Tech Brew Ride Home - Fri. 06/11 – Now The Hackers Have Come For Our Hamburgers

Episode Date: June 11, 2021

Moar… hacking news. McDonalds. Electronic Arts. Le sigh. Apple wants to do away with passwords too. Elon Musk unveils the Model S Plaid. An interesting Apple Car hire. And of course, the weekend lon...greads suggestions. Sponsors: TheLogic.co/subscribe promo code RIDE for 50% off Cybereason.com Links: McDonald’s Hit by Data Breach (Wall Street Journal) Hackers Steal Wealth of Data from Game Giant EA (Vice) Apple says its new logon tech is as easy as passwords but far more secure (Cnet) Tesla begins deliveries of its new Model S Plaid (CNBC) Apple Hires Former BMW Executive for Its Rebooted Car Project (Bloomberg) Weekend Longreads Suggestions: The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact. (Double Pulsar) When ransomware strikes, this company helps victims make bitcoin payments (CNBC) APPLE ISN’T JUST A WALLED GARDEN, IT’S A CARRIER (The Verge) THE APP THAT MONETIZED DOING NOTHING (The Atlantic) Marcus Graham: Looking back on 10 years of Twitch’s experiment with livestreaming (Venture Beat) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Friday, June 11th, 2021. I'm Brian McCullough. Today, more hacking news. McDonald's, Electronic Arts, Lacei. Apple wants to do away with passwords. Elon Musk unveils the Model S Plaid, an interesting Apple car hire, and of course the weekend long read suggestions. Here's what you missed today in the world of tech. Well, what do you want for me? More high-profile hacks to tell you about, though, these seem to be. just run-of-the-mill data breaches, not ransomware attacks, as if that makes it better. McDonald's says hackers breached its operations in some markets, exposing some U.S.
Starting point is 00:01:17 business info and delivery customer data in South Korea and Taiwan, quoting CNBC. The Burger Chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system prompted by a specific incident in which the unauthorized access cut off a week after it was identified, McDonald's said. The investigators discovered that company data had been breached in markets, including the U.S., South Korea, and Taiwan, the company said. In a message to U.S. employees, McDonald's said the breach disclosed some business contact information for U.S. employees and franchisees, along with some information about restaurants such as seating capacity and the square footage of play areas. The company said no customer data was breached
Starting point is 00:02:03 in the U.S. and that the employee data exposed wasn't sensitive or personal. The company advised employees and franchisees to watch for phishing emails and to use discretion when asked for information. McDonald's said attackers stole customer emails, phone numbers, and addresses for delivery customers in South Korea and Taiwan. In Taiwan, hackers also stole employee information including names and contact information, McDonald's said. The company said the number of files exposed was small without disclosing the number of people affected. The breach didn't include customer payment information, McDonald's said, end quote. Meanwhile, EA, what I still think of as electronic arts, the video game maker,
Starting point is 00:02:46 confirms that it has suffered a data breach after hackers claim they have 780 gigabytes of data, including the source code for FIFA 21, and the Frostbite Engine, quoting motherboard. You have full capability of exploiting on all EA services. The hackers claimed in various posts on underground hacking forums viewed by motherboard, a source with access to the forum, some of which are locked from private view, provided motherboard with screenshots of the messages. In those forum posts, the hackers said they had taken the source code for FIFA 21, as well as code for its matchmaking servers.
Starting point is 00:03:21 The hackers also said they obtained source code and tools for the Frostbite engine, which powers a number of EA games, including Battlefield. field. Other stolen information includes proprietary EA frameworks and software development kits, bundles of code that can make game development more streamlined. In all, the hackers said they have 780 gigabytes of data and are advertising it for sale in various underground hacking forum posts viewed by motherboard, end quote. Not only that, these hackers seem to be bragging about their coup, claiming they used stolen cookies, bought online for as little as 10 bucks, to gain access to EA's internal Slack and then tricked IT support into giving them login tokens for EA's network.
