Hacked - The Banxico Heist and a High Wire Act of Solo Podcasting
Episode Date: October 2, 2025The question: can one host of a podcast that was planning to do a chatty chat episode proceed at the last minute while the other host is unfortunately out sick? Wish our dear pal Scott a speedy recove...ry and wish ya boy luck as he threads this needle. We discuss — I discuss? — the heist of Mexico’s financial system, the European airport hack, and a slew of other tech tales. As I say in the ep — if one guy talking into a mic telling weird tech stories alone isn’t your jam, I will not blame you for rejoining us in the next one when your TWO intrepid cohosts are back at it in what I’m assuming will be full health. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Jordan here recording live for Mexico City.
I just got back from a very rainy boat ride
during which a band played La Bamba.
I mentioned this so I have an excuse to play the audio.
Highly recommend.
Anyways, I'm only here for a little bit
on the way back to record with Scott,
but I'm here,
so I figured we'd start off this episode
with the story set right here in Mexico City
about a bank. It's April 17th, 2018, and a bunch of bank transfers appear inside of something called
the SPEI. SPEI is Mexico's electronic interbank payment network. It's been around since 2004. It's run by
a thing called Banksico, which it'll come up later. SBEI is like a system for moving around
money digitally. It's what lets you send and receive money between bank accounts. All of the banks connect
to a central switch that routes the money between them.
Once the transfer is accepted from SPEI, it is final.
Funds arrive in seconds.
They can be withdrawn as cash pretty much immediately.
Banks connect to the SPEI through something called,
this is intuitive, SPEI connectors.
Those are pieces of software that prepare and signs
this set of instant transfer instructions.
Inside of the SPEI overseeing all of that,
is something called the Central Switch, which is a piece of software that validates and executes
those money transfers. It's the Central Switch's job to look at and approve the format and
signature of those transfers. The Central Switch just routes the money to the receiving bank.
Now importantly, the Central Switch does not check anything to do with the accounts the money is
being sent to or from. That responsibility ruts with the sending bank. The switch is just a transit
system. So if the bank says send money from account A to account B, the central switch is going to do it.
They are moving an amount of money somewhere, which means there is inherent to this system a really
intense element of trust. If the bank's connector software signs an order, the SPEI, that central
switch assumes that bank's order is legitimate and it's going to send however much money and this is
actually how this worked wherever the instruction says to send that assumption that trust that the
incoming orders were valid that keeps those transactions blazing fast it is also and you have maybe
already likely picked this up a giant weakness in the design of this system
April 17th, 2018, the first of what we're going to call the phantom transfers appears inside
of SPEI. They looked like normal transfers. Formatting was all valid. Everything was fine. They had the
normal approved digital signatures. And so that central switch starts moving money between accounts.
Pretty much as soon as these phantom transfers start occurring on the receiving account side,
you can be sure some people started withdrawing that money.
Cash is getting pulled out of ATMs across Mexico City pretty much immediately.
People are showing up at, you know, ATMs and teller windows, they're taking money out of bank accounts,
and so far nothing is really that weird about this.
These are all small amounts of money repeated over and over again,
but no one really knows at this point that anything is up.
The trouble with this flurry of transactions across Mexico,
and this is the crux to this whole story,
is that the accounts that the money was being withdrawn from, like the sender accounts, did not exist.
So what exactly happened here?
The attackers in this hack didn't go after the central switch.
That would have been harder and riskier and way more noticeable.
Instead, they went after the edges, the software connectors that we talked about earlier,
those third-party software packages that banks used to connect to,
SPEI. At many institutions, these connectors were installed on servers sitting inside of corporate
networks with horrible segmentation, meaning that once an attacker got into the bank's network
at all in basically any form, getting to that connector, it was pretty straightforward.
From there, they started injecting those phantom transfer orders. Now, as far as the central
switch was concerned, each order looked fine because the connector software at the banks had
actually signed it. The digital signature said, this request came from Bank X, here is the
account, here is the destination, an SPI says cool and deposits the money into the receiving
account, assuming that somewhere on the bank's end, the sending account existed. And the catch
was that those source accounts, they're made up. They never existed inside of the sending banks
ledgers, but the central system doesn't check the bank's records. The SPEI, and this is the big design
vulnerability here, relied on the assumption that if a bank's connector signed a transfer, it must be
legitimate. The accounts must all be legitimate because otherwise why would the bank have signed it?
