The Chaser Report - Optus say YES to Hacking | Craig Reucassel
Episode Date: September 26, 2022Craig joins Charles to find a flawless solution to Optus' massive user's hack. In true spirit of identity theft, Charles has stolen Craig's segment idea. If you are worried you have been hacked go to ...haveibeenpwned.com Yes that's their actual site name, I thought it was a joke too. Hosted on Acast. See acast.com/privacy for more information.
Transcript
Discussion (0)
The Chaser Report is recorded on Gatiguland.
Striving for mediocrity in a world of excellence, this is The Chaser Report.
Hello and welcome to The Chaser Report for Tuesday the 27th of September.
We're on Gatigoland today and we are here with Charles Firth.
That's me and Craig Roocastle.
Yeah, good to be here.
Craig.
Yes.
You know how you usually come in and as your quote-unquote segment, you do a Craig's flawless solution.
Yes, I do recall that.
Which it requires about three seconds of preparation.
That is a lie.
It's amazing how hard they are to come up with.
Yeah.
Well, you're in for a bit of a treat today because I am bringing to the table
Charles's flawless solution.
Wow, this is a great.
I look forward to seeing how this is structured.
Well, the good thing about this is it's an entirely new idea.
It's a fresh, it's a fresh take on things, yeah.
You might have heard over the weekend there was a bit of a sort of Optus little breach in security thing.
Yes.
And I must admit, I think I used to be an Optus customer, I am a little bit concerned about whether or not that replies to older customers.
No.
So apparently, as long as you're not a current customer, apparently you're pretty safe.
So there's lots of people who had recently stopped using Optus.
but we're still formerly customers.
And they've got all their stuff stolen.
But if you actually don't pay Optus money anymore,
then you probably have fairly...
It's good.
That's good news.
I don't think I pay Optus money.
I feel very safe, actually,
because I'm with the far safer person, Hogan.
The Russian guy.
Yeah, that's good.
I suppose he doesn't need to heck your data.
Exactly.
He's already got...
You just gave it to him willingly.
It's pre-hacked.
It's pre-hacked.
but so it's interesting that you would ask the question of you know can former customers
because that is my flawless solution to the optus thing which is to not be a customer of optus
oh that's very good right you know yes it feels like a uh charles's hindsight solutions
okay so look yeah there is there is a slight flaw in that particular plan so i so the
thing that the hackers are wanting is they want one million dollars right which is not a huge sum
of money for yeah yeah if you go to that trouble though are they having seen i've seen some
discussions online about how easy it was to get so you kind of go i reckon they're just feeling
guilty about how easy it was to get the time you can't charge more than a million bucks for this
because it was it was a couple of hours it was a couple of hours it's like 500,000 dollars an hour
it's a good payday it's like if you know you go we just we just robbed the biggest
bank and you go, wow, that's just amazing.
And go, well, yes and no, I mean, they just left the back door open to the safe.
So we just walked in and got it.
So the thing is, they won a million dollars.
Optus apparently is unwilling to pay this million dollars, right?
Now, remembering that this is a fact-
You can't give it to terrorists.
You can't give in, exactly.
Like, there's a completely legitimate reason why it would just be incentivising people
to go around the Optus website and find all the other security force.
But are clearly there.
But there are ways in which...
Optus.com security.floor.
Well, it was literally, it was caught...
The actual...
I've got here the details
because I read some on hacker news
how it all happened, right?
Yeah, you used to be it a bit of a hacker.
Yeah, I was a bit of a hacker.
And the URL that they used to find it,
it was just...
It was API...
Nobody write this down.
Because they might not have closed it.
it up yet but it was API which is you know the application programming
interface that that's the thing yes I definitely knew that I am also it's just
computer nerd API dot optus dot com. I you yes and it was just completely
open and no password needed you could just download 9.8 million customer
records anyway so and then the other great detail that is that after a while
the optus people like the people inside Optus started getting
notified that that API was getting a lot of hits to it.
But they didn't, it seems like they didn't shut it down.
They just, they're just like, oh, that's great.
Hits are up this week.
It's really popular.
That's right.
We're going to beat, you know, the Sydney Morning Herald in terms of site populated.
Anyway, I've got the email from the hackers who, who have sent on the dark web,
you can sort of sell your details.
So what you do when you steal lots of customers?
the data is you then provide little samples of the data so that people can verify whether
it is actually real stolen data or it's just a fraud thing and it would seem over the weekend
so a lot of people went out and tried to verify these things one of the security journalists
down in Melbourne actually his neighbor was in the 100 person sample oh wow and so he just went
over to the guy's house and said, is this your driver's license number? Is this your, is this your,
you know, date of birth? And the guy went, yeah, how do you know that? Optus leak. Oh, wow.
That's great. So you can really creep out your neighbors with this situation.
Hang a second. I just thought of something, you know, I know that you're meant to be coming
the flawless solution here, and you seem to not be doing that very much. You seem to be describing
what's happened in the problem, which is something I would never do in my seconds.
I bet. That is true. But I think we may have found a way that we
We can do this, though, because, you know, you said that the approach is to not become an Optus member, right?
You know, what about if we just got 50 people, 50 of us who we knew all the details,
like we just all got together and signed up to Optus, then we could send them a dark web thing saying,
we've got all your data, look at this, here are 50 names, and we just give them our own data.
Yes.
We don't have to steal it.
We don't have to be technical.
And then we...
I mean, it's probably just easier to steal it from them.
That's right.
