Elon Musk's Grok AI Will 'Remove Her Clothes' In Public, On X
Elon Musk’s AI bot is undressing women on X.Emanuel Maiberg (404 Media)
TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.#News
The Signal Clone the Trump Admin Uses Was Hacked
A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.
Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media.
💡
Do you know anything else about TeleMessage? I would love to hear from you. Using a non-work device, you can message me securely on Signal at signalaccount.05 or send me an email at joseph@404media.co.The breach is hugely significant not just for those individual customers, but also for the U.S. government more widely. On Thursday, 404 Media was first to report that at the time U.S. National Security Advisor Waltz accidentally revealed he was using TeleMessage’s modified version of Signal during the cabinet meeting. The use of that tool raised questions about what classification of information was being discussed across the app and how that data was being secured, and came after revelations top U.S. officials were using Signal to discuss active combat operations.
The hacker did not access all messages stored or collected by TeleMessage, but could have likely accessed more data if they decided to, underscoring the extreme risk posed by taking ordinarily secure end-to-end encrypted messaging apps such as Signal and adding an extra archiving feature to them.
“I would say the whole process took about 15-20 minutes,” the hacker said, describing how they broke into TeleMessage’s systems. “It wasn’t much effort at all.” 404 Media does not know the identity of the hacker, but has verified aspects of the material they have anonymously provided.
A screenshot provided by the hacker. Redactions by 404 Media.
The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers. The data is not representative of all of TeleMessage’s customers or the sorts of messages it covers; instead, it is snapshots of data passing through TeleMessage’s servers at a point in time. The hacker was able to login to the TeleMessage backend panel using the usernames and passwords found in these snapshots.A message sent to a group chat called “Upstanding Citizens Brigade” included in the hacked data says its “source type” is “Signal,” indicating it came from TeleMessage’s modified version of the messaging app. The message itself was a link to this tweet posted on Sunday which is a clip of an NBC Meet the Press interview with President Trump about his memecoin. The hacked data includes phone numbers that were part of the group chat.
One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”
playlist.megaphone.fm?p=TBIEA2…
This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.One screenshot of the hacker’s access to a TeleMessage panel lists the names, phone numbers, and email addresses of CBP officials. The screenshot says “select 0 of 747,” indicating that there may be that many CBP officials included in the data. A similar screenshot shows the contact information of current and former Coinbase employees.
Another screenshot obtained by 404 Media mentions Scotiabank. Financial institutions might turn to a tool like TeleMessage to comply with regulations around keeping copies of business communications. Governments have legal requirements to preserve messages in a similar way.
Another screenshot indicates that the Intelligence Branch of the Washington D.C. Metropolitan Police may be using the tool.
A screenshot provided by the hacker. Redactions by 404 Media.
The hacker was able to access data that the app captured intermittently for debugging purposes, and would not have been able to capture every single message or piece of data that passes through TeleMessage’s service. However, the sample data they captured did contain fragments of live, unencrypted data passing through TeleMessage’s production server on their way to getting archived.404 Media verified the hacked data in various ways. First, 404 Media phoned some of the numbers listed as belonging to CBP officials. In one case, a person who answered said their name was the same as the one included in the hacked data, then confirmed their affiliation with CBP when asked. The voicemail message for another number included the name of an alleged CBP official included in the data.
404 Media ran several phone numbers that appeared to be associated with employees at crypto firms Coinbase and Galaxy through a search tool called OSINT Industries, which confirmed that these phone numbers belonged to people who worked for these companies.
The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia. By reviewing the source code of TeleMessage’s modified Signal app for Android, 404 Media confirmed that the app sends message data to this endpoint. 404 Media also made an HTTP request to this server to confirm that it is online.
TeleMessage came to the fore after a Reuters photographer took a photo in which Waltz was using his mobile phone. Zooming in on that photo revealed he was using a modified version of Signal made by TeleMessage. The photograph came around a month after The Atlantic reported that top U.S. officials were using Signal to message one another about military operations. As part of that, Waltz accidentally added the editor-in-chief of the publication to the Signal group chat.
