Doxing Strangers + Mexican Cartels and Timeshare Cybercrime + Facebook’s Big Password Fine
51:34 Share

What are you up that see? yes. Oh, okay.

I think I think I might be really like the cambridge canova foundation, right? Yeah, yeah, yeah. It's great to me.

go. I'm came. I've always really love the expression of the shelf parts. When I was a kid, my dad would take me to this electronic shop, h, and we would pick up these little thirty cent electric motors, and I would go build stuff with them when I get home. Plug a battery to IT and hot glue chopsticks to IT, and to see how long until I.

like clacked itself apart. And I had the same childhood. Yes, same shit.

I don't like. I used to tear the motors, that of R, C. Cars, though. So I was a little bit more rugged red.

But i've always love the phrase off the shelf parts. And sometimes what's available on the shelf changes in pretty weird ways and you're able to build new things out of IT. For example.

For example, machine vision has advanced pretty significantly over the past few years. Um and if you look at the kinds of off the shelf parts that available, find some pretty remarkable tools. Take, for example, a four profit reverse image facial search engine.

It's name I am not going to save for reasons that will become clear. To quote the BBC, which is featured on the site for this tool. It's quick, it's accurate. It's facial recognition on steroids.

This service lets you upload a picture of someone's face across references of images found online, correlates the name to the image, does a search of the name online, and generates a the report linking a person's identity to any associated information that exists. I have all kinds of thoughts, the availability of a tool like this for two ninety nine months. But as I was widely regarded last week, I originally before for media, some harvard researchers thought I was a pretty powerful off the shelf tool. So they hack something together based on IT and published this very compelling cautionary video.

what is your address value at land? A georgia, do you? Oh my god. yes. anything. But yes. Meta bands .

are a consumer technology product released by meta, the owners of facebook, instagram. What's up? They look like regular events, but they have a small computer, the connection phone, they have a camera for photos, videos.

Importantly, here, live streams, they're very popular and they look just like Normal glasses. So, so we have another very powerful off the shelf tool, glasses that can discretely live stream video. And he looked just like ray bands when someone wearing them. The researchers said, okay, we're going to build a program that monitors in instagram accounts, livestream that is streamed to buy this specific pair of meta bands. Any time you start streaming with those glasses, the program starts watching that feed and IT takes a screen shot from the stream and send IT over to that other off the shelf part.

The facial recognition service, there's a face in the camera feed, the facial recognition tools detect IT, runs IT through that facial recognition system and generates the results report about that person, which is then summarized by an l and delivered back to the users phone. The outcome of this project by these researchers is that if someone's walking down the street, looking around and the core fy clocks a person's face a few moments later, that person, the user, is going to receive a detailed report, including the name, identity, in any publicly available information about the person they just happened to get set. And the researchers posted a video where they are walking up to strangers in the street with an uncanny amount of information about them, like just walking to people being like, oh my god, you like Frank from the institution for any bigger know everything about them like you talk to that event the other day.

Wait, do you haven't? Do you person working on like like minority of like mush? India really are.

you can see.

So i'd work.

And you see the people, like all of their their filters, all of their sense of, like, like all of their guards, just fall away. IT is terrifying and fascinating. They called IT ix.

Like IT had to happen with gooden glass. Google of glass was the, was the like when google glass was announcing came out. I thought this was like, IT is a logical step.

You know, it's so it's such an easy step to me. Like when I was doing my graduate school in competing science, there was a ton of people focused on image recognition and and of this field. And you just knew where was all going to end up.

He was going to end up in a para glasses on her face that told us everything about the person that we're looking at. And IT had to get here. I had to happen, and i'm not surprised at all.

And it'll probably be a very expensive APP that you buy for whatever a virtual reality or A R heads that, that you are wearing in the future like a we're only years away from when we're all wearing these things. And I think that it'll be a pretty standard feature like people will just move past IT. Privacy is maybe gone.

It's a even if the manufacturers of the device say this is outside of our terms of service, the fact that for forty two, ninety nine a month, I can go user a facial recognition platform speaks the fact that people are going to hack together ways to do this even if the the manufacturer, the hardware, doesn't want the heat of officially endorsing IT.

To quote the google dogs White paper that these researchers published, which to their credit features very little info on how to actually reproduced this, which is why I have avoided saying the name of the service they used. Quote initially started as aside, project I X ray quickly highlighted significant privacy concerns. The purpose of building this tool is not from this use, and we are not releasing IT. Our goal is to demonstrate the current capabilities of mark glasses, face search engines, l EMS and public database, raising awareness that extracting someone's home address and other personal details from just their face on the street is possible today that the wiles part of the video, they woke up to someone and they're like, here are you kd at? And then to read her address.

