148: Dubsnatch
01:29:16 Share

I just read up on these beatles super funds called apple scruff ts. They weren't the crazy fans you see scream in their heads off trying to grab at the beatles any tensely could. Now the apple scraps thought that was lame. They liked the beat so much that they dedicated years of their life to trying to support the beetles. They were like, look, the beetles are important.

How do we make their lives Better? So they spent tons of time figuring out the exact location where the beatles would be every day, and then go there to try to help, often holding back beedle mini crowds, or offering flowers or food, or run irons. And over time they would get to know the beatles.

There are some stories of them, even sneak in into places to act as staff in order to help them even more. George herman would later write a song called apple scripts where he said he loves them. I'm astonished to see what incredible links that some music fans go to.

They'll cross continent just for a fleeting moment with idols, or indoor relentless weather, or a camp out for these, showing the level of the ocean that defies logic. The risks and sacrifices that some fans make is truly remarkable. These are true stories from the dark side of the internet. I am jack ryder. This is darkness dies.

This episode is sponsored by a threat locker ran somewhere, supply chain attack and zero day exploited can strike without warning, leaving your businesses sensitive data and digital assets vulnerable. And imagine a world where your cyber security strategy could prevent these threats that the power of threat locker, zero trust and point protection platform robot cyber er security is a unnegotiable to organizations from cyber attacks.

Threats locker implements a proactive, denied by default approach to cyber security, blocking every action process and user unless specifically authorized by your team. This least privilege strategy meditates the exploitation of trusted applications and ensures twenty four, seven, three, sixty five protection of your organization. The core of threat locker is its protect to sweet, including application allow, listing, ring fencing and network control.

Additional tools like the threat locker detect E D R, storage control, elevation control and configuration manager enhancer cyber security posture, and streamline internal IT and security Operations. To learn more about how threat locker can help mitigate unknown threats in your digital environment and align your organization with respect and complain frameworks, visit threat locker dot com. That's threat locker dot com.

This episode is sponsored by vta. Whether you're starting or scaling your company's security program, demonstrating top note security practices and establishing trust is more important than ever. Fanta automates compliance for soc two I saw twenty seven one and more, saving you time and money while helping you build customer trust.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer facing trust center, all powered by venta ai. Over seven thousand global companies like a lassen flow health and cora use venta to manage risk and prove security in real time. Get one thousand dollars of vantine when you go to vta dark com slash dark net at website is vta that spelled V A N T A banta dot com slash dark net and get a thousand dollars off. Um okay, we really get started.

Um yeah, that's fine. But could you use the name for me? Could you use professor of step?

Professor dub step? I like that.

Yes.

that's fine. So professor dub step, you like town.

Where does this start the story? 嗯， 哼 um well， pay this kind of early twenty fourteen. I was thirteen sitting there are working on my mind raft server.

IT was breaking all the time. Those was terrible staff for fighting. And I chinese wanted to do something else. A knife party, which is a musical act, had a new album coming out in twenty and he was delayed. IT was taking ages professor .

dub steppes ban knife party and wanted to hear the new album and saw knife party was interviewed on a podcast and wondered if there was any mention of the new album in the interview. And there was not only that they talk about IT, but knife party actually played a snip bit from the new album cool. Professor dub step is actually into making dubstep music themselves, so this wasn't so hard for them to just download the podcast and grab that song out of IT and listen to .

IT on its own. This is kind of good. I'll shop this together a little bit. I upload IT to some clouds so that other fans can hear IT, you know, and enjoy IT as well. I put IT up there. I didn't expect you to get you know much popularity, but a few hours go by, go back to working on my server now I check my sound cloud after after a couple of hours in in the player just cracking up at ten thousand, twenty thousand and open twitter and twitter is is blowing up to the em the electronic dance music news blogs are posted about IT and said others that the tracks been not loaded to sound cloud early and it's a league ba ba b which IT wasn't vector dub stuff .

didn't care to correct anyone know? They just watch the madness unfold silently. But because people thought I was an early league, they started sending them some private messages. So .

checking in my own cloud messages, and I saw I had a message from dinner jela. He was saying I had some cool. Well, he thought that I had some cool music, some cool and replace things, and had another message from spin tire.

IT was basically as asking to have me on skype and talk some more. So I took this off, you know, like, we will see what he wants. So he adds me up, he says, oh, so so how you getting in these things and I explain I say, well, you know, I don't actually have anything.

