Hacked - $10 Million in Fake AI Royalties + the 'Infinite Money Glitch' That's Just Fraud + Voter Outreach So Bad It Seemed Like Phishing
Episode Date: September 17, 2024In which we discuss alleged Spotify streaming ad fraud that brought in millions, extremely poor voter outreach and an extended tangent on AI. Correction: we failed to make the "Ramen Empire" joke. O...ur apologies. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
According to charges from the Southern District of New York, in October 2017, Michael Smith sent
himself an email where he laid out the napkin math of his alleged, let's call it streaming AI
music botnet fraud enterprise. The email lays out the following. Using 52 cloud service accounts,
each running the max number of 20 bots capable of clicking on and streaming a song on a platform
like Apple Music, Spotify, YouTube, he could run a network of a little over a thousand
autonomous music streaming bots. Each of those thousand or so bots could stream 636 songs
per day, producing a theoretical 661,440 streams. Smith estimated that the average royalty rate per
stream was half of one cent, which would have meant daily royalty rates of about 3300 bucks and
monthly royalties of just over 99,000. Totaling. To quote the
charges in the indictment, annual royalties of $1,27,128 U.S. dollars.
That was his alleged business plan, Scott.
This is fantastic.
The charges unsealed this week paint a picture of what happened in the seven years since,
and honestly, Michael's math, pretty good.
By 2019, two years into the scheme, he was allegedly earning $110,000 per month,
of which he shared 10% of his earnings with his co-conspirators, who will get in
this puts him pretty close to those original projections.
Earning him, over this seven-year period, over $12 million in royalties for four billion
fake music streams.
So he became like a billboard charting artist for one of his bands, which include the
names Callous Post and Calorie Streets.
No, sorry, calorie screams.
You don't have calorie streams on.
regular rotation. Screams. Calories screams. I messed it up. You shouldn't. Yeah, no, Zygot
wash stands. Zygot wash stands is one of my favorite tracks for sure. You know, it's always playing
in my kitchen. It's my morning alarm clock. The answer of where you would get all this music today is
is obviously AI. But in 2017, that was much less obvious. And these tools were far less common,
which is what makes this alleged co-conspirators all the more interesting.
For this alleged scheme of using AI to produce what the indictment says he called instant music and a botnet to stream these songs en masse to commit royalties fraud,
Michael was charged with variations on wire fraud and money laundering conspiracy.
It is the first U.S. criminal case involving artificially inflated music streaming fraud,
and that's without even getting into the whole AI part.
So we've got to talk about it.
On this episode of HACT, we're talking about the charges against Michael Smith.
We've got voter outreach so bad people thought it was fishing.
And they've got Doom running on stable diffusion, which is nuts.
All that and more on this episode of Hacked.
Okay.
Patrons?
Yeah, we haven't done patrons in forever.
We should talk about our patrons.
Best patrons on the internet, Hackedpodcast.com.
Patrons on the Internet.
Like.
Like.
Benno Oberleason.
Thank you, Benno.
Beno Oberleeson.
Thank you.
Luke. Luke.
Luke, Luke.
Adam Pickard or Picard.
Probably Pickard.
Thanks, Adam.
Bob Evans.
It means a lot.
Bob Evans.
Charles.
Just Charles.
Thank you.
Charles in charge.
Almost as much as Lorne forlorn.
We appreciate it.
Lauren,
Lauren the forlorn.
It's really good.
The ramen queen.
This is the name.
Raman queen.
I also love ramen.
I would love to consider myself maybe like a ramen prince, but you are the queen.
So thank you, Raman Queen.
Someday you will usurp the Raman throne.
Caboose, thank you so much, caboose.
Really appreciate it.
Listen, the ramen.
I don't want to call it a kingdom.
The ramen.
It's amazing.
patriarchy, Jordan. The Roman queen is the head of the ramen societal order. She rules with an iron fist.
Caboose. Caboose, thank you so much. And Nicole. Nicole, thanks. Thanks for everything.
Hunter Kinney means a lot. Jared Callender. Calander. Calendar. Calendar. I think. Jared calendar.
Thank you so much. I'm just really happy this one fell to me. Thank you so much. Boof it. Boof it.
Well, I'm also happy this one fell to me.
Colonel Mustard.
Thank you, Colonel Mustard.
And last but certainly not at least, Andrew Johnson, thank you much for your support, so much for your support.
It all means the world to us.
Keeps this thing turning.
If you want to support the show, hackpodcast.com, kick it on over there.
For now, it redirects to our Patreon.
It should probably redirect to a website at some point.
But for now, you can get to our Patreon by going hackpodcast.com and support the show.
The show that we're making now, talking about 10,000,
tech stuff. And thanks to all the audience members for sitting through that as Jordan and I went to
the list of patrons. And it took way longer than it should have and way more, you know, banter than it
probably needs. But we appreciate you all. Thanks for coming. I'm not a listen to podcast on 1.5
speed person, but if people want to briefly listen to the podcast on 1.5 speed before slowing back
down to the one true speed of 1X, I don't have a problem with that personally during the Patreon section.
Well, I love and value our patrons, and I think that they should get a 0.75 speed read,
which is why we take such a long time to read them and make funny jokes about their names,
because we love them.
We love them like family, and family gets made fun of.
0.75 being the like, no, you really need to savor this part of the show.
You got to slow it down.
I like that.
That's good.
Okay.