IT sucked. Funny enough, one of the the biggest recommendations, and this is throwback to a sponsor of hacks hot line, is they recommend using services like delete me join, delete me, dog home, flash hard, coder, attack, check out. But they recommend delete me is like one of the things to start avoiding and kind of scrub some of the private data from the information. So like getting yourself out of as many database as you can, as a good thing.

call that brain synergy. Scott, the article contains a lot of instructions on how to remove your up in these databases. And this episode, hag, to think we gotta talk about IT, we should discuss I X.

Ray and the building of surveilLance tools with off the shelf parts. Ah I want to talk about another story involving meta, the legal resolution of a case from twenty nineteen and that evolves them storing passwords in plain text. Cool stuff I want to talk about.

We talked about lapse and like live action role playing kind of experiences in the last hotline hack, I think. And the indie game designers is doing what is really big scales, very cool. I want to talk about, absolutely think all that more in a lot of brain energy and .

whatever we feel like arguing about on this episode of.

fun. We have been in different space. IT changes the energy.

It's weird.

See you, but I can't see you. I had to put put IT away. And I keep remembering, like I see the light on. I like this one bit.

Scot, how you doing? I'm good. How are you doing?

I'm doing good, keeping busy. I got house guests. It's all a little frennette, but i'm getting .

through IT. I here you have a specific large hair. House guest, Harry, very large.

And Harry, his his name is Terry. Yes, we do. Our house guests have a large dog with them, and our small cat is just in serious about the whole situation. I heard IT his for the first time was very alarming. It's a lot.

I feel like when you make your cat goblin in, you should expect you to hit from time to time. I feel like hissing and goblins go hand in hand.

yeah. Waited to just docks my cat. Wait to just private breach my cat.

They go. People, jorden has a cat, if you haven't heard IT crying in the background of the reporting. And its name is goblin. IT is goblin, right? It's goble. Yeah goblin. Should we should we finish getting about this many our stuff because these glasses appear into our souls the yeah I just it's something that it's like to me. It's expected, but it's also scary like i've given my face to the government part of my we've talked about you know airport security clearances and stuff and previous episodes and in .

my grapes with the tsa, yeah long standing. You don't even .

need a passport anymore once you're in all these systems. I literally walk up and look at a web camp and they know who I am, they see my ticket, they know everything about me. And then I go like, what are you going for? And like, conference on computer crime.

And they're like, cool, just worthy. Not just just looking ford, go on.

But yeah, yeah, I just the next gene of these A R glasses, like the meta bands, don't actually have feel the vision stuff like I don't think there's actually projection inside of them. But I think the next version of them, the the hyon that they've introduced, have that ability. So not only what you ve like, have your phone APP receiving docs on people you're looking at, but eventually those doors will this be showing up in your side lines. And so I think it's I think it's yeah, I don't know. I think it's I think it's natural that humans built this because IT feels natural for something that humans would build.

Yeah, you like to tell over the vocation podcast has long had this theory that the killer APP for A R glasses is a name text. It's as simple as that totally, that if you could just see people's names, boy, with that, solve a lot of problems, and would put A R glasses on the right side of the useful pinny matrix for facial tech of, like, do I want to wear this is finally I I got to charge. I know people's names.

In order, however, to build that technology, you do need a vast surveilLance network that is immediately possible. Inquiry, like what you would need to build in order to have that tech isn't great. But I just turns out we already have that is called the internet and this giant, vast thing that you can query and find information on people using tools like these researchers did that while costing forty two, ninety nine a months, do have free versions, which, again, I can't stress enough, does suck.

My biggest fear is that when A R gets so good, is there a use for education anymore? Is there a use for us to like, learn to think? And like if we're get building a name, tagg APP, it's like we're not doing that because we're meeting new people.

We're building a name tagged out because we're like, oh my god, I forgot that person's name and it's like at what point do you to start fAiling your memory and fAiling your critical decision making because you can just rely on the data that are being presented all the time. So much like if you have you know like you don't need to go to school to be a surgeon and you just have to have the the physical, the realities there are in the rates of description level. I'm things like at what point like even a lot of AR like A R had its first big breakthrough in industry where they were looking at repetitive process injuries and things like that, like they were using A R to identify, you know, repeated tasks that could cause injury.

And and IT only makes sense that you then just take that information you like. This is how you do IT sure it's not like we're evaluating you. It's like we're literally just giving the instruction book and we're teaching you how to do in real time.

And it's like if you're doing that, then what's the point of even learning things and having to store things to memory? You know, at what point do we replace, you know, the jobs that computers can currently do? At what point do we replace the people, the training for those people with just real time instruction?

I would say that point happened whenever I first looked up someone's name on instagram as I walked up to them, because I was like, oh, I know who this person is. I can't remember their name, Ricky.