Starting point is 00:04:03 Quoting motherboard again. A representative for the hackers told motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA's Slack using the stolen cookie. Once inside the chat, we messaged IT support members. We explained to them we lost our phone at a party last night, the representative said. The hackers then requested a multi-factor authentication token from EA IT support to gain access to EA's corporate network. The representative said this
Starting point is 00:04:41 was successful two times. Once inside EA's network, the hackers found a service for EA developers for compiling games. They successfully logged in and created a virtual machine, giving them more visibility into the network and then accessed one more service and downloaded game source code, end quote. Somewhat related to that. At WWDC this week, Apple has demoed pass keys which would allow users to set up accounts with just face ID or touch ID, thereby joining Microsoft and Google in advocating for a passwordless future, quoting CNET.
Starting point is 00:05:21 To set up an account on a website or app using a pass key, you first choose a username for the new account, then use face ID or touch ID to confirm that it's really you who's using the device. You don't ever pick a password. Your device handles generation and storage of the pass key, which ICloud keychain synchronizes across all your Apple devices. To use the pass key for authentication later, you'll be prompted to confirm your username and verify yourself with face ID or touch ID. Developers must update their login procedures to support pass keys, but it's an adaptation of the existing web-awthon technology. Because it's just a single tap to sign in, it's simultaneously easier, faster, and more secure
Starting point is 00:06:01 than almost all common forms of authentication today. Garrett Davidson and Apple Authentication Experience Engineer said Wednesday at the company's annual WWDC Developer Conference. Pass keys are the latest example of growing interest in passwordless login technology. That's designed to be more secure than the list of passwords you've taped to the side of your monitor. Conventional passwords are plagued with security shortcomings, chiefly our inability to create and remember unique ones. That's why Apple, along with Microsoft, Google and other companies are working
Starting point is 00:06:30 to come up with alternatives. The single most common security vulnerability today is still bad passwords, Jen Fitzpatrick, Senior Vice President of Core Systems at Google said at the Google I.O. Developer Conference in May, quote, ultimately we're on a mission to create a password-free future, end quote. The new Tesla Model S. Plaid is here, unveiled by Elon Musk at an event last night. This is the high-performance version of Tesla's flagship sedan, and Musk hails it as the quickest production car ever made. Quoting CNBC, Musk made his entrance on Thursday by driving a Model S-plad around the Tesla test track and onto the stage before stepping out to cheers of select customers and fans invited to the event. Previously, Musk had promised the long-anticipated Tesla Model S-plad would deliver acceleration from zero to 60 miles per hour in under two seconds, and he crowed about breaking. the two-second barrier repeatedly on Thursday. Musk said the new Model S would be, quote,
Starting point is 00:07:34 faster than Porsche, but safer than Volvo. But he also caveated some of his own sweeping safety claims by noting that the NHTSA has not yet rated the Model S plaid for safety. We're in production and going to deliver the first 25 cars now and then basically should be at several hundred cars per week soon and 1,000 cars per week next quarter, Musk said. According to Tesla's website, the Trimotor All-Wield Drive Model S Plaid produces 1,020 horsepower, features a battery with an estimated EPA-rated range of up to 390 miles and can hit a top speed of 200 miles per hour if equipped with the proper wheels and tires. Those won't be available until the fall, according to the fine print on the site. The four-door sedan includes a steering yoke rather than a
Starting point is 00:08:20 traditional steering wheel, a 17-inch center touchscreen display, and separate 8-inch display in the rear for passengers' entertainment, charging ports in the front and rear that can charge laptops and other mobile devices, and processing power that the company says puts its systems on par with modern gaming consoles like the PlayStation 5, end quote. And again, somewhat related to that, just leaving this here, Apple has hired Ulrich Krantz, who ran the development teams for the BMW I.M.W. I-3 and I-8, and co-founded self-driving electric vehicle startup Canoe, quoting Bloomberg. Krantz is one of Apple's most significant automotive hires, a clear sign that the iPhone maker is
