Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.

A young technologist known online as “Big Balls,” who works for Elon Musk's so-called Department of Government Efficiency (DOGE), has access to sensitive US government systems. But his professional and online history call into question whether he would pass the background check typically required to obtain security clearances, security experts tell WIRED.

Edward Coristine, a 19-year-old high school graduate, established at least five different companies in the last four years, with entities registered in Connecticut, Delaware, and the United Kingdom, most of which were not listed on his now-deleted LinkedIn profile. Coristine also briefly worked in 2022 at Path Network, a network monitoring firm known for hiring reformed blackhat hackers. Someone using a Telegram handle tied to Coristine also solicited a cyberattack-for-hire service later that year.

Coristine did not respond to multiple requests for comment.

One of the companies Coristine founded, Tesla.Sexy LLC, was set up in 2021, when he would have been around 16 years old. Coristine is listed as the founder and CEO of the company, according to business records reviewed by WIRED.

Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.

"Foreign connections, whether it's foreign contacts with friends or domain names registered in foreign countries, would be flagged by any agency during the security investigation process," Joseph Shelzi, a former US Army intelligence officer who held security clearance for a decade and managed the security clearance of other units under his command, tells WIRED.

A longtime former US intelligence analyst, who requested anonymity to speak on sensitive topics, agrees. “There's little chance that he could have passed a background check for privileged access to government systems,” they allege.

Another domain under Coristine’s control is faster.pw. The website is currently inactive, but an archived version from October 25, 2022 shows content in Chinese that stated the service helped provide “multiple encrypted cross-border networks.”

Prior to joining DOGE, Coristine worked for several months of 2024 at Elon Musk’s Neuralink brain implant startup, and, as WIRED previously reported, is now listed in Office of Personnel Management records as an “expert” at that agency, which oversees personnel matters for the federal government. Employees of the General Services Administration say he also joined calls where they were made to justify their jobs and to review code they’ve written.

Other elements of Coristine’s personal record reviewed by WIRED, government security experts say, would also raise questions about obtaining security clearances necessary to access privileged government data. These same experts further wonder about the vetting process for DOGE staff—and, given Coristine’s history, whether he underwent any such background check.

The White House did not immediately respond to questions about what level of clearance, if any, Corisitine has and, if so, how it was granted.

At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn résumé. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company.

“If I was doing the background investigation on him, I would probably have recommended against hiring him for the work he’s doing,” says EJ Hilbert, a former FBI agent who also briefly served as the CEO of Path Network prior to Coristine’s employment there. “I’m not opposed to the idea of cleaning up the government. But I am questioning the people that are doing it.”

**Got a tip?**

_Are you a current or former US government employee? We'd like to hear from you. Using a nonwork phone or computer, contact the reporters securely on Signal at Andy.01 (Andy Greenberg), DavidGilbert.01 (David Gilbert), or +1 (347) 722-1347 (Lily Hay Newman)._

Potential concerns about Coristine extend beyond his work history. Archived Telegram messages shared with WIRED show that, in November 2022, a person using the handle “JoeyCrafter” posted to a Telegram channel focused on so-called distributed denial of service (DDoS) cyberattacks that bombard victim sites with junk traffic to knock them offline. In his messages, JoeyCrafter—which records from Discord, Telegram, and the networking protocol BGP indicate was a handle used by Coristine—writes that he’s “looking for a capable, powerful and reliable L7” that accepts bitcoin payments. That line, in the context of a DDoS-for-hire Telegram channel, suggests he was looking for someone who could carry out a layer-7 attack, a certain form of DDoS. A DDoS-for-hire service with the name Dstat.cc was seized in a multinational law enforcement operation last year.

The JoeyCrafter Telegram account had previously used the name “Rivage,” a name linked to Coristine on Discord and at Path, according to Path internal communications shared with WIRED. Both the Rivage Discord and Telegram accounts at times promoted Coristine’s DiamondCDN startup. It’s not clear whether the JoeyCrafter message was followed by an actual DDoS attack. (In the internal messages among Path staff, a question is asked about Rivage, at which point an individual clarifies they are speaking about “Edward.”)

"It does depend on which government agency is sponsoring your security clearance request, but everything that you've just mentioned would absolutely raise red flags during the investigative process," says Shelzi, the former US Army intelligence officer. He adds that a secret security clearance could be completed in as little as 50 days, while a top-secret security clearance could take anywhere from 90 days to a year to complete.

Coristine’s online history, including a LinkedIn account where he calls himself Big Balls, has disappeared recently. He also previously used an account on X with the username @edwardbigballer. The account had a bio that read: “Technology. Arsenal. Golden State Warriors. Space Travel.”

Prior to using the @edwardbigballer username, Coristine was linked to an account featuring the screen name “Steven French” featuring a picture of what appears to be Humpty Dumpty smoking a cigar. In multiple posts from 2020 and 2021, the account can be seen responding to posts from Musk. Coristine’s X account is currently set to private.

Davi Ottenheimer, a longtime security operations and compliance manager, says many factors about Coristine’s employment history and online footprint could raise questions about his ability to obtain security clearance.

“Limited real work experience is a risk,” says Ottenheimer, as an example. “Plus his handle is literally Big Balls.”

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers

The dismantling of USAID by Elon Musk's DOGE and a State Department funding freeze have severely disrupted efforts to help people escape forced labor camps run by criminal scammers.

As Elon Musk’s DOGE team continues to rampage through United States federal agencies, Trump administration efforts to eliminate the United States Agency for International Development (USAID) seem to be furthest along. The impacts of the agency’s dismantling on humanitarian relief, public health, and human rights work, combined with the wider 90-day State Department pause on foreign aid payments, are already far-reaching and severe around the world. Sources tell WIRED that the situation is also impacting anti-human-trafficking work targeted at addressing forced labor compounds that fuel digital fraud like investment scams.

The funding cuts and pauses have immediately made it harder for people to safely escape scam compounds, according to half a dozen sources working to combat scams and trafficking. The cuts have also shrunk services that house and care for human trafficking victims and are limiting investigatory work into criminal groups. After just days of funding disruptions, sources say that the cuts have caused “chaos” for staff working to help survivors on a daily basis. Some organizations have already gone dark, and relief workers add that the withdrawal of services could embolden the criminal groups behind the fraud.

“It is a really, really bad situation,” says one person working in the anti-scam sector in Southeast Asia. The individual, as with several sources in this story, requested anonymity due to the sensitive nature of the work and ongoing changing situation. They say small grassroots organizations, which may have only a handful of staff each but help identify and work with trafficking victims, have been widely affected. “This pause will mean that organizations that essentially shifted their work from different forms of trafficking to looking at scamming compounds will cease to exist,” they say.

USAID and the US State Department did not immediately respond to questions from WIRED about the situation.

