Hotline Hacked Vol. 9

Speaker 1: Thank you for calling Hotline Hacked. Share your strange tale of technology, true hack, or computer confession. After the beep.

Speaker 2: Hello, Jordan and Scott. I recently found your podcast on Spotify and obviously subscribed. A bit about me, I'm currently studying cybersecurity at college, which I began after recovering from fourth year engineering about five years ago. Anyway, when I was still allowed at that university, foreshadowing, I ended up in a building on campus at 02:30AM. As if that wasn't weird and concerning enough, the building was also supposed to be locked. This building, let's call it Building 1, was rectangular with eight entrances, two on each side. It's certainly possible that Building 1 continues to be rectangular to this day, but I digress. Each entrance was locked to the public after 10PM but remained accessible to certain students and faculty who could unlock the doors with RFID cards. One night, walking home from the bar after last call, I saw Building 1. And as most normal people would in such circumstances, I was immediately compelled to buy the building, which, as I'm sure you know, entails walking around to each entrance and sarcastically tapping my credit card on each RFID transceiver. As I walked around to each of the eight entrances, I conducted my NFC acquisition procedure. Each time seeing the RFID scanner next to the door flash red and remain locked. After

Speaker 3: tapping

Speaker 2: my maxed out credit card at the first seven entrances, I did the same to the eighth. However, this time the light turned green and the door was unlocked. After aimlessly wandering around the hallways for about twenty minutes, I heard a door from the stairwell open and a team of police and campus security came speed walking toward me. They positioned themselves in a circle around me, presumably to reassure me that I was safe and not in any sort of trouble. They asked for my ID, but I was so frazzled and nervous that I forgot which pocket my wallet was in and told them I left it at home. The four of them began to ask me a series of questions at the same time, and eventually the officer standing behind me said, all right. Put your hands behind your back. While I continued to stand calmly with my arms at my side, I asked what I was being charged with, and he said, break and enter. At that point, I explained how I had not broken anything. He seemed skeptical and asked, well, how did you get in here then?' So I calmly explained that the door was already unlocked when I pulled it open and suggested that they might want to have that particular door serviced if that's an issue for them. After continuing to not handcuff me, we all walked outside, and I received a lifetime ban from the institution and all of its jurisdiction. I'm curious if you guys have any insight as to how a credit card could theoretically bypass an RFID locked door. Something something buffer overflow, something failed open, something or something. Really appreciate your podcast. Take care.

Speaker 4: Welcome back to hotline hacked.

Speaker 1: Welcome to hotline hacked. It's the call in show where you can share your strange tale of technology, true hack, or computer confession, such as trying to purchase a building that is still rectangular to this day with your credit card.

Speaker 4: Hotline hack is brought to you by DeleteMe, something that we'll get to later. Join deleteme.com/hacked.

Speaker 1: Something something buffer overflow. Okay. So we've got a caller. They're wandering around on campus. It's the dead of night, and they do a lap around a building tapping their credit card. Weirdly, this is not, I think, the first time we've had someone call in with a tale of buying a building by tapping a credit card on RFID on campus. Are you familiar with this? Because the first time we got it, I thought it was an anomaly, and now I'm realizing it's a thing.

Speaker 4: I this that that's the thing that lands for me here is, like, am I just culturally out of it? Is it, like, we're Canadian? Like, maybe this is an American or British or German. We used AI to give this person a voice. This was a text submission. We have no idea what culture they are. Who what culture is, like, let's buy buildings. I'm just gonna tap my credit card on RFID pads and, like, I take possession of it.

Speaker 1: It's mine now.

Speaker 4: It's mine now.

Speaker 1: I I my credit limit is way too low to buy a building. I know that. So, technically, I have no idea what's going on here. I'm curious for your take on this. I do like the, the the interaction with the cops. They swarm in. They put you in handcuffs, hands behind your back. It's an alarming experience if you've ever been through that. What am I being charged with breaking and entering?

Speaker 4: Didn't break anything.

Speaker 1: Didn't really break anything. So if you didn't break anything, do you have a sense of what he did do?

Speaker 4: Well, aside from what he's telling us he did Sure. Like, I'm sure we could sit here and theorize maybe there was an an issue with the door. Maybe the RFID pad was, you know, having some form of problem. But, like, tapping your credit card, which has an RFID chip in it. Right? Like, that's that's the thing. It's like it you're you're actually triggering the, like, RFID handshake between your credit card and the pad. But it's then validating that against a database of, like, authorized, you know, RFID IDs to see whether it will open the door for you or not. And Okay. Chances are his credit cards RFID ID is not gonna be in that list. And if it wasn't in the list for the first seven pads, it would definitely not have been in the list for the eighth pad because they all probably look at the same database. So, in reality, he probably was right. There probably was some kind of issue, or he's lying and he broke into the building. Sure.

Speaker 1: It is a pretty good thing to riff off the top of your head if you're standing there in handcuffs. And the cop says, oh, we're charging you with breaking and entering. And you say, I didn't break and enter. I tapped my credit card on the door, and it let me in. And I'm picturing, like, you've got a little bit of beer on your breath as you're saying this, and none of them are quite tech literate enough to know if that's how any of this works.

Speaker 4: I I feel I I feel like that's a good point. I feel like he would probably have more than a little bit of beer on his breath as

Speaker 1: a train,

Speaker 4: at 03:00 in the morning trying to buy a building with your maxed out credit card.

Speaker 1: I I only ever do that drunk. I'll be honest with you. I've only ever tried to buy buildings.

Speaker 4: I'm gonna I'm gonna start doing this. The next if if I'm ever drunk again, I will immediately pull my credit card out and try every RFID pad I see. The,

Speaker 1: Scott just wandering around on campus trying to charge a building to a visa.

Speaker 4: Wait. But here's the thing like the the thing that I'm most surprised about is the response because if if lots of students and staff have RFID cards that do give them access to this Building 247, then just seeing a student wandering through the halls of the building shouldn't have been that alarming. Do you know what I'm saying?

Speaker 1: Yeah. For sure. I mean, I guess the was the building closed down for the night at that point, presumably? And how uncommon is it for there to just have been a student who was left over? Like, I fell asleep at little cubicles inside of library buildings and stuff on campus more than once, and kinda just, like, snuck my way out. So I'm assuming there's more to it than that. I'm assuming there's a credit, a security camera feed of a guy wandering, stumbling, let's just call it, around a building tapping a card against the thing. Like, I'm guessing they had a little more evidence than just he was physically inside the building.

