On today’s episode of ‘Uncanny Valley,’ we discuss how WIRED was able to legally 3D-print the same gun allegedly used by Luigi Mangione, and where US law stands on the technology.

WIRED senior writer Andy Greenberg has been reporting on ghost guns for more than a decade. He first used a 3D printer to assemble a gun in 2015, and he says that today’s process is not only faster but cheaper. We talk to Andy about how he legally printed the same gun Luigi Mangione allegedly used in the alleged killing of the United Healthcare CEO last year, and whether US law is keeping up with the technology of 3D-printed guns.

You can follow Zoë Schiffer on Bluesky at @zoeschiffer and Andy Greenberg on Bluesky at ‪@agreenberg. Write to us at uncannyvalley@wired.com.

**Articles mentioned in this episode:**

*   We Made Luigi Mangione’s 3D-Printed Gun—and Fired It
*   Bluesky Is Plotting a Total Takeover of the Social Internet
*   The Delirious, Violent, Impossible True Story of the Zizians

**How to Listen**

You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how:

If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts and search for “Uncanny Valley.” We’re on Spotify too.

**Transcript**

_Note: This is an automated transcript, which may contain errors._

**Zoë Schiffer:** This is Zoë. Before we start, I want to take a chance to remind you that we really want to hear from you. If you have a tech-related question that's been on your mind or a topic that you wish we'd cover in the show, write to us at uncannyvalley@wired.com. If you listen and enjoy the episodes, please, please rate it and leave a review on your podcast app of choice. It honestly does help other people find us.

Welcome to WIRED's _Uncanny Valley_. I'm WIRED director of business and industry Zoë Schiffer. Today on the show, WIRED built and tested a 3D-printed pistol, the exact same model of the gun that Luigi Mangione allegedly used in the brutal killing of a health care CEO last year. Untraceable and often built entirely in private, those guns remain legal in some parts of the country due in part to a loophole in the US federal gun control laws. Today we hear about the process of creating a ghost gun, how those laws have evolved over time, and what future regulations may come. I'm joined today by Andy Greenberg, a senior writer at WIRED.

Andy, welcome to the show.

**Andy Greenberg:** Glad to be here. Thanks.

**Zoë Schiffer:** Andy, you've been reporting on ghost guns for a long time, and you started out this story with a question. Has the law in the United States actually caught up with the technology? I guess I wanted to start by asking you that same question. Has it?

**Andy Greenberg:** Well, the short answer is no. Even as the technology to make these so-called ghost guns and in particular 3D-printed guns has gotten more powerful, more practical, far, far, cheaper, the law has really lagged behind. It's opened up this space between the technology and the law that has allowed people to make their own guns at home in total privacy and anonymity more easily than ever.

**Zoë Schiffer:** I remember you saying that the first guns took hours and hours and hours. Now they still take half a day, but it's a lot less time.

**Andy Greenberg:** It's definitely faster. I printed two gun frames in 13 hours for this experiment.

**Zoë Schiffer:** Wow.

**Andy Greenberg:** That's probably just a little bit faster than it was 10 years ago, when I first … I should say 10 years ago, I made an AR-15 ghost gun in WIRED's San Francisco office.

**Zoë Schiffer:** Oh my gosh.

**Andy Greenberg:** Three different ways. One of those ways was trying to 3D-print the body of the gun known as the lower receiver of an AR-15. For the Glock-style pistol that Luigi Mangione allegedly used, it's called the frame. I was able to compare how this technology has changed and how well it works to make a gun back then in 2015 and then now. Yes, it's faster, but it's also just much better. And 3D printers are much, much cheaper.

That's perhaps the biggest thing of all. The 3D printer that I used back in 2015 to make the body of an AR-15 cost almost $3,000 alone. The entire ingredient list for my experiments in making allegedly Luigi Mangione's ghost gun was $1,144 or so, plus shipping.

**Zoë Schiffer:** Wow.

**Andy Greenberg:** That includes the cost of the printer, which was about $650. That's an enormous drop in price that has made this much more accessible to people, and just a much more practical way to try to obtain one of these guns in a fashion that completely circumvents all US gun control.

**Zoë Schiffer:** Right, completely. Before we go further on, I think it would be helpful if you explain for the audience what exactly is a ghost gun. What is the loophole that allows these guns to be made?

**Andy Greenberg:** Well, a ghost gun is this term that was originally used by gun control advocates, but now has actually been picked up by a lot of gun proponents as well. It basically means a gun that is homemade that has no serial number, and therefore is not registered with any government agency. You don't have to get a background check or show anyone ID. No gun control of any kind to obtain it. In that sense, it's a ghost.

The notion really is that you make just the parts of the gun that are regulated under US law, and then you can buy the rest of it off the internet or from stores, or whatever. And assemble it at home.

**Zoë Schiffer:** Right, yeah. Now we see why it's called a loophole. That's a pretty serious one. I want to actually go off-script, because I'm curious how you approached the story. But honestly, when I was reading it, I was like, “How the hell did Andy convince our lawyers to let him build not one, but multiple guns in the WIRED office?” I want to know how those initial conversations actually went.

**Andy Greenberg:** Well, the trick was in 2015 that I didn't ask anybody.

**Zoë Schiffer:** Oh, right.

**Andy Greenberg:** I just did it.

**Zoë Schiffer:** Right, right, right.

**Andy Greenberg:** In 2025, that turns out to be a lot harder, and we had to ask a lot of lawyers. We had to have an armorer on set, and a medic, and a special firearms specialist lawyer vet this. Then of course, I spoke to lawyers for the piece as well to make sure that what we were doing was legal. And also, to sketch out US gun control in 2025 and this gaping hole in it for homemade guns.

**Zoë Schiffer:** One of the things we're talking about is what you just mentioned, what has changed since you first started covering the space. You mentioned that the first time you built a 3D-printed gun, you did it in the WIRED office in San Francisco. This time, you actually went to Louisiana. Can you tell me about why that was important? What has changed on the regulatory side?

