404 Media

2025-09-26 15:25:00

Behind the Blog: Behind 404 Media's ICE Lawsuit

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss being journalism dorks, our new lawsuit against ICE, and working on bullshit.

JASON: I’m writing this from sunny Athens, Greece, where I’ve been invited to talk about 404 Media at the IMEDD International Journalism Forum, an annual conference. Over the years, I haven’t been to too many conferences, because honestly it was always too disruptive to the day-to-day journalism and work of managing a team to be able to get away. We’re more than two years into this, but one of the nice things about having this company is that I can mostly get my work done whenever makes sense for me, whether that’s late at night in Los Angeles or early in the morning in Greece.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Behind the Blog: Behind 404 Media's ICE Lawsuit

^{Samantha Cole (404 Media)}

404 Media

2025-09-25 16:29:37

The SIM Farm Hardware Seized by the Secret Service Is Also Popular With Ticket Scalpers

Subscribe

Join the newsletter to get the latest updates.

Success

Great! Check your inbox and click the link.

Error

Please enter a valid email address.

Tuesday, the Secret Service said it “dismantled a network” of “300 co-located SIM servers and 100,000 SIM cards across multiple sites.” The Secret Service suggested that this network posed a threat to the United Nations General Assembly meeting, which was “within 35 miles” of the servers and which it said could have been used to “disable cell phone towers.” The story quickly went viral, with the New York Times and CNN’s reports being widely shared and discussed.

CNN reported that the SIM servers were used in swatting calls against members of Congress, and the New York Times quoted an expert who said that they believed the servers could be used for espionage. As security researcher Robert Graham points out in a post called “That Secret Service SIM farm story is bogus—it’s just normal crime,” the Secret Service has not yet released any actual evidence of what the SIM servers were used for and it is unclear how such a setup could be used for “espionage.” Graham notes that, based on photos released by the Secret Service and its description of the operations, claims that such a network could have only been created by a sophisticated nation state actor are particularly ridiculous: “I can pull this off, personally. It’s just a SIM farm. Sure, there’s some capital involved, on the order of $1 million, but it could be setup and managed by a single person. It likely wasn’t setup all at once with that much money, but has been slowly growing for years as profits are funneled back into setting up more SIM accounts,” he wrote.

The discovery of a bunch of SIM banks (also called SIM farms, SMS gateways, and several other things) anywhere is interesting from a spam / cybercrime perspective, and they give a type of cyberpunk visual that, frankly, is extremely my shit. But the breathless way this bust has been announced—with a special video announcement by Secret Service director Sean Curran and a clearly embargoed rollout with the New York Times and CNN, makes these SIM farms seem as though they are particularly special and high tech, when they clearly are not. The technology used, which can be seen clearly in photos released by the Secret Service, are regularly used by SMS scammers, spammers, and marketers, yes, but the tech is also extremely widely used by ticket scalpers seeking to create lots of Ticketmaster accounts with which to buy tickets. This is off-the-shelf technology that anyone can buy and use; if one had enough money, one could surely buy 300 of them from Ejointech, the Chinese company that makes them, and set something like this up.

I have been familiar with and meaning to write about SIM banks for a few months now, specifically because they have become popular with ticket scalpers. Like many “anti-scalping” and anti-fraud measures taken by Ticketmaster, relatively recent updates that require SMS verification to create a new Ticketmaster account and immediately before buying tickets hasn’t actually stopped scalping. Instead, it has created a new underground market for tools that make SMS authentication at bulk easier. By adding this barrier to entry, Ticketmaster has ensured that normal fans have one single attempt to buy tickets, while motivated ticket scalpers with specialized tech can have many attempts at buying tickets.

This SMS verification system has created a new underground market for various technologies and software that lets scalpers game this SMS verification system. SIM boxes are such an important part of that new underground market that Ejointech now advertises one of its products—which looks very much like the models shown in the Secret Service’s images from the seized servers in New York—as specifically being good “for ticketing & bulk SMS.”