I take it back.
One X speed, bare minimum.
We got a lot to get into in this one, Scott.
Where should we start?
Let's start with the fact that it looks like we got a lot of AI stuff to talk about.
Like I think a few of these stories are all AI based.
And AI is like just a part of our daily news these days.
It seems like AI is everywhere.
Everybody's talking about it.
And investors are hot and bothered by it.
Some people think it's a big sham.
So it's a point of discussion.
I was just yesterday talking about AI with somebody in the office who says,
that they think it's overblown.
Apple yesterday released their new iPhones,
which are AI powered,
and that apparently hasn't landed like people thought it was going to.
But I think we're going to talk about some AI and a few other things.
Yeah, and this one's a little bit of an AI throwback story.
It's also much more of like a what you can get up to with a botnet and a little bit of gumption kind of story.
Because while there is AI in this story,
a damn near could have been white noise as far as I can tell, but we'll get into that.
So Michael Smith, 52 years old, a music producer from Cornelius, North Carolina has been charged
with wire fraud conspiracy, wire fraud, conspiracy, and money laundering conspiracy.
These charges are always weird.
Smith allegedly defrauded a bunch of big music streaming platforms, Spotify, Apple Music,
Amazon music, YouTube music out of more than $10 million in royalties through this very elaborate
scheme involving AI generated music and automated bot accounts.
It is the first U.S. criminal case involving artificially inflated music streaming fraud.
It's a very fascinating one.
What do you think about this one, Scott?
It's interesting, mostly given the time period, like 2017.
So we're not like the AI generated music back then.
I'm not entirely sure what that looked and sounded like.
I assume it was just downloaded MIDI run through, you know,
logic with some plugins.
I assume maybe like you wrote an algorithm to randomly generate MIDI notes.
Anyway, I've been here eyes on that for a while, but there's no point.
That's interesting.
And then literally just illegally streaming it.
But like, and that, that is the point that I think is the most interesting because in 2017,
you know, we're just seeing the botnet havoc that runs its course on ad networks,
that runs its course on streaming sites.
Like in today's day, like view botting is like a big part of the streamer culture.
It's like, you know, you'll get streamers that blow up and all of a sudden they have 6,000
people watching them, you know, live, but 20 people are talking in the chat.
And it's like, okay, well, like, how many of these accounts that are viewing you are lurkers or how many of these accounts are actual, like, bots, just like that you've paid for to increase your numbers and increase your profile and things like that.
So, yeah, like this is right in that window of like, hey, we can game these algos.
This game just comes with a paycheck where most games come with a clout and notoriety, which then comes with a paycheck, where this is just,
just direct fraud.
The other people are committing like second generation fraud.
Yeah, assuming this all played out the way the charges outlined them,
it is one of the most longstanding bot fraud things I've ever heard of.
It ran for such a long time.
And it didn't really feel like it was in service of building one, call it,
creator's brand.
It was really just about using a mass of different artist profiles,
each producing their own songs
just to try and generate revenue.
It wasn't really about building one figure up.
It was about building a big fat pile of royalty payments.
Yeah.
And to get into the,
where did the music come from of it all,
I think that's sort of what's maybe
one of the more interesting things about this.
As we talked about in the intro of the story,
in 2017, he sends that email to himself
breaking down the economics of this.
But in like 2018, I think, give or take,
We start to see some of the other characters in this story, two other co-conspirators.
There's a music promoter who is maybe the least interesting part of all this.
So they were unnamed in the indictment, but they were codenamed CC3 in the paperwork.
And CC3 refers to a unnamed AI music CEO, who was one of the people splitting sort of like a little bit of the revenue from this thing.
It is named as a co-conspirator, which means that back in 2017, 2018,
Smith allegedly got a hold of someone who was in that early AI music generation space
and had them start generating what he referred to in these emails as instant music.
The person, this sort of co-conspirator joked in an email,
keep in mind what we're doing musically here is not music.
It's quote, instant music winky emoji.
So it seems to be like a pretty good sense that what they're creating isn't real music a person would listen to,
but it does check.
all the boxes for a royalty generating Spotify stream.
Mm-hmm.
There's a, this is entirely hypothetical, but there's a part of me that wonders if this AI
music generation CEO wasn't passively funding his startup through royalties fraud.
Sure.
And then there's a comical dark, dark comedy part of me that's like, and wouldn't it
be funny when Google then buys his music AI startup for like $2 billion.
So it's like, well, actually Google's been funding it the whole time.
Yeah, sure.
Somewhere there's like a VC pitch deck being like our AI generated music from artists like
Zygotic washstand and Callis Post have generated millions in revenue in what is now being
revealed as just royalties fraud.
Yeah, I could see that maybe having shaken out that way.
I think there's also an interesting economic philosophical conversation here about, like,
if you build an AI that's capable of creating something that traditionally artists have received royalties for,
will your AI have rights to royalties?
Like, if we write a music generation AI that generates pop music at the level of Taylor Swift and Justin Bieber,
does our AI then receive like millions of dollars in royalties and billions of dollars in licensing
rights and like what does that future look like?
Is there going to be a race between AI developers to create, you know, what is the new pop?
Yeah, there are two distinct but overlapping ethical and philosophical questions here.
One of which is, I think, a lot more cut and dry.
And it's the fact that no one was listening to this music.
These thousands of different accounts, different artists that Smith was allegedly constructing,
weren't being listened to by human beings.
