Reply All - #93 Beware All
Episode Date: April 6, 2017This week, we discover who was actually behind the hack of Alex Blumberg's Uber account. This episode picks up where Episode 91, The Russian Passenger, left off. Further Info Come see Alex and PJ at ...The Bell House with Linda Holmes! Wirecutter on password managers Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Hey, this is PJ with a quick note before the show starts.
If you have not listened to episode 91, the Russian passenger, which is about Alex Bloomberg's Uber account being hacked, go listen to that before you listen to this episode.
If you don't, it'll be like just watching the last episode of a TV show.
You'll ruin a bunch of surprise for yourself and also just be confused.
Go back, listen, come back here.
Okay, let's go.
Previously on Reply All.
Somehow,
someone in Russia got the password for your Uber and it's just like...
And hacked my Uber account, right?
Whoever had access to his email account was clicking on those links,
verifying it was him, and then deleting the notification before he saw them.
You sort of leave these little traces of yourself all over the internet.
And as time goes by, those chances of one of the places you've left your data being breached
and that data then being leaked continues to go up.
So a couple weeks ago, we did an episode called The Russian Passenger.
And in that episode, our boss Alex Bloomberg, came to us with a question.
His question was,
How did a Russian person steal my Uber account?
Yes.
Someone had been taking trips around Moscow.
On his rubble.
On his rubble dime.
What a dumb joke.
So he wanted us to figure out what had happened,
which sort of seemed simple enough and then ended up being like insanely complicated.
Right.
And after testing a bunch of theories,
what we came to as the most likely scenario
was that Alex was on vacation in the Bahamas with his dad, Richard,
and his dad has a tablet, a Surface Pro.
Alex logged in to his Gmail on the Surface Pro,
and there was malware on the tablet,
which gave hackers his username and password.
They got into his Gmail.
They hacked his Uber.
But we never found any conclusive proof that that happened.
Right.
At the end of that episode, we said that if anybody out there has a different theory
or thinks they can conclusively solve this problem, they should write into us.
And if they do conclusively solve it, I will send them a personal pan pizza.
And we got hundreds of emails about this.
We're still getting them to this day.
And producer Fia Bennett, who is in the room, hello.
Hello.
Did the intrepid investigative work of actually following all of these leads and seeing where they went?
Yes. And here's what I can promise you. By the end of this conversation, I feel completely confident that you will pick somebody who has earned a personal Pam pizza.
All right.
What I also have to say is when I was looking into all of this, I learned a lot of things that terrified me.
I have become incredibly paranoid.
And if I do my job correctly today,
you will never touch a computer again after this conversation.
All right, let's go.
Okay, so first, I feel kind of obliged to tell you that we got about a million responses
that said we should have run a different virus scanner on Alex's dad's tablet.
A bunch suggested something called malware bites.
and so his dad and I did that, no viruses were found.
Huh.
Okay.
So, just that was a little disappointing.
I thought, like, maybe we would solve it quickly.
We didn't.
I feel like all it did was reduce the certainty of an answer that I still feel pretty good about, but do you know what I mean?
Yeah, yeah.
It was just like shucks.
It was just like shucks.
It was just like shucks.
No pizzas for any of those people, although helpful.
Thank you.
I'm glad to know.
Yeah.
So now we can get into the stuff that I think is like,
the good stuff.
To start, theory number one.
This theory comes to us from a guy named Nick.
He lives in Florida.
And I'm calling his theory,
Beware all keyboards.
So this theory is that, like, at some point,
before Alex Azouper got hacked,
maybe he logged onto a computer,
logged into his email,
and that computer had a keystroke logger on it.
So, like, there was some little piece of software
on the computer collecting every keystroke Alex typed in.
Here's Nick.
So I'm not the most technically savvy person, and I only know this through experience,
and I've retained it out of fear.
Okay.
And this was 2001, 2002, something like that, and I worked at a little small software company.
The head developer there was like, just for fun, I designed a keystroke logger that is logging all the keystrokes of everybody in network.
No.
That's very sketchy.
And Nick was like, we asked him to like show us how it works and we all crowded around his computer and he was like, let's see what our co-worker over there is doing.
Oh.
And they already knew that she was online dating, which they were giving her a lot of crap about because in the early 2000s that was like...
Weird to people.
And so like Nick and all of his co-workers gathered around the one tech guy's computer.
And he popped up this little like...
terminal window, and he's like, let me show you. What is the word, not internet, what's the next
step from internet dating if you don't meet in real life, but you want to take it to the next level?