Like that was the .

moment that I started to forget things when social utility and the computer I have in my pocket, like boobed into each other. I think we're already were britain down that road yeah the only glasses you brought up the heart pivot. Uh pretty cool tech or given that pretty sweet.

It's like taking the apple vision pro a set of and and obviously like I think the apple vision pro was built to like control environmental conditions, to present the best version of impossible. But I I haven't obviously tried the ryans. I've only seen some of the the chatter about them and heard people discussing them. And they seem like google glass finished two point. Oh.

IT seems like new tech. I we don't really talk about consumer technology on the show, but I do want to get ride to those. We talk about IT more than me probably. I think the fifth time i've said we don't talk about consumer technology on the show when IT stopped being true. Yeah what i'm saying is why they invite us to the event.

Scott, I know know if you're from that listing, we would love to try these things.

The the stories were about to talk about is going .

to prevent that happening. Such you, they will put bumper rails on IT, just like they put bumper rails on.

This is cheer.

This is whether the how long this bumper rails take .

to get knocked down no, i'm talking about the them storing passwords and plain text.

Yeah, do we want to call pim IT over the that story is pretty.

pretty warm, pivoted far as I can by the story and stop listening for the next seven minutes.

Please get up, let's drew. Like reporting accurate in .

the honesty and something .

that happens. yeah. And you know, Steve, saving passwords and playing texas viciously risky. Don't, don't, do IT don't. The average compensation for somebody at facebook is something like three hundred and seventy five thousand us dollars like those that's engh. That's enough money that nobody on your staff should think it's a good idea to store passwords in plain desk text.

It's not great. So uh so facebook, as I was at the time now now made a platforms incorporated, stored hundreds of millions of user passwords in plain text for several years. The incident was disclosed publicly in twenty in the soul kind of came to had recently with the a lawsuit in the irish courts practice dated back to at least twenty twelve, affected facebook affected instagram looks like was a between two hundred million and six hundred million facebook using passwords restored in plain text archive's containing those plain text passwords as I said dig back to twenty twelve over twenty thousand facebook employees had access to those those passwords ah and access logs indicated that about two thousand engineers at meta or developers made nearly nine million internal query ies involving data elements that included .

all those passwords. It's going to say about that. You please think you think we should bring up some of the originals zc issues where he was logging into people's like live journal accounts and stuff get after did because that was one of his first big like before he was even public ican stuff and he was building IT. He he was he using IT to like look at people's private information .

yeah I mean, IT does seem one seems like A A guy in the dorm room and i'm sure he was not in a dorm by that. Whatever act of the social network that took place in but IT IT has the feeling of a tech startup where you move fast and you break things verses this multination corporation that they are now currently being investigated by the irish data protection commissioner. Whatever IT was like IT, I can imagine that happening in act one of facebook s time line, prior to all of the forcing mark zuker g to put on a suit in syt front of congress and testify type stuff that happened .

around twenty twenty.

The irish data protection commission dpc launched investigation in the metas practices after being notified in twenty there is a ninety one million year old fine and twenty and twenty four, which is why we are talking about IT. Based on the findings that met, I did violate several general data protection regulation rules. A big list articles we won't get into, but basically you can't store passwords in plain text.

Met a took immediate steps to to fix this. Once they were, they were notified that said that nothing bad happened to basically for a lack of a Better word as a result. no. And and to their credit, IT does m me to your point.

IT feels like sort of a reality of a bigger on facebook this age where they were they were so big and they had so much power and so much data, and they just weren't sufficiently spoke yet, maybe as the way I would put IT. IT seems like this sort of like ghost of Christmas past. And, you know, they got this, what I would call a pretty big fine. But for facebook, uh, since we have started talking about that, they have generated that much in, like, I don't know, real ads. Yes, I drop in the bucket for them.

Yeah, one millions. Pushing them back in to the stone age is a the the the the idea, like I can see how they got there. Obviously, you know, he built IT in his dorma room, probably built a very primitive database table for user accounts.

And but the problem is, like IT would take a senior software engineer like a couple hours to fix that. You can just reprocess the password table into a new table, migrated and migrate a log in credential, very like a new logging process he be done, and like a signa process, like we would have taken no time at all. The fix, surprising that they never fix IT.

But yeah.

I guess that's why you're got to pay ninety one million dollars.

And this is a very expensive error. What in the error wasn't just the security breach? I think it's like four, five different articles of like what IT is you at? What roup laws did you break here? And there was lacking the proper security measures to ensure the confidential of the passwords is one of them. Failure to implement cypher is one of them.

But then a lot of them had to do with like they failed to notify the dpc of a personal data breach, right? They did not necessarily consider this that even though I like by the definition of the law, was they did not maintain adequate documentation of the breach once they figured out that he was going on. Like a lot of this had to do with the corporate response to the breach, in addition to the technical failure of the breach, an engineering problem. And then there is a, hey, you didn't tell us about this. Those are different and interesting.

