The 404 Media Podcast (Premium Feed)

Hello. Welcome to the four zero four media podcast where we bring you unparalleled access in the worlds both online and IRL. Four zero four media is a journalist founded company and needs your support. To subscribe, go to 404media.co. As well as bonus content every single week, subscribers also get access to additional episodes where we respond to their best comments.

Gain access to that content at 404media.co. I'm your host, Joseph. And with me are four zero four media cofounders, Sam Cole.

Hello.

Emmanuel Mayberg. Hello. And Jason Kebler.

What's up?

I don't think we have anything to announce. So, Emmanuel, do you wanna take us into this first story?

Yeah. Our first story today, the headline is the signal the signal clone that Trump admin uses was hacked. This is a collaboration between Joseph and Michael Lee. Before I get to these questions, Joe, how would you how would you describe Michael Lee other than a collaborator and a and a friend of the site?

I would say Michael Lee is a very accomplished technologist and journalist. He used to work at The Intercepts and working with a lot of hacks and leaked data and that sort of thing, and that's where I first knew about his work. And then he actually published a book which is very, very useful. I'm actually gonna bring it up now, The Art of Analyzing Hacked Data Hacked and Leaked Data. And I mean, it's phenomenal.

I need to go back and work through more of it, but it provides journalists like all of these different scripts and guides on how to analyze leaked information. So he's very, very experienced in this world. You know, in the same way we are, we're very experienced in verifying data, but he brings a much more technical frame of mind to you know, and technical expertise for sure.

Yeah. It was really nice working with him. Hopefully, can have him on the pod at some point. So last week, you discovered via an image that Reuters took that the Trump admin was using a signal clone to communicate, and this was made by a company called TeleMessage. What is TeleMessage and how do we know about it?

Yeah. When I zoomed into the photo, and I think some other people did on Blue Sky, they were like, oh, look, they're using signal. When I looked at I was like, there's something odd about that. And it said something like verify TM signal PIN, and then that's how we determined there was actually a different version of signal. And what this is, at least I'll do it I'll explain it in the way that TeleMessage explains it, which is that this is an ordinary version of signal, a complete copy, except it does one thing, which is archive your messages.

Right? And they say they do that securely. And the idea is that, well, if you're a government agency, you need to keep copies of messages for record keeping purposes, for legal reasons as well. And maybe if you work in a regulated industry like finance or something, cryptocurrency, that sort of thing, you probably need to keep records, of messages as well, you know, under SEC regulations and that sort of thing. So the idea is that it provides a secure way to chat while also meeting those archiving requirements.

Yeah. So we

were already having kind of a busy weekend, but then this blew up on Sunday. What happened on Sunday?

Yeah. On Sunday, Micah Micah reached out to us and then me and you spoke about this. And basically, what happened was a hacker had managed to breach teller message in some sort of way. And we didn't have all of the specifics immediately. They only became clearer later.

But Micah put us in touch with the hacker and provided information that this person had provided. And I think we'll talk about, you know, what was hacked and all of that sort of stuff in a minute. But it was immediately clear from seeing the screenshots, some of which we published redacted versions of in the article itself that this looked pretty serious. And as the headline says, and just like really to put a pin on it, the app that at least some members of the Trump administration are using and in that Reuters photo, Mike Waltz appears he's speaking or has chats with JD Vance, Tulsi Gabbard, Marco Rubio as well. Obviously, all incredibly senior members of the Trump administration.

Those conversations potentially or at least people in the Trump administration are using an app, which now it seems has been hacked, which changed our weekend plans. Yeah. So I say that.

So you talked to this hacker. What are they saying? What are they showing us that makes this seem like big news?

Yeah. So they told me how they did article, we don't go into a great amount of detail about that because at the time, we were very concerned that, you know, maybe somebody else could reproduce this or go hack TeleMessage in the same sort of way. As we'll probably get to. That's less of a concern now because tele message has basically suspended operations in response to all of this. But the hacker said it took them, I don't know, fifteen to twenty minutes to actually perform this hack, which I know on on on one side, it's like time doesn't really matter for hacking.

I mean, it's a computer. It's instantaneous. Like, what does that even mean? On the other, what the hack is really referring to is probing the servers and systems and trying to figure out what's an issue here. That's actually a much more human process than it is like a tool driven one or an automated one.

Yeah. They said it was very, very quick and then they provided a couple of things. First were these screenshots of a telly message back end, and one showed a bunch of contact details for customs and border protection officials. There were some Coinbase ones as well. And then what looked to be messages sent between people using the tele message service, it seems.

That's that's the high level anyway.

Yeah. Just in terms of the fifteen to twenty minutes, I think a good comparison is sometimes we talk about iOS zero days, and that's a situation where countless people of the highest level of skill in terms of pen testing and hacking are constantly trying to find vulnerabilities. So I don't know if you can put a number on it, but it's just like many, many, many, many, many hours of trying to find a vulnerability. This is not that. This is someone saying like, oh, look at this thing that is in the news that seems important.

