Hacked - You Can't Publish Their Names
Episode Date: April 16, 2022The story of a very strange doxxing and an even stranger hacking gang. If you like the show and want to make sure we can keep making it, please subscribe, and if you can visit https://www.patreon.com.../hackedpodcast and show us some love. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
There is a telegram channel where you can vote on what major international companies data is going to get leaked next.
Meantime, we are getting some headlines on the group Lapsis.
It was a poll in the channel right at the end of last year.
They said three companies pick one.
Vodafone, Impressa, or Mercado Libra, these three companies operating in South America.
We're going to leak their data.
Who first?
And this telegram channel is public.
I think there's about 45,000 people in the channel kind of right now.
And last year, they all got this choice to vote on whose data gets dumped.
The hacking group behind this telegram would be interesting even if you just focused on the hacks themselves.
The group that we believe hacked Octa earlier this year.
Microsoft, Nvidia, Ubisoft, Samsung, really high-profile companies, super highly publicized, like data extortion schemes.
Their name is Lapsus.
If you follow this kind of thing, you might have bumped into them very recently.
But the reason I think we should talk about them, beyond just the hacks, which are interesting, is the drama.
What's your take?
Well, we're moving from the fog of war to the chaos of the Lapsus attack.
Lapsis isn't like most of the other packing crews we talk about.
They're not state-sponsored, but they also don't really operate like the well-oiled business machine that comes up a lot in these conversations.
There's sort of a looseness to Lapsis.
It's a reminder that people can cause chaos and mayhem on the internet.
So at first Lapsis is kind of confusing.
But when you find out who Lapsis is made up of, it all kind of clicks together.
The talent and the ambition balanced against the sort of amateurishness of it.
A teenager is suspected by cyber researchers of being the mastermind behind this operation.
a teenager who still lives with his mom in England.
And while the city of London police won't say if he's one of them,
they did announce that they had arrested a total of seven teenagers associated with Lapsis.
So we're going to talk about what happened to Lapsis on this episode of Hacked.
Can we open this episode with a hint of appreciation for telegram?
You a big telegram guy?
I like to keep it secure.
encrypted. I was a big telegram guy years and years ago, but I will say that like it went from being
an app that nerds use like me and an app that people use to talk to their drug dealers to now
being like one of the central feeds for so many things. Like the whole Russia-Ukraine thing, like
there's so many telegram feeds about what's going on. And like it's just a, I don't know,
like good for them.
Lapsis likes them some telegram.
That telegram channel comes up a whole bunch in this story.
I think it's not just a platform choice.
It's not just sort of how they like to do things.
I think it's structural, but we'll get to that.
The big thing about Lapsis,
and it almost felt nostalgic for me reading about this,
because I don't think cybercrime has felt like this for a little while.
as I said in the intro, Lapsis is like shitposty.
They have that kind of internet dicking around.
This is all a big joke, spirit about everything they're doing.
And I think that used to be really, really common in the world of hacking and cybercrime.
But over, say, maybe the last decade, it's sort of converged around.
No, this is where we do crimes now.
This is very serious stuff.
There's a bit of humor, but it's not the same way it used to be.
Lapsis feels like a bit of a throwback in that way, you know?
They're more doing it for the game, less doing it for the money.
Yeah.
There was a Zoom call that one of the companies they had breached.
So they breach a company and the employees of this company and the external consultants
that they brought in to try and solve this data extortion scheme, they'd found themselves
and broiled in.
They all get in the middle of this call.
And right on beat, Lapsis just Zoom bombs the whole call and comes in and starts to
it's yelling at them and messing with them on the call
where they're trying to solve the hack that Lapsus
did about them.
So these are like hackers that grew up
in call a duty multiplayer games.
They're just like trolls.
Like when you picture
the like the teenager swatting
Call of Duty players and the hacker
that they would become,
that's not a hypothetical.
I spoiled something by saying that.
So
A little timeline. Where did these folks come from? Lapsis showed up super recently just a couple months ago,
originally targeting almost exclusively Portuguese language targets. And they start moving
really, really fast. If you missed it, this story takes place on a way more compressed
timescale than most of the big hacking gang cybercrime operations we talk about. All of those
hacks I named earlier, every single one of them, and this started a couple of months ago.
