Hacked - The Killswitch Saboteur, AI Prompt Data Leak, and Bluetooth Chip Secrets Exposed
Episode Date: April 2, 2025A former developer at Eaton Corp, Davis Lu, is convicted of deploying a kill switch script that disrupted thousands of users worldwide—he’s now facing up to 10 years in prison. A major AI image ge...nerator, GenNomis, accidentally exposed 95,000 image prompts online, raising serious privacy and security concerns. And finally, researchers discover debug commands in the popular ESP32 Bluetooth chip, sparking worries about potential exploitation. Note: We mention and explain this in the last episode, but we’re in the process of pumping the brakes on the ads and keeping our reads faster. Things got overstuffed—that’s on us. Thanks for the honest feedback. Got a strange tale of technology, security, or hacking? Share it at HotlineHacked.com. Hacked is brought to you by Push Security. Check them out at PushSecurity.com Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Back in 2018, a global power company called Eaton Energy demoted a man named Davis Liu.
He'd been a senior software developer, but during a corporate reshuffle, his role was allegedly
downsized pretty significantly. He had a bunch of responsibility taken away and his system access
was limited, though apparently, not that thoroughly.
We can't know what happened in his head at this point. What happened at all was debated in court
for years, and Lou's defense still argues his innocence in spite of the recent guilty verdict.
But here's the story that was told in court. Davis Liu, downsized, demoted, and slighted by this
company, Eton Energy, embarks on a project. The development of a kill switch script called
is DL enabled in AD, which stood for is Davis Liu enabled an active directory? The only reason
he wouldn't be as if he had quit or been fired.
And the script was like a kill switch set to go off in the event of his termination.
As the court case here is finally finished,
Lou now faces 10 years in prison for what allegedly happened when that kill switch went off.
We've never really dug into this kind of story before,
of internal sabotage, of tripwires and kill switches left behind in a network.
But there's a fascinating history of this kind of thing that I wanted to learn more about.
So we got a few stories this episode, but we're going to start here with the tale of Davis-Lew and the Kill Switch script.
Here on Hacked.
How's it going, Jordan?
It's good.
How are you doing, man?
I'm doing pretty good.
I'm doing pretty good.
I like the chicken that we now play of imitating the theme music, and then it's who's going to say, who's going to ask how the other one's doing first?
That's right.
That's right.
It is a game we play literally every time we make.
one of these episodes. And I don't know who's winning, but I probably, probably not me.
I think I, I think I had a good year and a half run of doing that every episode. And now the sort
of tennis matches started. So are you behind? Yes. Are you catching up? Yes.
The, I think we should open by thanking a lot of the positive feedback we've got from the last
episode. Our little observation, actually I would say our audience is observation and action about
telling us about the issue that we created with the ads.
We've had a ton of positive feedback.
I just want to say thank you to that.
Worms my heart.
And then I got to give a shout out, Joseph de la Cruz.
Listener on Spotify reached out to let me know that the version of Discord before Discord
that I was trying to think of was called TeamSpeak, and that is 100% correct.
And I completely forgot about it because it is no longer relevant to me.
So thank you, Joseph, for reminding me.
It's wild that someone caught that
Because we like vaguely alluded to a thing
That was kind of like Discord
Before there was Discord
You know chatting with the game anyway
And that someone saw them
It was like they're referring to team speak
Love that
Love that attention to detail
We also did get another piece of comment
That was literally just a hey can you call me
It's probably not a good idea
But here's my phone number
To which I offered Jordan $50 to actually call this person
And find out and record it and see what it was
Did you do it?
I haven't decided not to do that yet.
That comment came in and then the weekend happened and it was a full weekend.
But I'm trying to figure out a way to call that number and record it.
Yeah.
I'm super intrigued.
I want to know.
I want to know, especially because the comment flagged, it's not the best idea, but call me.
I was like, oh, that's provocative.
It's like, hey, you shouldn't call this number, but here it is.
I feel like that's like one of those literature, like, you know,
collectives, like the prompt that begins, like write a story from this prompt.
A man calls a phone number.
He's told not to call, but invited to.
Yeah.
This is a terrible idea, but you should call this number.
You should really, you should really reach out to me.
And I think I'm going to.
After I tell the audience that the show is brought to them by push security,
you'll hear more about them later in the show.
It's been a while since we've done a little newsy-chattie, multi-story update.
And I was pretty stoked to dig into this one because I found it fascinating.
Like I said in the intro, we haven't really ever, I kind of went digging through the back
catalog and I don't know that we've ever talked about this kind of internal sabotagey type
story.
And as we'll get to later and talking about it, it's not the first of its kind.
No.
There's a really fascinating history of these kind of tripwires being left behind in networks
by folks that previously had legitimate access to that network.
I feel like this is like it speaks to like a,
a part of our, you know, origin, like our reptile brain is like, no, I'm essential.
And if anybody does anything bad to me, they must pay.
Like, it's a retro.
Like, there's a reason why, like, revenge movies are, like, a massive, like, section of Hollywood now.
Like, John Wick, like, fulfills some primal urge inside of people to be like, yes, I need
revenge for things done to me.
And, and, and, and, good analog.
is these cases are like the the IT version of that.
There's, um, before we get to the story, there's like a genre of internet content
meme thing where it's comparing different like fictional characters and being like,
could this one take on this one?
Could this one take on these five?