I is just kind of blown into something that IT wasn't but that I do like to to look around them and see if this is, you know, hidden things are kind of not really in supposed to be in the main public view, got a made public accidentally. And so things like that, all things that appear early. And he said that he he likes to do the same sort of thing, looking in trying to find open directories on services and things, accidentally, public info. So we kind of connected, and we had to chat about that. And we've talked about that for hours.

Yeah, there is a ton of stuff on the internet that shall not be there. I'm very aware of the site showdown, which scour the internet looking for private stuff accidentally exposed publicly like being able to view surveilLance cameras, license plate readers, servers with default passwords and entire database that are just open. But that site is mostly exposing cyber security flaws on websites.

It's not really a place to go find unreleased music. We're trying to solve a different problem here. Maybe google dorking can help. I know I found quite a Better music.

This way, you can search google for any music files with the band name in the file name, and google will happily show you tons of music that you can easily download. And sometimes you can find things that probably shouldn't not be public. So they go in over these strategies and chat different ways to find me the online.

But the conversation just kept go in. They're sharing more secret ways to discover things. One of them starts talking about the website, Billy, which is a URL shorter .

s your links, but they had A A glaring floor in their system where if you add a plus to the end of a any short link that was made well logged into an account, and you could just, you could click on the public user profile of these, these accounts and see everything that theyd ever shortened using the service. And many of the links that we were looking at, music related, would always be made by a management account, for example, and they would share internal things on the link shorter as well. And we have fail to just see those and downloaded.

So one thing, music production companies or dub step managers do promote the hell of the musicians that are under them. So together, professor dub step and spin tire go on twitter and check out these management companies. And yeah, they see managers using bit ly links to promote some bands.

For instance, they might use IT to link to some promotional fliers or tour dates or new releases, and they were using Billy to shorten nowhere else for promotions. So professor dub step would use the bitter bug to see what else this management company has used Billy for, which gave them tons of links to go through and check out. A lot was for public consumption, but sometimes they would find things, which should I be in the public.

the photoshop documents. Sometimes there are internal memo like pro promotion plans for for upcoming releases and things. And just being able to get kind of a look into the end of workings of these labels and management companies, of how they function, how how they put their things together, make their plans, which was really .

interesting. This would give them new content to post on sound, cloud or read .

IT on redit. That was, reit also has direct messages. And then a message came through the main box from a guy called jay Brown.

He added me on skype as well. We got to talking. He was a different kind of person. He was what's known as a dub plate trader. Now, the plates are a nickname for unreleased music.

And in more modern times, that just come to be on an M P three file, where to be just an M P three file, but not released to the general public. And there is a whole scene of trading these files in small circles. It's kind of like pokemon cards, no less valuable cards are three way differently to ones.

Ra, it's exact same which of plates. So this guy called jay Brown comes to me and he says, h, i've got some stuff. You wanna to check out what i've got? I've this this kind of presenting IT in IT as if there was some kind of drug dealer or something idea.

I wasn't really interested in anything he had. He was one specific track, which was knife party suffer. And I didn't have anything that I wanted to give him because of I wasn't a trader. I had my couple of things that I found on my links, shortness, and I decided that I would try and make something out of nothing. So I took a clip of this, this radio recording, but I kind of shocked together into something that sounded semi reasonable, presented IT to like.

like you, you are creating your own music, that I sounded similar.

editing IT, in a way, editing IT and release track in a way to make IT sound as if IT was an original al source file. But when IT, when I actually wasn't a source file. So is trying to make something seem real, that the woman, so that he would believe in and send me the thing that he had that was real IT was there was quite a scheme is quite scheme yeah .

IT doesn't introduce a quite an interesting situation of like when you're dealing with official releases, it's coming from the official channel, right? But when you're trying to get your hands on these unofficial releases, you there isn't any legitimacy to IT. IT could be from them, IT might not be from them and you were playing into that of like, you know what? You're not gona know if this is from knife party. You're not well, i'll put a little clip in there from knife party just the kind of make you think IT is.

But then I was gonna IT up after, yes, that's that's pretty much how I went. And if you were good at this know, making something sounds semillon timing. These traders didn't really know much Better.

IT was, he was quite easy to convince them of something and to kind of ignore what their own ears were tying. And IT worked. This is getting wild.

Not only was professor dub step looking for unreleased tracks or dumb plates, as they say, but they were taking popular songs and putting in changes to make a seem like a new mix by that musician, pretty shady and interactive. But as a teenager, IT doesn't seem so bad to play around with someone else. See if something will believe .

you that it's original thing, unspeakable edit to IT or something, because IT would do that, would give the whole game away and mean spin. Tia kind of keep doing this between ourselves. We thought this is quite good idea that would make some more of fake things or edit, and now we could use them to flow in in these trading circles.

