0:01

I just took a DNA test. Turns

0:03

out I'm 100% that victim of a massive data

0:06

breach. This week on Hacked,

0:08

genetics firm 23andMe reveals user

0:10

data stolen. We're going to talk about it. We're

0:13

also going to talk about the Move-It

0:15

breach. Finally, it's been a few

0:18

months in the making, but it seems to be tying into many

0:20

of the stories and things that we're looking at and reading today.

0:22

Then since the early days of generative AI, we've been

0:24

hearing about how crucial a role watermarking

0:27

is going to play in fighting misinformation

0:29

and maintaining copyright. How is that going?

0:32

According to experts, poorly. We're

0:34

going to talk about it. Also the

0:37

group known as Alpha,

0:40

Alpha, Alpha, Black

0:43

Cat, whatever you'd like to call them, the ransomware

0:45

group is back at it. So

0:47

we talked about them in the Las Vegas episodes. They

0:50

are back at it again. So we're just going to touch

0:52

on what they're up to. All that and more in this

0:54

chat episode of Hacked.

1:00

Scott, how are we doing this week?

1:12

Good,

1:18

good. I'm

1:21

moments away from jetting

1:23

over to your part of the world and going to pick

1:25

chanterelle mushrooms in the wild. So

1:29

I'm off for the weekend to go mushroom picking.

1:32

So that should be fun. Not the mushroom type

1:34

that I think most people would think, but probably

1:38

going to make some good risotto. It

1:40

should be nice. You

1:43

can make a good risotto with the other kind of mushrooms people

1:45

are thinking about. Oh my God, could you? I've never even

1:47

thought about that. That seems treacherous. No,

1:51

it is treacherous. It's

1:53

very true. That's a good word for it. It would be a treacherous

1:56

meal. The

1:58

yeah, but we'll be kind of.

1:59

up until Fino so hopefully we'll get a little surfing

2:02

into we'll see how the waves are but we're mostly

2:04

there to pick mushrooms so we'll see how that goes good

2:07

times I've actually never been up to Tofino me and

2:09

my partner were just talking about going up there sometime

2:11

soon as well you know what neither have I

2:13

shocking oh sick to everybody

2:16

that I know island living I don't live

2:18

in but I have not not done it island

2:21

Scott I don't think I've ever seen island

2:23

oh island Scott existed like when I lived

2:25

in when I lived

2:27

in Hawaii island Scott was was full

2:30

full-fledged full on oh

2:32

yeah I forgot you did have an

2:35

island Scott era yeah I did I did I would

2:37

love to have another island Scott era honestly

2:39

maybe that's something that I should be sure tuning

2:41

my life for is to become an islander

2:44

again board shorts every

2:47

day every day every

2:49

day board shorts Hawaiian

2:51

Hawaiian print floral button-ups

2:54

you know it's a it's a vibe it's a vibe

2:57

and yeah I got can't lie I enjoyed that vibe

2:59

very much you know who also brings

3:02

a sort of easy breezy flower

3:05

floral print board shorts island kind

3:07

of vibe who's that I'm talking about Sarah

3:09

Gardner our new patron

3:11

on our trusty patreon

3:14

oh yes yes

3:16

thank you very much Sarah and I think

3:19

Walt Kim bro would also vibe vibe

3:22

pretty hard in the hacked island compound I think he

3:24

would I think Walt Kim bro has like I'm

3:26

seeing him with like a Mai Tai a big a

3:29

big drink like a really big

3:32

island vibe drink him

3:35

and him and Floyd Clark and Floyd

3:37

Clark is running the Margaritaville constantly

3:40

at the island villa yeah that's them they're

3:42

out there Floyd Clark thank you very much and putting

3:45

a pin in the whole thing fittingly Ender

3:49

I think I think Ender's like the dark horse and

3:51

the island he's sort of overseeing it isn't

3:53

like the in the birds nest up top making

3:55

sure everything's okay maybe like a lighthouse Ender

3:59

What a name to end. I

4:02

know, right? Except for the sad, the

4:04

sad fact that

4:06

we have one more. Suffagen Bonnie.

4:09

Oh, we did miss

4:11

one. I jumped straight into the middle of the list. I'm so

4:13

sorry, Sufjan Bonnie. Thank

4:16

you so much for your support. It

4:18

means a lot to us. And also, we're going to see

4:20

you. You get a hammock for that. You get like a really

4:22

nice hammock and

4:25

a drink made of a coconut. A cabana.

4:28

A cabana

4:30

by the by the ocean. Cabana with a coconut

4:33

drink. Thank you all so much for your support.

4:36

If you also want to support tech

4:40

storytelling and bullshit about tech,

4:42

I don't know if we curse on this show. You

4:45

should support. We do. Great.

4:48

I should know that. I curse on this show. Me

4:50

too. I guess I did know that. I've told a guest

4:52

recently they can curse on this show. So you can curse on

4:55

this show. All of you supporters,

4:57

new and old, can curse on the show. If you want to support

5:00

tech content and stories and chat,

5:03

hackedpodcast.com. It's a great way to support the show. It

5:06

directs to our Patreon and it means the world to us.

5:09

No problem.

5:12

Any

5:15

other news now that we've got our travel

5:18

stories and plans out in the open and a

5:20

bit of patron thank

5:22

yous? Is there anything else we want to touch on before we get going?

5:25

Maybe a new

5:28

thematic episode type that we're thinking

5:31

about doing? Yeah, I

5:33

think we maybe do. So fun little

5:36

insight for users. My cat is ferociously

5:38

attacking me right now. I'm just

5:40

going to pod through it. I'm podding through.

5:43

We're going to do a little experiment. I'm

5:45

hoping the website's up and running good

5:47

by the time we drop this one. So

5:50

a few episodes ago we talked about the idea of a call-in

5:52

show. I love call-in shows.

5:54

I think, Scott, you've expressed some appreciation

5:57

for them in the past. Classics.

5:59

They're classics. You got your love lines. It's

6:02

a great medium, it's a great format. And

6:04

we just started thinking about what would it be like if

6:07

there was, I don't know, some kind of a hotline,

6:11

a hacked hotline, dare

6:13

I say, a hotline hacked?

6:16

I could have handed it to you on that

6:18

one. You were- You could have handed it to me, but

6:20

you chose not to. You wanted to hit it. It's

6:24

your name, you take the credit,

6:26

you roll with it. I chose violence. This isn't

6:28

hotline Miami, it's a hotline hack. Yeah,

6:30

all good, all good. Yeah,

6:34

the idea behind it. Take it away.