I'm just going to poke around, and they poked around for fifteen minutes and it was not secure. So what is what can what do we know about the actual vulnerability and what more did we see in the hacked materials?

Yeah. Micah did a really good way of phrasing. Because because, of course, the balance here is that Micah Lee is very, very technically minded, but they're also very, very good at writing for a general audience, and, like, I appreciate that. And we took that and maybe we broadened it. I can't quite remember.

But basically, we we all landed on describing the data as sort of snapshots as in this was snapshots of data, telling message data going across a server that the hacker, through this vulnerability, which we're not gonna really explain, was managed to lift those essentially. And to us, it was almost like kind of random what data they got potentially, but what they did get were these series of messages and group chats. And I'll just say straight away, like, we don't know the identity of the hacker, and we don't think they have, you know, Mike Waltz's signal group chats or anything like that. But seeing a signal group chat from this app is obviously highly, highly concerning. Jason, you actually looked a bit more in-depth into one of the the messages.

You came into the article and then you kinda pulled out the signal message. What was that one and why was that interesting to you?

Yeah. I mean, it it was super interesting. It came ostensibly from this company called Galaxy Digital, which is a massive crypto VC firm, I believe. Notably, did some stuff with Vice back when we were there that we weren't involved with. We weren't involved with it in any way, but they they were basically like, they've been around for a long time, and one of the things that they do is they try to make crypto more, like, mainstream and normalized to like, they they're very interested in, like, stablecoins and in sort of, like, making sure that crypto is not overly regulated, but is treated sort of like other investments by the government.

And so there's currently this really important stablecoin bill called the Genius Act that is before the senate right now. And so they're trying to get 60 senators to vote on it, and there are messages. This one said, quote, needs seven Dems to get to 60, would be very close. And then another one said, just spoke to a d staffer on the senate side, so Democratic staffer on the senate side. Two co sponsors, also Brooks, Angela also Brooks, and then Kirsten Gillibrand, who that's the Maryland senator and the New York senator, both Democrats, quote, did not sign the opposition letter, so they think the spill still has a good chance of passage passage of the senate with five more d's supporting it.

You know, there's some typos in there that I just tried to read. But essentially, this was them talking about this bill that is really important right now for this company that has had a lot of news coverage about it, a lot of hype on Capitol Hill, and that they're talking about, like, behind the scenes machinations of trying to get this bill passed. And so pretty wild. Like, this is a peek into the legislative process in D. C.

We don't know exactly, like, who said what or or what's going on here, but it just goes to show that the types of information being shared on signal via the TeleMessage app is really sensitive, potentially very sensitive.

So what are the implications of this given Jason's example and other examples that we've seen?

Yeah. Well, I think the main one is that these messages are seemingly not as secure as tele message has claimed or would probably like some people to believe. So we first broke news of Mike Waltz using this tool, and then there was various piece of media coverage after that. One was in New York Times piece that talked about the potential security risks. Right?

And they have a quote from the president of Smash's enterprise business. That's the company that owns Telemessage. And they said, we do not de encrypt, which is a very weird term, obviously, but the implication being that, well, we take the messages messages that are encrypted and then we archive them. We're not like, you know, unencrypting them, then re encrypt it or doing something like that. Basically, they are saying or suggesting that the messages are secure.

Well, I think that that doesn't really square with the fact that we have a screenshot that is showing a signal message, basically. I don't think you can really combine those together. So that's, you know, obviously the first major thing that messages going across the service are not being properly secured. Then from there, it balloons out to again, as far as we know, the hacker doesn't have Mike Waltz's messages or anything like that, but it does bring up the idea of, well, could other people's messages have been exposed not necessarily to this hacker but to someone else because these very senior officials were using the app. And then I think almost maybe the final thing is that is that if this hacker can identify this issue and exploit it in fifteen to twenty minutes, what can a foreign adversarial intelligence agency like China or Russia or Iran do with the knowledge that the US government uses tele message and this company seemingly has serious serious security issues.

It's it's answered a bunch of questions. It has shown that there is not theoretical risk here. It is really, really real and tangible, but now it brings up even more questions as well almost. Yeah.

I mean, I don't we don't have any evidence to suggest that anyone else knew about this vulnerability before our story, before this hacker found it. But I don't know. If a hacker found it in fifteen minutes, are we to assume that no state actor ever tried poking around here or doesn't know that the government uses this or other corporations use it? It just it's a it's it's what makes the story really scary. Joe, just to like I'm sorry to make you play, like, armchair CSO for a second, but I'm not deep in the weeds on this type of security and privacy stuff.

