Oh man, I have so many stories about the "startup" (Path Network), which the 19-year-old DOGE employee, Edward Coristine previously worked for. wired.com/story/edward-coristi…
My first interaction with the founder, Marshal Webb, was in 2016 when the company was called "BackConnect'. I'd recently posted a research paper on the Mirai botnet, which lead to him harassing me online, simply because he considered himself to be the sole authority on Mirai.
It later turned out, that a lot of his knowledge came from the fact that he was personally hosting the threat actors' infrastructure, therefore had direct insight into the botnet. He tried to play it off as an "intelligence gathering operation". Everyone knew he was really just in bed with the threat actors, but nobody could prove it enough to make a case against him.
At some point shortly after, a DDoS-for-hire service got hacked and its entire customer database along with all DDoS attack logs was leaked online. One of the records traced back to an employee of his DDoS mitigation firm, and from a combination of attack logs and corroboration with customers, it was determined that they had been launching DDoS attacks against businesses, then cold calling them to sell DDoS protection services.
It was fairly apparent from the fact the emails coincided with the DDoS attacks, but did not originate from the the employee performing the attacks that the company was in on it, and this wasn't the work of some rogue employee. Nevertheless, said employee got thrown under the bus, convicted, and was unsuccessful in proving that his employer was in on the conspiracy, although they most certainly were.
Eventually, the founder ended up being named in some kind of criminal complaint or other FBI related court document. The specific wording seemed to imply that he'd gotten caught doing something illegal enough that he'd become an informant to save himself. Amusingly, when the document surfaced, the company just issued a press release about how they were "helping the FBI stop crime" and nothing become of it.
The company has always been shady as hell, and while it's not abnormal for cybersecurity firms to hire reformed hackers, I've not seen a single employee who was not directly involved in cybercrime immediately prior to getting hired. Furthermore, multiple of the employees have been caught committing cybercrime while working for the company.
Originally, when I posted this thread on February 6th, I stopped short of any allegation that Edward himself was involved in cybercrime. Since then @briankrebs was able to trace his aliases back to a known cybercrime organization and confirm he indeed was directly involved in cybercrime as recently as May 2024.
Attached: 1 image
So I finally turned a recent popular post here into a proper story.
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficien…
It mentions that a 19 y/o man who's assisting Musk's team and who has access to sensitive government systems is Edward Coristine. Wired said Coristine, who apparently goes by the nickname "Big Balls," runs a number of companies, including one called Tesla.Sexy LLC
"Tesla.Sexy controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market.While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review."
The really interesting part for me is Coristine's work history at a company called Path Networks, which Wired describes generously as a company "known for hiring reformed black-hat hackers."
"At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn resume. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company."
The founder of Path is a young man named Marshal Webb. I wrote about Webb back in 2016, in a story about a DDoS defense company he co-founded called BackConnect LLC. Working with Doug Madory, we determined that BackConnect had a long history of hijacking Internet address space that it didn't own.
Incidentally, less than 24 hours after that story ran, my site KrebsOnSecurity.com was hit with the biggest DDoS attack the Internet had ever seen at the time. That sustained attack kept my site offline for nearly 4 days.
Here's the real story behind why Coristine only worked at Path for a few months. He was fired after Webb accused him of making it known that one of Path's employees was Curtis Gervais, a serial swatter from Canada who was convicted of perpetrating dozens of swattings and bomb threats -- including at least two attempts on our home in 2014. [BTW the aforementioned Eric Taylor was convicted of a separate (successful) swatting against our home in 2013.
In the screenshot here, we can see Webb replying to a message from Gervais stating that "Edward has been terminated for leaking internal information to the competitors."
Wired cited experts saying it's unlikely Coristine could have passed a security clearance needed to view the sensitive government information he now has access to.
Want to learn more about Path? Check out the website pathtruths.com/
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
Estonia, Latvia, and Lithuania have officially disconnected from the Russian power grid, marking a historic leap towards energy independence.
After preparing for the integration into the EU energy market for almost two decades, the countries now have proper infrastructure linking them to the European continental grid.
This EU-supported initiative allows to fully benefit from the European common energy system.
Was back at Schwarzes Café [1] yesterday for breakfast in the middle of the night after probably 15 years. Nothing much (or anything at all, really) changed. Which is nice considering that not many places from the Berlin of 15 years ago are still the same. The age of the people visiting also didn't change, so we were about 10 years older than the average now, I guess 😅.
We didn’t click ‘consent’ on any gambling website. So how did Facebook know where we’d been?