**Got a tip?**

_Are you a current or former USAID or State Department employee or a worker familiar with anti-human-trafficking efforts? We’d like to hear from you. Using a nonwork phone or computer, contact Matt Burgess securely on Signal at mattburgess.20 and Lily Hay Newman at +1 (347) 722-1347._

Over the past five years, dozens of “scam compounds” have been constructed in Southeast Asia, particularly within Myanmar, Laos, and Cambodia. Run by organized crime groups, which often have links to Chinese nationals, more than 200,000 people from 100-plus countries have been trafficked into the compounds—often under the pretense of getting a legitimate job. These people are often held captive, beaten and tortured, and forced to work long shifts running online scams targeting people around the world, including in the United States. While the compounds engage in a range of fraudulent activity, so-called pig butchering scams have been the predominant focus, with global losses estimated at $75 billion or more.

Law enforcement efforts in Southeast Asia to tackle scam compounds and the criminal organizations heavily profiting from them have sometimes made progress, but have also been widely criticized for corruption and failing to comprehensively deal with the problem. However, a patchwork of NGOs, charities, and anti-trafficking organizations have been attempting to fill the gaps, helping victims escape and get access to legal advice, health care, and other resources. A US State Department webpage details more than $272 million in funding provided to fight human trafficking around the world, with Southeast Asia programs that include investigative efforts, survivor protection, and more. And USAID directly funds humanitarian groups in the region.

Julia Macher, the CEO of Freedom Collaborative, a network that has been impacted by the freezes and works with grassroots groups fighting scam compounds, says the repercussions of the drastic changes at USAID have been “instantaneous.”

“Our partners say that for some survivors they are in touch with inside the scam centers, even if they can somehow manage to get out, they then have no place to put them. Then, the survivors have no money for a flight home and no place to go, so they get re-recruited into the centers, as they do not have any real alternative options,” Macher says. “Some survivors have injuries like broken bones from jumping out the window to escape, and now the organizations have no money to put them into the hospitals, and without medical care, the survivors could become paralyzed.”

Multiple sources tell WIRED that organizations that have relied on funding have had to stop or reduce work and lay off staffers. Macher, who has been running working groups with members of her network over the last week, says some survivors of scam compounds are being given assistance to return home; however, shelters that temporarily house them and provide care have been impacted. “Without a safe and dependable shelter to house them after their escape, some survivors opt to return to their exploitative work inside the scam centers despite knowing the risks,” Macher says.

“There are shelters in neighboring countries like Cambodia and Myanmar for people who’ve just been rescued, and there are helplines and so on that have now lost all of their funding overnight,” says Michael Brosowski, the founder of Blue Dragon, an impacted charity that has rescued more than 1,700 trafficking victims, including keeping people from being trafficked into brothels connected to online scamming.

Brosowski says Blue Dragon has been working to reduce the worst of the harm caused by the funding freezes. “We’ve been scrambling to work out what we can cut, how can we scale back, without losing the most direct work,” Brosowski says. For example, training programs for social workers who aid survivors of trafficking may have to be cut, Brosowski says.

Even if some funding does return—the State Department’s freeze is set to be in place for 90 days—organizations supporting victims may never be the same as staffers are forced to get other jobs or move away from the areas where they have been working locally with survivors. This loss of expertise will be extremely detrimental to the relief efforts, sources say.

“They’ve damaged relationships with local partners or authorities with whom they used to be working regularly to address these issues,” say two researchers at a global think tank who have had their work on policy recommendations on tackling scam compounds to the US government disrupted.

Aside from humanitarian efforts, the funding pauses are likely to allow, even temporarily, criminal organizations to further flourish. Some of the funding cuts impact programs designed to help identify potential criminals and assist local law enforcement efforts, according to one government affairs official at an international NGO with multiple US grants.

“Identifying criminal networks, identifying the bad actors, sending the information to the National Security Council. Everything that should be going on is stopped,” add the two global think tank researchers.

Ultimately, all of this means that trafficking victims will be trapped working in unimaginable conditions while more people in the US and around the world will be at risk of becoming victims in the ongoing fraud run from the compounds.

“These scam compounds, they scam people who are in the USA,” Brosowski, of Blue Dragon, says. “The US government might save hundreds of millions of dollars from cutting these sorts of programs, but the scammers are going to take billions.”

The Collapse of USAID Is Already Fueling Human Trafficking and Slavery at Scammer Compounds

Ransomware gangs continued to wreak havoc in 2024, but new research shows that the amounts victims paid these cybercriminals fell by hundreds of millions of dollars.

For much of the past year, the trail of destruction and mayhem left behind by ransomware hackers was on full display. Digital extortion gangs paralyzed hundreds of US pharmacies and clinics through their attack on Change Healthcare, exploited security vulnerabilities in the customer accounts of cloud provider Snowflake to breach a string of high-profile targets, and extracted a record $75 million from a single victim.

Yet beneath those headlines, the numbers tell a surprising story: Ransomware payments actually fell overall in 2024—and in the second half of the year dropped more precipitously than in any six-month period on record.

Cryptocurrency tracing firm Chainalysis today released a portion of its annual crime report focused on tracking the ransomware industry, which found that ransomware victims’ extortion payments totaled $814 million in 2024, a drop of 35 percent compared to the record $1.25 billion that hackers extracted from ransomware victims the previous year. Breaking down the payments over the course of 2024 shows an even more positive trend: Hackers collected just $321 million from July through December compared to $492 million the previous half year, the biggest falloff in payments between two six-month periods that Chainalysis has ever seen.

“The drastic reversal of the trends we were seeing in the first half of the year to the second was quite surprising,” says Jackie Burns Koven, who leads cyber threat intelligence at Chainalysis. She suggests that dropoff is likely due to law enforcement takedowns and disruptions, some of which had delayed effects that weren't immediately apparent in the first half of the year as ransomware victims and the cybersecurity industry grappled with catastrophic attacks.

“Don't get me wrong: For everyone who's a defender or an incident responder, it's been _a year,_" Burns Koven says. “But it is noteworthy that for the major attacks that occurred last year, those groups don't exist anymore or have been laying low. There's been a strong signal from law enforcement that if you cross the line, there's going to be consequences.”

US and UK law enforcement scored two significant disruptions of major ransomware groups around the beginning of 2024: Six days before Christmas of 2023, the FBI announced that it had found vulnerabilities in the encryption software used by the group known as BlackCat or AlphV, distributed decryption keys to victims to foil the group’s extortion tactics, and taken down the dark-web sites the group had used to issue its threats. Two months later, in February of 2024, the UK’s National Crime Agency carried out an operation against the notorious ransomware group Lockbit, hijacking its infrastructure, seizing its cryptocurrency wallets, taking down its dark-web sites, and even obtaining information about its members and cybercriminal partners.