6:36

Let's give everybody a little thing. Is we're

6:40

gonna have essentially a voicemail

6:42

line. You can call and leave a message

6:44

where you tell us a story about

6:47

either a cybercrime that you committed

6:50

or a cybercrime that was committed to you or

6:52

that you were aware of or in the

6:54

periphery for if you're like a security

6:56

officer and we're

6:58

gonna kind of listen to these back and figure out which ones are

7:01

kind of good stories and we're gonna turn them

7:03

into episode content. You

7:06

got it. What do you think of that? I think that's bang

7:08

on. I think it's like we want those

7:10

cybercrimes, but we just want like strange tales

7:12

of technology. Like maybe you hacked

7:15

into something, maybe you solved an internet mystery,

7:17

maybe you like got into

7:20

a thing you shouldn't have. We just

7:22

want you to either submit an audio file or leave

7:24

a message at the hotline and we'll talk

7:26

about it on these hotline hacked episodes.

7:28

If this worked, if it

7:31

might not work, this might be the last you

7:33

hear about this. We might get no content.

7:36

Nobody reaches out. The content might be, I say

7:40

this with so much love, unhinged and

7:42

we just won't do this. But I'm

7:44

hoping, we talked to so many people

7:46

that listen to this show and they always have these really cool stories

7:49

and I never quite know, we

7:52

never quite know what to do with all of them, whether

7:54

or not they can make up a whole episode. And

7:58

this is just a space where we can talk about different

8:00

stories and sort of speculate

8:02

about what people call in and leave

8:05

on the hotline hacked. So there will

8:07

be an email option to email in either

8:09

text or an audio

8:11

file. We do send

8:13

in an audio file. Be aware that we

8:15

probably will play it in the episode. Same with

8:18

the phone number. Or at least an edited version of it. Yeah.

8:21

Same, yeah, yeah. Same with the phone number voicemail,

8:23

so be aware. If you

8:25

wanna make sure it's more anonymized, just

8:27

send it in some text and then we'll digitize it

8:30

into the voice of a reader and use

8:32

that. Or we'll read

8:34

it ourselves, one of the two. Or we'll read

8:36

it ourselves. Yeah, if you wanna submit text, there's the email

8:38

on the website. And

8:41

as we said, it's kind of as anonymous as you make

8:43

it. You can go to hotlinehacked.com. Hotlinehacked.com

8:47

to find... Hotline...

8:49

Take it away. Land it. Land

8:52

the plane. I was gonna say, hotlinehacked.com.

8:56

Hotlinehacked.com. Visit it today. Visit

8:59

it today. I'm gonna

9:01

record like, oh man, like weird late night infomercials

9:04

for this. We should also

9:06

tell everybody before anybody visits the

9:08

website that Jordan generated

9:10

the website on chatGBT. So

9:14

it's very basic, it's very

9:16

functional. It's got some pretty sweet

9:19

JavaScript text coloring elements.

9:22

I wasn't fishing for you to compliment the JavaScript,

9:25

but I do appreciate it. Hey,

9:27

hey, hey. I'm here for you. Last

9:30

week it's Python, this week it's HTML and

9:32

CSS. Like who are you? The

9:34

next thing you know, you'll

9:37

be writing malware and rust. We'll

9:39

all be in trouble. Then what?

9:42

You'll be joining Alph-Va. Alph-Va. Alpha or

9:44

Alph-Va. Alph-Va. And

9:47

maybe you're part of Alph-Va or Clop

9:49

or any number of people getting up to stuff. Maybe you just

9:51

have an interesting story, but we would

9:54

love to hear it at hotlinehacked.

9:57

Here are brand spanking new.

10:00

franchise or our whatever

10:02

happened to that that someone asked us in

10:04

five episodes. Only one of the two.

10:06

Dead in the water idea. Totally. Yeah,

10:09

yeah. Speaking

10:13

of which, I heard this interesting, I read in

10:15

our news articles, it has nothing to do with anything we're about

10:17

to talk about, but I thought it was funny. You

10:20

made us like use a little statement that made

10:22

me realize it is, did you know that there's apparently

10:24

a generational shift for

10:27

the phrase out of pocket? So

10:30

like, we found like, Jordan's out of pocket

10:32

this weekend. To me, that means like Jordan's

10:34

kind of wiling out. You know, he's like, he's

10:37

out of pocket. Oh. But apparently

10:39

in the older generations, out of

10:41

pocket means like I'm out of the office. It's

10:43

like, oh, I'm gonna be out of pocket today at two.

10:46

And it's everybody's like, huh? Oh,

10:49

I had no idea. But apparently there's this generational

10:51

gap for the phrase out of pocket.

10:54

I just found it interesting. I have no idea why I just inserted

10:56

this, but I found it interesting. I thought you'd find it interesting.

10:59

I do find it interesting. You know how I feel about idioms

11:01

and etymology. See, what's

11:03

interesting about that is that I thought,

11:06

I think of out of pocket as neither of those things.

11:08

Really? I don't think of it as being like in absentia

11:10

or wilding out. I think of it as being

11:13

like based, like about money

11:15

and transactions. Oh, like you. Like

11:17

it was like the cost of the concert was like

11:19

a bunch of the example on Google. I'm not gonna, someone's

11:22

gonna check and see that I'm reading this. The organizer of the

11:24

concert was $15,000 out of pocket after

11:27

it was canceled. Yeah, that's how I think of it. Like

11:30

it's a cost thing. Like you put money up

11:32

for that. I think I see that

11:34

too. Like that's a classic. I'm

11:37

out of pocket 10 grand for this or whatever, but

11:39

it's like, if I'm like Jordan's

11:42

out of pocket, does your mind

11:44

go to, is Jordan in the office

11:47

or not in the office or does it go to, is

11:49

Jordan? It doesn't go to East Jordan. It was

11:51

actually on the beach at the Hack Cabana

11:54

because mine goes to the ladder. Interesting.

11:58

My brain goes. exclusively to Jordan

12:01

did a bad business. Now he's feeling

12:03

it. Like, wow.

12:06

He spent all that money on the hacked cabana.

12:09

And now he doesn't have that money because

12:11

of the storm that claimed the hacked

12:14

cabana. That's what I think about a

12:16

pocket. Okay.

12:19

Interesting, but I think we should move through

12:21

this. Yeah. Let's get into this one. Five

12:24

years ago, there was a situation with a

12:26

DNA testing service called MyHeritage.

12:30

Someone breached 92 million of this DNA

12:32

testing company's accounts. Do you remember this?

12:35

I do not. It wasn't

12:37

a good news story, but when they announced what

12:39

the infiltrator got access to, there

12:42

was sort of a sigh of relief because

12:44

they got access to encrypted emails and passwords. And

12:46

everyone went, oh, for sure, user data. Exactly.