And then I just drain their whole collection of of rare things without actually causing any damage ourselves to to any of these releases, because they display trading scene. IT does cause a massive damage, no matter how big or small the artist is. If if the race track gets leaked online in some way, depending if I had a released planned or not, you know, once it's leaks sits, it's over for that track forever. So, you know, IT IT, really, it's not something to what is just not a good thing for the music scene, really.

because they recognize that publishing and release tracks hurts the artist. Professor dubstep stopped posting unreleased acks publicly. And by the way, professor dubstep actually makes music themselves too.

Will I play a multi I instrumentalist? But also I P step myself. And this is something that I I was learning to do at the time.

So this was a way to learn more about the music making process.

I'm interested in his unreleased music, but more to just listen to IT and breakdown what's going on with IT because not all of IT remained on release. Some of IT was just early versions of things, yet working progressed versions of songs that would then come out and be almost entirely different. IT was interesting to just hear the differences between them for me.

okay. Can I can I ask you a question about dubs debt? I'm free, i'm afraid to asked this publicly. But what's the deal with all the dolphins? And up step .

the dolphins? What you mean?

You shared with me a play list of the step .

music .

in there? In there is a track called elephant by barely alive.

I hope. hi. yeah.

kind. so. This is this song, and they think this songs about elephants, but it's it's clearly not.

So listen to this part. There is an elephant there, right? Right there was phant. That's the dolphin.

Oh, I think, yeah.

I see with the dolphin in there and let me show, you know, yeah.

I never put them into together.

That is a dolphin is IT doulton in on wheels?

I was that the deal in Frances is IT yeah.

There is a dolphin there, clearly, right? That's the name of the song dolphin on reels, right? So another song he sent me was cash by barely alive. 谢谢。

那么 多。

Here that. Now the song you set me or work goodbye front case. I by way down something.

You hear there, jm shards. I must die.

That is a dolphin is not that I have to .

concede on this.

That is the dolphin is the leeds singer. And every dub step song that you sent me .

IT might actually be too, because a lot of a lot of dub step is kind of self referential.

yeah. Well.

yes, I went.

I ent through ics, his songs and the dolphin I found in.

That is a dolphin ince.

I heard so all .

of researching this episode dolphin after dolphin kept showing up as a lead singer and all these songs. And it's driving me crazy. Is this a thing? So I googled IT.

And no, there's nobody knows about this. There's no reports about this. So I started formulating my own theories, and i've been dying to ask you about this.

okay. So first of all, dolphins are one of my top five favorite animals. I love dolphins. They are so smart and amazing to watch. So for me to find a john of music that has one of my favorite animals featured in its song after song, it's curious to me. And when I hear a dolphin in the song, the biggest dream comes on my face and actually try to sing along with the bark in a turpan. So, so I wonder if just the dusty loves dolphins as much as I do.

I mean, you've got a point, you've got a point. Dolphin S A very intelligent animal. So it's, that is very intelligent music, really.

I also wonder if there are sounds in the dolphin language that speak to us in a really profound way, like I might express an emotion that we just don't have words for an english, but dolphins do, and they can somehow teach us more about ourselves. And dubstep artists add these sounds in because they know the power of dolphins and .

want to help us send new heights originally. So, you know, you know, some common ancestor might, might we're just going back to roots and away. Any thing wonder.

since this is such a piter part of dub step, if the dolphin is like a secret maScotte, like if you go to edm parties, what I see, people with dolphin stickers and patches and tattoo s all representing some inter group where you're like not allowed in certain parties unless you have like a dolphin tattoo or .

something secret society.

Okay, sorry, I refuse to believe that a total accident, but when I google is, nobody is talking about this. So I feel like it's some closely garden secret. But whatever we're move in on the professor dub step was love in all these early tracks, but only trading with a select few people.

IT was kind of like a little triangle a bit. There was me, dino j, and the spin tire with that, like a four, kind of not talking to each other, but relying between each other. And these these tracks were go around in that little circle like that. Dinoire a he was fourteen, other time fourteen year old dubstep producer, say much just me. We're just hang out on skype now.

then dial. Driller somehow got the attention of excision, who was a big time dub step. Artists like EXO had quite a few big hits and was pretty popular. And so how dino jelly was trying to come up in the scene.

yeah, because action is IT is a lot of things to support the underground office in the scene and you help them get some exposure things here. Here is a record label that was called russian recordings, which he signed. A lot of, a lot of open coming people too.

