The 404 Media Podcast — "Hackers Dox ICE" (October 22, 2025)
Overview
In this episode, hosts Joseph, Sam, and Emmanuel delve into two of 404 Media’s biggest investigative stories of the week. The main segment unpacks the recent mass doxxing of hundreds of U.S. government officials (primarily from DHS and ICE) by a hacker group, with journalistic insight into the scale, impacts, and evolving nature of online crime groups. The latter half explores Wikipedia’s new warning about declining human visitors due to AI scraping and search engine summaries, with implications for the future of open online knowledge.
New Frontiers: 404 Media Makes Documentaries
[00:11–05:00]
- The team celebrates the release of their first documentary, How Artists Are Keeping the Lost Art of Neon Signs Alive, directed by co-founder Jason.
- Nostalgia for their Vice days and reflections on the challenges/freedoms of running an independent, journalist-owned media company.
- Sam reminisces about past video projects, notably an episode about crypto and sex work filmed in Las Vegas.
- Jason filmed the neon sign documentary using the same camera used for their podcast.
- Intention to expand further into self-driven video storytelling.
Main Story: Hackers Dox Hundreds of Federal Officials
The Leak: Scope and Data
[05:17–06:53]
- Emmanuel introduces the headline:
"Hackers Docs, Hundreds of DHS, ICE, FBI and DOJ Officials." - Joseph details the findings:
- Almost 700 official DHS records (including ICE), with a smaller number from FBI and DOJ.
- Exposed information includes name, official email, phone number (personal and office), and apparent home addresses.
- In some cases, addresses were clearly residential, e.g., “a Zillow listing comes up and it’s like, oh, I don’t think that’s an official DHS facility.” (Joseph, 05:41)
- The data landed with a hacker group strongly believed to be financially motivated.
Verifying the Data
[06:53–10:52]
- Joseph describes the standard journalistic workflow for vetting hacks:
- Historic example: calling numbers from previous CBP leaks for verification.
- Here, he leaned on District 4 Labs’ Darkside tool to cross-reference phone numbers, addresses, and emails with previous breaches and commercial datasets.
- Found evidence the data was legitimate and, in many cases, new.
- “...sometimes the data didn’t appear in previously breached stuff at all… it really does appear to relate to specific government officials, including DHS, ICE, DOJ, and FBI.” (Joseph, 10:30)
Why Does This Story Explode in 2025?
[14:23–16:07]
- Emmanuel: The story went viral because of heightened public interest in DHS and ICE due to recent US immigration crackdowns and aggressive enforcement.
- Doxxing federal officers now carries extra public resonance, even as the actual motivation isn’t hacktivist.
Who are the Hackers?
[16:07–20:57]
- Group: Scattered Lapsus Hunters (amalgamating the names/legacies of notorious groups Scattered Spider, Lapsus, and Shiny Hunters).
- Joseph: “They are a financially driven extortion gang. That is what they do. They breach companies, they steal data, they then try to extort… the overarching technology and service provider, which in this case is Salesforce.” (16:07)
- Explained: “The Comm” — a vast, loosely knit subculture of young English-speaking hackers, originally rooted in gaming (Minecraft, Roblox, etc.), now stretching from low-level trolling up to high-level criminal activity and violence.
- Quote: “We’re not just talking about Chinese state-sponsored hackers breaking into OPM anymore… probably pretty young people who have escalated from stealing stuff in Roblox to becoming a top-tier national security threat.” (Joseph, 19:50)
Why Dox These Officials? Extortion and Chaos
[20:57–23:22]
- Emmanuel: Points out this isn’t classic hacktivism—no public good, just chaos and/or clout.
- The group previously tried to extort Salesforce (and possibly its clients) after breaching databases. Having failed to gain a payout, they dumped government officials’ data.
- Joseph: “One of the members told me they started doxxing DHS and ICE because one of their friends got deported… I can’t verify it, but that’s what they claimed.” (21:41)
- Joseph notes the group often acts “just to start fires sometimes.”
- Emmanuel’s take: “It almost feels as if they haven’t been in the news for a minute and… to really get some clout right now is dox a bunch of DHS and ICE officials. Because that’s what everybody’s talking about. And they were right.” (23:22)
The Scope Expands: NSA and More
[23:22–26:08]
- Days after the ICE story, hackers released alleged personal data of thousands more: NSA, Defense Intelligence Agency, CDC, ATF, Air Force, State Department, and more.
- Joseph again found most of it appears legitimate and much of it is fresh.
- Initial theory was that all the data came from Salesforce clients’ breaches.
The Big Picture: Parallels, State vs. Youth Hackers
[26:08–29:09]
- Joseph compares this event to 2015’s state-sponsored Chinese hack of OPM—a new breed of “young English-speaking hackers [who] have managed to build dossiers on US government officials themselves.”