The money must all be legitimate. And that set of assumptions cost Mexico hundreds of billions
of paces. Getting phantom transfers into receiving, call the mule accounts, was only having
half the job. The other half was turning those numbers into physical pesos. The attackers, this
sort of organized crime syndicate we're going to get to, they had that part on lock. Banksico later
reported that the money flowed into 836 accounts across 10 different banks in 97 cities, including
some right here in Mexico City, and then show up the cash mules. People, some of which were
recruited with the promise of a cut, others who were kind of coerced into
doing this, we would find out in the years that followed. They fan out, they go to branches and
ATMs, and they start making withdrawal after withdrawal, often within minutes of one of these
phantom transfers landing. By the time the bank staff spotted, oh, a lot of inconsistencies, the
cash is gone. Meanwhile, on the server side, those compromised servers, forensics teams later found evidence
of deleted transaction logs, altered files, basically just a bunch of attempts to mask the injection
points, sort of an anti-ph forensics to slow investigators down as they tried to figure out what
was going on here. And meanwhile, the mules just keep taking money out. Inside the central bank,
this attack is causing a lot of troubles, specifically for a woman named Lorenza Martinez,
the head of Banksico's payment system. She'd been one of the architects of SPEI and this central switch
design. She goes public and says like, oh, the core of the system, the central switch wasn't
ever actually breached. Our stuff is fine. It was with the banks where the problem laid, those
connectors. But weeks into the crisis, very intense political and media pressure, she announces
her resignation, May 16th, 2018. A new guy, Alandro Diaz de Leon, a governor comes in and kind of
becomes the face of the whole thing. He confirms those first fraudulent
transfers had been recorded on April 17th. He reassures the people that customer deposits aren't at risk.
The banks themselves are going to be, you know, bearing these losses for obvious reasons.
They do a rule cap on withdrawals from new transfers at 50,000 pesos a day. Basically, they're
just trying to slow down these cash meals while they start to try and fix the problem.
For months, no one knew who had done this. That changed on May 29.
Federal Police raided properties in Leon Guanoado and arrested Hector Ortiz Solarez.
A man prosecutors called LH1.
According to authorities, he was the leader of a group called the Banditos Revolution's Team, or BRT.
They raid his house, they find I have my luxury car stats here, 27 luxury cars, Porsches, Ferraris, Lamborghinis, a bunch of cash, a bunch of weapons, a bunch of electronics.
You know, the standard spoils of a crew making tens of millions of paces a month through cybercrime.
Court filings revealed a much wider network of crime.
There was a whole big crew at the heart of this, a bunch of named associates, including Ortiz's siblings, Cynthia, and Juan.
Prosecutors later said that the group wasn't just behind the SPEI theft.
They were running a bunch of fraud operations, ATM jackpotting campaigns, parallel electronic transfer schemes
that had nothing to do with this.
In 2024, the federal prosecutor's office announced that 116.7 million pesos and assets
linked to BRT had been forfeited to the state.
And if you follow those timelines, it is evidence of the fact that the government is still
clawing back money from this hack years after the arrests.
At the RSA conference in San Francisco in 2019, Mexican consultant Hozu Loza laid out the
technical anatomy of what actually went down here. And he boiled the whole thing down to three
big failures. First, the bank system had like a very flat network. Once an attacker got into the
bank's IT system, there weren't really any barriers between like an ordinary workstation and those
SPEI connected servers. Second was connector trust. The SPI relied on the assumption that any order
signed by a connector was legitimate. And there, there was no cross-checked.
that occurred to see if like at bare minimum the source account existed.
And the third big thing was like you could take cash out pretty much instantly after the SPE
I processed the transaction, which made it really, really easy for mules to drain accounts before
fraud teams could say, oh, this money does not and never existed. The math of that central switch
was, that actually was fine. All the cryptography worked. It was a design and architecture problem.
The 2018 SPI attack was like a big moment in bank security.
It showed that you could have financial plumbing that was vulnerable,
not because of a very in-the-weeds exotic zero-day exploit,
but just because of design choices.