“Popular model: used by 5,000+ leading ticket brokers globally & trusted for thousands of large-scale SMS campaigns!,” Ejointech advertises on the $3,730 Ejoin 256 SIM 4G LTE SMS Gateway. On TikTok, it advertises a similar, 512 SIM card model as having “human behavior,” “cloud management,” and “auto SIM card switch.”

“Ticket brokers, streamline your Ticketmaster operations with EjoinTech! Our SMS gateway devices support up to 512 SIM cards, ensuring you never miss a verification code,” the company says. “Designed for efficiency with no unnecessary noise.”
youtube.com/embed/BZnrXxt47Qw?…
There is of course no evidence that the SIM boxes seized by the Secret Service this week were used by ticket scalpers, but there’s also no public evidence released by the Secret Service that suggests they were going to try to disrupt the UN General Council’s meeting. The point I’m making is that these devices and these types of farms have become somewhat common in recent years, and they are used not just to send messages in bulk but to receive them in bulk, too. They are used not just for crimes, but for various grey market and controversial, but not necessarily illegal, purposes too.

“Proxies” and real SIM cards that can receive SMS messages have become critical to the ticket scalping industry. The way ticket scalping works now is that big time brokers will create many (hundreds or thousands) of unique Ticketmaster accounts, each associated with their own phone number. These are sometimes made using prepaid or low-cost wireless carriers like MobileX, whose SIM cards appeared in bulk in Secret Service materials.

Not every big time broker is going to want to roll their own SIM bank, so a series of companies have popped up that offer “proxies,” which just means that they are basically a company running and selling access to phone numbers, keeping them online, and forwarding SMS codes directly to the ticket broker buying them. These companies do not advertise what specific hardware they are using to do this, but SIM boxes could easily be used to do this, and the scale of farm that the Secret Service found is not particularly large considering these types of services exist. They go by names like “WiredSMS,” “TextChest,” “Quick-Text,” “SMSPass,” and “Jivetel,” among others. TextChest advertises “industry-leading physical SIM lines, trusted by thousands.” A company called Seat Heroes notes that it is “carrier compliant” and that “while others rely on risky, unauthorized setups, Seat Heroes runs on the first ever Tier 1 carrier-integrated infrastructure—no modems, no VOIP, just proprietary and exclusive access to genuine numbers—always on, 24/7” and “no SIM banks—just direct connections.”

In practice, ticket brokers connect their proxies—either bought from a third party or rolled by themselves—to other bespoke ticketing-buying software that helps them actually manage tons of Ticketmaster accounts and tons of phone numbers at once. There are a host of ticket broker-specific internet browsers that allow brokers to open hundreds or thousands of browser tabs, which each have a browsing session tied to either a specific SIM card or to an IP proxy which can also be bought from third-party services. This allows brokers to power through Ticketmaster’s “Virtual Waiting Rooms” because a broker can have hundreds or thousands of independent browser sessions waiting as separate “people.” The SIM box (or a SIM proxy service) can then be set up in these bespoke browsers to automatically forward and submit Ticketmaster’s SMS two-factor authentication, which is supposedly designed to prevent scalpers from getting tickets.

At one point, Private Tabs, one of the bespoke browsers for ticket scalpers, was advertising a “SIMBOX HARDWARE ADD-ON,” which could “add 512 phone numbers for $3 per line.”

“These hardware devices allow you to add 512 phone numbers to your Private Tabs account,” an archived version of the Private Tabs website reads. “If you already have one, then you can just add it to the config or call us, and we’ll set it up for ya. This ensures that every account you load in has its dedicated number. Rather than paying $9 to $24 per phone number, you can purchase one of these devices and get a phone line for as little as $3 per number. Typically, they pay for themselves within 2 months since each device can hold 512 numbers. With this device you do not need ‘TextChest’ or ‘Private Tab Phones’ [a proxy service] as you can host your own numbers for half the cost.”

The Private Tabs web browser no longer advertises SIM boxes, and in a FAQ on its current website, it says says people using their own telecom hardware may run into problems: "There have been recent reports as of 9/5/2025 that some people using Chinese hardware is a problem. You may want to contact your phone company before trying to integrate it with the API to confirm it works ok."

