Hacked - US Soldier Arrested for Hacking + Honey Plugin Scandal + Listener Creates Bitcoin Pizza Website
Episode Date: January 16, 2025We have a bunch of stories to get to, but before you listen, check out our new Youtube page we'll be putting a lot of love into in 2025: https://www.youtube.com/@hackedpodcast and this very useful sit...e a listener made based on our last episode about an extremely expensive pizza delivery. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
I had this whole intro story written for this episode.
And it concerned a 20-year-old U.S. Army soldier arrested near Fort Hood, Texas recently, accused of being Khyber Phantom.
A hacker who leaked sensitive call records amongst that stolen data logs of the then-two presidential candidates.
It's a fascinating tale. We're going to get to it.
And then I remembered something that a listener sent us after the last episode.
and I think we got to start here
with a little website
called How Much Did the Pizza Cost.com?
How much did the pizza cost, Jordan?
Oh, well, why don't we go ahead and refresh it and find out?
So for anyone that didn't listen to the last episode,
or maybe he doesn't know, there's this thing called the Bitcoin Pizza.
It's the first commercial transaction ever done using Bitcoins.
Laslo Hangyx, Florida man, agreed to pay 10,000 Bitcoins
for the delivery of two Papa John's pizzas.
Goes on a Bitcoin forum.
It says, quote,
I'll pay 10,000 Bitcoins for a couple of pizzas,
like maybe two large ones,
so I'll have some leftover for the next day.
British guy takes him up on the offer,
bought the two pizzas in exchange for the 10,000 bitcoins.
It's the first commercial transaction using crypto.
Pretty famous.
People like to talk about it.
We talked about it on the show, didn't we, Scott?
We sure did.
And...
And...
And...
One of our listeners and one of our Discord members, whose name is Asher Parasini.
Asher Parasini made How Much Did The Pizza Cost.com, which you can visit at any time to see how much that gentleman paid for those two pizzas.
And it is currently...
Oh, no.
Do you want a reader or do you want to be able to do it?
Yeah. So at the time of the original purchase, it was about $41 worth of Bitcoin.
And at time of recording, I'm just going to refresh it.
That is 915 million, 529,600 U.S. dollars for two Papa John's pizzas.
That's right.
If you want to know how much did the pizza cost, you can go to how much did the pizza cost.com,
which we joked in the show.
Surely someone must have made a website where you can track how much the pizza cost.
something like How Much Did The Pizza Cost.com?
We were just really excited that Asher hacked this site together.
It's 2025. It's a new year.
It's a year of taking wacky ideas and making something out of it.
So we're going to start here with How Much Did The Pizza Cost.com?
And then we're going to work our way backwards to crazy hacks and browser plug-in scandals
and all manner of interesting hacked stories on this episode of Hacked.
Scott, how is your break?
Fantastic.
Glad to hear it.
Fantastic.
Yeah, it was really good.
I actually, it's been really sad because we were, for the first part of the Christmas
break, we were actually down in California.
Oh, jeez.
And we were in the Pacific Palisades, and a lot of the places, like, we stayed in
Brentwood, which is currently being threatened by the fires as of date of recording.
Oh, yes.
And lots of the places.
places we were, Topanga, you know, Pacific Palisades, Edges Santa Monica are all currently burning
or have burnt. So heart goes out to all of those affected by it and tragic, tragic loss of a
beautiful part of the world, honestly. Yeah, my partner was down in L.A. kind of near the end of last year
as well with a friend, just sort of turn around and hanging out with folks that she knows there. And
there's a lot of hope you're okay text messages going out over the last kind of week and
there's I know folks to listen to this show that live in that part of the world so
if you've been affected by this or you know someone who has hearts go out to you it's
it's just brutal yeah what else how was your break mine was fine
comparatively speaking it was it was it was good uh it toured home like kind of came home
saw got to see a bunch of people which was really really nice uh and then we
came back here with just enough time to like couch,
veg out, relax a little bit.
Recovery.
Recovery and get ready for what is like a very exciting,
but a nice, dense year.
A lot of things going on.
A lot of things like Hacked is now on YouTube.
Hacked is now on YouTube.
Part of the reason I wanted to open with the story of how much did the
pizacost.com top five website immediately added to two bookmarks,
was because we had spent, you know, a little bit of time before the break hacking together something ourselves.
We're just trying to make things and put them out in the world and see what it does.
And one of those was a YouTube page of the show.
In order to do that, we didn't want to just slap the album art on it and upload it.
We wanted to do something a little bit more interesting.
So we worked with a collaborator and friend Nick, who cracked open a piece of software that I hadn't really worked with before called Cavalry.
Yeah, we, I wrote a Python script that took the RSS feed, compiled all of the relevant information in the audio files into an Excel spreadsheet, CSV.
Nick was then able to load that into cavalry.
He built out a bunch of animation loops.
So actually what you're seeing in the YouTube animations is real video footage that has been kind of broken down to a grayscale version of itself.
and then Asky art re-rendered as Asky art
with different characters representing different blocks of the grayscale.
So we managed to automate the process
and we managed to animate 100 back episodes.
So we've been releasing one a day.
I think we're on five as of time of recording.
If you are a fan of the podcast, a fan of us,
if you want to help out, please visit YouTube.com
slash at hacked podcast, sub, watch some of the videos,
some likes, we would appreciate it greatly. The URL again was YouTube.com slash at Hacked Podcast.
But we're trying to get to partner status. We need a thousand subs and everyone helps. So if you
have the ability to, we would greatly appreciate you taking the effort. Right after you visited
how much did the pizza cost.com, you can use that same tab to shoot over to YouTube, give it a
like, give it a sub, click the bell for the notifications. And yeah,
We've been putting out one a day just in the back catalog episodes.
Something that some people don't know, and most people don't know, I would say,
is that Jordan and I have been recording the more recent episodes with video.