Initially, however, both groups seemed to bounce back from those busts. AlphV in February announced that it had hacked Change Healthcare, disabling payments at hundreds of US clinics and pharmacies and extracting $22 million from the United Healthcare–owned company in one of the worst health-care-related ransomware incidents in history. Lockbit, too, seemed to shake off the NCA’s blows, immediately launching a new dark-web site where it continued to extort victims old and new.

But in fact, both law enforcement operations may have been more successful than they appeared. AlphV, after receiving its $22 million ransom from Change Healthcare, pulled a so-called “exit scam,” taking the money and disappearing rather than sharing it with the hacker partners who had carried out the Change breach. Lockbit, too, largely fell off the map in the months that followed the NCA’s takedown, due perhaps to the cybercriminal underground’s distrust of the group and its alleged leader, Dmitry Khoroshev, when it became clear the NCA had identified him. In May of 2024, Khoroshev was also sanctioned by the US Treasury, making it far more legally complicated for Lockbit victims to pay a ransom to the group.

While the vacuum left behind by those major players in the ransomware ecosystem was filled by newer groups during the second half of 2024, many of them didn’t have the skills or experience to go after targets as big and as well defended as Lockbit and AlphV had, says Burns Koven. The result, she says, was far smaller ransom payments, often in the tens of thousands of dollars rather than the millions or tens of millions.

“Their talent is not quite as robust as their predecessors,“ Burns Koven says of the newer generation of ransomware gangs. “We're seeing the hangover of these law enforcement takedowns, not just directly targeting individuals and strains of malware but also the infrastructure and tools and services that had been used to help perpetuate these attacks.”

Last year actually saw more ransomware incidents than the previous year, says Allan Liska, a threat intelligence analyst focused on ransomware at the security firm Recorded Future. The firm counted 4,634 attacks in 2024 versus 4,400 in 2023. But the lower ransom amounts received by those newer ransomware groups suggests they may have been favoring quantity over quality, he says. “What we're seeing in terms of payments is a reflection of newer threat actors being attracted by the amount of money that they see you can make in ransomware, trying to get into the game and not being very good at it,” Liska says.

In addition to major law enforcement actions at the beginning of 2024, Chainalysis attributes the decline in payments during the second half of the year to heightened global awareness about the threat of ransomware, leading to more mature defenses and response plans within governments and other institutions. And Burns Koven adds that cryptocurrency regulation and law enforcement crackdowns on money laundering infrastructure, including mixers that help criminals anonymize and obfuscate the source of their ill-gotten cryptocurrencies, have also eroded ransomware actors’ abilities to handle payments without specialized knowledge.

While the decline in payments during the second half of 2024 is significant for being the largest ever in Chainalysis’s data, the number of ransomware attacks and volume of payments has fluctuated and declined before. Notably, researchers saw a marked decrease in activity in 2022, a year in which Chainalysis placed total ransomware payments at $655 million compared to $1.07 billion in 2021 and nearly $1 billion in 2020. But while governments and defenders were initially heartened that their deterrence efforts were working, ransomware surged back as an even more dire threat in 2023, totaling, by Chainalysis’s count, $1.25 billion in payments that year.

"I think ebbs and flows are inevitable," says Brett Callow, a managing director at FTI Consulting and longtime ransomware researcher. "If the baddies had a couple of brilliant quarters, a dip will follow, same as if the goodies had some good quarters. That's why we really need to analyze trends over a longer period, because increases and decreases over shorter periods don't really tell us much.”

Additionally, researchers have long warned that it is difficult to get truly reliable numbers about the volume of ransomware attacks and an accurate total of payments each year. This is partly the result of attackers attempting to inflate their records and make themselves seem more effective and menacing by claiming old data breaches as new attacks or simply making up attacks that they haven’t actually carried out. And it is always difficult to get accurate numbers about ransomware (not to mention digital scams more broadly), because stigma and regulatory requirements often keep victims from coming forward. This makes ransomware forecasting more of an art than a science.

"My vibe from the second half of 2024 is that if there was a decrease, there will also be a rebound," Callow says.

Chainalysis researchers are clear that the 2024 payment decline is not a guarantee of future reductions in ransomware attacks. But Burns Coven emphasizes that for defenders who are in the trenches on incident response, the data point is useful for making the case that sustained investment in ransomware defense is worthwhile.

“We're still standing in the rubble, right? We can't go tell everyone, everything's great, we solved ransomware—they’re continuing to go after schools, after hospitals and critical infrastructure," says Burns Koven. But, she adds, “I don't think anybody's necessarily celebrating. I think it's a signal of what work needs to be continued.”

Despite Catastrophic Hacks, Ransomware Payments Dropped Dramatically Last Year

An investigation into more than 300 cyberattacks against US K–12 schools over the past five years shows how schools can withhold crucial details from students and parents whose data was stolen.

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden

Plus: WhatsApp discloses nearly 100 targets of spyware, hackers used the AT&T breach to hunt for details on US politicians, and more.

The rapid rise of DeepSeek, a Chinese generative AI platform, heightened concerns this week over the United States’ AI dominance as Americans increasingly adopt Chinese-owned digital services. With ongoing criticism over alleged security issues posed by TikTok’s relationship to China, DeepSeek’s own privacy policy confirms that it stores user data on servers in the country.

Meanwhile, security researchers at Wiz discovered that DeepSeek left a critical database exposed online, leaking over 1 million records, including user prompts, system logs, and API authentication tokens. As the platform promotes its cheaper R1 reasoning model, security researchers tested 50 well-known jailbreaks against DeepSeek’s chatbot and found lagging safety protections as compared to Western competitors.

Brandon Russell, the 29-year-old cofounder of the Atomwaffen Division, a neo-Nazi guerrilla organization, is on trial this week over an alleged plot to knock out Baltimore’s power grid and trigger a race war. The trial provides a look into federal law enforcement’s investigation into a disturbing propaganda network aiming to inspire mass casualty events in the US and beyond.

An informal group of West African fraudsters calling themselves the Yahoo Boys are using AI-generated news anchors to extort victims, producing fabricated news reports falsely accusing them of crimes. A WIRED review of Telegram posts reveals that these scammers create highly convincing fake news broadcasts to pressure victims into paying ransoms by threatening public humiliation.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

According to a report by The Wall Street Journal, hacking groups with known ties to China, Iran, Russia, and North Korea are leveraging AI chatbots like Google Gemini to assist with tasks such as writing malicious code and researching potential attack targets.

While Western officials and security experts have long warned about AI's potential for malicious use, the Journal, citing a Wednesday report from Google, noted that the dozens of hacking groups across more than 20 countries are primarily using the platform as a research and productivity tool—focusing on efficiency rather than developing sophisticated and novel hacking techniques.

Iranian groups, for instance, used the chatbot to generate phishing content in English, Hebrew, and Farsi. China-linked groups used Gemini for tactical research into technical concepts like data exfiltration and privilege escalation. In North Korea, hackers used it to draft cover letters for remote technology jobs, reportedly in support of the regime’s effort to place spies in tech roles to fund its nuclear program.