And when you filed your first story last week, I just looked at TeleMessage's website and it sort of inherently doesn't make sense even with what little I know about security. If you're an organization that wants to communicate securely over messaging, but also for legal reasons has to keep a record of all those messages, how would you do this? Like, does this seem like a sensible way to do this? Is there a better way to do this, do you think?

It's really, really hard because I think kind of what you suggest is that introducing a third party to a chat like this, which is supposed to be a chat between two Signal users or two WhatsApp users or whatever, adding a third party to that, be be that another person, be that a phone that has been affected with malware or in this case, a service archiving messages that inherently introduces some sort of risk. That being said, the risk is gonna be different depending on the implementation. Right? Let's say that the service that's archiving the messages is part of that group chat, so so it has it has the content and then it passes it to a server securely, which also has the key, which then decrypts it. So it's whenever it's moving from place to place, it's still encrypted.

That's a very, very general sort of explanation or diagram of it. But, you know, that could be one way to do it, or maybe this is a better way of doing it. There are probably better ways to do it than what TeleMessage did, which is somehow letting the plain text of the signal message go across the server. But, yeah, inherently, there is a problem here. Absolutely.

Yeah.

I I think I mean, you you brought this up and it's like we don't have any evidence that Mike Waltz's messages were stolen. Like, make that very clear. But, like, this is what a hacker was able to steal in a few minutes. And so I think that that is like, we can't say for certain that that this couldn't have been, like, way worse and that with that a better hacker or sorry. Like, someone who wanted to cause more damage than than this hacker did could have done something much worse than this.

Like, they were in there for not that long and they got, you know, quite interesting stuff. I mean, I just I can't help but think that this is, like, monumental fuck up. Like, this is a really, really bad hack, and I I don't wanna I don't wanna minimize it by just saying like, oh, we don't have evidence that that anything serious was taken because something very serious easily could have been.

Just on that monumental fuck up idea, I think the account Swift on Security shared this the other day, but it was like a CNN article from 2014 where the person who worked on Obama's BlackBerry, like, spoke at DEFCON or something, and they were talking. And I read it. I was like, wow. I don't think I've ever seen this. And it's discussing the time from, you know, when Obama comes into power, and he's like, I really, really want this BlackBerry, and the NSA has to go away and figure out a way to do it more securely.

So the president at the time can communicate with various people on this device of choice, and that was like a massive pain in the ass, it seems, from everything in that article. They had to design additions or modifications. They had to implement it. And, like, it took months and months and months to be able to do that. And then you compare that to what's going on here, and we don't know exactly the procurement process of TeleMessage.

Sure looks like they just bought this tool, which is now doing this crazy insecure stuff. And I don't know. I don't know if even if I really wanna make a broader point about, you know, systemic approach to security. It's definitely not how it was in previous illustrations, I'll say.

Well, we were talking about this amongst ourselves where it's like they ostensibly have tele message because the government has retention rules and banks have retention rules for, like, compliance purposes and things like that. But it as you said, it, like, flies in the face of how this very secure messaging app is designed. It's it's like undermining that at least has the potential to undermine that type of security because you're making copies of the messages and putting them somewhere. And it's just like, I guess it sort of speaks to the fact that government workers, they're just like us. Like, I hate to say where it's like, they don't want to do all of their communication, like, in a skiff, like, in person.

Like, they they are trying to talk to each other over regular messaging apps on their phone, and it just like runs in the face of the type of security that you would ideally hope for for, like, highly sensitive information. It's just like there's not a good way, at least that I know of, to archive this stuff with a third party in the cloud, like, without adding additional attack surface. You know, I I like, Emmanuel and I were just shooting this shit, and I'll like, say it. I think it it's like, I'm curious what people think, but it's like, you know, you can archive it on the phone and then have the have the government workers turn in their phones at some point and forbid them from using disappearing messages or something like that. But it's just like, I don't see how security set up like this where you're just like making copies and and having them be transmitted to a third party service that is not operated by the government is like a good security design.

To be clear, we've said it in the copy many times. I think we said it on the podcast already, but SIGNAL has nothing to do with this fuck up. But I do think there's an element here of the SIGNAL brand being so strong and being the default secure messaging app that whoever did the procurement was like, we need to have SIGNAL, but we also need to archive everything. So let's turn to this solution, which is what would come up if you were looking for something like that. But it completely undermines the the the point of signal and the reason that it is the gold standard for end to end encryption in messaging.

It's very interesting to me that this app even works with signal. And I guess that's just because it's an open source piece of software, but it's like it's it's interesting to me that this can work with signal, like, that that you can essentially clone or fork signal. I don't wanna I don't wanna get too speculative or, like, out over my skis and talk about stuff I don't know anything about, but it it is surprising to me that it's just like a a different client that is interoperable with Signal. It's it's just like, I was surprised to learn that when you first reported it last week, Joseph.