And it's just like a thought puzzle.
And the thing that you always see whenever John Wick is evoked in one of those is did
someone kill John Wick's dog?
Because if not, he's just a guy who's good at shit.
shooting. But if you killed his dog, he seems to take on like a supernatural kind of quality.
And I like that we all sort of just know because of those films what that tripwire,
that kill switch seems to be.
It's your dog.
It's your dog. Don't kill John Wick's dog.
Okay. So Texas software developer, the reason we're talking about this was because I think on
March 7th he was found guilty of this.
Sabotaging his former employer's like computer network essentially, a 55-year-old
Davis,
Lou was convicted of launching this digital kill switch project when he was fired from
the multinational power management company Eaton Corporation.
It caused a system outage.
Big company.
Big one.
Causts system outage that locked out.
This all gets into alleged language, but allegedly thousands of users worldwide.
Convicted on March 7th, he's now looking at potentially up to a 10-year prison sentence
for causing intentional damage to a protected computer network.
Big story, big old fallout.
Yeah.
You're working at Eden Corporation starting in 2007.
They're a big global power management company.
They're based out of Ohio.
They have offices all around the world.
They do electricity and hydraulics.
Well, they make Eden.
Eden does, I think, a lot of, like, they build a lot of componentry for electrical
implementation, be it like commercial side, industrial side, infrastructure side.
Like, they build so much.
Like, they're a massive, they might be a Fortune 500.
It wouldn't surprise me if they were Fortune 500.
But they're a massive publicly traded company.
I don't know if I need to say.
but I own stocks and eat.
Oh, interesting.
I need to disclose that.
I don't know if I need to, but I need to just.
I think that's good.
We very rarely need to do disclosures,
but I own a portion of this company
that we are covering on the show.
Seems like a pretty good one.
And I'm expecting you to come down with an iron fist as a result.
Yeah.
I don't.
I think that's maybe the big headline here is,
Eaton energies fine.
they're good.
Like, we're going to get some competing stories about the scale of the fallout from this,
the amount of damage done both in like sort of human cost and dollars and cents.
That number is quite fiercely debated over the course of this trial.
But suffice it to say, Eaton Energy, global power management corporation will persist.
Back in 2018, the company underwent what they called, I'm going to bore their very corporate
jargon here, a corporate realignment that results.
resulted in a downsizing of Lou's role.
His responsibilities, his access to the network.
It was all kind of shrunk down.
Lou had been there since 2007.
Reportedly unhappy about this, he starts to become disgruntled.
This is all as outlined in the court case.
These are in effect because they won the prosecution's allegations that we have now at this point.
But the story that they tell is that Lou begins quietly planting malicious code on Eaton servers after this demotion.
He goes on a little bit of a tour of the system.
All of this is what ends up being triggered by the is DL enabled in AD script.
But the stuff that's underneath that banner of let this all march forth in the event that I'm no longer employed here is as follows.
We've got a script that's going to go ahead and just delete the profiles of a whole bunch of people that work at the company.
All the like user specific configurations that let you log into your system, your settings, your files, that's gone.
We've got a bunch of CPU.
you gobbling up infinite loops.
Surprising how vulnerable
server infrastructure is to infinite loops.
This was something
that I triggered in a production server
when I was like 13.
Oh, interesting.
Completely unintentionally.
I just wrote a script that like forked
and called itself to like
kind of recurs through things.
But I missed an exit clause
on one of the conditions and it just
crashed a production server.
And I was like, there's no
There's no like safeguards against this.
There are safeguards against it and things that you could do to prevent it.
But like it is surprising how effective just putting an infinite loop in a piece of software is and like killing things.
Like it just turns them off.
They say running, but they're running doing nothing.
I was trying to understand this part of it, like this element of what occurred when that kill switch went off.
And I was fascinated by that concept that like a loop is an extraordinarily useful.
thing. But if you don't create exit conditions for the loop, it's a very dangerous thing. Because
it cannot just keep going and create like a denial of service type event, but it can also
spiral off and create like other things that start happening when the loop hit certain conditions.
Totally. It was my sense of how this can go wrong. And especially when someone does it intentionally.
Like you're describing a whoopsie doodle. And this is like, oh, I can use the mechanics of that
whoopsy as a like attack factor. Well, if you think about like if like the interconnected
of all the systems these days.
If you can essentially take one of them offline through putting it into an infinite loop,
then everything that depends on that in the interconnected woven network just is hanging,
waiting for this thing to give them back the information they need.
So then all of a sudden, all of the knock-on effects go out to the external systems that are
around it and so on and so on.
It just shuts everything down the second.
It's like the scariness that exists in our society these days and the dependency that we
have on like network connection.
If we just lost the internet for like a day, like it's happened.
I remember like the cell networks went down on one provider in Canada for one day.
And it was like mayhem because like all of the Maneris visa machines broke.
Like it's just like knock on effects go to so many things.
The same thing would happen here.
Oh, I was looting and pillaging that day.
I remember that.
I threw a garbage can through a Best Buy window.
It was the whole thing.
I went nuts.
Man.
That's not true.
So you got the infinite loops.
You've got the deleted profiles.
You've got just like another.
I can't tell if this had to do with the profile deletion or was a dedicated task to like just block login attempts.
But the effect of this was basically, hey, a whole bunch of people at Eat incorporation were not going to be able to access the network.
