, this is the data is not as sensitive.

I mean, it's, it's sensitive in that it has like personal information about,

you know, people.

It has personal information about people who are on these flights, but it's like, this is

a government contractor that is doing work, like very, very, very, very high profile work for the federal government.

And,

you know,

hacked pretty quickly, seemingly, I mean, we don't know how trivial this hack was.

Like, we don't know the technical aspects of how this hack worked, but it shows to me that like hacktivism is back.

It shows to me that, you know, there are people who are trying to uncover this sort of data and share it with journalists and share it publicly.

And

I mean, I think it's like a bigger deal for the political implications of it versus the like actual

data being shared.

Obviously, it's incredibly important if a family member or loved one is on one of these flights and you didn't know.

But

it just sort of shows that, like, collaborating with this administration sort of makes you a potential target for hackers.

And there's like, there's currently politically motivated hackers like looking after, looking into these companies that are working with the administration to carry out its agenda.

I think that's really, really notable.

I don't know what do you all think?

I think that's fair.

And I don't know, I don't know if it's like a spike or an uptick.

I don't really know how to explain it, but it is absolutely notable that on Sunday, telemessages hack.

And then on Monday, hackers reach out with this global X data as well, you know.

And maybe it is just a coincidence, but you're probably right in there's something there in that

people

are responding in certain ways.

And

i guess we might see more of it but it's it's kind of hard to tell you know because as you say wow this is the first time we've seen anonymous in a while the last time i saw anonymous was i don't know when the russian state pretended to be anonymous you know so i'm not going to say they're back or anything but i don't know it's kind of notable that the guy fawk's mask is back in there as well um

all right should we leave that there if you are listening to the free version of the podcast i'll now play us out but if you are a paying 404 media subscriber we're going to talk about the death of one of the most significant deep fake websites on the internet and its legacy and what happens now and the impact of it shutting down.

You can subscribe and gain access to that content at 404media.co.

As a reminder, 404 Media is journalists founded and supported by subscribers.

If you do wish to subscribe to 404 Media and directly support our work, please go to 404media.co.

You'll get unlimited access to our articles articles and an ad-free version of this podcast.

You'll also get to listen to the subscribers-only section where we talk about a bonus story each week.

This podcast is made in partnership with Kaleidoscope.

Another way to support us is by leaving a five-star rating and review for the podcast.

That stuff really helps us out.

Here is one of those from Frugal Panda, one of the few news sources I'm a paid subscriber of.

Great articles, coverage, breaking news, and insightful commentary.

The podcast is a wonderful addition, especially during weeks when I'm too busy to read all the news articles.

How do they publish so much?

I don't know.

This has been For Reform Media.

We will see you again next week.