Sorry. So just to establish what a big fuck up it is, I think a lot of that was made clear by looking at what happened after we published this story. Joe, do you wanna go through some of the some of the impact we've already seen?

Yeah. So first of all first of all was NBC News actually followed up with a report on Monday, and they said that another hacker had also managed to get into TeleMessage's system. And it sounds like they got the same information about Queenbase employees that we got. That was another piece of contact information in there, and potentially some other stuff as well, but NBC didn't go into detail on that or maybe the hacker hadn't described at that point. So another hacker got in, basically.

Around this time, TeleMessage suspends service. And we kind of saw the contours of this when their website suddenly became basically like a static page and you couldn't navigate to anything. It seems in the background that they had shut stuff down or something. And I actually got an internal customer FAQ that I was sent, and it's kind of hard to tell the timeline, but it was basically, oh, you can still send messages, but the archiving is not working potentially. So there's a little bit of nuance there that I'm still looking into.

But the main thing is that senator Ron Wyden announced in a letter that was given to the Washington Post, and then we wrote it up as well that he's demanding an investigation from the DOJ into this whole debacle, and that includes the national security risk, the tele message poses, the counterintelligence risk, and, you know, the potential Israeli connection, which I don't know, it's kind of theoretical at this point, you know, and I'm I'm not super in favor of being like, oh, well, it's from this country or has some sort of connection to this country, so x y z. I don't know. I kinda need to see the consequences of that afterwards. That being said, the security risks were very theoretical until they became very, very real on Sunday night. So, you know, I guess we'll see.

And whether this investigation goes anywhere, I mean, I don't know. You know? Like in the previous administration or or in other ones before that or even even like the first Trump administration, you'd be, oh, well, they'll investigate. You know? I have no idea at this point.

I think what country doesn't matter so much is the fact that the administration knowingly was using a messaging app at the highest, most secure levels that is managed by a foreign company based in a foreign country with great interest into those messages that we now know they could have seen. So it doesn't, I think, really matter which country it is. It just it's a it's a crazy thing to manage communication security in this way.

Yeah. It would it would almost be it it would still be a massive massive news story if the serve if the company was British or Canadian or or any other of, the members of the Five Eyes Alliance, let alone one that's outside of that intelligence sharing alliance as well. Alright. Should we leave that there? When we come back, we can talk about another hack.

It's been a very, very crazy couple of days here. This is about the hack of an airline that's providing a ton of support to Trump's, deportations. We'll be right back after this. Alright. And we are back.

This is one that me and Jason wrote. The headline is Global X Airline for Trump's deportations hacks. I'll just very briefly explain what Global X is. So there's a company called CSI Aviation, and they get this big big contract from Trump and ICE basically to, you know, deport people or remove people and put them on flights. And then that company in turn subcontracts with a bunch of other companies as well.

And one of those is Global X Air. And I've actually been looking into them a little bit, looking at flight data, and I was actually preparing to write about them this week. And then by pure coincidence, a hacker reaches out to us and we believe other journalists are prompted and says they've stolen a bunch of this data. Jason, we're sent this data. I was sort of doing other things while I was writing the story.

I was more talking to the hacker, asking about the motivation, looking at the defacement they put on. You were looking at the data. What do you see when you open it up when you open it up exactly?

Yeah. So it was a bunch of JSON files and text mess dot TXT files. And so JSON is database format file format, and it's organized by day. And so there's, like, a bunch of folders from, like, January, February, March, which is important because a lot of these flights took place in March, a lot of the most important ones at least, and then April and May. So the data goes up until, like, three days ago, like, pretty recent.

And you open that up, and it basically has flight data for each individual flight that Global X flew. And so the flight data includes, like, the originating airport, the scheduled time, the plane flown, the number of passengers booked on the plane. I don't know if you'd say booked, but that's what they say. It's like the number of passengers on the plane. And then, like, scheduled departure time, scheduled arrival time, etcetera, etcetera.

And then for each of those, there's a passenger list as well. And so the passenger list includes a bunch of guards, so people who worked on the plane, and then the names of everyone who was on it. And so, I mean, this is really important. It's really important because we don't know necessarily every single person who has been deported by the Trump administration. There's been conflicting information about who was put on what flight, where they ended up, things like that.

And so, basically, like, when I started looking at this, I was like, how can we confirm that this is real? Like, with it that this is real information? And I think that we knew that GlobalX got hacked because their website got defaced, as you mentioned. So very notably, Anonymous, like, who knows? But, you know, the the hacktivist group, Anonymous, claimed credit for this, and they put, quote, Anonymous has decided to enforce the judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans.

And then some other stuff, Guy Fawkes mask, the sort of, like, standard anonymous. I believe they also included, like, we do not forgive. We do not forget. We are legion.

They have the classic anonymous taglines at the bottom of the defacement. Yeah.