Well, the fine works like to built fifteen cents per user, ninety million divided by six hundred million which is .

still like, yeah no for sure IT like IT IT is both a lot and vanishingly .

little so that is what your privacy were fifty .

and said .

about fifty and cents yeah yes so um kay but I think we put IT off for the story talking about me a little too much.

They got the whole .

first half of show could mark, marky, mark, mark.

I like this a little light and shirts from the events. I don't know if you if you watched any of those those ray band meta events, but is looking pretty log.

I wis about the sidebar of the same thing and be like whoever whoever is like stylized mark zaccone g now like he's looking hit like he's true black t shirt, gold chain like he's got a little like vibe going now he doesn't look like you the mark zc berg .

we grew up knowing yeah archie where in a great hoody yeah .

he bila he in Steve jobs camp of like I have one out outfit a camera with the call this is like a life hack and if you only on the same pieces of clothing, you remove the decision from your day of what's aware, which makes your brain more effective for the rest of the decisions you have to make in the day. Is what he is. But I feel like he's past that era.

Maybe it's not making his main decisions. He's got enough three hundred and seventy five thousand thousand year plus people making his decisions in doing his biddings. But now you guys to dressed a little cooler laden shirts, black tea, gold chains totally.

It's the it's it's the chains in in the currently herit. It's working form a don't do so many privacy breaches. Cool glasses shirt. Why do we get to the .

information.

please? I back of you. Let me kick IT over to the atos is when we get back, we will talk about A A very cool game, design meets real world puzzle design story deal.

In twenty twenty three, just ten vulnerabilities accounted. Over half of the incidents responded to by arctic wolf incident response. Wouldn't you like to know how to take them off the table and make life more difficult for cybercriminals? I know I would.

I would do. This is one of the essential insights you'll find inside the arctic wolf labs twenty twenty four threats report, authored by their elite ite team of security researchers, data scientists and security development engineers, and backed by the data gained from trillions of weekly observations within thousands of unique environments. This report offers expert analysis into attack types, root causes, top vulnerabilities, t tps and more.

You can discover the attack factor behind nearly half of all successful cyber crime. Why ransom demands time? Twenty percent for twenty twenty is actually a wild number, and find out why twenty twenty four will be an especially volatile year for cyber security.

So so learn more and get your copy right now at artic wolf A R C T I C wolf duck com foreign slash hat that's arctic wolf ducos for a slash check shop fy we use IT store out hat podcast economies shop fy, what Better vouch can we make than by actually using the product?

We didn't make a store for a long time, and then we did, and we made our shop fy. And IT was a genuinely delivered experience. Why could shop fies the global commerce platform that helps you sell at every stage of your business, whether you're at that like just launching a shop online stage or first real life store stage all the way to just like, oh my god, we ve sold a million order stage shop fy, they got you back.

We are not that that did. We dissel a million other stage and that had. So if you like to buy something, visit store about handbag as that com and check out how a great shop fy is.

IT powers over ten percent of all e commerce, the united states, and shop fies, the global force behind big companies, not like us, but like all birds, rothes broke lyin and millions of other entrepreneurs. It's easy years. It's very functional that that integrates with everything is great. If you want to do online commerce, check out shop ify. If you have IT already because it's massive and you should have checked that out by now because it's the biggest .

company and whether not you're like a giant company like Albert are just a wee little merch Operation, like our sharp fies award winning help is there to support your success every step of the way. Because businesses that grow, grow is shop fy. Right now, you can sign up for one dollar per month trial period.

Shop fied dot com lash hacked. That's all over case. Go on over to shop ify dot com. I mean, to do this slash hacked now to grow your business to matter what stage and the Scott one more time.

what's that you are a shop of I dot com slash hacked.

This episode of act is brought to you by flash point. For security leaders, twenty twenty four has been a year like no other cyber threats, and physical security concerns have continue to increase. Now you got geopolitical instability adding a new layer of risk and uncertainty.

Let's talk numbers. Last year, there was a staggering eighty four percent rise in ransom, more attacks in a thirty four percent jump in data breaches, the result, trillions of dollars and financial losses and threats to safety world's. That's where flash point comes in. Flash point in powers organza to make mission critical decisions that will keep their people and assets safe. How, by combining cutting edge technology with the expertise of world class analyst teams and with ignite flash points award winning threat intelligence platform, you get access to critical data, finished intelligence alerts and analytics all in one place. It's no wonder flash point is trusted by both mission critical businesses and governments worldwide taxes the industry y's best threat data and intelligence visit flash point dot IO today that's flash point dot I O for the industry y's best thread data intelligence that's flash point dot I O.

Every once in a while, a new security tool comes along and just makes you think this makes so much sense. Why has nobody done this already? And why did I think of IT what push security is one of those tools?