SHE helps you get a heads start. So do I know, was one of the one of these open coming produces. The excision was trying to help, help. So invited Young dino over to the house in canada and to make some make some new tunes.

By the way, you're wondering of vx cision uses dolphins and their music. Here's a snipped from his song astray. These terms me, okay. So decision and dino gear, we're working together at excision house making some cool music, and he was really helping dino dweller out a lot, actually.

But since dano was also into trading unreleased tracks, he couldn't help but wonder what you release stuff does excessive have? And being right there in his house made him very curious. One day, excision invited dino drilled to come over and work on some music while is at the gym. This meant dino jeweller was going to be there a loan. So he gets on skype to tell professor dub step and spend tired .

the plan when dinner goes to exclusionary health dinner will go and dig through all the old heart, driving things in and searched for sets for some unreleased or working progressed goodies and things from .

from people in the seam. No, so so no was had in a various plan for visiting excision towns. Yeah oh my gosh.

So extension was around and and trusted since the thing this is betrayal at this point, he trusted dino to come on in. When i'm not around, it's cool. Your musician, I like your stuff.

We're hanging out. We're friends. Yeah and now so kind of like as working as planned, I can pull access to actually going to grab some hard drive.

We sitting there on skype like, look for this and that and that, sending in file names like I would did the kid, like, you should look for this thing and this correct thing. And ba ba, meanwhile, the extension was out .

with the gym.

We just be sitting to look. I get this, get that eventually going to run out of old, hard drive cycle. So like the stuff missing from him here, that should be there so that the final location that was searched was excisions actual socket raw for cds and USB drives.

And what did you find an excision sector old c days .

with the with the things on that we were looking for? Not i'm not kidding. There was a demo from screens called demba, which was a demo of one of his biggest songs, kyoto. And there was just all kinds of things on there, just working progress, things that never, never come out. But no one i'd ever heard before.

Mostly made by decision. There was some excision .

with some school. There was some nights I some noise, all kinds of things that that these communities have been looking for four years and begging for. And I was I was right there on the cds in in the socket, and they were now being sent to his on skype.

Di know was pretty real to just copy everything right there in the house and put IT all back exactly where I was so decision won't know anything I taken and then .

he passed IT around yeah shares IT with me and spin tire we just listen to IT together like this is amazing. This is a really interesting stuff that's kind of unbelievable.

And I thought that would be the end of IT. But no, if after I could, after a week or so, literally just a week, some of these things started to leak on to redit, do I know, was trying to blame for IT and saying, you must have traded this and telling everyone that I was trading and leaking IT and this and that I nearly, I nearly got the blame pinda I for, I nearly did.

But the way that I found him out was that some of the things that leaked were things that I was never sent. So I must have meant that he traded two batches of things that were slightly different. One to me, other batch ches to whoever else which can take different files. So I caught him out, and I managed to spin IT back around, say, note, I can prove that IT was you, that this this is the reason for these leaks.

So I know, leak that and blames on you. Yeah, he didn't look at.

He sent IT to the traders like jay.

Brown.

what traders .

like this idea of providing the public this stuff that gives them a thrilled they're like, look at that. I'm getting a lot of other boats, a lot of downloads, making some waves. Article written about IT this has gone great. Like that's what they thrive on.

right? So of it's more than they trade themselves, thrive on them. Just have the status of having these rare things that they can go to, can go to people and say all i've got this and that and I want I want that on this and I can trade them for that and then eventually just everyone goes in a loop and Carries on doing that between each other until eventually someone posted online.

Then once it's posted, that song is burned in the trading community is no longer a rare item to have.

Christmas twenty fifteen was an event called leakers where a hundreds of things got leaked onto onto extra non to edit all of the things that do I know had taken from xian an house. All of them leaked. There wasn't one single thing that didn't get leaked, and IT was all just because I was .

being traded like crazy. Did the extension ever figure .

out that dano did this? No, to this day, never realized. IT never, never, never found out.

We're gonna take an outbreak here, but stay with us because this story is gonna away after reus. This episode, sponsored by delete me, I hope dark in a diaries, has taught you something about how can use your data against you, what you do once your data is out there, because he feels impossible to try to take IT off the internet. How are you going to fight? These massive data brokers were selling your info.