Speed prioritized over verification and trust placed where it really shouldn't have been.
By the end of that year, the SPI was back to basically normal operations,
but the memory of this persists and the controls are still a lot stricter,
the audit's a lot more aggressive and the banks a lot more cautious about that connecting software.
I think it's about time for me to get back out there.
The rain has passed.
The sun is out.
We were in a boat and it was coming down so hard that we were using a bucket that we'd had beer in to bail the water out of the boat.
I hope you enjoyed this weird little story.
In a moment, we'll be back in Canada with Scott.
or we're going to chat it up, catch you in a second.
Just kidding.
Okay.
Here's where we're at.
So I'm back here in Canada.
Scott, our dear pal,
coincidentally also went on a trip to a totally different part of Mexico,
also came back,
and now has a apparently very horrible respiratory illness,
which fun fact is kind of like the only type of illness
one of the few types of illnesses that you really can't podcast with.
If he had like a gut issue, I'd be like, mic yourself up.
We're doing this.
But not being able to breathe makes it very, very hard to talk.
So we cannot pod.
So here's the deal.
I don't want to leave y'all hanging.
So I'm going to share the stories with you here that I was going to share with Scott.
I appreciate that isn't the typical social vibe we like to bring.
It's also not what I've typically done when I've made episodes solo where I go do an interview.
We kind of do it doc style and edit it in.
It's just going to be me.
I got notes in front of me.
We're going to make a game time call.
I'm going to put on this version of the show.
If that's not your particular brand of tea, I totally get it.
Come back in the next one.
It'll be back to normal, I promise.
But for now, I've got some stories I want to share with y'all.
We're going to make it work, everybody.
it's going to be different and loose.
I normally really tightly edit these things.
I don't think that's the mood for this.
But we're in it together.
If you're still here, I appreciate it.
I've got a few stories I want to talk about.
The first one was a story that a buddy that I was traveling with shared with me.
And it concerns NASA, a Mars climate orbiter,
and a catastrophic unit conversion problem that resulted in a
a hundred plus million dollar piece of machinery exploding in the atmosphere of Mars.
It's a pretty wild story.
Let's dig into it.
September 1999, after nearly 10 months on its way to Mars,
the nar, wow, this is going to be good.
Normally, I would cut that kind of thing out, but it's embraced this live stream energy.
NASA's Mars Climate Orbiter broke apart and burned in the Martian atmosphere,
a day that should have been like a really big triumph for the engineers and scientists and
designers that worked on this piece of technology turned into a very, very, very expensive lesson.
Got my cat here in front of me, the one that normally screams in these episodes, and he's being
very quiet right now.
So the Mars Climate Orbiter cost $125 million to build.
We had 638 kilograms.
It was this robotic probe.
They launched in December 11th, 19998,
and the point of the orbiter was to study Mars weather, its atmosphere,
how the surface of the planet shifted,
had a second job, which was to function as like a communications relay,
sending messages to another, you know, surveyer that was going to be coming,
the Mars polar lander.
At JPL in California, Navigation's teams worked in metric.
The metric system, if you're unfamiliar,
and you've got millimeters, meters, meters, newtons.
I'm Canadian.
I was talking about this with a British friend,
and we're kind of the worst of both worlds here.
So the way it goes, I'm sure you're all familiar with this,
is pretty much the whole world uses metric,
with the exception of a small, small handful of countries,
which just so happens to include the United States of America.
and importantly Lockheed Martin.
As Canadians, we are, as I say,
kind of worst of both worlds.
We're smug because we use metric,
except we don't.
Like, we use metric.
We talk about how fast a car is going in kilometers per hour,
but if you ask someone how tall they are,
they're going to be like, oh, five foot 10.
It makes no sense.
Lockheed Martin Astronautics in Denver,
who built the craft,
provided the key acceleration data
in like,
is it called English units?
It's unintuitive, but inches, feet, pounds.
The JPL engineers assumed that the data had been converted,
and it had not.
And what had come through in pounds per second squared
should have been in Newton's per second squared.
And that mismatch sent the spacecraft at the heart of the story
fatally off course.
The orbiter was quite literally lost in translation.