They were being listened to allegedly by a botnet of his own design.
He was signing up for bulk email accounts through vendors that sold them his packages,
using those to sign up for these botnet accounts and just sort of creating a little house of cards that way.
There were no humans consuming this content.
So in a very, very brass tax sense,
that's where the fraud took place.
It was bought fraud against streaming platforms.
For sure.
And we've seen this with clients of ours when you buy third-party advertising
and all of a sudden all your traffic's coming from one server in Florida.
And you're like, what's going on with us?
Exactly.
We see this all the time.
It's just I guess my question was more like in a hypothetical sense.
What's going to happen?
Totally.
Yeah.
And that to me is the second philosophical question is what if people
just start listening to content created by an AI company like this one that allegedly worked
with Smith. That's a different, much weirder question. And who earned the royalties, the people
that made the model or the person that commissioned the AI music? Well, if Twitter or X and even
some Instagram, like there are famous Instagram models now that are just AI generated. And it's
like, like, how does the world change when our,
micro celebrities, I guess, for lack of better terms, are just manifestations of a robot.
So there's this thing called the Mechanical Licensing Collective, which is a fantastic name.
They're the sort of international body that oversees royalty payments.
And they were one of the first groups that got on to this question of who is this Michael
Smith and is this real music?
And are much more importantly are these real listeners?
there's this fascinating thing in the charge of sort of this timeline of accusations and responses.
And for a long time, the MLC had been gun questioning some of Smith's activities, raising
doubts about how we could be generating so much music so quickly without using AI.
And based maybe I would, this is conjecture, but on the quality of that music, whether or not
the people listening to it were actually listening to it.
He said some variation on, we have clearly demonstrated that Mike Smith's,
works are not AI generated, but rather they're a human author.
This was the sort of music promoters defense against this.
MLC started withholding royalty payments after identifying suspicious behavior.
They played a pretty big role in turning this from a question into an investigation.
Smith starts getting confronted by the streaming platforms in about 2018, 2019,
about the weird kind of streaming patterns.
And in response to a 2019 accusation of streaming fraud from one of those platforms,
Smith denied wrongdoing stating I have never done anything to artificially inflate my
streams.
It's a very fascinating story.
It paints a picture of a person that was at some point trying to create music themselves
and generate an income as an artist who then tried to scale that by fraudulently.
The generation wasn't necessarily fraudulent by allegedly fraudulently having bots consume content
that he was creating and then later that an AI was creating with the help of this
CC3 unnamed CEO of an AI music company.
Fascinating.
Yeah, it's an interesting one.
Fascinating.
It's quite an operation and quite a profitable one.
I feel like every time I go on YouTube these days,
I'm being told to make fake ebooks and put them on the Amazon Kindle for what I can
only imagine is like the,
the 2024 version of this scam.
So I get it.
I see how people get here.
You know, nobody likes...
The thing is, this isn't even free money.
Like, these people have to work for it.
You know, they're...
Oh, this was a lot of work.
They're creating AIs to create music.
They're creating bots to, like, farm impressions on it.
I don't...
Yeah, it just seems like a lot of wasted utility.
But maybe they learn something in the process,
and maybe that, those learnings will be imparted on the next generations of music
generating AIs.
So...
I think wasted utility is a really good way of putting it.
And it's the thing I think every single time I see one of these schemes of like with this new tool,
you could theoretically game system X.
And it's like it to me,
it goes all the way back to like when I first started learning about drop shipping.
It's like, you know, you could make money by manipulating the slot machine that is the Facebook ad marketplace.
I'm like, yeah, there's a lot of bad ways to spend my time that theoretically could generate revenue.
don't want to do that. That isn't a useful or interesting use of my time. And it feels like with each
one of these little technological waves we go through first chat GPT, hey, you can generate Kindle spam
and try and juice some money out of that. Hey, you can generate Spotify spam and juice some money out of
that. I'm just reminded of that over and over and over again. I don't really have a problem with
anyone wanting to make some music quickly with an AI for like personal consumption or a meme
or a joke or sharing with someone. But when you try and like gamify it into a business,
without even getting into the ethical side of things, it just seems like a silly use of a human
being's time. Yeah. Well, this goes back right to our first, you know, years ago, our first discussion
about chat GPT when it came out. And I was just, and we were talking about how with referral,
marketing, there's so much garbage on the internet that finding anything truthful is impossible
these days. And chat GPT is just going to facilitate the shit out of that because it's like,
hey, we want to make an entire fake review site that fake reviews blenders. It's like great. Like
chat GPT will generate us 18 blender reviews in 45 minutes or 45 seconds. And then we'll just
throw this up as garbage content. And then chat GPT's learning agent,
will come by and scrape our garbage content and feed it back into their matrix.
Into itself.
Great.
The thing that...
Okay, before we get into the internet is becoming a great group thing.
If convicted, Smith could face up to 20 years in prison for each count.
It's a fascinating story.
We're going to be following it.
To finish the thought that you were having there,
whenever I hear about those types of projects of people clearly just scraping human
authored content to recycle and repost and hopefully, again, game now the Google AdWords
system of trying to juice a little bit of ad revenue out of it. I am disappointed. When I hear people
talk about that as a potential road for like journalism and content to go down, I am frustrated.