Speaker 4: The thing for me is, like, I had an RFID card and I had twenty four seven access to buildings on campus when I was in grad school to certain buildings, computer science, facility. The, and there were students in there all the time. Like, especially that faculty. There's a lot of night owls in computing science. A lot of people that do some of their best work and I am one of them in the middle of the night. The yeah. So to me, it was just like having a student be present inside of a building that has twenty four seven access to students that have access to it. Mhmm. Seems seems like a a large response for that unless there was some other trigger for it. So

Speaker 1: Yeah. I mean, this is probably unsatisfying for the caller who was genuinely asking if there's a technical explanation for how a credit card could open a door, and we're just immediately jumping to assumptions that that's not maybe what happened.

Speaker 4: I just I

Speaker 1: I simply don't know technically how that could occur, and I'm gonna make it worse right now because I'm also aware of the fact that there is a great way to open a locked door with a credit card.

Speaker 4: Definitely. Done it many times.

Speaker 1: Done it many, many times. The latch is inside of a a thin little gap of a door that is a little bit thicker than a credit card, and you can just pop one of those bad boys in there.

Speaker 4: A fine fine butter knife works better than a credit card. Okay. Yeah. And that makes sense. You're in an Airbnb and the little lock closet where they keep all the extra coffee and toilet paper.

Speaker 1: Oh, just a little butter. That's a good one. Yeah.

Speaker 3: Yeah. Yeah.

Speaker 4: I've had to do that many times in Airbnb's. Your day put out one roll of toilet paper for, like, a week's day, and you're like, come on. Come on, guys. And then you have to, like, break in and get more toilet paper.

Speaker 1: That's true. There is always the one little locked area. Normally, I would just try and respect that boundary, but sometimes there's, like, a suggestion of a town, not me. There's, like, a half of a towel when you get there, and you're like, this is not I can't abide this. Time to start tapping credit cards and and buying cupboards.

Speaker 4: So so to loop back into a satisfying technical explanation,

Speaker 1: I will Something something buffer over for me.

Speaker 4: What I already said is that given that you failed on seven things, there's no way that it was a random coincidence that your RFID handshake from your credit card was in the database of authorized RFID things. So no. There's no technical explanation besides faulty faulty infrastructure. Maybe there was I have no idea, honestly.

Speaker 1: It could be there is a I think faulty infrastructure could express itself in a couple different ways. One of which is that door was just open.

Speaker 3: Mhmm.

Speaker 1: Like, I tap a thing on the door, and it makes a beep noise, and I go to open it. And my brain makes the connection that I unlocked the door, and it was like, I wonder what would have happened if you would just turn that doorknob prior to tapping the credit card. Mhmm. And the cops are already on their way because they saw a guy doing laps trying to buy a building. Thank you for reintroducing that concept, to us because I might start doing it too.

Speaker 4: The, yes. So no no satisfying technical response. I do think that Jordan's probably suggestion is probably the most likely which was that the door was actually just open. And, happened stance matter of chance. You tap your credit card on it, pull the door handle in the door. You convince yourself that you're tapping of

Speaker 1: the credit card, open the door. Which would inadvertently make your legal defense ironclad. Yeah. Opening a already unlocked door is even less breaking and entering. I'm not sure it's necessarily legal. Yeah. But I

Speaker 4: was gonna say depend depending on what the signage things were. Yes. That's true. Publicly accessible space, but it that the access is limited to within time. Whatever. We don't have to get into the legalese of whether you broke the law or not. I'm glad that you didn't get charged, but it did sound like it might have had an impact on your educational pursuits as

Speaker 1: A little bit.

Speaker 4: Banned from the premises. So

Speaker 1: well, I'm glad you recovered from fourth year engineering, which I also liked that opening line. And I hope hope you're doing well, caller. I hope you I hope you bought plenty of buildings in the interim.

Speaker 4: We appreciate the fact that you reached out. We wish you the best of luck in your cybersecurity educational adventures, and thanks for your submission. The, Jordan Mhmm. Do you ever wonder how much of your personal data is out there on the Internet just for anyone to see?

Speaker 1: I mean, you're you're talking about, like, my name, my contact info, my social Social Security number, my home address, even information about my family members?

Speaker 4: Yeah. Yeah. Yeah. All of that stuff is being compiled by data brokers and then sold online. Anybody on the web can buy your private details. This facilitates identity theft, phishing attempts, harassment, unwanted spam, you name it.

Speaker 1: I mean, that sucks. I hate that.

Speaker 4: But now you can protect yourself and protect your privacy. How? With DeleteMe. Oh, heck. Yeah.

Speaker 1: I mean, it's people that exist publicly, especially people that share opinions online about buying buildings. I'm thinking about my safety and my security. It's easier than ever to find personal information about people on the Internet. All this data just hanging out, being harvested and collected and resold by data brokers, it sucks. Mhmm. And it can have real consequences.

Speaker 4: And that's why we personally recommend DeleteMe. We do. DeleteMe is a subscription service that removes your personal information from hundreds of data brokers. They don't just do it once. It's an ongoing service that constantly is monitoring data brokers information pools for things that you specify and removing it from those pools and they'll let you know what they remove.

Speaker 1: They do the hard work of wiping you and your family's personal information from data broker websites. So if you wanna take control of your data and keep your private life private, you could sign up for DeleteMe. Now, the special discount for our listeners. Scott, how do they get a discount?

Speaker 4: Today and most of the days, you get 20% off your delete me plan when you go to join deleteme.com/hacked and use promo code hacked at checkout that's the only way to get 20% off is to go to joindeleteme.com/hacked, enter code word hacked at checkout. That's joindeleteme.com/hacked, code word hacked. Sponsor of hotline hacked. Highly recommend them. Love them for being a supporter of the show. Check them out.

Speaker 5: Hey, Jordan. Hey, Scott. Fan of the podcast. Not a big fan, but a fan. Anyways, I think I have a pretty good story you guys will like.

Speaker 4: Not a big fan, but a fan.

Speaker 1: A fan is just a big fan you haven't met yet. That's what people say.

Speaker 4: I'm a fan, but not a stan.

