Hotline Hacked Vol. 7
TL;DRA caller in Brisbane confessed to using admin/1234 to access a former employer's email server years after leaving. A second caller accidentally DDoS'd a marketing company's network by triggering 20,000 Google SERP pings every five minutes…
A collection of calls, including an extremely wholesome story about a hacked internet contest and an electric guitar that changed a caller's life.
Transcript
Machine-generated transcript; may contain errors.
Speaker 1: Thank you for calling Hotline Hacked. Share your strange tale of technology, true hack, or computer confession after the beep.
Speaker 2: Hey, guys. Love the podcast. My name's Adam. I'm in Brisbane, Australia. No need to make my voice anonymous or anything like that. Of course, you're welcome to make it sound better and less nasally, perhaps.
Speaker 3: Hey. Nasal empowerment. I'm there with you, brother.
Speaker 4: A member of the community. It's a small community. Small community, but it's proud.
Speaker 5: My nose has been broken thirteen times. I don't know what your excuse is, but you are part of my community.
Speaker 4: 13 times. We're gonna address that later.
Speaker 2: Otherwise, I don't think too many people will come after me after this confession. First off, love the podcast. Love everything that you guys do. I've been a regular listener now for a number of years. Definitely in my top two of cybersecurity podcasts. So, yeah, it's great. I love it. So this story is for Hotline Hacked. Just some quick background. I worked at a fairly medium to large business, nationwide here in Australia. They had offices scattered in all capital cities. So we're talking twenty five years ago, early two thousands. I was, you know, just a spring chicken at the time. I just, organically found myself being good at IT and just ended up on their national IT help desk helping out the, the IT guys in in Sydney from time to time. As part of that, they gave me, full admin access to their email service so I could help, you know, reset passwords and troubleshoot and things like that. So, yeah, it was just a really basic pop three IMAP kinda deal. So, anyway, eventually, I left that organization, and, my girlfriend at the time, she also works there, and we both left around the same time. And, while working there, we, I guess, you know, we, were curious as to what was going on after we left because this was, a few years before Facebook, and we didn't really have any contact anymore with anyone that was still working there. And over the time, we'd made a few friendships, I guess. So, you know, I guess we could have picked up the phone and called them to see how things were going, but we chose the the lazy way and would still log in to my admin account to check people's emails just to see what was going on. As I said, it was pop three. So usually of an evening, I could still see emails that were sitting in inboxes waiting to download sales, you know, able to pretty much access anyone in the organization's emails to see what was happening. So that was fun for a little while, and, it kept us intrigued for, I guess, a few months until my account was eventually disabled. So that was that. We moved on, but then, sometime later, my my girlfriend, calls out, and she goes, hey. I'm back into the emails. And I'm like, what what's going on? And she, she said, oh, I'll just put in admin as the username and
Speaker 6: password 1234. So that old chestnut got us back in.
Speaker 2: I thought it was quite funny because my girlfriend was completely, computer illiterate. She has very little interest in anything related to cyber, so I guess you could say that, these guys were compromised by really a very, entry level hacker, maybe. I don't know. But that's my little story. The old admin one two three four. Anyway, I can't remember what happened. I think we just got bored of it, and who knows how long that password combination in hindsight, we probably should have let them know, but, you know, we'll be young and stupid. Thanks, guys. See you later.
Speaker 5: The old password 1234Trick.
Speaker 4: The old admin as username. Welcome to Hotline Hacked. It's a call in show where you can share your strange tale of technology, true hack, or compute computer confession. It can be recent. It can be from twenty five years ago when you were just a spring chicken.
Speaker 5: It can be from, like, forty years ago.
Speaker 7: Yes.
Speaker 5: Because the person I think it was two episodes ago, maybe up to hack Colin, hack four. Yeah. The person who did the inductive coupler in Switzerland and, like, hacked into, like, the old, like, dial in servers and stuff
Speaker 6: Mhmm.
Speaker 5: Actually did reach out and told us his history, and he did end up with a long and successful and continuous career in tech. Truly.
Speaker 4: Because I think we speculate during that call, like, wow. What a career this person probably went on to have based on how, kinda clever they were during the anecdote. And indeed, they did. Like, on tell German television, I think, for doing hacker stuff.
Speaker 5: Mhmm.
Speaker 4: Like, had a a very interesting career that they're, not quite wrapped up yet, but I think if Bitcoin reaches six digits is what they said that they'll be a Yeah. They'll they'll call it in.
Speaker 5: It took a took a hard transition from, like, fintech and financial management and the banking industry to the obvious out to crypto. And, yeah, he's he's he's hoping on a 6 figure Bitcoin price, and I'm sure there's a lot of the other people that are too. But so for him, I hope it gets there. You know, I'll put a put aside my cynicism and say, good for you. You earned it. I hope you get it.
Speaker 4: So what I'm curious about is in the intervening years since this story, if the caller's girlfriend who was then just an entry level hacker, has since gone on to have a Bitcoin fueled professional hacker career as well. Maybe that admin plus pastor 1234 really sparked something. I read the thing I the thing that I really liked about this was the, we were curious about the company. Yes. We could have picked in the up the phone, but we went with their easier option. Like, that you just decided, like, we're just gonna hack back into all their emails versus, like, calling up Steve in accounting and seeing how it's been going.
Speaker 5: I'm gonna make a movie reference here, which is not something I often do. But, like, have you ever seen the movie Lair Cake?
Speaker 4: Oh. It's like a
Speaker 5: Daniel Craig movie.
Speaker 4: Yeah. I remember that. I feel like that movie is why he got cast as James Bond because he Yeah. It's like pre James Bond, and you're like, man, this guy could play James Bond.
Speaker 5: But there's a scene in it where it's kind of doing his character introduction, and he's like, you know, I'm a drug dealer, but, like, I pose as like a real estate broker. And, it's like, you know, everybody wants to know what's on the other side of a door marked private. And it's just like a thing about mankind of, like, you know, how we can't help ourselves. But, like, if I'm not allowed to be
Speaker 3: in there, I wanna be in there.
Speaker 5: And that this is exactly this. I have the access. It's not really adding any value to my life, But for some reason, I'm using that access to learn little bits of information that I shouldn't have had.
Speaker 4: Well, because it's also compelling too. It's like an old workplace. You're not there anymore. It's been years. But there's probably people that you're curious about and, like, dramas that you wanna know how they respond
Speaker 5: to it. Meetings that you had.
Speaker 4: Totally. Like, you just wanna kinda know. So maybe maybe try
Speaker 5: and catch up on what's going on in their life. Or you just hack another call in their email server and read their emails. Same. Same.
Speaker 4: Yeah. Exactly. I also like that twenty five years ago, this caller was able to kind of, like obviously, like, they they have some technical knowledge, but they were able to kind of just, like, I was just really good at computer stuff. So, anyway, I'm sitting on the national IT help desk, and it's like, wow. That worked differently back then. They said it was a POP three IMAP kind of deal. For anyone that doesn't know, what's what's that?