- The hackers exploited the weak links: not the government directly, but third-party vendors (Salesforce), reminiscent of recent AT&T/Snowflake mega-leaks.
- The Telegram channel the group used was later shut down, likely by Telegram, possibly due to government intervention.
- “If you’re starting to dox ICE, DHS, and NSA officials, I think the US government is probably going to come knocking pretty quickly.” (Joseph, 28:08)
Segment 2: Wikipedia Sounds the Alarm on AI and Declining Human Traffic
The Issue: Numbers and Trend
[32:29–33:43]
- Emmanuel recaps his reporting on Wikipedia’s revelation:
“8% down compared to the same time last year—with 300 billion annual pageviews, an 8% slide means billions of lost visits.” (32:51) - The major concern: an "abnormal spike" in bot traffic, especially from Brazil, revealed many previously counted “readers” were bots.
What’s Causing the Drop?
[33:43–38:26]
- Joseph and Emmanuel discuss:
- AI companies scraping Wikipedia to fuel chatbots.
- Search engines displaying “snippets” or “knowledge panels” that answer users’ questions without sending them to Wikipedia.
- Pew study: only 1% of users presented with an AI summary click through to the original article.
“Everybody does it... every single major AI company scrapes the internet for traffic, and that is before we get into AI companies from China and other countries that are less open.” (Emmanuel, 36:00)
Why Does This Matter for Wikipedia’s Future?
[41:23–44:45]
- Joseph asks: If Wikipedia is free, why does it matter where the traffic comes from?
- Emmanuel: Two main reasons:
- Donations: “If you go to Wikipedia and there’s a big banner... that is an important way for them to raise money.” (41:53)
- New Volunteers: “If you don’t have some sort of mechanism to feed more users into that ecosystem and have them graduate into being Wikipedia editors and volunteers, then the system dies.” (43:04)
- Wikipedia’s value is its human editorial community: “If that process stops at a Google AI-generated answer or a ChatGPT-generated answer, the whole system breaks down.”
Can This Trend Be Stopped?
[44:45–47:19]
- No silver bullet; Wikipedia continues the “cat and mouse game” with bots.
- Wikimedia is building official relationships with Google, YouTube, and generative AI companies to secure better attribution and traffic.
- Public call for “personal responsibility”—encouraging more people to deliberately visit and contribute to Wikipedia.
- Emmanuel notes this plea is more compelling for Wikipedia than those made for other causes, because of its volunteer-driven model.
Notable Quotes & Timestamps
- “It’s straight-up docs.” (Joseph, 05:41)
- “There were some interesting cases where I would put in the phone number and would bring up the matching DHS email from a breach of a parking app... I seem to remember some stories from the time where, oh, I need to verify who this person is for this story.” (Joseph, 08:18)
- On the hacker group:
“It’s almost like a cultural phenomenon thing, almost an anthropological thing... thousands and thousands of people on Telegram and Discord, usually English-speaking, as you say: Canada, the United States, and the United Kingdom.” (Joseph, 17:16) - On the impact of AI:
“When you talk about an 8% decline [in traffic], you’re talking about billions of pageviews, which is just like a massive shift in how traffic is rooted around the Internet.” (Emmanuel, 32:52) - “If you don’t have some sort of mechanism to feed more users into that ecosystem and have them graduate into being Wikipedia editors and volunteers, then the system dies.” (Emmanuel, 43:14)
Key Timestamps
- 00:11–05:00 — 404 Media’s documentary initiative
- 05:17–10:52 — Details and verification of the federal data leak
- 14:23–16:07 — Why the story exploded, not about hacktivism
- 16:07–20:57 — History and culture of the hacker group(s)
- 20:57–23:22 — Extortion, chaos, and “starfire” tactics
- 23:22–26:08 — The scope widens: NSA and other agencies hit
- 26:08–29:09 — Lessons and parallels with state-sponsored hacks
- 32:29–33:43 — Wikipedia traffic drop explained
- 33:53–38:26 — Causes: AI scraping, search engine summaries
- 41:23–44:45 — Impacts: donations and volunteer pipeline
- 44:45–47:19 — What now? Solutions and Wikimedia’s plea
Summary
This episode offers a deep dive into how both criminal online groups and large AI companies are shaping government security and the fabric of the open web. The hosts provide firsthand reporting on the people and structures behind a major government leak, vividly illustrate the emerging risks to open internet institutions like Wikipedia, and discuss the stakes for journalism and knowledge in the era of AI.
For anyone following the latest in cybersecurity, government transparency, and the changing landscape of online information, this episode is a can’t-miss, blending exclusive reporting with accessible, lively conversation.