TeleMessage offers governments and companies a way to archive messages from end-to-end encrypted messaging apps such as Signal and WhatsApp. TeleMessage does this by making modified versions of those apps that send copies of messages to a remote server. A video from TeleMessage posted to YouTube claims that its app keeps “intact the Signal security and end-to-end encryption when communicating with other Signal users.”
“The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” the video continues.
It is not true that an archiving solution properly preserves the security offered by an end-to-end encrypted messaging app such as Signal. Ordinarily, only someone sending a Signal message and their intended recipient will be able to read the contexts of the message. TeleMessage essentially adds a third party to that conversation by sending copies of those messages somewhere else for storage. If not stored securely, those copies could in turn be susceptible to monitoring or falling into the wrong hands.
That theoretical risk has now become very real.
A Signal spokesperson previously told 404 Media in email “We cannot guarantee the privacy or security properties of unofficial versions of Signal.”
White House deputy press secretary Anna Kelly previously told NBC News in an email: “As we have said many times, Signal is an approved app for government use and is loaded on government phones.”
The hacker told 404 Media that they targeted TeleMessage because they were “just curious how secure it was.” They did not want to disclose the issue to the company directly because they believed the company might “try their best to cover it up.”
“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said.
404 Media is not explaining in detail how the hacker managed to obtain this data in case others may try to exploit the same vulnerability.
According to public procurement records, TeleMessage has contracts with a range of U.S. government agencies, including the State Department and Centers for Disease Control and Prevention.
Guy Levit, CEO of TeleMessage, directed a request for comment to a press representative of Smarsh, TeleMessage’s parent company. That representative did not immediately respond to an email or voicemail.
Recently, after the wave of media coverage about Waltz’s use of the tool, TeleMessage wiped its website. Before then it contained details on the services it offers, what its apps were capable of, and in some cases direct downloads for the archiving apps themselves.
Neither CBP, Coinbase, Scotiabank, Galaxy Digital, nor Washington D.C. Metropolitan Police responded to a request for comment.
Photo appears to show Mike Waltz using Signal-like app that can archive messages
Former national security adviser Mike Waltz was photographed using a Signal-like messaging app during Wednesday’s Cabinet meeting, more than a month after he first came under intense scrutiny for accidentally including a journalist in a group chat th…Kevin Collier (NBC News)
A photograph of Trump administration official Mike Waltz's phone shows him using an unofficial version of Signal designed to archive messages during a cabinet meeting.
A photograph of Trump administration official Mike Waltzx27;s phone shows him using an unofficial version of Signal designed to archive messages during a cabinet meeting.#News
Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages
A photograph of Trump administration official Mike Waltz's phone shows him using an unofficial version of Signal designed to archive messages during a cabinet meeting.Joseph Cox (404 Media)
A recent memo detailed a future where soldiers can repair their own equipment.#News
Army Will Seek Right to Repair Clauses in All Its Contracts
A new memo from Secretary of Defense Pete Hegseth is calling on defense contractors to grant the Army the right-to-repair. The Wednesday memo is a document about “Army Transformation and Acquisition Reform” that is largely vague but highlights the very real problems with IP constraints that have made it harder for the military to repair damaged equipment.Hegseth made this clear at the bottom of the memo in a subsection about reform and budget optimization. “The Secretary of the Army shall…identify and propose contract modifications for right to repair provisions where intellectual property constraints limit the Army's ability to conduct maintenance and access the appropriate maintenance tools, software, and technical data—while preserving the intellectual capital of American industry,” it says. “Seek to include right to repair provisions in all existing contracts and also ensure these provisions are included in all new contracts.”
playlist.megaphone.fm?p=TBIEA2…
Over the past decade, corporations have made it difficult for people to repair their own stuff and, somehow, the military is no exception. Things are often worse for the Pentagon. Many of the contracts it signs for weapons systems come with decades long support and maintenance clauses. When officials dig into the contracts they’ve often found that contractors are overcharging for basic goods or intentionally building weapons with proprietary parts and then charging the Pentagon exorbitant fees for access to replacements. 404 Media wrote more about this problem several months ago. The issue has gotten so bad that appliance manufacturers and tractor companies have lobbied against bills that would make it easier for the military to repair its equipment.This has been a huge problem for decades. In the 1990s, the Air Force bought Northrop Grumman’s B-2 Stealth Bombers for about $2 billion each. When the Air Force signed the contract for the machines, it paid $2.6 billion up front just for spare parts. Now, for some reason, Northrop Grumman isn’t able to supply replacement parts anymore. To fix the aging bombers, the military has had to reverse engineer parts and do repairs themselves.