Right. And it's been a long time since we've seen since I've seen that on, like, a a notable hack, I would say. So, I mean, who knows? Who knows who, like, actually did this hack? But that was notable to me.

But that that was, like, confirmation that they did hack this company in some way, shape, or form. But just because you deface a website does not mean that you were able to steal data and does not mean that the data was real. And so I got to work just trying to confirm that it was real. And the way that I did that was I cross referenced names that I could find in court cases of people who are known to be on specific flights. Like, was able to find Kilmar Arbrego Garcia on a specific flight.

I was able to find a few other people whose names were much less known. Like, you know, I found their names kind of deep in different court cases. There was also a CBS News article that had the names of over a hundred people, a hundred Venezuelans who were on an internal deport list from the administration that they published. And all of them were on or all the ones I checked, I checked a few dozen, were on one of these flights. And then notably, there there's the supreme court case about the legality of these deportation flights and the sort of due process question, and we don't need to get into the specifics there.

But within those court records, there is references to specific global x flights on specific days that has, you know, information about when they took off, when they landed, sort of confirmed as deportation flights. And so all of that checked out as well. And then sort of later, we we there was the name of someone who whose name was previously not known publicly at all.

Well and and this came so we we're very confident in the hack because as you say, it's a face, that's really good. And then we increasingly get more and more confident about the the passenger names as well to the point where we're like, okay. We're good. Yeah. This is definitely publishable.

And then we do that. And then on Tuesday morning, Sam actually flags another story which had just come out, and it talked about somebody who was deported. Previously, in the court case, they were only known as under a pseudonym. Then this Politico report and I presume others as well include the name Daniel Lozano Camargo and that name was not known. It was not public when this hack happened and when we got the data.

I then looked through the data for that name, and sure enough, there's an exact match, you know, of that name in this data. And for me, that's like, oh, okay. This is somehow we already knew it was good and verified, but this was damn. This was like the slam dunk in my opinion. What do you think of what do you think of that, Jason?

Yeah. I mean, I agree with you. That's sort of like % confirmation that this is, you know, real and taken from the company. I think I was already incredibly confident that it was real just because I mean, it it can be difficult because there are people out there who just try to like fuck with journalists and would maybe fabricate data in some way or would maybe compile database entries from previous hacks and things like that. I was very, very, very confident that this was real even before that just because a lot of the things that I was able to confirm were quite obscure.

It wasn't just the high profile cases you were you were matching. Yeah.

Yeah. And some of the some of the names and things I found, like, deep in PACER, which is the, you know, federal court records database. And it's just like, in cases that have hundreds of different documents, I was able to find the name, you know, in document number 73 on page 95. And it's just like that, the the idea that something so specific would be fabricated and and everything that I looked at checked out, like, aligned exactly with reality as we knew it. Like, it it was just very, very sophisticated.

And also, frankly, there was a lot of data. And so it wasn't like, oh, there there's like one little piece that we can confirm here. It was like everything was checking out. But, I mean, that that's ultimately, like, the slam dunk was this name that was previously not known publicly at all is in there. It's like % in my opinion.

Yeah. And I should say that Global X has not replied to a request for comment. I sent multiple emails to them. I phoned up the office, I think, of the CFO or at least an executive. They weren't available.

Left a message on their voicemail. Asked the assistant, hey. Well, so have you been hacked? Like, I need to ask you that. And she said, I don't have any information about that at the moment, which is not a yes or a no.

But it's a really mellow because, of course, we've independently verified. I guess just briefly on on the defacement as well as showing that, hey. This hacker has some sort of access where they're able to upload something to the company's website. I mean, the message on there as well sort of links it to this federal court ruling, you know, where a judge said the deportations, you know, basically were legal, right, under the alien enemies acts that Trump has been doing some of the deportations after under. So I I I can't be a % sure when the hack happened, but as you said, the data went up to a few days ago and then that ruling was on May 1.

So, you know, maybe it's in response to that. That's at least what they're claiming. The other thing I'll say, and this is a bit harder and I'm sure reports about this will come out, But the hacker told me that they sent that defacement or that message to GlobalX's employees, and then they also sent something similar to pilots and crew members of GlobalX flights, and they say they did that by logging into I think it's called the NavBlue account. Yeah. And it's like a it's made by Airbus, and it's like a flight operations platform.

We use a flight tracking and that sort of thing. I haven't seen a screenshot of that message being sent to pilots, but the hacker did send screenshots of them apparently logged into this system with a bunch of information that relates to GlobalX. So, you know, there there there was almost a wider compromise here than just the data and the website itself. Jason, I mean, we're we're continuing to explore the data in the ways that we can and wish we're in the public interest. But what's your sort of takeaway from the data that we have at the moment?

Is it just like the scale of the data or how detailed it is? Or like, what's your takeaway from it at the moment?