Speaker 1: Oh, yeah. There it is. There it is. So this caller brought us a lot of really great information, but a very funny story. We're gonna summarize the first little chunk of it for you here. They basically tell a story about their relationship with their little brother who they code named Timmy.

Speaker 5: Let's just call him Timmy. Little Timmy was in, grade eight. The school had given them, like, Chromebooks. Timmy.

Speaker 1: And it and it covers a long arc of starting when, his little brother was in, like, elementary school, he gets a Chromebook. It's a little bit locked down, so the brother helps him crack it so that his little brother can watch YouTube on it. Little brother gets older and older, some years pass, he gets to junior high or high school and he gets a a fancier laptop, a a fancy little Lenovo with a touchscreen. And this time he wants to I think it was play the freaking Wii.

Speaker 5: You You know what I really wanna do? I wanna play Wii. I wanna play the freaking Wii on this thing.

Speaker 4: Yeah. Wii emulate.

Speaker 1: That's great. Some classic titles. Get some Twilight Princess going.

Speaker 4: Can we just stop for a second and say, what school is this kid going to where they're giving like, like every every year he's getting like a fancier computer from the school.

Speaker 1: Next, he needs them to crack the VR head, the Apple Reality Pro or Vision Pro or whatever it's called. So the little brother gets a new computer, comes back to his older brother, says I want I want help being able to play play my Mario Kart and the brother brother helps him out and takes us through the details of how we cracked this computer. And we start to get a sense that this is sort of just a little recurring thing in the relationship, the tech literate older brother helping out Timmy. And it brings us to

Speaker 4: I cannot do what

Speaker 1: I'm saying. It's it's very hard not to. Which brings us to the start of the story proper, which is where we're gonna jump in, where this, this caller, the older brother, has an idea for for a little prank.

Speaker 5: Fast forward probably till, I don't know, April, May, getting to the end of the year. And I just I don't know how I came up with this idea. I just had this random ass idea one day. And I thought, you know, I'm just gonna I'm just gonna do a little prank on my brother since, you know, I helped him out with this Wii Sports thing and getting unlocking the entire laptop or whatever. So I'm just gonna do a little prank.

Speaker 1: Just a little prank.

Speaker 5: And so my idea was to create something I called the sound bomb. Basically, what it was was a script that locked down the entire laptop and just blasted music at full volume. So to execute this, though, I had to do a ton of testing on my own laptop. The first issue, how to set the volume to a 100% at all times. I found this command line utility called sit vol, which allowed you to set the volume through the command line. And so I just had a batch script that looped every second and set the volume to a 100%. And then another very important factor, was choosing what music to blast. And eventually, decided on this Piano Man parody.

Speaker 4: Should we play it? Yeah. Sure.

Speaker 1: I don't think I've actually listened to this yet. No. I didn't listen to it yet.

Speaker 4: You didn't listen to it? I listened to it. Okay. That's enough of that. 444,000 views that we're lad.

Speaker 1: Alright. Andy Salad. Okay. So he's decided on the piece of music he wants to play for this sound bomb.

Speaker 4: Cranking the volume, looping the set vol command to make sure that the volume stays maxed even if you turn it down. And it sounds like he's gonna hammer you with that beautiful, beautiful tune.

Speaker 5: Another thing I need to do, I need to disable the mouse and keyboard. You know, this is before the days of chat jippity, so I had to find some random

Speaker 1: Okay. Pause it. Pause it. Chat jippity? Sorry. Love that. That that was like a bolt of lightning. Like, we cancel everything. Chat jippity.

Speaker 4: Chat jippity.

Speaker 1: Oh. Oh my god. Resume, but, oh, keeping that one in my pocket. Chat jippity.

Speaker 5: And Stack of froze scripts that actually worked. And another thing I wanna do was I wanted this to be live streamed.

Speaker 4: That's rude. That is like sound bombing somebody, locking their laptop, playing Maxwell, this insane cover of Piano Man. Funny. Then also broadcasting it live.

Speaker 1: Oh, that's really that's pretty funny. I mean, once you get the shape of a joke in your head, it becomes like a a checklist where you're like and it would be funnier if the mouse didn't work. And it would be funnier if the webcam turned on, and it would be funnier if it's straight like, I it's like a snowball rolling downhill.

Speaker 4: If it was broadcasting live and saving itself on YouTube Exactly. Which he did send links to.

Speaker 1: And we're gonna get to them.

Speaker 5: So I got OBS installed, and I managed to start it through the command line and also in the background and live stream to my own YouTube channel. I went, like, full out on this. I went as far as to disable the audio port. Soon if you plug something in, it would still play from the speakers. And then I also remember I tried my best to disable, like, the power button. Basically, I made it where I think it's somewhere in the control panel settings power settings in there. Like, instead of just tapping the power button, you have to, like, hold it down for a good, like, five seconds. Like, I just wanted to make this as annoying as possible.

Speaker 4: I like that he's covering his bases, making sure that no matter what you try and do, he's still gonna bombard you with the sound bomb.

Speaker 1: I like that just the metric of success is just annoyance. That's that's like yeah. And that that's that's right. You're you're going down that road.

Speaker 5: The first part of this all, though, was getting it on my brother's laptop. Since I was the one who unenrolled the laptop, I had set up a lookalike account for my brother. So I knew the password, discount, and everything. At the time, I wasn't, like, great at using the command line. So instead of connecting remotely with, like, SSH or RDP, I just had to do this physically on the laptop itself. So that meant, like, I had to find opportune times where my brother would not see me on his laptop. I just remember the best time for the setup and everything was when, my brother would go to, like, a friend's house for a weekend. I just remember I had to sneak on his laptop a lot. And there was a couple close calls where he'd, like, go use the restroom, and then I'd sneak on his laptop real quick and mess with some settings or whatever, mess with the scripts. And then I'd have to, like right when I heard hear the door creak, I just run off. What eventually came up with triggered the script was a scheduled task that would trigger in the morning on a school day whenever you log into his account. I couldn't have tried to pray that he actually went to school on the day of the triggering. I remember I wanna set it up where it only triggered if the laptop's connected to the school's SSID.

Speaker 1: That's so mean. That's so thoughtful too. Like, it's so elaborate. I gotta also say, like, there's so much attention went into this plan. It is it's such a good prank, and it is the worst crime. It's like it's a suspect pool of one. He he immediately knows who is responsible. Yeah.