In an experiment, they surfed sites without making a wager or agreeing to data sharing. Our Meta feed filled up with betting ads Revealed: gambling firms secretly sharing users’ data with Facebook without permission
A Facebook user logs into their account and is bombarded with dozens of gambling ads. The promotions for online casinos and betting sites offer free spins, “bet boosts”, discounts and bonuses.
But the person has never placed a bet or played a game on a gambling site before – let alone consented to being targeted. How can that happen?
The Observer conducted an experiment to find out how potential gambling customers are being tracked, profiled and targeted online.
To do this, we visited 150 gambling websites run by companies with licences to operate in the UK. First, we took a note of whether the website asked for consent to use data for marketing purposes. Then, without clicking to “agree” or “decline” the use of any data, we looked at the network traffic.
By doing this – and using an official Meta application called Pixel Helper – we were able to see a record of the data being shared with Facebook’s parent company, Meta.
In many cases, no data was shared. But in about a third of cases, the testing found that a tracking tool called Meta Pixel had been embedded into the website – and was being triggered automatically upon loading the webpage. This was sending a report to Facebook about which webpages we had visited, linked to a unique user ID.
In some cases, Facebook was also sent data on which buttons we had clicked, and other browsing activity. One site told Facebook when we clicked a button indicating we might place a bet on the Everton v Liverpool match scheduled for next week. Another told Meta that we had clicked to view a promotion for 100 free spins.
At no point did we ever click to “agree” or “accept” the use of our data for marketing – or consent to it being shared. But when we logged back into Facebook a few days later, the feed was full of gambling ads.
These ads were from a range of brands – including many whose own data-sharing practices had not broken any rules. This is because once data is shared with Meta, it is ingested into its targeted ads system and is used to profile people based on the things Meta thinks they like.
That means Meta can then sell ads to companies wanting to target a particular audience – whether that is pet owners, women seeking fertility treatment, people who love Taylor Swift, or potential gambling customers.
Advertisers can also target potential new customers that Meta thinks will be interested in their brand, including “lookalike” customers who have been profiled by the social media giant as being similar to their existing customers based on things such as their demographic characteristics, interests and behaviour.
In the Observer’s testing, the Facebook user had also been profiled as someone interested in “real money gaming”, according to account records – so it’s possible that ads could have appeared as a result of targeting in this way.
The investigation raises serious questions for regulators about how they are monitoring marketing practices of this sort.
During the testing, we noticed that many of the gambling sites sharing data unlawfully had automatic opt-in consent processes that assume people are happy for their data to be shared based on the mere fact that they are using the website. One consent banner read: “We use cookies to provide you with a better browsing experience. If you continue to use this website we assume you are OK with this.”
This appears to be in breach of data protection regulations. The ICO says consent must be both “unambiguous and affirmative”, and that relying on pre-ticked boxes or a failure to opt out is insufficient. Yet the practice is widespread.
There are also questions about the role of Meta – which profits from selling ads using data transmitted to it, even in cases where it was shared unlawfully.
We have previously written about how other organisations – such as police forces, NHS trusts and a political party – misused Meta Pixel to track website users. In some cases they shared data with Meta on sensitive things such as health problems and reporting crimes. But the barrage of gambling ads that were served on Facebook as a result of this testing was far more intense than anything we had seen before.
Heather Wardle, professor of gambling research at the University of Glasgow, said the “untamed marketing” was “hugely risky”. “If you are already experiencing difficulties from gambling, it is likely to make you gamble more,” she says.
The Freedom Scientific training team offers ongoing opportunities for you to join us in live training sessions and advance your skills. We’re excited to announce our jam-packed February training sc…
Learn how JAWS scripting improves accessibility in workplace software, helping screen reader users navigate digital tools efficiently and independently.
Die seltsame Erblindung cartoons.guido-kuehn.de/die-se… Nach konservativen Polizeiangaben waren bislang nach der versuchten Erpressung von Merz mit der AfD spontan über 1.3 Millione…
It's not perfect, but it's quite usable, you can sync encrypted notes up to a server and use it anywhere, like on your phone, Windows, Mac, Linux, etc. It has collaboration as well, so you can share an entire notebook and work on things together. It has around 200 official plugins, like a journal mode, you can make notes public so people can read it, and a lot of cool things that just work out of the box. It can send you native notifications as well from a todo list.
Yeah it's nice. I got the basic cloud plan with edu discount cuz I'm not confident enough in my hosting skills but once that subscription expires, which won't be that soon, I might also try selfhosting.
It recently became accessible, yes. I tried it a year or two ago and it was unusable but there has been a lot of work put into it and now it has everything I ever need, including templates which none of the notetaking apps had so far.