I mean, sort of similar to the signal telemessage, not the signal hack, but the telemessage hack. Like, I think it's a pretty big deal. I mean, the this is the the data is not as sensitive. I mean, it's it's sensitive in that it has, like, personal information about, you know, people. It has it has personal information about people who are on these flights, but it's like this is a government contractor that is doing work, like very, very, very, very high profile work for the federal government and, you know, hacked pretty quickly, seemingly I mean, we don't know how trivial this hack was, like, don't know the technical aspects of how this hack worked, but it shows to me that, like, hacktivism is back.

It shows to me that, you know, there there are people who are trying to uncover this sort of data and and share it with journalists and share it publicly. And, I mean, I I think it's like a bigger deal for the political implications of it versus the, like, actual data being shared. Obviously, it's incredibly important if a family member or loved one is, you know, on one of these flights and you didn't know, but it just sort of shows that, like, collaborating with this administration sort of makes you a potential target for hackers. And there's, like, there's currently politically motivated hackers, like, looking after looking into these companies that are working with the administration to to carry out its agenda. I think that's really, really notable.

I don't know. What what do you all think?

I think that's fair. And I I don't know I don't know if it's like a spike or an up tick. I don't really know how to explain it, but it is absolutely notable that on Sunday, TeleMessage is hacked. And then on Monday, hackers reach out, with this GlobalX data as as well. You know?

And maybe it is just a coincidence, but you're probably writing that there's something there in that people are responding in in certain ways, and I guess we might see more of it. But it's it's kind of hard to tell, you know, because as you say, wow. This is the first time we've seen anonymous in a while. The last time I saw anonymous was, I don't know, when the Russian state pretended to be anonymous, you know, so I'm not gonna say they're back or anything, but I don't know. It's kinda notable that the Guy Fawkes mask is back in there as well.

Alright. Should we leave that there? If you are listening to the free version of the podcast, I'll now play us out. But if you are a paying four zero four media subscriber, we're gonna talk about the death of one of the most significant deepfake websites on the Internet and its legacy and what happens now and and the impact of it shutting down. You can subscribe and gain access to that content at 4040.

We'll be right back after this. Alright. And we're back in the subscribers only section. Sorry. I'm checking who wrote it.

Okay. It was Emmanuel and Sam. I I knew that at least one of you worked on it. Okay. So you both wrote this and the headline is mister deepfakes, the biggest deepfake porn site on the internet says it's shutting down for good.

Sam, what was mister deepfakes for those who don't know, for those who aren't well versed in this website?

Yeah. So mister deepfakes was probably I would say it was the biggest or at least the most popular sites, at least on the clear net, for finding deep fakes, for commissioning them from other people to get them made, for buying them, for selling them, for trading, like, advice on how to make better and more realistic deepfakes or, like, taking requests or making requests for other people to make deepfakes for you of, like, a specific person. And, yeah, it's like, I mean, I know it's in the piece, but it was the place to go after a lot of the other porn sites, like Pornhub and, I guess, Twitter at some point also banned defakes, and I don't know if they moderate that anymore, but Reddit. A lot of other sites where, like, deepfakes were on before other sites cracked down on it. This is where everyone went after after they got banned from other sites.

So yeah.

Were were people using mister deepfakes before that ban as well and, like, the the the ban from social media sites made the site grow, or did it, like, give birth to the site, if you see what I mean?

I think

it definitely made it grow. I don't know. Emmanuel, do you remember when mister DeepGigs was actually launched? I feel like it was after the the big first boom of DeepGigs.

Yeah. Maybe look it up while I'm talking, but I believe the order of events is we discover deepfakes in 2017, late '20 '17, And not only is the Reddit user who was named Deepfix, after which this whole practice is named, is sharing videos, deepfake videos for the first time on Reddit, they are also talking about how they are making it, and they start a deepfakes subreddit where immediately there's like a lot of activity about how to make these better and faster and more convincing. And we do a lot of reporting on this. Eventually, I believe it's like early twenty eighteen, Reddit bans that subreddit and then a whole bunch of like really much older subreddits devoted to other forms of non consensual pornography. And after that, that community goes to a few different places, but the main location where that really intense activity about not just sharing the videos, but also developing the methods for making them, that happens on Mr.

Deepfakes, which it's a tube site and it looks it looks a lot like a Pornhub on on the front page and has, you know, categories and creators and tags. You can sort things by celebrity or by the people who are making the videos. But if you click to the forums, that I think is a really significant portion of the site and and and its lasting impact.