So before we dig in,
into like the failure and exactly what happened, it's worth pausing on how units developed in the
first place. So for centuries, different parts of the world had to sort of rely on whatever system
fit their local regional needs. In one culture, time would be tied to like a solar cycle. In another,
it was tied to, say, a lunar phase. Without the means to communicate globally or even beyond a
very immediate region, scholars weren't comparing notes. And as a result, units and standards grew
up in isolation. The world starts to get more collected and you get this big push for a single
universal system. During the French Revolution, there was kind of the first steps towards what
is today's metric system. These multiple standards were created in Paris to define,
you know, the start of all this, the meter and the kilogram. German mathematician Carl Friedrich
Gauss expanded this, added the astronomical second as a base unit.
British scientists like James Clerk, Maxwell, and J.J. Thompson continued kind of pushing all of this forward.
You got the CGS system, centimeter gram seconds.
1889, the General Conference on Weights and Measurements established international prototypes for,
this is a meter. So help you, God, this is a kilogram.
And we get the backbone of modern measurements.
By 1946, this system, which represents weight and time and distance, gets kind of cemented and approved internationally.
In the decades that followed, we got stuff like Kelvin and Candela and Mole, other sort of base units for increasingly niche instances.
Today, and this was kind of how the conversation with my friend started, the international system rests on like a
kind of key metrics. You got the meter for distance, the kilogram for mass, the second for time,
the mole for substance, the ampere for current, Kelvin for temperature, and Candela, I didn't
know this one, for luminosity. The states, God bless them, will have none of this. If you go to
the states, you're going to quickly notice miles instead of kilometers, and like respect to the game
here, pounds instead of kilograms, inches instead of centimeters. If you were raised on metric,
It's a little weird.
If you're from Canada, it's only half weird.
The roots to this system, and the reason I called it the English system earlier, came from England.
The early settlers brought over, like, customary measures, things like feet.
Even as the rest of the world shifted to metric, the U.S. held onto that system.
A foot is 12 inches, a yard is three feet.
In metric, there's sort of a clean divisibility by 10, 100 centimeters and a meter, 1,000 meters and a kilometer.
In 1975, Congress kind of took a crack at converting this.
They passed something called the Metric Conversion Act, making standard international units, meters, kilograms, etc., this sort of preferred U.S. system, or at least naming it as such.
President Gerald Ford signed this.
The law didn't, like, ban customary units, which I guess is good.
It would be weird if it was like, you're how tall?
You're going to jail buster.
but later pushes in the 1980s, like having like, okay, we'll have a spedometer in the car that has both, none of that stuck.
Businesses and people and even media just kept using the English system.
America forged ahead, still embracing that same system.
That reluctance lasted until this wake-up call in 1999 with NASA at the heart of it,
when the climate orbiter's, spoiler, absolute devastating destruction.
exposed just how costly this mismatch with the rest of the world's system could be.
A Boeing Delta 2 rocket carried the Mars climate orbiter into space on December 11, 1998.
Everything's cool at launch. It's fine. A NASA review board later found that the spacecraft's
thruster software was the culprit behind all this. Again, we have these two different kind of space
programs working together. One program calculated the thrust of the orbiter, sorry, of the Boeing
Delta 2 rocket in pounds. The other read the numbers, like a different piece of software, was reading
the numbers as though they were written in Newton's, and no one caught that gap. Lockheed Martin
engineers had been using pounds of force as with their standard. JPL assumed the data had
already be converted into standard international units, in this case metric.
That mistake, so it gets up there, it's got all of that mismatched velocity, and it sends the
orbiter dipping too close to the Mars atmosphere.
The thin air on the surface of Mars starts to tear it apart and pull it ever closer, and
engineers just had to watch as this $125 million orbiter vanished into the atmosphere.
The thruster predictions didn't match what actually happened.
The navigation team wasn't properly briefed on how the orbiter was oriented in space compared to earlier missions.
Lockheed, who was responsible for converting to metric, had not.
And systems engineering, the role that was meant to catch errors like this, the kind of human classic stuff,
of just like we just forgot a conversion step, just wasn't robust and well-built enough.
to make matters even worse, the orbiter was handed off to a new operation's team mid-mission,
which added even more confusion.