And we're trying to figure out what we're going to do with that to release actually like a video version of the podcast,
as well as we've been working on some ideas and stories for some unique content pieces that will be coming in the new year.
So the YouTube channel is something that we're going to be putting a lot of events.
effort into, so we hope you take the time to join us on that journey. Yeah, you guys did an awesome
job. It looks fantastic. Like, if nothing else than to see a really, really cool visualizer made
with some, like, neat, newish tech. It's definitely worth checking out, hacked podcast on YouTube.
You'll recognize the album art. It's a lot of fun. And yeah, I think it could be a, I'm really
excited for it. I think it's going to be a fun project in 2025. Yeah, same here. Same here.
But in the meantime, presently. We got some.
stories to talk about, Scott.
Nothing's happened.
Nothing's happened.
Nothing's occurred.
The world's the same as it was like four weeks ago.
Totally.
There's like, so there's some more urgent news type things.
But there was this one story that I bumped into over the break.
CREBSOn Security did a bunch of really cool reporting on it.
It was touched on by a couple other sources.
It ties back to a bigger story from last year.
And I want to dig into it a little bit.
If for no other reason, then it was going to be the intro story of the episode,
replaced by the far more urgent
How Much Did a Pizza Cost.com?
Pretty recently, at the end of last year,
a 20-year-old U.S. Army soldier was arrested near Fort Hood,
accused of being Khyber Phantom,
a hacker who leaked these sensitive call records
inside of which were calls for Kamala Harris
and Donald Trump.
It was a big story.
Weeks earlier, another hacker,
Connor Riley Muka,
known as Judiche or Wifu,
we've talked about him before, they all have many handles, was arrested up here in Canada.
Muka was accused of breaching over 160 companies, including Snowflake.
It's a hack we talked about on this show.
There are cloud storage service used by major corporations around the world.
His attacks exposed to tens of terabytes of sensitive data, telecom records, financial information.
It's a big breach of 2024.
According to investigators, including some really fantastic reporting from Krebson security,
there is a connection between the two of them.
Before his arrest, but after Mukas, Wienius reportedly admitted to his mother,
you know that guy on the news that we keep hearing about at the heart of this giant breach and hack and arrest?
I know him.
He was allegedly distributing stolen data as part of the same sprawling cybercrime network.
and when Muka got arrested, their paths got even more tangled up in each other.
And it becomes something bigger than a story of just the two of them as individuals.
You've got this soldier trained on secure communications and a Canadian with a reputation for, I guess, extortion and cybercrime,
kind of orbiting one another in this really fascinating way that reveals all this stuff about systemic weaknesses and telecom security.
2020 kind of kicks off.
that's when Muka, Kitchener, Ontario, he's already kind of a prolific hacker going under the name Judeesh.
He specializes in data breaches, extortion.
He's targeted over like 160 companies by that point, allegedly, major names AT&T, ticketmaster, and, as we mentioned, Snowflake.
Then you've got Cameron.
He's this tech-savvy Minnesota native, joins the U.S. Army as a communications specialist.
He's managing radio signals and network infrastructure stationed in South Korea.
The fascinating part of this story is, oh, there's a soldier doing this on his spare time.
For anyone that doesn't remember the 2024 Snowflake breach, a cybercrime group called UNC 5537, starts targeting accounts on Snowflake, this cloud storage platform.
They exploited stolen credentials obtained through an infostealer malware to access a trough of corporate and government data.
Muka was allegedly the primary orchestrator.
He accessed the sensitive information outsource some of the stolen data's distribution to associates, like allegedly, with genius.
What a name.
What genius.
Write the name.
It's got with genius, write it.
It's got genius in it.
He was destined for something big.
Yeah.
Is he to a genius what Walaigi is to Luigi?
That was, and that's not even meant as a dig.
It's more just an observation of the Waw prefix.
I like your, I like your assessment.
I appreciate that.
So news of Muka, the Canadian's arrest, goes live, and Cameron Wagenius under allegedly this
alias Khyber Phantom makes a pretty bold move, which is where we start to see the connections
between these two.
He goes on breach forms and he claims to have a bunch of AT&T call logs tied to Donald Trump,
the then vice president.
He does a post that says, in the event that you do not reach out to us at AT&T, an American
news network, all presidential government logs will be leaked.
It was signed with the hashtag, hashtag free wifu, in reference to Muka's recent arrest.
Wegenius then posted what he claimed was a data schema from the NSA via AT&T and started
offering like Verizon push to talk call logs.
He's just, he's on a sales push essentially after Muka gets arrested.
Marketer.
He's marketing for this whole operation.
He's a genius marketer.
He's a genius marketer.
So in November 26th, Krebson Security, which is,
kind of where I started reading about this,
identified that this Khyber Phantom character,
this Walloichi of marketing for this larger operation,
as likely being a U.S. Army soldier.
Despite some efforts to delete pretty incriminating Facebook content,
Krebs' digital forensics tied Wigenius' activity to his real identity.
There were telegraph messages where Wigenius was claiming to maintain a botnet
that had some connection to this.
There were just small little strings that they started to put.
pull on, bringing us to this moment now and why we're talking about it. December 2024, right before
the break, the arrests. Cameron Wagenius is arrested near Fort Cavazos, Texas, charged with
unlawful transfer of confidential phone records. It's a fascinating story about these two guys of the
same generation, but from two totally different backgrounds, a Canadian and an American soldier,
who found each other in this ecosystem of online sites and worked together. And there's a real sense
that Wigenius was like pretty upset when Muka got arrested.
Maybe potentially because of what it foreshadowed for him, but also just because these guys
worked together.
They were doing this giant operation together and it started to fall apart.
It's a fascinating story.
Well, did, did his bragging to his mother lead to what got him arrested?
I didn't see any evidence of that.
The only reference I could find to Wijinius's mother was that original piece of reporting
from Krebs.
