Hacked - Ticketmaster’s Billions in Barcodes Stolen + AI Misinformation Botnet + Breaking AT&T news
Episode Date: July 16, 2024We got a lot of messages about the Ticketmaster hack that went down since our last episode. We dive into all the weird angles of that evolving story, a strange real time news update about the AT&T hac...k, and spend a surprising amount of time hyping a Canadian movie about Blackberry. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
At any given time, Ticketmaster is in possession of a few billion dollars in barcodes.
These barcodes represent tickets to shows and concerts.
We are not going to get into the question of whether Ticketmaster is a bad company
using its near monopolistic market share to bully musicians, venues, and fans
and what seems like an active effort to drive down the quality of live entertainment around the world.
Are you sure we're not going to get into that?
Because it sounds like we just got into that.
Scott, I'm telling, we're not getting into it.
Okay, okay, okay.
The point is that the billions of dollars of tickets they sell every year are sitting on a server somewhere,
which represents a massive target for an enterprising hacker or potentially hackers to go after.
Which I bring up because.
About a month ago, the hacker group Shiny Hunter starts posting that they have breached Ticketmaster.
And a few days ago, they released more information on breach form.
about what they stole.
They are claiming, amongst a bunch of other pretty sensitive user data,
193 million barcodes with an estimated value of, and I want to get this right,
22,695,713,141,141 U.S.
Whoa.
Big number.
And I would think someone in practice would struggle to move 22 billion.
dollars in stolen concert tickets.
But not having $22 billion worth of your commodity leaked to the public has got to be worth
something to Ticketmaster.
So, shiny hunters, then claims on the form that they are trying to charge a ransom.
Initially 1 million, eventually eight, once they realize the value of the data.
Ticketmaster has claimed that even if they did leak, they have a security system that prevents
people from using stolen barcodes, a system that they call safe ticks.
You've probably seen it.
The barcodes have this sort of moving line over them.
They're refreshing certain information dynamically.
Most people have used safe text before.
So pretty interesting story on its own.
Then, in a weird coincidence, a few days later, I see a post by an anonymous security researcher
named Conduition on Hacker News that is blown up.
And it turns out that right as Ticketmasters in the middle of this giant data breach
stolen ticket data scandal, another story is unfolding.
That concerns this researcher who claims to have cracked the safe tics system.
Reproducing the dynamically refreshing tickets that Ticketmaster claims makes these leaks moot.
So the story right now goes, someone steals billions in tickets from Ticketmaster,
but don't worry, Ticketmaster has safe tics, but oh no, someone just cracked safe tics.
It's a fascinating story, and I think we got to talk about it.
I'm in. I'm in.
We got lots to get to, man.
On this episode, a fact.
Uh, d-dunal sounds.
How are we doing, Scott?
I think we're both a little off, but I think all in all we're okay.
How are you doing?
I think we're...
I'm doing pretty good.
I'm doing pretty good.
I'm recording in my bedroom because I have a house guest and I have a headache.
So I'm happy to be here.
Am I at my best? No. But I'm happy to be here. I strive to be anywhere close to your not best.
Yeah, we're at the tail end of like a five-day heat wave and I think everybody's kind of slowly losing it a bit.
But thankfully, I think it's cracked. I think the... I've forgotten what it's like to be comfortable.
I'm not going to lie, have since the day that this all kind of set in, like what it was, Sunday of last week, when it started to get
really hot.
Like, I've had my AC pinned and I've refused to let my house warm up because I know that
I don't think the AC can sufficiently bring the temperature back down.
So, like, normally my thermostat's all eco-e, but for this heat wave, I've kept it pinned.
And I feel bad for my air conditioning unit and my, like, home circulating fans and stuff
because they've just been working for, like, 200 straight hours, which is, or like 150
straight hours. So I feel bad for them. You know, a lot of empathy for the moving parts in my furnace.
Those little motors. When I found out that we were going to have the house guest I mentioned,
staying with us during this, in that room, I was like, I'm, he might die. Like, I'm really genuinely
worried about putting him in there. And so far hasn't died. So it's going okay.
Good stuff. You haven't killed somebody. Awesome.
Yeah, it's been hot.
It's been enjoyable, though.
I found myself up biking a number of times in the heat.
And as long as you stay well hydrated, it seems to be okay.
I think my body's getting a bit used to the heat, which is nice.
So it feels like summer, you know?
Feels like summer.
And you know who I particularly want to stay hydrated?
Who?
Our new patrons on Patreon.
Oh, yeah, of course.
I hope they're surviving well in this heat.
wave if they happen to be in it. It's true. I particularly just want to know that resinousavi is well hydrated
and thriving. Thank you for your support. It means a lot to us. I've got concerns for Big Mike is a
Sasquatch because Sasquatches are quite hairy, so he's probably very warm. So I'm hoping he's found
himself a nice mountain pond to lion. This probably betrays a lack of knowledge of basic biology,
but I think about how like dogs can pant it out. Can Sasquatch is paint?
I guess they're more like a, yeah, I don't know.
But I hope he's doing well.
This could start a lifelong discovery into the physiological components of a
Sasquatch and what makes up a Sasquatch.
This is where we spin off our new show, Cryptids,
where we just ask very granular hypothetical questions about the Loch Ness Monster.