Ticketmaster Used Revolving Barcodes to Control Ticket Resale Market and Surveil Customers, DOJ Alleges

"We now not only know the person that bought the ticket, but we’re going to know those three people that you are taking to the show, which we have not known historically."

^{Jason Koebler (404 Media)}

404 Media

2025-09-24 13:00:44

Podcast: We're Suing ICE. Here's Why

We start this week with some news: we are suing ICE for access to its $2 million contract with a company that sells powerful spyware. Paragon sells tech for remotely breaking into phones and reading messages from encrypted chat apps without a target even clicking a link. After the break, we talk about a couple of stories about AI ‘workslop’ and the engineers who fix peoples’ vibe coding. In the subscribers-only section, we start with a malicious game on Steam stealing cryptocurrency from a cancer patient, then we talk about Silk Song.
playlist.megaphone.fm?e=TBIEA2…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
youtube.com/embed/NWuDzmKE8kg?…

• We’re Suing ICE for Its $2 Million Spyware Contract
• AI ‘Workslop’ Is Killing Productivity and Making Workers Miserable
• The Software Engineers Paid to Fix Vibe Coded Messes
• Steam Hosted Malware Game that Stole $32,000 from a Cancer Patient Live on Stream
• Does Silksong Seem Unreasonably Hard? You Probably Took a Wrong Turn

The 404 Media Podcast

Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …

^{Apple Podcasts}

404 Media

2025-09-18 17:46:58

Contractor Used Classified CIA Systems as ‘His Own Personal Google’

This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. Subscribe to them here.

A former CIA official and contractor, who at the time of his employment dug through classified systems for information he then sold to a U.S. lobbying firm and foreign clients, used access to those CIA systems as “his own personal Google,” according to a court record reviewed by 404 Media and Court Watch.

💡
Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Dale Britt Bendler, 68, was a long running CIA officer before retiring in 2014 with a full pension. He rejoined the agency as a contractor and sold a wealth of classified information, according to the government’s sentencing memorandum filed on Wednesday. His clients included a U.S. lobbying firm working for a foreigner being investigated for embezzlement and another foreign national trying to secure a U.S. visa, according to the court record.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Contractor Used Classified CIA Systems as ‘His Own Personal Google’

Dale Britt Bendler “​​earned approximately $360,000 in private client fees while also working as a full-time CIA contractor with daily access to highly classified material that he searched like it was his own personal Google,” according to a court re…

^{Joseph Cox (404 Media)}

404 Media

2025-09-18 17:19:49

Union Warns Professors About Posting In the ‘Current Climate’

A union that represents university professors and other academics published a guide on Wednesday tailored to help its members navigate social media during the “current climate.” The advice? Lock down your social media accounts, expect anything you post will be screenshotted, and keep things positive. The document ends with links to union provided trauma counseling and legal services.

The American Association of University Professors (AAUP) published the two page document on September 17, days after the September 10 killing of right-wing pundit Charlie Kirk. The list of college professors and academics who've been censured or even fired for joking about, criticizing, or quoting Kirk after his death is long.
playlist.megaphone.fm?p=TBIEA2…
Clemson University in South Carolina fired multiple members of its faculty after investigating their Kirk-related social media posts. On Monday the state’s Attorney General sent the college a letter telling it that the first amendment did not protect the fired employees and that the state would not defend them. Two universities in Tennessee fired multiple members of the staff after getting complaints about their social media posts. The University of Mississippi let a member of the staff go because they re-shared a comment about Kirk that people found “insensitive.” Florida Atlantic University placed an art history professor on administrative leave after she posted about Kirk on social media. Florida's education commissioner later wrote a letter to school superintendents warning them there would be consequences for talking about Kirk in the wrong way. “Govern yourselves accordingly,” the letter said.

AAUP’s advice is meant to help academic workers avoid ending up as a news story. “In a moment when it is becoming increasingly difficult to predict the consequences of our online speech and choices, we hope you will find these strategies and resources helpful,” it said.