Because to me, it represents such a fundamental misunderstanding of where the information you get
on the internet comes from. There are two places the writers of that content get it from. They
can go out and do reporting. They can ask questions of primary sources. They can figure out what
happened and tell you about it, or the information is released to the press in the form of a press
release. Chat GPT cannot do the former. So the only news you would get by an AI-powered news
ecosystem is the latter. It is that which is released to the press bot for it to digest and
rewrite and publish on the internet. So if you're comfortable with the only information you get out of a
journalism ecosystem being that which is released publicly to you.
If you're fine just being sort of publicityed at by robots,
that's what you're going to get out of that system.
But if you want to know things that require people to ask questions and follow leads
and do reporting in its current state and for the foreseeable future,
these tools are not capable of that.
That is my little rant.
I like your rant.
I kind of just want to have an AI conversation now
because it seems like something that everybody's talking about.
It's becoming like a thing.
Like this is a chatty chat.
Let's chatty chat it.
Do you think it's overblown?
There's a lot of people out there nowadays
that think that AI has gotten too much hype,
that it's too hyped up.
It's not good enough.
It's not doing things perfectly.
What are your thoughts?
What's your take on this?
I'll give you my take after yours.
Yeah, for sure. I would say, is this a frustrating answer? I would require clarity about what is meant by the statement over hype. Do I think that the current generation of generative AIs is a stone's throw from AGI? No, I don't think that that's how this is going to work. I don't think that if you just, a little bit more progress, we're going to get to AGI with these tools. No, I don't think that's where this is going. I think we're still a long way out from that. Do I think that the utility of these tools is over?
overhyped.
Not really in that for every instance of overhype of what they can do, there is a discovery
of a thing that wasn't being talked about that they can do.
And those two forces sort of balance out to me.
That for everyone saying, you could run a whole news website using this, my previous
point still stands.
But then someone will figure out that they can, I don't know, for example, emulate doom
and stable diffusion, which was on no one's radar.
So for every overhyped thing, there is an unexpected thing.
And I think that that sort of lurching progress is the stage that we're in right now.
And as such, I would say that hype is, and I'm not talking in a business sense,
in like a investor culture, yeah, there's way too much hype.
But just in a, as we understand this technology sense,
I'm not too worried about the hype.
How about you?
Kind of the same.
One of the things that I'm noticing is that there's a lot of talk
about it being overblown and a lot of talk about it, you know, from people who I don't think use
it. Because if you use and get fluid with it, if chat GPT and generative AI becomes part of your
process, my God, does it make you more efficient and effective? And I say that from like
a drafting documents, writing code. Like I was having a,
a conversation the other day with a lawyer who feeds it all of the depositions and
things like this from his case. And then he will, and then he queries, he's like, here, put all this
stuff in your memory. And then he asks it questions like, in all of the interviews, are there any
inconsistencies between the things stated? And they will pump out a list of inconsistencies.
Like something that would have taken him hours or them hours to do, this robot's doing in
seconds. And the same goes for programming. Like I was responding, being like, you know, when I write
code, generative AI, assuming it knows the language, which it usually does, is the best junior
programmer I've ever seen. It writes better code that handles more cases and exceptions states
than like most non-senior engineers do. And it's like, and it does it in seconds. Like it isn't
smart enough to be like, here's a problem, solve it. But it's like, I've created the solution.
You create me the components that make up that solution. And it's damn good at that.
So it's like, for me, it's not overblown at all. And even from an investor in economics perspective,
I don't think it's overblown. Because, you know, we talk about something like the Blackberry
and mobile email and what that did to worker productivity and output. And that, you know,
impacts that that economically had, AI is already at that level.
Like, if companies aren't embracing AI as worker productivity things, they're falling behind.
And that's just going to get, like, the fact that it's so young means that it's going to get better and better and better.
And like, it might not be another big revolution like we had when it was introduced, but it's going to get incrementally better.
just like we went from a Blackberry to the new iPhone 16 Pro.
Like, they're kind of the same thing, but they're kind of not.
And I feel the same way about AI.
It's just going to get better.
And as supply and demand and market forces hit it, like the lawyer I was discussing,
excuse me, the lawyer I was discussing this with doesn't work for a monster agency
that has a custom IBM solution.
So they're using.
chat GPT rather than some multi-million dollar super legal system.
But the thing is, is that that stuff will eventually waterfall down to those younger lawyers.
And there's those smaller law firms.
So it's as we proceed into the future, it's just going to get bigger and bigger.
No, I don't think it's overhyped at all.
I think that people's lack of imagination is restricting it at this point.
Like, it could be doing much more than it is if the right people were designing where and how to integrate it.
Well, that's about as good a transition to what we're talking about next as I can possibly think of.
Which is to say, on August 28th, we're going to get game dev nerdy here for a minute.
On August 28th, 2024, Google and Tel Aviv, university researchers revealed what they call game engine.
It's not game engine.
It's game uppercase, the letter.
N-gen, as in generative, which is a game engine, which is an AI model that can simulate gameplay
from the 1993 first-person shooter game, Doom, in real time, using AI image generation
techniques.
This is one of those, like, I just need to make sure I'm understanding this, right?
Because if you really did what I think you did, this is absolutely wild.
Game Engine uses neural networks and image generation, sort of based on stable diffusion
architecture and it hints at a very weird future for AI game development.
What they essentially did.
So traditional game engines, there's a loop.
You gather a user input.
You update the game state, the player's position their health, and you render out visuals
on the screen following predefined rules that were coded in.