12:50

Everyone went, phew, that could have been bad because

12:52

they never reached any kind of genetic data. I

12:55

was reminded of that this past

12:58

Friday when 23andMe, a

13:00

US-based biotechnology and genomics

13:03

firm, confirmed a data breach

13:05

of their user accounts. The company

13:07

said that hackers accessed certain

13:10

counts of 23andMe users. I would

13:12

say it's not just any genetic

13:15

testing company. That's got to be

13:17

the biggest one I know of. They're

13:19

the one I think. Yeah,

13:21

I know lots of people that have done

13:24

23andMe testing. Yeah,

13:26

me too. I remember a few

13:28

years ago thinking about doing it, and

13:31

I didn't not do it because of

13:33

some privacy-based

13:35

awakening. I didn't do it because I lost

13:38

interest. It's there but by the grace

13:40

of gog. And let's be clear, not every

13:43

single 23andMe account was breached.

13:45

And it's not to say that 23andMe itself

13:48

was necessarily breached.

13:50

There's some nuance here. But

13:52

the outcome is pretty gnarly. And

13:54

I think it kind of paints a picture

13:56

of what a spectrum of genetics-based

13:59

lead is. can look like.

14:02

This

14:05

announcement came a couple days after hackers started advertising

14:07

an alleged sample of

14:10

this 23andMe user data on the hacking form breach forms

14:12

offering to sell these profiles for between $1 and $10.

14:16

These sort of early samples, which a couple

14:19

different places were able to verify, were organized

14:22

based on the descent of the users.

14:25

So there was essentially a little

14:28

cluster being sold of 100,000 Chinese users. There

14:32

was a cluster being sold of a million

14:34

Ashkenazi Jewish descendant users.

14:38

A spokesperson from 23andMe confirmed

14:40

that the data that is in these leaks is legitimate.

14:43

And what it looks like happened is threat actors

14:45

used essentially a credential stuffing attack. So

14:48

credentials that were in other breaches that were recycled

14:51

on 23andMe were used to get into these accounts. Quote,

14:55

they clarified, quote, we don't have any indication

14:58

at this time that there has been a data security incident within their systems. It

15:02

was a credential stuffing technique. Let's

15:07

segue before we get into the actual

15:09

hack and to talk about credential stuffing just a bit.

15:12

If you're an old hacked fan, you would have listened to

15:14

the problem with passwords. I

15:17

think it was one of our

15:19

first four or five podcast episodes. And

15:22

I think that this style of attack is

15:24

the main reason why you need a unique password for every

15:26

site or else you just become... With

15:30

the scale and velocity of data exploitation

15:32

style hacks where they're

15:34

pulling out user records, if

15:39

you have a password that's guessable, even

15:41

within a reasonable timeline of months,

15:45

chances are you're vulnerable to having a pretty nasty set of

15:47

this style of attacks happen to you. I

15:52

think that that's something... I've

15:54

set up my wife's password

15:56

manager now, everybody that I come

15:59

into. recommend them using unique

16:01

passwords on everything, complex passwords

16:04

as well as changing them with frequency. And

16:06

I think that's as long as we live in this

16:08

antiquated password-based life, which

16:11

I don't think we're gonna get away from because even

16:13

if we use other things as forms

16:15

of biometrics or whatever,

16:18

all they do is get encoded into passwords anyway.

16:20

So realistically it's all just data.

16:23

So at the end of the day the

16:25

best thing to do is to just have different data

16:27

for each site so that this doesn't become

16:29

a problem for you. 100%.

16:31

For the

16:32

folks that it did become a problem

16:35

for, leaked data included

16:37

full names, usernames, profile

16:39

photos, sex, date of birth, geographical

16:43

location, and genetic ancestry

16:45

results. So a

16:48

pretty gnarly doxxing as

16:50

doxxings go. A

16:53

bleeping computer found that the number of accounts sold

16:55

by cyber criminals doesn't necessarily

16:57

match the number of 23andMe accounts

17:00

that were breached using the exposed credentials.

17:02

At the heart of this whole thing is something

17:04

called this DNA relatives feature.

17:07

And what it's essentially like a toggle that you

17:09

can choose to use or not use that lets you find

17:11

and connect with genetic relatives, indexes

17:15

other people that share some sort of genetic

17:17

relationship with you based on your 23andMe

17:19

results. And what it looks like the

17:22

threat actor did was they were by

17:24

only by accessing a few 23andMe

17:27

accounts through this credential stuffing, they

17:30

were able to scrape enough data from the DNA

17:32

relative matches to start building out essentially

17:34

like a database of different people that shared

17:37

certain genetic markers. This is

17:39

how we ended up in a situation where you would have a breach

17:42

of just here's a list of people that share this

17:45

ethnic background. You wouldn't

17:47

really be able to do that without a system

17:49

like DNA relatives unless the

17:51

hacker had gotten full access to

17:53

23andMe systems. But because

17:56

of that feature, just through user

17:58

accounts, they were able to create these, you know, million

18:00

strong entrance. And

18:07

given that we know more accounts were breached than

18:12

have been exposed in

18:14

these leaks, we

18:17

can probably assume more of these lists are

18:19

going to come. Yeah,

18:23

I feel like this is going to be one of those data sets and

18:29

it becomes the classic thing

18:31

of like, it's

18:34

like the Ashley Madison hack. If

18:39

you were in there, it's like the damage

18:41

was done. You

18:44

don't need to sell it or, you know, there's

18:48

no way to look to monetize this, but

18:52

it's like if all of your genetic data is floating

18:54

around on the internet, plug

18:57

them in, oh yeah, his data is here. Oh,

19:01

look, he's got hereditary markers

19:05

for XX and X. Okay, denied. You

19:10

kind of beat me to the thing I wanted to

19:12

bring up, which

19:15

is that like, I don't really know, when

19:17

I think of like a breach form, where

19:20

people are buying and selling this information,

19:24

and it's not a short

19:27

term. But

19:29

what we know is that the information that's in these data breaches

19:34

that we think of as being

19:36

bought and sold from cybercriminals tends

19:40

to end up on a long enough timeline getting

19:42

packaged up and bought and sold and

19:45

bought and sold, and

19:48

it kind of works its way up the chain of legitimacy

19:52

from these to companies that shouldn't be buying this

19:54

data illicitly but have a huge financial

19:57

incentive to have it. that's

20:00

where genetic breaches go. And

20:02

it would be an icky world if that's where it goes.

20:06

But we don't live in an icky world, do we, Jordan? I

20:09

sure hope not. I

20:11

sure hope not. The last thing

20:13

on this one, I went down a bit of a rabbit hole because

20:16

I saw that first story from a few years

20:18

ago. I remembered it. And I went

20:20

looking for like breaches and

20:22

data leaks relating to genetic information.

20:25

And there's this Wapo story from 2022, quote,

20:28

since the beginning of last year, more than a dozen

20:30

medical labs, genetic testing companies and fertility

20:33

firms have disclosed breaches affecting more than 3.5 million

20:35

people, according

20:37

to a cybersecurity 202 review of data breaches.