Similarly, Boeing screwed over the DoD on replacement parts for the C-17 military transport aircraft to the tune of at least $1 million. The most egregious example was a common soap dispenser. “One of the 12 spare parts included a lavatory soap dispenser where the Air Force paid more than 80 times the commercially available cost or a 7,943 percent markup,” a Pentagon investigation found. Imagine if they’d just used a 3D printer to churn out the part it needed.
As the cost of everything goes up, making it easier for the military to repair their own stuff makes sense. Hegseth’s memo was praised by the right-to-repair community. “This is a victory in our work to let people fix their stuff, and a milestone on the campaign to expand the Right to Repair. It will save the American taxpayer billions of dollars, and help our service members avoid the hassle and delays that come from manufacturers’ repair restrictions,” Isaac Bowers, the Federal Legislative Director of U.S. PIRG, said in a statement.
The memo would theoretically mean that the Army would refuse to sign contracts with companies that make it difficult to fix what it sells to the military. The memo doesn’t carry the force of law, but subordinates do tend to follow the orders given within. The memo also ordered the Army to stop producing Humvees and some other light vehicles, and Breaking Defense confirmed that it had.
With the Army and the Pentagon returning to an era of DIY repairs, we’ll hopefully see the return of PS: The Preventive Maintenance Monthly. Created by comics legend Will Eisner in 1951, the Pentagon funded comic book was a monthly manual for the military on repair and safety. It included sultry M-16 magazines and anthropomorphic M1-Abrams explaining how to conduct repairs.
The Pentagon stopped publishing the comic in 2019, but with the new push in the DoD for right-to-repair maybe we’ll see its return. It’s possible in the future we’ll see a comic book manual on repairing a cartoon MQ-9 Reaper that leers at the reader with a human face.
A tank teaching you how to repair it. Image: DoD archive.
Hegseth orders ‘comprehensive transformation’ of US Army, merging offices and cutting units
""All of these parochial interests and all of these lobbyists that crawl around this building and crawl around Congress, they have succeeded for far too long, and so the first thing is, we are going to start to cut the things we don't want or need," …Ashley Roque (Breaking Defense)
This morning the White House Press Secretary accused Amazon of conducting a 'hostile political action.'
This morning the White House Press Secretary accused Amazon of conducting a x27;hostile political action.x27;#News
Trump Demands Amazon Deny the Reality of What His Tariffs Are Doing to Prices
This morning the White House Press Secretary accused Amazon of conducting a 'hostile political action.'Matthew Gault (404 Media)
For a few hours, 19,000 NFTS that Nike helped mint returned a Cloudflare error instead of the picture people promised would live forever online.#News
NFTs That Cost Millions Replaced With Error Message After Project Downgraded to Free Cloudflare Plan
On Friday, thousands of NFTs that had once sold collectively for millions of dollars vanished from the internet and were replaced with the phrase “This content has been restricted. Using Cloudflare’s basic service in this manner is a violation of the Terms of Service.” The pictures eventually returned but their brief loss, as a result of one of the services that served the NFTs being migrated to a free account, is a reminder of the ephemeral nature of digital goods as well as the craze for crypto-backed pictures that dominated the internet for a few years.The pictures were part of a CloneX RTFKT (pronounced “artifact”) collection, a Nike-backed NFT project done in collaboration with Japanese artist Takashi Murakami. They disappeared because the corporate overlord that acquired them was no longer investing the time or capital into the project it once had.
playlist.megaphone.fm?p=TBIEA2…
At around 5 a.m. EST on the morning of April 24, more than 19,000 NFTs in the CloneX RTFKT (pronounced “artifact”) collection vanished. In their place was white text on a black background that said: “This content has been restricted. Using Cloudflare’s basic service in this manner is a violation of the Terms of Service.”The pictures linked to a URL on Cloudflare’s site that explained a bit more about what was going on. “If you are on a Free, Pro, or Business Plan and your application appears to be serving videos or a disproportionate amount of large files without using the appropriate paid service as described below, Cloudflare may redirect your content or take other actions to protect quality of service,” it said.