I'm in a Brown er right now. Most of us do pretty much all of our work in a browser novaes. It's where we access our tools and apps using our digital identities. Push turns your employees browsers into a teleme tary source for detecting identity attack techniques and risky user behaviors that create the vulnerabilities that identity attacks exploit, then blocks those attacks are behaviors directly in the browser, in effect, making the browser a control point for security.

Push uses a browser agent like end point detection response that uses an in point agent only this time it's so you can monitor your workforce identities and stop identity attacks like credential stuffing, adversary in the middle attacks, session token theft. Think back to the attacks against snowfall y customers earlier this year. These are the kind of identity attacks that push helps you stop. today.

You d deployed push into your employees existing browsers, chrome, arc, edge, all the men ones. Push then starts monitoring your employees, logging s you can see their identities, apps, accounts and the authentication methods that they're using if an employee gets fished, pushed to taxi and blocks IT in the browser. So those critics als don't get stolen. Like we said before, it's one of those products. We ask yourself, why isn't everyone already doing this?

The team to push all come from an offensive security background. They do interesting research into identity sas attack techniques and ways to detecting them. You might know of the sas attack matrix. Well, that was the folks that pushed that helped developed. And those are the kind of attacks that they're now stopping at the browser.

A lot of security teams are already using push to get Better visibility across their identity attacks services and detect attacks they couldn't previously see with any point detection or their APP network clocks.

I think this is an area that's blowing up and not just identity threat detection response, but also doing threat hunting at the browser level like IT IT just makes sense.

Push security is in the charge share. It's a very cool product, a very cool team, and it's well worth tracking them out. And push security dot com .

slash hack that's push security dcom slash hacked. At a wais.

i'm trying to like do the music each time. And then I i've put the. Of me saying IT over IT in the last time I did IT perfectly. I like, I got the, oh.

nice to beats.

Are timing of the drink I got the beats good for?

Yeah.

I thank you. I preciate a lot. I means lot to me. So in the last episode of hot line act we talked about like um we talked about A A story on that episode. You go check that out. A lot of phone where the collar hacked into a sort of like alternatives reality game is being used to promote a new album from a abandon that daylight it's ago and we talked about how neat, big open world like real world puzzles and live action world playing games and alternate reality games. Like how need that kind of stuff is and like the next day this big story dropped um about something going on from an indie game designer that IT reminded me of that I wanted to talk .

to about IT let's .

hear IT so Jason rover is a new video game designer makes this very like thinky in games passage, one hour, one life castle doctor, very philosophical .

POS puzzle games yeah exactly um and the .

new project is launching is called project sky drop and it's like a physical treasure hunt. It's a real world game is a departure from digital work. And I kind of came off of the back of him thinking a lot about like you make these digital only experiences and on one hand is great, but there's something maybe there could be more satisfying about IT.

So it's a treasure hunt. The northeastern united states IT blends together like game design with physical outdoor experiences. There is a gold trophy cast from ten trio wes of twenty four carrot gold were worth around twenty five thousand dollars, and you'll love IT a bit going bounty with a total prize depending on the number of participants.

IT started september sixth, twenty twenty four. With this youtube trailer kind of unveiling ing, the project and participants solve the puzo by analyzing ly, these little daily updates from a map that shrinks them, gets smaller over time, kind of battle l style and drown images captured from higher and higher altitudes above the treasures location. Very high concept. And I just find I feel .

like the geo hacker guys.

like the geo guys.

geo guy guys, I feel like this is like the game for them, like I think it's geo guessing and like one second, like I want them to be like it's here.

Just rude if if they posted .

a photo of that. The first of all, the trophy likes cool is is cool. A F, it's guy I dig if I want IT. I'd have a hard time not win the melt to doing to take the money from IT. But at the same time, I think that just is very cool looking. There is a nice job of the trophy, but I feel like they have, if they posted a photo of IT in its final location, the geog as below.

they must have thought of them. Those men must be just compromising military Operations around the world like that. I was talking with someone about this over the weekend that is such a superpower when you see these guys IT doesn't even make for good content because like an image flashes on the screen and they're like, that's a road sign from nicolaj one you like that I don't you even get to watch you solve the puzzle. Le man, you just knew immediate like that soil, that is the loan of centage, and said, why did you know .

that you look at the way that the power pole design is? It's definitely eastern and not western japan, because the powerful les use an extra pillar on this side in only eastern japan. You like, oh, my god, but I, from a concept perspective, I love this.