Here are its five explicit tips: “1. Set your personal social media accounts to private mode. When prompted, approve the setting to make all previous posts private. 2. Be mindful that anything you post online can be screenshotted and shared. 3. Before posting or reposting online commentary, pause and ask yourself: a. Am I comfortable with this view potentially being shared with my employer, my students, or the public? Have I (or the person I am reposting) expressed this view in terms I would be comfortable sharing with my employer, my students, or the public?”

The advice continues: “4. In your social media bios, state that the views expressed through the account represent your own opinions and not your employer. You do not need to name your employer. Consider posting positive statements about positions you support rather than negative statements about positions you disagree with. Some examples could be: ‘Academic freedom is nonnegotiable,’ ‘The faculty united will never be divided,’ ‘Higher ed research saves lives,’ ‘Higher ed transforms lives,’ ‘Politicians are interfering with your child’s education.’”

The AAUPthen provides five digital safety tips that include setting up strong passwords, installing software updates as soon as they’re available, using two-factor authentication, and never using employer email addresses outside of work.

The last tip is the most revealing of how academics might be harassed online through campaigns like Turning Point USA’s “Professor Watchlist.” “Search for your name in common search engines to find out what is available about you online,” AAUP advises. “Put your name in quotation marks to narrow the search. Search both with and without your institution attached to your name.”

After that, the AAUP provided a list of trauma, counseling, and insurance services that its members have access to and a list of links to other pieces of information about protecting themselves.

“It’s good basic advice given that only a small number of faculty have spent years online in my experience, it’s a good place to start,” Pauline Shanks Kaurin, the former military ethics professor at the U.S. Naval War College told 404 Media. Kaurin resigned her position at the college earlier this year after realizing that the college would not defend academic freedom during Trump’s second term.

“I think this reflects the heightened level of scrutiny and targeting that higher ed is under,” Kaurin said. “While it’s not entirely new, the scale is certainly aided by many platforms and actors that are engaging on [social media] now when in the past faculty might have gotten threatening phone calls, emails and hard copy letters.”

The AAUP guidance was co-written by Isaac Kamola, an associate professor at Trinity College and the director of the AAUP’s Center for Academic Freedom. Kamola told 404 Media that the recommendations came for years of experience working with faculty who’ve been on the receiving end of targeted harassment campaigns. “That’s incredibly destabilizing,” he said. “It’s hard to explain what it’s like until it happens to you.”

Kamola said that academic freedom was already under threat before Kirk’s death. “It’s a multi-decade strategy of making sure that certain people, certain bodies, certain dies, are not in higher education, so that certain other ones can be, so that you can reproduce the ideas that a political apparatus would prefer existed in a university,” he said.

It’s telling that the AAUP felt the need to publish this, but the advice is practical and actionable, even for people outside of academia. Freedom of expression is under attack in America and though academics and other public figures are perhaps under the most threat, they aren’t the only ones. Secretary of Defense Pete Hegseth said the Pentagon is actively monitoring the social media activity of military personnel as well as civilian employees of the Department of Defense.

“It is unacceptable for military personnel and Department of War civilians to celebrate or mock the assassination of a fellow American,” Sean Parnell, public affairs officer at the Pentagon, wrote on X, using the new nickname for the Department of Defense. In the private sector, Sony fired one of its video game developers after they made a joke on X about Kirk’s death and multiple journalists have been fired for Kirk related comments.

AAUP did not immediately respond to 404 Media’s request for comment.

MSNBC fires analyst Matthew Dowd over Charlie Kirk shooting remarks

Dowd said the slain activist’s words may have fueled the violence that claimed his life, sparking backlash

^{Joseph Gedeon (The Guardian)}

404 Media

2025-09-15 13:14:17

Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching

📄
This article was primarily reported using public records requests. We are making it available to all readers as a public service. FOIA reporting can be expensive, please consider subscribing to 404 Media to support this work. Or send us a one time donation via our tip jar here.

A data broker owned by the country’s major airlines, including American Airlines, United, and Delta, is selling access to five billion plane ticketing records to the government for warrantless searching and monitoring of peoples’ movements, including by the FBI, Secret Service, ICE, and many other agencies, according to a new contract and other records reviewed by 404 Media.