20:40

Wow. And it's just interesting

20:42

to me that, small labs

20:45

that have the actual, like

20:47

people's genes, like the actual

20:49

raw data are as good

20:51

an attack target as like

20:53

a massive company like 23andMe, depending

20:56

on how granular this data is. And

20:58

it just sort of makes me reflect on the more and more

21:00

genetic data we start producing and digitizing,

21:03

the bigger a target is gonna become. And unlike

21:05

a credit card, there

21:08

are some things you can't really change when they get leaked. See,

21:13

the problem is like this data is super valuable

21:15

too to the person. Like if you know you have

21:17

specific markers for heart diseases

21:19

and cancers, you can be well aware and

21:22

more up on making

21:24

sure that you're checked and tested.

21:26

Totally. There's a lot of positive that can come

21:28

to this data. So it's sad that

21:31

it just becomes one of these things where it's like, well, there's

21:33

a bunch of negatives that can come out of it too. And it's

21:35

just a byproduct of the world we live

21:37

in. But I think over the next 100 years, we'll

21:40

see changes come to the industries

21:43

that were worried about having this data. And

21:46

hopefully changes come to the industries that

21:49

we hope have this data. Yeah,

21:51

it's true. Like if my family doctor knew what I'm like,

21:54

you know, medical history of your

21:56

parents is such an important thing. And

21:58

it's like, well, this is... your DNA

22:01

essentially is the codified

22:03

version of the medical history of your family. So

22:05

it's like, now that they've deciphered

22:08

the codes, having the code

22:10

is a good thing. And it's like, I think that this is probably

22:13

something that in society we don't take advantage

22:15

of enough. No, it's true. From a wellness

22:17

and health perspective. Yeah, I wanna see

22:20

us getting better at leveraging

22:23

genetic data and be really

22:25

like, I

22:28

think a lot of the ways big companies handle

22:31

data breaches, it's like I'm regularly

22:33

kind of disappointed by it because it's like anything,

22:35

it's PR. You're trying to minimize a situation.

22:37

You're not necessarily being totally forthright

22:40

with what happened. And this is such a

22:43

delicate, sensitive thing. That

22:46

like, we need to build systems of security

22:48

and trust to allow us to have

22:50

this information and to use it to the best of

22:52

our ability. If the potential upside isn't like

22:55

a better chat messaging app, it's like

22:57

people's lives. The stakes are very,

22:59

very high. We should be advancing

23:01

this and getting better. But like, man, we

23:03

just need more trust and more security

23:06

in these systems. Icky

23:10

shit will happen. That

23:12

to me is a perfect segue to

23:15

the Move It breach. If you wanna talk about Move It breach.

23:17

Heck yeah, let's talk about the Move It breach. So

23:20

Move It is a data

23:24

transfer system created

23:26

by Progress Software that

23:29

is built to be a

23:31

movement system of high security to

23:34

move hypersensitive information.

23:37

Corporate secrets, personal information,

23:40

HR stuff, anything that's,

23:42

you need to move, but you wanna make sure it doesn't

23:46

get out there. Like

23:48

if you go to their website, they have first

23:51

sentence at the top of the page is talking about security

23:53

standards and protocols and cybersecurity

23:55

things. Anyway, so

23:57

one of these

23:59

pieces of software.

23:59

Move It by Progress

24:02

got compromised. And it's not the first one of its

24:04

kind to be compromised because it's actually hacking groups

24:07

that target these styles of software because

24:09

they know that they're so valuable. So

24:13

it's the same thing. Same thing as the genetic data.

24:16

It's like if you put a bunch of valuable

24:18

information into a place, people

24:20

that want valuable information are gonna try to get

24:22

it. And it's the same thing with Move It. So

24:25

Move It was behind, I believe

24:28

it was the MGM hack or

24:30

one of the Vegas hacks or both of them

24:32

maybe. Can't remember. It

24:34

was behind the Sony hack that we talked

24:36

about last time. And it's been

24:38

behind a boatload of other hacks. Like they're estimating

24:42

something like 600 organizations of fallen

24:44

prey to one ransomware's groups

24:46

use of it. So even

24:49

the vulnerability, the CV that came out on

24:51

it was given a 9.8 out of 10. So

24:53

like essentially out of all the severity

24:56

that like a potential vulnerability and a piece of software

24:58

could have, this is like one of the top. Yeah.

25:02

So I didn't know what Move It was.

25:05

And the thing that with this on my radar,

25:08

like you said, last episode, we talked about these

25:10

sort of, what were then brief early murmurings

25:13

of another Sony leak. And

25:16

I was fascinated as you brought up to find

25:18

out that it was part of what's looking maybe

25:20

by the numbers like one of the biggest hacks of 2023. Not

25:24

a singular hack. Part

25:27

of this much sort of a supply chain attack

25:29

involving this file transfer protocol,

25:31

maybe you could call it Move It. File

25:33

transfer system. Yeah. So

25:35

Sony confirmed that they were part of this Move

25:37

It breach. For them it was 6,800 users. Data

25:41

extortion gang CLOP has claimed

25:43

responsibility for the breach. The

25:46

breach seems to have exploited a zero day vulnerability

25:48

in Move It. And it's looking, as I

25:51

said, like probably, yeah, one of the biggest hacks

25:53

of 2023 and potentially

25:55

in like over the last couple years, it's

25:57

looking like you mentioned the 600 through. One

26:00

Ransomware Gang. 56 million

26:07

individual users across that and

26:11

a global cost of close to 11 billion as

26:14

of time of recording. Pretty

26:18

astonishing. Affected

26:21

entities so far have included Shell, British

26:23

Airways, Sony, and the US Department of Energy. Progress

26:27

Software, you mentioned, but

26:30

clearly as we are seeing this month, the

26:32

damage has already been done. This

26:35

vulnerability I think dates back to April, if

26:39

I'm not mistaken. The

26:41

first things you heard about

26:43

it dated back to April. They patched it pretty quick,

26:47

but of course like any kind of system software

26:50

that has remote deployments and stuff, whether

26:54

IT departments around the world patched fast enough,

26:56

things like that, or whether there was already access granted to

26:59

the world. The

27:01

way the exploit works too, is

27:04

it's kind of a classic SQL injection. They

27:08

can kind of force a piece of SQL into a query going into it, which

27:12

then causes remote code execution. I

27:15

think what they were doing is using it to deploy web

27:18

shells and essentially remote access

27:21

shells so they could get in, either A, go through

27:23

the database, and

27:26

then they could get in and get in and get in. And

27:29

that's where the answer is because that's where

27:32

they were. Or they could create new accounts, etc. So

27:35

I know that they were using it as a jump off

27:37

point to launching attacks

27:40

further into networks, which is what I think

27:42

happened with Sony, if I'm not mistaken. They

27:44

managed to kind of

27:46

get in

27:47

and kind of spider through the networks.

27:49

Not good. It's

27:52

a massive remote shell exploit.