One of the original pitches of NFTs is that they would live forever on the internet. The idea is that they were a digital asset, as good as a real world asset like gold or silver, and could never be destroyed or erased. The flicking out of some 19,000 NFTs and the erasure of tens of millions of dollars in Etherium called that into question.
https://x.com/PixOnChain/status/1915352785626845289
NFTs are non-fungible tokens, which use the blockchain to “prove” the ownership of digital assets. In the speculative frenzy that followed, a lot of people got rich minting grotesque pictures and selling them online. The trend peaked around the start of 2022 when Jimmy Fallon and Paris Hilton talked about the then-popular Bored Ape Yacht Club on the Tonight Show.
Nike bought RTFKT in 2021 when corporations and investors thought NFTs would be the next big thing. No one knows what Nike paid for the company, but earlier that year Andreeseen Horowitz had valued RTFKT at $33 million and RTFKT used that number to raise $8 million in capital.
Three years later, Nike decided to pull the plug and sunset the project. At the time, Samuel Cardillo was RTFKT’s CTO and the man in charge of keeping things running. At its height, Cardillo had a team of 12 people helping him run the project. Now it’s just him. He stayed on as a consultant after Nike said it wouldn’t support the project anymore.
He’s currently in the process of migrating Nike’s NFTs off of a DigitalOcean cloud server and onto AWS. “I, personally, wanted to decentralize the assets instead of moving them just to yet another centralized hosting which would be under someone else’s will,” he said.
But Nike gets the final say, even now.
He was using Cloudflare as a third-party service to secure inbound and outbound connections from the user to DigitalOcean. The plan was and is to use this as a bridge while he decentralized the pictures on ArWeave—a blockchain for data storage.
According to Cardillo, the images vanished because Cloudflare moved RTFKT onto a free plan earlier than he expected. “The reason we're moving to the free plan is that, RTFKT is sunset, there are no plans to do any drops or anything like that so having a paid plan with Cloudflare makes absolutely no sense anymore,” he told 404 Media.
https://x.com/cardillosamuel/status/1915331631998500879?s=46
Cardillo posted about the issues on RTFKT’s Discord and fielded questions on X while he got the pictures back online. “I understand the panic,” he said. “It’s my duty to ensure that those people can be reassured, it’s part of my responsibility being in charge of all of this.”
Around the same time that the NFTs vanished, some of the people left holding the RTFKT bag filed a lawsuit against Nike. An Australian resident filed the class action lawsuit in Brooklyn, New York federal court. It said that the shoe company ending support for the NFT company led to significant losses for people who had bought them.
Cardillo declined to comment on the lawsuit, but said he still believed in the technology underlying NFTs. “I hope people see the point of this technology itself and stop using it to fuel the casino that crypto became,” he said.
NIKE, Inc. Acquires RTFKT —
The leading creators of virtual sneakers, collectibles and experiences, born in the metaverse, join the NIKE, Inc. family.about.nike.com
The FBI bought multiple hacking tools for $250,000. Despite that, the FBI says it can't find any more records about the tools.
The FBI bought multiple hacking tools for $250,000. Despite that, the FBI says it canx27;t find any more records about the tools.#News
The FBI Can't Find ‘Missing’ Records of Its Hacking Tools
The FBI bought multiple hacking tools for $250,000. Despite that, the FBI says it can't find any more records about the tools.Joseph Cox (404 Media)
A document viewed by 404 Media describes ICE's plans to incorporate data from the Department of Labor (DOL), Health and Human Services (HHS), and the Department of Housing and Urban Development (HUD) into a tool called ATrac.