Now you sext. They're sexting, but back then, cybering. So we picked up right in the middle of a
cyber session. Oh, no. Yeah. And we, I mean, I mean, four guys standing around a cubicle
screamed. They all of a sudden realized they were seeing something they absolutely should not be
looking at, and they immediately felt tremendously icky.
Yeah, so we, I mean, shut the window right away.
Yeah, yeah.
So that's how I met keystroke logging.
So Nick figures that totally is what could have happened to Alex Bloomberg.
Which is a good theory, except that I actually checked this with Alex.
And he was like, he said, no, no, no, I really, I only used my phone, Nas's phone,
and my dad's tablet.
Like, there wasn't some point where he just like went on to a stray computer.
somewhere.
Yeah, but that only really accounts for, like, what he's doing in the Bahamas.
Like, he could have logged on to a computer with a keystroke logger, like, any time before
the trip, like, it could have been, like, months ago.
And somebody could just be, like, holding onto those credentials and happen to use them
now.
Like, it could be kind of a coincidence.
Yeah, I guess that's true.
Like, I would say probably at some point in your life, you've used a computer that had
a key logger on it, like, at a library for 10 seconds or, like, you know, like, you're
I think that there's enough of this stuff out there that, like, yeah.
Right.
Like, it's a little freaky to think about.
And, like, and I'll just, like, as I continue to talk to our listeners about different potential threats to Alex Bloomberg's Uber account, like, it just got scarier and scarier.
Like, things got super creepy.
I'm excited to go on this journey of creepiness with you.
Before we move on, all I want to establish, this theory is we're not giving the pizza to this person, right?
Yeah, it's a good theory, not pizza-worthy.
Okay, so what is the next thing?
What's the next theory?
Okay, so theory number two.
It comes to us from a guy named Mick Lawler.
He's a security researcher based in Durham, North Carolina,
and I'm calling his theory, Beware All-Fi.
Okay.
So Mick has a device called a Wi-Fi pineapple.
It's so cute.
I know what both of those words means, certainly.
Yeah, I mean, I was really cute.
curious, like, what he was even referring to.
Can you describe it for me? What does it look like?
Very, very small. It's only the size of my palm.
And it's basically a computer.
This one, in particular, they've modified to have two antennas, which are radios to call
out and to receive. There's also little switches here to do different attacks.
Okay.
Yeah, and it's super, super powerful.
So to give you an idea of what the Wi-Fi pineapple
is capable of. If you imagine
hanging out at a Starbucks, you
go there and you have your laptop and
you're doing work and there's
a ton of other people there.
And what you don't realize is somebody's just walked
in with a backpack on and inside
his backpack is a Wi-Fi pineapple.
And as soon as he walked into that Starbucks,
it started sending out a signal saying like,
connect to me, I'm the internet.
So I'd be sitting in Starbucks. I'm the sucker.
Yeah. And I'd go to my Wi-Fi list
and it'd say Starbucks-free Wi-Fi, and I'd click it.
Yeah.
But what I'd really be getting is this other guy pretending to be Starbucks-free Wi-Fi.
Right.
And so I'd still get connected to the Internet, but everything would go through him and he could spy on it, right?
Right.
And it would have a little bit of code in the pineapple that says,
anytime PJ tries to go to Facebook.com, instead give an unsecure version of Facebook.
So instead of HTTP, it'd just be HTTP.
Yeah.
And then the rest of it would look like Facebook.
But that would allow them to grab.
Well, and so when you logged on, it would collect your username and your password.
And Mick said, you know, this isn't just something for Starbucks customers to be worrying about.
I can set this up anywhere.
You think about that's just one instance, but let's think about, let's go one step further.
Let's go airports.
Let's go hospitals.
Let's go.
The city of Durham actually has Wi-Fi when you walk around downtown Durham, and it's free to use
to the public. So let's think about the guy that's just walking down the sidewalk with one of these
in their backpack. You are giving me the heby-jubis. This is so freaky. And actually they sell a
covered box that looks like a smoke detector or just an ominous box on your wall. God, that is so
creepy. So there's a name for this. It's called a man in the middle attack. And Mick explained to me that
another way that this could have gone down, like a way that would have affected Bloomberg,
is that while he was in the Bahamas, you know, he was staying in an Airbnb.
Yeah.
If the Airbnb hosts were trying to collect his credentials.
Right.
Or if somebody had set up a pineapple right outside his Airbnb place, this could be like a little
side business selling Uber accounts off of...