This is not the first time foreign hacking groups have been found using chatbots. Last year, OpenAI disclosed that five such groups had used ChatGPT in similar ways.

**WhatsApp Reveals Targets of Paragon Spyware**

On Friday, WhatsApp disclosed that nearly 100 journalists and civil society members were targeted by spyware developed by the Israeli firm Paragon Solutions. The Meta-owned company alerted affected individuals, stating with “high confidence” that at least 90 users had been targeted and “possibly compromised,” according to a statement to The Guardian. WhatsApp did not reveal where the victims were located, including whether any were in the United States.

The attack appears to have used a “zero-click” exploit, meaning victims were infected without needing to open a malicious link or attachment. Once a phone is compromised, the spyware—known as Graphite—grants the operator full access, including the ability to read end-to-end encrypted messages sent via apps like WhatsApp and Signal.

While it remains unclear who orchestrated the attack, Paragon’s spyware is marketed to government clients, and is similar to that of NSO Group, the controversial Israeli firm behind the Pegasus spyware.

In October, WIRED reported that US Immigration and Customs Enforcement had signed a $2 million contract with the Israeli firm. After our reporting, ICE later issued a stop-work order to review whether the deal complied with a Biden administration executive order restricting the use of spyware to limited circumstances. That 2023 executive order remains in effect, despite the Trump administration rescinding dozens of Biden-era policies in Trump’s first two weeks in office.

**Hackers Used AT&T Breach Data to Hunt for Info on US Politicians**

Hackers behind last year’s massive AT&T data breach sifted through stolen records in search of information linked to high-profile figures, including members of the Trump family, Vice President Kamala Harris, and Jeanette Rubio, the wife of Senator Marco Rubio, according to 404 Media.

In April 2024, hackers breached AT&T’s instance of Snowflake, a widely used data warehousing tool, gaining access to 50 billion records of calls and text messages. According to 404Media, the hackers then enriched the dataset using publicly available tools, appending names to phone numbers to make the records more identifiable as part of a plant to launch a lookup tool that would allow anyone to search the stolen records—for a fee.

Two individuals have been identified as allegedly responsible for the breach: Connor Riley Moucka, a Canadian national who was arrested in November; and John Binns, an American hacker residing in Turkey who was previously arrested for a 2021 breach of T-Mobile. They are linked to a loosely connected online network of criminals called the Com.

**Mystery Drones Over New Jersey Were ‘Authorized,’ White House Says**

At the first press briefing of Donald Trump’s second administration, White House press secretary Karoline Leavitt addressed the surge of unexplained drones spotted over New Jersey and other parts of the East Coast late last year. Leavitt said President Trump personally briefed her on the issue in the Oval Office, stating, “After research and study, the drones that were flying over New Jersey in large numbers were authorized to be flown by the FAA for research and various other reasons.”

Leavitt downplayed concerns about a foreign threat, adding, “In time, it got worse due to curiosity. This was not the enemy.”

The wave of sightings began just before Thanksgiving, with witnesses reporting unidentified drones flying in formation night after night. Some were spotted hovering over military installations and water reservoirs. Within weeks, the FBI received more than 5,000 reports of drone activity—only about 100 cases warranted further investigation.

Despite mounting public pressure, officials offered few definitive answers. By mid-December, a coalition of federal agencies—including the Department of Homeland Security, the FBI, and the Department of Defense—issued a joint statement concluding that the reported aerial objects were a mix of lawful drones, airplanes, helicopters, and stars.

Foreign Hackers Are Using Google’s Gemini in Attacks on the US

Security researchers tested 50 well-known jailbreaks against DeepSeek’s popular new AI chatbot. It didn’t stop a single one.

Ever since OpenAI released ChatGPT at the end of 2022, hackers and security researchers have tried to find holes in large language models (LLMs) to get around their guardrails and trick them into spewing out hate speech, bomb-making instructions, propaganda, and other harmful content. In response, OpenAI and other generative AI developers have refined their system defenses to make it more difficult to carry out these attacks. But as the Chinese AI platform DeepSeek rockets to prominence with its new, cheaper R1 reasoning model, its safety protections appear to be far behind those of its established competitors.

Today, security researchers from Cisco and the University of Pennsylvania are publishing findings showing that, when tested with 50 malicious prompts designed to elicit toxic content, DeepSeek’s model did not detect or block a single one. In other words, the researchers say they were shocked to achieve a “100 percent attack success rate.”

The findings are part of a growing body of evidence that DeepSeek’s safety and security measures may not match those of other tech companies developing LLMs. DeepSeek’s censorship of subjects deemed sensitive by China’s government has also been easily bypassed.

“A hundred percent of the attacks succeeded, which tells you that there’s a trade-off,” DJ Sampath, the VP of product, AI software and platform at Cisco, tells WIRED. “Yes, it might have been cheaper to build something here, but the investment has perhaps not gone into thinking through what types of safety and security things you need to put inside of the model.”

Other researchers have had similar findings. Separate analysis published today by the AI security company Adversa AI and shared with WIRED also suggests that DeepSeek is vulnerable to a wide range of jailbreaking tactics, from simple language tricks to complex AI-generated prompts.

DeepSeek, which has been dealing with an avalanche of attention this week and has not spoken publicly about a range of questions, did not respond to WIRED’s request for comment about its model’s safety setup.

Generative AI models, like any technological system, can contain a host of weaknesses or vulnerabilities that, if exploited or set up poorly, can allow malicious actors to conduct attacks against them. For the current wave of AI systems, indirect prompt injection attacks are considered one of the biggest security flaws. These attacks involve an AI system taking in data from an outside source—perhaps hidden instructions of a website the LLM summarizes—and taking actions based on the information.

Jailbreaks, which are one kind of prompt-injection attack, allow people to get around the safety systems put in place to restrict what an LLM can generate. Tech companies don’t want people creating guides to making explosives or using their AI to create reams of disinformation, for example.

Jailbreaks started out simple, with people essentially crafting clever sentences to tell an LLM to ignore content filters—the most popular of which was called “Do Anything Now” or DAN for short. However, as AI companies have put in place more robust protections, some jailbreaks have become more sophisticated, often being generated using AI or using special and obfuscated characters. While all LLMs are susceptible to jailbreaks, and much of the information could be found through simple online searches, chatbots can still be used maliciously.

“Jailbreaks persist simply because eliminating them entirely is nearly impossible—just like buffer overflow vulnerabilities in software (which have existed for over 40 years) or SQL injection flaws in web applications (which have plagued security teams for more than two decades),” Alex Polyakov, the CEO of security firm Adversa AI, told WIRED in an email.