27:56

And

27:58

the world's paying the price for it.

28:00

Yeah, there's typically like, I

28:02

don't know, it's always sort of hard to, maybe

28:05

none of these attacks ever really have that much

28:07

of a narrative, but it's a lot easier to make a narrative

28:09

when it's a hacking group going after one individual

28:11

target. This is so strange because you have

28:14

like, British Airways and the Department

28:16

of Energy, you also have like healthcare facilities

28:19

to sort of go back to what we were talking about with

28:21

genetics. A bunch

28:23

of sensitive information is already being confirmed

28:25

as having leaked, as being stolen

28:27

as part of this vulnerability. Lab

28:29

test results, born Ontario,

28:31

a government birth registry, recently disclosed

28:33

a move it related attack. It

28:36

looks like hackers stole data from 3.4 million people, including

28:39

two million babies, expected parents

28:41

and people seeking fertility care. That

28:44

data gathered over like a decade as

28:46

part of this attack that was not

28:48

explicitly targeting birth registries,

28:51

but because this was a supply chain

28:53

attack of a very commonly used

28:55

like tech utility, they

28:58

just sort of got the keys to a bunch of different

29:00

castles, including one

29:03

with two million babies in it. And

29:05

Sony. And Sony, and your PlayStation.

29:08

And Sony, and your PlayStation.

29:11

The, yeah, big, big,

29:14

big problem, big hack, big

29:16

vulnerability. And

29:19

the reality is there's probably still unpatched

29:21

versions of it kicking around. So I think we're still

29:23

seeing, like there's still exploits

29:26

and hacks that are connected back to

29:28

this coming up now. So

29:30

it's funny that it's a piece of,

29:34

well, it's not funny. It's ironic that

29:36

it's a piece of software that was acquired,

29:40

set up and configured to

29:42

make sure that privacy was upheld

29:44

and to reduce the risk of stuff like this. And

29:46

then next thing you know, that's the main

29:49

thing that's kicked the door open

29:51

on it. Okay,

29:53

when we come back from the break, when

29:56

we talk about AI watermarks and

29:59

the folks. over at Alpha. Hello,

30:30

whether you are selling scented soap or offering outdoor

30:33

outfits, Shopify helps you sell everywhere.

30:36

From their all-in-one e-commerce platform to

30:38

their in-person point of sale system, wherever

30:41

and whatever you are selling, Shopify

30:43

has got you covered. Shopify helps you turn

30:45

browsers into buyers with the internet's best converting

30:48

checkout, 36% better

30:50

on average compared to other leading commerce

30:52

platforms. What I love about Shopify

30:55

is that no matter how big you want to grow, Shopify

30:57

gives you everything you need to take control

30:59

and take your business to the next level.

31:03

Sign up for a $1 a month trial

31:05

period at Shopify.com slash

31:07

hacked, all lower case. You

31:09

go to Shopify.com slash

31:12

hacked, right now to grow your

31:14

business no matter what stage you are

31:16

in. That's Shopify.com

31:19

slash hacked. This

31:21

episode of hacked is supported by Compiler,

31:24

an original podcast from Red Hat discussing tech

31:27

topics big, small and strange. Compiler

31:29

comes to you from the makers of Command Line Heroes

31:32

and is hosted by Angela Andrews and

31:34

Brett Simino. Compiler closes the

31:36

gap between those who are new to tech and

31:38

those behind the inventions and services

31:41

shaping our world. Compiler

31:43

brings together stories and perspectives from the industry

31:45

and simplifies its language, culture

31:48

and movements in a way that is fun,

31:50

informative and guilt-free.

31:53

I checked out the In Defense of Legacy

31:55

Technology episode and it's all about how younger

31:57

IT professionals often start their

31:59

career. working on legacy hardware and software,

32:03

and upgrades aren't always an option. It's kind of about

32:05

asking that question, how can they learn and grow

32:07

while still working with older technology?

32:09

Very interesting story. Listen

32:12

to Compiler, in your favorite podcast

32:14

player. We'll also include a link in the show notes.

32:17

My thanks to Compiler for their support.

32:19

Today's podcast is sponsored

32:22

by NutriSense. That was the sound of the NutriSense

32:24

biosensor. It's a small device you can put on the back

32:27

of your arm that then provides real-time feedback

32:29

on how your body responds to the foods that you are eating,

32:31

your exercise, stress, and even your sleep. With

32:34

NutriSense, you can just take a photo of your meal, adjust

32:36

your portion size, and NutriSense does the rest.

32:39

NutriSense helps you track your data, see your glucose

32:42

trends, and understand your macronutrient breakdown

32:44

for each meal. You also get an overall

32:46

glucose score for each meal based on your body's

32:48

response. You'll be matched with a board-certified

32:51

nutritionist who will review your data

32:53

and answer all your questions. Plus,

32:56

they can help you get a personalized nutrition plan so you can help

32:58

achieve your goals. Try NutriSense

33:00

today. It will open your eyes in profound ways to how your

33:02

food, exercise, and lifestyle choices are affecting

33:05

you. What's more, it empowers you with a real-time

33:07

feedback loop showing the consequences of your food

33:09

and lifestyle choices. It is a powerful

33:12

tool for understanding your body and affecting positive

33:14

change in your life. You can get all this

33:16

today. NutriSense has a special offer

33:19

for our listeners. Visit NutriSense.com

33:21

slash hacked and use promo code hacked to

33:23

start decoding your body's messages and pave

33:25

the way for a healthier life. Be sure to tell them that

33:27

you learned about NutriSense on Hacked Podcast.

33:30

That's NutriSense.com slash hacked. Save $30

33:33

off your first month, plus get a month of board-certified

33:36

nutritionist support.

33:37

Let's talk interest rates. Not that kind

33:39

of interest. I mean, interest in you.

33:41

At First Merchants Bank, we are 100% interested in your success.

33:45

Our bankers provide a level of attentiveness unlike

33:48

any other. We're here to get to know you and

33:50

to be a helpful partner in your financial success. Aren't

33:52

you tired of your bank just saying they care about

33:55

your business? Make the switch to First Merchants

33:57

Bank and feel the difference of real, honest

33:59

interest.