You probably, if you're an Airbnb host, you're probably not going to do something like this
because it'll eventually come back to you.
But what if you're just a person who stays at an Airbnb?
and, like, leaves behind something like a pineapple, Wi-Fi pineapple.
Like, for most people, how often do you look at your router?
Do you know what I mean?
Like, that's not an object that if I found in my house, would creep me out.
I guess the question I have is if they were collecting this information,
why would it just have been Alex and not, like, I'm sure that Nas and Alex's parents were also using their emails.
And their e-bors aren't hacked.
And none of their information was taken.
Okay, I think that what this falls under the category of is interesting and creepy information, no personal pan pizza.
I don't feel like it's our solution.
Right.
I don't think this is actually the correct answer either because it doesn't answer this, like, huge question that actually Alex Bloomberg kept having when we were originally trying to solve this, which is that he has two-factor authentication on his email.
So when he logs in from a new computer, he not only has to put in his credentials, he also has to put in this code that he gets from a text message.
Right.
But I talk to this other guy.
He's based in Toronto, and he says he has a way that he thinks it could actually have worked.
Yes.
So my name is Daniel Boteanu.
I'm a digital forensic investigator.
So you're like a real detective.
Of the digital world, yes.
Do you have a theory about, well, let me preface before any of this.
I am not the person who decides whether you get a pan pizza.
Fair enough.
So when I heard the interviews and the last week's show, one of the things that came to mind is nobody's thinking of Alex's phone.
What if Alex's phone got hacked?
Oh, interesting.
Yeah.
He told me about this way that you've.
could actually get into Alex's phone. This is theory number three. The Beware the phone company
theory. So how does it go? So Daniel told me, you know, phone companies, they all talk to each other.
Like, that's how you can have coverage while you're on vacation. For example, AT&T in the U.S.
talks to Orange in France. So that's what allows them when you go visits Paris and you turn on your
phone there, the orange network in France sees your phone number, sees that you're an AT&T
customer, and then we'll talk to AT&T and tell them, hey, I see this number that just appeared
in Paris.
Right.
Now, if Alex used his phone in the Bahamas, the network in the Bahamas had to talk to his
network in the U.S. just to say, this phone is roaming.
So the way this communication happens between the phone companies, it's not a human talking to a
human at the other end. Everything's computers. And the problem with it is anybody can pretend
that they have a small phone company and talk to the big providers in the state saying, oh, I see
this phone that just appeared in my network. I will be receiving all messages for it. Please
forward them to me. Oh, so they'd be communicating with Verizon saying, I'm the local Bahamas phone
company. And the phone's in Bahamas, so send me all of the text messages and calls, and I will
gladly forward them to the phone, which is under my coverage. Oh my God. So Daniel says the way that
this would work to get around two-factor authentication is that when a authentication code was sent,
it would go to the attacker, and they would have the choice of whether to forward that on to
Alex Bloomberg or not. So they would have the code that they could use in his
Gmail. But the thing with that is you would get, if Alex, like, at some point Alex did log into his
Gmail, he gets that text message. You see the code for the two-factor authentication, but you don't
have his password. Right. You'd already have to have Alex's username and password. And so
Daniel told me, like, the most likely way that this occurs is that it's actually a targeted
attack on Alex Bloomberg. You know, like, it's got to be something like corporate espionage.
Get out of here. I know. And it seems like probably kind of a,
far-fetched idea, but I've actually heard of examples of this happening to people in the media
industry and people in general. There's this one story that's like a different version of the
Beware the Phone Company attack. It happened to this guy that I think you guys have heard of.
His name's Durey McKesson. You know who that is? Yes. He's an activist and he's very popular on
Twitter. He ran for Baltimore mayor. Right. I mean, he's like super involved in the Black Lives Matter movement.
and has, you know, three quarters of a million Twitter followers.
Yes.
Not a Twitter account you would want to be hacked.
Exactly.
So this happened to him last summer.
So the conference, actually, I was sitting on a panel and I have two phones that I travel with.
You have two phones?
Do they have the same number?
No, no, they're two different numbers.
One is a number that I've had ever since I ever got a phone when I was a teenager.
And then I have another number, which is the number you have.
And that is the number I used the most.
But especially in protest, it was important that I was never without a phone.
So if one died, I could just turn the other one.
I was rarely ever without a functional phone.
So I was on a panel.
Both the phones in front of me, and the number that I use, like the everyday number I use, all of a sudden I'm talking, but I see the screen go like, activate your phone.
