ZeroFOX (James Foster) Takedown Fraud Exposed
Update May 25: It has come to our attention that several high-ranking employees of ZeroFox have anonymously accused the company of highly unethical activity on Glassdoor (several of the “positive” reviews appear to be written by sales people/recruiters/freelancers). Among other accusations, they say: “They will do whatever it takes to make a sale, often times straight up lying”… “The executive team is an unorganized, unethical mess”… “there is no clear strategy here and the focus shifts every quarter to whatever “leadership” thinks will make a quick buck with no long term investment. I cannot say enough about how toxic this company is”… “The company is aware of how bad their culture and the glassdoor reviews are they paid a consulting firm to try and clean up the reviews”…
Update May 23: Although James refused to respond to our emails, his team did initiate fraudulent takedown requests to Google trying to hide this article and his profile on Hucksters from search engine results, and is paying freelancers in Indonesia to stalk me online. We will update you on their inevitable failure to censor us in the coming days and weeks…
We reached out to James Foster, Ari Osur, and the FBI and will update this story if we hear back from them.
Hucksters can exclusively reveal that an ongoing campaign sending out fraudulent copyright/trademark takedown requests to hundreds of websites on behalf of major American corporations is being managed by James Christopher Foster and his company, ZeroFOX.
The secret project, hosted at takedownreporting.com, is entirely anonymous (another domain owned by Foster, takedownservice.net does not appear to be active). It was only through OSINT research that our team was able to connect the websites to Foster… this was set in motion after we found a fake LinkedIn profile for a “James Christopher” in Baltimore, who claims to be part of the “Takedown Team” at ZeroFOX.
The revelations are particularly shocking because ZeroFOX has received millions of dollars in venture funding in recent years, and in 2020 was awarded an exclusive contract with the FBI for $14 million re: social media intelligence. In other words, the massive fraud and censorship campaign that Foster is running on the side for wealthy corporate clients is run by a law enforcement contractor and is subsidized by American taxpayers.
Among the “service” that ZeroFOX claims to offer to their clients is something they call Adversary Disruption that they claim is meant to “takedown fraudulent domains”… which is ironic, of course, since it appears designed to do the exact opposite: abuse copyright laws by crafting fake takedown requests in order to censor any random content on the internet that their clients deem to be undesirable.
This is not the first time that Foster and his company have been suspected of foul play — his team provided such poor “intelligence” on the planned protests of January 6, 2021, that it apparently lead rank-and-file FBI agents to begin referring to ZeroFOX as “Zero Fucks”.
The Hucksters team first became aware of the scheme after a high-level executive of ADP, Ari Osur, apparently enlisted the services of Foster in an attempt to “delete” his profile from our website after we exposed the massive (illegal) spam campaign that ADP was perpetuating. As part of that attempt, Foster’s team sent Cloudflare (our DNS/firewall provider) a “takedown” demand in the format used by intellectual property lawyers:
Cloudflare received a trademark infringement complaint regarding: hucksters.net
The information we received was the following:
Reporter’s Name: James Christopher
Trademark Holder’s Name:
Reporter’s Email Address: alert@takedownreporting [DOT COM]
Original Work: Trademarked Symbol: ADP
Registration Number: 4427965
Registration Office: WIPO
Logs or Evidence of Abuse: Your platform is illegally using ADP Inc’s name in the website name and is providing ADP Inc’s HQ address and contact number in the domain. ADP Inc does not host this content. ADP Inc has requested the removal of this content. Please remove this content as soon as possible.
In the fraudulent letter, Foster appears to impersonate a “lawyer” using the fake name “James Christopher” and claims to represent ADP. The content of the complaint itself are vague and nonsensical to the point of being hilarious, but it seems to be Foster’s introductory-level attack tool, which I assume works better with platforms that automate their take-down process and/or don’t care enough to carefully review each complaint in regard to legitimacy… it’s possibly also used as a way of phishing the identity of certain website owners when (if) they respond.
During the last few years, several discussions have popped up across the web about takedownreporting.com on scam-tracking forums and otherwise. In one particular case, a web developer named “Benny” revealed on Twitter that one of the fraudulent requests had resulted in his website being marked as “phishing” (malware) and blocked entirely by loading by the DNS service Cloudflare.com; if he hadn’t aggressively followed up with Cloudflare to fight the new classification, his website would have been permanently blocked and likely deleted entirely from Google search results.
There’s no telling how many web pages (or entire websites) have been removed from search engines, web hosts, or otherwise based on these fraudulent requests.
It is also unclear whether this process is a one-off service (e.g. after clients submit a link to ZeroFOX) or if it’s part of an ongoing (managed) service package… however, we were able to track multiple links being manually reviewed by what appear to be employees or freelancers.
Our team was also able to trace at least part of the work involving Takedown Reporting to apparent freelancers working in the Ukraine, however, have not yet confirmed the identity of those people. (Using offshore freelancers to do American corporations’ dirty work has become increasingly common in recent years — in fact, our investigation that started this involved ADP paying overseas freelancers in India to execute a massive fraud campaign using email spam, trying to sell “payroll” software to American small businesses using fake names.)
Due to the massive amount of fraud being executed, and Foster’s lucrative contracts with official U.S. government agencies, Hucksters has added him to our 100 Worst Hucksters list for the United States. We will also be forwarding this investigation to the FBI…