Speaker 5: Yeah. So when I was listening to this, the the first thing that really stood out to me was that, like, I hadn't heard the acronym pop or pop three for mail in so long because it's essentially a dead protocol. Like, I don't know if you you might not be old enough, but pop three used to be, like, my email client would go to the server and get the emails, and then they were no longer on the server. And if I deleted them locally off my email client, they were gone forever. IMAP was the first protocol that was like, we keep an archive or, like, your mailbox stays on the server, and then you keep a sync of it locally. I completely forgot about the nightmare that was pop email. And the second he said it, like, triggered me. And all of a sudden, I was having these, like, flashbacks being, like, accidentally deleting something or, like, losing a laptop or a hard drive corrupting and just losing all your emails. And I was like, oh, god. Remember those days?
Speaker 4: It's the computer equivalent of, like, LSD stays in your body for a decade, and it can show back up at any time. You can have a sort of, like, flashback acid trip except it is for pop three and remembering that there was a type of email delivery that's not stored back redundantly on the server.
Speaker 5: I also feel like PTSD.
Speaker 4: PTSD. That feels like that feels conspicuously like you could sell that as a service today. Like, that there's, like, a type of email where it's, like mode? Like, vanish mode. Like Vanished mode. You could just revert fifteen years to a much older standard, and you're, like, $4.99 a month.
Speaker 5: Hey. Like, let's just follow let's just pull that thing. Like, what did Microsoft pay for Slack? Because Slack is just IRC chats put into a fancy look and called a corporate communications tool. It it's still like, I guarantee that if you took the source code for Slack, it still has the pro like, I bet a lot of the base Mhmm. Code is still the open source IRC code because you use hashtags for channels. You use, like, ads for people. Like, everything's still the same. And I'm looking at my Slack window right now being, like, I pay so much money a month for corporate Slack when it's really just a private IRC server.
Speaker 4: I like this idea. The thing I've been really enjoying about Hotline Hacked is that a lot of the calls naturally are gonna bias to being older. Like, they happened in the past because those are the types of calls that people are willing to share publicly. This happened fifteen years ago. Who cares if I share it is sort of like the the crux of it. But I'm also getting a glimpse into all of this cool old tech that I was wasn't really either around for or wasn't really paying attention to at the time. And I really like this idea that you could
Speaker 5: just,
Speaker 4: like, resurrect an old standard and being like, dear sharks, this is this is my new business idea.
Speaker 5: It's like vanish mode Yeah. But for email. Exactly. It's pretty good. And we'll be, like, okay. Okay.
Speaker 4: Okay. It's called Pop three.
Speaker 3: It's very good. Yeah. Yeah.
Speaker 5: No. No. You gotta give it a new name.
Speaker 6: It's called
Speaker 5: Pop three. Became Slack. You can
Speaker 6: call this,
Speaker 5: like Right. You have to give it some fancy marketing name so that when Microsoft gives you a billion dollars for it, that you're like you know?
Speaker 4: Yeah. I think Vanish Vanish is pretty good. We'll workshop it later. It'll be fine. We'll hire an extremely expensive, branding agency or something to help us name it.
Speaker 5: Yeah. I just I just had a memory. Salesforce bought Slack, not Microsoft. So ignore all of that Microsoft conversation. It was Salesforce that bought Slack.
Speaker 4: Well, they'll buy POP three from us, and we'll, we'll see you on the island.
Speaker 5: We'll see you see you on the with all the rest of the crypto billionaires. Exactly.
Speaker 4: See you
Speaker 6: see you
Speaker 5: on the crypto island. But yeah. Welcome to Hotline Hacks.
Speaker 6: Yeah.
Speaker 5: Jordan already introed us, but, love being back. And, it's all because of our wonderful sponsor
Speaker 4: Mhmm.
Speaker 5: DeleteMe. Mhmm.
Speaker 4: And,
Speaker 5: you know, DeleteMe offers a kind of a privacy service to help cleanse your personal information out of certain data brokers, but we could talk a bit a bit more about that later. But just, big thank you to them for making the show, the hotline hack series possible. And yeah. Ain't it the truth? Ain't it the truth? Should I kick to the next one?
Speaker 4: I think you're kicking on down to the next one.
Speaker 8: Hey, guys. Love the show. The story of Mike and Ravi reminded me of a time I broke the Internet for a relatively well known mid sized marketing company. I wasn't even working for said marketing company. I was working for a tiny start up renting office space and, importantly, bandwidth from the marketing company. People who work in tech may not realize how heavily start ups will lean on Google Sheets for their entire tech stack. It's slow as hell, full of security vulnerabilities, and most relevant to our purposes, extremely easy to break, but it is free and very accessible. Database administration capabilities might be in short supply, but you can move data between large Google spreadsheets with a five minute YouTube videos worth of Google Apps script, which is basically just JavaScript. Such was the case with this tiny start up. Our entire tech stack was a Frankensteinian labyrinth of Google Sheets collecting, analyzing, transforming, and storing data with Google Apps Script.
Speaker 5: Big ups for Frankensteinian labyrinth. Yeah. AI voice conversion really lands for me.
Speaker 4: It's really nice when someone with a way with words plugs them into an AI. It's a Frankensteinian Labyrinth. You're like, oh.
Speaker 8: One of the tables who stored information about press releases we were generating for our clients, One of the properties we wanted to report on was whether or not Google had indexed the live URL of a published press release. That's easy enough to figure out, but not programmatically at scale. Being the plucky go getter that I was, I attempted to solve this problem. I learned that if you create a function in Google Apps Script, it is available to use in a cell formula inside Google Sheets. I wrote a function which I thought could scrape Google's SERP to test for whether or not the press release URL had been picked up. I then loaded the formula in the Google Sheet, similar to how it would work in Excel, and copied it down all 20,000 rows, feeling very proud of myself. What I didn't know is that, first of all, Google is pretty protective of programmatic scraping of their SERPs, so I wasn't even getting the information I thought I was. More importantly, I didn't realize that Google Sheets refreshes every five minutes or so, which means our Franken database was pinging Google's servers 20,000 or so times every five minutes. Not only did that clog the network with traffic, effectively dosing the entire building from the inside, but we found out that Google banned our IP address, shutting down our access to all Google services. In a digital marketing company, They called in someone much smarter than me, and they managed to fix it by the following day. I now know proper SQL.
Speaker 5: Dosing. They dosed us. We dosed them. I like that. I'm gonna keep calling it dossing and start calling it dosing. Yeah.
Speaker 2: It kind of feels
Speaker 4: right. Internet. You dosed them a little bit. Like, it feels like it's an attack. It's, like, not a thing you wanna have happen to you. Yeah. Okay.