And you know who I think will be there supporting us?
Ben Oberleason, thank you so much for your support.
Absolutely.
And Golden Techie, 380.
we really appreciate your support.
Just as much as we appreciate it.
From Luke Schneider, thank you so much.
And Lord V.
Appreciate you.
Last but not least, Adam Picard,
thank you so much for your support.
If you want to support the show via Patreon,
going over to hackpodcast.com,
it redirects there.
You can jump on into our Discord
and share cool stuff you made in the share cool stuff you made channel.
It's a lot of fun and it means a lot to us.
Totally.
Thanks to all our patrons.
We love you so much.
We do. Ticket master. I want to talk about it. I think that's been the big story since we last spoke. I've been seeing it all over the place, Bruno over on Twitter. Michael in the Discord of several people shared with us this story. Because there's actually like three or four stories here all starting to get woven together in a weird, blurry mess. It's pretty early in this story. There's a lot of competing tales of what has occurred here. So big old asterisk.
over this thing, but I think we got to start there.
Yeah, I think so too that when I saw the original information coming out about the leak of the
barcodes, I was like, oh yeah, of course.
Like barcodes are nothing but a series of numbers.
Of course someone's going to have, you know, hacked into a database, grab the records
that pumped them out of the dark web somewhere.
I'm shocked that it hadn't happened before, honestly.
And then it's funny because I didn't actually know about the reverse engineering of the
of the algorithm until right as we started this recording.
But the first thing that jumped into my mind when I saw the leak was,
with such a large data set,
somebody could surely reverse engineer the algorithm.
So here we are.
Here we are.
Yeah.
I think a few people have started to observe the serendipity
of an independent security researcher cracking safetics right at the same time
as Ticketmaster is experiencing,
one of the largest breaches they've ever experienced,
potentially multiple will get to it.
But I definitely found it fascinating.
I was getting these leaks about this story,
and then I was over on Hacker News,
and I saw that post,
and I thought, what are the odds?
And given how people feel about Ticketmaster,
pretty good, I think, is maybe what I'm learning.
I think, you know, I don't know about all this hate for Ticketmaster,
but it sounds like there's a lot of it.
There is.
I'm just joking.
You're like, I'm a big ticket master.
Stan, big live nation guy.
Yeah, but huge.
I got a Ticketmaster T-shirt.
You know, I'm on their merch store,
coping their stuff.
I'm a patron of Ticketmaster.
Sadly, I think we're all patrons of Ticketmaster.
We are.
Whether we want to be or not.
That's the problem.
Yeah, crazy, crazy, crazy story.
That number of the 22 billion number really shocked me.
I didn't think it would be nearly that much.
But I guess that just is a representation of how much of our,
creative, like, revenue that goes to artists now comes from events.
It's true.
Like, I used to go to a boatload of concerts when I was younger, and I don't as much anymore.
And usually when I do these days, the tickets are really expensive.
And I'm always, like, kind of shocked at how much a ticket cost these days.
But I guess that's the cost of online streaming platforms and our music royalties going away
with record sales disappearing and things like that.
It is probably the last, one of the last meaningful revenue sources for artists.
And it's not great when it has been captured to the degree that it has.
But regardless, so in May, regardless, we'll get back to that.
In May, this hacker group called Shiny Hunters infiltrates Ticketmaster.
I think we've talked about them before.
Shiny Hunters is a black hat criminal hacker group.
They started showing up around 2020.
They were behind the AT&T hack in 2021, the Microsoft hack in 2020, Wattpad, mashable, a bunch of stuff you've probably heard of.
They're named shiny hunters after shiny Pokemon, which requires no explaining as far as I'm concerned.
So the hack ticket master, part of Live Nation.
And recently, they went on to announce a little bit more information about the extent of the breaches.
Do this big post on breach forums under the title, Ticketmaster event barcodes, Taylor Swift, part one of 65,000.
So July 4th, which is when I got under the story, they dropped this follow-up post unpacking more about what they stole in this breach.
And the negotiation they claim they have had with Ticketmaster.
Like I said, big old grain of salt with all of this.
They're claiming to have stolen 440,000 tickets for Taylor Swift's Aeros Tour, which this is an aside in the post, they say, quote, she will be performing a lot.
She will be performing in front of Congress,
alongside performing in her tour, sort of speaking to the severity and impact of this breach.
The numbers here are pretty wild.
Total barcode stolen, 193 million, with their napkin math indicating the better part of $23 billion U.S. in value.
According to Shiny Hunters, they initially accepted a rushed sort of $1 million offer from Live Nation to keep the breach
under wraps. Live Nation has denied this. They say that realizing the true value of the data they
have, they increase their demands up to $8 million. Their rationale behind this is that they, when they
figured out what was in here, the potential cost of all of this to Live Nation and their minds went up.
And I think that that's pretty valid. Totally. Yeah. It's not a good situation we're taking master right now.
I think a lot of people have gotten the, hey, we lost some of your information emails yesterday.