And a small conversion error destroyed a $125 million machine.
I love this story.
It's a story of tech going wrong.
It's like a story of a little butterfly flapping its wings and there's a tsunami across the ocean,
like a tiny conversion results in like a giant catastrophe.
This isn't the only time like a trash.
unit conversion caused absolute chaos.
1983, the Gimley glider.
So Air Canada's Boeing 767 ran out of fuel midair due to a conversion mistake.
Canada had switched from Imperial to metric shortly prior to this.
The fuel and crew needed to convert liters to kilograms, and instead they mistakenly calculated
in pounds.
The plane took off with about half of the required fuel.
12,500 meters in the air, both of the engine.
engines of the plane died. Thankfully, the captain was an experienced glider pilot, and the co-pilot
knew the area that they were flying in. Together, they brought the aircraft down safely on an
abandoned airstripped in Gimli, Manitoba, earning the nickname the Gimley Glider. Since I've started
telling this story, my cat has woken up. He's agitated. The Institute for Safe Medication Practices
reported a case where a patient received 0.5 grams of phenobarbital, and
instead of 0.5 grains.
A grain is 0.065 grams,
so the patient was given nearly eight times
the intended dose.
Don't do that.
I think the person lived.
In 1994, the FAA found an international American airways cargo plane
had landed 15 tons heavier than allowed.
Again, a botched kilograms to pounds conversion.
This happens all the time.
There's like a bigger lesson here,
which is that like,
In engineering and in these kinds of very complex projects, there is a class of software
called finite element method software, femm.
Units inside of these pieces of software aren't preset.
If you use meters, the rest of the system doesn't automatically reset or align to
kilograms in seconds.
So every time you set up one of these simulations, every time you program this piece of
of software, you have to like consciously check not just that you've done the conversions,
but that all of your units match.
And if you're collaborating with people from different parts of the world,
You need to be aligned from the start. Pick your unit system up front. It's a small, simple step that can cause you to not blow up a $125 million machine. Goblin, that is the name of the cat, is staring at me right now. He hates it when he blows up spaceships. Okay. The other story I wanted to talk about, it concerns airports and it was sort of like a recent new.
story that just happened. Before I get to this, I want to put a little pin in something we talked about
in the last episode. So last episode, we talked about the story of the Velvet Sundown. That story was
itself a couple of months old. I just hadn't read much about it. We covered it for anyone that didn't
catch that episode. It was the saga of a fake AI band and the hoax within a hoax of people
claiming to be that band, people claiming that the other people weren't actually that band.
and it all kind of
the AI slop
becoming a misinformation
slop pipeline.
Since we posted that episode,
September 25th,
Spotify's announced
that it is going to be taking
some steps to address
a copywritten voice clone
and AI slop problem.
So tools like Sunio and Udio,
I still don't know if I'm saying Suno right,
Suno,
AI music generation tools
that make it
very trivially easy to like just kick out vaguely passable music have resulted in streamers like
Apple Music, Spotify, getting just bombarded with AI generated music.
Audiences don't know if what they're listening to was authored by human.
Artists are wondering whether or not their intellectual properties being infringed upon.
Thursday of last week, Spotify announced that they were going to be rolling out a series of new policies
trying to put a little bit of a cork in that set of problems that these platforms are having with artificial intelligence.
Impersonations, Slop.
And as we spoke about on the show, something I think is very, very important, which is disclosure,
making it clear to people whether or not they were listening to something that was authored by humans or computers.
So the goal that they're trying to realize is to quote,
protect authentic artists from spam and impersonation and deception.
Trying to make sure that listeners don't feel duped, was the word that Spotify used.
Their global head of music product, Charlie Hellman, they host this big press briefing,
and he tells reporters, you know, these are the sort of like three things that they're trying
to prevent.
At the same time, he said that Spotify wants to let artists use AI if they want to.
There's this music standard setting organization called D-Dex that is
developing a new metadata standard for disclosing the use of AI in any part of song creation.
This would even include, and I find this fascinating, the use of AI in creating sounds that end up
inside of an otherwise human author track. Do you have AI generated vocals inside of a track you made?
Do you have AI generated instrument tracks inside of a track you made?