Speaker 5: A dose of the labyrinth. A dose of the
Speaker 4: Frankenstein labyrinth because you ping to Google servers 20,000 times every five minutes, and Google went not on our fucking watch and just shut everything down.
Speaker 5: Literally.
Speaker 4: Okay. So working for a midsize marketing company Mhmm. Was not. He's working in the office of a midsize marketing company for a start up. But for some
Speaker 5: reason sounded sounded like he was doing marketing related communications, press releases. Like, he was in a a tech space of marketing for sure. Okay.
Speaker 4: And for some one
Speaker 5: of those, like, we own an agency and we have a tech idea, and now we have a startup inside of our office kind of vibe. So that's what I'm picking up.
Speaker 4: Yeah. Because he had access to their, like, their databases and was clearly been tasked with moving things around inside of those databases. And in this case, trying to figure out whether Google had indexed the live URL that was sent out in a press release, was what this caller was trying to do. Right?
Speaker 5: Mhmm. Mhmm.
Speaker 4: Okay.
Speaker 5: SERP SERP like search engine results. So just trying to see if it was in the if a robot had indexed it.
Speaker 4: Got it.
Speaker 5: Be a bunch of other ways to get it.
Speaker 4: But Okay. And so they create this created a Google function created a function inside of Sheets Mhmm. That they put into a cell Mhmm. In which had 20,000 rows in it. Am I understanding that correctly?
Speaker 5: I if you and I have the same understanding, so if we're not understanding it, then we're both we're both off the page.
Speaker 4: Then we're both missing it. They loaded it in, and then apparent so help me understand this. They run this, and it runs this little scraping check thing 20,000 times? Like, what happened then? That's where it gets pulled
Speaker 5: out. Yeah. Sure. So it sounds like they defined the function in the, like, sheet itself. So it's like a global function, we'll call it, for people that program. And once they embedded it in a cell, essentially, anytime you load the sheet up, open it up, make changes, like, do anything massive, anything that causes the cells to recompute would immediately mean that every cell that has a call to that function would get called again. So and because the function's not like, you know, is there three decimal places afterwards? If not, then sealing the third one and round it or something like that. Like, it's not some basic function that's, like, easy and quick to compute, but it's like, create a socket to the Internet.
Speaker 4: There it is.
Speaker 2: Go out
Speaker 5: and get this piece of data. Parse the return. Do all this stuff. It's like it's a it's a a tangible task for each one of those function calls. So every time the page gets refreshed or changed or needs to recompute, boom. It triggers 20,000 of these massive functions.
Speaker 4: And importantly, whatever that function was, it pings Google servers. If this is happening locally on their system, no one gives a crap, but it's calling to Google servers. So they go, who the heck is calling us 20,000 times every five minutes? Shut it down.
Speaker 5: Yeah. The the funny thing is I can't believe like, that actually seems like such a low amount of traffic that I I'm surprised that Google would actually have caught that. Like, if you think about Google's traffic, 20,000 active connections is, like, nothing.
Speaker 4: Every second we're talking, there's an order of magnitude more
Speaker 5: of that.
Speaker 4: But maybe one spreadsheet doing it, they're like, don't just stop it.
Speaker 5: It's probably it's probably related to they probably have, like, an anti scraping system in place. And it was like they it triggered some form of detection that automatically hot flagged them and stopped it. So yeah. Yeah. I, Google Sheets, powerful, but also chaotic. Actually, the whole Google platform, love it to death. Use it all the time.
Speaker 4: Yep.
Speaker 5: But can constantly have problems in it.
Speaker 4: So we have so much to talk about on the next chatty chat. There's been so much stuff with Google lately, but we'll we'll save this for the next one.
Speaker 5: Oh, Wow. So we could we could just touch into that just a hair, just for fun. Just just to put toe in. When Jordan and I were in Vegas for Defcon was when the FTC and, like, all that stuff started with Google. Like and we were actually just hanging out chatting with somebody in line at one of the talks who was a Google employee. Right? Yeah. There you go. I remember.
Speaker 4: And he
Speaker 5: was like, yeah. We we all got an email this morning being like, don't talk about this. Don't say anything to anybody.
Speaker 4: And we're standing there wearing our big press badges being like, k. Just like, pointing at them being like, you know that we're, like,
Speaker 5: look. Yeah.
Speaker 4: Look. Like Yeah. We're not hiding anything. There's no room of people I want to deceive about being a member of the press less than any than any room at Defcon.
Speaker 5: Yeah. Exactly. So, anyway, that that that's that's the teaser for that discussion is that we we were we were in at Defcon when that stuff all, like, got announced. The funny thing for me is and this is just a complete aside, but if you're a listener to the show, you're used to this, is Google stock didn't take a beating from that for, like, a week after. Like, it was public knowledge that the FTC was going after them for, like, monopolistic enterprise stuff. And literally, one of the first things I did was check the share price on Monday, and it was, like, going up. And then and then in the financial news, it broke on, like, the Thursday that this was happening. And then all of a sudden, the stock got pumped. And I was like, how did the financial news be, like, five or six days behind, like, the real news? So, anyway, a weird aside, but that actually happened.
Speaker 4: I'm so intrigued by the story because we did that whole big episode about Chrome and its connection to advertising and whether or not there's cross pollination because that's there's not supposed to be. And now the DOJ is telling Google to sell Chrome. Next chatty chat.
Speaker 5: I don't know.
Speaker 4: Yeah. Next chatty chat.
Speaker 5: Because I I
Speaker 6: We got takes.
Speaker 5: I got takes. I got hot takes. I think the Chrome is a sacrificial lamb.
Speaker 4: I think it's a negotiating tactic. I think it's it too. That's my take. Yeah. I
Speaker 5: think they're just like, you know what? We gotta give you something, so we're gonna give you Chrome. And and this is like, we're not gonna break up the display ads and the network and the search and the whole pool that is our perspective monopoly. Mhmm. But we'll give you Chrome, like, our not for profit essentially free use product that, like, we'll sell this.
Speaker 4: That they already white label out to most other browsers on the Internet. Like, I think, there's a world I know that there's a push also for the search platform to be functionally white labeled. Like, it is this course. It's this, like, flywheel argument that we've now reached a point where it is impossible for another party to enter the, like, ecosystem regardless of funds because the traffic is simply all in Google, and any competing product will just be worse because of that lack of, product. So to me saying, like, we need you to sell off your browser is like, well, do they want that more or less than having to white label their own search technology? Like
Speaker 5: Totally.
Speaker 4: It's not about what's it it it is definitely a, like, monopolistic consumer protection argument, but it's also a negotiation. And I don't know I'm trying to figure out who wants what. Yeah.
Speaker 5: Yeah. Completely agree. Think that we should stop this.
Speaker 4: Yeah. Back to the hotline.