Every love is a treasured hunt. It's like a child's birthday game. But like for one hundred k like.

let's go for hundred k estimates to be hundred k and you like this um so the gold true fair and look at up its needs this kind of spirally thing he machines in his basement. And IT has like a mechanism minute that when you manipulate IT the right way will reveal a twelve words sentence that unlocks the cypher wallet. I'm so the gold is worth a bunch of money and then a portion of the entry costs, which had costs us twenty bucks to take part in IT and go hunting for this gold trophy that were twenty five gay um gets pulled into the gypt to wallet. So you're the entry fee kind of goes into the prior sort of .

like a lottery. So it's a puzzle .

within a puzzle. It's a puzzle within a puzzle. A A maybe I don't know.

and I went to get to cypher. Well, that turns out it's I, well, whatever.

just we had all of the self.

but I think I don't know. Before we started recording and we were talking about how fashion's kindly kicking back to the nineties. And I feel like this is kicking back to, in the end, Jones of tumor or like this is like where we're in IT, you know, the cycles of society.

And I love IT. I wish was closer to here so that we could just pay. But no, obviously, I think it's on the eastern coast, united states.

IT is on the eastern coast. Do you want to know what's wild? Literally, since we, oh my gosh, I think I think yesterday, as someone told IT, really, since we put together the notes into the reading about this, literally, I was doing, I like final google as we were talking about this.

Someone, someone solved IT. Okay, so it's looking like he was near irving massachusets. Sorry, if we got to jazz up to take part in this IT literally just got solved.

It's done.

IT. IT is over. He was A G. O. Guess, or guy? No, probably not. That's fascinating.

A dam liner, a mediocre st and and over massachusets was identified as the winner. They use weather tools not by the project skyscraper, but by abc affiliate news center main.

That's incredibly fun. Good for you. That was quick. We were just yeah, they're just announce this pretty recently and made a whole slick youtube .

video about IT.

Bang, it's over. Bang, it's over. wow. Okay, well, you heard IT here first. Um there was a cool puzzle and then a guy finished IT there we go.

He said he would have been impossible to solve if they didn't provide area al clues, or if they had crop the temperature sensor data of the camera images.

Oh, that's fascinating. A temperature .

sensor data and weather patterns helped him narrow down the area. sure. How there .

is a mediocrities.

St, good for him. yeah. Good for him.

The way to stay for i'm looking .

at an image of an image that he had mocked up of the areas that he could be in, given the temperature data for the time. So he solved IT not just by a clues and chance, but he used technology to solve. Is a good, good for you. Dan lanner, hopefully you figure out the other puzzle to unlike the crypto and get all the money.

I wonder, yeah, because those are two very, very different skills, like clocking meteoroid media logical. And I saying that word right? Have I ever said that word right? Clock weather data and use from a video feed and using IT to trying a little location is a very different set of scale sets. Then probably whatever .

crypto word puzzles going to unlock the rest of the money you looking looking given the first function ate and the processes yeah i'm assuming maybe it's a binary puzzle. So if you haven't solved yet, maybe run down that when he looks like IT looks like on off bits based on the where the the holes are punched could could not be haven't looked at as much, but that would be where I would started.

probably any vicinity.

Vcs, ating.

you big time share guys got.

Added to questions i've never been asked by anybody in my life ever, but somehow makes sense on this. I'm going to go with the hard. No, I think I said once in my life and once in my life had A X whose whose father is a big tancred guy and so we stayed in the time share of his that was IT.

That's my only time share experience solid a for you one more than me. Hope that's enough. Hope that's enough.

I'm i'm not a time sure guy either. I think variety is the spice of life. Same vacation over and over again, never really built to me. Yeah, not not my day. no. There's a as a quote on a skip shield security dot com that warns owners of time showers in mexico ah that their investment is a target for cyber criminals and gr and the irony of this will become apparent shortly.

By twenty and fifteen, cybersex had realized the amount of funds involved and had targeted the real estate titles and select industry as found to became more complex in risky agents and underwriters had little time or resources to pick up the industry needs, a simple solution that allowed to keep pace with the new funding security needs. Now this is true, a time shares are often up to us and really with complicated investments, air coats that have customer sort of like riding round between middle man in a country that don't live in regulatory hurdles to buy a product that they maybe don't even own and probably isn't a good idea even if they did. The reason of escape shield security out com claims that is funny, is because they are a cybercrime group targeting and owners of time shares in mexico.

Because in the wear part is that IT seems like they might have something to do with the mexican drug cartel. Why not? Yeah, mix IT up.

Why don't you all the russian like crime gangs got in a siber crime way. Why would the mexican ones follow and only make sense.

literally, like if you think of some largest criminal Operations in the world's, some of which are like belongs to countries. Yes, I incredibly profitable. You can do IT in countries where .

your people don't live. Feel by crypto. I would say it's lally intel, but that's not true.

I was on security broke a story starting in twenty twenty two about this retired couples from ontario about whether not they were interest in selling your time share. They had an interested buyer in mexico, the person said. Would they be willing to sell IT? You can't sell them until they fully paid off.