Sounds like a lot of everything.
I want to just do something in two hours.
Exactly, yeah.
Probably it's easier to get 9.8 million data points than to sign up to Optus.
The Chaser Report, news you can't trust.
So here is my actual solution, my actual flawless solution, which is, I think,
seeing as Optus is unwilling and unlikely to pay the million dollars, but 9.8 million people
are going to have their intimate details
that allows people to open their bank accounts.
I really, I forgot that when I used to be an optimist customer
that I would have to put in my sexual preferences
when I signed up to optus.
Well, you know, what is the worst detail?
It actually has, like, licensed numbers.
It's got license numbers.
That's bad.
So it's got 100 points of ID.
They were storing all the 100 points of ID details.
Oh, good.
So your passport details, too.
So you can go.
You can go to any bank and open up an account.
So this will be 15% of Australians will now be,
have enough details that anyone can go and open up an account in their name.
That's extraordinary.
That is bad.
Can I, is there somewhere you can check whether your details are part of this?
Yeah, can you check?
There's a website called Have I Been Poned?
Now, that data set.
Is this put up biopters?
Because their slogan is yes
And poning is when you
But the thing is that because
That Optus data set still hasn't been sold by the hackers
It's not part of that website yet
So you can only find out afterwards
You can only find out
Like if Optus doesn't pay in the next few days
That will then become something where they start selling it off
And very quickly that data will end up on
Have I been pones
Oh that's useful
Or a series full.
And then Optus can get it back.
And then Optus can get it back.
The one thing that you should have received by now,
if you are an Optus customer and you have been part of the breach,
you should have received an email asking them for some more details so they can investigate.
Yeah, yeah.
You should have received an email asking for $1 so that they can pay this giant ransom.
Well, that's my solution, which is everyone should chip in.
Everyone who's affected should chip in nine,
I think I worked it out as 98 cents.
That 10 cents.
Is it a million dollars?
To 9.8 cents, I think.
It's about 10.2 cents.
So it'll round it up to 11 cents.
And then we can.
But the point is, Optus isn't going to collect 10 cents on behalf of every customer.
Well, what you're saying is we have to get 11 cents of everybody to get to actually stop this data being spread.
To do that, though, we have to pay a million dollars to these people to get the data.
all the people we've got to contact to get the 11 cents.
No, because people, people know whether they're an Optus customer crate.
This is the thing.
So you're just asking me to walk around, ask if I can look at everyone's phone.
So the thing is, I think that the chaser, being the good citizens, should organize
this fundraising campaign.
Uh-huh, okay.
So we set up a GoFundMe.
Mm-hmm.
We say, we're going to raise a million dollars for, if you're an Optus customer, give us 10 cents.
Yep.
And we promise, we promise, we promise.
We'll buy that data from the hackers and shut the whole thing down.
And there's nothing else with it.
Yeah.
Yeah, exactly.
That's good.
I mean, I like that.
I think it's very flawless solution.
And it's interesting because for a second there, I thought I sensed a flaw,
but then you said, Chase it as a good corporate citizen.
And I was like, oh, no, yeah, that's true.
We're definitely very trustworthy, and everyone would trust us to do that.
And also really organized and we'd definitely follow through with it.
So I can't see any.
You're much better at this than I was, Charles.
Yeah, I think I've got the solution.
So, look, if you are opt-us customer, then, I don't know, send it.
Well, you can send it to our PayPal.
That's probably the easiest.
I mean, you should probably round it up for the admin involved.
Yeah, let's make it a dollar.
Yes, me.
What do you say?
Do you say it was 9.8 million people's data?
Yeah, yeah, yeah.
Surely 9.8 million people in Australia.
Yeah, no, but so that's the total number of people.
But not everyone had all their 100 points of ID leak.
Some people were just like their date of birth and their maiden name.
Have nine point?
I have nearly like nearly half of the Australian population at some point
who made the mistake of using Optus.
I know this is the thing.
And the thing is that whenever you try and ring, you know,
your family and friends to tell them that you've been part of this Optus league,
you can't get any reception.
Sorry, I can't hear you.
What are you saying?
I'm sorry, I literally.
Looking at my phone now, I'm trying to figure out if I'm the Optus Network.
No, but your data is protected by Kogan, even if you are on Optus.
That's right.
My daughter's in Russia.
You know that my, I'm lucky.
I live in Glebe, which is in the inner city of Sydney, right?
And Optus doesn't even have any reception in my house at all.
Like, I, there was no possibility that I would ever be an opt-scussed about because,
because the, that distant outback region of Glebe in Sydney is, is just,
just too far out for opters.
And therefore you were hackproof.
I'm hackproof.
Who are you with?
Which network you're with?
It's called Vodafone.
I'm just going to check API.
Dotvotephone.com.
You see Charles Henry Bergman.
Here it is.
You've got all my intimate details.
Yeah, I do.
God.
That's your favourite sexual position.
That's strange.
Again, why do they ask these questions?
Isn't everyone's missionary?
Now, Craig, can you join us again tomorrow?
This was very fun.
Yeah, I definitely, definitely.
Because I have a question to ask you.
I'll ask you tomorrow.
It's about your face.
What?
I'll ask you tomorrow.
Okay.
Our gear is from Road, and we're part of the ACASC creator network.
And I might just say we're going to do,
because I think this episode went so well.
Craig's obviously going to ask me about my face
but also the other thing
we're going to have another Charles is full of a solution
Oh great
Unless we end up in court before that
Unless we end up in court before that