Instead of years of lurking around in the dark web, Lapsis shows up and is immediately making an extraordinary amount of noise, an almost self-destructive amount of noise.
Their first big push was in December of last year.
You got Brazil's health ministry, the Portuguese media giant Impressa, the South American telecoms giants Claro and Emberthel, a Brazilian car rental, like, you know, big consortium localiza.
all these big companies in South America
all in about a month
get caught up in these data extortion schemes.
Like we've been saying,
there is an economic element to this.
By the end of the story,
they got walks away with 14 million Bitcoin.
Walk away, maybe not.
But they're making money.
But the discretion and the business-like approach
isn't really there.
It's hard to know exactly
why they started being so public.
But every single one of these hacks
has some kind of internety punchline to it.
When they hacked localese of the car rental company,
they just for fun,
redirected the main page to a porn website.
There's no reason to do that.
It doesn't achieve anything in the hack,
but they did it anyway.
When they hacked one of the large Portuguese newspapers' Twitter accounts,
they just tweeted, they just decided to tweet,
Lapsis is officially the new president of Portugal.
They thought that was funny.
I kind of tend to agree.
There's no reason to do that.
It doesn't make you any more money.
you do it because for the lulls, you know what I mean?
They were just a bunch of hackers truly raised on the modern internet,
not the leftist ideologues of the old hackers,
you know, that I like to think of myself as a stalwart of.
This brave new frontier.
And for, you know, a little while, a month or two,
they kind of start, they're just running ram shot through South American technology companies.
In December of last year, they wrote on that telegram channel,
which wasn't up to 45K yet, but was growing.
Quote,
Remember, the only goal is money,
our reasons are not political.
Then again, this past February,
when they were posting about their Nvidia hack,
which we'll talk about,
they wrote,
Please note, again,
we are not state sponsored
and we are not into politics at all.
Lapsis, and so much of their messaging
wants you to know two things about themselves.
They do not work for any government,
and they think all of this is very, very funny.
They're in there for the lulls.
I got to respect it at some level, you know.
You do.
So technically speaking, what is Lapsis doing with all these hacks?
Lapsis is sort of unique in this space.
They're not quite a ransomware gang.
They're an extortion gang.
And right out the gate, they seem really committed to refining and figuring out this tactic.
So ransomware, we talk about a lot.
It's a malware-based hack where you use software to encrypt the victim's data,
and if they want it unencrypted, they pay a ransom.
It is distinct from extortion, which is Lapsis' whole thing, where instead of using hacks to deploy
ransomware, you fish your way into the enemy system using a bunch of off-the-shelf and social
engineering tactics.
And then once you're in, you just go digging around for the most sensitive information you can
find.
Once you find it, you steal a copy.
The victim still has the data.
It's unencrypted, but so do you.
And if they don't pay you, the threat is you'll leak it.
We've talked about double extortion before, which is combining ransomware and extortion lapsis,
for some reason, across all of this, is only concerned with the latter.
They haven't locked you out, but they will share the information they have discovered running around in your system.
What that means is that the hack only works that they can find something the victim really doesn't want getting out.
Of course.
Which, what does that mean for a large tech company?
What do large tech companies really not want to?
want getting shared.
I think they call it intellectual property.
Sounds so bad.
I think they do too.
I think they call it intellectual property.
I think they call it IP theft on a massive international scale.
I think they call it all of the thing they spend billions of dollars making.
I think they call it what every single engineer and developer at a software company,
damn near, is been tasked with creating.
Yes.
And if it ever gets out,
bad things.
So a lot of their hacks
start with the use of password
stealing malware. The most common one is called
Red Line. It's a piece of off-the-shelf
software lets you get
into a system through a fishing
scheme and then start doing that thing where you work
your way up the org chart. So they use password
theft off the shelf to get in
and then they start just manually working the way
around. The other tactic that they use
quite a bit, it ends up
being kind of important to this whole story is something
called session hijacking.
My sense of it from trying to parse it out is essentially what you're doing is you're buying a stolen cookie from a user who uses a website that stores the session ID as a cookie.
Basically, certain sites will skip forcing you to log in by storing a bunch of your user data in a little encrypted string and a cookie.