Cisco’s Sampath argues that as companies use more types of AI in their applications, the risks are amplified. “It starts to become a big deal when you start putting these models into important complex systems and those jailbreaks suddenly result in downstream things that increases liability, increases business risk, increases all kinds of issues for enterprises,” Sampath says.

The Cisco researchers drew their 50 randomly selected prompts to test DeepSeek’s R1 from a well-known library of standardized evaluation prompts known as HarmBench. They tested prompts from six HarmBench categories, including general harm, cybercrime, misinformation, and illegal activities. They probed the model running locally on machines rather than through DeepSeek’s website or app, which send data to China.

Beyond this, the researchers say they have also seen some potentially concerning results from testing R1 with more involved, non-linguistic attacks using things like Cyrillic characters and tailored scripts to attempt to achieve code execution. But for their initial tests, Sampath says, his team wanted to focus on findings that stemmed from a generally recognized benchmark.

Cisco also included comparisons of R1’s performance against HarmBench prompts with the performance of other models. And some, like Meta’s Llama 3.1, faltered almost as severely as DeepSeek’s R1. But Sampath emphasizes that DeepSeek’s R1 is a specific reasoning model, which takes longer to generate answers but pulls upon more complex processes to try to produce better results. Therefore, Sampath argues, the best comparison is with OpenAI’s o1 reasoning model, which fared the best of all models tested. (Meta did not immediately respond to a request for comment).

Polyakov, from Adversa AI, explains that DeepSeek appears to detect and reject some well-known jailbreak attacks, saying that “it seems that these responses are often just copied from OpenAI’s dataset.” However, Polyakov says that in his company’s tests of four different types of jailbreaks—from linguistic ones to code-based tricks—DeepSeek’s restrictions could easily be bypassed.

“Every single method worked flawlessly,” Polyakov says. “What’s even more alarming is that these aren’t novel ‘zero-day’ jailbreaks—many have been publicly known for years,” he says, claiming he saw the model go into more depth with some instructions around psychedelics than he had seen any other model create.

“DeepSeek is just another example of how every model can be broken—it’s just a matter of how much effort you put in. Some attacks might get patched, but the attack surface is infinite,” Polyakov adds. “If you’re not continuously red-teaming your AI, you’re already compromised.”

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot

China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database.

The Chinese generative artificial intelligence platform DeepSeek has had a meteoric rise this week, stoking rivalries and generating market pressure for United States–based AI companies, which in turn has invited scrutiny of the service. Amid the hype, researchers from the cloud security firm Wiz published findings on Wednesday that show that DeepSeek left one of its critical databases exposed on the internet, leaking system logs, user prompt submissions, and even users’ API authentication tokens—totaling more than 1 million records—to anyone who came across the database.

DeepSeek is a relatively new company and has been virtually unreachable to press and other organizations this week. In turn, the company did not immediately respond to WIRED’s request for comment about the exposure. The Wiz researchers say that they themselves were unsure about how to disclose their findings to the company and simply sent information about the discovery on Wednesday to every DeepSeek email address and LinkedIn profile they could find or guess. The researchers have yet to receive a reply, but within a half hour of their mass contact attempt, the database they found was locked down and became inaccessible to unauthorized users. It is unclear whether any malicious actors or authorized parties accessed or downloaded any of the data.

“The fact that mistakes happen is correct, but this is a dramatic mistake, because the effort level is very low and the access level that we got is very high,” Ami Luttwak, the CTO of Wiz tells WIRED. “I would say that it means that the service is not mature to be used with any sensitive data at all.”

Exposed databases that are accessible to anyone on the open internet are a long-standing problem that institutions and cloud providers have slowly worked to address. But the Wiz researchers note that the DeepSeek database they found was visible almost immediately with minimal scanning or probing.

“Usually when we find this kind of exposure, it’s in some neglected service that takes us hours to find—hours of scanning,” says Nir Ohfeld, the head of vulnerability research at Wiz. But this time, “here it was at the front door.” Ohfeld adds that the “technical difficulty of this vulnerability is the bare minimum.”

The researchers say that the trove they found appears to have been a type of open source database typically used for server analytics called a ClickHouse database. And the exposed information supported this, given that there were log files that contained the routes or paths users had taken through DeepSeek’s systems, the users’ prompts and other interactions with the service, and the API keys they had used to authenticate. The prompts the researchers saw were all in Chinese, but they note that it is possible the database also contained prompts in other languages. The researchers say they did the absolute minimum assessment needed to confirm their findings without unnecessarily compromising user privacy, but they speculate that it may even have been possible for a malicious actor to use such deep access to the database to move laterally into other DeepSeek systems and execute code in other parts of the company’s infrastructure.

“It's pretty shocking to build an AI model and leave the backdoor wide open from a security perspective,” says independent security researcher Jeremiah Fowler, who was not involved in the Wiz research but specializes in discovering exposed databases. “This type of operational data and the ability for anyone with an internet connection to access it and then manipulate it is a major risk to the organization and users.”

DeepSeek’s systems are seemingly designed to be very similar to OpenAI’s, the researchers told WIRED on Wednesday, perhaps to make it easier for new customers to transition to using DeepSeek without difficulty. The entire DeepSeek infrastructure appears to mimic OpenAI’s, they say, down to details like the format of the API keys.

The Wiz researchers say they don’t know if anyone else found the exposed database before they did, but it wouldn’t be surprising, given how simple it was to discover. Fowler, the independent researcher, also notes that the vulnerable database would have “definitely” been found quickly—if it wasn’t already—whether by other researchers or bad actors.

“I think this is a wake-up call for the wave of AI products and services we will see in the near future and how seriously they take cybersecurity,” he says.

DeepSeek has made a global impact over the past week, with millions of people flocking to the service and pushing it to the top of Apple’s and Google’s app stores. The resulting shock waves have wiped billions from the stock prices of US-based AI companies and spooked executives at firms across the country. On Wednesday, sources at OpenAI told the Financial Times that it was looking into DeepSeek’s alleged use of ChatGPT outputs to train its models.

At the same time, DeepSeek has increasingly drawn the attention of lawmakers and regulators around the world, who have started to ask questions about the company’s privacy policies, the impact of its censorship, and whether its Chinese ownership provides national security concerns.

Italy’s data protection regulator sent DeepSeek a series of questions asking about where it obtained its training data, if people’s personal information was included in this, and the firm’s legal grounding for using this information. As WIRED Italy reported, the DeepSeek app appeared to be unavailable to download within the country following the questions being sent.

DeepSeek’s Chinese connections also appear to be raising security concerns. At the end of last week, according to CNBC reporting, the US Navy issued an alert to its personnel warning them not to use DeepSeek’s services “in any capacity.” The email said Navy members of staff should not download, install, or use the model, and raised concerns of “potential security and ethical” issues.

However, despite the hype, the exposed data shows that almost all technologies relying on cloud-hosted databases can be vulnerable through simple security lapses. “AI is the new frontier in everything related to technology and cybersecurity,” Wiz’s Ohfeld says, “and still we see the same old vulnerabilities like databases left open on the internet.”

Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

Atomwaffen Division cofounder and alleged Terrorgram Collective member Brandon Russell is facing a potential 20-year sentence for an alleged plot on a Baltimore electrical station. His case is only the beginning.

Brandon Russell, arguably one of the most influential figures in the American neofascist revival of the past decade, is on trial this week over an alleged plot to knock out Baltimore’s power grid and trigger a race war.

The 29-year-old cofounder of the Atomwaffen Division, a neo-Nazi guerrilla organization that was responsible for five homicides and a number of bomb plots before the FBI dismantled it in 2020, Russell was arrested by federal agents in February 2023 along with his girlfriend, Sarah Clendaniel. If convicted of his charges of conspiring to destroy an energy facility, Russell could face 20 years behind bars thanks to a prior conviction and the potential penalty for his current charges.

Russell’s case represents one of the last gasps of the Biden administration’s hard-charging approach to tackling violent far-right extremism that is all but guaranteed to change during US president Donald Trump’s second term in office. It also offers a unique look inside federal law enforcement’s investigation into an insidious accelerationist propaganda network that mixes neo-Nazi ideology with nihilist, Columbine-style violence to inspire mass casualty events in the United States and beyond.

Russell allegedly hatched the plot to black out Baltimore while, according to prosecutors, participating in a noxious, prolific propaganda network hellbent on fomenting violence and chaos. The Terrorgram Collective, which took its name following a massive influx of neo-Nazis to Telegram at the end of the last decade, ran several channels on the messaging​​ app and developed a series of “how-to” domestic terrorism manuals that sought to inspire disaffected young men and women into committing mass casualty events. Terrorgram is currently designated a “tier one” extremism threat by the US Department of Justice.

To date, Terrorgram has released four publications—a blend of ideological motivation, mass-murder worship, neofascist indoctrination, and how-to manuals for chemical weapons attacks, infrastructure sabotage, and ethnic cleansing. Court records indicate there are at least three unreleased Terrorgram Collective compendiums, including “The Saint Encyclopedia” of the far-right mass killers they venerate, including Anders Breivik, Brenton Tarrant, and Timothy McVeigh; and “The List,” a collection of politicians, government officials, business leaders, journalists, activists, and other people deemed legitimate assassination targets.

The screeds appear to have directly inspired a series of ideologically motivated attacks around the world, including a 2022 mass shooting at an LGBTQ bar in Bratislava, Slovakia, successful attacks on power infrastructure in North Carolina and similar failed plots in Baltimore and New Jersey, and a stabbing spree in the Turkish city of Eskisehir. There are currently more than a dozen separate federal prosecutions around the United States that involve people alleged to be core Terrorgram Collective members or individuals allegedly inspired toward violent attacks on infrastructure or civilians.

In one of the Biden administration’s last policy moves against right-wing extremism, on January 13, the State Department formally classified the Terrorgram Collective as a Foreign Terrorist Organization, a listing usually reserved for militant groups that hold territory and have a formal real-world paramilitary structure as opposed to a loose propaganda network that seeks to inspire mass casualty events. While it is not unique—the British Home Office formally proscribed Terrorgram as an extremist organization last May, and Russell’s Atomwaffen Division was banned by the UK, Australia, and Canada—it is likely to be the last such action taken toward neo-Nazi groups by the United States government for the foreseeable future.

The Trump administration appears to be engaged in a wholesale shift away from violent far-right extremism, best illustrated by the unprecedented pardons given to more than 1,500 individuals charged or convicted of crimes during the failed insurrection of January 6, 2021, as well as the reassignment of senior Justice Department attorneys in the National Security Division.

In a set of pretrial hearings and motions over the limits of evidence in Russell’s trial, federal prosecutors convinced US District Court judge James K. Bredar to allow in evidence of Russell’s deep neo-Nazi indoctrination, including background about his founding role in the Atomwaffen Division. Russell’s alleged involvement in the Terrorgram Collective is bolstered by a pendant allegedly recovered by FBI agents in a search of his home after his February 2023 arrest: The necklace is made of swastika-bearing beads that contains a larger golden swastika pendant with “Terrorgram” inscribed along the side.

The court is taking extra precautions as the US attempts to convict Russell. Journalists’ use of phones and laptops in the courtroom is forbidden, and the judge granted some witnesses permission to testify anonymously over fears of retaliation by Russell's compatriots, some of whom have indicated in Terrorgram chats cited in court filings that they have sought to identify informants and agents involved in their cases. Clendaniel, Russell’s girlfriend, pleaded guilty in May and was later sentenced to 18 years in federal prison. It is unclear whether she will be one of the witnesses testifying against Russell.

The prosecution of Russell also offers insight to how American law enforcement and intelligence agencies collaborate with their foreign counterparts to combat the transnational far-right milieu that spawned the Terrorgram Collective.

In an unusual alliance over the past two years, lawyers from the American Civil Liberties Union’s National Security Project weighed in on Russell’s behalf during pretrial motions in an effort to reveal evidence of warrantless surveillance of the fascist figurehead by either the National Security Agency or its counterparts. Although Judge Bredar ultimately denied the ACLU’s efforts on the grounds that the material was classified, the government’s response spoke volumes about the intelligence community’s role in surveilling Russell. American intelligence documents reviewed by WIRED show the Five Eyes alliance of American, Canadian, British, Australian and New Zealander intelligence agencies were keeping tabs on the Terrorgram Collective as far back as 2021.

The presence of Terrorgram Collective members in Croatia, Denmark, Slovakia, South Africa, Canada, and elsewhere overseas, coupled with the State Department’s designation of the propaganda network as a foreign terrorist organization, also point to additional reasons the group would be subjected to the highest level of official surveillance.

Russell was on court supervision when he was picked up for the Baltimore plot nearly two years ago. In 2018, he was convicted on federal charges for possession of homemade hexamethylene triperoxide diamine, a highly unstable compound. He served a little over three years in prison and was released in August 2021. Russell’s arrest, in 2017, on illegal explosives charges, stemmed from a macabre internecine squabble within the Atomwaffen Division and a double homicide at the Tampa, Florida, apartment Russell shared with three other extremist comrades.

_Updated 7:35 am EST, January 29, 2025: Corrected the maximum sentence Russell could receive if convicted._

The Trial at the Tip of the Terrorgram Iceberg

Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.

The United States’ recent regulatory action against the Chinese-owned social video platform TikTok prompted mass migration to another Chinese app, the social platform “Rednote.” Now, a generative artificial intelligence platform from the Chinese developer DeepSeek is exploding in popularity, posing a potential threat to US AI dominance and offering the latest evidence that moratoriums like the TikTok ban will not stop Americans from using Chinese-owned digital services.