33:59

First Merchants Bank. For a better

34:02

banking experience, visit firstmerchants.com slash

34:04

switch. Helping you prosper. Member FDIC

34:07

Equal Housing Lenders. Before

34:10

we started recording,

34:11

we were like, we

34:13

gotta pick a way to say it. And then both

34:15

of us immediately, the second it started, we were

34:17

like, Alphava, Alphava, Alphava. Like, we went

34:19

immediately back to not knowing how

34:21

to say their name. It

34:24

is unpronounceable. Yeah, Black Cat was their

34:26

original name, and that's like, that's a word that I

34:28

know how to say. Yeah, sure. Black Cat. I got my feet

34:31

under me with that one. Alphava,

34:34

Alpha. I

34:36

just gotta call it Alpha. So yeah, anyway,

34:39

Alpha's back. Tell me about it. They're back

34:42

stirring up some stuff. Yeah, so they compromised

34:46

a Florida Circuit Court and

34:48

apparently have stolen a bunch of employee information,

34:52

including applications

34:54

for careers and things like that, I think, is

34:57

what I read. So they were related

35:01

to the MGM stuff. And

35:04

yeah, they just keep going. So I'm

35:06

not sure if this is associated in the same

35:09

kind of way that they got access to

35:11

MGM, whether it was a phone call to an

35:13

IT department that led to an endless

35:15

amount of problems. But they're

35:18

back, and they're still mucking

35:20

around. Interesting. Yeah,

35:23

because my memory of the casino

35:26

hack was that Alpha was responsible

35:28

for the ransomware and Scattered Spider were the

35:30

social engineers. And you raise a really

35:32

fascinating question of, like, does

35:35

Alpha do the social engineering too? Like, what

35:37

is their capacity? I think we gotta start reading

35:40

more about these folks. Maybe

35:43

one will call hotlinehack.com, and

35:46

we can play it on the show.

35:48

And maybe we can talk about it. It's

35:50

an interesting one, because we never really

35:57

have a great sense of the timelines. We read about

35:59

a story I feel like the very next week, the same crew of

36:01

people is on to stuff. And I do wonder, is

36:04

there a lag in the publicity

36:06

of these attacks, or are they really cooking

36:08

it that quickly? Did they really just wrap up doing

36:10

a full Oceans 11 and immediately kick

36:13

it over to a Florida court judicial circuit

36:16

where they

36:18

dropped a bunch of information on a website? It looks like

36:20

the Florida circuit didn't, court

36:22

didn't pay the ransomware, and that's

36:24

why the data was there. I'm

36:28

so fascinated by that. Internal

36:30

conversations, that's something, there was

36:32

a, yeah, ransomware diaries was so

36:34

cool about that because it was specifically concerned with

36:36

that process of negotiating ransomware

36:40

and making the decision of whether or not you

36:42

want to pay for it. And there was

36:44

such cool reporting into that because it is such a

36:46

private, secure process that

36:48

people don't want to let people into. People

36:51

don't want to talk to journalists about it. And the fact that he was

36:53

able to do that, if you never listen

36:55

to that show, go back and listen to the feed drop we

36:57

did last year with them. It

37:00

was a very fascinating one. And the, yeah, it's interesting

37:02

because it's like a hostage negotiation, essentially.

37:04

And it's like, do you pay the terrorists? Totally.

37:08

It's like if you become like

37:11

Caesar, so here's the thing, like my

37:13

wife listened to the episode we talked about Vegas and

37:15

was like, hey, you know, Caesar's

37:18

paid it and was back up and running, MGM

37:20

didn't, why didn't they just pay it? And it's like,

37:22

well, it's tough.

37:26

It's tough. It cost

37:28

them $100 million in like cost

37:30

revenues and stuff. So it's not, I'm sure the

37:32

ransom was less, but at the same

37:34

time, once you become

37:37

known as the organization that pays, do

37:40

you open yourself up to more tax? I would

37:42

say yes. Mm-hmm. Like

37:44

it's not gonna be the last time this happens.

37:47

No, definitely not. And

37:49

I feel like Vegas of all places

37:51

would have a lot of like, I don't know, they

37:53

put a lot of thought into how you deal with a

37:56

criminal messing with your system, like

37:58

whether it's on the casino for that. type criminals

38:00

like no there's the old Vegas

38:02

way this shit is done and I'm

38:05

not saying that's what happened there but feels

38:07

like I don't know it kind of reminded me of that

38:09

yeah yeah if Vegas was

38:12

not a publicly or conglomeration

38:14

of publicly traded companies these days it

38:17

was still back in the old days and it was mostly

38:19

allegedly mafia run I'm sure this

38:21

would be resolved in a much different way yeah

38:25

I mean if you're gonna go after you're

38:27

gonna go by the mafia and I'm

38:30

I am making no claims about MGM I'm sure

38:32

that is a different time yeah

38:35

but you know what I probably want to do it from behind a keyboard yeah

38:38

yeah I said allegedly we

38:42

need to just print allegedly on the like

38:44

box art of this show like we're

38:47

speculating wildly we

38:50

try to be informed calculating wildly

38:52

where we are out-of-pocket on hack

38:56

which now

38:58

does that be good yeah exactly all

39:01

of them all of them okay

39:04

so we mentioned this a little bit at the top of the show but

39:07

when generative AI first started kind

39:09

of kicking around people

39:11

started talking about people started exploring

39:13

okay well it is the downside of this giant

39:15

earth shattering new technology and

39:18

along with the impact it's inevitably

39:20

gonna have on the creator economy there's

39:23

the question of misinformation both

39:26

of which people start positing that watermarking

39:28

could be a very useful technique

39:32

the ability to run an image or piece

39:34

of text through something and try

39:36

and quickly figure out you

39:38

know just like a checkmark this was or was

39:40

not generated by a major AI companies

39:42

open AI alphabet meta Amazon and

39:45

they immediately said we are committing to developing watermarking

39:47

technology to counter misinformation it was

39:49

the sort of thing that was gestured towards whenever

39:52

that

39:54

whenever that very present threat was brought

39:56

up the

39:57

rules deep-mind introduced a sort of beta version of

39:59

its watermark since ID in late

40:01

August. It's sort of the answer

40:04

that comes up a lot when people raise

40:06

those very, very important questions. We

40:09

are talking about it because of a really fascinating

40:12

piece in Wired that dropped about a computer

40:14

science professor at the University of Maryland,

40:16

Sohail Faizi, who after

40:19

this long research project

40:21

over the last six months, stated that there is

40:24

currently no reliable watermarking

40:26

for AI images currently used. He

40:28

and his small team were able to break all types

40:31

of AI watermarking that they tested.

40:34

Thought this was probably worth talking about.

40:37

So there's two different types of watermarking, right? There's

40:39

the watermarking that's visible to

40:41

the naked eye, you know, a watermark in the corner,

40:43

you can think of the Getty Images type thing. It's

40:45

also funny in the context of AI. The

40:48

other type, I didn't know this phrase, it's called

40:50

low perturbation. And

40:52

that basically just means it's invisible to the naked

40:54

eye. Yeah. So he was testing

40:56

specifically these low perturbation of watermarks

40:59

that would allow a user to quickly check

41:01

an image for whether or not

41:03

it was generated by AI. And I'm just gonna

41:06

quote him here. The results of his study, he

41:08

deemed them to have, quote, no

41:10

hope. He was, him

41:13

and his team were able to, the phrase is washing

41:15

out the watermark. And it was exceptionally

41:18

easy. He also, I found this

41:20

interesting, demonstrated how pretty

41:22

simple it was for those same watermarks to

41:24

then be added to human generated

41:26

images, leading to false positives. So

41:29

it's not just that the current state of

41:31

these watermarks is like crackable.