But that cookie can be stolen and resold and then loaded into another person's browser.
So you've got, I didn't know this, these whole.
dark web marketplaces that's only purpose is to sell these token IDs.
Sell authentication cookies? Exactly. Interesting.
Where without having their login credentials, you can just load in this little cookie session
ID thing and almost like wear their session as a mask and pick up the other user session
right where you left off. It only works on really specific websites. But for the right
vulnerability, it's apparently super effective. Most hacks are on a much more technical level
that is relatively low level.
Like popping a cookie at someone's computer
and popping into another one is pretty tame.
But also at the same time, probably very, very valid.
One, the thing that's interesting is you can pop the cookie out of their system
or there's other ways to get it, which we'll talk about.
Lafsus would buy these cookies, these Session IDs,
to help them get a foothold into their victim's system.
But all these tactics, Session, hijacking,
password stealing software. It's all just about getting them in so they can start climbing so that they
can then do one of these data extortion schemes every single time the same bit. So Lapsis cooks up this
tactic. They fish their way in and they start beta testing this tactic in South America in December
of last year. And right when they kind of get it figured out, they get their feet under them,
they turn their view to the rest of the world and their ambitions spanned. Once they leave South
America and expand globally. I'm just going to rattle them off because these like these hack
and teens just go on a golf cart crime spree for the next two months.
It's a terror? Just a rip. You've got Nvidia, Microsoft, Samsung, Ubisoft, and that's not
even including the biggest one. So in mid-February, Lapsis breaches NVIDIA.
Dan, let me bring you in here a compelling new lineup from NVIDIA, but I understand you also
talk with Jensen on the Lapsis Hacking
gang. That's right, Brian. We talked to him about LAPSIS, which has broken into not just
NVIDIA, but Samsung, Microsoft, and apparently Octa. Earlier, we chatted about, you know,
the kind of information. A large corporation would pay some money to keep private.
Lapsis gets into NVIDIA system and lifts a terabyte of data, including the incredibly
sensitive information about the designs of their graphics cards, the source code for their
AI rendering system. Yeah.
The usernames and passwords of more than six.
70,000 employees, all of which they threatened to drop if Nvidia doesn't meet their demands.
What was their demand, Jordan?
Their demand was to remove a anti-crypto mining feature called light hash rate from their GPUs.
So they didn't want Nvidia's money.
They wanted them to remove a lock that said you can't mine crypto with their stuff.
Sure.
That's a pretty forceful negotiating tactic.
It sure is.
And it's just interesting to me because you spend all this time cooking up.
cooking up a way to get big companies to pay you.
And then you've managed to hack someone that has a,
you got kind of a customer service gripe with.
You figure, hey, why not?
While we got them here, maybe you let me mine some crypto with your graphics cards, please.
Yeah, no kidding.
Or we're going to tell the world how to make your graphics cards.
You know, your choice.
Somebody's going to release a version of your graphic cards without the lock
if we give this public information away.
Maybe someone just hacks a way to do it.
because we've released the source code for these things.
That's very true.
This is something that is incredibly concerning, obviously,
and Jensen Huang basically said to us,
look, this is something of a wake-up call,
and they want to move their entire business structure
to what's called a zero-trust structure.
Now, just to give you an understanding of what that means,
essentially it means that nobody in the company can be trusted.
You automatically assume that whoever is trying to access any files
within the company itself or any of the company's networks
is a potential threat.
And so you make them go through these different types of login processes
to ensure that they aren't.
They hack Nvidia, but they're just getting started
on their tour through PC gaming.
Next up, you get Microsoft.
Early on a Sunday morning in March,
Lapsis posts the screenshot to their telegram channel,
their increasingly popular telegram,
saying, guess what?
We just hacked Microsoft's Azure DevOps server,
which contains the source.
source code for Bing, Cortana, and Office.
Monday night of that same week, they drop a torrent with a 9 gigabyte zip file with
over source code for over 250 projects.
But hey, the month is young.
Maybe Microsoft and Nvidia still isn't enough.
We'll buckle up because next up comes Samsung.