This system game engine kind of skips that manual rule programming and instead uses a neural
network model to predict each subsequent game frame in game state based on the previous
frame on an input of the previous frame and the user's action.
So what they basically did is they trained this thing in two phases.
First was a reinforcement learning agent training where they have a separate agent running around
inside of Doom learning how to play it.
And it is recording a combination of the gameplay actions, like the inputs of the player
and the frames that are occurring at the same time as those actions.
And then they pipe that cocktail of a frame and an action.
set into a diffusion model.
And they kicked this thing out, which is a very accurate facsimile of Doom running at 20
frames per second on a one tensor processing unit, getting like very, very close to the
original quality of the game.
Human testers had a very hard time distinguishing between the actual real gameplay footage
and game engine simulated gameplay clips.
This is what I'm talking about.
This is what I'm talking about right here.
That is that is that is that's not.
That's absolutely nuts. If you think about what that combination of feeding in a player input and a output frame as being able to generate an interactive simulation that you can walk around it, it's like think about, yes, Doom had to exist for you to be able to have a player agent running around in it that you could require, you could record those inputs.
But theoretically, if you had some sort of an object that captured camera frames and motion input,
it's like, I don't know, a drone and you set that off using this exact same process,
couldn't you theoretically, like, create a like interactive, like, imagine Google Maps wasn't
a series of 360 degree photographs you could click between and was just a 3D model environment
you could walk around in that no one had to model.
Wackadoodle.
It predicts the interiors of buildings.
You can just go for a tour.
Let's guess.
It's like, what's Jordan's house look like?
the but but like like if you know anything about like what invidia is doing with d lsss like frame
generation and ai like they're essentially given given some of the same inputs i'm not exactly sure
i'm not a pro at it nor do i work at invidia and know the IP behind it but they're they're
they're doing frame interpretation interpolation so if you're generating say 120 frames a second
the AI can generate a frame in the middle of each of those frames that looks almost perfect.
So, like, they've got it to the point where they can, like, and here we are on the, the, the day after they just announced a new PS5 Pro, and it's price tag, which everybody's very riled up to talk about, even though they've probably never seen what a gaming PC costs, because it costs a lot more than a PS5 Pro.
But it will have apparently some of this AI frame generation in it.
So you'll be able to run a 4K title on a 4K TV at 120 frames a second,
which is pretty wild out of the price of a PS5 Pro.
And a lot of that is coming down to some of these AI facilitations.
So it's a crazy space what they've managed to do.
The doom things nuts because it's looking at so many things
and essentially generating an entire game.
But this field is fascinating.
And like we saw this at DefCon,
they're training systems to auto detect,
auto detect flaws in code that create security problems
and then patch them automatically,
knowing how to solve for them.
And it's, I don't know,
I don't know how you could over-hike this world.
You know, it's a revolution.
and it needs to be treated like one.
The concept of, so like I know that Runways Alpha and Open AI is SORA,
which is kind of a, is more of a video generator,
are both functioning on this idea of like world model and world simulation
where you are creating a space that theoretically,
you can export a video out of it.
You could render a fixed camera position,
but those cameras are movable.
And that starts to get into this really blurry space between,
is this video generation?
Is this a world sim that I can run?
around in inside of a video game.
But it seems like a pretty important shift when you pair that world generation with the,
what do they call it, the reinforcement learning agent training process.
If I can create, you know, this navigable environment and then I can let an agent loosen
it and tell it, just play with this until you get a massive, massive, massive training data
a sized batch of inputs and frames, which we can then use to sort of train a little model
and let a person then walk around inside of this.
It rapidly gets over my head, but the sort of implications are pretty dizzying.
It's going to be fascinating to see how this gets used, you know, frame generation as like a
sort of in-between state that we're currently in is cool and is interesting, but I'm curious to
see where the next generation of this gets us.
what kind of experiences people can cook up.
Well, I'm like what from a, from a game,
seeing as we're both game dev nerds,
um,
I'm really excited to see when this starts to integrate itself into
unreal unity.
Sure.
Like think about it from a level design perspective and you're just like,
hey,
you know,
generate me a first person shooter map.
And imagine in interacting with the same as you do chat GPT.
Like, oh, be sure to add, you know, two sniper positions, one on each side of the map,
et cetera, et cetera.
Like, you could start to outline sight lines, make sure that all roofs have at least two
points of access.
Like, you would be able to, and also, like, run some playthrus on it.
Do some pathfinding.
See if there's any places where you have longer exposure than this.
You know, you could, are places where you can go with the between cover that are longer
than, you know, this many feet or inches or whatever.
And also then, like, theme it.
Be like, you know, make it more 1942 Russian nuclear base.
Perfect.
Like, refine this.
Remove this.
Like, it'll be, I don't know.
I'm so excited to see, like, the, I definitely will say that I play more with the text
based generative AI stuff than I do with the video.
I have been playing around a lot more with the audio stuff.
But the video and image stuff, I, I,
am always impressed with even when I shouldn't be. It's still very impressive to me, but I,
but I, uh, but I can't wait until this stuff starts to integrate itself into some larger
scale tools. And I'm excited for what that's going to mean for game developers like you and I and
what smaller teams will be able to create. The thing I'm fascinated for this is like,
I still want things to be authored. The idea of typing give me a, I don't know, military themed
first person shooter into a text box and playing that is like profoundly uninteresting to me.