D-Dex is looking to index and make transparent that process.
We've talked at length about the challenges of using.
metadata to identify AI. It's you sort of just enter into an arms race. What's interesting here is
AI music generation done locally using open source software is far less common than text and images are.
And so if they can get those small handful of large generators like Sunio and Udio to embrace this
D-Dex standard, you might be able to start making this work here. 15 record labels and music
distributors have committed to adopting this policy of metadata and AI disclosures.
There isn't like a specific timeline for when this is going to happen, but there are being moves
made to sort to kind of lock down this issue of impersonation to clean these systems up of
slop and to make it so that if people are using these tools, if people are doing voice clones,
there is transparency, there is authorization with the original copyright holder.
this is not a like, hey, everybody, we held a press conference and everything is solved
type situation.
But it is good, I would say, that there is enough pressure on these companies to not let
these systems become inundated with slop and to let, you know, the intellectual property
rights of the people who created this art to just sort of vanish into the ether under
the weight of all that slop.
So that's a broadly positive thing.
thing. Another story that I want to talk about in this very normal episode, set in Terminal 2,
Dublin Airport, Saturday morning, a bunch of printers go dead, a bunch of agents find themselves
handwriting boarding passes. You've got lineups snaking out past duty-free as the staff has to
resort to manual workarounds just to like tag bags. That same scene is playing out from Heathrow
to Berlin after a check-in system meltdown ripples across Europe.
UK's National Crime Agency has arrested a man in his 40s in West Sussex on suspicion
of Computer Misuse Act offenses tied to this attack, currently out on conditional bail while
the probe continues.
Quote, although this arrest is a positive step, the investigation remains ongoing.
So what happened here?
Attackers hit Collins Aerospace's V-Mews, a shared check-in game.
system used by multiple airlines forcing manual check and bay drop at a bunch of European
airports Heathrow, Brussels, Dublin, Berlin. These four, you know, reported the heaviest disruptions
starting on Friday, September 19th through last weekend. The EU cyber agency Enissa confirms
this was a ransomware attack. So in Heathrow, you had cancellations and delays. In Berlin's
Brandenburg crazy airport, you had disruptions, drags.
dragging on into midweek. They were still using manual procedures at the time of last sort of like
major reporting on the story I could find. Dublin's T2, there is currently no timeline for a fix.
No group has claimed responsibility for this on like any of the major leak sites, at least
according to like law enforcement reporting. Researchers are split on like the strain of ransomware
that was used for this. The two that I saw were Loki and Hardbit. These are both.
both ransomware as a service tools that are more typical of like smaller operations,
which makes the scale and outcome of this novel.
The question of like why airlines, multiple airlines were vulnerable to the single attack
is that VMEU's lets multiple airlines share kiosks and desks.
When that vendor system fails in the case of say a ransomware attack, the effects like
kind of as a result of that immediately cask,
across all of these different tenants, even though that system is supposed to sit outside of
like one company's enterprise network, the problem was able to spread further based on this design
choice. Several of these airports are back up and running. Some of them, as mentioned, are still
dealing with the fallout of this. If you're flying in Europe, maybe show up at the airport just a
little bit earlier. Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late,
an alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem
by rebuilding security operations from the ground up
for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform,
a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky guess LLMs,
the swarm is full of deterministic agents
that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machines,
speed and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions. The automation frees your
concierge security team to focus on higher value strategy and proactive risk reductions while
the agents handle the grind. If you want to see what trustworthy, production-ready AI
and security operations actually looks like, go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up? Last year,
2025 was nothing short of a record-breaking year for major breaches, from sophisticated ransomware
operators to AI-enabled attacks that turned defenses on their head. Organizations around the
world saw headlines they never expected and cybersecurity teams were tested.
like never before, but here's the thing. These incidents aren't just news headlines. They're learning
opportunities. And that's why Arctic Wolf is hosting a live webinar on February 5th, diving
to the most impactful breaches of 2025. Their field CTO and security leaders are going to unpack
not just what happened, but why these attacks succeeded. And most importantly, what businesses
can do to fortify their defenses for it's too late. You're going to walk away with real insights
into how threat actors are evolving, how defenders are responding, and what strategies can help
you stay ahead of the next big breach. It's not fear mongering. It's practical, actionable,
intelligence from experts in the trenches. Register now at arcticwolf.com slash hacked.