Shortly after that, they drop a 200 gigabyte file, a bunch of IP relating to their mobile
devices, which Samsung is a big company. Mobile devices is about the worst thing that could probably
get leaked. I don't really care if my smart TV or my fridge, but my mobile phone, I would prefer
the source code for that, not be out there in the world. No kidding. Which it was. 200 gigabytes,
the algorithms for all of their biometric unlocking operations, bootloader source code for all recent
Samsung devices. Qualcomm gets wrapped up in it, their confidential source code, and a bunch of
authorization tools for the actual Samsung account. And as of today, there are more than 400 people
sharing that file. It is incredibly popular. Lots of cedars. No leachers. You can download it right now.
Oh my God. Within a month, Nvidia, Microsoft, Ubisoft, who I didn't even mention Samsung,
this all starts in late February and goes through to late March. All of that in about 30 days.
and a crescendos with the big one,
which is a company, I'm not sure if you've heard of it, Scott, called OCTA.
Of course, Okti verify.
Okti verify.
For anyone that doesn't know, broadly speaking, what is Oktah?
It's like a very fancy Google Authenticate.
It is like a secondary authentication service that you run.
It's all time-based.
It requires a bunch of back-and-forth to verify.
that you're on your device, you're in a specific location,
that you're not trying to mitigate and reduce the chances
that something is going awry in your login.
And it's super popular by really large corporations
that will use it to manage all of the logins of all of their many employees,
Peloton, Sonos, T-Mobile, the FCC,
we've got like 17,000 customers.
And the thing that's cool about it,
from the little bit of reading I did,
is like a lot of sort of identity management platforms,
is it really reduces the attack surface of a giant corporation.
If you've got 10,000 people each using 20 different services in their job,
each with its own password and username,
the attack surface, the big area where a hacker can try and get in is giant
Okta shrinks it down to one login, makes it a lot easier.
But that only works as long as Okta is very, very secure,
which it typically is.
Until at the end of March,
Lapsis posts a screenshot to their telegram channel
showing them in control of a OCTA administrative
or super user account,
which is not great news.
For the world.
And for all of the people that care about intellectual property
because they all use OCTA.
And for Oktas CEO, Todd McKinnon,
who gave a quote,
in late January 2022,
we detected an attempt to comment
compromise the account of a third-party customer support engineer working for one of our sub-processors.
We believe this screenshot is connected to that January event, which is interesting because OCTA would be the ultimate get for a supply chain attack, which we've talked about in the show.
It's when you hack your way into a victim by hacking someone else and riding in on the bottom of their shoe.
and it sounds like
the way that Oktah got attacked
was itself a supply chain attack.
They rode in on the bottom of someone else's shoe.
The question then became,
did they ride into anywhere else
once they had the super user access?
RSA key fobs used to be like the
kind of original super control switch
for big corporations,
you know, those little digitized numbers
that rotate on your keychain.
And I feel like Oktah
has wholesale replaced,
has given, I shouldn't say replaced because those are so super secure, but have given or try to offer a similar solution but to pretty much every user in a domain rather than the 10 most important.
It used to be, you know, if you had access to the accounting records, you needed the RSA key fob to get access to it.
But now pretty much everybody in the corporation can have an Okta single sign-on verification account.
so it's trying to just elevate the base level of access control for everybody but then again if that gets violated you've kind of violated everybody rather than just a few accounts so
and it's really hard to know what exactly lapsus got out of this this you know breach implied by the screenshot for sure they make so much noise and say such
crazy crap. It's really hard to tell exactly what's true and what's false. Oak to buy all accounts
was incredibly on this. Of course. The thing I find interesting about it, and you've told me about
this and talked about it, is that there's a reason you don't post about a hack while it's
happening. You draw attention to yourself. They know you're there. The lights are on. They shine
a spallhead on you. You got to scurry away, right? And this is just me speculating. They might have
got nothing from this access they had with an Okta.
Of course.
But it seems really relevant to me that the screenshots are from January.
And they didn't share them until late March.
And in between, they went on this extraordinary run of hacks in an incredibly compressed
timeframe.
Yeah.
And it's hard not to kind of wonder if that run.
Yeah, it correlates.
And the access they had to Okta weren't in, it's probably not one to one.
I'm sure it isn't.
but maybe they juice this access for everything it was worth.
Once that fruit was dry,
they got that one last little drip by publicizing it to their channel.