Well, why is that then? What what's it about the forums that is so significant? So I

think the the main thing, like, the the the lasting toxic legacy of it is something called Deep Face Lab, which I wrote about in 2022 because at the time, there was this very viral creator who was using deep fake videos, deep fake tech to make himself look like Tom Cruise. And that was just like a very viral genre of video because it was so convincing. It was like a Tom Cruise impersonator who hooked up with a special effects guy who was making the the the deep fake Tom Cruise face, and I found out that they were using this software called Deep Face Lab, and that was pretty much entirely developed on the Mr DeepFakes forum. There were a lot of, like, technically minded people, all anonymous, a lot of them from Russia, but all over the world, who were just kind of sharing the way they were doing it and optimizing it, and eventually released the tool on GitHub, which is still up on GitHub. And they formally introduced this method in a in a in a research paper where a bunch of real people are credited.

Weirdly, researchers at a university in China are credited, but also notably, mister Deepfakes is credited. And back in twenty twenty twenty two, I got in touch with those Chinese academics and I was like and they're they're the ones that actually put the paper together and published it. And I was like, why did you credit mister Deepfakes? And they said, because they provided the space for all that development to happen on the forums. And it's like, there isn't a mister deepfakes who, like, coauthored the paper, but sort of like to honor the mister deepfakes platforms, they credited mister deepfakes in in paper.

So even like that academic research, like, there

is a direct line between that and the forum where people are making nonconsensual porn, basically. And obviously, it's a completely different world now, but, like, that's almost cute back then. Sort of scale there was, it was tiny well, not tiny, but smaller to what it is now.

Yeah. This has changed a little bit in the past two years because of the generative AI revolution. But up until then, the DeepFaceLab GitHub was by and far the most popular tool for making deepfakes, both consensual and nonconsensual.

Sam, may maybe it it well, it it will be somewhere in that timeline we just laid out. But do you remember when you first saw the mister deepfakes forum? And, like, what did you make of it if you can remember?

I mean, I so it would have been in 2018 because that's when it launched pretty soon after deepfakes. Like, I mean, said, the Reddit and Discord rules came down that you can't do that there. So it launched in 2018. I think at its peak, I was just looking up because I was looking up the date specifically. It was four 43,000 videos, 1,500,000,000 views, 4,000 creators, and as people were paying as much as $1,500 for people to make bespoke commissions of deepfakes.

So yeah. I mean, it's it was a big thing.

Could you just briefly elaborate on that? So back in the day almost several years ago at this point, people were saying, hey. I want a deepfake of this person. Here's a photo. Please, could you do is that what was happening?

Yeah. Exactly. Yeah.

And Yeah. You know. And, again, that's that's ancient history at this point because you don't need to pay someone $1,500 to do that anymore. You just download a a random ass app off the App Store.

Right. Yeah. It's like middle schoolers are doing it on their phones.

Right. And not all of them have $1,500. Some do. Not all of them. But why so why is mister deepfakes shutting down?

If it's so successful, which it is or was and so prominent, why is it shutting down? And did this kinda come out of the blue, or have we been building up to this point?

I mean, it's been up and down for the past month. As things go up and websites go up and down, but it was down for a a minute. It was, like, maybe a full day or so about a month ago. And then at that point, it was kinda like, oh, was it gonna come back? What's been going with it?

And it was different in different regions. It's up, and then it was down. And so when this came up, it was like, okay. Is it down for real? Is it down for good?

But then they put this notice up on the site. Right? It's on the site. Right, Emmanuel? Yeah.

So they put this notice on the site that says, a critical service provider has terminated service permanently. Data loss has made it impossible to continue operation. We will not be relaunching any website claiming that is fake. The domain will eventually expire. We are not responsible for future use.

This message will be removed around one week. So, yeah, it's like some one of their service providers, I don't know which or who or, like, who made that call, was critical enough to the site to cause the whole like, they can't relocate. It sounds like they can't move the data. Usually, when a site got like this goes down, they'll it's like, if Cloudflare is, like, no more, you're not allowed anymore, they'll move to another I'm not I'm not saying Cloudflare is the one that did this. But, like, they'll just for example, it's like one web host, web service provider, they'll jump to another one that's more tolerant of whatever they're doing.

But I guess I don't know. They didn't back anything up? Like Yeah.

That's what it sounds like. It

sounds like they

don't have any backups in

their script. Which, I mean, it makes sense that they wouldn't because this is like I mean, it's it's really damaging material to have in your possession. I don't know what all was going on in every nook and cranny of that site. Probably nothing good. Definitely nothing good on the front of it.

But as far as, like, extreme illegality, I don't know. And then at this point, we have the Take It Down Act, which is had just passed house and congress, and it's probably almost definitely gonna get signed by Trump. That just happened last week. So I don't know. Maybe their service provider was like, oh, shit.

We have to start cleaning up some of these sites that we know are gonna be in violation of this new federal law that makes nonconsensual pornography AI or not illegal. So I don't know. I mean, it might it'll probably remain a mystery. It's one of the many mysteries around d bakes, including the identity of the guy who first made this this technology and the the original machine learning algorithms that developed deepfakes. But, yeah, I mean, that's that's all the explanation that we've gotten so far.