It's an attack on the infrastructure allegedly.
I don't think it's alleged anymore.
It's been invicted.
No, I think now I can just say did it.
Yeah.
That's true.
Yeah.
I think that the reason I'm, I keep wanting to temper it is because as of time of recording, he hasn't been charged yet.
And they're pushing for a 10-year prison sentence.
And while I don't need to say alleged because he has been convicted, oh, that's a really big prison sentence given that this has been going through the courts for six years.
So, yeah, I don't, I don't know.
It's like, this is a bad thing.
Like, he did, don't do it.
They did a bad thing.
And it's like, it had a lot of like financial, so.
social organizational impacts.
Like, I don't know.
I'm by no means an expert on prison sentences,
but it's like this stuff is like modern warfare.
Like, you know, we're talking,
a lot of what we talk about cybercrime hacking,
you know, we depend on these systems now.
They're not like nice to haves on the side.
These are like things that this organization
would have needed to like run.
And if he had actually managed to like destroy it,
would have been billions of dollars in loss.
So it's like, I don't know.
And is something being ineffective, is an attack being ineffective like any kind of insulation against moral culpability?
Exactly.
No, that's a valid answer.
And is there any chance Davis-Lou is ever going to do this again and removing him from his community for a decade of his life is going to prevent harm in the future?
Be like, probably no.
And as such, we are left with a really weird moral conundrum.
society faces that moral conundrum all the time.
I can see a courthouse from my house.
Damn near.
It's behind a building.
But, like, yes, I'm with you.
And I'm sure that that question is being turned over in those halls right now.
The thing that flipped all this off, as we mentioned, is, is DL enabled an AD?
Active Directory in this context is Microsoft's identity management platform.
A lot of companies use it to just basic, who gets access to this system or not.
It's the front gate to the whole operation.
Lou script was built to constantly check his status in AD.
Is his account still active or not?
If it was still active, this whole pot of code does nothing.
But the moment his account is disabled, like it would be after he was fired, the kill switch goes off.
And when it did, it locked out pretty much all users company-wide, which is exactly what happened.
On September 9th, 2019, the day that Lou was officially terminated, thousands of eaten employees and multiple offices across the globe were instantly locked out of their systems.
when the trip wire goes off.
So here's the real question is, like, how I'm shocked that that script didn't accidentally
trigger at some other point.
That's kind of what I thought.
Like, what if someone was doing something managing the active directory and like moved something?
It took it down for maintenance, shuffled the records around, accidentally disabled his account,
all of a sudden the company blows up and he's like, Lou's on lunch.
Whoops.
Lou had gotten a promotion that day.
Yeah, yeah, yeah, yeah.
Yeah, it raises questions.
And maybe that speaks to how well is DL enabled in AD was written.
Maybe there were conditions.
Maybe there was a time sensitivity.
We don't know.
We do know a little bit about what he was Googling during this, which was part of the prosecution's case, that this is not a coincidence and that he did it.
But we don't know.
Maybe that happened.
Well, he also named a bunch of his, like, I think methods and procedures, Chinese words for, like, that were, like, aggressive.
like malicious intent.
And like, it was very obvious that the code was written for malicious intent upon like evaluation.
Yeah, I think you're, you might be talking about everything, but you're talking about there was a one of the programs that was in that bundle of stuff activated by is, uh, DL enabled in AD was a piece of software called Hakai, which is a Japanese word meaning destruction.
That is honestly like the, the fluffiest part of all of this.
When Lou turned his company issued laptop back over to them, he deleted and encrypted all the files that were on it, which is not in and itself evidence of having done anything wrong.
But investigators later found his web browsing history had like how to escalate privileges in network, hiding processes, rapidly deleting files.
Again, none of this on its own is like a smoking gun.
but looking up like hacker forum tutorials for how to escalate your privileges in a network.
So you can do something like this is not a good look when you are being charged with having done something like this.
Yeah, taken in context, definitely a bad look.
In context.
Definitely a bad look.
There's a, so the case goes to trial in Cleveland where they're based.
Ohio.
The evidence that the prosecution chose Ohio.
The malicious, we say that as Alberta boys.
evidence showed that malicious code came from a development server that only Lou had access to,
which I think was the smoking gun in this case.
The code was also run for machine using Lou's user ID.
There was a pretty big back and forth about how much dollars and cents damage this actually did.
The defense is arguing it's quite small and not that many people were locked out.
Five grand of damage.
The prosecution obviously was arguing it was in the hundreds of thousands of dollars.
The truth probably falls somewhere.
in the middle. But the point is that the jury found Lou guilty of one count of intentionally
damaging a protected computer, which is a federal offense under the Computer Fraud and Abuse Act,
which is why we're looking at a potential decade-long prison sentence for this.
FBI Special Agent Greg Nelson said, quote, Davis Liu used his education experience and skill
to purposely harm and hinder not only as employer, but thousands of users worldwide.
There's plans to appeal the conviction.
I think this is probably more common
than it's reported.
I think that this is so...
Interesting.
I think it's happening.
Yeah, I think it happens more than we think.
It probably isn't as sophisticated
because it's not as many like, you know,
senior programmers and stuff that have advanced privileges
that can code real tripwire, kill switches to this stuff.
But like even in our company,
this has happened before when somebody's,
and let go and you don't maybe know about it.
We're going to go ahead and talk about this one.