And we get to watch everybody panic.
You got to wonder.
Yeah, like I don't know enough about the OCTS systems
to know what that would do,
but if it, like the speed and velocity
at which they were hacking and releasing things,
like either they are the world's best fishers
or if they had an extra layer of attacks and layer of access
like man I can see how you draw those two correlations
because I'm sure a substantial amount of the people that were violated
probably could have been running Okta
and I'm sure I don't know if that would be disclosed
as per you know I'm sure Oakta has it
doesn't want to disclose much more than that.
The last of these headlines, you know,
the last punch of publicity from this crime spree is March 22nd.
It ends with Okta.
And then two days later on March 24th, there is a different headline.
The last one we're going to talk about.
And this one isn't about a hack.
It's about that arrest.
That headline right after the road.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflow.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy,
and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at,
machine speed and hundreds more that automate the repetitive work that normally buries human
analysts. Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions. The automation frees your
concierge security team to focus on higher value strategy and proactive risk reduction
while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected,
than cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving to the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights in how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead of the next big breach.
It's not fearmongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
So Microsoft had been tracking lapses for a while.
They gave them the very Microsofty designation of dev 0537, some big long string.
And their research prior to these arrests on March 24th charts the various pseudonyms
used by this ringleader.
It was by White and
Breach Base. The important one here
is the name White Doxbin,
which he used on one site in particular.
And it teases how all of this unravels.
White Doxman?
He uses the name White Doxbin
on the website
Doxbin.
D-O-X-B-I-N.
Oh, Docsbin. I thought you meant
Doxman, as in like somebody who man's a doc.
A doxman.
What a weird name.
Doxman.
He's a sailor theme tacker.
Doxbin is a website.
It's essentially a doxing form.
Yeah, yeah, yeah.
Anyone can post the personal information of a target.
You can go digging through these archives of hundreds of thousands of people that have been doxed.
It's terrifying.
And about a year earlier, someone bought Doxpin.
It had a new owner.
And I guess shortly after this new owner takes over,
the community starts to revolt as the new owner wasn't running things the way they had been.
And the community at Doxpin is getting angry at their new owner, White Doxbin, the ringleader of Lapsin.
People are getting angry.
And finally, White Doxbin says, I'm out.
I got Lapsis to run.
I don't need the headache of owning Doxbin too.
So in January of 2022, right during this crescendo of hacks, the new owner White Doxbin,
agrees to relinquish control and sell the site at a pretty brutal loss.
Where he messes up is right before he gives up control,
white dockspin made the choice to leak the entire doxpin data set,
including unpublished draft versions of dockses,
to their public telegram channel.
He decides, as he's walking out the door,
to burn it.
To give away all of Dox Spin stuff to burn it.
behind him. And the community,
the docksman community is livid.
And they
respond in the way that
you might expect a doxing site
to respond,
they docks him.
Really, really
badly. The first thing up,
I think, wasn't even his name.
It was a video shot outside
of his home in the United Kingdom.
Yeah. And then his name
and then his address and then all of his personal
data about this
guy, White Doxbin, the ringleader of Lapsus, who was 16.
Wow.
We find out in this moment that he'd been up to some stuff before all of this.
He had founded another hacking gang called Recursion Team, and you teased what they did earlier.
They got in at the ground level.
They started with like, not even hacks, swat attacks, fake bomb threats, teenager stuff.
And then they graduate up to doing sim swaps.
and then they graduate up to doing the more social engineering stuff.
Yeah.
And they start making money.
And he starts reinvesting the money, turning lapsus into this,
bringing new people in and turning it into this very well-publicized hacking crew.
In the span of less than a year, just a couple months.
Until his relationship with Doxman goes south end of March, and they docks him.
On March 24th, the City of London police arrests seven people
between the ages of 16 and 21 in connection with lapses.
And the wild part is they were all released
because a doxing isn't evidence.
It's incredibly incriminating, but it's not evidence.
But the name, the real IRL name of breach-based white doxman,
now it's out there.
So you've got journalists who will not publish the name
because the suspect is a minor.
Of course.
But they will go visit his parents,
is very confused parents
and ask very intense questions
about the very intense future
of their potentially hacker
son's very intense life.
16.