It's like the screen comes up that's like, activate your phone.
And I'm like, well, that's really weird.
By the time he leaves the panel, he's getting text from people being like, what is going on?
Like, why are you tweeting out that you endorse Trump as a candidate?
somebody has completely hacked into his Twitter account.
What else were they tweeting?
There was another tweet that was like something like,
by the way, I'm not black.
So like racist trawl?
Yeah.
So luckily the panel's at the end,
I get off the panel and I call Verizon.
And lo and behold, somebody calls Horizon posing as me.
They essentially got the SIM card changed over the phone.
Oh, my God.
So what they did is that they have my phone.
my number got sent to another phone,
and then they did the two-factor,
so the text with the pass code went to a different phone.
Which means that, like, the phone in front of him at the panel
was no longer attached to his account.
Right.
I luckily got my account back later that day,
but, yeah, that was wild.
I didn't even know you could do that.
I had no clue that you could even change a SIM card over the phone.
And that's the other way a person can get around two-factor authentication.
Oh, God.
Yeah, it seems like,
super nightmarish. And Daniel says, you know, even though it probably is something that Alex
should be worrying about? It's unlikely that this is what happened. And if I'm doing something at
this scale, I'm not also going to go after his Uber account and sell that on the black market
and just tip Alex off that something happened to his phone. I'm just going to try to keep things
as quiet as possible. So ultimately, the Beware the Phone Company theory makes me very, very scared,
but I think it's very unlikely this is what happened to Alex's Uber account.
Right.
So I don't think that theory merits a pizza.
And after all of my research into this, the theory that was still standing at the end of the day was that when Alex was in the Bahamas, he logged into Gmail using his dad's Surface Pro.
And the Surface Pro had some malware on it.
And through that, somebody hacked into Alex's Gmail and his Uber account.
And so basically, after doing all of this research, the theory that seems most likely is the one that you, Alex Goldman, presented in the last episode.
So I think you deserve your own personal pan pizza.
That rules.
Huh.
Nice job.
However, after the break, Alex's theory.
comes crashing down.
Hi guys.
Hey.
So thank you for coming back into the studio.
Last time we talked, I want a pizza.
Yes.
So we talked a couple days ago when we talked, like, we went through a bunch of different theories that...
We learned a lot about how the world's not a safe place.
Why are we back here?
What is happening?
Yeah.
Is there some kind of update that might cost me a pizza?
So...
So people, like, continued to be sending...
Wait, before you even saying...
I just want to say something.
I just want to say I feel like too often I make fun of you and stuff.
I want to say that the fact that you did get it right and earn that pizza is really awesome
and you deserve to feel really proud of yourself and it's really cool.
This is such a neg.
No, I think it's awesome.
And like this is one victory that I would not take away from you because you got it.
And that's great.
You're just setting this up so that when it does get taken away from me.
I don't know that it's going to get taken away from you.
So, Fia, what did you find out?
Guys.
You are getting so ahead of your.
So, okay, so there was just this one part of the story that was still nagging me, which is, if you
remember, Uber said they sent emails to Alex when the, like, weird activity was happening
in Moscow.
And Alex said he never saw any of those emails.
Like, he never got them.
Yeah, even in his trash can, like, nothing, nothing, nothing.
So I wrote Melanie Ensign, that woman who works at Uber.
And I was like, I have to find those emails.
When did you send those emails?
And she wrote me back.
She didn't actually send me the emails that they'd sent to Alex Bloomberg.
She just sent me four timesstams, for the different times the emails should have gone out.
And as she sent that to me, I actually heard from another listener who told me about something that
I didn't realize existed, which is that there's a place in Google support that says restore
users permanently deleted emails.
I didn't know that that existed either.
Does it restore them from the beginning of time?
How long did they get like a month?
You get 25 days.
Nice job, mate.
And I learned about this when there were like the date when Alex was on vacation was 26 days ago.
No.
Get out of here.
Oh, no, no.
Sorry, 24 days ago.
Ah!
What a roller coaster, man.
Sorry.
Yeah, so I could look back, but I had like this tiny window where I could still look back and it's actually you have to like submit something to Google and then
They, like, you know, like scrape their system.
I'm literally picturing, like, a hard drive at Google headquarters that, like, a conveyor belt is moving towards an incinerator.
It feels totally like that.
And so, like, we immediately submitted something to them.
They did the scrape.
They, like, said, okay, now everything should be there.
And I started looking at Alex's email with all the restored emails.