I keep bringing him up because a lot of different platforms.
forms covered this story.
There's a ton of other sources about Muka and a bit about a genius,
but he seemed to be the guy who went to the source and found that connection.
And that specific part of it,
Loflake,
isn't a direct quote.
It's alluded to that there was a reference,
but the text itself I don't think was provided.
So I don't think there's any evidence that his,
how do I put this,
his mom narked on him,
but in retrospect,
it was,
See, the thing for me is, like, I feel like we could build a, like, a wall of hubris
and just, like, all of the cybercriminals that get brought down not by their own, like,
misdeeds and, like, their, you know, inability to cover their tracks,
but actually just get brought down by bragging about it.
I remember the one that always pops into my mind was an episode from last year,
Alexander Zhukov, the self-proclaimed king of ad fraud.
Yes.
Can you guess what he got to?
taken down for?
Like, it's those kinds of things where you're like a couple mill deep into a thing and
there's no scent of law enforcement nearby.
It's like, I would imagine that the people who do this persistently for decades are the
folks that are able to suppress those instincts to not.
And again, Wigenius was picking fights.
There's a cybersecurity researcher who spoke a bit about this, Alison Nixon from Unit
221B, who, as you had a great quote on this, it was anonymously extorting the president
VP as a member of the military is a bad idea, but it's an even worse idea to harass people
who specialize in de-anonymizing criminals.
And that's what you see in the tone of this is, assuming Wugenius is Cairo Phantom,
he was bringing a real, like, internet gaming shit poster dialogue style of like kind of like
scrapping over the internet to a breach forums post about like very, very, very high level
serious cybercrime. And if nothing else, that's not a good idea on like an emotional level.
It's like you're just, you're bothering them. Like that, that mode of communicating is to
bother other people and maybe don't bother them because you are doing international crime.
You're inciting your own downfall.
A little bit. Yeah. Yeah. Fascinating story that we were going to open on, except
We didn't.
The pizzas.
The pizzas, Scott.
10,000 Bitcoin for pizzas.
We're just going to keep looping on that all year long.
Just keep looping on it.
Yeah, it's just you can't get away from it.
No.
One billion dollars, round it up to one billion.
I feel like that's...
We'll round it up to one billion.
We'll round it up to one billion.
Where should we go next?
I feel like one of the big things that I saw a lot over the Christmas was the fall of honey.
Yes.
I think we got to talk about that one.
one. Have you ever used, honey? No, because I would never. This is falling into those, like,
there's another, another story that broke over the holidays is kind of related to this.
It was somebody leaked a list of common applications on your cell phone that are actually
just selling your personal tracking information, like your location data. Oh, sure. So it's like,
I feel like Honey was the OG of that, you know, like the second I saw Honey, I was like, this is just a company
that's stealing my data. And so.
selling it. And I was like, I'm not going to install this. Like, it's demanding access to all of my
browsing history, my live browsing pages, all this stuff. I was like, I know what this is doing.
Yeah. And I was like, I'm not getting it. And now they're in trouble. Surprise. They,
sure are. They were, it's interesting because my joke, we make internet content and we read ads
sometimes. And my joke, whenever I'm talking to people about my job is all just like randomly
pepper in a reference to like brought to you by some drop-chipped mattress company that I won't say.
But I feel like Honey was really the pioneer of that.
Like Honey was one of the first major brands that was sponsoring online creators.
And that's why we all know about them even if we didn't use it.
They were huge in that ecosystem.
And it makes the nature of the alleged fraud all the more fascinating because they weren't, like to your point, they might have been stealing customer data.
But that's not why they're in trouble.
They were in trouble for what they were doing to that ecosystem of creators that they were in a very real sense, kind of pioneers of.
Yes.
I feel like this is going to open up like a philosophical conversation about as content creators and content creation grows, as this ecosystem gets bigger, how much liability do the content creators have for their partners and advertisers?
You saw this with FTX.
like Larry David got sued over the FTCS scandal and it's like he was just in a TV commercial.
He was an actor paid an acting fee to show up and read a lines.
And next thing you know, they're like, you are part of the problem.
Like I'm suing.
I'm naming you in my lawsuit because you convinced me to open an FTCS account.
A YouTube creator called Megalag posted this giant YouTube kind of essay breaking down what Honey is allegedly doing.
It resulted in sort of a cast.
of other content creators posting about it.
For anyone that doesn't know,
Honey is essentially a coupon browser extension.
The idea goes,
you install Honey,
you go to a website to buy something,
you click a little button
and it goes and finds the best coupon code on the internet.
What Honey is being accused of doing,
it kind of has two different parts to it.
If anyone's interested in this,
the Megalag video is really good.
It's worth watching.
Suffice it to say,
there's a bunch of content creators who are now suing PayPal, Honey's owner. Honey hasn't been found
guilty, but we'll dig into why. When a content creator forwards someone to a website to go buy
something, typically they get a cut. It's a pretty big part. We don't talk about products on the show,
but that's a huge part of like the internet content creator economy is just forwarding people
to sites where they buy something and then the content creator gets a cut. The first of the two
things that Honey was allegedly doing is stealing that affiliate revenue. So they're
paying content creators to tell people how great honey is. And then if at any point in the future,
the viewer of that piece of content is installed, honey, and they get a direction from that original
content creator saying, yes, I am going to buy this based on your recommendation. Honey, at the very
last second, does something called last click attribution where they scoop away the money that would
have been going to that original content creator and they claim it themselves. This is the first major
part of what Megalag was talking about in the video as Honey is doing that was a little bit duplicitous.
Most people didn't know that for years they were using this plugin that whether or not they
clicked on the coupon code, whether or not they used anything.
Like the second it was installed, all of that referred like money that should have been going
to those content creators was now going to them.
The second part of it had more to do with what the promise of the product actually is,
which is that we go and we find the absolute best coupon code on the internet for you.
That's the reason you install it.