Starting point is 00:09:08 determined to build a self-driving electric car to rival Tesla and other carmakers. Krantz will report to Doug Field, who led development of Tesla's mass market Model 3, and now runs Apple's car project, said the people who requested anonymity to discuss a private matter. Following successful stints at BMW's mini-division and teams working on sports cars and SUVs, Krantz was asked to run Project 1, a battery-powered vehicle skunkworks, started in 2008. It yielded the all-electric I-3 compact and the plug-in hybrid I-8 sports car. The former was panned by design critics and production was very limited on the latter. Krantz left BMW in 2016 and soon became chief technology officer at Faraday Future,
Starting point is 00:09:50 an electric vehicle startup based in Los Angeles. He stayed only three months before co-founding Canoe. Both firms have struggled with their technology and ability to produce vehicles, while Canoe reportedly discussed selling itself to Apple and other companies. Canoe went public in December after a reverse merger with a special purpose acquisition company or spec called Hennessy Capital Acquisition. Canoe last month said it was being investigated by the U.S. Securities and Exchange Commission becoming the third Clean Energy Auto Startup to disclose a federal probe in the last year. Canoe plans to debut a minivan for less than $35,000 next year, end quote. Time for the weekend long read suggestions.
Starting point is 00:10:34 First up, security expert Kevin Beaumont has a long piece up that basically makes this point about our current situation with ransomware in double pulsar. The point being, this ransomware threat is becoming overwhelming. It is a battle with new rules, and it hasn't yet reached. peak impact. Uh-oh. Quote, what we are seeing currently is a predictable crisis which hasn't yet near peaked. I'm not sure people generally understand the situation yet. The turning circle to taking action is large. With this post, I hope to lay out the reality and some harsh truths people need to hear. I also want to state up front that I've seen some cybersecurity vendor
Starting point is 00:11:17 industry people beating themselves up about the situation. My take is this. Stop that. People have done amazing work over the years on this subject. And, incredible amounts of attacks are stopped due to said work. The reality is, however, the threat is becoming overwhelming and, I believe, in existential crisis for the security industry, and so their customers. We are stuck in a self-eating circle, and it's time to ask for help, end quote. CNBC has another story about the entrepreneurial angle to all of this, even beyond the, you know, actually becoming a hacker. Digital Mint is a full-service crypto broker that helps victims pay ransoms to ransomware hackers. Quote, we're at the end of the process, says Mark
Starting point is 00:12:02 Grenz, co-founder and president of Digital Mint. We're the hired specialists after the forensic consultants, the company, and stakeholders have all made the determination. They've exhausted all their options and that paying the ransom from an economic perspective is the best way to move forward. That's when they come to companies like us in order to help them acquire crypto at any time of day or night, Grins told CNBC. In the space of 30 to 60 minutes from initial contact, Digital Mint is able to make the ransomware payment for the victim. This includes vetting the hacker to make sure they aren't tied to a U.S. sanctioned country and going on the open market, order books, and exchanges to acquire the cryptocurrency needed to pay the ransom. The company says
Starting point is 00:12:42 that 90 to 95 percent of ransoms are paid in Bitcoin, but Monero is an increasingly popular option. Minero is considered more of a privacy token and allows cybercriminals greater freedom from some of the tracking tools and mechanisms that the Bitcoin blockchain brings. Since January 2020, Digital Mint says it has facilitated more than $100 million in ransomware settlements with a median payment of $800,000. Last year, crypto ransomware payments overall more than quadrupled from 2019 levels to $350 million, according to chain analysis. But Digital Mint told CNBC that figure is likely understated.
Starting point is 00:13:20 Grenz believes the true number is closer to $1 billion, end quote. Next, if you listened to the debate Chris and I had on the Twitter space this week about the historical context of putting apps on phones and how it was back in the days before the iPhone, consider this piece by Dieter Bone in the Verge. He argues that Apple is now the equivalent of those carriers back in the bad old days of carriers dictating what could be done on their hardware. It's the return of the angry god of annual revenue per user, quoting Dieter. Lots of people hate taxes, but they are meant to pay for valuable shared infrastructure. But then again, maybe Apple already covered those costs by selling iPhones.
