Hacked - News Update - Zero Stars in Wuhan
Episode Date: March 17, 2020Jordan & Scott discuss homework hacking in the heart of Wuhan. Learn more about your ad choices. Visit podcastchoices.com/adchoices...
Transcript
Discussion (0)
The people of Wuhan have officially been under quarantine for almost two months.
Just a couple days before the lunar new year in January,
all transportation in and out of the larger Hubei province was cut off.
One day, roadblocks popped up,
and some 56 million residents were sealed off from the outside world.
The government ordered they wear masks, stay inside,
and report their body temperature on a daily basis.
All at once, a city with the population of New York turned into a ghost town.
A response to the WHO called Unprecedented in Public Health History.
A lot is going to be written about the Chinese response to COVID-19.
We're probably not the people to write it and now probably isn't the time to try.
But there's a hacked story in here.
So the way I see it, you can look at what's happened in Wuhan in two ways.
On one hand, the day before I recorded this,
the government announced that they were shutting the last 16 temporary hospitals set up to respond to this crisis.
The last residents of a converted indoor sports arena got to go home.
And what the state-ran media network, Jin Hua, called a sign of improving conditions.
This is all to say that, yeah, they went big with their response, but take this with a grain of Chinese state media-sized salt.
That response does seem to be working.
On the other hand, a government that censors and monitors people,
doesn't do it less during a crisis. Stuck in the middle of all of this, there are a bunch of people
trapped inside, using the internet to try to make sense of what is going on, to share information,
and to try to keep living their lives through the portal of a screen that can go places they can't,
which is what we're talking about today. You see, some of those people are kids. Kids who grew up online,
kids who know tech, kids who are expected to go to school and do homework remotely online.
And it doesn't matter how upside down things seem right now, how uneasy a situation makes you feel,
which I say is we're packing up our office to work from home.
No matter what happens, kids fucking hate homework.
And if you ask them to do that homework remotely via an app, they're going to find a way to hack that system.
So we're going to talk about that.
We're going to talk about how kids are getting out of online homework and a little bit about how adults are getting around online censorship in the heart of Wuhan on this hacked update.
Slight listener warning. We do curse a couple times in this one. And I don't bleep it out from this point onwards.
So enjoy us saying some naughty words in what is far and away the way.
weirdest episode of this show.
My name is Scott.
I like to work from home every day.
It's so much fun.
I sit at my desk.
I'm so fucking lonely.
Yay.
I have my rice.
I have my rice.
I have so much rice to eat.
I have my rice.
I think we have a new theme song.
Did you record that, you motherfucker?
I did record that.
Remote hacked.
Remote hacked.
Hacked remote.
Where are you right now, Scott?
I am sitting at my kitchen table, also known as my new office.
I am socially isolated.
You are socially isolated.
Let's talk about the OGs of social isolation and all the clever stuff they've been getting up to.
I feel like that's the perfect way to start the episode.
Perfect.
We're working from home.
Life's gotten very different in the last 72 hours.
and other people have been living this life for like a month or two.
People just listen to an opening story where I say as we pack up our office right now,
and that even seems like it was a while ago,
because that was 72 hours from right this moment that I'm sitting here talking to you
when now our office is actually empty.
So we're going through with some people who've been in for a couple months now.
That's right.
And those people, you know, to bring a light store,
in such a time.
Those people have done some incredibly creative,
hacky things, which I think we should talk about today.
11.8 million people live in Wuhan.
I don't know what percentage of people are kids.
That's like a third of Canada,
which is where Jordan and I are from.
So 2.6 million kids have been locked at home for two months.
And the Chinese government,
I guess it's not really the Chinese government,
but the school system has started using an
owned by Alibaba called Ding Talk.
Ding Talk was like a corporate communications app that was really, really popular.
And a few months prior to all of this, they rolled out a bunch of education features.
Their online education is apparently super duper popular in China.
So you got 2.6 million new users get flooded into this thing called Ding Talk.
And then what happens, Scott?
The brilliancy of the youth and future leaders of tomorrow, they realize that the algorithms for the app stores delist things that see a wave of negative voting or have enough negative voting.
Just like Uber does with drivers.
If you get below X stars, they delist you or don't want you drive anymore.
So all of the children collectively got together and started down.
voting the app in an attempt to have it removed from the app store so that they didn't have to
submit their homework.
There's no dog to eat your homework, you know, modern problems, modern solutions.
Yeah.
Well, like, we should just talk about how smart this is.