There's a little bit of a deal between the user and Honey.
And it turned out that Honey had something called a partner store system where brands could go directly to Honey and say, and we're rounding off a lot of detail here.
Don't serve them the best coupon, please.
Serve them this coupon and we'll give you 5% kickback.
Provide a different coupon for less money.
Provide our preferred coupon.
I'm guessing this is on a case-by-case basis between the companies and Honey.
But between the fact that Honey was engaged in this,
last click attribution system and the fact that they were selling people on finding them the best
coupon code. But if you paid honey, they wouldn't. That's sort of why the whole thing melted down.
And now you have a bunch of people suing honey. A bunch of high profile people.
Really high profile people. I think Legal Eagle, if anyone is familiar with his stuff, it's great.
Good content. You should watch it. Marquez Brownlee posted a big long video about it.
I think Linus Tech Tips. These aren't folks necessarily involved in the law.
but they've all posted some piece of content saying, boy, sure does suck what Honey did.
Yeah, it does.
We, uh, we, uh, here at HACT, we only read ads.
We have not had any kind of deal like this, but I could see that being a massive thorn
in someone's side, especially when so much of their audience, so much of their, their, like,
credibility went to pushing something.
And then to have all of the rewards of that execution.
to be taken away is ad fraud, king of ad fraud.
How exactly you got.
Allegedly.
It's alleged of ad fraud.
Alleged ad fraud.
There's a lot of alleges in this episode.
One thing that isn't alleged that we think I can just talk about,
trying to work through stuff that happened over the break.
Are you familiar with a technology product called, I want to make sure I'm pronouncing this right,
Cyri?
Do you want my phone to go off?
Is that we trying to?
trying to avoid everyone's phone going off by saying it wrong.
Apple's intelligent assistant.
Yes.
The one that's on your phone and watch and laptop.
Yeah.
S-I-R-I.
S-I-R-I.
I think I've avoided triggering it both times.
I have noticed over the break I was doing some research on some smart home stuff,
and a lot of it talks about Amazon's smart home system,
which has the name Alex.
And I notice in all of the content, everybody that reads that word, they like dub it down 40 decibels so that it doesn't trigger all their devices.
So I think we have to do the same thing here.
It's S.
Erie.
S. Erie.
S. Erie.
Well, Apple has agreed to a $95 million settlement with users whose conversations were captured inadvertently by a voice assistant whose name we will not mention and potentially overheard by human employees.
Proposed settlement.
It's been reported on a little bit.
I think Bloomberg broke the story.
Could be paying U.S.-based Apple product owners for up to five Siri-enabled devices, $20 a pop.
It still requires approval by a judge, but it's a pretty big story.
It's not all iPhones, but it's a very large subset of U.S.-based people.
Because it's iPhones, iPods, iPads, Apple Watches, MacBooks, IMAX.
Their whole product line has this thing woven into it, 20 bucks of pop.
$20, $20,000, $90,000 to $8.000.
Apple is like a rounding error. The currency fluctuations between European and US dollars on a daily
basis are way more than 95 million in their in their books. So it's it's I would call this negligible,
which is funny. Only 100 million negligible to them. Yeah, totally. It's, you could call the slap on
the wrist, but you would notice a slap on the wrist. Yeah, exactly. It's a class action lawsuit
brought against Apple. There was a report in the Guardian in 2019, which alleged that, uh, third party
contractors hired by Apple could quote regularly hear confidential medical information drug deals
and recordings of couples having sex that is pulled from the original guardian report
when they were working on Siri's quality control specifically. Siri is supposed to be
triggered by a deliberate like wake up oh I just triggered her get it it's supposed to be triggered
by a wake word like I just used the whistleblower in this guardian report that led to this lawsuit
alleged that like accidental triggers are extremely common.
The one that I liked was the sound of a zipper.
Sounds enough like saying that word that it could wake her up.
And then suddenly you have whatever audio it's receiving being kicked on over to Apple,
where it is in some cases allegedly handled out to third-party contractors.
And Apple might notice if they lose this lawsuit.
They might not notice if they lose this lawsuit.
They probably don't notice.
I think as long as their stuff with the Federal Trade Commission goes well, they'll be just happy.
I, and I bet it does, and I bet they will for a bunch of reasons.
Why don't we...
Why don't we kick it over to the Adelausis?
And then when we come back, I think we've got a big old location data breach to talk about,
as well as just a really, really weird story set into school.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere, saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora superintelligence platform, a fully agenic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
and the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate,
agents that respond at machine speed,
and hundreds more that automate the repetitive work
that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works
with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform
so every AI-driven decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year.
year for major breaches, from sophisticated ransomware operators to AI-enabled attacks that
turned defenses on their head. Organizations around the world saw headlines they never expected
and cybersecurity teams were tested like never before. But here's the thing. These incidents
aren't just news headlines. They're learning opportunities. And that's why Arctic Wolf is hosting a live
webinar on February 5th diving the most impactful breaches of 2025. Their field CTO and security
leaders are going to unpack not just what happened, but why these attacks succeeded. And most
importantly, what businesses can do to fortify their defenses for it's too late. You're going to
walk away with real insights into how threat actors are evolving, how defenders are responding,
and what strategies can help you stay ahead of the next big breach. It's not fear mongering.
It's practical, actionable, intelligence from experts in the trenches. Register now at arcticwulf.com
slash hacked. And we're back. And we're back. Here we are. Learning together. Speaking of learning.
Arizona State Board for Charter Schools just before the break.
It was December 19th on a sleepy little Monday.
By a 4-3 vote, they approved something called Unbound Academy.
It's a private school serving grades 4 through 8.
And I wanted to talk about it because they approved a fully online AI-based instruction.
So there's going to be kids throughout Arizona getting taught pretty much entirely by chatbots.
It's already running in Texas.
Which is how it got approved.
So cool.