The idea that I'm just going to stumble around inside of a like simulated environment built on a
stack of LLMs and prompt.
It's just like that's not, I don't.
What are the odds there's anything interesting in there?
That's worth my time.
But as an authorship tool for like creators to be able to build things to be able to say,
you know, I could model this environment in 3D or I could go.
find a real place and film it and feed that, you know, that data into a model that would
reproduce that environment and let me run around inside of it. It's like, oh, that's, that's a new
tool for authorship. It reminds me of photogrammetry versus modeling. It's just different ways
of getting an idea into a computer. You could take reference photographs or you can kind of just
scan it and then run it with stable diffusion. I strongly agree. I think, and I think the same thing
goes is that as an efficacy tool, AI is going to be huge.
But I think that even in today's thing,
and when you leave it to generate something,
it's generally kind of, you know, lacking.
So I think that humans will remain a part of the AI process
as getting things that interest humans
until AIs know us better than we know ourselves,
which could very well happen.
But I think, yeah, conceptually, I think,
you leave those pieces with the humans, but I think that the AI can facilitate so much of the
quote-unquote administrative side of generating things that it'll be, it's revolutionary when it's
done right.
Well, let's kick it over to some human-authored advertisements in the advertising
oasis.
And when we come back, I feel pretty confident saying we will not talk about AI, but we will
talk about bad voter outreach, glitch as a polite euph.
for fraud and a couple other little things when we get back.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late, an alert buried, a signal missed, an SOC that just
couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground
up for a world where attackers are already using AI.
They created the Aurora super intelligence platform with fully agentic system powered by the
swarm of experts. Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of
deterministic agents that handle whole entire workflows. Humans stay in the loop and on the loop
to validate the critical decisions and keep everything trustworthy, and all of this is just off
running on their secure operations graph. A constantly updating intelligence engine fueled
by more than 9 trillion telemetry events every week and over a decade of real-world incident
response. The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate,
agents that respond at machine speed,
and hundreds more that automate the repetitive work
that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works
with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform
so every AI-driven decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking,
year for major breaches, from sophisticated ransomware operators to AI-enabled attacks to turn
defenses on their head. Organizations around the world saw headlines they never expected and
cybersecurity teams were tested like never before. But here's the thing. These incidents aren't just
news headlines. They're learning opportunities. And that's why Arctic Wolf is hosting a live
webinar on February 5th diving the most impactful breaches of 2025. Their field CTO and security
leaders are going to unpack not just what happened, but why these attacks succeeded. And most
importantly, what businesses can do to fortify their defenses for it's too late. You're going to
walk away with real insights and how threat actors are evolving, how defenders are responding, and what
strategies can help you stay ahead of the next big breach. It's not fear mongering. It's practical,
actionable, intelligence from experts in the trenches. Register now at arcticwolf.com slash hacked.
And we're back. We're back. Here we are. Not talking about AI. Yet. Yet. Yet. I'm going to
I'm going to get a big button, a big buzzer.
And if we start drifting towards AI, I will hit it.
This one's fascinating.
Krebs on Security, we kind of broke this story.
Scott, I want you to imagine you just got this text.
It comes from a number you don't recognize.
And it reads, we have you in our records as not registered to vote.
Check your registration status and register in two minutes at HGTPS-colon slash all dashvote.com
slash VFI question mark UTM, and then the active URL ends, and it reads term dash, and then just a bunch of gobbly cook.
Would you read that and think, this sounds like a legitimate voter outreach campaign, I should definitely click on that link.
The fact that it has a UTM section, which means that it's being tracked, would give it more credibility to me.
I don't know how many fissures run Google tracking pieces in it, but.
Sure for the analytics?
No, no, I definitely wouldn't. I would actually probably flag it as spam and delete it from my phone. I actually get boatloads of messages like this and some of them might be legitimate, but they all get deleted and flagged a spam and often the numbers blocked.
Yeah, you and a lot of people would do that. I find this one fascinating. Shortly after this giant text message blast goes out to recipients to all dashvote.com, media outlets start reporting on it as being a
a scam. August 27th, WDIV, Detroit, Channel 4 affiliate, starts warning of an SMS message resembling
like it looks like there's a giant voter outreach fishing campaign and sort of fears saying,
if you click on this, this might end up in a situation where it could block voters from casting
ballots. It pretty quickly gets reported on as there is a scam happening right now, Arizona
Pennsylvania. They're all issuing alerts. Recipients are being interviewed in these news reports
talking about how they believed that they were being sent fishing attempts because they knew
for a fact that they were registered as voters. A seventh grader from Canada received one of these
messages. Turns out this was just an exceptionally poorly run voter outreach campaign done so badly that
it looked like it was a fishing campaign. If you clicked on these links visiting allvote.com
to try and check, you know, you go, okay, this URL is weird, but let me go to allvote.com.
It was down when they sent this out and redirected to a login.
page for a totally unrelated voter registration platform.
Even better.
That was registered very recently, adding more to the suspicion.
Deborah Cleaver, founder of Vote for America, explained that the source of the messages was a political consulting firm called Movement Labs and highlighted the sort of like key error in their approach, which was violating a basic rule of voter outreach by telling people that they were not registered.
This is considered like, if not bad practice, borderline analysis.
given that a lot of these voter registration lists are outdated or inaccurate.
A fascinating story at a very sensitive time in the American political ecosystem.