I was talking to someone. We're looking at 980,000.
million sales orders, 1.2 billion party lookup records, 440 million unique email addresses,
400 million encrypted credit card details with partial personal information. And Shiny Hunters is
claiming that this breach is one of the largest publicly disclosed nonscray breaches of
customer, you know, personal information ever. There's another actor in this, a person,
a character on breach forms named Spider Hunter. It's unclear whether they're part of it. They're the
same hacker who back in June leaked a million Ticketmaster user records. If they're part of
Shiny Hunters, it's unclear why there are two separate ransom demands. Theirs was two million.
Shiny Hunters is eights. It's all pretty messy. But if you get to a high enough level and you
look at the worst case scenario here, it's the Ticketmaster was breached by two different groups
and is being currently held ransom by two separate parties. Yeah, that's bad news. It's not great news.
No.
I'm in the background here trying to find a good database size calculator to estimate approximately how much data these people had to expil.
Oh, my God.
Because 980 million records is a massive piece of data.
You make a good point.
The hackers have been like, can you mail us a hard drive?
Like, could you imagine trying to open an Excel spreadsheet that was 980 million lines long?
Oh, my God.
It would be like your air condition.
They'd just be brutal.
Oh, yeah, exactly.
Like that, it would have taken them, like, granted ticket master will have large pieces of pipe and massive data centers.
But to X-fill that much data, like, that's a huge amount of data.
Like, we're in the, like, I don't, like, I'm trying to find a calculator here because I don't even want to estimate how many, how big this is.
It's not small.
No, it's not small.
That's the point.
So Ticketmaster writes a comment to Hackreeds who did a great job breaking this story saying, quote,
Ticket Master's Safe Tick's Technology.
That is a mouthful.
Protects tickets by automatically refreshing.
Safe Tics Technology by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied.
This is just one of many fraud preventions we're implementing to keep tickets safe and unassailable.
So we read this story.
Brunas sends it to us.
Michael sends it to us.
Great story.
go over to Hacker News and we bump into this post by Conduition.
Conduition is an anonymous cipher freak specializing the cryptography,
scriptural smart contracts,
and he writes this big, long, very in the weeds breakdown called reverse engineering ticket
masters rotating barcodes in brackets, safe tics overview.
It's essentially a case study of how to reverse engineer these tickets.
Conduition kind of tells a story of buying some tickets from ticket master,
which issued them via, you know, this.
mobile entry system called SafeTix with these rotating barcodes instead of printable PDF tickets.
This rubs them the wrong way.
They found the experience bad.
They don't like having to download an app that could potentially be compromising their security in order to use a ticket.
They find it biased against people that aren't good with technology, but do want to see live music,
which is honestly pretty reasonable.
So Conduition embarks on a project to crack Safe Tics.
I don't think it took them long.
I read through his synopsis, he made some early discoveries,
like the animated barcode sweepie line thing that goes over and over and over your barcode
is actually just a CSS animation running on essentially an HTML page.
Yeah.
Yeah, so it's like, and the other thing is too is that once you load your ticket, it saves it locally.
So pretty much getting the source HTML for your ticket data will pretty much show you.
you what's going on or like would be a good chunk of where to start. So yeah, he makes some,
makes some really great early discoveries and yeah, Ticketmaster, eh? Yeah, like you said,
there's a couple different things going on here. First off, as you said, there's these refreshing
blue lines that go over the barcode, which I think he refers to basically a security theater. As
you said, it's just a CSS animation that doesn't inherently enhance the security whatsoever.
I do love like the moniker security theater.
I feel like a lot of security is security theater.
Completely.
I've never heard that used and I'm going to start using that now.
I think he has a great understanding of this safe tick system.
And what it really is, like there is definitely a security element to this.
They are trying to make it more difficult to using something called a time-based one,
one-time password, which is similar to the things used in two-factor authentication to cycle through the numbers that generate the barcodes.
He rapidly figures out how to fake that.
But to be honest, a lot of this is just due to the fact that Ticketmaster, it's pretty
remarkable coincidence that these tickets can only be bought and sold inside of Ticket Masters app,
effectively giving Ticket Master complete control over the secondary market of tickets.
There's arguments for why this could be considered good because it helps eliminate scalping,
except no, it doesn't, and the prices on those tickets go insane.
So it's really hard not to see it that way.
I'm going to jump in and say that there is a valid point for this.
That's not just to eliminate scalping because obviously scalping still exists.
It just occurs in the Ticketmaster platform so that they get 25% or whatever their cut is of the scalp.
I think the big thing here is like back when digital tickets came out and,
There was no safe ticks.
You would send somebody money and they would send you a screenshot of the ticket.
Yes.
And you didn't know if they sent that screenshot to like 33 other people.
So if you got to the venue a little bit later and went to scanning it and they told you that your ticket was already used, then you just got scammed.
And I think that's the positive for this is that they were trying to eliminate end user scamming so that they could enforce their own scamming.
No, wait.
A legend.
completely. The ticket resale ecosystem is just like a nightmare. And that persists to this day. I think the
unfortunate thing about those scams is that apparently I was digging around in some reddits of people who work in theaters.
They say the number of people that show up to a concert with duplicates of the same QR code. Ticketmaster, non-ticketmaster is like, that happens a lot, I guess.
People walking up not knowing that their tickets were a scam and finding out while they're staring at the ticket clerk is a pretty common experience.
And one that thoughtful programming and good security could potentially help address.
