journalist covering hackers/crime/privacy for @motherboard. Signal: +44 20 8133 5190. Wickr: josephcox. XMPP: jfcox@jabber.ccc.de. Email: joseph.cox@vice.com

Joined March 2011
The data is being distributed by a different Telegram bot. It provides customers with the phone numbers of people who liked a specific Facebook Page. Some cost money, but if under 100 likes, the data is free. This is how we started to verify vice.com/en/article/qj8dj5/f…
1
19
2
51
After getting data from the bot (names of Facebook users, their phone number, gender), we then found those peoples' Facebook profiles. Then we verified the phone numbers were accurate. I added people on WhatsApp to see their profile picture, for example vice.com/en/article/qj8dj5/f…
1
12
0
37
We also texted and called people to ask if this was their phone number. Multiple people confirmed the phone number we got from an underground bot was theirs vice.com/en/article/qj8dj5/f…
2
12
0
34
These phone numbers don't appear in the 500m cache, according to searches on HIBP and direct searches of the data by Alon Gal. Gal also found only one of the numbers in another previous Facebook breach vice.com/en/article/qj8dj5/f…
1
10
0
32
Show this thread
This comes after lawmakers called the transfer of bidstream data a "goldmine for foreign intelligence services" earlier this month. vice.com/en/article/k78ewv/b…
2
7
0
25
The answer to the basic question "matters." "Data about (almost) everyone online, where they are and where they have been, what they are reading, watching, and listening to, is being broadcast to thousands of companies without any control at all." vice.com/en/article/k78ewv/b…
2
7
1
23
This is the purpose of the questioning. When given explicit chance to answer whether Twitter didn't answer because it didn't want to, or because it didn't know, Twitter declined to specify.
Replying to @swodinsky
someone w a better grasp on adtech infrastructure can feel free to chime in here, but i'm p sure it's fundamentally impossible to get a complete picture of who's getting bidstream data at any given time?
Show this thread
1
4
0
18
Show this thread
Unsealed search warrant application for the Twitter accounts of Richard Preston Jr, who fired a guy and shouted the N-word at a black counter protestor back during the Unite the Right rally
2
3
1
15
Christopher Hughes, part of the encrypted phone company MPC (made by, and for, organized crime) denies being involved in the murder of crime blogger Martin Kok. We previously reported Hughes lured Kok to assassination outside Amsterdam sex club glasgowtimes.co.uk/news/1921…
3
4
0
15
Show this thread
Army Special Operations Wing using social media monitoring tools from Babel Street, which monitors Twitter, Facebook, etc, to see reaction to operations and actions related to weapon systems
5
28
1
54
This is Wickr's first public U.S. law enforcement contract. All of the company's other public contracts are with the Air Force/Army vice.com/en/article/m7ammn/c…
2
9
0
15
Wickr offers disappearing messages as part of its security features. Those disappearing messages can complicate government requirements to preserve text messages (variables on whether it is enabled and/or logged elsewhere) vice.com/en/article/m7ammn/c…
1
8
1
12
Show this thread
CYBERCOM briefing on Kaspersky
17
76
18
330
"Maybe they should be called cultural social media partners not influencers? We are not trying to influence any decision we are trying to project information out further." vice.com/en/article/pkd73n/m…
0
0
0
5
Show this thread
North Korean backed hackers who targeted security researchers recently setup a new fake company website, according to Google blog.google/threat-analysis-…
1
31
4
53
Reasons why the Secret Service does not want to release information on what hacking tools it assessed for use
0
18
0
53
Twitter suspended one of the Amazon FC Ambassador accounts for spam and platform manipulation (an actual account with an Amazon email address; not one of those fake-person-generator ones)
4
37
8
109
The audit also found serious security issues with giving a surveillance contractor direct access to state databases vice.com/en/article/pkd7pk/b…
1
6
0
17
The audit also found that Banjo's system did not pose the significant privacy risk as initially thought. But not because of safeguards; instead the system simply wasn't sophisticated enough vice.com/en/article/pkd7pk/b…
0
4
3
31
Show this thread