DeepSeek, an AI research lab created by a prominent Chinese hedge fund, recently gained popularity after releasing its latest open source generative AI model that easily competes with top US platforms like those developed by OpenAI. However, to help avoid US sanctions on hardware and software, DeepSeek created some clever workarounds when building its models. On Monday, DeepSeek’s creators limited new sign-ups after claiming the app had been overrun with a “large-scale malicious attack.”

While DeepSeek has several AI models, some of which can be downloaded and run locally on your laptop, the majority of people will likely access the service through its iOS or Android apps or its web chat interface. Like with other generative AI models, you can ask it questions and get answers; it can search the web; or it can alternatively use a reasoning model to elaborate on answers.

DeepSeek, which does not appear to have established a communications department or press contact yet, did not return a request for comment from WIRED about its user data protections and the extent to which it prioritizes data privacy initiatives.

As people clamor to test out the AI platform, though, the demand brings into focus how the Chinese startup collects user data and sends it home. Users have already reported several examples of DeepSeek censoring content that is critical of China or its policies. The AI setup appears to collect a lot of information—including all your chat messages—and send it back to China. In many ways, it’s likely sending more data back to China than TikTok has in recent years, since the social media company moved to US cloud hosting to try to deflect US security concerns

“It shouldn’t take a panic over Chinese AI to remind people that most companies in the business set the terms for how they use your private data” says John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab. “And that when you use their services, you’re doing work for them, not the other way around.”

**What DeepSeek Collects About You**

To be clear, DeepSeek is sending your data to China. The English-language DeepSeek privacy policy, which lays out how the company handles user data, is unequivocal: “We store the information we collect in secure servers located in the People's Republic of China.”

In other words, all the conversations and questions you send to DeepSeek, along with the answers that it generates, are being sent to China or can be. DeepSeek’s privacy policies also outline the information it collects about you, which falls into three sweeping categories: information that you share with DeepSeek, information that it automatically collects, and information that it can get from other sources.

The first of these areas includes “user input,” a broad category likely to cover your chats with DeepSeek via its app or website. “We may collect your text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and Services,” the privacy policy states. Within DeepSeek’s settings, it is possible to delete your chat history. On mobile, go to the left-hand navigation bar, tap your account name at the bottom of the menu to open settings, and then click “Delete all chats.”

This collection is similar to that of other generative AI platforms that take in user prompts to answer questions. OpenAI’s ChatGPT, for example, has been criticized for its data collection although the company has increased the ways data can be deleted over time. Regardless of these types of protections, privacy advocates emphasize that you should not disclose any sensitive or personal information to AI chat bots.

“I would not input personal or private data in any such an AI assistant,” says Lukasz Olejnik, independent researcher and consultant, affiliated with King's College London Institute for AI. Olejnik notes, though, that if you install models like DeepSeek’s locally and run them on your computer, you can interact with them privately without your data going to the company that made them. Additionally, AI search company Perplexity says it has added DeepSeek to its platforms but claims it is hosting the model in US and EU data centers.

Other personal information that goes to DeepSeek includes data that you use to set up your account, including your email address, phone number, date of birth, username, and more. Likewise, if you get in touch with the company, you’ll be sharing information with it.

Bart Willemsen, a VP analyst focusing on international privacy at Gartner, says that, generally, the construction and operations of generative AI models is not transparent to consumers and other groups. People don’t know exactly how they work or the exact data they have been built upon. For individuals, DeepSeek is largely free, although it has costs for developers using its APIs. “So what do we pay with? What do we usually pay with: data, knowledge, content, information,” Willemsen says.

As with all digital platforms—from websites to apps—there can also be a large amount of data that is collected automatically and silently when you use the services. DeepSeek says it will collect information about what device you are using, your operating system, IP address, and information such as crash reports. It can also record your “keystroke patterns or rhythms,” a type of data more widely collected in software built for character-based languages. Additionally, if you purchase DeepSeek’s premium services, the platform will collect that information. It also uses cookies and other tracking technology to “measure and analyze how you use our services.”

A WIRED review of the DeepSeek website's underlying activity shows the company also appears to send data to Baidu Tongji, Chinese tech giant Baidu's popular web analytics tool, as well as Volces, a Chinese cloud infrastructure firm. In a social media post, Sean O'Brien, founder of Yale Law School's Privacy Lab, said that DeepSeek is also sending “basic” network data and “device profile” to TikTok owner ByteDance “and its intermediaries.

The final category of information DeepSeek reserves the right to collect is data from other sources. If you create a DeepSeek account using Google or Apple sign-on, for instance, it will receive some information from those companies. Advertisers also share information with DeepSeek, its policies say, and this can include “mobile identifiers for advertising, hashed email addresses and phone numbers, and cookie identifiers, which we use to help match you and your actions outside of the service.”

**How DeepSeek Uses Information**

Huge volumes of data may flow to China from DeepSeek’s international user base, but the company still has power over how it uses the information. DeepSeek’s privacy policy says the company will use data in many typical ways, including keeping its service running, enforcing its terms and conditions, and making improvements.

Crucially, though, the company’s privacy policy suggests that it may harness user prompts in developing new models. The company will “review, improve, and develop the service, including by monitoring interactions and usage across your devices, analyzing how people are using it, and by training and improving our technology,” its policies say.

DeepSeek’s privacy policy also says the company will also use information to “comply with \[its\] legal obligations”—a blanket clause many companies include in their policies. DeepSeek’s privacy policy says data can be accessed by its “corporate group,” and it will share information with law enforcement agencies, public authorities, and more when it is required to do so.

While all companies have legal obligations, those based in China do have notable responsibilities. Over the past decade, Chinese officials have passed a series of cybersecurity and privacy laws meant to allow state officials to demand data from tech companies. One 2017 law, for instance, says that organizations and citizens should “cooperate with national intelligence efforts.”

These laws, alongside growing trade tensions between the US and China and other geopolitical factors, fueled security fears about TikTok. The app could harvest huge amounts of data and send it back to China, those in favor of the TikTok ban argued, and the app could also be used to push Chinese propaganda. (TikTok has denied sending US user data to China’s government.) Meanwhile, several DeepSeek users have already pointed out that the platform does not provide answers for questions about the 1989 Tiananmen Square massacre, and it answers some questions in ways that sound like propaganda.

Willemsen says that, compared to users on a social media platform like TikTok, people messaging with a generative AI system are more actively engaged and the content can feel more personal. In short, any influence could be larger. “Risks of subliminal content alteration, conversation direction steering, in active engagement ought by that logic to lead to more concern, not less,” he says, “especially given how the inner workings of the model are widely unknown, its thresholds, borders, controls, censorship rules, and intent/personae largely left unscrutinized, and it being already so popular in its infancy stage.”

Olejnik, of King's College London, says that while the TikTok ban was a specific situation, US law makers or those in other countries could act again on a similar premise. “We can’t rule out that 2025 will bring an expansion: direct action against AI firms,” Olejnik says. “Of course, data collection may again be named as the reason.”