And just a reminder that for as big a problem as fishing is,
people are getting better tuned to what these messages look like just by way of the sort of sheer
volume of them that exist in the world and that if you are going to try and do voter outreach
and you don't want to have damaging consequences, you've got to be aware of that.
I think this is a silver lining story.
Yeah, I can see that.
Anyway, when I read this story, this is great.
Like, this is people having their guard up high enough in today's reckless world of cybercrime to be like this thing, which was ended up being legitimate.
They flagged it.
They're like too many, like, this is the byproduct of corporate fishing training, like right here.
everybody's sitting at their desk at WIB in Detroit
and four people's phones blow up with this exact same message
and everybody goes, this is a scam.
That to me is a silver lining.
Like I'm pumped that this got even when I amped.
This got to the point of being completely blown out of proportion
and reported on as being a scam when it in fact wasn't.
Granted it was there was some ethical boundaries
cross and stuff. But I love that. I love that. I take your point though. Yeah. No. Yeah.
That's a point for the good guys. You know what I'm saying? Yeah, that's a point for the good guys.
Okay, while we speed run some of these stories in the back half of this episode. As we speed run some of
these stories, I think that you should speed run over to hotlinehacked.com and tell us your interesting
story of cybersecurity. Whether it was you got fished, maybe you hacked something, maybe you broke
into the human resource person's computer to look at how much everybody was getting paid.
Maybe you made a fact simile. Real story from last episode. Maybe you made a facsimile of some
parking passes again. Or maybe you have to do an API for an e-buy company. Let us know your tales
and we might bring them to life on an episode of Hotlinehacked. So hotlinehack.com. Speaking of good news stories,
Here's a bad one, and it concerns the word glitch.
The word glitch, the language of life hacks on TikTok, has increasingly become an umbrella under which people just sort of provide tutorials for full-blown fraud.
And a pretty fascinating one happened pretty recently.
Viral TikTok trend referred to as the free money glitch claimed that users could withdraw money from Chase Bank ATMs by exploiting a supposed loophole.
the thing that they were explaining how to do involves,
see if this sounds familiar to you, Scott.
The tutorials on how to deposit a check
for a large amount of money to the bank
when the user didn't actually have it
and then withdrawing a smaller
but pretty significant portion of those funds
before the check cleared.
Participants in this TikTok trend
believe they were taking advantage of a glitch,
which is, in no uncertain terms,
Just check fraud.
It's just check fraud.
It's not a life hack.
It's not a free money glitch.
Chase Bank has confirmed that individuals who attempted the scam are being reported to the authorities for again, full-blown check fraud.
We have a few systems still in society that put trust in, you know, humankind.
And this might be one of them.
And I feel like it's ruined for all of us now.
Like, it's gone now.
Sure.
It only takes one person to ruin it at all.
You're going to ruin it for everyone.
We can't do checks anymore because you made a viral trend out of check fraud.
Yes.
Yeah, yeah, yeah.
Chase Bank pretty quickly started freezing accounts of people who try to do check fraud.
According to a Chase spokesperson, the bank is working closely with law enforcement.
They're handing over surveillance footage, as they do in cases of check fraud.
And they stated plainly, regardless of what you see online.
depositing a fraudulent check and withdrawing the funds from your account is fraud, plain and simple.
They didn't disclose the exact number of people involved.
Reports have suggested that hundreds, if not thousands of individuals may have tried the scam
spurred on by these videos, which had been watched by tens of millions of people at this point.
I tried to go on and pull some down to include the audio in the episode, but I'm happy to say
that I think most of them have been taken down.
One popular one featured a woman trying to convince her mother that she could get
between $40,000 and $50,000 through the glitch, to which her mother just sort of responded by saying that, like, I'm pretty sure if you do check fraud, the bank account will get closed and we'll get charged with fraud.
So there is, there is some sense.
No, the older generation is still holding onto that wisdom.
The wisdom that if you steal from the bank, you might get in trouble for it.
The bank robbery, famously not liked by banks.
Yeah, there was a good tweet.
Only TikTok would transform grand larceny into a life hack and renamed Czech fraud as a glitch, which couldn't have put it better myself.
I love that in this world that we're living in, the TikTok is just the basis for brain rot, glitches.
Like, society fully understands how bad this is for our, for humankind.
But we're just kind of cool with it.
You know, it's entertaining.
It's a good way to kill time in the Starbucks lineup.
Yeah.
You get those views, man.
I get it.
We're here broadcasting on the internet.
I'm not one to judge.
It's fun to make stuff.
Just don't tell people to do fraud inadvertently.
I'd say that is maybe the sort of North Star of this show.
Don't inadvertently get people to do fraud.
And you broke the golden hacked rule.
TikTok creators teaching people to do.
do check fraud.
Don't do that.
That one's,
oh,
that moral ambiguity of this show.
That one's pretty cut and dry.
Don't,
don't,
don't do it because they'll charge you for fraud.
The nomenclature here,
like unlimited money glitch.
Like,
I just feel like,
I know,
it's so good.
In,
in the brain rot that is going on,
you know,
all of the online terms,
the gaming terms are just now fully part of our,
our lexicon now.
Unlimited money glitch,
which is like a old school gaming thing.
where when you found a glitch in a game where you could just like generate money.
Now we're just doing it in real life.
We're just doing it in real life.
Yeah.
There's this sick new unlimited money glitch.