We're going to continue.
Yeah, we let somebody go a long time ago,
and they had just even like social media access and stuff
to certain pages and client pages,
and they removed our access to them and took them.
True story.
I have so many follow-up questions.
Okay.
Well, I mean, that transitions us.
I wish we filmed and broadcast this because you could see on my face that I'm having a moment of genuine, like, we've worked together a long time. I know this person.
Okay. So this transitions us really, really nicely to other instances of this happening. The question I had when I read about this, because I was like, this is a really fascinating story is, does this happen often? And to your point about thinking it probably happens all the time, boy, let me tell you, it happens all the time.
Yeah.
The big one I found, and there's a bunch, UBS Payne Weber, it happened in San Francisco,
Cisco, like the company Cisco it's happened to, but the big one was from the 90s,
and I found this fascinating.
It was a company called Omega Engineering.
1996, this company, Omega Engineering, who was like a precision instrument manufacturer
based out of New Jersey.
Sure.
Was blindsided by a much larger internal cyber attack.
attack, perpetrated by a guy named Timothy Lloyd, an 11-year employee and trusted network administrator.
There had been, like, tensions brewing behind the scenes.
This is not our story.
I won't dig into it too much.
He was under disciplinary review.
On July 10th, 1996, Lloyd was fired for these ongoing behavioral issues.
And unbeknownst to the company Omega, he'd been laying a similar tripwire type trap.
And three weeks later, on July 31st, a logic bomb.
goes off inside of the computer network, and it wiped out 1,000 critical manufacturing programs,
not turn them off, wiped them out.
The fallout of this was $10 million in losses.
80 people were laid off.
Wow.
Their operations were brought to a standstill.
The U.S. Secret Service was the people who looked into this.
They traced it back to Lloyd.
They searched us home and they uncovered, like, stolen backup tapes of stuff.
like he had been archiving the things that were then going to be destroyed.
Allegedly, he was indicted in 1998, convicted in 2000,
it was briefly overturned, was reinstated in 2001,
and he was sentenced to 41 months in federal prison and $2 million in restitution.
It's one of the most damaging cases of like U.S. corporate internal cyber attack in history.
41 months and he essentially killed a company.
I could see how Liu's defense attorney.
would have some grounds for a decade is exactly um but even then like like that level of
destruction 40 like 41 months doesn't seem like enough punishment the the two million dollars in
restitution is the actual like okay well you're devastated financially for the rest of your life like
you get out of prison and go try and pay that off well the and I guess like the the we got called
out on Twitter from my PSA is but the PSA on that one is like have a good backup structure
It's like if somebody can manage to blow away all the files in your network and make sure you have a copy of them somewhere.
Not the tape in the guy's apartment that he's storing.
It's like, were you planning on holding it hostage?
I have so many follow-up questions.
I get like the, like in my mind I was already thinking and being like, should I talk about this or should I not?
You know, but it's like in my mind, it's like the best kill switch to go out with is like ransomware.
And it's like the, and that guy essentially did the version of, like a 19.
1996 version of ransomware.
So it's like, that would be the modern equivalent of that style.
Like on your way out the door, you like encrypt a network.
But the beautiful, like not the beautiful thing is, but like one of the best things
is like since 1996 to 2025, organizations know that their data is under attack.
And organizations have so many options now to protect it.
They have good backup infrastructures.
They have immutable and like editable files.
they have all those things.
Like, even we have those things.
And, like, we're not a huge company.
So I'll make sure Eden had like, oh, yeah, this is gone.
Like, hit a few buttons.
Everything's down for a few hours.
And now we're back to business as usual.
It's a fascinating question when you specifically look at those types of roles where it's like, no, you're a trusted network administrator.
It's like, oh, you, that level of trust is so betrayable if someone really was a bad actor and wanted to.
It's like, no, we've tasked you with securing this whole operation.
you have the janitor's keys jangling at your hip.
You get into any door.
And it's like, I burned all the doors down.
It's like, oh, oh, no.
Yeah, I don't know.
I found it.
I'm still following it.
I want to see what ends up happening in terms of the, you know,
the sort of fallout for him legally of where this all goes next.
Yeah, like the scale, like the scale of this one was large.
The scale of the one that you mentioned in the 90s was huge.
It's like, I think that the amount of this happens at a smaller,
scale, like what happened to us and like so many of the other things, like ClickMotive in Texas,
somebody deleted like a bunch of filed and disabled backuping, tampled with the email group
configurations, like small headaches to clean up probably happens all the time. I think that's when
the, I don't know if you remember if you're old enough, but in my lifetime, it used to be like if
you were going to lay somebody off or fire somebody, you gave them two weeks notice and they still
had to come to work. Nowadays, the best practice is like,
You pull somebody into a boardroom to, like, let them go.
And by the time they leave that boardroom, their access is turned off.
They're, like, physical access to the site's turned off.
And somebody escorts them to the door and sends them on their way.
And I think that's probably a change in practice due to the fact that so many people, like, do this.
We'll end here because I'm talking about a movie that's referencing a reference of a reference.
But margin call, if you haven't seen it, it's a great film.
The whole first act of it.
of that film if you really follow it is just following the minutia of a large corporate
layoff, like the mechanics of like, we need to get you in this room while we talk about
this thing.
But the second, the people come in that from the external consultancy that fires people, everyone
knows that someone's going to be fired.