And?
Nothing.
Wow.
Get out of here.
No emails from Uber.
Like, this was so frustrating.
So I got on the phone with somebody from Google customer support
and was like, you guys have not restored all the emails.
Like, I know for a fact there are these four emails from these four different specific times.
I'm not seeing them in here.
You guys are Google.
You have to be able to find them.
And what they say?
And the guy was like,
You know, I've never seen this happen before.
This is really strange.
And, like, I got so frustrated.
And then he told me that there was a whole different way that we could be approaching this,
that I didn't actually need to be talking to him at all.
Because Gimlet's email is through a Google business account,
that through the administrator, I could actually see all the emails coming
in and out of Gimlet Media, I could see the subject lines, the like who they were to and who they
were from, and when they came in.
I'm just quickly thinking about like every email I've ever sent at work. I was like,
it's Gmail. It's all private. Good to know.
Yes. Okay. So let me quickly pull it up for you. It's actually called the admin console,
and there's a feature in here called Reports. Okay.
So you go into reports, and there's a place for email log search.
and now you can look for like the four specific emails that we know Uber says that they sent to Alex Bloomberg.
So we'll put Uber in the sender field and Bloomberg in the recipient field.
Does one of you want to drive this?
Okay.
Okay.
So I'm going to hit search.
Searching.
Searching.
Oh, wow.
So there's one, two, three, four, five emails.
So there's many, but they're all just the ones from once Alex was like,
what's going on with my thing.
My account has an unrecognized charge.
I can't send in my account.
I can't send in my account.
My account has an unrecognized charge.
And finally, you get interview requests, the case of the missing Uber account.
I wrote that subject line.
So this is really interesting.
Yes.
This is when I changed from feeling like Google, scrape through your server.
find these emails to
Uber.
Maybe these emails never were sent.
Oh my God.
This requires a dramatic sting.
Like a dun, done,
done.
Okay, if done it, what happened?
So, yeah, this would seem to suggest
that Uber either thinks they send emails
and didn't send them
or, in the worst scenario,
is not telling the truth.
Yeah.
Did you go back to Uber with this?
Of course I did.
Even I wouldn't ask that question.
So what did they say?
Okay, so yesterday.
You got us?
So I wrote her yesterday and she wrote me back fairly quickly and here's what she said.
Hi, Fia, great news.
We figured it out.
Uh-huh.
Alex's password was part of a data dump that was sold online in text.
tested by a bot script before being sold to the person who used it to request trips.
Wow.
Okay.
I am still super confused.
I have a specific...
Data dump.
Who's data dump?
Like, she said data dump on a botnet.
Like, are they saying, oh, things were actually breached?
So she followed up with a second email.
And she said...
Let me see.
By the way, we found his account in data dumps from LinkedIn Dropbox at MySpace,
which isn't surprising since they announced previous data breaches.
If he hasn't changed those passwords recently, he should.
But we checked that.
Right.
So I forwarded all of this to our digital forensics expert, that guy, Daniel Botiano.
And?
And I said to him, I find this confusing, does it make sense to you?
And he said?
And he said, no, it does not.
Oh, my God.
Yeah, he was like, for one, where are the emails that they said they sent?
Right.
this feels really weird.
What did Uber say?
Well, a couple hours ago,
I came back into the studio with Alex Bloomberg,
who has a terrible head cold,
and we called Uber.
Hi, this is Melanie.
Hi, Melanie, it's Fia.
Hi, hello.
I'm here with Alex,
and I'm recording our call.
Hey, Melanie.
Awesome.
She said she realized that in order to solve this problem,
she needed to call on, like,
the big guns. We actually have
an elite team within our security
organization that deal specifically
with account security
and compromised account in those
types of issues. So
I thought,
why don't I go spend some time with them and let's
actually do a legitimate forensic
investigation and figure out what's happened.
Okay. What happened?
It turned out that the
initial email address that was
actually associated with your account
was your former
email address from This American Life.
Oh.
So this is like his old work email address.
Right.
So the notification saying your email address has been changed, your phone number has been changed, your
password has been changed, we're all going to that address.
To the ThisLife.org address, which is no longer even active, which is a dead email address.
So those notifications are essentially going into the void.
Can I also just say this out loud so I make sure that I understand it?
Yeah.
Okay.
It was not a key logger or pineapple Wi-Fi or anything like that.
Basically, all that happened was Alex Bloomberg forgot that years ago when he signed up for Uber,
he used an old work email address.