I can't see a world where this cat and mouse game doesn't continue, though.
I think there's just so much money, especially when you look at something like the Ares Tour.
were like the,
sure.
Such a massive, broad scale, global tour, tickets were in crazy demand.
I'm sure both of us know people that flew to foreign cities to go, go see the tour.
Literally.
You know, it just like, yeah, literally.
The, you know, when people are committing four or five thousand dollars to a vacation,
essentially to go to this concert, you know,
picking up a set of tickets on the secondary market for a thousand bucks a podcast.
is not, you know, outrageous when you're looking at the fact that you're investing so much in it
already. So it's, it's, I think that the, the game is nowhere near over. And I think that it's going to be,
this would be an interesting through line for the remainder of the hacked seasons to talk about the
what ticket master is doing and, and other ticket providers are doing to stop people from defrauding,
you know, the, the, the, the end users on the secondary market. And it's like, they've kind of gone the
Apple motif where it's like we control our app store, we control what goes on our phone,
and Ticketmaster is like, we control the secondary market.
Like, we're not denying that it exists, but the only way that we can make it somewhat safe is
to control it.
So I can kind of see the corporate side of it.
But at the same time, it does take that monopoly narrative and kind of blow it up even a bit
more.
Yeah, especially considering the Department of Justice cases.
for whether or not they're operating a monopoly
that they're currently engaged.
And the timing of this couldn't have been worse for them as a company.
Which further is the Apple motif.
For sure.
They're also,
they're also,
the same thing.
Completely.
They,
it does bring up just how much of the economic value in the live entertainment
space is just literally represented by numbers on a server somewhere belonging
to a company.
Conduition on packs.
These are something called PDF 417 barca.
encoding UTF8 texts with this CSS animation sweeping on top of it.
And quite quick, it is a fascinating read, even for a layperson like myself.
I recommend everyone check it out.
But he was relatively quickly able to work it out.
The conclusion of their posts, I just want to read it because I found it fascinating.
And it, it thinks to part of the motivation conduition had in taking on this project
and part of how people feel about the company.
language note for the quote I'm about to read.
I think we can all agree, fuck ticket master.
I hope their sleazy product managers and business majors read this and throw a tantrum.
I hope their devs read this and feel embarrassed.
It's rare that I feel genuine malice towards other developers, but to those who designed
the system, I say shame.
Shame on you for abusing your talent to exclude the technologically disadvantaged.
Shame on you for letting the market team dress this dark pattern as a safety measure.
And shame on you for supporting a company with cruel business practices,
which is then linked to the lawsuit we mentioned over whether or not Live Nation was threatening
to withhold shows from major venues that don't use Ticketmaster is their only service
ticket provider.
The last line of this I quite liked.
Software developers are the wizards and shamans of the modern age.
We ought to use our powers with the austerity and integrity, such power implies.
You're using them to exclude people from entertainment events.
Have fun refactoring your ticket verification system.
It's so technically sophisticated and so petty.
You love it, don't you?
This speaks to you.
I do.
Yeah.
It really does.
It just, it scratches something.
If I know Jordan well enough, this is right in your wheelhouse, which is definitely why
we're leaning in with this story.
The barcodes in the text, they're just two different standards.
UTF is Unicode, one of the main Unicode standards.
The database is used to encode text so that if you have multinational,
text or cross-language text.
It knows how they encode it and de-encoded.
And then the PDF 417 barcode format is just a stacked vertical style barcode rather than the
traditional one, which would have been on the old school ticket master tickets, like just the
lines that you see in the UPC codes.
This one's kind of a more modern representation of it, but essentially is the exact same thing.
This holds a bit more data.
Got it.
There's also the time sensitive element to it that I don't totally.
totally understand involving refreshing them, but Condition seems to have been able to figure that
out too. Yeah. So, you know, getting in sync with whatever that clock system that they're using is.
So RSA created a, a version of this for two-factor authentication. I don't even know in the 90s,
maybe, the little secure ID tags. I think it was the late 90s. I'd have to double check.
Right. Which made... We talked about these before. Yeah, yeah, which made them famous, you know,
and it was like this little dongle that you wore on your keychain, and it had like a rotating number
every 60 seconds on it.
And that was your time-generated one-time password.
So this is essentially doing the same process.
So it's using a 25-year-old security process, give or take.
I'm not exactly sure on the dates.
But it has to have a clock sync and then the shared secret,
which is like the salt in the hash to generate the barcode or the one-time password.
So pretty now I would say like when it came out in the 90s,
it was revolutionary.
and I'd say now is very, you know, de facto security standard.
It's better than nothing.
You can't say that they didn't.
They're not trying, let's just say that.
I don't doubt for a second that Ticketmaster earnestly doesn't want people to be able to fake these tickets because it undermines the secondary market that they control.
Well, it also underlines them.
Yeah.
Like the, like, like, if you can imagine, if we could go back 30 years, like, still to this day, when I run into,
mostly bureaucratic processes, they're mostly governmental,
that require such low barriers to entry,
like a piece of paper that they'd photocopied
and they hand you a copy of it.
And you're like, well, I can go take this home and photocopy it myself
and then I can give one of these out to everybody.
And we've all just bypassed some bureaucratic headache.