So we have to start locking certain systems down.
We have to lock them over here.
Will you get brought in here?
And it's just about the practical reality of trying to do something like this.
It's like a really interesting intersection of very technical stuff.
and very, very human emotions blind rage in the face of a perceived injustice.
Like, it's so human and so technical.
It makes for good storytelling.
Totally.
Okay.
Okay.
Well, where do we go from here?
Where do we go from retribution?
A little content warning for this next one.
It concerns sensitive subject matter.
I don't think there's any kids listening to this, but if there are, my God, don't
let them listen to this next part.
and if you don't feel like listening to something that alludes to harm against children,
maybe stop listening.
It's more important that you take care of yourself than you hear this next story.
So this concerns an AI image generation tool called genmosis.
There's two different elements to this story.
One concerns a massive data breach and one concerns what this sort of smaller, more obscure,
popped up and torn down AI image generation tool was being used for that we learned about as a
result of the leak.
A massive unsecured database belonging to South Korean AI image generation company Genmosis was
discovered by a security researcher named Jeremiah Fowler.
The story was broken by Wired.
The exposed database is one of the first times we're getting to see inside one of these
things contained 95,000 records including explicit AI generated images and prompts.
So for one of the first times, we're getting to see all of the images produced by one of these tools, as well as all of the prompts that went into it.
One of the first leaks of its kind from what I was able to find.
The database, which was online, was neither password protected nor encrypted.
Shocking.
Accessible to anyone on the internet, it was discovered in early March 2025 by researcher Jeremiah Fowler, who immediately reported the issue to the AI generation company as well as its parent company.
after that report, the entire website gets quickly turned off.
They never responded to the comment, but I think it speaks to
kind of how this product and tool was spun up for a little brief window of time,
used by a lot of people, 95,000 records,
and then torn down at the first sign of trouble.
Both websites were deleted after Wired contacted them
in light of Jeremiah Fowler's initial findings.
The thing where this gets dark,
is that we, as a result of the prompt data being leaked, people were able to see what folks
were using this for. Genomous would have been subject to South Korean laws regarding content
moderation, which are not dissimilar to those in the West. There's just stuff you can't
generate with these tools, and there's just stuff that the tools can't generate. But what we learned
from the 45 gigabytes of data was that this tool was being used to generate a lot of sexually
explicit content, some of it not containing adults.
There were rules in place about what could be used, but prompts were discovered
that in used terms, and I won't dig into it, that were sort of designed to get around some
of those prompts, where you couldn't ask it for A, but you could sure ask it for B.
We're all familiar with jail breaking these prompt restrictions, and it seemed that the
criteria for breaking these was quite low using this image generation.
tool. The company's website had previously promoted the ability to create quote, uncensored images and
featured a marketplace for explicit AI generated images, which makes the types of materials
that people were producing with this, particularly egregious. Jeremiah Fowler called the findings,
quote, terrifying and expressed the ease with which people were able to create this kinds of
immoral and illegal content. Seems like these tools now, given the ease with which running these
models locally, can be done, can be sort of spun up and torn down. It's like a pop-up shop.
It's the market selling the knockoff stuff somewhere. It's a thing that you can spin up,
promote, make some money, and then get out of Dodge. It reminds me of other stories we've
talked about with certain types of spousal monitoring software where it's like, oh, you can just
spin one of these bad boys up. And I think we're starting to see this with AI Image Generation.
So this one is pretty dark.
Yeah.
We learned a lot about that world from this one.
It is a very fascinating world.
So you're talking, oddly enough, I spent the entire weekend looking into how to set up my own local LLMs.
So I was doing not image generation, but for code generation.
So I spent a lot of time this weekend looking into it, looking into the hardware requirements, stuff like that.
And then it's not egregious.
And the other thing is, too, is that you can take, like any of the publicly available,
models like deepseek's notable.
You can take them and you can actually
retrain them. So perplexity
took deep seek
their open source models and retrained them
to not be
censored by Chinese government.
Sure, not subject to the laws that
Deep Seeks parent corporation are subject to.
Yeah. Yeah, yeah. So they made
a list of about 300
topics that they knew the model
would not respond properly to and they actually
reconditioned it. They didn't
retrain the entire model. They just reconditioned
it to like allow for that stuff to come out of it
now. So it's like you could
if there's a publicly general like a publicly
available LLM
that allows for image generation
like in this case, but has
bumper rails on it about like what it allows
to do it is possible to
recondition them. The thing that
stood out to me was like
So there were conditions on what you can and can't produce because, again, this was a Korean corporation in Korea has laws, including not being able to do foul things.
And what we were seeing was a lot of de-aging.
So there was a lot of people prompting very explicit content regarding very real adult celebrities, which is not good either.
But you put that aside, it was people then running those and using the system to then start de-aging those people.
So it's like you sort of just like, you've created a.
a way around these rules preventing child sexual abuse material.
That's a very short distance to doing something very, very evil.
Yeah.
I guess it's something like the,
I spend a lot of my time these days thinking and reading and learning and coding
and building stuff with AI.
I find it fascinating.
Yeah, you're cooking with it.
You're making a lot of stuff and it's cool to see how quickly you're able to do it.
Yeah, and just even like looking at better ways to integrate it and utilize the
agentic systems and just figuring.
out what I can do to automate
things that I don't want to do
is the reality of it.