**Andy Greenberg:** Well, on some level, US law is trying to catch up with this problem, really at the state level mostly. 3D-printing a gun in New York is illegal unless you obtain a serial number for it. That's the same now in California too. My experiment in San Francisco would now be totally illegal. That's the case in 15 US states, that there are some laws around ghost guns.

In fact, there was a ban under Biden from the Bureau of Alcohol, Tobacco, and Firearms on ghost gun kits. These premade kits that allow anybody to finish a Glock-style frame or an AR-15 lower receiver from a plastic, or polymer, or even metal part with just a few tools in a matter of minutes. Those kits are not illegal according to the ATF. There was a Supreme Court ruling just in March upholding that ban.

Part of what I was trying to find out here is, despite a Supreme Court ruling, what's seen as a big crackdown on ghost guns, is this still possible to do legally with a 3D printer? And it is. The Supreme Court ruling basically said you can't sell parts that are readily convertible into a ghost gun, but it didn't say anything about creating one out of thin air and some plastic filaments out of empty space, which is really what a 3D printer does. What we did in Louisiana, where there is no state law around this, remains a wide-open loophole in the law, if you can call it that.

If you 3D-print a frame of a Glock-style pistol, then you can buy the rest of the parts off the internet and assemble it, and you have a gun that is a ghost gun. An anonymous, fully private, lethal weapon.

**Zoë Schiffer:** When we get back, we'll get into the details of how Andy actually made and assembled the ghost gun. But for now, we have to go to break.

\[_break_\]

**Zoë Schiffer**:Welcome back to _Uncanny Valley_. Okay, Andy, I want to get into the gun assembly process. Talk to me about the point from printing, to ordering the parts, to actually putting it together.

**Andy Greenberg:** The printing is definitely the easiest part in 2025. You really can download these files, these CAD files for gun frames from a bunch of different open source websites run by basically opponents of gun control. Then put them into some software and click print, and 13 hours later, in this case I had two perfect Glock-style frames. It was really remarkable how powerful the 3D printer, and cheap it was, that I was using.

The assembly is a lot trickier. That is as hard as ever. It's like assembling a very small piece of Ikea furniture. There's a lot of hammering little pins into place, and assembling the trigger mechanism, and it all has to fit into this small cavity inside of the frame. It took me more than an hour to do, and I was being guided in this process by a 3D-printed-gun aficionado. He calls himself Print, Shoot, Repeat, who was really helpful and patient about it. But I think that for people who know what they're doing, this takes 15 or 20 minutes—

**Zoë Schiffer:** Wow.

**Andy Greenberg:** —to assemble, once you have some practice at it.

**Zoë Schiffer:** OK. Then you shot the gun. What happened? How were you feeling at that moment at the gun range?

**Andy Greenberg:** Well, before I even shot it, there is this incredible moment when you're building a gun. It feels like this interesting, a little technical process, like making a model airplane or something. Then all of a sudden, I'm getting this slide onto the frame and then it clicks into place. Then you see for the first time that you actually have a gun in your hands, that it's a lethal weapon. The way that you have to treat a gun in your hands is so different from a collection of gun parts. Suddenly, it's this lethal weapon, you have to be careful where you point it. It's a really dramatic moment. It was for me, anyway.

**Zoë Schiffer:** There was that final part in the assembly where you put on a silencer, like allegedly Luigi Mangione had on his gun, right?

**Andy Greenberg:** Right. Luigi Mangione, in his backpack allegedly had a 3D-printed silencer too, which is a very new phenomenon, even in the 3D-printed gun world. We built that too. We 3D-printed a silencer. That actually is one part that's different. It's a felony for me to 3D-print a suppressor, a silencer as it's known. We did have an actual licensed gunsmith, the owner of the range that we were about to test that, who pushed print in that case and helped us to build that silencer. When Luigi Mangione allegedly did that, he would have been breaking the law. I would have been too, if not for having a gunsmith on-hand to help us out.

**Zoë Schiffer:** Then it started to jam a little bit. Or I don't know the correct term, but it did malfunction, right?

**Andy Greenberg:** Yeah, it did jam and it misfired several times. We reloaded it and I fired it a bunch more times. It would fire, and then misfire, and fire, and misfire. We did a bunch of troubleshooting, but ultimately we did get it working as a full semi-automatic handgun that could really empty a whole magazine worth of rounds.

**Zoë Schiffer:** You also pointed out that Brian Thompson's alleged killer—their gun also malfunctioned. It looked like, from the videos, that they had practiced a fair amount because they were totally unperturbed by the experience that you had, where the gun jammed, and then you had to troubleshoot, and then keep going.

**Andy Greenberg:** Right. Once we had gotten the gun working as a real semi-automatic, then we put the silencer on, our 3D-printed silencer. The silencer, based on the way that it attaches to the muzzle, it does actually prevent the slide from getting its full range of motion. It no longer actually worked as a true semi-automatic weapon. I had to, every time I pulled the trigger, pull back the slide, rack the gun as they say, which ejects a casing and pushes a new round into the chamber, ready to be fired. You have to manually rack it each time.

But when I looked at the surveillance video of allegedly Luigi Mangione killing Brian Thompson, or whoever that was in that video, you can see that they do exactly that. They pull back the slide with every shot. In fact, they seem to be fully prepared to do that. They don't hesitate at all. It was this eerie feeling of realizing that we had arrived at exactly the place where Brian Thompson's killer did. It was this very unnerving feeling of realizing that I was carrying out exactly the same process, I was going through exactly the same sensations of recoil, and racking, and firing again that I was seeing in this actual murder video.

**Zoë Schiffer:** Talk to me about what proponents of ghost guns say. Why are they for this untraceable and potentially really dangerous technology?

**Andy Greenberg:** I think there's a whole range of people who are interested in ghost guns and 3D-printed guns. Cody Wilson, the creator of the first fully 3D-printed gun, I was there in 2013 when he fired for the first time the Liberator, this fully plastic, fully 3D-printed one-shot pistol. He wants to destroy the state. He's a full-on radical Libertarian who believes that actually making gun control impossible, but demonstrating that it is fundamentally impossible. He can use that as a lever to show that “all government is impossible.”