And it's like 30 years ago, you could have done that with tickets.
Like it was barely anything.
the barrier to entry was the ticket stock.
It's like our cash paper.
It's like making money comes down to like,
can you get the right paper?
Yeah, a printer.
And it's like that's the barrier.
Yeah, exactly.
Well, it's funny that you bring that up
because there's one final little stinger on this story
before we go to break.
Technically, ticket master does offer some situations
in which paper tickets are allowed.
The resale market is, you know, all safe tics, but if you purchase directly from them,
I think you can actually get printable paper tickets.
The last being in this story, a few days later, after Ticketmaster posted this, no, we have
Safe Tick system.
Don't worry about any of this.
We do have safe Tics.
Safetys solves all of it.
Conduition writes that unrelated document explaining how it is also vulnerable and kind of
popping off against the company.
Shiny Hunters, the original hackers, reads all of that, and then,
does another post. And it concerns the fact that while you can't print the barcodes for digitally
delivered tickets, they do sell those paper tickets. Their post goes, quote, we just shared a four-step
tutorial explaining how to make your own real tickets using the leaked information. A YouTube video,
Ticketmasters, TicketFest, our work guidelines, and then a link to Ticketmaster's site explaining
the specific printing guidelines for their tickets. Quote, our response to Ticketmasters claims is
Ticketmasters lies to the public and says barcodes cannot be used. The ticket database we have
includes both online and physical ticket types.
And then they add another, just to sort of drive this point home, they just drop 30,000
of the barcodes along with this tutorial.
So at this point, it sounds as though negotiation is broken down just so people can try
it at home, which is, again, a level of pettiness.
I'm not even really sure who sign I'm on right now, shiny hunters, you know, say what you
will.
But the drama of it all is certainly very, very, very.
compelling to me. And the thing that's unfortunate is that probably some people with real tickets
are going to have a very bad time at a concert when there are conflicts and duplicates floating
out there in the world. Yeah. I'm hoping that Ticketmaster is being very, very upfront in
reissuing any of those barcodes that were stolen, getting in contact with the actual proper owners of
them. I hope they're putting in the effort that this warrants because right now they have a lot of
people going after them and it would suck if the people that are inadvertently victimized are
people that just wanted to go see a exciting concert from their favorite artist.
If there's anything you can trust, it's that a company will be looking to limit its liabilities.
And I think that the class action lawsuit that would be flying their way, if they weren't
taking it seriously, was outweigh the cost of making people.
people work harder to make sure that it gets resolved.
So I'm confident in one thing, and it's that.
I can see, yeah, especially when it comes to things like the Taylor Swift Erez Tour,
which people have notoriously been flying around the world to go make sure they see.
And it's like, imagine getting to Rome and going to the concert.
The only one that you could find tickets for showing up at the gate and being told
that somebody's already entered under your ticket ID.
Imagine that lawsuit and all of the travel logistic stuff that you would be including.
Imagine if that happened to thousands and tens of thousands of people,
it would be hundreds of millions of dollars lawsuit.
I would sooner get into a fight with the Department of Justice than Taylor Swift.
Seriously.
There's no one.
I don't.
I want to be in a fight with less than Taylor Swift and Swift.
It's just not, you're going to lose.
It's not a good idea.
Yeah.
And just like, this is just a touchback and has nothing to do with the cybersecurity thing.
But did you, do you see the, like, was it Amazon or Apple TV special about the Ares Tour where they recorded one of the performances and released it?
I haven't watched it.
No, no, but I, but I saw the ads.
I saw the big banner.
Yeah.
There was like a movie about the tour.
Yeah.
Well, it's kind of, it's like a live recording of a single performance, I believe.
And last I heard.
Oh, okay.
And I'm not sure if this is.
confirmed, but the licensing rights alone for that single show were in the nine figures.
So it's like, get it.
Get it, Taylor.
Get the bag.
Like, you just have to do, you just have to do the concert that you were going to do already
and a bunch of people set up really expensive camera gear and you get a hundred million
dollar licensing fee.
Like, good for you.
Yeah.
Nothing about respect.
Speaking of alternative income for creative artists,
looks like if you're at the top of that pyramid,
the revenue's not so bad.
Yeah, things are going okay for Taylor Swift.
But I wouldn't use her as a bellwether for the health of the arts and entertainment industry.
Yeah, yeah.
If Taylor's having a rough week,
then you can just trust that there's a few hundred million other artists
that are having terrible ones.
Yeah, crazy.
Yeah, it's a wild one.
Speaking of entertainers trying to get that bag.
I think we take it over to the advertising oasis.
Is that what we named it?
I feel like that's what we named it.
Yeah, I like advertising oasis.
It's like, it's like got a peaceful energy.
I think that's what it was.
It's like a day at the spa, but it's helping us pay for this podcast.
Yeah, but commerce.
But spa is not commerce.
Come on.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere, saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agenic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflow.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at,
machine speed and hundreds more that automate the repetitive work that normally buries human
analysts. Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions. The automation frees your
concierge security team to focus on higher value strategy and proactive risk reduction.
while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their head.
Organizations around the world saw headlines they never expected in cybersecurity teams
We're tested like never before, but here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving to the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights into how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead of the next big breach.