Speaker 5: This digression that I created. Let's
Speaker 4: go back
Speaker 5: to the comments. No. Let's talk about how much of your personal information is available on the Internet for anyone to see. It's more than you think. And our sponsor of today's show in the hotline hack series, DeleteMe, is here to help. Your name, contact info, social security number, home address, even information about your family members and children has all been compiled by data brokers and is sold online to pretty much anybody. So anybody on the web can buy your private details leads to identity theft helps with phishing attempts unwanted spam calls personal experience my mother-in-law got defrauded by somebody who had personal information on her and her family, and they lost thousands of dollars. True story. And she's an avid listener to the show. Love you. Sorry. I had to bring that up for you.
Speaker 2: Oh. So yeah.
Speaker 5: Now you can protect your privacy with DeleteMe.
Speaker 4: I was gonna make a whole bit about how I was buying your personal information prior to you using DeleteMe, but now it seems uncouth. That sucks. As people who exist on the Internet and for people that don't exist publicly on the Internet, safety and security is a pretty big concern if you use the Internet. It's really easy to find personal information about people online. All that data is just hanging out on the web and have real consequences in the real world as we all know, and in some cases have unfortunately experienced. That is why we personally recommend use and choose DeleteMe.
Speaker 5: Mhmm. It's a subscription service. This is something that I find as much as subscriptions are a point of contention and and a and a discussion, this is one that I actually like because it runs consistently. It's not like they do one sweep of the Internet. You give them their $19 or whatever, and it's done. They're constantly monitoring the data sources, looking for your information, and and and and requesting its removal in real time. So for me, that's a huge value.
Speaker 4: So you sign up. You tell them exactly what you want deleted. Their experts kinda they go off. They take it from there. And they send you regular personalized privacy reports showing you what they found. It's weird to get these email. It's like, it's very cool to see the things they're digging up, where they found it, and what they're removing. Put it simply, they're doing the hard work of wiping you and your family's personal information from data brokered websites.
Speaker 5: So take control of your data and keep your private life private by signing up for DeleteMe. Now at a special discount for all hacked listeners, today you can get 20% off your DeleteMe plan by going to join deleteme.com/hacked and use the promo code hacked at checkout.
Speaker 4: The only way to get 20% off is to go to joindeleteme.com/hacked and enter the code word hacked at checkout. Hotline Hacked, is coming to you monthly because of DeleteMe. We think they're a cool company, a cool service. You should definitely check it out. That's joindeleteme.com. Code word hacked.
Speaker 5: Now back to the show. Back to it. The, one one other thing that I think we should hit on is, you know, while we're in digression land here, like, let's not stop, is you sent me the email that came into the Hotline Hacked account about the dynamic ad insertions. Do you remember sending this to me? You put a screenshot in with the audio files. So apparently, we were in in the last Hotline Hacked, we were having a conversation about, like, cars moving to a subscription model for functionality and stuff. And apparently, somebody out there in the world got served an ad for a Lexus car with a subscription service for some of its functionality, like, at the end of the episode. So so they they emailed in and were like, oh my god. The chef's kiss was that I got served an ad by Lexus, for a subscription based car immediately after listening to your discussion about it. So so thank you for for reaching out.
Speaker 4: That's brand synergy. Every time that it's like we don't for anyone that's curious, because this is probably one of the few shows where people would be compelled by this, host read ads, we do see what they are. Dynamic inserted ads, we typically don't. There's a set of criteria that you get to flag, and then the ads just kinda happen because, different advertisers will pay to advertise to different people in different geographic regions or who have expressed different interests, which is a really roundabout way of saying, we don't really know what goes into those dynamic non host red ads. And the majority of the time when we get a funny email about it, it's not worth talking about. But when you when you shit talk, heated seats subscriptions in an episode and then an ad runs for a new car.
Speaker 5: That has heated seats subscriptions.
Speaker 4: You gotta talk about it on the show.
Speaker 5: Yeah. Yeah.
Speaker 6: This is Pete from The UK. Thanks for doing this show. It really gets me through my, my long commute that I have to face once a week. Couldn't resist trying to submit a story into hotline hacked, because I really enjoy the tales from everyone. My story states back to I think it was the late nineties, maybe early two thousands. I forget. And I was reminded of it recently because of all of the, the noise around, Oasis tickets that occurred recently. Oasis being, you know, such a big band, particularly in The UK, sort of mid to late nineties, and, being a, you know, a teenager at that time, really got into wanting to to play guitar, but also being a teenager at that time, I remember not having a lot of money, and I, I wanted a particular type of, acoustic guitar to to play that. I could also plug into an amp, and just really struggled to save up the, the funds for it. And, again, like, probably a lot of teenagers at that time, I played a lot of games as well. Less so on consoles. I was always much more into PCs and understanding how they're built and how they worked. And so on my sort of quest to try and find a, a guitar to play so that I could, you know, emulate Oasis and others, I came across a a a website after looking for weeks and weeks. Yeah, I found this website that was, that had a competition running. And, I can't remember the exact specifics around it now of of how it worked, but it was something along the lines of it was, multiple questions
Speaker 3: that you had to
Speaker 6: answer in sort of the shortest time possible. So the the answers had to be right, and they had to, and you had to answer them within, you know, in the shortest time possible. And I think I was still on dial up Internet at the time, so everything was a bit painstakingly slow. But I remember, the prize of a guitar that you've got a certain selection of guitar to choose from. The the prize would be announced every week, so there's a winner every week. And much as I tried to win this guitar answering these these questions, I could never do it in the time frame. And they would have a leaderboard at the end
Speaker 3: of the week, and you'd see, you know, the top five people in the shortest time
Speaker 6: and who's the winner. And I could never win
Speaker 5: it. He could never win it legally.
Speaker 6: You know, I I went a a few weeks went past, and after the while, it's never gonna happen. But as I say, I used to play a lot of games at the time, and, I remember playing, maybe it's maybe it's before this time. I I remember playing Duke Newcom's three d in particular. I know once I finished it, I then started to think, well, how could I how could I, beat the game, in a different way, and find some cheats for it? And, remember I got hold of a I call it, a memory trainer. Maybe it's called something different these days. But the the premise of it was that you could play the game, and if you had, say, a 100 ammo, you would run this program, and you'd tell it that you had a 100 a 100 bullets or a 100 ammunition remaining. And then you would, you know, battle off a few rounds in the game and perhaps it would go to 90, and then you go back to this program and say, right now, I've got 90. Right? And then you do it again, so you get down to 70. You go back and say, say, right. I've got 70. And after a while, eventually, it would come back to you and say, I've now found where this value is being held in the program's memory, and it would let you adjust it. So you could then go into the program and say, right now, I've got a thousand bullets. And it would adjust it in the in the in the running program. So I was I was playing this game, and I suddenly thought, I wonder if this would also apply to web browsers. So I went back to this, competition page, and I tried answering the questions. And I think that, like, the the top score, the the lowest number, the lowest time that someone had was something like, eleven seconds, and I was getting something like eighteen, nineteen. And so I went through the the the round of questions. I think about five questions. And I got something like, I don't know, twenty two seconds. And I put in the memory trainer, and I focused it on Internet Explorer at the time, I'm guessing it was, and said, right. You know? Twenty two.
