The website of FBI director Kash Patel’s clothing business, Based Apparel, was exposed to to have been visited by a malware. But you can no longer visit the crime scene

Based Apparel is now a single page. Screen shot: Based Apparel website

Not may people know Kash Patel is an e-tailer, even in his target market, America. Or that he is interested in clothes enough to sell them. Mr Patel is behind the T-shirt-heavy brand Based Apparel that he reportedly “co-created” with a direct-marketing entrepreneur named Andrew Ollis, who is also the VP of The Kash Foundation, the non-profit established by Mr Patel primarily to support military, veterans, and law enforcement with legal, educational, and financial aid. Recently, a self-confessed “big nerd”, based in Portugal, had visited the Based Apparel website after reading the famously damning report about Mr Patel in The Atlantic, now sued by the subject for US$250 million. According to PC Mag UK, the compromise utilises a social engineering tactic known as a “ClickFix” attack, specifically targeting macOS users. Rather than the standard drive-by malware that installs automatically, the attack tricks users into compromising their own systems. Simply put, it’s a digital confidence trickster.

Well, this is awkward. The commercial storefront co-founded by the FBI director was caught moonlighting as a digital trap house, serving up a spicy malware campaign to its own unsuspecting visitors. Currently, there is no evidence that Mr Patel or Based Apparel is involved in the malicious code injection, but a business linked to the FBI director accidentally running an online safehouse for cyber criminals is not quite as spiffy a look as the suits he wears. There is also the little detail that, following his confirmation as FBI director, the official line from the Bureau was that Mr Patel “divested from any interest in it” to avoid profiting from the merchandise while in office. However, the separation, to many critics, is purely bureaucratic. The site is explicitly a vehicle for his personal foundation’s branding, which aligns with his own political messaging, and his name and the MAGA-alluring graphics were printed all over the inspirational inventory.

Kash Patel promoting his own brand in 2025. Screen shot: Based Apparel website

Until the moment the domain went dark. Following the exposé, Based Apparel, also known as BA, but minus the student loan debt, is now just a landing page with a message. They have not let the domain name drop entirely (which would have allowed someone else to scoop it up), but they have put up a generic, sanitised version of an ‘under construction’ wall to block the kaypohs from witnessing the crime scene. Under a massive Based Apparel logotype, they announced, “we’ll be right back”. From a toilet break or a much-needed puff? It is not stated, but the phrasing implies a comeback without explaining from what or to where. It doesn’t acknowledge the malware breach, the shutdown, or any remediation. Not even a hint of an apology or regret that inconvenience might have been caused. It simply gestures at absence. The accompanying body text states: “We’re making improvements to serve you better.” But why now? Is this not regrouping without admitting defeat? They continue: “The store will be back online shortly – bolder than ever.” Will the e-tailing information highway rest-stop as oasis for hacker outsourcing be “bolder” too?

It signs off with “Back Soon. Stay Based”. The chumminess is almost too pathological to bear, like a luxury brand sending a “thinking of you” card after a handbag price hike. That appears less a crisis statement than a curation of a vibe. To so many watching the situation unfold, amid reports of shooting near the White House, it looks aggressively flippant. The FBI Director’s former brand was hijacked into a malware distribution point, and the public message is essentially: “Don’t worry, stay cool, we’ll be back.” it is unclear how that lack of gravity can enhance credibility. Apparently, protecting the nation’s cyber-infrastructure doesn’t quite translate to maintaining your own basic website security. The breach could have happily survived as a boutique humiliation, discussed only by nerds and critics. But overlapping with a White House shooting elevates it from a bad day at the office to a beautifully synchronised crisis of capability. It’s no longer just a mistake; it’s the final, twitching symptom of a terminal lack of seriousness. One would think that with age comes at least a passing familiarity with competence, yet there are those who remain entirely unburdened by either.