It's not fearmongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
So speaking of the AT&T hack in 2021, which you'd reference when talking about shiny hunters,
breaking that AT&T has been hacked again.
Apparently, hackers have stolen all of the 2020.
call and text data for nearly their entire cell network.
So here's the big catch on it is they didn't get the content of the data, which is great.
But they literally just got the interconnections.
So like this person called this person at this time.
This person texted this person at this time.
But this information literally came out today as we're recording on Friday to 12.
So as we're recording.
As we're recording.
And it's funny because you made reference to the 2021.
hack and I was reading these stories this morning and I was like oh AT&T got hacked again the because yeah the
2021 hack I think uh was something like 7.6 million users were impacted by and this one it looks like
their entire network was impacted by which is kind of wild so there wasn't a lot of personal
information apparently apparently it is just the connection logs you know so
It is big. It is bad, but it could have been worse, I guess, is what we say these days with the amount of data breaches going.
Yeah, I'm glad the content of text messages isn't there. Content of calls feels like it would be trickier, but I could see there being a world in which, God forbid, somehow a text leak was to happen. And if it was to happen from AT&T in the States, that would be pretty catastrophic. You can read about it in a SEC, five,
and AT&T also dropped a press release, literally as we were recording this.
Pretty wild.
Yeah, if it was content, I feel like we would find ourselves in a world where people were
quickly migrating.
Because I believe people have an inherent trust with their text messages, and they kind
of see them as private and secured and confidential.
And maybe that's not the case.
I think that we'd see a big rush to companies like Signal and lots of encrypted messaging
platforms because I just think that like
I feel like once that
veil gets lifted, it'll be hard
to get reestablished.
And it's like
text messaging is just one of those
like text messaging was created
as like a side gimmick
on the side of your phone.
I don't know if you remember T9 texting and stuff
like that, but like phones per phones
for phone calls and now nobody
uses phones for phones really.
It's very rare. So
the text message is the preferred
or I would say one of the more preferred ways to communicate among close individuals.
And yeah, I feel like if that wall ever comes down or that veil gets lifted,
I feel like there'll be a big rush to more secure messaging platforms and things like that,
which I don't think is a terrible option.
But, you know, just an interesting tidbit that ties back to the previous story.
That's literally happening as we speak.
Yeah.
I think we're hopefully at the tail end of the transition from SMS to RCS.
We've all been living in the shadow of still using this 20-year-old unencrypted technology.
Because a couple of large technology companies can't, I'll speak frankly, get their shit together and adopt an encrypted standard that might threaten the color of some bubbles in a messaging app.
But it sounds like we're finally going through that process.
So hopefully, if one of these leaks ever happens,
again, we'll know for certain that in an era of RCS, we don't need to worry about our text
messages getting leaked.
In looking back through time, like the Blackberry obviously brought us, you know, the
smartphone largely.
Yeah.
But they also brought us B.B. Messenger, which when it existed was, I would say, a bigger
marketing piece than the fact that, like, once other smartphones started to penetrate the
market, people were married to their BD Messenger.
B.B. Messenger list because they had like an instant encrypted messaging platform among,
like, I used to have a bunch of really powerful people on my BB messenger. And it's like,
those are people whose contacts have essentially lost forever and haven't communicated with
since. Sure. And like, that was a thing. And it's like, I can see, I can see why the large
technology companies are holding the strings and are fighting back against the migration. But I think
they're doomed. I think it's, uh, I think it's going to be a mandatory change. And I
I'm looking forward to it.
It's not like it's, it's not like you don't have the option to message with people
on other technology platforms.
It's just, the messaging is worse, which is just worse for everybody.
So it's like, what's the point?
Like, you're not, there's no real competitive technological advantage here.
Like, just join the club.
Did you, BlackBerry was weirdly ahead of their time in so many different ways.
Did you watch the Blackberry movie?
Total tangent.
Total, total Canadian tangent here.
Yes, of course, the miniseries.
Yeah, it was great.
Well done.
I thought they...
It was so good.
I thought they wrapped it up.
Like, this is, we're in Tangeland.
I thought they wrapped it up a bit too fast for me.
Like, they kind of went from like, they told the development of the plot and the storyline
of the company, but then they brought it all down in like one episode.
And I was like, I feel like a lot of things probably happened in those moments.
So it would have been, to me, to me, that was.
was my only B for it, but I thought it was very well done.
Interesting.
I, I, uh, I forgot that they rechopped it as a TV show because I watched it as a movie.
So we started talking about episodes.
I was like, wait a minute, but you're totally right.
I think CBC, uh, the Canadian broadcaster, uh, chopped it up as a show.
Glenn Howardton as the, like, that was so good.
Always sending in Philadelphia.
Yeah.
The.
Yeah.
He was good.
I didn't actually know it came out as a full-length movie.
I thought it only came out as a miniseries because it was.
I think four episodes.
It makes more sense why it resolves so quickly,
hearing that it came from a movie format.
But, because I think it was...
It worked better as a film also.
Yeah.
I didn't find the wrap up quite so bad,
but I can imagine that if the last 40 minutes was an episode,
it would seem as though everything was going great
until the last episode,
which is a weird arc for a thing.
Yeah, yeah.