Sure. So I'll ask Sam you quest you a question. I'll ask Emmanuel another one, and I'm just randomly picking this. So sorry if you would prefer the other question, but it's the order that's in the Google Doc. So, Sam, what do you think the lasting impact of the shutdown will be?

Like, I'll ask Emmanuel about the legacy, but what do you think the the impact of the shutdown is gonna be like? Are Deepflakes magically gone from the Internet? Like, what's gonna happen?

I mean, like like we just said, it's like you don't really even need to commission a guy at this point. It's like it's it was already not that essential to this, I guess, practice if you wanna call it. But, like, it definitely damages the economy of making deep fakes. It's like it's that's definitely a major platform for making money off of doing it. So there'll be less motivation to do that, which is good.

I don't know. I'm, like, I am unoptimistic about a lot of things, and I'm not I'm not super optimistic about the lasting effects of this. It's like, this is a problem that was never really about the platforms or the tools or the guardrails or any of that. It or the tech companies. I wish all of those would do better, obviously, but you still have people you still have the market for this.

You still have a demand for people wanting to make this stuff. I think that's the real issue is that people feel okay doing this in the open, you know, to whoever without their consent. So, yeah, I think it'll it's when we see things shut down, people just kinda disperse and then they relocate, and that's that's why mister Deepfakes existed in the first place. So I have no doubt that they will move to something else. They're probably organizing somewhere right now to do that on Telegram or whatever.

Like, I don't know where they are. But it it always takes a chunk out of the community when you have to migrate like that. So, you know, if that's that's good, and that's and maybe some people are like, oh, no. I actually don't care about this anymore. I'm not gonna do it anymore.

And it's it's boring to me now because I don't have my little forum to do it on. That definitely happens, but I don't know. It's like some people were, like, making rent on this. So it's like, surely, they were motivated enough to restart it somewhere else, but I don't know.

And, Emmanuel, what do you think about the site's lasting legacy? And I I guess, correct me if I'm wrong, but I guess that might relate to, like, the research where they have this forum where there was like this, for lack of a better way of pulling a very rich research community, like, is is that the lasting legacy of this site? Like, what what do what do you think of it?

Yeah. I think so. Probably, it's the it's the community that grew there. And as Sam just said, I think even before the shutdown, it had already moved elsewhere. It's I mean, frankly, it's happening on Telegram.

Like, from my point of view, the the the bleeding edge of abusing this kind of technology is happening on Telegram. But there are also, like, concrete things that happen there that will live on forever. There's Deep Face Lab, as I said, Joe last week, I think it was last week, he wrote a story about deepfake real time video fraud. And the software that does that, like a really popular way to do it, was an offshoot of DeepFaceLab, and that was developed by the same group of people in a Telegram channel that was born out of mister deepfakes. And

I think I I didn't even realize that at the time. I feel like Right. I was in such a rush to do it and you kinda told me later. I was like, that's crazy. There's a fruit line now Right.

From the porn stuff to the fraud stuff.

Yeah. But it's like, it has spread so far and wide now that there's many different solutions that are more accessible and easier to use now. Right? It's just like somebody goes through the gate first and then that method is replicated and improved upon and and so on. Yeah.

I think it was Hani Farid, who is kind of the the world leading expert on synthetic media that we we talk to a lot, who gave us a comment for this article and I agree with him, which is it's good that it's gone, but it's too little, too late. It's good that the the the all those videos are nuked as far as I can tell. There's they're they're not coming back, but they have spread to other websites. And more importantly, just like the practice is more popular now than it was when the website started, and the fact that it managed to operate for so long did

a

lot of damage. And the fact that it's down now doesn't, like, really instantly undo that damage.

Yeah. It's like almost not needed anymore. Like, it almost did its job in the community.

Yes. I agree with that. It aged out. It's like it it's it's big news that it's gone, but it's it's it aged out as a as a critical critical hub for the community be be before this happened.

Gotcha. Makes sense. Alright. We will leave that there and I will play us out. As a reminder, four zero four media is journalist founded and supported by subscribers.

If you do wish to subscribe to four zero four media and directly support our work, please go to four zero four media dot c o. You'll get unlimited access to our articles and an ad free version of this podcast. You'll also get to listen to the subscribers only section where we talk about a bonus story each week. This podcast is made in partnership with Kaleidoscope. Another way to support us is by leaving a five star rating and review for the podcast.

That stuff really helps us out. Here is one of those from Frugal Panda, One of the few news sources I'm a paid subscriber of. Great articles, coverage, breaking news, and insightful commentary. The podcast is a wonderful addition, especially during weeks when I'm too busy to read all the news articles. How do they publish so much?

I don't know. This has been four zero four Media. We will see you again next week.