Oh, goblin, my dear cat, where do we go next? Another story I wanted to talk about very briefly,
and we can wrap up because, you know, how long do you want to listen to a fella babble?
I think a long time ago we talked about this story. So back in 2014, a little known,
hip-hop group, you might have heard of them. They're called the Wu-Tang Clan. They recorded a record
called Once Upon a Time in Shaolin, and they intentionally pressed only one physical copy of the record.
And the concept was, you know, much like a Picasso. They evoked this in the press. This is a piece
of high art. The scarcity is part of its value. Enter a character you, I'm sure, have heard of,
a gentleman known as the pharma bro, Martin Schrelly.
Schrelly is a former pharmaceutical executive and hedge fund manager.
What's he known for?
Starting in 2015, he was at the heart of a drug price scandal.
He was the CEO of a company called Turing Pharmaceuticals.
He raised the price of Deriprim.
You have surely heard this story.
It's a 62-year-old drug used to treat parasitic infections in vulnerable patients,
including people with HIV-AIDS.
He raised the price of that drug from $13.
to 750 U.S. dollars per pill overnight.
It sparked a bunch of outrage and made him this kind of symbol of corporate greed.
He was then convicted of multiple counts of securities fraud in 2017.
Basically, charges laid out that he misled investors in his hedge fund,
manipulating the stock in his company, Retrofin.
He was sentenced to seven years in federal prison in order to forfeit $7 million in assets.
That's, he's been dubbed frequently the most hated man in America.
So, Horn.
So Martin Schrelly purchases this one-of-a-kind album for $2 million at auction in 2015.
The sale contract reportedly restricted commercial release for 88 years, though he was allowed to listen to it privately.
27, 2018, Schrelly was convicted of securities fraud.
He goes to prison for seven years.
As part of his forfeiture, the U.S.
government seizes his assets, including Once Upon a Time in Shaolin. In 2021, a crypto art collective
called Pleaserdow wins the government auction for the album. They pay about four million bucks for it.
They want to preserve the album's exclusivity while they say they're going to experiment with
public access and creative ways. In 2022 and kind of into 2023, despite,
no longer owning that physical record.
Schrelly starts to hint on live streams that he still has digital copies,
quote,
"'Lol, I have the MP3s, you moron.'"
August 2025, and this is why we are talking about this now,
there is a court order.
A judge orders Schrelly to hand over any copies he has retained of the album.
Pleas or Dow was saying, like, Schrelly's possession and, like,
just even the existence of these files undermines the album's carefully guarded value.
September 27, 2025, Wyatt came across my desk just in time for this very normal episode of
fact. Judge Pamela Chen rules that pleaser Dow can proceed with a misappropriation of trade
secrets claim against Schrelli. Yet another legal hijink for old Martin. The court agrees of the
album's worth is quote largely based on its secret and exclusive nature. Other claims are dismissed,
but the trade secrets case is being allowed to move forward.
For context, under U.S. law, trade secrets aren't just like businessy formulas,
how the colonel makes his famous chicken,
but really any information with economic value that comes from it being secret
and a reasonable measure taken to keep it secret.
Based on that logic, this album qualifies because really its entire value comes from its exclusivity
and its secrecy.
He's facing a live lawsuit
over retaining and copying the record.
Pleaser Dow is seeking damages and enforcement
to protect the album's uniqueness.
And this case is going to hinge
on whether music,
when defined by extreme exclusivity,
can legally function as a trade secret.
It's a fascinating story.
It touches on a bunch of stuff we talk about
in the show all of the time.
I'm probably going to follow it.
So, bringing us to hear,
and now. We've talked about airport hacks. We've talked about Farma Bro, Wutang Clan records. We've
talked about Mexican bank heists. And I think that brings us to the end. I appreciate you making it
here with me. We're going to be back in our next episode with our dear, dear pal Scott, who we hope
has recovered. I appreciate you coming along for the ride. I really do for the bottom of my heart.
Thank you. Goblin, the cat says thank you. And we will
catch you in the next one.