Love this.
Yeah.
So a two-hour learning model, I think they're looking at going to Arkansas and Utah as well for this, which is like great.
Why not?
Why not?
But it's apparently it's largely AI driven.
The curriculum is constructed, but it uses a lot of Khan Academy, I-Exel, other like online resources for the actual training pieces, which is good.
There's still humans in those.
If you've ever done a Khan Academy thing, which I have, they're pretty good.
Yeah, they're fine.
Pretty good.
Yeah, no.
So, yeah, like you said, they use something called a two-hour learning model.
Kids are getting two hours of, like, traditional academic instruction daily.
They've taken a bunch of content from things like Khan Academy, I Excel, and they've processed it through an AI system.
It seems, just based on my initial reading of this proposal.
And then they have AI's analyzing students.
responses, the amount of time they spend on tasks, even they describe them as emotional cues
in some of their documentation. There's a private school in Texas run by and bound. The Alpha
School. The Alpha School. It claims that students learn twice as much as traditional school students
despite limited academic hours. These are starting to pop up all over the United States.
It's basically just trying to figure out like how much time can a student not be in front of a teacher
and instead be talking to a chat bot that was trained on real teachers through service.
like Khan Academy. I don't really know what to do with this story. Other than to say I'm very
infrequently, I don't feel like doomered, like I don't feel black pilled or anything by tech
stories all that often. I think it's a, it's a slow march and it is what we make of it. But man,
there's something about kids in a classroom getting taught by chatbots that just really
bums me right the fuck out. I don't like it one little bit. Well, so, so this is an interesting
one for me because I'm surrounded. Like a lot of my in-laws are all teaching. They're all,
education people. And when COVID hit, we had really intense philosophical conversations about
learning. And for me, like, and this is going to be putting a foot in the risky category,
but it's like there's been nothing disruptive in the educational space for a long time.
You know, the educational space is a public service that's largely controlled by massive,
powerful unions that any disruption to it would affect their membership base. So they don't want
major disruptions. I can see the look of uncomfortable coming on your face. But in reality,
that system hasn't evolved much. It's been the same since our parents and our parents' parents
were students. And in reality, we know way more about the way that people learn. Different
children learn in different ways, different children recall in different ways. And the system
hasn't been really truly modified at a systemic level to affect that. So it's like I am actually
a large fan of us disrupting and evolving the education system because like it didn't work for me.
I was like a high performing student that got good grades, but like I didn't need to be in class
for those grades. Class, I was a disruptor in the class. I affected other kids learning.
Where if you've given me, if you've given me something like this, two hours a day,
to just brutally consume information,
I would have loved it.
I would have crushed it.
And I would have the rest of my day
to go about my pursuits and hobbies
and activities and cybercrime.
Sure, doing crimes.
I hear you.
So for me, it's like I'm more pro on this issue
than I am dystopian about it.
I think that there should be,
that the education system does need some disruption
to be better suited to handle all.
of the different types of learners in it. Because I feel like it's structured for like the lowest
common denominator baseline student where I think that we see now that there are so many different
ways to teach and distractions and kids that have anxieties and different things that impact their
learning. Not even that. Like I would say that I've carried that into my professional career. Like my
most effective hours are between 9 p.m. and 1 a.m. So it's like I save all of my like hardest most
most brain tasks till 9 p.m. at night. And I happily work those hours because that's when I'm
most effective at writing, you know, doing advanced thought, things like that, because my brain
slows down enough for me to focus on it. And the same thing went for school. Like, I was never a
great student. I had good grades, but I was never a great student. The larger point that a one-size-fits-all
educational system for kids isn't good is like, couldn't agree with you more. I think we've known for a
really long time that trying to fit, heck, 30 kids into the same box doesn't work. And then you
scale that to the level of a school, a school district. Kids fall through their cracks.
And hopefully they're shrewd enough to fall in kind of the right direction.
The idea that there hasn't been disruption, I'm fascinated by that. Because on one hand, yes.
But that word gets used in different ways, right? Like there's the business way that we talk about
disruption and then so maybe it isn't disruption maybe it's natural evolution teachers google things
and use AI in their own like work processes in ways that are completely unrecognizable to when
I went to school and there were things teachers doing that were completely unrecognizable when my
parents went to school I'm not sure that a move fast and break things approach to pedagogy
like in situ with kids is like I don't know that we I don't know that we I don't know that
that is the mode for how that progress should take place. I think it, I think it should be more
incremental. Yeah, but like the one of the things like so in in Canada, the province of Ontario,
yeah, had spent 10 years building essentially an online content delivery education platform for
students to be able to take courses from wherever they wanted to, etc., etc. That system was
never implemented, even though it existed for 10 years until COVID hit. The second COVID hit,
they turned it on instantly because they're like, well, we have a solution to this new problem
of kids not being able to come to the classrooms. And it had spent 10 years on the lamb because
the unions wouldn't allow it to happen because it meant it might affect educational assistants,
teachers and other roles that were unionized, which causes essentially an inhibitor to evolution.
I totally hear what you're saying about the existing system slowing down that kind of evolution
or progress.
I don't know that a race to reduce costs using this technology is the way to get over
that hurdle, which you've correctly identified as a hurdle.
But the last thing, I want to bring this up because I think this matters so much.
I also bristled at parts of my educational history.
Like there were things that I was really good at, and then there were parts of it that I wasn't
at. Some of it had to do with authority of teachers. Some of it had to do, as with all students,
with other students. I think that if there had been a system that someone could have just said,
you know what, let's let him avoid all of that friction. Let's let him just, he just talks to a teacher
for two hours and the rest of the time he's just using this software that's this nice, and it goes,
wonderful software, the bots talking, it knows everything, it's trained on the best experts.
There's videos here that explain the details. That's great.
I would be such a, like, this is just me I'm talking about.
I think I would be, like, deeply stunted in a bunch of ways.