Speaker 4: Totally. I also love that, like, he just say that there that he didn't know command line, like, very well back then. Clearly developing those Yes. Through this prank.

Speaker 1: Yes.

Speaker 4: It's like, you know, he's talking about how he didn't use, like, a, like, a remote shell to connect into the computer and do it remotely, which he probably would now. So obviously, he's been growing Yes. Since this prank, which is good. And, just to set up and check to make sure that the computer is on the Wi Fi before you execute the prank to make sure the live stream

Speaker 1: goes Italian chef's kiss.

Speaker 4: Yeah. Chef's kiss for sure.

Speaker 5: But when I tested that on my own laptop and my own Wi Fi, like, I I just could not get that setting

Speaker 3: to work, which really frustrated me.

Speaker 5: So yeah. Anyways, I had the the task scheduled to trigger on, like, a random day in May, and I was freaking hyped. Like, the day of the prank literally felt like Christmas morning to me.

Speaker 4: It sounds like so much build up that the payoff I can I can I can understand? Like, it sounds like you spent months planning and executing this. I would fine tuning the details, getting it ready.

Speaker 1: Yeah. Sound bomb. I'd be freaking hyped too.

Speaker 5: It was the closest I've ever felt. The 10 year old me waking up in the morning for presents, I was glued to my computer screen the entire morning, watching my YouTube account, waiting for my live stream to appear. Then at, like, around 09:30AM, my YouTube stream appears with a very confused Timmy on the screen. Unfortunately, the stream only lasted, like, six seconds. What I later realized was I totally forgot to disable the touch sensor, so my brother was able to exit out of the all of the scripts just tapping the screen. I should have had all the scripts run-in the background, but at the time, I was just too lazy and incompetent.

Speaker 1: Pause it.

Speaker 4: It does not sound like he was too lazy. No. Sounds like he spent a lot of time I don't know. Incompetent's the right word. I would say, like, maybe just Learning.

Speaker 1: Learning. Like, I I appreciate that he is relatively to his current knowledge, knew less back then, but lazy. No one could accuse you of being lazy, sir.

Speaker 4: Yeah. Yeah.

Speaker 1: So I just wanna provide a little clarity for anyone listening to this is that this caller, and I boy, do I appreciate this, brought receipts. So while we're not gonna share the video, and there's not really much audio in this first one, we do have YouTube videos of these live stream events. The first of which, labeled a failure, is a brief clip from the perspective of a webcam of a student opening a laptop with what looks like school windows behind them with a scowl on their face because a heinous version of Billy Joel's piano man is playing. And it lasts for about five seconds and then the video is done. So this is Here's

Speaker 4: the audio from that video. There you have it. You cannot hear the Piano Man, though, which is the thing that I find surprising. So that could just be the noise cancellation from the built in microphone.

Speaker 1: Yeah.

Speaker 4: Because it would be coming out the speakers. But

Speaker 5: I wanted it scheduled for the next day, but had it scheduled to trigger on the same exact day. So when my brother went to log in to his account, it instantly triggered. Yeah. I didn't know this at the time until I'd hear the music blasting in the background with rolls in my room. Looking back at the live streaming recording, for whatever reason, my brother started hiding in the basement and then in a closet. Apparently, he had, like, suspicions it was me and didn't want me to know about it and just wanna fix it himself. Of course, he eventually went to me once he realized he couldn't do anything. And so I first turned off the computer and turned it back on, you know, and I tried accessing command prompt from the lock screen, through, like, the accessibility button. But when I clicked on the ease of access button, it was not showing command prompt. You know? It was showing the normal accessibility settings. And so I thought, alright. I'll just put in a Windows install, you know, and access command prompt from there. But to my core, the drive was freaking encrypted. BitLocker somehow got installed. And to this day, I have no clue how it actually got on there without it with it being unenrolled in the domain and everything. What I think happened was some kind of MDM was on there and deployed some fixes or something. Like, when I unenrolled the laptop, I didn't remove third party remote pools IT had just because I didn't wanna, like, raise any suspicions or whatever. So anyways, as a last ditch effort, I tried using the stylus to exit out of the scripts after logging in, and to my surprise, that actually worked. Apparently, the touch sensor and stylus sensor are two different things. And, yeah, from that point forward, my brother watched over his laptop like a hawk. Would not be anyone near it, breaking many, many years of trust we had.

Speaker 4: I feel I feel I feel

Speaker 1: like this person Breaking many years of trust we have, having done irreparable harm to my relationship with my brother.

Speaker 4: I love how he locked the computer up so well that he almost couldn't get access back to to disable it all. The, and this person clearly has gone into a career in IT, like just his use of of acronyms, like MDM, like mobile device management software. So, like, an enterprise or school district would have, like, an MDM running to deploy remote patches and fixes and changes to a thing. So so it's like the yeah. Like, this person's skills definitely developed on and you can tell that they've gone on to a probably a successful career in IT, which is always a positive output of these things.

Speaker 1: But their relationship with their brother has never been the same.

Speaker 4: Yeah. He was not invited to the lobby.

Speaker 5: And so, yeah, that's my fun little story until fast forward to my brother's senior year of high school. He's in twelfth grade now.

Speaker 4: The trust is just starting to be rebuilt?

Speaker 1: Yeah. We're slowly re rebuilding the relationship. Trust is coming back. And and then what happened?

Speaker 5: He asked me to unenroll it and put games on it again. Even after what had all just happened before, he just I don't know. He didn't care. Yeah. I guess my brother has, like, the memory of a goldfish or something.

Speaker 3: It's all

Speaker 5: I could think about was finishing what I had started.

Speaker 4: All I could think about was finishing what I started. My grand vision was not fully executed, and and I needed to embrace it and adapt it.

Speaker 1: You liken the first version of this to Christmas morning for a 10 year old, and I'm just it's like, yeah. It's it's Christmas in June kinda situation. Someone walks in your room with a big old present.

Speaker 4: This

Speaker 5: time around, it was much better with in line, and I had backdoor accounts and open SSH and RDP installed and set up, like, 99% of the scripts remotely. There's a couple of things I had to go on the laptop for. I think, like, OBS was hard to set up remotely, some of the the task scheduling. Yeah. Even after triple checking all the scripts and settings and the task trigger conditions, this my script refused to go off. Like, it was not triggering. The task was all, like, screwed up or something. So I started doing some troubleshooting the next morning and accidentally set out the script. Basically, one of my trigger conditions was for any user to log in when it should have just been Timmy's account login that triggered the task. And so the whole thing went off again at home at, like, six in the morning, and it was triggered when I, like, RDP'd into to one of the backdoor accounts.