It's defenitly! The only thing I've considered as a bit annoying so far is the settings dialog on windows, because whenever I switch tabs its telling me some randomm setting from the task, like I switch to general and NVDA is already saying something about English US even though I haven't even moved to that languages list but I was to lazy to report and no idea how to properly formulate that and it doesn't make it unusable or something so heh. The general experience is fine. Also on android and I appriciate that because my previous app was ok on windows but horrible on mobile.
Managed to get it to build on ARM since it was missing a dependency, also half of the environment variables are missing from the .envSample, but for the most part it's quite straightforward. Let me know if you need some help in the future, it's really worth it just for the collaboration part alone.
Diesseits und jenseits des Atlantiks schaffen Politiker gerade die #Barmherzigkeit ab. Das hat mich veranlasst, noch einmal das Gleichnis vom barmherzigen #Samariter zu lesen. Es ist einfach zu verstehen, aber offenbar nicht für alle leicht zu akzeptieren. horstheller.wordpress.com/2025… #Trump #Merz
„Have Mercy, Mr President!“ Das sagte die mutige Bischöfin Anfang Januar 2025 im Gottesdienst an den amerikanischen Präsidenten gerichtet. Habe Erbarmen! Mr President schaute die Predigerin mit fin…
@FreakyFwoof @jscholes Yeah, I conveniently located myself to Paris for this weekend. But the worry, but russia flips the switch early, leaving Estonia without power was real. Power generator sales were soaring in january.
@jakobrosin @FreakyFwoof @jscholes I hope Estonia will soon switch to other energy sources. Syncing with the European energy network is a good first step. I am sort of surprised that Estonia still depends on Russia in anything. Good move re Paris.
@vick21 @FreakyFwoof @jscholes I'm honestly surprised that our border to russia is still open. Have no idea why, while everyone else has had a clear decision on it.
OpenAI changes ChatGPT o3-mini to work more like DeepSeek-R1, but faces backlash from users | Tech Radar "...Some other users responded by suggesting that OpenAI was simply responding to the threat offered by the new DeepSeek by copying the way it presented the reasoning chain in its R1 model. “Finally DeepSeek changing the O-World for us,” replied ..." techradar.com/computing/artifi…
GeForce RTX 5090 fails to topple RTX 4090 in GPU compute benchmark while RTX 5080 struggles against RTX 4070 Ti | Notebook Check "The GeForce RTX 5090 has failed to overtake its predecessor in a GPU compute benchmark on the well-known PassMark database site. ..." notebookcheck.net/GeForce-RTX-…
The GeForce RTX 5090 has failed to overtake its predecessor in a GPU compute benchmark on the well-known PassMark database site. The RTX 5080 suffered a similar fate, with the card barely managing to beat out the RTX 4070 Ti.
📧 “Still using an email from your internet provider? Bad idea. If you leave, your email is gone. Get a Gmail or Outlook account—it’s future-proof!" 👉 More at bit.ly/4aE4PrM
Get ready to have your tech world rocked every week with Steven Scott and Shaun Preece on Double Tap! These guys are the ultimate duo - mixing humor, passion, and top-notch expertise to keep you in the loop with the latest in assistive tech for blind…
Resurrection of the Daleks first aired 41 years ago on this day in 1984. This action-packed 5th Doctor story from the 21st season saw the return of the Daleks and Davros. This exciting adventure was also Janet Fielding’s swansong as Tegan. #DoctorWho
That was a great episode and the voices of the Daleks were some of the best from the classic series. One thing about that story that always confuses me is when Davros is being told about the Movellan war. At one point, he says something like, "two giant supercomputers warring against one another not able to outhink each other? Fascinating! If only I had been there." But he was there and dealt with that very problem in "Destiny" so why is he reacting like that and why would the writers not have acknowledged this?
@DavidGoldfield Resurrection of the Daleks sort of did for the Daleks in the 80's what Earthshock did for the Cybermen. It totally revamped thei Daleks for a new era, and also put all the continuity of the Daleks into some semblance of order. Yes, it's odd Davros said that as he was present to a degree initially (Destiny of the Daleks), I guess he was speaking rhetorically as he was frozen and imprisoned for much of the time the Daleks war with the Movellans was taking place?
On June 9th 2023 the first annual Access-Ability Summer Showcase was broadcast, showcasing recently released and upcoming video games made by disabled game developers, and featuring accessibility s…
At Your Fingertips: Braille Then and Now – The Braille Doodle In this episode, Chris takes a look at the Braille Doodle, a tool designed for both Braille learning and tactile drawing.