Because having to learn, I'm an only child.
Like, I had to learn to be around other kids.
Yeah, yeah, yeah.
I had to learn to talk and engage with adults that weren't my parents and, like, butt up against them.
Like, it's something about that.
It might be that the educational content could be just as good.
It's that.
I'm like, ooh, that one stresses me out.
I don't disagree with you.
Like, like, when you come to the realization that the educational system is like a socialization system as much as it is an education system.
But the thing for me is, like, I think that that's a case-by-case basis.
Like, I get that you were an only child.
And I'm not saying that we should, like, this is the thing.
No, you're not defending it.
You're not defending this specific thing.
No, but I like the idea of advancements in educational delivery because I think that truly people don't.
don't understand, or like people do understand, they're just not adapting for it, but,
but the learning models that work for you might now work for me and learning models that work
for me wouldn't work for Johnny. And that's fine. It's just, the system should be able to adapt to
it. Like, like, one of the things that gets me is like, the removal of, um, like high,
like high performing students, like, I, B and AP education programs and stuff. Like,
Like if you are a shooting star of a student, the system should have a runway for you.
And I hate that those runways seem to be going further and further away.
Like they seem to be removing more of them.
And I just don't think that's great for society.
I think that the all-stars in society, the people that were born with the genetic ability to do highly academic functions should be harnessed and utilized by society.
like you know there are there are going to be a large creator of utility in society and they need to be
identified early and adapted and anyway i just i have strong strong opinions on this no i find it fascinating
um this feels like uh i mean i'll call there's two things there's what i think this is which is a
frantic rush towards austerity at all measure at any cost and boy we can sure replace a lot of
buildings and human beings with bots and whether or not those human beings
have organized themselves in a labor context.
It's like, oh, I don't think that's good.
I don't think this is where we find those austerity measures.
But systems like this, I feel like I had teachers who, again, figured out the ways.
I don't think that being exceptional is like a single stat slider in a video game.
It's like there's a myriad of ways people can be great at things.
And it was teachers recognizing the things that I was good at that made me different,
that had a really big impact on me.
you had good teachers. I did have good teachers. I would say that I had the opposite. I had some
shit teachers. I had some really shitty teachers, but it only takes one. Yeah, agreed. There is a world in
which, and I know I'll have a lot of teacher friends, and they're using AI in ways that, to me,
is interesting and compelling. Like, they're just using it the way that we use it as a tool. It can
expedite certain processes. Well, knowing a lot of teachers and seeing them plan coursework, I would say that
they're just doing what the AIs are doing here.
Like they're putting a Khan Academy video up in their classroom and being like, watch this
and learn how to do fractions.
In a very brief small part of their job, they're able to use these tools.
But to say that the tool is then doing their job is like, nope, that's a bad conclusion
based on the previous point.
I agree.
I do think that the, like for me, I don't see this as a race to austerity.
I don't see this is a way to get rid of bodies in a building.
I see this is another form of delivery.
Like you got to imagine, like say there's an exceptional athletic student who's been identified and he's going to be the world's greatest lacrosse player.
But his becoming the world's greatest lacrosse player requires physical training, sport training, sport specific training, all these other things that consumes way more time.
And if he was going to be spending seven hours sitting in a classroom like you and I did, he would never achieve that goal.
where here they can give him a concentrated version of his or their curriculum.
They can learn the academic things,
which allows them to go pursue the other goals that they're gifted at.
And to me, like I see that as more of where this is,
is like opening up time and space to pursue greatness in other regions
while still meeting the barriers and bars that society holds as norms for educational and pedagogy.
It's hopeful.
Yeah.
I sure wouldn't want to got taught this way.
I would have liked it.
The thing for me that this would have, like even for my personal story, like as of grade 10,
I went down to a three-hour school day and I worked the rest of the day.
Like I worked in tech.
I built educational online course delivery systems for universities.
And it was like, you know, that was when I was like 14, 15 years old.
So it's like this, to me, would have been great.
Like if I could have got my entire school day done by 10 o'clock in the morning and worked
from 10 till 6, I'd have been ecstatic.
But I guess this isn't a story about a tool available to a tall poppy or whatever it is.
This is a story about school boards seeing if they can administer this at scale with no
mind towards whether or not this is going to be good for kids.
Totally.
To me, that's where it feels like it's not about a custom-built learning opportunity for a
specific kid and it's like, what can we get away with?
See, this is why you're the pest.
It's weird that I get to find myself as the optimist role in this podcast so often,
but for me, it's an optimism.
Like, even right in their statements, they say that the theory is that you spend less time
on your traditional curriculum to free your rest of your days up for life skills stuff,
which they also train, be it financial literacy, public speaking, goal setting,
entrepreneurship, critical thinking, creative problem solving, and other, like,
what I would consider to be more.
exciting topics than the traditional like pedagogy of the school. So so for me I'm optimistic
about this. I like I think this is it could be a huge failure and if it is at least we tried.
There's more lost in indecision than a wrong decision in my eyes. So I'm happy I'm happy people
are trying new things and looking at different things to to better adapt and suit for every child so
that every child gets the best quality education for them.
We're agreed there.
Okay.
I'm hopeful.
I'm always hopeful.
I'm optimistic.
Hmm.
The, um, well, we're, well, we're ranting about AI, uh, I did see some less, well,
in the exact same similar light, you know, optimism, pessimism, uh, the
Zuck, uh, put out a story.
It might have been in his interview on Joe Rogan.
I haven't watched it.
I don't know if you've seen it.
Yeah.
I really need to watch it just from like a social understanding cultural perspective.
But apparently they're finding AIs to be as good as most of their mid-level engineers.
I saw this.
And they're looking at ways to essentially integrate AI into their engineering core and reduce their headcount on engineers.
That's a wild thing not to be trying to do.
It's very intuitive that you would try to do.
a wild thing to say publicly.