Speaker 4: RDP remote desktop. So he, like, remote desktop into this thing, just so

Speaker 3: you know.

Speaker 5: And, yeah, my brother was was really pissed off, and he didn't say much. Just kept telling me to fix it so we could go back to sleep. And so, yeah, I failed twice and never got a chance to pull off the sound bomb, unfortunately. Surprisingly, though, my brother still asked me for help with his laptop. I have not permanently broken his trust yet. Anyways

Speaker 4: Wait till he finds out you told this story to to, like, a 100,000 people on the Internet.

Speaker 5: Yeah. That's my story. Thanks for listening. Y'all better put this on the next hotline hack, or I'm gonna cancel my monthly donation of $2 USD. I know that's a lot of money in Canadian dollars. Thanks.

Speaker 4: See, he said he wasn't a big fan, but he's a patron.

Speaker 1: And it means the world to us. I also just like and I I haven't broken his trust yet, which brings us to the final video of this caller's submission, which is, yeah. I mean, it's a video of what he described at about it's it's a black screen because the laptop was closed for about the first minute and a half, At which point, a webcam opens and there's, yeah, what looks like a high school senior lit by the eerie glow of a lap of a Lenovo laptop screen, frantically trying to get a heinous version of Piano Man to stop playing. This is this is an achievement, I gotta say. This one's this one made me really happy.

Speaker 4: See, but he says he failed.

Speaker 1: I yes. He did not. I feel

Speaker 4: like he succeeded. He did not fail. But here's the other thing that I find funny about this, is just how calm Timmy looks in this video. Like, Timmy Timmy knows what's going on. He's not, like, shocked by it. He's this, like, like, fucking asshole. Like, that that's the look on his face.

Speaker 1: But this is this is a portrait of a man on the brick.

Speaker 3: I'm not really sure how to

Speaker 1: That sucks. It's like a creepy pasta. It's really good. And I know this is unsatisfying to listen to people laugh at a video that we we, for ethical reasons, cannot share. Breath of origins probably shouldn't even be watching. It's really funny, though. And in a second, you get

Speaker 4: Oh my god. Click forward.

Speaker 1: I just want you to see this even if we don't include this audio. Is it click forward in the video? Because I think you see his brother come in, if I'm reading this right.

Speaker 4: Oh, John at the bar is a friend of

Speaker 1: mine. Yeah. So partway through the video, the lights of the bedroom crash on. And what I think is a second person who I'm I'm assuming is the caller comes in with a look on their face that reminds me of when I saw someone get arrested on an airplane, like a person being caught. Because he is ostensibly was in the other room remote accessing in, and then hears the music start blaring through the thin walls of their, like, house and comes rushing in with this really intense look on its face trying to shut it down. The brother's not confused about who's responsible for this. Just looks angry. It's really

Speaker 4: good. Kudos to you, caller. Yeah. Kudos to you. You did it.

Speaker 1: If you haven't broken his trust yet, that I mean, I don't know what will, but that's pretty fun. You clearly learned a lot doing this project, and you've clearly come a long way since. So, it was it was a learning opportunity, really. Yes.

Speaker 4: I love that you collected the receipts that you streamed to your YouTube and kept those videos unlisted. Just, I the fact that you, like, took a trophy from it is is, well, criminal esque. Criminal esque, but but but still very good. The, yeah. Appreciate you. Appreciate calling in. Appreciate you being a patron. Appreciate you sharing the YouTube links, which brings me to the fact that we now have a YouTube. We do. Youtube.com/@symbolhackedpodcast. Mhmm. It's been up for about two weeks. I think there's 20 some 100 of you have managed to find it, follow it, some new people, bunch of new viewers and content. So we're putting up an episode from our back catalog every day. I think we're on episode 14 right now upon recording. So by the time this comes out, it might be a few more. Go check them out. It's been actually really fun to listen to the old episodes. We've had some comments and feedback from a lot of listeners that say, hey, you know, I completely forgot about the old episodes. They're great. I love them. So please go check it out. Like and subscribe.

Speaker 1: It means a lot. Like and subscribe. Smash that like button, why don't you?

Speaker 4: Smash the like button. Hit the sub and the notie bell. Yeah. We're trying to trying to get to partner. We've got a bunch of plans for YouTube, this year and next year. All of which, requires to be partner status. So we're we're healthily past the, subscriber requirement. And now, you know, grinding our way through the hours watch requirement. So hopefully, we hit those both, sooner than later, and we can really get to work on our YouTube channel.

Speaker 1: So And long kinda arc of it is gonna be there's content going up there that is different from the podcast eventually, at some point. Eventually. Eventually. And that's something that we're really excited to be building just so we can bring more different types of hack. I feel like the show has changed shape and tried different things over the years, and adding a visual channel to it on Spotify, YouTube, wherever you watch video is gonna be a lot of fun.

Speaker 4: Yeah. We've, all the back episodes, we've kind of done this really cool ASCII art rendering. So, Nick, friend of the pod, and colleague of ours did the animation and rendering for them. So they all have this, like, hacked visualizer for each episode of the back catalog. We brought on friend of the pod, Matthew, who is gonna be helping out with some of the original content pieces that we're gonna be working on. So we're planning to do great things on YouTube, to be part of the YouTube, generation.

Speaker 1: One foot in in in the audio. One foot in the video.

Speaker 4: So and we just as like another thing is yeah. Cab hang we have been video recording us making these podcasts for a few months. Mhmm. Whether that means that the more recent episodes, once we get to them, are actually us, could be a thing. We'll see we'll see. We're playing around with templates, concepts, formats for how to do it. Given the fact that Jordan is in another part of the country, we do record them online. So we're not sitting in the same room as much as we'd love to be.

Speaker 1: So maybe we so we're maybe we need to do some in the same room episodes. So if you have any if you have any ideas for really cool guests that it would be worth us all convening together to talk to, get at us at Get It Hacked podcast. We'd love to hear about them.