In a lot of case, this to load a little money. But the buyers willing to cover IT this, i'll let them to accompany to called e currency s grow dot L L C. They start going down this very involved process of trying to sell this, uh, this time, sure to this theoretical buyer.

And at some point, after all the forms are signed, everything's faxed done over. The couple has asked to send a small wide transfer of three thousand dollars to handle administrative and processing fees to try again and navigate all of that bureaucracy that you face trying to sell something in county we don't live. This was a scam, as went on for almost a year.

They cannot keep sending the more money to try and pay off that this get to get through this process and pay off this baLance. And turns out IT was a scam linked to the jealous co. New generation drug cartel in mexico.

How long? But I know time shares often gets old as I think people buy them optimistically and there's an entire secondary market for buying time shares if you're ever in the market for one. joran.

So so I can see the desire will voice, somebody wants to get rid of IT. And I can see the hook like debate. The hooker makes sense. People often want to get rid of these things.

And they realized that their long term cash commitments, and maybe then I can use IT as much stay idealistically plans to say, yeah, makes sense, easy crime, easy money. You know that makes sense that its organized crime as well. Like if you're an organized crime group, it's not in desire crime at this point and like what would you do in it's like easy money.

There's no guns involved. There's no massive drug busts and governmental organizations I guess there are governmental organizations after you, but I feel like it's less like shoot him up. Cowboy drug got cobus steps. Cybercrime once seemed a little bit more like people like me.

So what you're saying is that you think you say go due cybercrime is is what i'm hearing from you and and giving the chance to retract.

I'm saying at least sure. So saying at least once a year I wake up with a moral right, with a moral a dream after a dream. And I have a moral decision to make in the morning of whether i'm gonna in a siber crime, because IT just seems like it's too easy, and I always morally not too, and so should you. But I totally understand the motivation of why people get in this diagram. Is that, is that I get enough attraction?

Retracts really funny. We ve talked about. Ad, no, I think that that's a really good attraction because I have had similar thoughts. We've talked about ad fraud on this show before and just how easy IT is to come up with like cool project and the user like walk your way up to to add front.

And I had a dream the other day that I had you have to sleep podcasts where people like just like kind of like in nearly draw on and so that you can fall a sleep to human voice. But it's not saying anything stinger relevant to keep you awake. I'd had this like nightmares, or that I had started one of those, and I had inadvertently wandered my way into doing ad fraud.

Get started now, build an audience. But N N A just accidentally backed my way into doing A A crime. So i'm with you, and I do think that would work but i'm not gonna um i'm not gonna not going to do IT but not .

gna we're not going to do IT you heard to hear today hopefully this doesn't come back to by this in .

the area but I that when things get really dark and I and I start my my sleeping pod know the wrong we start sleep in podcast .

do do ad from though your sleeping podcast this is use in a ad like subtle tone telling people about like and that's why you should be sleeping on this is matter started red it's .

like it's doing ad fraud s so poorly and think you're just actually .

reading the ad and great subliminal advertising a new trend brought by hacked .

not advertising a suliman al sleep that people that is that that sucks to um good stuff.

Do we want to talk briefly about um something that happened recently, which is a chinese hackers accessing A U S. L. com.

I saw a tiny bit about this, but I didn't read up on IT.

What happened yeah just essentially what IT seems like is a highly steel group of chinese government hackers. Cybersecurity criminal didn't but not state Operators. I guess we will call them they're is IT crime. I just that is kind of crime, but there are not criminals because I kind of associate the term. Criminals are like large groups of like people that are government employees a crime.

And it's at the behest of the people who wrote the laws.

for sure. So theyve apparently infiltrated a number of the U. S.

Hel confirms looking for social information, going to national security. So good. Again, not surprising, but also not good. Justice partner FBI built to climb comment shocker. Wall street journal, I think, was the first to break IT chinese empathy in .

washington to see denied the beijing backhaul ers had breached U. S. Teleconference, calling the information quote, i'm just creating duck eps and and here calling the information called a distortion of the fact eaa y spokesperson looping you accused the U.

S. Of politicizing separate current issues to smear at china well, yep, that's what you would say. Okay, this is fascinating.

I'm just admitting here being like politicizing, I feel like cyber security as you should be politicized.

especially given when states .

do them yeah and also like you can't say that when it's like like the us is Mandatory that you like tiktok recently got like this is a another story that we talk about is like tiktok recently getting sued um I think that dropped yesterday at time recording about mental health issues that they're seeing in teenagers. So tiktok being sued by fourteen united states states.

So it's not actually the nation like the nation is obviously attacking tiktok from like a you shouldn't beyond by the chinese government, sure, by companies to have like a connection of the chinese government. So we want you to sell IT. But then actually tiktok is being declared as essentially like a mental health tool for in a negative light and it's actually being sued by fourteen separate american states.