Speaker 5: Could've been Netscape. Another throwback. Mhmm. Meow. Meow.
Speaker 4: My cat.
Speaker 6: And I went back, did it again. Got something like twenty one point two seconds. Went back in, put twenty one point two in. Did that a few times, and it came back, and it said, I found the memory value. So, Well, it's worth a go. Right? And, so I put in, I think it was, like, ten point two seconds. Didn't wanna over egg it. Didn't wanna make it seem un unrealistic. Put in ten point two. Dots the end of the round of questions, and sure enough, up on the screen popped, well done, ten point two seconds. And so my names went to the top of the leaderboard, and there it sat. For the rest of the week until the Friday or Saturday when it was announced. And then I looked back at the site, and I'd won my choice of, of guitar. So I went ahead and chose the guitar that I really wanted.
Speaker 5: I'm sitting here pensively waiting. There's another two minutes left in this, and it's like, did he get it? Did he figure it out?
Speaker 4: And then the FBI showed up.
Speaker 5: Is there a check and balance?
Speaker 4: And said if you don't do a guitar solo, we're arresting you.
Speaker 5: You have ten point two seconds to do an amazing guitar solo.
Speaker 4: To shred harder than you've ever shred like the devil challenging you to a fiddle contest.
Speaker 6: Charlie read electro acoustic guitar, and it promptly got delivered to me. And, I was I was reminded about it specifically recently because that that, that guitar itself, I still have to this day.
Speaker 5: It's a trophy.
Speaker 4: Yeah. You never get rid of that guitar.
Speaker 5: You can't get rid of that guitar? No.
Speaker 6: Well, so I I do still look at it occasionally, and I I do feel a guilt, of sort of how I got it. But at the same time, I hope, you know, whoever ran that site and I I think they got bought out by, like, a big fan of everything. I hope everyone did well out of it. But at the time, I remember, the the my my girlfriend at the time did say that one of the things she really liked about me was I could play guitar, albeit really badly. Right? I never got to kinda oasis or any any kind of standard past that. But that girlfriend became my wife, and we now have two kids. And, yeah, I thought about it the other day because they started guitar lessons, and one of them now takes my guitar that's been all restrung and takes it to school for guitar lessons. So I hope in some way, despite the quite dishonest way I attained it, I hope, you know, whoever was in charge of that looks back and doesn't mind too much considering it I think it went through a good call and did some did some good in the world. So that's my story. I'll probably have that guitar for a few decades yet. And, every so often, just look at it and think, yeah, there's some little good that can come from bad. So thanks, guys. Really appreciate the show, and, thanks for the time.
Speaker 4: Goddamn. That's wholesome.
Speaker 5: Man, I gotta say, every time we do one of these episodes, it makes me like like the the the people who listen to our podcast more. It seems like there's a lot of, like, moral consideration and moral growth that has happened in the people. Like, a lot of people are telling us these stories being like, you know what? And I still look back on it with remorse about the the bad and evil that I did. And, like, there's been it's it's I don't know. It's nice. I like to hear it. You know? Like, we were all kids at one point. We all mucked our arms, and and then to to to learn a moral lesson and morally develop from that is so important. And
Speaker 4: yeah. I really like that. It was it was right at the moment when he flagged it's such a tiny detail. I don't wanna go back to the start of the story, but when he's like, so the site where they were doing this quiz, years later, it got bought out. I'm sure the person who owned the site got a bunch of money. It's like, oh, you followed Mhmm. You followed it. There was a sense of moral culpability for this, like, cool acoustic electric guitar, ironically, of which I'm kind of shopping for one. I feel so seen in this call. There's, like, five parts of it where I'm like, I think we should be friends.
Speaker 5: Yeah. Totally. You wanna grab a beer sometime?
Speaker 4: Totally. But that he'd been like, every time he looked at this guitar, he thought about the site He followed that the site had gotten sold. It's just very funny to me. I wanna build up to the I wanna get to the ending where the girlfriend likes that he played guitar, and he learned to play guitar on this on the hacked guitar. But to go back to the beginning, Oasis tickets being the thing in the zeitgeist that made him remember this story because he loved Oasis when he's young. I'm supposed to go to that tour
Speaker 5: Really?
Speaker 4: With a bunch of people that are nostalgic about Oasis from about the same time time period. And I'm like, I'm a medium. I was a medium fan in high school, I would say. Sure. Yeah. But I the thing I won't do is miss a bunch of people going to see Oasis in Mexico. There's no way it won't be really, really entertaining. So, like, I wanna watch Oasis. I wanna watch it to them watch Oasis. I think that's gonna be really good.
Speaker 5: The the detail you left out that you just dropped in there is that you're going with British people, and that makes more sense. Because, like, I feel like Oasis was, like, a seven out of 10 here. Yeah. They were, like, an 11 out of 10 there.
Speaker 4: Big deal. It's a very, like, great people, and I'm very excited to go see it with them. So I'm I'm right there with you. So caller there was a website that had a competition running for a free guitar. It's trivia. It was timed trivia. There's a winner every week, and you had to do it really, really fast. People are finishing this thing in ten seconds. Caller's young. They're not clocking it in less than twenty. So they crack open a I I was googling for this during the call, and I found a post about, like, DOS era generic training hack game value tools. There's a few of them. Game wizard three point o, memory scanners, Infinity machine, Game Buster four point o. I'm curious how this worked with a web browser. That was the, like, technical side of this that I didn't totally grok because it sounds like these read RAM.
Speaker 5: Let's talk well How's that work? Let's yeah. Sure. Let's talk both things. Let's talk about, like, these tools, Infinity Sharks and whatever, all of these RAM scanners that are looking for persistent values in the in the memory. That's kinda not too dissimilar to something like what a GameShark was doing for you on, like, a whatever console board.
Speaker 4: Yeah.
Speaker 5: Yeah. Like, so much like, it used to be able just to pop open binaries and hacks and, like, look for values in them, like, things that were hard coded in and modify them. Like, there wasn't a lot of as long as you didn't cause over flows and stuff, there wasn't a lot of control for that stuff. And, yeah. Honestly, like, when I when he first started talking about using a memory scanner, I immediately became a bit critical being like, I wonder how that's gonna work just given the fact that it's kind of an a like an asynchronous web conversation. It's not something that's in active memory, but I guess the browser is probably submitting the response back to the server. But but but to further to your question as I'm rambling is, your web browser is using a boatload of RAM. Like, we're in probably Chrome right now. I bet if you opened up Activity Monitor on your Mac, you'd
Speaker 4: see that
Speaker 5: Chrome is the single largest user of memory at this moment.