Very much so.
To me, to me, I actually think it's not, like, having used AI to facilitate development.
It's like, I've said it before in the show.
It's like a junior programmer.
Like I'm like, write me a function that takes these inputs and outputs these things and checks
these condition cases.
And it's like, here it is.
It's like, that would have taken a junior programmer two hours to do and you just did it in
15 seconds.
Sure.
I guaranteed all of their existing engineers are.
already using these tools. Totally.
It's a fast, I'm just curious why a person would go, well, I guess I'm not really curious.
He has shareholders, Jordan. That's why he was going to say. I was like, I know the answer to
this. And it's that you care more about pissing off or rather making happy shareholders than
existing employees.
And so you go on Joe Rogan and you say that. Yeah, that was a fascinating one, is quote,
we will get to a point where all the code in our apps and the AI generates will also be written
by A engineers, AI engineers instead of people engineers.
And this is shortly after meta's,
um,
call it failed rollout of AI bots inside of Instagram,
I think primarily was where it was they had a series of these AI generated personas
and that were labeled to their credit as AI,
um,
that I think we're largely there for like data gathering purposes,
like just seeing how people interact with different pieces of content,
different demographics interact with,
certain types of...
Sure, it's data mining.
Data mining for lack of a better word.
So it's a fascinating one-two punch of that story, followed immediately by this.
Yeah, and then followed immediately by the Open AI whistleblower being found dead in their apartment.
Okay, what happened there?
So there's some engineer who had been three or four years at Open AI left and didn't like what was happening in the for-profited
conversion of the of open AI it started as a not-for-profit converting into a for-profit entity and uh this
young engineer left and was perceiving themselves as a whistleblower i don't know all the details on
it but uh they were found dead in their apartment so you know i'm not sure if it's a Boeing
as situation allegedly yeah open a i whistleblower sucher balaji was a young man's
family believes he was murdered. Yeah, wow. So there's some reporting on this in the San Francisco
standard. His mother has started publicly claiming not only was her son killed as opposed to dying
by suicide, which is what the medical examiner, the city ruled is the cause of death. But that,
yeah, you can assume where it goes from there. That's a rough one. Yeah, there you go. Real dystopian.
Real dystopian. Yeah. And I think he was blowing the whistle.
along where a lot of the data sets had come from and like what the training data they'd been using was so
which i think is going to be the the haunted closet in the AI ecosystem i think you're dead right
yeah i think that we're going to be untangling that for years and it's kind of just this race to like
how woven into the world economy can this technology become before we realized it's built on a
foundation of stolen stolen shit yeah and a big debate about whether or not that is
stealing, which is a fascinating question. I used open AI the other day to, so there's like,
I don't know if I should say this, but it's like open AI, there's a lot of like market research
companies that produce reports on things like, you know, an industry sector spec like like breakdown and
you know, be it marketing finance, trending, you know, all these things. So there's these large research
groups that make these large reports that they then charge large amounts of money for.
It's like we've spent months putting compile of like highly intelligent people doing research
and compiling this data and putting out this report.
It's $5,000 if you want to read it.
It's like, okay.
I asked OpenAI to summarize one for me that I did not have a copy of.
Actually, it started giving me bullet points about the report in other questions.
So I was, oh, you didn't feed it the report.
You just asked it if it knew about the content inside of a very specific, like a dated, like real.
And then I asked it, I asked it if it could give me a very extensive long form summarization of the report.
Leave out no detail.
Leave out no detail.
And it did.
And I was like, this is a $5,000 piece of information that I'm pretty sure they don't have a license to be giving to me on my $9.
a month AI plan.
And it just gave me $5,000 worth of information,
summarized by AI, so I didn't even have to read it.
Didn't even have to upload it.
So maybe somebody else uploaded it and was like,
summarized this for me, and then it became part of its knowledge base.
But that's another, like, if I'm, if I'm, if I'm one of those companies,
I'm throwing up the flags right now being like, hold up.
Yeah.
Especially if, oh, yeah.
There's a really wonderful piece of investigative journalism to be done there.
Because I'm sure that whatever that report was, there's other writing on the open internet about that report.
And you can imagine it having parsed that kind of content.
But what I'm curious about is if there's anything in there that is only contained inside of the original report,
will it produce stuff that is hidden behind the wall that is this $5,000 document that cost hundreds of thousands of dollars to produce, blah, blah, blah, blah, blah.
If so, we found another one.
Yes.
I think we found another one.
Oh, no.
Oh, that's really interesting.
I'm super curious.
Off mic, we're going to talk about what that report is.
Yeah, yeah, yeah.
But if you found any content that shouldn't be indexed inside of an artificial intelligence,
or you have any other fascinating story that you want to share with us,
you should get at us at Hotline Hacked.
Why don't we?
Alignhack.com.
Hollandhack.com.
Let's go throw it in here.
Why not?
Because I'm curious about this.
If anyone out there...
Maybe I'll do that story as...
Maybe I'll have an AI, make a version of my voice, and I'll be on my own online hacked episode.
Yeah, throw it in.
Yeah, send it through the email.
Oh, that's a good one.
All right.
Okay.
Why don't we wrap it up with...
Just like a big old data breach?
Sure.
Let's do a big old, just a nice...
Classic.
Nice data breach.
Just a classic one.
Yeah.
This one's fascinating because it's locations.
Extremely, extremely specific locations.
It's great.
You can put them on a map.
You can see where stuff is that you shouldn't.
Gravy Analytics, a major location data broker in the States suffered a data breach exposing
location data of millions of people.
The alleged hacker published samples of stolen data from consumer apps, fitness apps, dating
apps, transit platforms.
There were tens of millions of location points revealing where.
individual users of these platforms live, work, travel.
The breach occurred.
There was a misappropriated key in Gravy Analytics, Amazon Cloud environment, January 4th,
the hacker contacted Gravy Analytics directly, saying, hey, you got several terabytes of data.