But then you talk to somebody like Print, Shoot, Repeat, who was the one who helped us out in this experiment. He's also a real advocate for 3D-printed guns. But he told me, “I like this because I like the idea of being able to make my own guns at home. You can experiment with the process, and build guns that are not commercially available, and do it with full anonymity and privacy.” I did ask him, “Doesn't that also pose a real risk? Doesn't the ability for anybody essentially to make a gun at home with anonymity and privacy mean that they can use it to commit a crime?” He, like a lot of gun advocates I think in general, his answer was, “Well, freedom is dangerous,” and that's the American way, essentially.

**Zoë Schiffer:** I was really struck by that in your work. That it really felt like their POV was the occasional outburst of violence is the cost of freedom in this country, which is a very different way of seeing the world. My last question is just where do you think this is all heading? What does 3D printing and the way the technology has developed since you first started covering this space tell us about our ability to regulate guns in the United States?

**Andy Greenberg:** Well, it's just definitely clear that the law in this country is not keeping up with technology on this issue. That's a running theme probably of this podcast and everything we do at WIRED. But it's very visible. I feel like this is almost a parable about the ways that technology runs ahead of the law, especially in this country. And especially in a country where people love to defy the law and break the law. This is one example where Americans, it's the American way to try to have more guns than even our very meager gun control laws would allow us.

For me, as someone who's covered 3D-printed guns since 2012, it just strikes me that this topic caught up and even ran ahead of me in my reporting. I used to think of this as some future threat that I was describing in this science fictional way. Now it's definitely a present threat. In fact, it took me by surprise in December 2024, when a 3D-printed gun was used allegedly in this massively high-profile murder. I don't know. It's a future shock, as Alvin Toffler would call it. Where it's like, “Wow, we are in that future now.” This is a particularly scary one.

**Zoë Schiffer:** We're going to take a quick break. When we come back, we'll share our recommendations for what to read on Wired.com this week.

\[_break_\]

**Zoë Schiffer:** Welcome back to _Uncanny Valley_. I'm Zoë Schiffer, WIRED's director of business and industry. I'm joined today by WIRED senior writer Andy Greenberg. Before we take off, Andy, tell our listeners what they need to read on Wired.com today.

**Andy Greenberg:** Well, this ghost gun story is part of the Rogue's package as we're calling it, all about people on the edge of the law and breaking the law in interesting ways. There's another story in that package that I thought was incredible, written by my colleague Evan Ratliff. It's about the Zizians, this group that went in an extremely irrational direction—became actually this violent militant group. It's a remarkable piece about their evolution and how they came to do truly horrifying criminal things.

There's also this idea in the piece that has just haunted me in the weeks since I read it. It's called Roko's basilisk. It's something that rationalists and AI people talk about. Which is this notion that, if there is going to be a superintelligent AI in the future, it might punish people who were aware that it could be created and didn't work to create it.

**Zoë Schiffer:** That's just so weird and scary.

**Andy Greenberg:** It just really bothers me that there's this idea that's so dangerous you can't even think about it.

But I would also say that I have a piece in this Rogue's package also coming out tomorrow that I've been working on for about a year and a half, about at one point the dark web's biggest dealer in DMT, this incredibly potent psychedelic that he made in secret labs across the western half of the US. I hope you'll check that out, too.

**Zoë Schiffer:** I am very excited for that one. DMT is a big topic of discussion in California these days.

I have another recommendation. I feel like the topic of this podcast has been very, at least to me, and I understand I have my own biases here, a bleak vision of the future. But we also have this interview that our fantastic reporter Kate Knibbs did with Jay Graber, the head of Bluesky. She lays out a vision of the future of the social web that I actually found extremely uplifting.

I thought it was interesting, because Jay uses a lot of the language that you hear from the cutting-edge tech VCs and executives, but she does it in a way that feels completely different from the future that these other people and a lot of the men lay out. I really found her words compelling, and I think everyone should read it.

That's our show for today. We'll link to all the stories we spoke about in the show notes. Make sure to check out Thursday's episode of _Uncanny Valley_, which is about AI in schools and a big question we're having. Is using this technology cheating?

Kyana Moghadam and Adriana Tapia produced this episode. Greg Obis mixed this episode. Pran Bandi was our New York studio engineer. Jordan Bell is our executive producer. Conde Nast's head of global audio is Chris Bannon. Katie Drummond is WIRED's global editorial director.

Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever

The trove has now been taken down but included users’ logins for platforms including Apple, Google, and Meta, plus services from multiple governments.

The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks of recklessly compiling sensitive information in a repository that could become a single point of failure.

In early May, longtime data-breach hunter and security researcher Jeremiah Fowler discovered an exposed Elastic database containing 184,162,718 records across more than 47 GB of data. Typically, Fowler says, he is able to gather clues about who controls an exposed database from its contents—details about the organization, data related to its customers or employees, or other indicators that suggest why the data is being collected. This database, however, didn’t include any clues about who owns the data or where it may have been gathered from.

The sheer range and massive scope of the login details, which include accounts connected to a large array of digital services, indicate that the data is some sort of compilation, possibly kept by researchers investigating a data breach or other cybercriminal activity or owned directly by attackers and stolen by infostealer malware.

“This is probably one of the weirdest ones I’ve found in many years,” Fowler says. “As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal’s dream working list.”

Each record included an ID tag for the type of account, a URL for each website or service, and then usernames and plaintext passwords. Fowler notes that the password field was called “Senha,” the Portuguese word for password.

In a sample of 10,000 records analyzed by Fowler, there were 479 Facebook accounts, 475 Google accounts, 240 Instagram accounts, 227 Roblox accounts, 209 Discord accounts, and more than 100 each of Microsoft, Netflix, and PayPal accounts. That sample—just a tiny fraction of the total exposure—also included Amazon, Apple, Nintendo, Snapchat, Spotify, Twitter, WordPress, and Yahoo logins, among many others. A keyword search of the sample by Fowler returned 187 instances of the word “bank” and 57 of “wallet.”