Why, I think there's one scene in that entire movie slash miniseries
that really stood out to me that was like,
I don't know if you remember it, but they're Jay Baruchel,
Barichel, right? Canadian actor, guy that played one of the founders.
Yeah.
He's on stage, like, talking to the team about the iPhone coming out,
and one of the senior texts gets a text message,
and you hear the iPhone noise, and he pulls out his phone and mutes it.
And he's like one of the lead devs for Blackberry,
but he pulls out his iPhone.
And I just thought that that was such like a,
That's really good.
Like such a powerful scene of being like,
like, he's up on stage being like,
we're not in trouble.
We're not in trouble.
And then you hear the iPhone, like the original, yeah, exactly.
You hear the original SMS noise come out of an iPhone in like their team.
And it was like, oh.
And like to me, that was like whoever directed it, like that scene, you nailed it.
Like that to me, like I was like, yep, there it is.
Like that's the downfall of your company.
Like you just heard the noise of it.
Yeah.
So.
It's in C.
I, my favorite, I thought you were going to bring up the scene where Glenn Howard and's character is, is screaming at some people.
And I won't say the context as a spoiler, but Waterloo, Ontario is where Blackberry was based.
And he, it's Glenn Howardton screaming.
I'm from Waterloo where the vampires hang out, which is just like that was stuck in my head for hours after watching that movie.
I'm like, what is going on in Waterloo?
I got to go there.
I'm from Waterloo where the vampires hang out with like a Canadian accent, shouted horse.
It was such a, I really like that movie.
He did such a great job playing, playing that role.
I thought, I don't know, I thought the casting, like, for essentially a Canadian film,
is really good.
Like to bring in a bunch of, like, top-tier acting talent to run the leads.
I thought they did a great job.
So if you haven't seen it,
I don't even remember exactly what it's called,
but let's look it up.
I highly recommend.
I think it's just called Blackberry.
Yeah, it's just called Blackberry.
If you're old like me and you had a Blackberry,
you should go watch this movie because it's good.
It's fun.
It's like an interesting narrative on it.
So highly recommend it.
I think it's on Amazon,
as well as it looks like it's for rent on both YouTube and Google.
And it's on Crave.
So there you go.
If you have any of those things,
there you go.
sell the favor, go spend an hour
or two watch this.
You should still have the
advertising oasis sound design firing
in the background of this whole part.
I want to talk
about an AI-powered
Russian bot farm. Talk away.
Are you down? Yeah, of course. Okay, amazing.
Can I get an AI tool to write me my
responses fast enough?
You probably
could and you wouldn't be alone.
So the FBI announces they took down
this 1,000, you know,
account botnet powered by AI.
So,
and that's the takedown of this bot farm that's using large language models to power
about a thousand fake accounts on X and Twitter,
spreading disinformation,
coercion sentiments.
You know,
AI powered bot net spreading state sponsored propaganda is kind of novel,
but it's made up of relatively familiar parts.
Don't we just call that Twitter now?
It's really bad.
I don't go on there very often,
but it's just bots.
It's the, yeah, it's interesting.
I'm not sure how they're going to compensate for it,
but there are a lot of,
and you can,
like I've gotten well,
like,
you know how there's like teachers that know how to read between the lines of what is
a chat GPT generated essay?
It's like I can know,
when I'm on,
when I do dip my toe into the observing pool of X.com,
I can immediately see,
it's always in the comments and the responses.
So like something will get posted.
And like then there will be a bunch of like weird account names that have like this perfectly structured response.
And I'm like, oh, that's a bot.
Like that's a bot.
Like that's a bot.
Like they almost have to look for like, whose grammar is too good.
And then like auto moderate all of those things.
Because everybody else on X is just like screaming, you know, political and social positions and like broken.
English. And then there's like this well structured like thing being like, well, I think Russia
deserve doing way to Ukraine because for Ukraine has and it's like and you're like, okay, that's a bot.
So am I, am I shocked at who's behind this bot man? If it uses a semicolon, it's probably
a lot. Exactly. Am I can if I'm, am I surprised that Russia was behind this, then no.
If there's something more, um, deeper than maybe. But if it's just a Russia state's
sponsored thing that does not surprise me whatsoever no that part alone isn't necessarily surprising
are you familiar with rt rt dot com like the like the russian telecom the news thing yeah
russian today russia today or rsia segdon sorry one second there's the noise from blackberry
berry there's the noise from the blackberry movie you still use it still use that yeah
RT, Russia today,
Rosia Segonia is a Russian state-controlled international news television, you know,
network.
It's funded by the Russian government.
This botnet was not created by a company inside of Russia or like a, you know,
state-sponsored hacking group.
This botnet was allegedly created by RT, by the deputy editor-in-chief back in
2022, funded improved by the FSB, which is the successor to the KGB.
you. So this botnet on Twitter was produced by a large news network.
I wish I could act more shocked to that, but I feel that tracks to you.
That tracks to me.
Maybe it's because I spend so much time on X listening to people shout about media
biasing.
I don't spend a lot of time on X, but when I am on X, I see those sentiments perpetuated
constantly.
Sure.