And so I never even,
my brain never actually crosses into this.
Like I never even think about the like negative parts of it
because I'm spending so much time like with the positive parts of it.
But it,
but it is like,
it is a scary thought.
Like,
and especially like local model execution is so easy.
That it's like if you like,
there's going to be a shift in policing around this stuff for CSAM because like all of a sudden
it's no longer going to be distribution of like libraries of content and stuff. It's going to be
distribution of models that are like good at creating this stuff. And especially once they get into
the part of like creating models that are effective at creating video content and things like that,
like it's going to be a whole different game. Yeah. I'm struck by how people repurposing models is
becoming more common. And I'll clarify what I mean here. I know Huawei, the big Chinese mobile
company, in a similar kind of vein to Apple falling back on open AI whenever a query is more complex
than what they can do locally with Siri is doing the same thing with deep seek. Well,
you have Huawei AI empowered by deep seek. And when those models are open source, the ability to
retrain and recondition them, it's like, well, this is just going to become a more common practice.
this and be like, oh, I'm running my own version of deep seek here locally, and it's this fork of
this version that can do X and Y to get around this and get around this. How many layers deep do you
get before you notice the insidious part? I remember when the Mac Studio, the recent version of
the Mac Studio came out. One of the first things was people going like, this is an extraordinary
computer in terms of like dollar value for running models locally. If you look at the processing
power, you look at the cost and you would imagine a pile of these things. And I'm
curious to see where that goes next.
I am, I am chasing that dragon, not in, not in any way of shape, or form related to this story.
But like, I am, I am at the point where I think I am going to set up a dedicated system of my house to run a model.
And, like, the reality is, like, I was talking about this with my wife last night.
I was like, the AI, like, we've been living in this technological revolution pretty much my entire life.
you know, PCs, personal computers, you know, interconnected personal computers, mobile computing, like mobile communication.
Like, we're still inside of the revolution.
And AI is the next big thing in that revolution.
Like the amount of stuff that you can make these things do now.
Like, I've been playing with different ways of engaging with the models.
Like, I don't think chat is the best interface for so many different things.
So I've been creating my own AI client specific to the context that I want to use.
them.
Like I just, to me, it's just, it's, it is another huge milestone in this revolution.
And I just want to make sure that I'm fully in on it.
Like, I want to make sure that I fully understand it.
And, and to me, the next step of that is by having my own models at home, by having my own
LLM, by playing with reconditioning, by by playing with different model varieties.
And it's like a natural step for me.
And it's, it's not hard.
Yeah.
So it's, I don't know, I'm intrigued by it.
There's the open source DIY part of my brain just gobbles it up.
I'm so fascinated by this.
And if, if for no other reason, then to make sure that it isn't walled behind four or five companies they get to control it and just sort of decide in concert with one another, how much it costs.
Like, I don't think that's good for this type of thing, especially when we consider what could potentially be done with it.
the impact that it could have on the economy.
I like the idea that there's a, you can home brew this stuff.
You can do it yourself.
You are not,
you're a little less contained by what that small handful of companies
wants you to be able to do with it.
And as with all things,
like this exact same structure can be applied to every wave of computing and the
internet.
There is a dark side to that of what then can be done when you remove the restrictions
of a big company that is subject to laws in a country.
Yeah.
And it's just in a person's basement.
It will unlock remarkable things and terrifying things.
Something, something man-made horrors beyond our comprehension.
But in the meantime, we should probably tell folks who this show is brought to them by.
Who is it brought to them by, Jordan?
Brought to them by push security.
We talk about a lot of different tools off of air.
Some are very, very clever.
Some feel like solutions in search of a problem.
But every now and then something comes along that just makes a lot of sense for like a big,
company. Push security is that kind of tool. You know, identity attacks, you know, fishing,
credential stuffing, session hijacking, account takeover. These are some of the number one causes for
breaches right now. And most security tools are still focused on endpoints, infrastructure,
networking. Meanwhile, the browser, the place where we are right now and we spend most of our
days, has been largely ignored. Push changes that. They built a lightweight browser extension that
observes identity activity in real time, gives you visibility into how identities are being used
across your organization, like when log in skip multifactor authentication, when passwords are
reused, or when someone unknowingly enters their credentials into a spoofed login page.
Then, when something risky is detected, push can enforce protections right there in the browser,
no waiting, no tickets.
It's visibility and control directly at the identity layer, and it's not just about prevention.
Push also monitors for real-time threats like adversary in the middle attacks, stolen session
tokens, and even new techniques like cross-IDP impersonation, where attackers bypassed
bypass single sign-ons and multi-factor authentication by registering their own identity provider for your organization.
You think about it, it's kind of like endpoint detection response, but all right there in the browser.
The team behind it all, they're all offensive security pros.
They publish some of the most interesting identity attack research out there, like the software as a service attack matrix,
which breaks down exactly how these kinds of threats bypass traditional controls.
Identity is the new endpoint and push is treating it that way.
Check them out at pushsecurity.com.
Pushsecurity.com.
I think we are retiring the ad oasis.
An oasis is a leisurely experience.
You really take your time in it.
And I think we're inventing now the like ad water slide.
When you get in and you're out before you even realize it.
The water park.
A lot of quick rides.
It's the water park.
Exactly.
It's a lot of fast rides.