Speaker 4: So those values could be stored in there's a it would theoretically make sense that those values were actually stored in RAM, which made them parsable by that tool.
Speaker 5: Yeah. The thing the thing, like, for me like, maybe it was different back then, but I'm just thinking about how many processes are in modern browsers. Like, I've got Chrome open. I probably have let's say it's a slow day for me. I probably have 18 tabs
Speaker 4: open. So there's eight. A chill 18.
Speaker 5: There's 18 subprocesses running, each with their own memory, like, buffers. I assume back then, if I remember, like, the pre tab web, like, you had a window open for Internet Explorer or Netscape, and that was your web browser. You'd maybe like, I think originally you couldn't even have multiple multiple windows open if I'm like, we're going so far back in my history here that I'm my memory is failing me, but I'm pretty sure, like, the original Netscape's Internet Explorer, you had one window.
Speaker 4: One. Right.
Speaker 5: Which means that there would be, like, one memory buffer or, like, memory stack that you could go through. So I could see I I could see that, obviously, it worked. So it's, like, kind of a creative way to do it. It wouldn't have been my first thought about it, a way to do it, just given that it's web and it is asynchronous. For me, I probably would have tried to intercept the submission results and and supply a false result there rather than modify a result value in a variable in RAM and then have it send that. So, anyway, just a interesting, fascinating solution to it. And yeah. It works. And it works.
Speaker 6: And it
Speaker 4: was inspired by Duke Nukem three d, One of the first games I ever had on PC. We got Oasis. We've got Duke Nukem three d. And then the other one was I didn't do any hacky stuff, but I was just reflecting on the fact that in my mind, the first purchase I ever really, like, sweated over and put the money in, like, I I It's a guitar. Was a guitar. And I Yeah. I know a lot of people who, like, 13 or 14 a parent had the, like, wisdom to say, like, nope. You want this bad enough. We're not gonna pay for it. If you want it, you gotta figure it out on your own. Totally. And you're just gonna sort of, like, teach yourself how savings works and how, you know, put squirreling away a little money every week can build up to something bigger. And it's making me wonder what's the wildest thing a teenage boy did to save up money for a guitar because I bet it's a lot gnarlier than either of our stories. There's a it's it's a big motivation.
Speaker 5: Yeah. I didn't I I'm trying to think of what my first big purchase like that was. It probably would have been something sporting related, skateboard.
Speaker 4: Yep.
Speaker 5: It was definitely a skateboard.
Speaker 4: Yep.
Speaker 5: And I bought I bought one. I think I saved up, and I bought it in when I was, like, seven.
Speaker 4: Yeah. That was about the same age as the guitar. And The seventh grade
Speaker 5: or seven age? Model. No. Age seven. Oh, wow. That's bigger than I did. Yeah. And do you know what? Do you know how I raised that money, Jordan?
Speaker 4: How'd you raise that money, Scott?
Speaker 5: Not stealing it on the Internet. I raised it by collecting discarded cans and trading them in at 5¢ a pop. I raised hundreds of dollars
Speaker 4: to buy
Speaker 5: them for a skateboard.
Speaker 4: That works that's pretty good. That's a pretty good one. Pop can collecting, Scott. I worked in the, the parking lot of the local carnival in the city where we're from.
Speaker 5: There you go.
Speaker 4: There you go. It's really fucking cute that you, like, have a kid that is learning to play guitar on this guitar that you hacked when you were a kid that impressed your girlfriend that you could play guitar that then became your wife. Like, I'm Yeah. It's it's a little silly hacky story that kind of, in a weird way, becomes a little bit of a life story, and I didn't think we were gonna get any of those on this call. I really appreciate this one. I really enjoyed this.
Speaker 5: Yeah. Me too. Me too.
Speaker 7: My name is Jordan. I used to be, into the BBS ing scene in the early nineties.
Speaker 5: Bulletin board services. Perfect. Kind of like a a proprietary old school forum. Think about it like that.
Speaker 7: Mainly calling local numbers. So, cities and around me and connecting to, various BBSs. Sometimes chatting with the CISA, other times playing the games that we call doors on the, like, the text based, games on the BBS. And then, I was there mostly, though, for, the wares. So if I could find any BBSs that were offering, pirated downloads, I really love that. So, like, games like Doom and things like that, I had first acquired, through, BBS.
Speaker 5: Do you know how long it took to download Diablo over dial
Speaker 4: up? I cannot imagine. I think about pirating an m p three and being like, well, plug in the generator. It's gonna be up all night.
Speaker 7: Enter the mid nineties, 1995. I was 16 years old. I was using Windows, and things had kinda taken a big shift from from BBS has really pretty much disappeared, and everything was now kind of online, and that pirating scene had moved online.
Speaker 5: So one of the big change changes there, just to give a little history on this because I also had friends that were where's junkies. When it came off of bulletin board services, it kinda moved into partially in the news groups, which was like another old school, protocol that we don't really use anymore No. That maybe we can rebrand and relaunch
Speaker 4: and sell for billions of dollars.
Speaker 5: But it it also became one of the times where, like, public facing hacking became big because a lot of people would hack FTP servers and servers that had FTP and web servers and then store the wares and hidden folders and in hidden areas on these servers. So a lot of there was a lot of private servers, but given the legality of the content, a lot of people that were big in distribution of it actually spent a lot of time hacking to find private repositories to put this stuff. So just just some history.
Speaker 4: Yeah. It's good.
Speaker 7: Where I kind of used it a lot was on the RFC and, acquiring files via FTP. So what would happen is there was, a number of channels on the IRC, including, one called where is six six six, I recall, and a number of other ones, both, publicly accessible and private channels. And we would use, FTP clients to access the, the the libraries of files. If you recall, and this isn't the case anymore, I think, there used to be a lot you could go to a lot of domains and just type in ftp.thedomainname.com rather than www, and sometimes you could just you could log in with no username and no password. You could simply press enter on both.
Speaker 5: This is true. One of the default settings for a lot of, like, especially UNIX servers and stuff back in the day is that they come with a handful of services pre enabled being POP three mail, SMTP, FTP telnet before SSH. And a lot of even now today, if you go to a lot of domain hosts, like people that deal with DNS hosting, the default package of subdomains is, like, w w w, FTP, mail. Like, a lot of those services tie to the original, subdomain structures. So, like, almost every major company that had, like, microsoft.com also had an ftp.microsoft.com.
Speaker 4: Got it.