The contract provides new insight into the scale of the sale of passengers’ data by the Airlines Reporting Corporation (ARC), the airlines-owned data broker. The contract shows ARC’s data includes information related to more than 270 carriers and is sourced through more than 12,800 travel agencies. ARC has previously told the government to not reveal to the public where this passenger data came from, which includes peoples’ names, full flight itineraries, and financial details.

“Americans' privacy rights shouldn't depend on whether they bought their tickets directly from the airline or via a travel agency. ARC's sale of data to U.S. government agencies is yet another example of why Congress needs to close the data broker loophole by passing my bipartisan bill, the Fourth Amendment Is Not For Sale Act,” Senator Ron Wyden told 404 Media in a statement.

💡
Do you know anything else about ARC or the sale of this data? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

ARC is owned and operated by at least eight major U.S. airlines, publicly released documents show. Its board of directors includes representatives from American Airlines, Delta, United, Southwest, Alaska Airlines, JetBlue, and European airlines Air France and Lufthansa, and Canada’s Air Canada. ARC acts as a bridge between airlines and travel agencies, in which it helps with fraud prevention and finds trends in travel data. ARC also sells passenger data to the government as part of what it calls the Travel Intelligence Program (TIP).

TIP is updated every day with the previous day’s ticket sales and can show a person’s paid intent to travel. Government agencies can then search this data by name, credit card, airline, and more.

The new contract shows that ARC has access to much more data than previously reported. Earlier coverage found TIP contained more than one billion records spanning more than 3 years of past and future travel. The new contract says ARC provides the government with “5 billion ticketing records for searching capabilities.”

Screenshots of the documents obtained by 404 Media.

404 Media obtained the contract through a Freedom of Information Act (FOIA) with the Secret Service. The contract indicates the Secret Service plans to pay ARC $885,000 for access to the data stretching into 2028. A spokesperson for the agency told 404 Media “The U.S. Secret Service is committed to protecting our nation’s leaders and financial infrastructure in close coordination with our federal, state, and local law enforcement partners. To safeguard the integrity of our work, we do not discuss the tools used to conduct our operations.” The Secret Service did not answer a question on whether it seeks a warrant, subpoena, or court order to search ARC data.

404 Media has filed FOIA requests with a wide range of agencies that public procurement records show have purchased ARC data. That includes ICE, CBP, ATF, the SEC, TSA, the State Department, U.S. Marshals, and the IRS. A court record reviewed by 404 Media shows the FBI has asked ARC to search its databases for a specific person as part of a drug investigation.
playlist.megaphone.fm?p=TBIEA2…
The ATF told 404 Media in a statement “ATF uses ARC data for criminal and investigative purposes related to firearms trafficking and other investigations within ATF’s purview. ATF follows DOJ policy and appropriate legal processes to obtain and search the data. Access to the system is limited to a very small group within ATF, and all subjects searched within ARC must be part of an active, official ATF case/investigation.”

An ARC spokesperson told 404 Media in an email that TIP “was established by ARC after the September 11, 2001, terrorist attacks and has since been used by the U.S. intelligence and law enforcement community to support national security and prevent criminal activity with bipartisan support. Over the years, TIP has likely contributed to the prevention and apprehension of criminals involved in human trafficking, drug trafficking, money laundering, sex trafficking, national security threats, terrorism and other imminent threats of harm to the United States.”

The spokesperson added “Pursuant to ARC’s privacy policy, consumers may ask ARC to refrain from selling their personal data.”

After media coverage and scrutiny from Senator Wyden’s office of the little-known data selling, ARC finally registered as a data broker in the state of California in June. Senator Wyden previously said it appeared ARC had been in violation of Californian law for not registering while selling airline customers’ data for years.

Airline-Owned Data Broker Selling Your Flight Info to DHS Finally Registers as a Data Broker

It’s a legal requirement for data brokers to register in the state of California. ARC, the airlines-owned data broker that has been selling your flight information to the government for years, only just registered after being contacted by the office …

^{Joseph Cox (404 Media)}