Thrills and chills.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere.
saw something too late, an alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up
for a world where attackers are already using AI. They created the Aurora superintelligence
platform, a fully agenic system powered by the swarm of experts. Instead of single-purpose bots
or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy,
and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent-led by design.
You get agents that coordinate, agents that investigate, agents that respond at machines.
machine speed and hundreds more that automate the repetitive work that normally buries human
analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and
proactive risk reductions while the agents handle the grind. If you want to see what trustworthy,
production-ready AI insecurity operations actually looks like, go to arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up? Last year,
2025 was nothing short of a record-breaking year for major breaches, from sophisticated ransomware
operators to AI-enabled attacks that turned defenses on their head. Organizations around the world
saw headlines they never expected and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th, diving to the most
impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened, but why
these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights and how threat actors are evolving, how
defenders are responding and what strategies can help you stay ahead of the next big breach.
It's not fearmongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
Now that we're back from the ad water park, should we...
I think we talk about Bluetooth microcontrollers that are in everything and may or may not have a thing that may or may not be a vulnerability.
That may or may not be a problem.
So there's this thing called the ESP 32.
It's this tiny little microcontroller chip you've maybe never heard of, maybe have.
If you're a big old nerd, which I appreciate.
Hey, hey, hey.
Even if you haven't heard of it, you've definitely used it.
If you have a Bluetooth speaker or a smart thermostat or a security camera,
internet of things gadgets, the ESP 32 is kind of an anchor of that whole product category.
There's a billion devices worldwide currently using the chip.
You know what one of those devices is, Jordan?
What's that?
The Flipper Zero.
I saw this.
Anyway, the ESP 32 is like the most used Bluetooth and Wi-Fi controller chip and it's in everything.
And the default Wi-Fi board for the Flipper Zero, a hacking tool has this chip in it.
So anyway, just a small touch-in before you get into deep rid of the story.
No, it's a good thing to bring up.
What we're looking at here and the reason this is kind of fascinating is that this isn't, when this was initially published
reported on, it was kind of described as a bit of a backdoor. And express if the manufacturers
clarified a little bit, it is and it isn't. What we're fundamentally talking about is a debug
feature that can be used and compromised potentially in some sketchy ways. But because of the scale
of this chip and how much stuff it's in, including a literal hacking tool, it's worth talking
about. Two security researchers from Tar Logic Security in Spain had started digging around in the ESP 32's
Bluetooth features.
Curious if there was anything going on under the surface.
They built this USB Bluetooth tool themselves called Bluetooth USB that was able to
bypass the standard OS level APIs and get them like raw direct access to the Bluetooth
traffic at the chip's hardware level.
What they found was 29 hidden commands in the chip's Bluetooth firmware.
These were not documented anywhere by the manufacturer of the chip expressive.
What the commands allowed them to do was a lot.
allowing the person to theoretically read and write directly to the memory of the chip,
RAM and flash meaning that someone could potentially rewrite the device's software or inject persistent malware.
What this means practically, there's good news.
These commands can't be activated remotely.
This is not the remote hacker somewhere in the world is compromising my device.
You would have to compromise the device physically.
The bad news is that if someone has physical or root access to a device with this chip,
these commands written onto the chip in this way could help them embed malware on the device
that could not be gotten rid of by a hardware or factory reset.
Yeah, to me, it looks like a debug tool kit.
Like when I look at the calls, like read memory, write memory, erase flash memory,
right flash memory, set Mac address.
Like a lot of these functions, I can see, like the, I can see how you can use them
maliciously 100%.
And I can also see where why they exist for,
development and debugging purposes 100%.
Those two things are very similar.
Often debugging is like...
Sure.
It's a good way putting it.
Debugging is like, how do I make it easiest on me to understand what's happening
in the chip?
And hacking is like, how do I make it so I can make the chip do what I want?
And it's like...
And those use the same toolbox.
So I could see how this became a big story.
And just given the scale of them, like there's...
I, there's probably like 15 of these chips in my house.
Yeah.
I'm looking around the room I'm in right now and going like,
three, four,
like I'm just counting.
Yeah.
Stuff that might have this chip in it.
Um,
like you said,
like debug stuff,
debug commands like this aren't new.
Other chip makers like Broadcom has their version.
Texas instruments have versions of these things.
This type of thing isn't that rare.
This,
and this is,
speaks to like a really common tension,
I think,
internet of things security, which is that developers need debugging tools.
But if you leave them accessible after the thing ships, it can create a vulnerability.
Express if the people who manufacture the ESP 32 acknowledge this is kind of an issue.
And they have promised an update soon to remove these hidden debug commands from future firmware
releases.
They have reiterated that these commands are part of like a pretty standard host controller
interface thing that is used in a bunch of different products.
Basically, like, the takeaway is if you have any internet of things stuff that you think
someone could get physical access to, update it, because this theoretically constitutes a
vulnerability to it.
Well, I'd say the yes and no, because you wouldn't need physical access.
You would just need access to the host running the chip.
So like when we talk about
That's a good distinction
Yeah, when we talk about
IoT vulnerabilities
Like
You know, your washing machine
talks to the Wi-Fi
through an ESP 32 chip
So it's like if somebody hacks
LG washing machines
And figures out a back door into them
They can then
They can then use this chip
to do other things
Like it's like a attack factor
Now all of a sudden
You've got a malicious
Bluetooth device on your network
or a malicious Wi-Fi device
inside of an LG washing machine.