This link has been taken down from the NASA site by someone who probably told themselves as a kid that they would have stood up to the Nazis in the 1930s: nasa.gov/universe/nasa-intern-… Here's the story that Musk and Trump and their goons are so afraid to let you read scitechdaily.com/nasa-intern-f…
When Rose Ferreira first saw an image of a field of galaxies and galaxy clusters from NASA’s James Webb Space Telescope in July, she “went into the restroom and broke down a little,” she said.
Fixes #16269 - replaces .site domains and domain.com with valid example domains.
There may be other invalid examples, but these were the obvious ones I could find.
Please let me know if there are a...
Here's another one from the "I wonder why MAME emulates this" department. Weight Talker, a talking scale from 1985. We purchased one in 1986. It has five memory positions so you can track how much you have gained or lost for up to five people, a guest button for weighing someone or something without affecting any of the memories, can weigh in pounds or kilograms, memory can be disabled, and when it shuts off it can either say "Have a nice day" or "Goodbye," user selectable. It can also speak in either English or German, though this option isn't configurable on the one we had. In MAME, the weight to be measured is implemented using an analog dial which you use left and right arrows to adjust. Here, I play with it for less than a minute. I have it configured to think its batteries (7 AA cells on the older model or two nine-volt batteries on the newer model) are low.
I did this Hi Curl team, I found a serious buffer overflow issue in bufq.c. Specifically, in the chunk_append function, the buffer is not properly checked before writing, which could result in memo...
what is the motivation here? Is this a sockpuppet account someone is trying to build up credibility for by faking a bunch of legitimate-looking activity? I think that's the case (looks like this account was just created and has opened issues in other repos). But what's the endgame?
Is it just taking the name of the function and then saying hypothetically a function like this could have this issue... without actually checking the real code?
@smallsees my guess is it’s either malicious and meant to waste the maintainers time or just spraying trying to get one thing right so it can look like a contributor to credible projects and then use that reputation maliciously later.
the linked "vulnerability" of a buffer overflow in JAVASCRIPT CODE was just the icing on the cake, like this wouldn't even be a buffer overflow in C because you're not using the hash to index anything, but in JS???
Sábado 8F, plataforma Galiza sen gas realiza acción protesta na Térmica d Sabón, Arteixo, para oposición á utilización d gas Gas fósil, ou gas natural, é 2a fonte enerxía + usada n Galiza, só atrás do petróleo. Supón 20% da enerxía primaria empregada, superando achega d vento e auga Gas non é alternativa a outras fontes enerxía fósil pq contribúe á crise climática, xera dependencia externa, aumenta pobreza enerxética, agranda a débeda ecolóxica co Sur e fortalece o poder do oligopolio enerxético
Things to do in order to sleep well while having your C code in twenty billion installations. A talk about what the curl project does to minimize security ri...
![‘Tempest Chats 2022
2 wes oa v
Mon, Jun 13
Marshal Webb
@ ‘The penalty for consorting with the enemy 105 D
“a Marshal Webb invited 1 person to the group.
+a Wheaty accepted an invitation to the group from Marshal
Webb.
Marshal Webb
Everyone welcome Wheaty to the group, he's here to replace Edward on
[] ‘weekends 19D)
Peter Potvin
¥00000000 11 2
[-] Welcome! 119 D
Bushhy
@ Velcome Wneaty! 115 >
Wheaty
@ ¥ Therkyou, happy tobe heel 129)
Marshal Webb
‘Wheaty welcome! | hope you won't be liquidated like your predecessor
[] 120
Wheaty
Pe)
v
MM Not achance!:) +n 5](https://fedi.ml/photo/preview/640/637021 "‘Tempest Chats 2022
2 wes oa v
Mon, Jun 13
Marshal Webb
@ ‘The penalty for consorting with the enemy 105 D
“a Marshal Webb invited 1 person to the group.
+a Wheaty accepted an invitation to the group from Marshal
Webb.
Marshal Webb
Everyone welcome Wheaty to the group, he's here to replace Edward on
[] ‘weekends 19D)
Peter Potvin
¥00000000 11 2
[-] Welcome! 119 D
Bushhy
@ Velcome Wneaty! 115 >
Wheaty
@ ¥ Therkyou, happy tobe heel 129)
Marshal Webb
‘Wheaty welcome! | hope you won't be liquidated like your predecessor
[] 120
Wheaty
Pe)
v
MM Not achance!:) +n 5")
miki
in reply to Pablo Martini (Geezer) • • •