Speaker 7: You would immediately fall into a directory where you could sometimes upload a file if you're using the FTP client, and read the files from within there. So what would happen is people would often use those as dumping grounds for pirated files, games and applications and, you know, cracks and whatnot. And, eventually, those would be discovered by the admins that run those, web servers, and then the access would be locked up. But what was really coveted was the, private servers. So those would be and then Minh has intentionally set up a FTP server with, for piracy, in which case they were very well, like, meticulously organized, often directories by theme name or by year, directories within those ones for all of the applications, and then within them, the cracks that go along with them, etcetera. So this was prior to any anything like a torrent or anything like that. Everything was on FTPs. Where those got traded was on the IRC. That's Internet Relay Chat. I used Merck to access it, which is a Windows client. So, back in '95, I was 16 years old, very much into this, very much loving it, and, you know, it was a hobby of mine. But, acquiring those private servers, those very highly coveted ones, was tricky. You had to trade and trade up, or you had to know the right people and, be on the right teams and things like that. I wasn't into any of that so much as, I was running a little bit of a a scam of sorts where, I would log in to all of the channels at once that I knew. So where is 666 amongst others, probably 10 where is channels, and I would I would dispatch a message. I would change my name importantly to a girl's name. It was almost always Jessica. It just seemed like a sweet, innocent girl that young men like myself might like to help out.
Speaker 5: Jordan becomes Jessica.
Speaker 4: Yeah. Yep. That's funny. I don't have the OASIS style parallels here, but it's extremely funny.
Speaker 5: I I do I do love the fact that he he mentioned something that I completely forgot existed, like, teams. Like, I remember there were, like, organizations of, like, self organizing groups of people that used to steal software, and they had, like, you'd see their little, like, acronyms and stuff at the beginning of the file names. This is all coming back to me. This is so long ago. Some of that stuff
Speaker 4: is still in piracy. Like, you still see, like, names and kind of brands behind it.
Speaker 5: It's like, hey. Let's let's commit mass larceny and make sure that we put our handle on it so that, like, it's easy to track how much stuff we've stolen.
Speaker 4: Let's do some crimes. Well, let's make sure that we have a brand we're building while we do it. That's great.
Speaker 5: Let's leave a business card behind the bank after we rob it.
Speaker 7: Totally. And I would post a message to all of chat at once, and the message would be composed as would be something like, I use QDFTP for work and need to access it today. But every time I start it, it keeps crashing, and it says QDFTP dot I n I is missing or corrupt. So all I would need to say and I would add that a friend or a colleague told me to ask you guys here because they you guys know this software. Immediately, I would get, like, 10 or more transfers. Like, DCCs is what they called them.
Speaker 5: This is brilliant to say. You know?
Speaker 4: Yeah. I I think I'm following what's going on, and it's extremely funny. This, like, thirsty it's a honeypot. It's a honeypot.
Speaker 7: Direct transfers to my account of someone else's q f t p dot I n I file.
Speaker 5: Do you know what an I n I file is, Jordan?
Speaker 4: No. I don't. K.
Speaker 5: It's like initializations. It's like a settings file, essentially. It's plain text, but it's where a piece of software will save a bunch of user settings. And I think, notably, in this case, it's where people save favorite servers and their login credentials for it.
Speaker 7: And then what's contained within that I mean, I found is a plain text list of the FTP domain, the login name, and the, password for all of these private accounts, including also their anonymous ones. So I would suddenly have tens of fresh new pirate, FTP sites. I would then get a second flood of messages from all of the same people, kind of, with just peppered with so many obscenities. Like, they would realize only after sending me the INI file what was contained within it because they just gave me the keys to everything. At at which point, I would just kind of disappear and go low for a couple weeks, just enjoying my cache of whatever I got, you know, using those sites. And then I could go back in a couple weeks later, and then do it again. So that's, my little story about, software piracy seen in the mid nineties, I guess, and it was quite a fun time. I'd love to hear, about other people, from that time or in particular, like, about BBS's and stuff. I think there's a lot of interesting things there. Love your show. Thank you. Bye, guys.
Speaker 5: Bye, Jessica.
Speaker 4: Bye, Jessica. Hope you have a good one. We too would like to hear more of those stories. If you have a call, if you have a story, if you have something you wanna share, hotline hack dot com. Got an email. We got a phone number. This rules. Okay. So so my sense of this is in the nineteen nineties, the piracy ecosystem had a had to do with people sharing different servers on piracy channels. Some of them were, private servers, which were the real rule Rolls Royce of these things, and then other ones were, I guess, people just uploading and downloading stuff to, like, company's servers, hoping that they could get the files up and back down before an admin noticed it. Am I understanding that right?
Speaker 5: Yeah. So Wares was shared in lots of places. BBSs, news groups, in private transfers between people. But FTP servers, like, the nineties were like the FTP era because it was like everybody had an FTP server. A Windows server installation, like, almost had it on by default, I think. So so many websites and web servers and corporate servers that were web facing typically had an FTP server, and some of them might have not disabled guest credentials or might have enabled it because it made it easier for them to use it for whatever thing, and they weren't thinking about cybersecurity because it was 1993.
Speaker 4: No. Yeah. And security inconvenience. We always talk about this. It's like Yeah. Well, lack of security is extremely convenient and convenient stuff is extremely insecure.
Speaker 5: But you also need to remember the, like, bandwidth in that era, like a t one line was, like I wanna say t one was, like, 1.5 megabytes, but it would have been, like, a massive commercial line to get for, like, a business. So it's like a lot of those servers probably sat on private bandwidth or private pipe. So, like, of course, they're gonna notice when their daily bandwidth on their server goes from, like, eight megs to, like, 60 tera or gigabytes. Yeah. And it's like so, of course, they get caught, like, the second you start exploiting it. The other thing is, like, the private servers were the people who either worked at companies and set them up underneath the discretion, like, you know, hidden away from the operations, or even people that had large home pipes. Like, I actually know a person that had a private FTP, and it was member only, and you had to get access. You had to create creds and all the rest of it. And and he and they set it up at great expense to themselves because they had to buy hard drive arrays and set up RAID arrays in the server. All the rest of it. They set it up just solely because people would then give them the wheres. Instead of them having to go look for it, Their server just filled up with what they wanted. They would take whatever they needed, delete stuff and then people would fill it up with more stuff and it was like, it was an interesting interesting generation to be in big business in the software industry because it was super easy to steal stuff.
Speaker 4: Interesting. So these people would set up these private servers for some cocktail of altruism for the community and just self interest. People are just gonna upload all this free stuff that I want to have for myself, and they'll upload it to my servers that I control. Links to and credentials to get access to these servers were precious in this community because you knew that there'd be all this cool shit on them and you wanted to get access. Mhmm. This caller, I I I love the turn in the story where it's like, so anyway, now that I've set all this up, I was running a scam of sorts. And in this case, the scam was that they would log in to all these channels, set their username as a girl's name, which was always Jessica, and then tell this little story of, like, hi there. I'm not from this world. Someone told me that this is where I should come with a question, and I need help getting access to this thing. Can anybody help me?