Fowler, who did not download the data, says he contacted a sample of the exposed email addresses and heard back from some that they were genuine accounts.

Aside from individuals, the exposed data also presented potential national security risks, Fowler says. In the 10,000 sample records there were 220 email addresses with .gov domains. These were linked to at least 29 countries, including the United States, Australia, Canada, China, India, Israel, New Zealand, Saudi Arabia, and the United Kingdom.

While Fowler could not identify who had put the database together or where the login details originally came from, he reported the data exposure to World Host Group, the hosting company it was linked to. Access to the database was quickly shut down, Fowler says, although World Host Group did not respond to the researcher until after it was contacted by WIRED.

Seb de Lemos, CEO of World Host Group, tells WIRED in a statement that the company operates systems for more than 2 million websites. The database Fowler found, though, is “an unmanaged server” hosted on World Host Group’s infrastructure and fully controlled by a customer.

“It appears a fraudulent user signed up and uploaded illegal content to their server,” de Lemos wrote in the statement. “The system has since been shut down. Our legal team is reviewing any information we have that might be relevant for law enforcement.”

De Lemos says that the company is in touch with Fowler and has made improvements to its reporting system. “Whilst we cannot share customer-specific details with WIRED, we will fully cooperate with the appropriate law enforcement authorities and, where appropriate, share all relevant customer data with them.”

Though the database has now been secured—and ultimately taken down entirely—it is not clear whether anyone other than Fowler accessed the trove while it was still live. As with any exposed database, the concern is that sensitive data could be stolen and abused. And in this case, there is a particularly urgent risk of logins being exploited in fraud, to steal additional information, or even to breach other organizations.

Fowler says that while he does not know for certain, he suspects that the data was compiled by attackers using an infostealer.

“It is highly possible that this was a cybercriminal,” he says. “It’s the only thing that makes sense, because I can’t think of any other way you would get that many logins and passwords from so many services all around the world.”

Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials

US, European, and Japanese authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma, an infostealer popular with criminal gangs.

A consortium of global law enforcement agencies and tech companies announced on Wednesday that they have disrupted the infostealer malware known as Lumma. One of the most popular infostealers worldwide, Lumma has been used by hundreds of what Microsoft calls “cyber threat actors” to steal passwords, credit card and banking information, and cryptocurrency wallet details. The tool, which officials say was developed in Russia, has provided cybercriminals with the information and credentials they needed to drain bank accounts, disrupt services, and carry out data extortion attacks against schools, among other things.

Microsoft’s Digital Crimes Unit (DCU) obtained an order from a United States district court last week to seize and take down about 2,300 domains underpinning Lumma’s infrastructure. At the same time, the US Department of Justice seized Lumma’s command-and-control infrastructure and disrupted cybercriminal marketplaces that sold the Lumma malware. All of this was coordinated, too, with disruption of regional Lumma infrastructure by Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center.

Microsoft lawyers wrote on Wednesday that Lumma, which is also known as LummaC2, has spread so broadly because it is “easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses.” Steven Masada, assistant general counsel at Microsoft’s DCU, says in a blog post that Lumma is a “go-to tool,” including for the notorious Scattered Spider cybercriminal gang. Attackers distribute the malware using targeted phishing attacks that typically impersonate established companies and services, like Microsoft itself, to trick victims.

“In 2025, probably following Redline’s disruption and Lumma’s own development, it has ranked as the most active module, indicating its growing popularity and widespread adoption among cybercriminals,” says Victoria Kivilevich, director of threat research at security firm Kela.

Microsoft says that more than 394,000 Windows computers were infected with the Lumma malware between March 16 and May 16 this year. And Lumma was mentioned in more than 21,000 listings on cybercrime forums in the spring of 2024, according to figures cited in a notice published today by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). The malware has been spotted bundled in fake AI video generators and fake “deepfake” generation websites, and distributed by fake captcha pages.

Law enforcement’s collaboration with Microsoft’s DCU and other tech companies like Cloudflare focused on disrupting Lumma’s infrastructure in multiple ways, so its developers could not simply hire new providers or create parallel systems to rebuild.

“Cloudflare’s role in the disruption included blocking the command-and-control server domains, Lumma’s Marketplace domains, and banning the accounts that were used to configure the domains,” the company wrote in a blog post on Wednesday. “Microsoft coordinated the takedown of Lumma’s domains with multiple relevant registries in order to ensure that the criminals could not simply change the name servers and recover their control.”

While infostealing malware has been around for years, its use by cybercriminals and nation-state hackers has surged since 2020. Typically, infostealers find their way onto people’s computers through downloads of pirated software or through targeted phishing attacks that impersonate established companies and services, like Microsoft itself, to trick victims. Once on a computer it is able to grab sensitive information—such as usernames and passwords, financial information, browser extensions, multifactor authentication details, and more—and send it back to the malware’s operators.

Some infostealer operators bundle and sell this stolen data. But increasingly the compromised details have acted as a gateway for hackers to launch further attacks, providing them with the details needed to access online accounts and the networks of multibillion-dollar corporations.

“It’s clear that infostealers have become more than just grab-and-go malware,” says Patrick Wardle, CEO of the Apple device-focused security firm DoubleYou. “In many campaigns they really act as the first stage, collecting credentials, access tokens, and other foothold-enabling data, which is then used to launch more traditional, high-impact attacks such as lateral movement, espionage, or ransomware.”

The Lumma infostealer first emerged on Russian-language cybercrime forums in 2022, according to the FBI and CISA. Since then its developers have upgraded its capabilities and released multiple different versions of the software.

Since 2023, for example, they have been working to integrate AI into the malware platform, according to findings from the security firm Trellix. Attackers want to add these capabilities to automate some of the work involved in cleaning up the massive amounts of raw data collected by infostealers, including identifying and separating “bot” accounts that are less valuable for most attackers.

One administrator of Lumma told 404Media and WIRED last year that they encouraged both seasoned hackers and new cybercriminals to use their software. “This brings us good income,” the administrator said, referring to the resale of stolen login data.