A document viewed by 404 Media describes ICEx27;s plans to incorporate data from the Department of Labor (DOL), Health and Human Services (HHS), and the Department of Housing and Urban Development (HUD) into a tool called ATrac.#News
ICE Plans Central Database of Health, Labor, Housing Agency Data to Find Targets
A document viewed by 404 Media describes ICE's plans to incorporate data from the Department of Labor (DOL), Health and Human Services (HHS), and the Department of Housing and Urban Development (HUD) into a tool called ATrac.Joseph Cox (404 Media)
Judge says tower dumps violate the 4th amendment, but will let the cops do it this one time, as a treat.#News
Judge Rules Blanket Search of Cell Tower Data Unconstitutional
This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. Subscribe to them here.A judge in Nevada has ruled that “tower dumps”—the law enforcement practice of grabbing vast troves of private personal data from cell towers—is unconstitutional. The judge also ruled that the cops could, this one time, still use the evidence they obtained through this unconstitutional search.
Cell towers record the location of phones near them about every seven seconds. When the cops request a tower dump, they ask a telecom for the numbers and personal information of every single phone connected to a tower during a set time period. Depending on the area, these tower dumps can return tens of thousands of numbers.
playlist.megaphone.fm?p=TBIEA2…
Cops have been able to sift through this data to solve crimes. But tower dumps are also a massive privacy violation that flies in the face of the Fourth Amendment, which protects people from unlawful search and seizure. When the cops get a tower dump they’re not just searching and seizing the data of a suspected criminal, they’re sifting through the information of everyone who was in the location.A Nevada man, Cory Spurlock, is facing charges related to dealing marijuana and a murder-for-hire scheme. Cops used a tower dump to connect his cellphone with the location of some of the crimes he is accused of. Spurlock’s lawyers argued that the tower dump was an unconstitutional search and that the evidence obtained during it should not be. The cops got a warrant to conduct the tower dump but argued it wasn’t technically a “search” and therefore wasn’t subject to the Fourth Amendment.
U.S. District Juste Miranda M. Du rejected this argument, but wouldn’t suppress the evidence. “The Court finds that a tower dump is a search and the warrant law enforcement used to get it is a general warrant forbidden under the Fourth Amendment,” she said in a ruling filed on April 11. “That said, because the Court appears to be the first court within the Ninth Circuit to reach this conclusion and the good faith exception otherwise applies, the Court will not order any evidence suppressed.”
Du argued that the officers acted in good faith when they filed the warrant and that they didn’t know the search was unconstitutional when they conducted it. According to Du, the warrant wasn’t unconstitutional when a judge issued it.
Du’s ruling is the first time the United States Court of Appeals for the Ninth Circuit has ruled on the constitutionality of tower dumps, but this isn’t the first time a federal judge has weighed in. One in Mississippi came to the same conclusion in February. A few weeks later, the Department of Justice appealed the ruling.
There’s a decent chance that one of these cases will wind its way up to the Supreme Court and that SCOTUS will have to make a ruling about tower dumps. The last time the issue was in front of them, they kicked the can back to the lower courts.
In 2018, the Supreme Court considered Carpenter v. United States, a case where the FBI used cell phone location data to investigate a series of robberies. The Court decided that law enforcement agencies violate the Fourth Amendment when they ask for cell phone location data without a warrant. But the ruling was narrow and the Court declined to rule on the issue of tower dumps.
According to the court records for Spurlock’s case, the tower dump that caught him captured the private data of 1,686 users. An expert who testified before the court about the dump noted that “the wireless company users whose phones showed up in the tower dump data did not opt in to sharing their location with their wireless provider, and indeed, could not opt out from appearing in the type of records received in response to [the] warrant.”
Leaked: Palantir’s Plan to Help ICE Deport People
Internal Palantir Slack chats and message boards obtained by 404 Media show the contracting giant is helping find the location of people flagged for deportation, that Palantir is now a “more mature partner to ICE,” and how Palantir is addressing empl…Joseph Cox (404 Media)
Hackers claim to have obtained 4chan's code, emails of moderators, and internal communications.
Hackers claim to have obtained 4chanx27;s code, emails of moderators, and internal communications.#News
4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War
Hackers claim to have obtained 4chan's code, emails of moderators, and internal communications.Matthew Gault (404 Media)