41:35

It's, it maybe suggests that

41:37

the very concept of an

41:39

easy to apply watermark that

41:41

is not visible to the naked eye could then

41:44

be misused to create these false

41:46

positives that render it even less useful

41:48

in the first place. But my

41:51

mind immediately goes to, I feel

41:53

like you could train an AI

41:55

to detect and remove these

41:58

AI generated patterns. A

42:01

little bit, yeah. Like you get a big training

42:03

set of AI images that have the watermarks and

42:05

a big training set of images that don't have the watermarks.

42:08

You feed it in and then train

42:10

it up and be like, okay, here's

42:12

the watermark image. Is this image watermark?

42:14

Yes, remove the watermark. Yeah, generate.

42:18

I feel like AI would be great at doing

42:20

that. Yeah, your solution

42:22

to AI just happens to be the kind of thing that AI

42:25

would be really, really great at undoing is

42:27

sort of a bad situation

42:29

to find yourself in. This, yeah,

42:32

it raises this

42:35

question of, this isn't the only

42:37

one of these studies that's going on. Pretty much the

42:39

second we realized we were entering a like era

42:41

of watermarking being really important,

42:44

a bunch of different studies kicked off. There's the University

42:46

of California one, the Santa Barbara, Carnegie

42:48

Mellon. They have all

42:50

found very similar things to SoHills study,

42:53

which is that these are susceptible. The

42:56

interesting idea here is that I think maybe

42:58

these just, we started thinking of these not

43:00

as like a silver bullet and as a small

43:03

part of a much broader

43:06

way of addressing misinformation

43:08

and copyright that are invited by this new technology.

43:12

It's sort of like a means of harm

43:15

reduction against the really, really

43:17

low effort AI

43:19

fakery. You could imagine a super,

43:23

it's not the kind of thing you'd want to trust for everything, but like

43:25

a filter almost on a social

43:27

media platform or an email

43:29

client that is just parsing for the really,

43:32

really low effort stuff, but

43:34

that you shouldn't be relying on

43:36

as like a real true test of whether or not something

43:38

was authored by a human. I remember

43:40

when chat GPT first came out, there were tons

43:43

of teachers running chat GPT

43:45

essays through, especially these

43:47

tools that came out within days of chat GPT

43:49

that were tasked with checking whether or

43:51

not it was AI generated. We all kind of quickly

43:53

had this reckoning that like, this

43:56

is not, put this tech

43:58

back in the oven, it's not ready yet. But

44:01

it's the same as the traditional

44:03

watermark, right? It's essentially a road

44:05

bump. If you wanna get rid of it, you can. That's

44:08

a great point. Like Adobe

44:11

Photoshop's Smart Fill probably gets

44:13

rid of most of them. 100% of those. And

44:16

it's, exactly. But it's essentially,

44:20

you have to cognitively take the step to

44:22

violate the copyright. And

44:25

I guess that's probably the biggest

44:27

checkbox for it, being able to show

44:29

that people actively did do something to bypass

44:31

the copyright when you do find them. The

44:34

idea of having some form of, like

44:37

images or pixels, right? Like they're just data

44:39

points. Literally just a grid of data

44:41

points. Run through

44:43

compression algorithms and a bunch of other things, depending

44:46

on what type they are. But trying

44:50

to put something into a grid of data points that

44:52

can't be either A detected or B removed

44:55

is very hard. If

44:57

you know what you're looking for, very easy. So

45:02

yeah, it's gonna

45:04

be a real tough one. Unless they're also

45:06

hashing the file and providing the like,

45:09

check some for the file and you have to validate

45:11

that the file has been modified, then

45:14

it's very, very tough. Yeah,

45:17

because I have such a deep disrespect

45:19

for my own time, I end up watching a lot

45:21

of tech announcements and public

45:24

press events and stuff. And

45:26

I'm always intrigued by like the recurring narratives

45:29

that occur when companies

45:31

have to announce new technology, let's call it.

45:33

And I'm

45:35

intrigued to see, I

45:37

imagine there's a lot of pitch decks and

45:39

public presentations that are sitting

45:42

in like private drives right now that

45:44

spend a lot of time talking about security and

45:46

artificial intelligence. And I would imagine that if

45:48

I could do a search for the term watermarking, it

45:50

would come up a lot. And I'm very

45:52

intrigued. The thing I wanted

45:55

to take away from the story is like almost like loading

45:57

it into my brain so that the next time I

45:59

see a big. a big company talking about watermarking

46:05

and how watermarking with AI will only make this more

46:07

secure, or

46:10

will make misinformation harder, not to necessarily say, well,

46:15

that's just a lie outright. I

46:18

don't think it's that, but to sort

46:20

of carry a little bit more skepticism

46:23

about that as we continue to wade into this AI generative

46:25

art era. I

46:28

think there are a lot of slide decks full of artificially intelligent, or

46:33

AI generated images and AI generated copy. Maybe

46:38

even in the same slide deck. Every

46:42

pitch deck I've seen in the last year has

46:44

had some form of AI-generated

46:47

images in it and some form of copy that's been accelerated, edited, or

46:49

entirely generated via AI. I

46:55

think we're there with Microsoft. I

47:00

know Microsoft is looking at building, I'm

47:03

not even looking at it as actively if not

47:06

getting ready to deploy. Maybe it has

47:08

deployed and I don't use Microsoft Office enough,

47:11

but they are generating essentially an assistant inside

47:13

of Office that will fast-track

47:15

tons of things for you, whether

47:18

it's writing an email and Outlook, editing something

47:21

in Word, maybe even

47:24

smart figuring out what your spreadsheet design

47:26

is looking to do and then just finishing it

47:28

for you. I think

47:31

it's going to be, we're there. I

47:35

think it's going to be good, but there's

47:37

going to be bad things too, just like everything. If

47:39

you look at this entire podcast, it's

47:41

because we have technology and technology I

47:43

think is largely seen as good, but

47:45

there's some bad there too. Oh, definitely. I

47:50

think you were right about all of that. I'm very intrigued

47:52

to see what the next. I think

47:54

I'm fascinated to see as

47:58

it gets baked more into the world. of the stuff we're already using.