Microsoft says that the main developer behind Lumma goes by the online handle “Shamel” and is based in Russia.

“Shamel markets different tiers of service for Lumma via Telegram and other Russian-language chat forums,” Microsoft’s Masada wrote on Wednesday. “Depending on what service a cybercriminal purchases, they can create their own versions of the malware, add tools to conceal and distribute it, and track stolen information through an online portal.”

Kela’s Kivilevich says that in the days leading up to the takedown, some cybercriminals started to complain on forums that there had been problems with Lumma. They even speculated that the malware platform had been targeted in a law enforcement operation.

“Based on what we see, there is a wide range of cybercriminals admitting they are using Lumma, such as actors involved in credit card fraud, initial access sales, cryptocurrency theft, and more,” Kivilevich says.

Among other tools, the Scattered Spider hacking group—which has attacked Caesars Entertainment, MGM Resorts International, and other victims—has been spotted using the Lumma stealer. Meanwhile, according to a report from TechCrunch, the Lumma malware was allegedly used in the buildup to the December 2024 hack of education tech firm PowerSchool, in which more than 70 million records were stolen.

“We're now seeing infostealers not just evolve technically, but also play a more central role operationally,” says DoubleYou’s Wardle. “Even nation-state actors are developing and deploying them.”

Ian Gray, director of analysis and research at the security firm Flashpoint, says that while infostealers are only one tool that cybercriminals will use, their prevalence may make it easier for cybercriminals to hide their tracks. “Even advanced threat actor groups are leveraging infostealer logs, or they risk burning sophisticated tactics, techniques, and procedures,” Gray says.

Lumma isn’t the first infostealer to be targeted by law enforcement. In October last year, the Dutch National Police, along with international partners, took down the infrastructure linked to the RedLine and MetaStealer malware, and the US Department of Justice unsealed charges against Maxim Rudometov, one of the alleged developers and administrators of the RedLine infostealer.

Despite the international crackdown, infostealers have proven too useful and effective for attackers to abandon. As Flashpoint’s Gray puts it, “Even if the landscape ultimately shifts due to the evolution of defenses, the growing prominence of infostealers over the past few years suggests they are likely here to stay for the foreseeable future. Usage of them has exploded.”

Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals

An arson attack in Colorado had detectives stumped. The way they solved the case could put everyone at risk.

3 Teens Almost Got Away With Murder. Then Police Found Their Google Searches

When a formerly incarcerated “troubleshooter for the mafia” looked for a second career he chose the thing he knew best. He became a prison consultant for white-collar criminals.

_From Sam Bankman-Fried’s fraud-ridden crypto empire to Elizabeth Holmes’ sham biotech company to deepfakers on the internet bilking grandmas of their retirement savings, white-collar crime seems to touch every last corner of tech. For the business titan who may one day end up in custody and can’t count on a presidential pardon, it never hurts to know a guy._

_WIRED spoke with a self-described former “troubleshooter for the mafia” who was incarcerated in US penitentiaries for a decade and found a new role for himself on the outside: He became a prison consultant. Now he works with an array of white-collar offenders. He berates and curses the ears off his clients—but it’s all part of the no-bullshit approach he says he uses to help them reduce and optimize their time inside._

Once when I was in prison and we were walking out of the dining hall, I stopped and I looked out the window. I said, “Do you see it?” And the other inmates are like, “What?” I go, “It’s right there.” And they’re stopping and gazing into the sky. Then more people come out of the dining hall and start looking too, and before you know it, so do the correctional officers. Finally, I said: “Gee, see how easy it is to take control of stupid people?”

I had a prison psychiatrist say that I treated the prison system like it was my own personal amusement park. I was just having too good of a time in there. I would get on the telephone, calling home or whoever, and I’d go, “Well, if the staff hates me right now, they’re going to despise me by this weekend. I have something special planned. I really can’t say. The staff’s listening in on the phone calls.” So the weekend rolls around, they put extra staff members on duty, wondering, “All right, what’s the dude going to do?” I’m lying in my fucking bunk reading a book. I ain’t going to do shit. But I fucking manipulated these people.

I also spent my time helping people. I would help people who were over-sentenced on their charges get into RDAP, the Residential Drug Abuse Program, or an extra halfway house called the Second Chance Act program. I would go through their legal paperwork and say, “You know what? Let’s file in court on this,” and boom, all of a sudden somebody gets resentenced. That made me a folk hero. I thought, “Well shit, I could turn this into a business.”

When I first got out of custody, there was nobody doing this. My primary clients were people that had financial fraud. Some drug clients, but it was people who ripped people off. Your white-collar offenders. It’s people who are scared, angry, and confused. If they reach out to me before they’ve gone in, I can get them prepared.

Between people on the outside and people on the inside, I may have like 50 clients, maybe 100, at a time. Sometimes my services are free, sometimes they’re $3,500, $5,000, $10,000. I even had one guy pay me $50,000. It just depends on the person, their circumstance, what they can afford. I’ve got four other people who work with me, two women and two men.

When my clients come to me, I tell them: “OK, so shut the fuck up and listen to what I have to say. You’re in deep shit. I’m going to pull your head out of your ass, because your lawyer probably screwed you, made you false fucking promises that they can’t keep. First let’s take a look at your charges, your federal indictment. What are you charged with? Is it drugs? Is it some type of wire fraud?” And we’ll just break your case down.

I’m not a lawyer. I can’t give you legal advice. But what I can do is explain the law to you, and I can help you determine whether or not you should go to trial or take a plea agreement. I also teach my clients how to lie on the witness stand effectively, how to beat the polygraph machine. So I’m a full-service kind of business.

I got hit with narcotics trafficking, securities fraud, racketeering, obstruction of justice, and possession of machine guns. I’m not here to fucking judge anybody. I know within five minutes of seeing the indictment whether this person’s going to prison. There’s no question about it, unless they’re ratting people out.

So a dumbass gets sentenced. I have a chemical dependency assessment done on them to determine whether they have a substance abuse issue. If I have a report generated for them and it gets put into their probation report at sentencing and they submit it to the prison, it creates eligibility for them to get into a program to get out up to one year early.