So it's like we're politicizing cyber issues already. So like what's another one? And like when you're hacking into a us telecoms and looking at first national security information, I feel like that's something that I would like my politicians to talk about.

Yeah I don't think it's fair to say that. Um yes, I would agree. I'm also just trying to google whether or not meta products are available in china because there's there's a fascinating the world in which he end up in this sort of like a regulatory lawsuit arms race where american courts are seeing companies with this. The chinese, the chinese government, the chinese government starts suing american companies like if instagram and facebook are available inside of china. And the argument is that social media is a blood on our mental health that swings both ways.

Total total. Yeah, it's a really complicated relationship the U. S. Has of china. Yeah.

big old thing, apparently. Um they are starting to sell VR gear there through tencent. So while the platforms, I think, aren't necessarily available, they are a beginning. The long labor ious processes of making their way back in there, selling neat glasses and cool lattin t shirts .

in another a odd tense is apparently potentially looking at taking over rubber soft to go and do what I have gaming in conversation. Yes, we also spin in IT a bit as of late. I think yesterday, at time of recording yesterday, I think they had got hit for a data bridge issue where they were illegally giving through data bridge lawsuit or civil case where they have been essentially illegally giving personal information to facebook, not to mention some declining sales and budget overruns on a budget projects. I think we should also not having the grades time right now, and they apparently ten cents looking to take them over. Currently, there are a major shrewder and they might just scoop the rest of IT up, take a private, which would be given that boobies soft has a number of I would call them like great legacy franchisees, sins, creed, ano. I'm trying to think I taught my hand some other ones but yeah, I think that would be interesting IT seems .

like this is how we end up in a world where a tencent publishes nineteen versions of assassins creed every month call IT um and that's what would be soft becomes that seems like where this goes if if private capital and big takeover vers of companies have taught me anything, it's this is how we end up with four hundred assessments create titles every single year, one of more several .

one every month. Yeah, I don't know. I don't know. I don't know. I am intrigued by IT. I know there are some like this year alone, I think a wu kong black mh wu kong a video game that came out, people like ah it's been IT built by a chinese studio, received insane like reviews like I think it's the highest review game of the year. Apparently it's also not up for game of the year and itself, which is its own controversy around yeah so i'm not sure what the deal is there, but the but a very loved game, a lot of positive feedback and IT was its built by a chinese developers. So I could if this is the quality of games that are coming out of chinese developers now, then would we soft being taken over by tenant could be good for the gaming community.

Oh, that's true. And to be clear, that was not me making a comment on its ownership being a chinese company. IT was a commentary on companies getting bought by bigger companies, just to be clear. And that game doesn't look cool.

Yeah, yeah. So so who knows? Who knows it's going to have but our side step into a hat gaming for the day we got .

to do another. One of those a full blown one of those IT can't be any more all over the place than this was.

Yeah, yeah. I want to do. I want to do so if you still listen at this point, thank you.

I'm trying to do we're putting together episode text hacker A I so we're going to do an A I focused episode, which I think is going to be really neat getting some guest on for when is talk about how A I is changing different parts of their job and are different parts of their world. Yeah, it's not just, it's not just about work. It's about play in fun too. So but doxy people .

in the street using .

your materials, the be, I think another hat gaming were due for, I feel like this enough enough things to talk about.

I like have some game, debs, on. I think that would be really.

really fun. And we could do that. We can ordinate that the if your game jumping, the discount drops us no yeah first .

email to get at hacked podcast home. We'd love to hear from .

me yeah ah yeah so if especially I would love to have some me that works in an anti department, if you specifically so if you we're going to anti department on a major video game count state color dd epts something like that, I would love I would love to hear from your side of the coin that you're allowed to tell us. And i'm sure there's a lot of things to be behind nda walls.

But if if you would like to breach those nda, i'm not sure I can say that if you would like to bring that share story us, don't bring that he, I think that back holland hacked documents. A great place to share stories with us, which sure loves to long for interviews.

But if you got a fun, spicy tale of of technology gone, a muck computer confession, whatever you got, how, when a hacked dot com, which you can get two, three hacks, podcast 点 com， it's whole ecosystem very hasty to put up websites share. You're strange that we love to here we listen to him. We got some great stuff.

Once last one were really excited for the next up is ode how and I talk on get out us um you know IT i'm going to say the call I think may be for the end of this episode. Tell someone you know about hacked if you if there's someone in your left that you think would enjoy hacked podcast filament filament, let me know we'd love to have him in here. We love making the show. We love get new folks in, get their takes on stuff. So you sure spread the word if you got got IT any.

I can say that. So I with that, with that, we just say goodbye.

It's another one of the bucket. Thanks for listen and catching in the next one.

Take her.