Starting point is 00:14:03 So the Apple tax is egregiously high. Or if you prefer, a different metaphor with legal overtones, maybe it's rent-seeking. Something about calling Apple's cut a tax strikes me as a little over the top, the 2021 equivalent of spelling Microsoft with a dollar sign in place of the S. Carriers have forced pre-installed crapware on phones since the beginning of apps on phones well before the iPhone. Examples are too numerous to count, but I'm talking about more than just pre-installed Candy Crush-style games. Users have always been encouraged by the design of a phone and the restrictions placed on
Starting point is 00:14:36 the networks themselves to do things that make the carriers more money. I admit it's not fair to say Apple is as bad today as the carriers were back in the day when it comes to squeezing dollars out of users or developers, nor is it fair to argue that Apple's forays into content with TV Plus are the equivalent of AT&T's flailing efforts at merging a TV network with a cellular network. It's not fair, but the tune sounds familiar because the parallels strike a chord, and the bitter harmony that I hear is the stifling of innovation to maximize profit, end quote. The Atlantic has a profile of Calm, the meditation app that is seemingly the leader
Starting point is 00:15:12 in the mindfulness app space, quote, it is a very modern success story and a somewhat paradoxical one. Calm is a young San Francisco company selling a centuries old spiritual practice, a smartphone app that purports to undo the anxieties of the smartphone age, and a venture-funded startup that has managed to monetize sitting and doing nothing. Getting people to chill the fuck out amid the thousands of crises racking our modern world is apparently worth billions. Acton Smith and two seem to wear these contradictions lately. For them, calm is a service. It is a tool, a way to shepherd people who might be intimidated by meditation into the practice. It's also a brand, one that may soon have a toehold in everyday corners
Starting point is 00:15:55 of our anxious modern lives. But really, how much can an app do, end quote? And finally today, one of my favorite types of pieces, as you're well aware, Twitch is turning 10 years old, so Venture Beat looks back at the company that not only created a genre, but also led the way for modern creative economy things like tipping, getting creators paid. Quote, at any given moment, two and a half million people are tuning in to Twitch. On average, Twitch gets 30 million daily visitors up dramatically from 17.5 million at the start of 2020 before the pandemic. It turns out that people needed social contact during lockdown and the Twitch community watched over one trillion minutes in 2020, up from 600 billion minutes in 2019. Now more people are doing what Graham did for much of his career.
Starting point is 00:16:44 Over 7 million unique creators are streaming every month. I talked to him about the past decade on how Twitch has grown beyond games, how people have created brand new careers that never existed before, and how we are on the road to creating the leisure economy, where everybody will one day get paid to play games. Twitch has grown massively. 2020 had more than 86 times the viewership of 2011, and every month in 2021 thus far has surpassed
Starting point is 00:17:10 any months in 2020 or prior. Behind these hours watched is a massive community of creators with over 26 million channels going live in 2020 alone, end quote. So that's all for this week. No bonus content of any kind on any feed this weekend, taking a summer weekend off to enjoy the start of the euros. But we've got another Right Home Plus exclusive coming next weekend and another regular interview bonus episode coming at some point this month. Speaking of the Euros in my reading and podcast listening this week to prep and get hype for the tournament, really my favorite tournament, a little bit more than even the World Cup. This morning I learned about iron brew, or I guess probably and forgive me Scottish folks, iron brew, which is apparently an orange soft drink that has been popular in
Starting point is 00:18:14 Scotland for about a hundred years. As iconic as whiskey and as famous as haggis, Scotland's other national drink, according to the Scotsman. How is it that I am today years old and I just learned that iron brew exists? I've got a three-pack being delivered by Amazon tomorrow. We'll let you know how it tastes. Talk to you on Monday.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.