I explain to them it’s not what they’ve seen on TV. I hold their hand and their family’s hand, because their families are busy watching prison shows and they’re all freaked out. I calm them down. Prison is boring. It’s Groundhog Day. Every day is the last day, unless people get into a fight or something. I explain to them the different types of prisons. A majority of my clients go to minimum security institutions, known as federal prison camps. Many have no fences, no walls. They often don’t lock the doors.

I’m teaching my clients the politics of prison life—how to deal with staff, how to deal with other inmates. You don’t want to hang out with informants or child molesters. And some of the staff members are fucking cuckoo. They’re unprofessional. They’re not well trained. They have their own emotional and personal issues.

I give people that psychological peace of mind. I have a lot of clients that are family members of people in custody. I’m like a cross between a marriage counselor, a psychologist, a life coach, and a priest. So that calms the people.

My wife said that I need to be nicer to the clients. I think maybe I’m desensitized because I’ve been doing this shit for so long. I get frustrated. I sometimes go off on people. I say, “I don’t know who’s dumber, you or a fucking lawyer, listen the fuck up.” I mean, my ex-wife said I didn’t have one ounce of human kindness. She knew me the best.

_—As told to Elana Klein_

What to Expect When You’re Convicted

The Take It Down Act requires platforms to remove instances of “intimate visual depiction” within two days. Free speech advocates warn it could be weaponized to fuel censorship.

US President Donald Trump signed into law legislation on Monday nicknamed the Take It Down Act, which requires platforms to remove nonconsensual instances of “intimate visual depiction” within 48 hours of receiving a request. Companies that take longer or don’t comply at all could be subject to penalties of roughly $50,000 per violation.

The law received support from tech firms like Google, Meta, and Microsoft and will go into effect within the next year. Enforcement will be left up to the Federal Trade Commission, which has the power to penalize companies for what it deems unfair and deceptive business practices. Other countries, including India, have enacted similar regulations requiring swift removals of sexually explicit photos or deepfakes. Delays can lead to content spreading uncontrollably across the web; Microsoft, for example, took months to act in one high-profile case.

But free speech advocates are concerned that a lack of guardrails in the Take It Down Act could allow bad actors to weaponize the policy to force tech companies to unjustly censor online content. The new law is modeled on the Digital Millennium Copyright Act, which requires internet service providers to expeditiously remove material that someone claims is infringing on their copyright. Companies can be held financially liable for ignoring valid requests, which has motivated many firms to err on the side of caution and preemptively remove content before a copyright dispute has been resolved.

For years, fraudsters have abused the DMCA takedown process to get content censored for reasons that have nothing to do with copyright infringements. In some cases, the information is unflattering or belongs to industry competitors that they want to harm. The DMCA does include provisions that allow fraudsters to be held financially liable when they make false claims. Last year, for example, Google secured a default judgment against two individuals accused of orchestrating a scheme to suppress competitors in the T-shirt industry by filing frivolous requests to remove hundreds of thousands of search results.

Fraudsters who may have feared the penalties of abusing DMCA could find Take It Down a less risky pathway. The Take It Down Act doesn’t include a robust deterrence provision, requiring only that takedown requestors exercise “good faith,” without specifying penalties for acting in bad faith. Unlike the DMCA, the new law also doesn’t outline an appeals process for alleged perpetrators to challenge what they consider erroneous removals. Critics of the regulation say it should have exempted certain content, including material that can be viewed as being in the public’s interest to remain online.

Another concern is that the 48-hour deadline specified in the Take It Down Act may limit how much companies can vet requests before making a decision about whether to approve them. Free speech groups contend that could lead to the erasure of content well beyond nonconsensual “visually intimate depictions,” and invite abuse by the same kinds of fraudsters who took advantage of the DMCA.

Since it receives millions of DMCA takedown requests annually, Google has said in court papers that it “often must rely” on the “accuracy of the statements submitted by copyright claimants.” It’s difficult to imagine that the process would be any different for Take It Down, says Becca Branum, deputy director of the free expression project at the Center for Democracy and Technology. (CDT receives a minority of its funding from Google and other tech companies.)

“Platforms have no incentive or requirement to make sure what comes through the system is nonconsensual intimate imagery,” Branum says. Because it’s often cheaper and easier for companies to comply with requests than to investigate them, she says, more content may be removed from the internet than deserves to be. Braum points to another set of laws passed by Congress about seven years ago addressing sex trafficking content, which she argues also led to the removal of unrelated information from the web.

Under their existing takedown processes for nonconsensual intimate imagery, some tech companies require requestors to show government-issued identification confirming that they are the person being depicted. But advocates for victims say the rules unfairly burden legitimate requestors and jeopardize their privacy.

Take It Down doesn’t require identity verification, and it’s possible that burdensome processes to request removals could trigger FTC scrutiny. Likewise, critics of Take It Down also may call on the FTC—which is typically aligned with the president’s political party—to investigate companies that allow bogus requests to sail through.

Ted Cruz and Amy Klobuchar, the bipartisan pair of senators who helped shepherd Take It Down through Congress with little opposition, didn’t respond to requests for comment about issues that have been raised with the legislation. For members of Congress, passing the bill was imperative to protecting people, like the teenagers whose experiences helped shape it. The hope is that future victims will get their privacy back without delay.

Trump Signs Controversial Law Targeting Nonconsensual Sexual Content

Sequoia Capital partner Shaun Maguire said in a webinar hosted by Israel’s Defense Ministry that he connected the IDF with SpaceX’s Starlink satellite internet far sooner than believed.

Prominent Silicon Valley venture capitalist Shaun Maguire said on a webinar last week that he personally facilitated getting the Israel Defense Forces access to Starlink satellite internet, which is operated by Elon Musk’s SpaceX, within hours or days of it beginning its military response in Gaza to Hamas’ attack on October 7, 2023—far earlier than either Israel, Musk, or SpaceX have publicly acknowledged.