Like, you know, this isn't really a hacked topic, but it is because, you know, these kids
found a flaw in a system, figured out a loophole that they could exploit to get something that
they wanted. And I think it's pretty brilliant. You know, I think that there's nothing more hacked
or hacker-ish than what some of these young kids figured out. So I think there's probably a wave
of amazing future Infosec employees in this grouping of children. Seriously, clever. Talk to me
a little bit about this larger culture of like workarounds online in China because it's like it's
not just the kids finding these exploits. There were 516 new words added to the we chat band words
list in the last two months, most of them surrounding COVID-19. Kids are finding workgrounds,
but so are adults. Yeah, well, you got to resort to speaking in codes when the government,
you know, like we've seen in China, has such direct control over the technology companies
like, you know, Wii chat and so many of these other platforms that, like, we don't even really
know of what or have here in North America. They're very, you know, like China has one point,
whatever billion people that they can have their own kind of major tech companies that's not
issue. So, you know,
WeChat, what they do is they've,
this group was looking into it the other day
and they found out that every time you open it,
actually, it reaches out to the government servers
and says, hey, what keywords are banned?
And refreshes
kind of like a black list
that the messaging app uses. So when you
send a message with any of these keywords in it,
like COVID or Corona,
that message never gets to the recipient.
So they had to create kind of
their own lexicon of code words.
to kind of bypass these security controls.
They had to find a solution that allowed them to get around a certain system,
almost like a bunch of kids downvoting a homework app.
Yeah, almost exactly the same.
So, you know, it turns out that creative young minds turned into creative,
you know, more mature minds.
I won't say old minds.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late,
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora superintelligence platform, a fully agenic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trust for it.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries.
human analysts. Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the model
entirely. What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven decision
reflects your environment instead of generic assumptions. The automation frees your concierge security
team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy production
ready AI insecurity operations actually looks like, go to arctic wolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their
head. Organizations around the world saw headlines they never expected and cybersecurity
teams were tested like never before. But here's the thing. These incidents aren't just
news headlines. They're learning opportunities. And that's why Arctic Wolf is hosting a live
webinar on February 5th diving to the most impactful breaches of 2025. Their field CTO and security
leaders are going to unpack not just what happened, but why these attacks succeeded. And most
importantly, what businesses can do to fortify their defenses for it's too late. You're going to walk away
with real insights into how threat actors are evolving, how defenders are responding, and what
strategies can help you stay ahead of the next big breach. It's not fearmongering. It's practical.
actionable intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
Yeah, so did you hear about what happened in Iran?
Hit me.
They created an app and they sent it out to tens of millions of Iranians
through kind of, I think, a notification system.
And the app was supposed to be able to diagnose whether you had COVID or Corona or not.
But in reality, all it did was immediately send your location.
the government. You've got to be kidding me. Apparently. And they literally used their national
broadcast system to notify everybody to say, hey, go download this. Why would the Iranian government
want to know people's location? I mean, in general, and specifically when it comes to coronavirus,
that doesn't seem like that doesn't seem like the most useful data point for the government to have.
Yeah, I have no idea what their end goal was, but apparently that's what it did.
Maybe they're just thinking ahead.
Maybe on the other side of this,
it sure would be great to have some malware on everybody's phone.
And this seems like a great opportunity to do it.
Let's take this opportunity that's been given to us in this crisis
and leverage it to just deploy massive amounts of malware.
So on one hand, you've got a government that is actively distributing malware.
On the other hand, you have a government that, I mean,
trying to, like, credit where credit is due, their response in Wuhan has been massive and historic,
and it seems to be actually working, but they're still kind of on their same old, you know,
same old bullshit unnecessarily censoring and monitoring a whole thwack people.
So what does this tell us about a relationship with the internet?
When something like this goes down, does it really reinforce this idea that this is a utility
and it needs to be reliable and trustworthy?
Well, I think, you know, it's, it's become our medium for communication.
Like look at what we're doing right now.
We're making this podcast over the internet,
which is first for us,
but I know many podcasts record like this,
but, you know,
it's our access to information.
It's our access to data.
It's our access to entertainment.
It's our access to food ordering.
It's our access to news and updates.
I don't know.
It's our access to everything at this point.
You know, our devices aren't the internet.
They're just ways to access the internet.
You know, our TVs are on it.
Our fridges are on it.
Our phones are on.
our computers are on it.
The internet is just the glue that connects us all at this point, I feel.
And it's like, that's just showing how much of a necessity it is.
So now I think we're getting into the shelter, food, water, and internet set of Markov's.
Who's Markov?
That right?
Marcos.
Maslow?
We should know this.
Haslow?
Maslow.
We're working marketing.
We should know this.
Maslow's hierarchy of needs, right?
Yeah, Maslow's hierarchy of needs.
of need.
I get them right?
Probably not.
Oh man, you were cruising
into such a nice ending of the episode.
Sorry,
you were like Usain bolting
across the finish line
and then someone just like
tied your shoelaces together.
Yeah, it's called me not knowing
what I was talking about
is what tied my shoelaces together.
Thanks for listening, everybody.
Keene-eared listeners might have noticed
didn't put any spooky music
kind of in the background
because the whole world feels like it has
spooky background music.
Next week, we're going to be back on our typical cybercrime beat.
Check us out on Twitter at Hacked Podcast.
And if you like the show, find us on Patreon.
Patreon.com slash hacked podcast.