Inside everyone's house, they have stuff.
And that stuff can be exchanged for money.
So if you go into their house and take their stuff and then sell it, you can basically
have unlimited money.
This is going to sound conspicuously similar to larceny.
And I promise you it's not.
It's a glitch.
It's a life hack.
It's good.
Yeah.
Like don't do larceny.
Don't do fraud because TikTok told you too.
See, but why even go into somebody's house and take things?
And then you have to take them to a pawn shop to sell them.
Sure.
When you could just go into a bank and demand that they give you the money, they're holding it.
They are in ops.
You just go into the bank and be like, give me the money.
You know, what's wrong with that?
Unlimited money glitch.
I want to keep the bit going and just add in like a thing about like,
now they might not want you to, but if you heard a gun,
but we're just getting into like providing instructions for crimes.
So I'm not going to do that even sarcastically.
What I am going to do is pivot us desperately and immediately towards a story about the TSA.
That's what I'm going to do.
I think we need to, we need to add one conditional to this.
Please.
Nothing in life is free.
Nothing in life is free.
You have to work for what you get.
there might be some glitches,
but usually if you take advantage of them,
you're probably either A,
taking from somebody else or B,
going to go to jail.
Don't do them.
Nothing in life is free except for Apple Music,
royalties and Kindle GPT novels.
Let's put a bow on it on this one.
This is just like a small story.
Security researchers...
We're getting off base here.
We're way off base.
Security researchers,
which is Ian Carolyn Sam Curry reported a major vulnerability in a login system used by the Transportation Security Administration, TSA, that verifies airline crew members at airport checkpoints.
And the flaw allowed someone with a basic understanding of SQL injection to go into this database and add a fake pilot or crew member to official airline rosters.
If you are on one of these rosters, you can in many cases bypass security.
and enter into restricted areas of the airport,
you might even be able to get into the cockpit of an airplane,
and it was all just an SQL injection away.
Carolyn Curry found the vulnerability
while they were testing a third-party vendor's website,
which provided smaller airlines with access to TSA's known crew member
and cockpit access security system.
While they were testing this system,
the researchers inputted a single apostrophe into a username field
and got a MySQL error signaling a voluntary,
a vulnerability that they were then able to exploit.
I think when I originally read this story,
they successfully put somebody into a jump seat of a cockpit of a plane.
I don't know if that was true,
but I recall that fact from the first time I read it.
And also, like, just to talk about it from a technical side for a brief moment.
Any kind of query, so like when you have a text entry box,
just for your sake.
When you have a text entry box on an internet site, chances are the data from that is going into either a query or it's being injected into a row of a database like row.
You know, it typically finds itself into an SQL query at some point.
And the most primitive security measure is escaping that to make sure that if there's any SQL control characters that they're escaped so that they're.
so that they don't impact the query.
And this input box was not receiving that treatment.
Interesting.
It would align with, I'm a frequent traveler.
I engage with the TSA on a fairly regular basis.
And I'm always struck by, there's this famous stat that floats around.
In a number of random tests conducted at a busy airports all across the United States,
an internal group to the TSA known as the Red Team were able to smuggle mock weapons
and explosives past TSA security checkpoints 67 times out of the 70 attempts they tried,
which equates to a 95% failure rate.
I'm just going to lob that stat up into the air, held next to this one that there is apparently
a, are you a pilot list that you can work around with an SQL injection?
Just add yourself too.
Yeah.
And the worst part is that I don't really know how you fix that because it seems like what
they keep doing is saying like fewer belts less shoes smaller fluids and like i don't i don't
think that's how you lock this system down i don't know how you lock it down i don't know how you
improve this but it doesn't seem like it's going so hot that's a dark twist on this the i am also
aware of some of those tests and some of those tests that have occurred at my regional airport
really, that were wildly successful getting guns through.
And I think the, how do I talk about this without talking about how to smuggle guns on airplanes?
Given some modern techniques and the lack of dependency on metal components.
Oh, no. Don't tell people to 3D print plane guns.
No, I'm not. I'm not. I'm not. I'm not.
but like I just feel like they need to reinvent
sure what that like security process looks like
because the world that they're used to
and the world that they're built for
I just don't think exists anymore
like I could probably bring a 3D printer
onto the plane with me
with a lithium battery big enough to run it
you know what I'm saying like we're living in different times
I have no beef with the TSA.
I'm actually a frequent traveler,
and I am on their priority list.
I'm TSA pre-check.
I have all the rest of that jazz.
And there's no headaches for me.
It's actually great.
I got a priority line.
I can take food and beverages in and out.
I don't even have to take the liquids out of my bag anymore.
If you don't, if you frequently travel and don't have that kind of clearance,
then I can tell you right now that it is worth every penny.
I might need to do that so I can get my 3D printer onto the plane, plug it into the back of the CESB, and just make everyone anxious.
Oh, no.
Coming back from the edge.
Coming back from the edge.
I think that puts a pin in another one.
We got some fun episodes coming out.
We won't tease them.
But there's some cool stuff coming down in the pipeline.
We think you're going to enjoy it.
Big old thanks to our.
Patreon as we wrap this bad boy up hackpodcast.com redirects to our Patreon.
Hollandhack.com if you want to share a story for our now monthly call-in show means a lot.
We love to hear a good tale.
Yeah.
I think other than that, we're just going to go ahead and catch you in the next one.
Take care, everybody.