Receive our Behind the Headlines email and we’ll post a free copy of Byline Times
GB News star Dan Wootton twice used an identical password as the catfishing pseudonyms ‘Martin Branning’ and ‘Maria Joseph’ to subscribe to a movie-sharing website, Byline Times can reveal.
The presenter used the password along with the email addresses for his private web domain danwootton.com and also his official News of the World account. They were leaked and published on a publicly-available data breach directory in October 2018.
Alongside Wootton’s two email addresses revealed in a dump of log-in details for 743,280 users of the defunct film-indexing service ‘MyDVD.overhere.com’ were the email addresses Byline Times revealed ‘Branning’ and ‘Joseph’ had used to trick and bribe scores of men into sharing compromising sexual material over at least a 10-year period.
All four of the accounts used the same unusual eight-character password. To protect Wootton’s privacy, this newspaper is not publishing the password – which his new representatives today appeared to confirm was indeed used by the journalist.
Further analysis of the databases, which are openly available online, shows Wootton also used the same password for his LinkedIn and MySpace profiles alongside music and fitness-app sites between October 2016 and October 2018.
Byline Times commissioned analysis of the data by an eminent PhD specialist in mathematical prediction modelling. The expert said the chances of Wootton’s password randomly duplicating those of Branning and Joseph were “vanishingly small”.
He explained: “Assuming that a user can choose any eight-letter password using the 26 lower case, 26 upper case and 0-9, then approximately 218 trillion passwords could be formed. All this is assuming people choose passwords at random which is certainly not true. This could make the probability of the three same passwords much higher, however the probability would still be many millions to one.”*
#MediaToo investigation AND CROWDFUNDER
This is the start of a wider report into the toxic culture of the national media. We want to keep telling the story. Contributions to our #MediaToo crowdfunder will go directly to funding our journalism.
In a special three-year investigation into the personal and professional conduct of 40-year-old Wootton, this newspaper has uncovered extensive evidence that he targeted journalistic colleagues, friends, and members of the public with elaborate ruses to obtain private sexually explicit imagery.
Byline Times has revealed how Wootton – whose MailOnline column has been paused while an independent investigation is conducted by DMG Media following this newspaper’s reports – rented the Facebook accounts of adult film stars so he could catfish unsuspecting victims into being the subject of covert sex videos and charged it to his employers. And how Murdoch’s News UK paid-off six employees of The Sun who say Wootton forced them out of their jobs.
This newspaper has exposed Wootton as Maria Joseph – a honey-trap who for years harassed men for nude pictures.
And we have unmasked him as Martin Branning – a faceless character who targeted men, some heterosexual and married, with bribes of up to £30,000 for compromising images. One gay man, carefully drawn in by Branning, even became the object of a 10-year blackmail campaign that saw him forced to make a secret sex film of his own partner, leaving him at the brink of suicide over his actions.
Though Wootton has said he denies any allegations of criminality, his representatives have not denied that he is, or is connected to, the identities of Branning and Joseph.
So today, in the seventh part of our investigation, this newspaper is taking a deep dive into Wootton’s online presence and reporting on its findings. All of Byline Times’ evidence has been lawfully and ethically uncovered using open sources, and began with an examination of the email addresses email@example.com and firstname.lastname@example.org.
The Audit Trail
First, Byline Times engaged a cyber-security professional to examine the two anonymous webmail addresses, which this newspaper has independently established were set up between May 2007, three months after Wootton first began working for Murdoch; June 2008 in the case of Branning; and February 2009 in the case of Joseph.
By running the two addresses through a specialist anti-cyber crime software, we discovered that both had been revealed in a leak from the MyDvd.overthere.com site in October 2018. This data breach exposed the identical passwords attached to both.
The cyber expert, who ensures online security for a number of high profile figures, said: “The password was very specific so then I reverse-searched the system for breaches that contained that password. Within that search, there were several of particular interest.”
At least five further webmail addresses containing the name ‘Wootton’ or a close variant turned up in the reverse-search with the identical password.
However, to preserve the integrity of our research, Byline Times excluded the five from its statistical analysis, and instead focused entirely on the October 2018 MyDvd leak with its use of official proprietorial addresses for Wootton – the most recent of which was published online in a data breach in April this year – among a smaller dataset of just over 743,000 compromised user details.
By examining pages of MyDVD.overhere.com site preserved in snapshots by the web-crawling internet archive the ‘Wayback Machine’, Byline Times discovered the site used to be a valuation and indexing tool for the promotion of personal DVD collections.
MyDVD was also an ‘authoring software’ format used by video editors who wanted to make professional-looking home-made films on DVDs in higher resolutions with added menu features and music.
Byline Times’ investigators also looked for other connections between ‘Maria Joseph’ and ‘Martin Branning’, in order to further establish their interactivity online. That yielded a new connection between the two, revealed on the open-source Spokeo.com site, linking them to a further single LinkedIn account.
This newspaper has spoken to the owner of the LinkedIn account who says they have no knowledge of either Martin Branning or Maria Joseph, although they “knew of” Wootton from his television and newspaper roles.
Our digital research into the links between Wootton, Branning and Joseph supports a series of direct human testimonies gathered by this newspaper.
They include the account of Wootton’s former partner Alex Truby, who says in 2012 he discovered a holdall containing chat records of Branning along with a covert sex video in Wootton’s flat.
Alongside Mr Truby, Byline Times has spoken to multiple sources who have provided solid connections between Wootton and Branning. We have heard first-hand how Wootton told a friend “in moments of crisis” of his activities as Branning, and feared a “pile on” of victims should he be exposed.
In another case, this newspaper heard how Wootton emerged from the shadow of the Branning persona – which he had been using to control a man into making sex films with strangers for him – to directly proposition him to make unlawful covert recordings.
Byline Times has gathered statements from victims of Maria Joseph who elicited critical facts from the catfish. When one accused ‘Joseph’ directly of being Wootton, the Facebook account presenting as ‘hers’ immediately shut down. Another victim realised that ‘Joseph’s’ Facebook profile had a geolocation in New Zealand, Wootton’s native country which he visits regularly.
When the victim quizzed ‘Joseph’ about it, they forced an admission that the person messaging was in fact a man who continued to sexually harass them, offering them escort work “if it was completely kept quiet”.
Joseph added in the email of 8 June 2013: “Ok, I’ll admit, I’m actually a guy, would you ever get a bl*w job from a guy for good money if you knew it would be completely discreet?”
The victim told this newspaper: “I had a connection to Dan through work. There was no other reason for Maria Joseph to target me. It was really dark behaviour.”
Seven days ago, Byline Times presented the raw data in this article to the Metropolitan Police as part of an update to a 28-page dossier on our investigation, which we first made available to detectives on 20 June 2023, before publishing the first article in this series on 17 July.
Byline Times has asked the new legal representatives for Dan Wootton detailed questions about the password breaches. In response, they did not deny the connection between the four accounts and appeared to confirm that Wootton used the password for the accounts mentioned in this article. We will update this article if we hear more from Wootton or his representatives.
*The paragraph on probabilities of the same password being used by all three accounts amended 04/08/22 at 10,.07 to include caveat that passwords are not randomly generated.
Dan Evans and Tom Latchem are former colleagues of Dan Wootton’s from the News of the World. None of the sources in this investigation have been paid for their testimony or analytical services
Do you have any information for our investigation?
Contact Byline Times confidentially by emailing email@example.com