Joseph Cox

Looks like I'll be talking at this year's DEF CON on a behind the scenes of how we bought real-time phone location data on the black market, and other details that we haven't spoken about yetpic.twitter.com/im4u3nSgwB

Spoke to a source in the underground account stealing community. Said the measures were cool, and would likely stop bots that auto claim accounts, because Instagram will freeze a username change for a period of time. Will just slow, not stop, others though https://www.vice.com/en_us/article/j5wkap/instagram-tests-new-methods-how-to-recover-hacked-account …pic.twitter.com/AjZT0fezjH

Here's how the new Instagram recovery process looks—users asked to enter the email/number linked to the account, or the one used to initially sign up to Insta. Hackers may have access to those too; so Insta has measures to stop logins from new devices https://www.vice.com/en_us/article/j5wkap/instagram-tests-new-methods-how-to-recover-hacked-account …pic.twitter.com/iuIK952Ujs

This is wild: Facebook is fact checking art. After artists uploaded a deep fake of Mark Zuckerberg, Facebook's fact checkers flagged the video, meaning its distribution is now limited (Facebook down-ranks it in peoples' news feeds). https://www.vice.com/en_us/article/pajvq9/mark-zuckerberg-deepfake-facebook-misinformation-moderation-satire …pic.twitter.com/Tta6IrgZl0

New: @OTI, @freepress, @GeorgetownCPT file a FCC complaint—AT&T, T-Mobile, Sprint, Verizon sold their customers' real-time location data, in some cases ended up in the hands of bounty hunters. "The Carriers' actions have threatened public safety." https://www.vice.com/en_us/article/a3xaez/fcc-complaint-against-att-verizon-tmobile-sprint-location-data-selling …pic.twitter.com/Sgt7EL1oMS

It's funny going back to the ~insane~ media coverage this breach got when CBP first announced it (despite it being reported a month earlier). Here's NYTimes on how it could help foreign governments. Not sure if NYTimes or others actually looked at the data https://www.nytimes.com/2019/06/10/us/politics/customs-data-breach.html …pic.twitter.com/QEv3xJJbPH

Spoke to the hacker behind the Perceptics breach, which is likely the hacked CBP contractor. "I think that idiots manage the company Perceptics." https://www.vice.com/en_us/article/43j5wm/here-are-images-of-drivers-hacked-from-a-us-border-protection-contractor-on-the-dark-web-perceptics …pic.twitter.com/9erkoKjnZv

Here's another image from the hacked CBP contractor that was leaked on the dark web. Could see the person's face and vehicle license plate clearly (we've blurred). There are thousands of these images free for anyone to download on the dark web site https://www.vice.com/en_us/article/43j5wm/here-are-images-of-drivers-hacked-from-a-us-border-protection-contractor-on-the-dark-web-perceptics …pic.twitter.com/k0Qawi281G

Here is a presentation made for CBP by the contractor (Perceptics) that was hacked. I downloaded this from a dark web site earlier. We've blurred the images, but the photos clearly showed drivers faces https://www.vice.com/en_us/article/43j5wm/here-are-images-of-drivers-hacked-from-a-us-border-protection-contractor-on-the-dark-web-perceptics …pic.twitter.com/WE0YdD2nqI

GrayShift, the company that makes tech for local and federal law enforcement to unlock iPhones, plans to expand onto hard Android targets, like Google's own phones. Company also detailed how it can extract a lot of data from an iPhone without unlocking it https://www.forbes.com/sites/thomasbrewster/2019/06/12/feds-favorite-iphone-hacker-grayshift-plans-to-crack-android/#35787deb5bc9 …pic.twitter.com/uaKpITByiM