And a compromise that can't be fixed, again, with a factory reset.
We've talked a lot about, I know you and I've discussed,
like Apple devices are a reset, just a turn on and off
is going to fix a lot of problems in an iPhone,
and a factory reset's going to fix even more.
And a compromise that can't be fixed with a reset of any sort is interesting.
Like, that's just a different kind of thing.
But the other thing, too,
I'd say is like maintainability.
Like how many people that have IoT devices in their house actually spend how many companies
that make them and then again knocking on how many people that own them, like that funnel gets
very small, maintain them.
Like if a firmware update comes out for your fridge, are you A D note exists, B, are you going to run it?
Like.
Yeah.
Yeah, my fridge is farming crypto right now.
I'm sure.
Yeah, it's fine.
It's helping, it's helping compute my new model.
SETI, yeah, it's helping find new star clusters or something.
Like, wouldn't that be great if one of those SETI, like, let us use your,
your extra compute to like process the cosmos things.
Was at the heart of some giant, like, malware scheme?
I know, like, we met some people at DefCon that, that specialized in security for
IoT devices.
And it's like it's really good that that's becoming a priority because I think when
IOT devices started coming out, they weren't prioritized.
So it was like security was not a priority.
So many of them were vulnerable.
So many like, it's like Wi-Fi routers back in the day where they all had default
passwords.
And now we're at a situation where it's like our fridges all have default firmware.
So I know this is actively changing as it's been identified.
And like we've talked about this in DDo.
things where like people have created armies of IoT devices to become DDoS endpoints.
Like this is, it's just a, I don't know. So I'm glad this, I'm glad this wasn't a real big problem,
but I can see how it could have been made into a bigger problem. I'm glad that they're fixing it.
Yeah, I remember when we first started making this show in earnest a handful of stories that had to do with like,
for me back then getting up to speed,
with the world of cybersecurity.
It was like, learn the basics, learn what a DDoS attack is,
and then immediately internalize the fact that a toaster can be implicated in one.
Like, it was just this weird thing of like,
there's something very technical going on,
but then also that like cool light bulb you own that changes color and connects to your phone.
It may be being used by Russian cyber criminals.
Like it was that kind of, it's the surreal part of it,
because it's just some stuff in your house.
I got rid of that toaster.
And meanwhile, I'm just sitting here thinking
about like if I could take an army of IoT devices, how long would it take them to compute a model for
an LLM for me? To go back to that thing you were talking about earlier, I could see a point in the
future where people can lease out unused compute or like, I don't know what you'd volunteer,
but like to say like, no, if you want to use some portion of this to train the thing that
you're training like giver. Yeah, yeah. I'm fascinated by it now. I have to, I have to Google this
after the show. I have to see if there is a distributed model trainer. Totally. Because it would make
could have a total sense that there would be.
And it's, I don't know, I love that idea.
So if anybody out there knows, or if you're a part of a project, add us on X or send
us an email or something.
I'd love to hear more about it.
Are there any stories, big security stories from the last couple weeks that we haven't
touched on yet?
And specifically, have you added any editors in chiefs to signal chats planning strikes
of military nature?
Because I haven't.
we didn't talk about that, did we?
We didn't talk about that.
It's been talked about so much.
I don't even like, am I going to tell you that that happened?
Totally.
I wasn't added to any signal chats, planning strikes in Yemen, so I have nothing to contribute
to that story other than maybe don't do that.
And I don't think it's signals fault.
I'll chip that in on that.
There's sort of maybe you've been a little bit of a clamor to be like,
Like, seems like signal's not very good.
Like, I'm, I'm 100% sure it's not signals.
Yeah, I quite like signal.
Yeah.
Don't use this as an excuse to outlaw encryption or some dumb shit.
Like, that would be the worst thing that could come of all this.
It's like, you did a dumb thing.
Own it.
Own it.
Just own it.
Yeah, I, nothing's really jumping in mind.
Like, again, I'm just a talk and, like, we're wrapping up here.
But it's like, I've been to specifically.
limiting the AI bubble.
Like that's, I just, yeah, you're in it.
I'm in it.
Like, I, I, I see it.
I see, I see what's happening.
And like the thing is, too, is like, I remember, like, eight months ago we were on a show and
I was like, somebody needs to figure out AIHR.
It's like, it's happening.
Like, there's a framework that I'm like implementing an application in right now that's
essentially that.
Like, when you say HR, you're not talking about replacing human HRs with AI.
No, no, no, no, no.
managing agentic resources to do stuff the same way a project manager or an HR person
does with human beings. I see what you're saying. So I'm building an organization of agents
each with their own subject matter specializations. And maybe that's like you're the researcher.
And then this was the person that evaluates the quality of the research. And they can tell you to go
get more research if they feel like it's not enough. And like building essentially an organization.
Yeah.
It brings you into the room when it needs to let the other agent know that it's firing them
while this other agent locks down their computer system so they don't write a kill switch code.
I feel you.
Yeah.
Exactly.
That's called bringing a full circle right there.
That's what we pros do.
That's what we pros do on hack a podcast.
Brought to you by push security.
Pushsecurity.com.
Thank you again for listening.
Appreciate you taking the time to hang out with us as we tell weird tech tales and we'll catch you in the next one.
Take care.