We got it.
It was posted on a Russian cybercrime forum.
30 million location data points leaked so far, including sensitive sites.
To say that the location of the White House was leaked,
or the Kremlin is a little bit silly,
but they're sure people in those locations,
some pretty high-risk stuff.
And again, these are dating apps in some cases,
information from Tinder, grinder,
information from flight radar.
Though these companies are denying direct ties to gravy,
the original aggregator of this stuff,
the data sure seems to be in there.
Yeah.
So funny enough,
I actually talked about this exact data hack earlier
when I mentioned all of the apps that track data started getting on fire.
Yeah.
Oh, with honey.
It was because of this.
No shit.
Because of this data breach that they linked all the apps up and they could figure it out.
Yeah, I could see Gravy Analytics not being the person that they have the licensing
agreements with, but I'm sure Gravy Analytics licenses that information from whomever they have
the licensing agreements with.
So.
Yeah.
Yeah.
There's a, they rely on something I find this interesting.
It's called bid stream data, which I hadn't heard of this term before.
It's data that's exposed during ad auctions.
So the vulnerability seems to have been where if those sites have ads inside of them,
the auctioning process, I guess is how they-
grabs the location data.
And that seems to be sort of where it came from.
There's a lot missing in that explanation,
but it seems to be rooted in the ad side of things,
which again brings us back to ad fraud, king of ad fraud.
A friend of the show, Alex Sukoff.
He's not a friend of the show.
Yeah, it's a fascinating story.
And just like it, we hit a point where we kind of just stopped talking about like more data got leaked.
Like there needs to be more to it than that.
But this one was interesting, I think, just because of the location side of things.
And there's sure going to be more of those this year.
Yeah.
I think like we talked extensively about location based advertising in a previous episode of which I cannot recall the number of watch for it on the YouTube channel.
YouTube.com slash ad hoc podcast.
The
The, the, this to me is like a whole thing.
You know, like it's, I don't think people fully grasp how much advertisers know about them.
And that's speaking is somebody who works with this data in advertising.
It's, it's truly dizzying.
And a lot of it is, I think there's a lot of people that have a sense of like,
you know what, I use this app and I don't pay any money for this app.
So presumably my data is being used to pay for this app.
And I think a lot of people understand that.
A shit ton of people don't understand that.
And that sucks.
Everyone should understand that if you are using a lot of these services that you are basically paying with your private data and that that's the deal you're making.
And that deal was unpacked across 300 pages of terms and conditions that you certainly didn't read because no one can read all of that shit.
but that is the deal you're making.
Yeah, and like the behavioral analysis on your locations.
Like how much do I want to unpack here?
So like if you have location services on your phone,
you have one of these apps that tracks your information
and sells it to advertising data brokers,
a little bit of analysis tells them where your home is
because the device is often there, especially overnight.
then I can tie that to census data and other, like, statistical information to figure out, you know, what the average household income probably is.
I can look at your frequent stops.
Like, you know, so the thing is like the double-edged blade of location information is that it's not permanent.
Like, it's not real-time tracking you.
So it's only when you get a ping.
So, like, if you have notifications on on your apps and you have an app that has a location tracker in it,
they're pinging you notifications all the time to make you open the app so that they can take a location ping.
It has nothing to do with just driving you to the content, but also to get another ping for your location.
So it's a dirty business.
And it's very valuable for us as marketers, but for privacy and other things like that, maybe not the greatest.
Yeah, that's fascinating.
I would have assumed that that deluge of, hey, do you remember that?
this app exists. I won't name one. But that kind of pop up that I just sort of systematically turn off
every single time I get a new device. I think of them as being, we're just trying to boost our
content. We're just trying to get people in this thing looking at it because some subs of them will
either watch the content or click on the ad or use the service or pay for the thing.
A little, hey, quickly give us a GPS ping so we can check out where you're at,
assuming you've enabled that on your phone.
That's interesting.
And I hadn't thought about it.
And that's a, yeah.
I know back in the day, like a lot of these were sports apps,
like getting updates for games that are underway and things like that.
Like those updates essentially did the same thing.
Same with like weather apps because you always have location services on for a weather app.
So if you're using a free to a free weather app full of ads, chances are your location data is
being sold on you.
Like there's,
it's like a,
it's an interesting expose
waiting to happen
because I don't think,
I think as much as you and I take it for granted
and probably listeners of the show,
I don't think the general public knows it.
I think people have post Cambridge Analytica
a better sense that the like,
are they listening to us through our phones?
No, it's more insidious.
But like that that whole question,
and the advertising
side of the internet essentially
are like this is the same thing.
If you're trying to understand
the degree to which you are tracked
and monitored on the internet
and how the advertising ecosystem
of the world works,
it's like you are trying to understand the same thing.
Because there's not really much other reason to do it.
No.
Other than to try and sell people shit.
And on that bombshell,
thanks for listening to another episode
of Hack Podcast.
Please.
The pizza costs.
$920 million.
Oh, went up.
Already to go down.
Who knows?
I thought it was 915 maybe at the beginning of the show.
Who knows?
It might have been.
919.
Anyway, very volatile.
Continue with the show wrap up.
Hotlinehack.com.
Tell us your crazy stories.
Store.org.
Podcast.com.
Buy some crazy stuff.
Hackpodcast.com
redirects to Patreon.
Also redirects to the YouTube now.
Please visit the YouTube.
Ask you politely.
and subscribe.
Type in Hacked Podcast on YouTube.
Check out a cool visualizer and subscribe
because we're going to be making some content
that won't really be anywhere else at some point.
So jump in.
Join us, please.
And yeah, I think a little teaser.
We got a bit of an announcement in the works
for later this month.
So a little tease there, a little salt.
Just go drop it.
Just leave it at the side of the table.
And we'll see you next time.
We'll catch you in the next one. Thanks for listening.