Speaker 5: Yeah. Yeah. Play off the benevolence of others. The the it like, if you grew up in that generation too, right, you need to remember that you've grown up with fairy tales and Prince Charming's and stuff like that. So it's like everybody's, you know, masculine perspective of themselves is that they're gonna save the damsel in distress. So you you put on the masquerade of the damsel in distress. Like, if there's anything I know about Jordan, it was that after Defcon, Jordan was very intrigued by the social engineering,
Speaker 4: like Oh, yeah.
Speaker 5: Community and stuff like that. And this is a social engineering hack. Like stealing stuff, whatever. Everybody was doing it. This person figured out a way to get a bunch of people who valued a ton of private information and, like, earned these credentials and access to these servers to just puke them into a direct file transfer to them by just pretending to be the damsel in distress.
Speaker 4: Yeah. I used the term honeypot during one of the break like, I used the term honeypot, I think because it's apt, but I also just like the idea that that term typically associated with, like, spy craft and people kind of like like, a honeypot typically isn't just the name Jessica. That's a very low bar for a honeypot.
Speaker 5: I'm sure the tonality he used
Speaker 4: Oh, I'm sure.
Speaker 5: Added to it.
Speaker 4: It was a character. It's very it's very shrewd. So they play this character. They tell this story. A friend of a colleague, you know, asked me to ask you. Everyone starts sending over these INI files that contain the domain to the private server, the login, and then the password, and they go, here you go, my lady. Here's what you here's the help that you need. Oh, no. I just gave you the login credentials, and I'm reflecting now on the fact that you are almost certainly not Jessica. Rats.
Speaker 5: Yes.
Speaker 4: Yes. Okay. Pretty good. I Pretty good.
Speaker 5: I assume I assume the way the scan worked is I put this sad story into the general chat or into one of the chats. Five heroes show up to save me. And then the next response to my message is somebody being like, you're an asshole. Like, quit trying to steal credentials. And then the five heroes read that message and go, oh, shit. I just got scammed.
Speaker 4: Yep.
Speaker 5: And then I send an expletive filled message being like, you prick.
Speaker 4: Oh, that's a good read in the public chat.
Speaker 5: Yeah. Yeah. Yeah. Yeah.
Speaker 4: There's so it's a window of time. Yeah.
Speaker 5: Yeah. Yeah. The people who are immediately like, oh, Jessica needs help. I have a, like, a cute FTP dot I n I file. I have mine.
Speaker 4: Yeah. I would like to be the first one to help Jessica.
Speaker 5: Go, Jessica. And then a
Speaker 4: minute later, someone's like, that's not Jessica.
Speaker 5: Exactly.
Speaker 4: That's Jordan.
Speaker 5: That's Jordan who's stealing your information.
Speaker 4: That's pretty good. This is a good one. Man, the nineteen nineties sounded I guess I can't really say that. It's I I was about to say, like, wow. It sounded like a really different ecosystem. And then in the last call, we were talking about pump fun and meme coin streamers trying to but, like, it's, like, it's always been a weird crazy mess. It's just the shape of the mess changes in such fascinating ways.
Speaker 5: Well, I saw I I don't know if this is real, but apparently some kid was, like, live on Twitch or something, created a fake Solana coin, like Solana based meme coin, and then rugged it. So he pulled like like drove up the value and then sold all of his coins and like left with $30. And then the way the community has gotten back at him was by pumping it even more. And now the coin's value is, like, $10,000,000 or something. And so the kid's like, oh my god. I only took $30 when I coulda had 10,000,000, and I'm just like, this whole community makes no sense to me.
Speaker 4: Yeah. I was that's literally what I was talking about. I think it's the two bands kid is is my understanding of him. And then everyone drove up the price of it to, like, $85,000,000 or something. Yeah. I'm obsessed
Speaker 5: with this. Like, you're a fool. Yeah.
Speaker 6: You fool.
Speaker 4: And it's like, this child made $20,000. There's nothing
Speaker 5: Real dollars.
Speaker 4: There's nothing you can do. Like Totally. It's like, yes. Opportunity cost. If you just held on a little longer, it's like the child made $20,000. And that's before we even get into what does it mean that there is an online service where children can do financial fraud? What's that mean? What are we gonna do about that? Jordan. Teach them young. I I've been working on AI Jordan has been working on a on a meme coin project that I'm very excited to share on the show. Evil Jordan.
Speaker 5: Evil Jordan.
Speaker 4: I didn't say woah. Woah. Woah. Woah. Woah. No one said anything about evil. There's nuance is all I'm trying to say, but we'll talk about that on a later episode. This has been great.
Speaker 5: I'll wait for the hotline hacked call from AI Jordan where he cops to all of his bad and talks about the moral development that he's had since.
Speaker 4: Yeah. So, anyway, I was running sort of a scam that turned our way through the call. That's gonna come real early in this call. Let me tell you. Oh, that's great. But we'll talk about that in a different episode. For now, I think that's another hotline hacked in the bucket. Genuinely, if you got a story that you wanna share, strange teletech, true hack, computer confession. It can be from the nineties, the February, the twenty tens. You couldn't have done it yesterday. We wanna hear about it. Go to hotlinehack.com. Email, phone number. We just wanna hear from you.
Speaker 5: If you wanna be a part of, AI Jordan and AI Slack's evil empire that just takes Internet services from the eighties and nineties, repackages them, and resells them to corporate clients, give us a shout too hotlinehack.com.
Speaker 4: Or if you're a a venture capitalist feeling loosey goosey today and just feels like investing in, I don't know, pop three, but it's an app now.
Speaker 5: With AI. Get at
Speaker 4: with AI. Get at us. We wanna hear from you. And you'll hear all about exit scam simulator, the hit new meme coin on the next episode of, of hotline hacked.
Speaker 5: Thanks for hanging out.
Speaker 4: Thanks for hanging out. We'll catch you in the next one.
Speaker 9: If you've got an insurance question, you could talk to your nana. But she'd probably just tell you how she insured her couch from stains by covering it with plastic. Or you could talk to your local GEICO agent. They'll give you a different kind of warm and fuzzy with personalized assistance for all your insurance needs, like how you could be saving on your policies. So let your nana cover her couch in plastic and let a local GEICO agent help cover you, but not in plastic. To find a GEICO agent near you, visit geico.com/local.
Speaker 10: Where's your playlist taking you? Down the highway, to the mountains, or just into daydream mode while you're stuck in traffic? With over four hotels worldwide, Best Western is there to help you make the most of your getaway, wherever that is. Because the only thing better than a great playlist is a great trip. Life's a trip. Make the most of it at Best Western. Book direct and save at bestwestern.com.
Speaker 3: Lots of places can expose you to identity theft. Oh, no. That's why LifeLock monitors hundreds of millions of data points a second for threats to your identity, which is way more than anyone can do on their own. If we find anything suspicious, like new loans or changes to your financial accounts, we alert you right away, all through text, phone, email, or the LifeLock app. Get the alerts that could make all the difference. Save up to 30% your first year at lifelock.com/podcast. Terms apply.