He also forgot that he used to use the same password for everything,
including a bunch of websites that have since been hacked.
And so hackers got his password from one of those websites,
and they used it to break into his Uber and steal his rides.
And then when Uber tried to warn Alex that this was happening,
they emailed the address that they had on file,
which was his old work email address, so he never saw it.
And also the hackers might have had access to that anyway.
Yeah, and finding that out, it was like everything all of a sudden started to click.
Like, remember how he didn't have his ride receipts?
Yeah.
I remember when we were talking about this like off mic, there was a point where he was like, yeah, yeah, I don't get ride receipts.
Right, everybody was like, but everybody gets ride receipts.
But he was, they were just going to his old email account.
Right.
Also, when we searched Have I Been Poned, we searched Alex at Gimlet Media.
We didn't search his old email address.
Right.
And if you do search that old email address, it has three breaches to it.
It's been poned three times.
Are they linked in MySpace and Dropbox?
Yes.
So there you go.
Wow.
So we were not just wrong, but we were like double extra super wrong.
Well, I think like we were inventing something very complicated because with the data we had, that was the most likely outcome.
Or like the most likely how it happened.
How did Alex react all this?
Alex is so thrilled to actually have an answer to know exactly what happened to his account.
You feel like case closed?
I do.
I feel like case closed.
Yeah.
Wow.
Took us a long time.
All I took was like dozens of engineers at Google, dozens of engineers at Uber, the entire staff of reply all.
Actually, like all of our listeners.
A bunch of listeners to reply all a handful of staff members at Gimlet and my father and me.
Yeah.
Man.
So on the one hand, it's great.
On the other hand, it's like, what if you don't have that at your disposal?
Like, what are you supposed to do?
You have to live with a lot more mystery in your life, I guess.
And get a password manager.
Seriously.
Yeah.
Boy, is there a lesson to this, isn't there?
There really is.
Yeah.
And I don't have one either.
We're both the worst.
Okay.
Wait, should we just get one right now?
A password manager?
I'm sitting in front of a computer.
Oh, my God.
I don't want to.
I don't either.
So, like, the final question on the whole thing is, like, at this point, who do you owe a pan pizza?
I feel like I know.
I guess it's Melanie, right?
It's Fia Bennon.
Are you kidding me?
I mean, I think Melanie could take a pan pizza.
I would happily accept a pan pizza.
Pizza party?
Look, as I specify, it is a personal pan pizza you're not to share it with anybody in the office.
What do you think a personal pan pizza is?
It is a pizza made in Fia's own personal pan.
Wow.
Okay, so at the end of the day, who's getting pizza?
You're getting pizza Fia.
We're going to send Melanie a pizza, which feels a little weird to me, honestly.
We find ourselves in the position of being journalists who have to send a pizza to someone we interviewed for a story at a company.
Whatever.
Sometimes you end up in a weird place.
I feel like our forensics guy, Daniel Botiano, I feel like he probably gets a pizza.
He was very helpful.
Okay, cool.
Cool.
Good work for you.
Yeah, nice job.
Thanks.
That's really nice.
Reply All is hosted by me, PJ Vote, and Alex Goldman.
Our show is produced by Shruthi Pinnaminani, Fia Bannon, Chloe Percinos, and Damiano Marquetti.
Production assistants from Sharina On.
We're edited by Tim Howard and Jorge Just.
We were mixed this week by Kate Boulinski.
Special thanks to Stevie Lane, Richard Bloomberg, Gabriel Lewis, Alex Kroglov, Tim Harford,
and all of the listeners who wrote in with their theories.
You all are awesome.
Also, if you are going to be in New York City on April 30th,
emailed at Forgiveness Day, we're going to be at the Bell House.
We are doing a very low-key show with our friend Linda Holmes from Pop Culture Happy Hour.
You can get tickets at gimlet.media slash reply all live.
Come, it'll be fun. We look forward to seeing you.
Our theme music is by the mysterious breakmaster cylinder.
Our ad music is by Build Build Buildings.
The song at the end of the episode this week is Simplicity by MacroFee.
form, and our logo is by Matt Lubchanski.
Matt Lieber is a lost t-shirt that just shows up again one day.
You can visit our website at replyall.com,
and you can find more episodes of the show on iTunes or Spotify
or wherever you would like to listen to podcasts.
It's your choice.
Thank you for listening.
We'll see you next week.
Energy oscillating off-distance stars can be recorded like sound waves.
Here's star number 767101B, KIC-122-60C.