But there's
this one other tactic they use
that I think reframes some of this.
So a month ago,
Lapses Telegram Channel,
45,000 members,
one day an ad goes up
on the channel,
and it's a recruitment
ad recruiting insiders at major mobile phone providers, large software and gaming companies,
saying we're going to pay you $20,000 a week to be our inside person to sell us your cookie
session ID.
And suddenly, that infamy, that channel with nearly 50,000 people in it, we see that it has a
purpose.
Because up until just two weeks ago, at this point when you're reading it,
This isn't teenagers trying to steal crypto.
It is the very infamous and successful cybercrime operation lapses.
Give them a Google and you'll see a ton of headlines.
And that infamy that he fostered, by making all this noise and having this big public channel,
the infamy lends them authority.
It's a reminder that people can cause chaos and mayhem on the internet,
even if they're not connected to politically motivated objectives.
even if some of their methods are laughable.
So it's a critical reminder of our vulnerabilities
and the need to clean up our digital environment.
So where does that leave Lapsus?
Lapsus didn't go away.
A week after all of that went down,
after their ringleader got arrested,
they then posted a message on the telegram saying,
back from vacation,
along with a 70-gigabyte torrent of more data
allegedly stolen from another giant company.
This time it was consulting giant Globant.
So whoever these teens that were arrested are,
well, it's either one of two things.
Either they're back at it really, really quickly from their family homes,
or the rest of Lapsis, however old they are,
is perfectly happy and capable to continue on without them.
And who knows, was maybe around before those 17s in the UK joined.
Which opens the door for the possibility that these seven teenagers in the UK got involved with a pre-existing hacking ring,
swung crazy big, helped hack some of the world's biggest companies, and then got doxed.
And now it's on the news.
But as with all this stuff, it's tricky from the outside to tell what's going on in there.
So last episode, we talked about virtual kidnappings, and we talked about how they work,
and we speculated about how you could make them even more efficient crimes.
But one commenter noted we did actually talk about how to avoid them.
We kind of did, but I take your point.
So just very briefly, there's no real way to stop these folks from calling you, but the internet crime complaint center has some best practices.
And it's a lot of the stuff we said in the episode.
Step one, slow down, take a breath, get your feet.
down to you. Step two, just contact the victim entirely. Just contact them, call them, text them.
That would have solved the episode's whole story. Step three, it's a kind of a kidnapping classic.
It's the ask them something only the victim would know. The formal version of it is if it's your
child. You should have a secret password, which is something that we did when I was a kid.
Is it really?
Yeah, no, that was a, I think that was a thing in the 90s where there was a lot of, you know,
your child's going to get kidnapped. Tell them a,
password so that they can check to make sure that, I don't know, the 90s was a weird time.
Verify, it's the real person. Yeah, I remember my parents, they must have seen a spooky thing on
the TV and they were like, your secret password is this. I was like, cool, what are kidnappers?
I'm six. What is this premise? I don't like any of this. And the step four is just
report it to the internet crime complaint center. So we left you hanging a little bit on that one. That's
what you should do about virtual kidnappers.
Yeah, sorry, we're in the business of scaring, not solving.
You've got a new podcast description.
In the business of scaring, not solving.
There's too many crimes out there for us to even consider solving.
No, we just talk about them.
Spicy takes.
Spicy takes.
Thanks for listening, everybody.
This was a fun one.
This episode contained research and archival audio from News 9 Live, Bloomberg News
BBC wired, silent push.com, gizmodo.com, and vice.com.
Shout out to our new patrons on Patreon.
Patreon.com slash hacked podcast.
Single best way to support the show.
Branded vote.
Thanks, buddy.
Crohn's.
Thanks.
It's a pleasure to have you.
James Naismith.
It's good.
Welcome to the club.
Get on in here.
Open the door.
It's nice inside.
Jimmy, you edited your pledge.
You gave me more.
I appreciate that.
Thank you.
It's incredibly generous.
Thank you so much to everyone who listens, who everyone's kept listening.
This is a, you got a mid-monther.
We're trying something new here.
We're trying to make more of these bad boys.
We hope you enjoyed it.
Thanks again for listening.
Tell us some folks about the show, and we'll catch you in the next one.
Cheers.