The topic was initially broached by Tel Aviv–based venture capitalist Aviv Eyal, who was introducing Maguire at the beginning of the May 14 webinar titled “Why VCs Are Betting On Defense Tech." The webinar was hosted by the Israeli Defense Ministry's “Mafat for Startups,” a defense startup investment program run by its Directorate of Defense Research & Development.

It is unclear exactly when Starlink was activated for IDF use, even according to Eyal and Maguire’s recollections. Eyal initially claimed on the webinar that it took Maguire “12 hours, maybe less, to get Starlink switched on over Israel.” Maguire added that he believed Eyal contacted him some time between October 8 and October 9; later on the webinar, Maguire said that he brought Starlink to the IDF on October 9. Israel would not officially approve of SpaceX’s limited use in the country until more than four months later. It also appears that SpaceX did not have a contractual agreement with the Pentagon at the time it began providing Starlink to the IDF, which the Pentagon required before SpaceX could provide Starlink to Ukraine. The Pentagon did not respond to WIRED’s request for comment.

“There's always the most kind of chaos and opportunity in the immediate aftermath after a catastrophe like that,” Maguire said on the webinar.

Eyal also said that Maguire, who has invested in SpaceX, introduced him to the head of country licensing of Starlink at SpaceX, and “really helped shepherd us through the first couple of months of getting Starlink into the hands of the IDF.”

“And it went on to be an absolute game changer and a huge success,” Eyal said.

Eyal is the cofounder and managing partner of the venture capital firm Entrée Capital. It’s unclear what Eyal’s relationship with the IDF was at the time he reached out to Maguire. However, Maguire noted on the webinar that, in the initial days after the attack, both he and Eyal, “in our own ways, started getting involved and trying to help Israel just in the immediate aftermath.”

Maguire did not respond for comment. When reached by WIRED, Eyal said that his reply was off the record, a condition WIRED did not agree to. He said that the webinar “was held ‘off the record’ and stated as such at the start of the webinar.” However, this was not stated during the webinar nor in the event description.

“You misunderstood the conversion, and as such your questions are not on topic and any conclusions you draw and write will unfortunately be incorrect and just an embarrassment,” Eyal said in his message. “Shaun's role is incorrect, and the dates you quote are incorrect as well as other key info.”

Eyal did not reply to two follow-up messages that contained quotes from the webinar and offered Eyal the opportunity to correct or clarify anything that was said.

On October 20, 2023, the IDF launched an offensive in Gaza that specifically targeted the territory’s internet and telecommunications infrastructure. This resulted in a “complete disruption” of internet and cellular communication for the then 2.3 million people living there.

A few days later, Elon Musk began what would reportedly become tense negotiations with the Israeli Communications Ministry to provide Starlink access in the area. On October 28, Musk said on X that Starlink would “support connectivity to internationally recognized aid organizations in Gaza” in a reply to US representative Alexandria Ocasio-Cortez drawing attention to the communications blackout.

Israeli communications minister Shlomo Karhi, in a quote-post of Musk, said that Israel would “use all means at its disposal to fight this,” claiming that Hamas would find a way to access and use Starlink for “terrorist activities.”

“Perhaps Musk would be willing to condition it with the release of our abducted babies, sons, daughters, elderly people,” Karhi wrote. “All of them! By then, my office will cut any ties with starlink.”

Musk replied a few hours later, saying, “We are not so naive.”

“Per my post, no Starlink terminal has attempted to connect from Gaza,” Musk added. “If one does, we will take extraordinary measures to confirm that it is used \*only\* for purely humanitarian reasons. Moreover, we will do a security check with both the US and Israeli governments before turning on even a single terminal.”

The Israeli Communications Ministry did not approve any use of Starlink in Israel or Gaza until February 14, 2024. At that point, Kahri said in a post on X, Starlink could be used both in Israel and at a United Arab Emirates–run field hospital in Rafah.

“The use of the company's services will be limited at first with broader use expected in the future,” Kahri said in the post.

Eyal mentioned on the webinar that it is currently "a matter of weeks” before Starlink is “launched for Israel as a whole” and available to any person or business. It is unclear if this access will include the occupied West Bank and Gaza.

SpaceX, the IDF, and the Israeli Communications Ministry did not respond for comment.

According to Agence France-Presse, 1,189 Israelis died as a result of Hamas’ October 7 attack on Israel. Hamas also took 251 Israelis to Gaza as hostages, of which 58 remain, and 23 are believed to be alive.

Between 53,000 and 62,000 Palestinians have died as a result of Israel’s military offensive into Gaza that followed October 7, according to Gaza’s Ministry of Health and Government Media Office. The exact death toll is unclear, because there is an unknown number of bodies buried under the rubble of destroyed buildings. Israel has blocked any food or medical aid entering Gaza since the beginning of March, which aid workers say have resulted in increasingly catastrophic and dire living conditions.

A Silicon Valley VC Says He Got the IDF Starlink Access Within Days of October 7 Attack

WIRED loves a rogue. Except rogues ruined the internet. Is there any salvaging the rebellious spirit without destroying everything?

At WIRED, we’ve had a long-running obsession with rogues. This is, after all, a publication that was founded in the early ’90s, born of a desire to champion the subversive, disruptive advent of the internet—and the hackers, hustlers, and blue-sky lunatics consumed by the possibilities of a digitized and interconnected planet.

Of course, WIRED had no idea, then, just what those rogues would ultimately unleash: a proliferation of bad actors wreaking havoc across the web; a booming industry of online conspiracy theorists whose dangerous convictions threaten everything from the health of our children to the strength of our democracies; and a coterie of tech billionaires with checkbooks and megaphones that reach from Silicon Valley all the way to the White House. Yes, rogues built the internet and inspired a technological revolution. Now, a mutated and much more powerful version of that same lawless spirit threatens to undo much of the incredible progress that technology and scientific inquiry have unlocked. DOGE Boys: I’m looking at you.