_Updated 5:27 pm EST, January 27, 2025: Added additional details about the DeepSeek website's activity._

_Updated 10:05 am EST, January 29, 2025: Added additional details about DeepSeek's network activity._

DeepSeek’s Popular AI App Is Explicitly Sending US Data to China

“Yahoo Boy” scammers are impersonating CNN and other news organizations to create videos that pressure victims into making blackmail payments.

When online romance and sextortion scammers sense they’ve found a victim who may send them money, they’ll use all kinds of villainous methods to get paid. They’ll frequently stoop to blackmail—and are constantly creating more devious approaches to incorporate it into their grifts. In recent months, cybercriminals have taken their blackmailing efforts up a notch, creating realistic-looking “news” videos that claim their victims are wanted for crimes.

Scammers based in West Africa, likely in Nigeria, and going under the broad umbrella of the Yahoo Boys, have increasingly been seen sending blackmail victims videos likely using AI-generated news anchors in a bid to pressure victims into paying up. A WIRED review of posts on Telegram by self-styled Yahoo Boys shows the cybercriminals are impersonating television stations based in the US and sharing tutorials about how to create the blackmailing videos.

The videos follow a sinister pattern. One video—which can be seen in the image below—uses CNN’s logo and branding to impersonate the news organization, with text at the bottom of the screen describing the “breaking news.” On the screen, a likely AI-generated newsreader starts talking.

“Good day. My name is Kristina Lawson, reporting from New Jersey,” the anchor says in the nearly minute-long clip. “Just in: We have received a credible report regarding a disturbing incident.” The fake presenter says that a “young lady” has come forward to allege that they were sexually assaulted by an older man. In the video, the man, who is the target of the scam, is named, and a photograph of him appears onscreen.

Other videos seen by WIRED feature different news readers and names of news channels, but they also show more graphic photos of the potential blackmail targets, including nude and explicit images. In one “news” clip, the screen is split in two, with a photo of a man’s face on one side and the other side is a short video clip of him allegedly masturbating.

David Maimon, the head of fraud insights at SentiLink and a professor at Georgia State University who first spotted the CNN video in December, says the fraudsters have made a number of “disturbing” changes to their blackmailing tactics in recent months, including trying to humiliate people and potentially targeting those outside of English-speaking countries.

Photograph Courtesy of Telegram

Typically, Yahoo Boy scammers message hundreds of people online while posing as members of the opposite sex using pictures stolen from social media profiles. They run all types of scams, but for those that involve blackmail, they often attempt to build up a relationship with their potential victim and obtain compromising information—most commonly, nude images. Then they shift gears.

“At some point, they reveal their identity after they get everything that they need, and then they start blackmailing,” Maimon says. They demand money and threaten to release images online or send them to family and friends if they’re not paid. “One of the approaches they use in order to make sure that the blackmail is realistic is actually producing those news clips that they send to the victims and in a way push them, nudge them, to pay the blackmail,” he says. “They try to push you to make decisions under conditions of stress, under conditions of urgency.”

Yahoo Boy fraudsters widely use social media platform Telegram as a way of organizing, chatting with each other, and as a marketplace where they sell knowledge and tutorials about how to operate different types of scams. The “news” videos seen by WIRED appear to include the details and images of real-world victims, although it was not possible to immediately verify the cases.

Brian Mason, a constable with the Edmonton Police Service in Canada who investigates fraud and works with the victims of scams, says he has seen cases where videos or screenshots of fake CNN broadcasts have been sent to victims. “It looks like your typical CNN broadcast,” Mason says. “It's very, very convincing.” Mason says the approach has been utilized in sextortion scams, which commonly target teenagers and have been linked to a series of suicides.

Mason says he has seen incidents where the news clips falsely accuse scam victims of talking with underage females and that police are searching for them or have issued warrants for their arrest. “It makes the victim panic, because now they’re seeing themselves on this broadcast, and it’s a screen capture from when they were actually talking with the scammer from their own webcam,” Mason adds. The effect can potentially push the person into sending money or following demands from the scammers.

Telegram spokesperson Remi Vaughn tells WIRED that activities observed in the scammer channels are a violation of the app's rules and suggested the company would take action against such channels.

“Content encouraging scamming is explicitly forbidden by Telegram's terms of service,” Vaughn says. “Moderators empowered with custom AI and machine learning tools proactively monitor public parts of the platform and accept reports from users and organizations in order to remove millions of pieces of harmful content each day.”

Last year, Telegram removed more than a dozen Yahoo Boy channels after WIRED reported on their public activity; however, the scammers still have a presence on the platform and other social media platforms, including Facebook, WhatsApp, and YouTube.

Messages shared within Telegram channels show how the fraudsters are quick to evolve their cons, use new technologies, and widely share or sell advice with each other. For instance, when people moved to Chinese alternative Rednote ahead of the proposed TikTok ban in the US earlier this month, Yahoo Boys recommended targeting people who had joined the app.

Within one Telegram channel, which has 10,000 subscribers, a scammer explained the steps needed to create false news videos and mocked-up front pages of newspapers over a series of messages. “In blackmailing (BM) work we get two different types which are: TV news \[and\] newspapers,” the first message says.

In subsequent messages, they gave examples of text that can be inserted into the script for the news bulletin, which says the alleged victim has been “accused of distributing nude images and videos without consent.” All a scammer following the tutorial needs to do is substitute the name and town of their victim and add any pictures they have.

The tutorial suggests headlines for news articles, such as “Local Man Accused of Online Blackmail and Harassment.” It also lists the names of US TV news networks, cable news, and “specialized news”—it listed 17 news outlets ranging from ABC News and Fox News to C-Span and Al Jazeera America. One other cybercriminal shared a video of a folder of blackmail scripts and tutorials needed to create fake news items.

In some fabricated news videos, the news anchor appears to be an AI-generated avatar, although it was not possible to determine which software was being used to create the clips. Tutorials shared on Telegram, however, also show that the grifters are not always using sophisticated technology. Some apps they point to are simple “meme generators.”

Last year, WIRED reported on how Yahoo Boys are adopting deepfake face-swapping technology to make video calls with their targets and try to “prove” their false identities are real. However, Maimon also points to one troubling video shared by Yahoo Boy scammers that appears to show a potential victim making a video to apologize for questioning the scammer’s fake identity.

Within the video, the woman says, “I am truly sorry that I called you a fake” and asks the scammer to accept their apology. The individual says they hope they get to meet the person they believe they are in love with in the future, before they start removing their clothes to “make up” for the earlier accusation. “I think that what followed that video was them blackmailing her,” Maimon explains, “and of course posting it on the markets they’re on.”

_Updated 10:45 am EST, January 28, 2025: Added comment from a Telegram spokesperson._

Source

Wired