48:01

I've become a chat GPE user

48:03

for a bunch of different things, but

48:05

I think for a lot of people, it being woven

48:07

into the places they're already being productive,

48:10

Google Docs, Microsoft

48:12

Office, that's gonna be when it either

48:15

does or doesn't become a big part of people's habits. Because

48:18

this is one of the first pieces of technology where I'm realizing

48:20

that, I don't know,

48:22

the little bit of a bubble that I'm in when it comes

48:25

to new technology. I have friends who like

48:27

tech, I like tech. We do a

48:29

tech show. And

48:31

in my mind, chat GPT showed up, mid-journey

48:33

showed up, and I'm like, all anyone's gonna be using

48:35

in six months. And over six months have passed,

48:38

and a lot of people in my life are not regularly

48:40

using these tools. Like, okay. There

48:44

are different threads of

48:47

tech users, and being

48:49

cognizant of that is something that, I don't know, it's

48:52

been a really fascinating process watching a big,

48:54

big tech shift happen and realizing that it's

48:57

not all happening at once. I

49:00

was sitting in a friend's backyard a month

49:03

ago. We were having a beer, and

49:06

their brother showed up, and their brother's

49:09

fiance. And she was in university

49:11

now, still in university, she's doing a master's

49:14

or something. And she was

49:18

talking about how she uses it to summarize her readings.

49:21

Like you just copy in digital

49:23

text. So she's gotta read 200

49:26

pages a week or something. She just

49:28

dumps it into chat dbt. Summarize

49:30

this for me. And bang,

49:33

out comes three or four

49:35

pages of

49:38

everything that you need to take away from it. It's

49:40

like, wow, that's a use

49:42

case. Oh yeah,

49:45

it's funny. I

49:47

thought I figured out was a total tangent.

49:51

We talked about AI hallucinations a little while back,

49:53

and those are particularly bad when you're asking

49:55

it questions that it's trying

49:58

to derive the answer from its own internal data. like

50:01

if you ask it about a law or

50:03

a health situation or anything like that, it might

50:05

just make things up. And I'd

50:07

started to feel like I had sort of found the workaround

50:10

to that, which is that always provide it your own

50:12

data set. Always be bringing in

50:14

your own information and saying I want

50:16

you to work off of this. Beyond

50:19

just the ability to quickly look back up at the data

50:21

and make sure something is accurate, I also just found

50:23

it got much better results. I got

50:25

my first full blown hallucination

50:28

using that technique. It was kind of

50:30

spooky to me. I was looking at

50:32

it writing full

50:34

on the wrong thing. It was just going on

50:36

a total fantasy, unrelated

50:39

to the text I had just provided it. It was really

50:42

weird to watch. Because

50:45

Chat GPT doesn't just sit there with a

50:47

loading bar and then show you the presented text,

50:49

you get to watch it type. There

50:51

was something so creepy about watching it just

50:54

sort of wax fantastical and make crap

50:57

up. I just read what I

50:59

gave you. I'm

51:01

just asking you to synthesize it into notes

51:03

so I can remember it later. What

51:05

is any of this? So

51:07

I want to just keep banging the robots, the

51:13

robots dream of electric sheep. They're making shit

51:15

up still. Don't trust it

51:17

yet. Use it. It's a powerful

51:20

tool. But if there was a calculator that

51:22

just got five plus five equals

51:24

nine sometimes, you'd be very cautious

51:26

using that calculator. Hey,

51:31

I know we're wrapping up here and just kind of

51:33

shooting it. So here's a good

51:35

one. Remember when we were talking about video

51:37

game hackers and free to play games

51:39

and how they're overrun with video game hackers? So

51:42

Counter Strike 2 released. The

51:45

new version of Counter Strike came out and

51:48

they have essentially instituted kind

51:50

of what I said. They

51:52

put in a Prime status upgrade. So for like

51:54

an additional like $20, you

51:57

become a Prime player and Prime players.

52:00

play with other prime players. So

52:02

essentially, essentially

52:05

they've, they've created a situation where you've

52:07

essentially paid a cheating bond. You

52:09

get a few other little perks with it, but at

52:11

the end of the day, the biggest

52:13

change is that prime players get matched

52:16

with other prime players and because you've paid

52:18

for it now, there's a good chance you're not going to cheat.

52:21

So it's, it's a cheating bond. Anyway,

52:23

I just thought it was cool as a, as an

52:25

old school counter-strike player. I remember that idea

52:28

that you had. Yeah. You, yeah. Cheating

52:30

bond. That's a really good way of putting it. Is counter-strike two out

52:32

or is that no counter-strike two?

52:34

It's been out for ever or

52:37

like a long time, right? Uh, well,

52:40

yeah, yeah. But they just did a full rebuild

52:43

of it. Like I think it was a few weeks ago, two, three

52:45

weeks ago, the new, new, that new, new

52:47

full CS go went away and counter-strike

52:49

two came out. Oh, okay. Cause

52:51

I was like, I thought, I thought it came out in 2012 and

52:53

then I'm seeing 2023. I was confused.

52:57

That's fascinating. I think that that makes

52:59

a ton of sense. Yeah. It's a game that's

53:01

had valve anti-cheat, like valve anti-cheat

53:03

was created for counter-strike essentially. And

53:06

it's, it's got a very active anti-cheat,

53:08

but there's still people that cheat and hack in it. So,

53:11

so this is just a way to get around that. You

53:13

know, so many of these free to play games are just overrun

53:15

with hackers and cheaters that, you

53:17

know, Hey, you love this game.

53:19

Do you love it enough to pay 20 bucks not

53:21

to get frustrated every time you die to a cheater? I

53:24

was like, yeah, I do. Huh.

53:26

Interesting. So, Huh. Yeah.

53:30

Bring it up. Um, hotlinehacked.com.

53:33

Make sure you go to it. Final ring of the bell, Scott.

53:35

Hotline Hacked. What is it? Where do they go? What should

53:37

they do? Go hotlinehacked.com.

53:42

You want to call the number

53:44

and leave us a message and please

53:47

don't use this just to send us weird things. Yeah.

53:49

Nothing. goes to

53:51

an anonymized email box

53:53

that we're going to go through. Uh, please don't

53:55

send us malware. Alf. We're super

53:57

sorry. We don't know how to pronounce your name. Please don't

54:00

I'm going to use this as an attack vector. Yeah,

54:06

send us some stuff if you're interested, if you've got a good

54:08

story, if you've done something, or if

54:10

you've seen something, or if you allegedly know

54:13

of something, we'd love to hear about

54:15

it. And if we think it's

54:17

good, then maybe it'll be in an episode

54:19

coming up. Stoked to hear from you. Thanks

54:22

for listening to another one. Thanks for making it to the end. And

54:24

we'll catch you soon. We'll catch you on Halloween

54:26

with a very fun episode of

54:28

Halloween Hacked. Oh yeah, special guest.

54:31

Special guest. Special guest. Looking forward

54:33

to it. Catch you in the

54:35

next one. Take care. When it

54:37

comes to personal style,

54:53

it's all

54:55

about layers, especially now. Add

54:57

layers to your fall style with new colors,

55:00

fabrics, and styles from Indochino. Go

55:02

to Indochino.com and use code PODCAST

55:05

to get 10% off any purchase, $3.99 or more.