Speaker 3: Hey, guys. Big fan here. Really enjoy the work you guys do. Started listening to you guys, because I was looking for something similar to Darknet Diaries, which I know you both really enjoy as well. But, probably don't need to obfuscate my voice for this one, something super serious. But I'm a college student in, The States, and, I'm in a fraternity at my school. So I, live at this fraternity house. And to give you guys a little context about the whole situation, we have two houses. We'll call them main house and then second house. We have one driveway. They're right across the driveway from each other. But, you know, as, fraternities get up too, like, we drink Shocker.

Speaker 1: First time hearing about it. Shocker.

Speaker 3: And there's there's usually drunk people around our house, which is not really a surprise. Most of them are just like the brothers that actually live there. But the second house, they have this ritual, you could call it, of, getting drunk and, basically, trashing, the main house, which is where I live.

Speaker 4: Well, you've clearly oppressed them and kept them in the second house. So this is like a this is a revolt against the ruling house.

Speaker 1: This is kind of a Snowpiercer situation. The back of the train raiding the front. Also, the most creative use of the word ritual I've ever heard.

Speaker 3: I live on the 3rd Floor, and, we have, like, a shared bathroom for the 3rd Floor. One day, there's a very repeat offender from the second house that was, drunk, or intoxicated, and, he decided to trash.

Speaker 4: I like the clarification there. Drunk or intoxicated? Intoxicated. He might not be drunk. He might not have drank something, but he's definitely not He's

Speaker 1: not sober. Right of mind. No.

Speaker 4: He's not sober.

Speaker 3: The main house, 3rd Floor bathroom at, like, four in the morning when no one was awake. And, I had my, like, a toiletries bag in there that it just chucked out the window. It was on the roof. It was gone. That kinda gives the context of why I decided to do what I did. So I wasn't anything serious.

Speaker 4: Is this like the prank and get back episode? Yeah.

Speaker 1: I it's it's it's always funny when someone's halfway through a call and they do that moment. They're like, so anyway, that's why I did what I'm about to tell you about.

Speaker 4: That inspired this.

Speaker 3: So, obviously, I was mad. I had a I think I had a couple of expensive colognes in there, that my brother and my mom had gotten me for my birthday, so I was pretty pissed. And I was like, how do I remedy this situation? Because, obviously, the person who did it didn't own up to it, and, like, you could go through, like, you know, like I don't know if you guys can relate to this at all, but, like, fraternities usually have, like, a judicial board system, which is, like, a within the house, like, I guess, court system. It's really stupid. It might work for someone other attorneys, but for us, it's just a joke, really. So, like, the person didn't own up to it. He wasn't gonna get jay boarded. So I me, and the rest of, main house, we all band together. We're like like, let's take action.

Speaker 4: So it like, we're Canadian. Canada doesn't have nearly the fraternity and sorority system that is so popular in The States. We have them, but they're like

Speaker 1: A a pale imitation of the American system, which is Yeah. Is quite robust from, what we understand.

Speaker 4: So yeah. What we understand. We're we've never been a part of them. The the one thing I will say that I did not know is that they have their own judge, jury, and what sounds like executioner inside of them. Yeah. Like, you mess around inside the frat, and the frat, like, has its own tribunal system. I mean I did not know that.

Speaker 1: I mean, given that the story starts with the framing of there's two houses, one of which has a ritual of getting drunk and trashing the main house, I'm gonna go ahead and say this is a little bit of a kangaroo court situation, given the extrajudicial vigilante justice I smell coming around the corner.

Speaker 4: Mhmm. Mhmm.

Speaker 3: And I'm a computer science student, so I I know my way around a computer. And, first thing that pops into my head was, hey. Let's, let's DOS them. I'll I'll I will DOS them, which is a stupid thing to do or even think of, but, you know,

Speaker 4: Denial of service, knock them off the Internet. I'm sure everybody listening knows, but just so you know.

Speaker 3: It is what it is. That's my plan of action. So I googled how to, how to commit a DOS attack.

Speaker 4: This is going bad places, I feel like. Mhmm. Go listen to DDoS for hire. I'm sure we're about to get there.

Speaker 3: I had knowledge of, like, what a like, a DDoS attack was, but, like, a simple DDoS attack, I, wasn't really too sure about. So I literally found a tutorial about how to do it. And I went through the whole process of, like, watching the video, reading the tutorial, setting up, like, the virtual machines and stuff like that. And then I realized, I needed, like, an external Wi Fi adapter, and those things are they're not super sure. They're, like, $20. And I was like, am I really gonna spend $20 on trying to, like, dot second house? And being the immature college frack guy that I am, I was like, absolutely. Yeah. I'm spending the $20. So I spent the $20, and I'm troubleshooting trying to run the attack. I realized that the Wi Fi adapter I got doesn't even support, like, monitor mode, which, if if you know what that means, it's like, some technical thing where you can, like, inject packets to a router. Some of them. So I had to spend 20 more dollars. I returned the other one, and I I got a compatible Wi Fi adapter, and it was working. And then I got just so involved in it that I realized that it was only working for, like, certain, gigahertz networks. So, this second house had their Wi Fi.

Speaker 4: So Wi Fi networks, depending on the version, there's 2.4 gigahertz, five gigahertz, and now six gigahertz with Wi Fi seven. So what I think he's running into is that he was capable of dosing out maybe the 2.4 or the five gigahertz channel, but the failover is that all the devices would just knock themselves to a different channel. I think that's I think that's what he's explaining. So right now

Speaker 3: So the attack was ready. So I literally, like, sat in one of my, friend's room who was, he was, I guess, like, a neutral party in the second house versus main house conflict. I sat in his room on a like, the entirety of Sunday, and I was running this entire attack. And everyone was in their rooms, like, watching football, and they're all complaining because, like, a standard the authentication attack is just like it disconnects your device from the the Wi Fi. The funny thing is for, like, iPhone devices is that when people would get disconnected, it would prompt on my phone, like, do you wanna share the Wi Fi password with this person? And I was getting that the entire day. Eventually, I turned off my phone Wi Fi. And I thought it was pretty funny because, like, the walls are super thin. It's an old house. It's a frat house, not super well kept, and I can just hear them complaining, like, yo. What is wrong with the Wi Fi? It was really funny. Unfortunately, the cable lock still works, so they're still able to watch football in some of the rooms. The streaming TVs weren't able to. I didn't wanna go for the cable box because I didn't wanna get, like, our Internet service provider involved. But, yeah, that's basically, like, my my petty comeback to, them throwing my stuff out the window. It's pretty nerdy. No. I guess not really what you expect from a frat guy, but, I do go to, like, a tech school. I I guess the funniest part about it all is that I ended up using those Wi Fi adapters for, my senior project that I needed to graduate. And I was doing some stuff with, like, real Wi Fi networks. So, ultimately, it gave me good experience for, when I need to graduate. But, yeah, I really love the show. Thanks again.