And like, we all know this, like Canada has the CBC and there's a lot of,
large faction of Canada that believes that they're essentially just the propaganda arm of the current
government. So like a bunch of Canadians believe that. So for the CBC version in Russia to be a
propaganda arm of the KGB, that doesn't surprise me, sadly. But them running an LLM powered botnet on
Twitter, maybe it's just like the word cloud is so strange. But I guess it, it, it,
does sort of track. It's what you'd expect that using American sounding names and fake accounts
set in locations across the states, user accounts like Ricardo Abbott from Minneapolis, posting
a video of Putin justifying what they're doing in Ukraine, Sue Williamson posting a video of Putin
talking about a new world order. It's all the content you'd expect, but from these, you know,
faux American accounts produced by a newsroom. The, you know, this, you know, giant botnet, they,
they put, they, they, blah, blah.
Spahnowna was mentioned in a cybersecurity advisory by the FBI, the Netherlands intelligence officers, and a Canadian cybersecurity authority.
Just sort of talking about how they use these LLMs to create these social media personas en masse to generate text messages and images and to sort of just mirror the disinformation that other bot personas were, you know, creating to sort of develop a bit of a sense of a consensus on the platform on a case-by-case topic-by-topic basis.
Yeah.
Yeah, I found it fascinating.
I guess it isn't really that surprising.
It's the kind of thing where as you say it out loud, you're like, yeah, it is, it is a very familiar ingredients, but I was intrigued by that.
I don't know what you would call this, you know, cluster fuck that is development and fact-finding and developing of ideas and ideologies.
It makes total sense that you'd want a multi-prong attack, and it doesn't, sadly doesn't surprise me.
and I don't know, I think I would spend more of my time focusing on who's to blame.
Like, Russia's obviously just trying to do what's best for Russia's interests.
Like, should we be holding X and Facebook and any of the other social networks more accountable to not?
Like, at what point are we just going to start banning all traffic from Russia?
And again, you know, to cite back to a story recently about North Koreans being our IT people, will that even work?
Like how, where are we going to, where are we going to intervene here?
So it's like, how can we put a stop to this?
And when will truth come back?
And does truth even exist as a concept anymore?
What even is truth?
What even is truth?
Truth exists that Russia is running probably a ton of large LLM powered botnets.
To tell stories and spread information abroad is not surprising.
that a large media institution would actually be behind it is like kind of novel to me.
The fact, the thing that feels like it's shifting is the normalization of it.
And this is maybe where the story ends.
And it has to do with the fact that RT, I'm not going to say they haven't denied it,
but their response was pretty fascinating to me.
And it wasn't saying, no, this didn't happen.
No, we had nothing to do with this.
So Bloomberg broke the story.
again on the topic of botnet farming
RT's response to Bloomberg who wrote the story was
quote farming is a beloved pastime for millions of Russians
which like I am really not on their side on this one
that's a pretty funny thing to say when someone's accused you of running a state
sponsored LLM powered botnet oh that's amazing
is quite the response
yeah
whoever the head of that PR department is deserves
a raise or deserves whatever empower the government of Russia can give them.
Aside from the great quote, it's like this stuff, this stuff works, you know, social
manipulation works. Marketing, like we work in marketing. Like, we know that this works.
It's like we these stories hear about it being used for social and political manipulation,
but it's like we haven't seen in our ad marketing careers the service offering that these like
what I'm trying to get to is that I'm shocked that there's there's not one of these for like rent or like
you can buy media time and have your own bot farm promote your your product social cause
whatever we're marketing because it's like this stuff works and it's like they know it works
and they've been tuning it.
Like Russia, China, Korea, and North Korea,
I've been doing things like this for, I would say,
the better part of a decade.
And it's, they're tuning it.
They're getting better at it.
We now have large language models,
which make it more effective.
They don't have to use as much, you know,
human capacity.
They can use more chip capacity.
It, yeah, it makes sense.
If your goal is to change the perspective,
on something.
So yeah, it doesn't shock me.
I'm interested to see when this stuff starts to impart into our world of like,
hey, you want to promote your social cause?
Like, we can really mess up social media around, you know,
a geographical area for like the next week for $12,000.
Like, do you want us to do that?
And everybody will be aware of it.
So I assume that this will slowly fall from a state-sponsored,
you know, social political manipulation tool to a,
a marketing tool unless these social networks can get ahead of it in some way.
Yeah, like you said, I would assume that probably is already happening on mass.
The day that the BBC or CBC or CNN start talking about how they're doing it with quippy little lines and press blasts,
that's going to be an interesting day because it kind of happened here in the place where you would maybe think it would happen.
because, as they said, farming is a beloved pastime for millions of Russians.
And with that note, we're going to sign off.
On that note, we got Ticketmaster.
We got AT&T stolen records.
We got AI-powered Russian bot farms.
It was a fun one.
Beat the heat, Scott.
Stay cool out there.
Stay hydrated.
Yeah, you too.
And if anybody's looking to jump into a nice summer visor, be sure to check out store.
dot hackpodcast.com.
If you've got any interesting tales and stories of cybercrime hacks, technology manipulation,
anything fun and exciting that you want to share with the group, hotlinehack.com.
Has there anything else that we need to hit before we sign off?
I think that's everything.
Thanks again, all.
I think thanks for making it to the end, and we'll catch you in the next one.
Take care.