In this edition of WIRED, we’re finding plenty of ways to show you just how roguish, how crooked, and how precarious our world has become. Matt Burgess brings you the inside story of Nigeria’s Yahoo Boys and the “scam influencer” teaching them how to pull sophisticated digital cons on American victims. From Andy Greenberg, a timeline of ghost guns culminating in the one that Luigi Mangione allegedly used to murder a health care CEO in broad daylight—an act that’s turned Mangione into the internet’s most beloved rogue in recent memory. (Scroll down to watch what happened when Andy tried to re-create that weapon himself.) And from Evan Ratliff, the sweeping, bone-chilling saga of the Zizians, a group of gifted young technologists who became the world’s first AI-inflected death cult and allegedly killed six people over several violent, chaotic years.

Scam influencers? DIY guns? AI death cults? Yes, things are rough out there. But we wouldn’t be WIRED without finding—and even creating—a little bit of roguish fun amid the gloom. Elsewhere in this issue, we’ll introduce you to a new and inspiring era of anti-establishment rebellion that’s taking root: Amber Scorah, the cofounder of a nonprofit that helps whistleblowers safely share information with the masses, is one such example. Another is Bluesky CEO Jay Graber, who sat down with Kate Knibbs to elaborate on her vision for a democratized social internet. Plus, our Gear experts will show you the slickest, most villainous products to outfit your supervillain lair.

If you take one thing from our Rogues Issue, I hope it’s this: “Rogue” is by no means a pejorative—even if it feels like more nasty bad actors than ever, perched in the highest seats of power, are running roughshod over pretty much everything. In fact, I’d argue that this moment calls for more rogues rather than fewer. The idealistic rogues. The indefatigable rogues. The new iteration of blue-sky lunatics who can imagine what a better world should look like—and are willing to fight the status quo to get us there. So be the rogue you want to see in the world, and know that WIRED, with every ounce of rebel spirit in our DNA, will be right there with you.

Who Even Is a Criminal Now?

In the wake of Luigi Mangione’s alleged killing of a health care CEO with a partially 3D-printed pistol, we built the exact same weapon ourselves—and test-fired it.

We 3D-Printed Luigi Mangione’s Ghost Gun. It Was Entirely Legal

Amber Scorah and Psst are building a “digital safe” to help people shine a light on the bad things their bosses are doing, without getting found out.

Amber Scorah knows only too well that powerful stories can change society—and that powerful organizations will try to undermine those who tell them. In 2015, her 3-month-old son Karl died on his first day of day care. Heartbroken and furious that she hadn’t been with him, Scorah wrote an op-ed about the poor provision for parental leave in the US; her story helped New York City employees win their fight for improved family leave. In 2019 she wrote a memoir about leaving her tight-knit religion, the Jehovah’s Witnesses, that exposed issues within the secretive organization. The book cost her friends and family members, but she heard from many people who had also been questioning some of the religion’s controversial practices.

Then, while working at a media outlet that connects whistleblowers with journalists, she noticed parallels in the coercive tactics used by groups trying to suppress information. “There is a sort of playbook that powerful entities seem to use over and over again,” she says. “You expose something about the powerful, they try to discredit you, people in your community may ostracize you.”

In September 2024, Scorah cofounded Psst, a nonprofit that helps people in the tech industry or the government share information of public interest with extra protections—with lots of options for specifying how the information gets used and how anonymous a person stays.

Psst’s main offering is a “digital safe”—which users access through an anonymous end-to-end encrypted text box hosted on Psst.org, where they can enter a description of their concerns. (It accepts text entries only and not document uploads, to make it harder for organizations to find the source of leaks.)

To safely share secrets, tech whistleblowers can go to psst.org and enter details in an encrypted text-box.

Photograph: Ali Cherkis

What makes Psst unique is something it calls its “information escrow” system—users have the option to keep their submission private until someone else shares similar concerns about the same company or organization.

As the organization was preparing to launch, members of Psst’s team helped a group of Microsoft employees who were unhappy with how the company was marketing its AI products to fossil-fuel companies. Only one employee was willing to speak publicly, but others provided supporting documents anonymously. With help from Psst’s team of lawyers, the workers filed a complaint with the Securities and Exchange Commission against the company and aired their concerns in a story published by The Atlantic.

Combining reports from multiple sources defends against some of the isolating effects of whistleblowing and makes it harder for companies to write off a story as the grievance of a disgruntled employee, says Psst cofounder Jennifer Gibson. It also helps protect the identity of anonymous whistleblowers by making it harder to pinpoint the source of a leak. And it may allow more information to reach daylight, as it encourages people to share what they know even if they don’t have the full story.

Only members of Psst’s in-house legal team can access information in the safe. In countries including the US and UK, communications between lawyers and their clients usually benefit from legal privilege, meaning the information is kept confidential.

This is one reason tech companies have such large legal departments, says Gibson, who leads Psst’s in-house legal team: “They’re designed to put lawyers in the room so the information isn’t disclosable. To some extent, we’re using their playbook.”

Amber Scorah with Psst co-founders Jennifer Gibson and Rebecca Petras.

Photograph: Ali Cherkis

At the moment, Psst lawyers first manually review the entries in the safe without reading the contents. Users can tag their entries with the company name and the category of their concern—“trust and safety” or “fraud,” for instance. If the lawyers find matches, and the contributor consents, the lawyers decrypt and read the entries to see if they may form part of the same story, while keeping the different contributors’ identities protected from one another.

Psst plans to automate some of this process—in the future an algorithm running in a secure enclave built into the hardware of a computer will decrypt and compare information looking for potential matches while keeping it shielded from human eyes.

What happens next depends on various factors, but often Psst will involve an independent investigative journalist or publish accounts on its own website. Sometimes, whistleblowers might want to alert regulators without going public.

One challenge, Gibson says, is that regulation often lags behind technological advances, as with AI safety. “You’re then in this no-man’s-land,” she says—even if something’s not illegal, reporting it may be in the public interest.

Scorah hopes Psst’s impact on the tech world will be similar to what she experienced when telling her own stories, by using insiders’ accounts to shed light on broader industry issues. “Whether it’s a religion operating off the radar with policies that cause harm or an AI company whose product or policies are causing harm, I have seen the same thing,” she says. “Sunlight has a sanitizing effect.”

Source

Wired