Speaker 4: There's always that payoff. You know? It seems like so many of these end up with, like, yeah. You know, I I wanted to do this thing, and I did this thing, and maybe it wasn't so good. But I learned all about the Wi Fi protocol, and then I did my, like, senior project on it and graduated. Now I'm a computer scientist. Yeah.

Speaker 1: Sure. How to make it

Speaker 6: to the C Suite?

Speaker 1: Some silly shit I did in college.

Speaker 4: I love his apologizing for being the frat guy too. It's like, come on. There's a there's a lot of frat guys out there. Don't worry about it. Yeah. A lot of frat guys even in computer science.

Speaker 1: I I I would I would say that the the frat and comm sci, circles overlap. It's not quite one circle Venn diagram situation, but there's some overlap between those, between those. Not a ton, but a bit.

Speaker 4: I remember I remember when I was in competing science school, very male dominated academic program. So a lot of frat dudes, even in a country that had no frats really. And, like, frat membership was, like, nonexistent. There were still a decent amount of frat dudes in my computer science class.

Speaker 1: Yeah. There was one major frat on, the campus of the school we we both went to, and it it was like a little baby version of a of a big frat. Like, it was sort of the one that sat in for the entire Greek culture of of fraternities, on our campus. And it it kinda had the same vibe of this, a bunch of people sort of both really close to one another, but also shit talking and pranking each other with just like a deluge of liquor, kinda constantly sloshing around inside of it. I like the the mention of the repeat offender from house two who was drunk and came in and just tossed a bag of toiletries out the window. Like, the level of chaos that this is a repeat offense of just like this guy, like Tasmanian devils, is way into your goddamn house, starts throwing shit out the window. It's like, this is not sophisticated.

Speaker 4: Valuable thing.

Speaker 1: No. This is not like the the animal house, like, elaborate pranks. Yours was way more elaborate than guy just came in and threw thing out window. He put way more thought into it than he did.

Speaker 4: I I do like that he it seemed like he'd spent, like, a bunch of time prepping for this attack. Yes. Figured out how to do a bunch of deauths and knock people off Wi Fi.

Speaker 1: Waiting for the big game, you know? Went and bought

Speaker 4: a bunch of accessories that he needed to execute it, set it all up, and then was successful in his, like, afternoon attack except for that it did nothing because everybody still watched the football game on the TVs.

Speaker 1: Bingo.

Speaker 4: Just people were complaining that they couldn't, like, scroll Instagram or, like, TikTok or Snapchat while they were watching the game. But, you know I'm happy you learned something from it.

Speaker 1: I'm happy you learned something from it. It's a pretty it it it it's a good goof. It's it's an elevated goof. Innocent. It's it's pretty innocent compared to Innocent prank. Guy destroying property. You you have a I think that's a good thing. I think that a a level head and not too much of a temper will would serve you well across the rest of your life.

Speaker 4: In your future c suite

Speaker 1: position. Precisely.

Speaker 6: Hi, Jordan and Scott. Firstly, I just wanted to let you know that, your podcast is one of the best I've ever heard, and I always make sure I tell my friends about how good it is, and how interesting they find the, the topics you guys discuss. Secondly, I just wanna put it out there that I, never did any of the hacks I'm about to discuss. I'm not technically confessing anything. I'm just sharing some stories.

Speaker 4: Of course. Of course.

Speaker 1: This is all hypothetical.

Speaker 4: Hypothetical. Yeah. Hypothetically. Didn't do anything. Don't need to obfuscate my voice because I'm just recounting tales I heard in the pub.

Speaker 1: It's sort of an improv exercise we do here at Hotline Hacked.

Speaker 4: Mhmm. I get it.

Speaker 6: Acquaintances. So my confession is, I'm from Australia.

Speaker 4: This is not a confession. This is just you telling us a story. Remember?

Speaker 1: Yeah. You you were so close. You were so, so close to get away with it scot free.

Speaker 6: And back in the late eighties, early nineties, there were these little orange, pay phones that were all around, the country in small businesses mostly, and it had a little hack where if you, lift the receiver and you push the follow on button down and then push the receiver down again, the phone would use audio commands to say when it had hung up, and you could trick the phone into keeping the dialer active.

Speaker 4: Classic fishing. He provided us with links to the images for what these phones looked like. They are hilarious looking. Door open.

Speaker 1: Industrial design of this is great. It's like a big old, like, stick of butter. Mhmm. Gold phone.

Speaker 4: Gold phone. They are honestly, I could see them making a comeback. It's like a retro device. It's like get a new home phone, get a gold phone. They'd blow up in Australia, I'm sure.

Speaker 6: You'd lift the receiver, hit the follow on, and then, push down the receiver, and then you'd still have the dial tone available to make a call after that free phone call. You know, like this, the the timing I use to get that to happen is kaching. So back in the day, it wasn't trademarked as a name for any particular companies that might sponsor certain shows. You could just

Speaker 4: He's talking about Shopify, just so you know? Ching.

Speaker 6: Get that. That would be the, that would be the timing. Ching to get that to work. Now, these phones started getting phased out, and the major telco in here, started installing a new new model of payphone.

Speaker 4: So just to just to hang on that for a second, the this was very similar to how, like, old pay phones in Canada and United States used to work. So, like, you'd pick up the receiver and actually putting a coin in caused an audio signal to go over the line back to the control, like, back to the telephone switching, which actually activated a real line. So you put a coin in, the internals of the phone would send an audio signal across the phone line, which would then tell the the control center that the phone line was active or needed to be active. So the microphone on the handheld devices was often still live. So you could just play that audio, say, Bill, into the phone, which would then essentially tell the control center to activate the line.

Speaker 1: As though a coin had

Speaker 4: been put into the phone. As though a coin had been put into the phone. So so pay phones have always been a point of less obviously now that everybody has phones everywhere.

Speaker 6: Sure.

Speaker 4: But back in the day, figuring out, like, the old fishing club and crew, spent a lot of time figuring out and hacking with payphones. So it was a pretty interesting thing back then. So I'm excited to hear the next one bit of the story.

Speaker 6: Now the new model, obviously, you couldn't do the kaching on it anymore. But what you could do is Kaching. If you had a straw, you simply flattened it, and then you could slide it into the refund slot just above where it enters and knock out your coin, and the phone wouldn't know. So you, so you could make free phone calls. So that was, yeah, my two little hacks, back in the nineties. If you went to any payphone in Australia and you reached behind the phone, you would pretty much be guaranteed to, to find a straw in there. Anyway, the telco picked up on it and, had to change the the way it was manufactured, and it got fixed. And now all calls are free on payphones, so there you go. It's, moving with the times changed. Anyway, I love the show, and that's my Mhmm. Confession.

Speaker 4: Well, thank you for calling in. Love you too. Glad you're a fan. Yeah. The

Speaker 1: I like that this this episode so far, we've had what can really only be described as campaigns of terror. A sound bomb, a DOS attack between this these two frat houses. And, like, I figured out how to make a I a a quarter's worth of phone call for free.

Speaker 4: But it's it's the campaign part of it sounds like the fact that everybody knew how to do it, which is why there was always a straw wedge behind the phone. The,

Speaker 1: Yeah. That's true. I feel like at a certain point, you just leave the straw inside the booth for the next person. You just pay it forward.

Speaker 4: So so it also does sound and this is, you know, we obviously don't live in Australia, but it sounds like, and I I've done a bit of reading into this, is that, the pay phones are still existent in Australia, and they are free because they're considered, like, essentially an emergency service device. Oh. Yeah. So they're they're not really there to, I don't think, you know, be used for the way they were used in the eighties and nineties, but they are still there just in case people need to make a call and don't have access to a phone. Mhmm. Yeah. Which is interesting, because that is not the case in North America.

Speaker 1: No. I was gonna ask, do they only contact emergency services, or do they just have the good sense of saying, like, you know what? Maybe you desperately need to make a phone call. There can be free phones for people.

Speaker 4: Yeah. Yeah. And That's a

Speaker 1: great idea.

Speaker 4: Yeah. Exactly. So the something that we should adopt here, I would say, when you said you you reach behind them, you used to on certain models of them to actually be able to reach behind them and find the actual RJ cable, like the actual phone line. So back in the in the old days when you actually had dial up modems and laptops that had modems built into them

Speaker 3: Mhmm.

Speaker 4: You could actually go into some PhoneBoost and unplug the payphone and just have a raw phone line. Oh, cool. Yeah. Yeah. So yeah. Payphones always been a hacker's play thing, I think, as long as I can remember.

Speaker 1: Yeah. I've always loved the idea of, like, that kind of signal jamming where you play a piece of audio that reproduces the audio signal that is sent I guess through the phone company to make stuff happen. I always thought that was so cool. It's just very intuitive like it was I think in some of the earliest episodes we talked about that concept. It was one of the first things that maybe grasp this larger world we were diving into. Was that you can just make a thing do a thing it wasn't designed to do.

Speaker 4: Mhmm. By by mimicking the thing that it was expecting. Yeah, totally.

Speaker 1: Exactly. That's really cool. The gold phone. And again, give this give these things a Google. I don't know what comes up when you Google gold phone Australia, but if you see a big old big old yellow rectangle, you found the right thing, and they're pretty fantastic looking.

Speaker 4: Okay. Well, I think that is another episode of hacked, hotline hacked brought to you by delete me.

Speaker 1: Brought to you by delete me. Go to join deleteme.com/hacked.

Speaker 3: Code word.

Speaker 1: Wanna get your discount. And then if you wanna shoot code word. Code word hack. Oh, code word hacked.

Speaker 3: Yeah.

Speaker 1: Yeah. My bad. Code word hacked. Check out our YouTube at hacked podcast. You Check out our Patreon, patreon.com/hackedpodcast. You can find all this at hot at, hackedpodcast.com. And, again, if you wanna share your story, we have a we're we're developing a little bit of a back catalog. So if you've submitted stories, there's a few folks that have submitted multiple. It's not going unread. We just we've got a lot of these things, and it's it's pretty exciting for us. And if you wanna share yours too, go to hotlinehack.com. There's a phone number. There's an email submission. You can send in text. You can send in, AI audio. You can call in. If that's your vibe, we'd just love to hear from you because for It's our vibe. It's our vibe too. We love weird tales of tech.

Speaker 4: I and there's something there's something I particularly love about this, like, the Hotline Hacked episodes. Like, just hearing from people and the creative things that they do, it's, like, so satisfying. And and especially, like, in this is just as I'm getting older and more sentimental. It's it's always lovely to hear, like, yeah, when I was younger, I did this crazy shit. I know I'm the chief technology officer for

Speaker 1: Sure.

Speaker 4: At Switzerland, and it's like sweet.

Speaker 1: We contain multitudes.

Speaker 4: Yeah. Yeah.

Speaker 1: It's yeah. It's a lot of fun, just getting to listen to these calls and hearing from folks that listen. It's it's great. We really appreciate it. Totally. Keep them coming. Thank you for listening. We'll catch you in the next one. Take care.

Speaker 7: You can't reason with the sun. Trust us. We've tried. This summer, it's time to put that angry ball of fire on mute. Columbia's Omni Shade technology is engineered to protect you from the sun's harsh rays that can burn and damage your skin. The sun is relentless, but so is our gear. Level up your summer at columbia.com to spend more time outside and less time slathering on aloe lotion. You're welcome. Columbia, engineered for whatever.

Speaker 8: Have no fear. Chosen Foods is here to defend your favorite foods from the forces of seedy oils and sketchy ingredients. With cooking oils, salad dressings, and mayo, all powered by the good fats from 100% pure avocado oil and simple delicious ingredients. Chosen Foods.

Speaker 9: The right window treatments change everything. Your sleep, your privacy, the way every room looks and feels. At blinds.com, we've spent thirty years making it surprisingly simple to get exactly what your home needs. We've covered over 25,000,000 windows and have 50,005 star reviews to prove we deliver. Whether you DIY it or want a pro to handle everything from measure to install, we have you covered. Real design professionals, free samples, zero pressure. Right now, get up to 45% off-site wide plus get a free professional measure at blinds.com. Rules and restrictions apply.