Well, you could try out this service called delete me. Delete me does all the hard work of wiping you and your family's personal information of the web. Data brokers hate delete me because your personal profile is no longer there is to sell. I tried IT, and immediately they have a busy scaring the internet for my name and gave me reports on what they found on me. They're got busy deleting things for me. And I was great to have someone on my team when IT comes to my privacy, take control of your data and keep your private life private by signing up for delete me now with a special discount for doc entire listeners today get twenty percent off your delete me plan when you go to join delete me the com slash dark net diaries a news protocol D D 2 at checkout the only way to get twenty percent off is to go to join delete me dot com slash dark net diaries an enter code D D twenty a checkout that's join delete me dot com flash darkness dies code D D twenty。 Professor dub step was getting deeper into the unreleased dub step .

trading scene twenty sixteen comes around its the tactics that traders were using to obtain their on released music files who was changing a little bit and there were a couple of incidents where artists had played A D J. Set club. And someone will go up after the show and just take the USB drives straight out of the mixer. Wow, with other, with all the secret stuff on IT. Yeah.

they go right up on stage and grab the equipment.

yeah. Well, these pioneer C D J systems that you basically just put a small USB fast drive into the top. So if someone walk past that, they could just wipe IT really easily and and no one would notice until was too late.

What I mean, doesn't the music immediately stop if it's.

if it's after the shows just finished, there's like a small window where someone .

could grab IT and no one would notice some balls, you know, to go to a live show, see that performing arts you like, and then steal there their files right from other their nose. Yeah, he did. IT has been known .

to happen about three or four times in that in in space one year.

Holy Molly. The length these people go to to get unreleased music is unreal. And I think it's a testament to just how dedicated and motivated the fans were to hear more to get the latest stuff.

You don't see consumers just like going to the sowing trade show and stealing the latest soling machine from the demo booth. You know, because that passion doesn't exist there. Music has this way to give us a meaning.

Life IT can be our there, our best friend or lover. And our dance partner, IT moves us in a way that not much else can. So some people would risk getting arrested to steal a thudding with new music on IT.

Yeah, IT happened plenty of times. There was a guy called snails who was blowing up in the scene in late twenty fifteen. He had A U.

S, B stolen. All of the files from at leaked onto reddit. It's cordite t had as U.

S, B stolen as well. All of those things ended up leaking in late twenty sixteen, on to red IT again. You know this something that keeps happening?

Yes, I think IT still happens to this day that artists have their U. S. B. Drives stolen out of the out of the equipment on stage.

What do you do here? Who will your USB drive india equity? Or what about putting a decoy USB drive in? But it's really a trap with somebody goes to grab IT that they get electric shock.

It's also interesting to just part the idea that music is just files its data and computer or A U S. B. Drive in this case.

And I never thought about applying cyber security to music, you know, like it's an acoustic sound waves, not computer files. But now IT is computer files. And so IT needs its own version of cyber security, too.

Okay, so let's talk about redit. The pop and support for this was extra, which is a place to post links to unofficial dubstep music. You five recordings from concerts.

Dio mixes stuff that wasn't on the artist official spotify tube person cloud. But IT is from that artist. And these alternate versions are sometimes Better than the original version. And fans were loving this, separated to listen to new mixes.

Leakers in the scene were found upon. So things actually being lead. Whoever leaves something is IT burns their reputation.

That's the newest thing about IT, though, while people went crazy over leak to track and get a lot of people excited, the super IT had to take action on this to avoid being labeled as a league site and get shut down so they would remove the league and ban the leakers.

Because I was IT just goes one thing that traders, they don't like things leaking and to IT IT does damage things. Three, invites trouble. Invites legal trouble. If you are the one to leak something.

the extra substance is laid like an onion. Know, basic stuff was on skin level, peal IT back and you find some juice or content traders with rare stuff. There are rules, though no piracy allowed and no posting unreleased music, but the rules were often abused, IT said.

The outside extra looked like a place that was just a rm page of things, totally uncontrolled. But actually behind scenes, IT was was kind of a front. So if an artist was cool and contacted the the moderators of the right of the people in charge, they could say, please, you know, prevent the thing from leaking.

There's released plans for IT soon. Just, you know, would you mind keeping IT off? And if so, nice about IT. They they could get their brand added to the filter so that nothing .

could be posted. Really takes a set of eyes to understand what's going on an extra because even when something is posted, are you familiar enough with that bon, that track to know if this is the jet or made up or leak at all?

So late, twenty sixteen roles around spin tire comes to me on skype and says, IT, look, got this old passed of stripes. I say, okay, well, how like, how does this happen? And kind of hesitates to explain IT of us and just says, just look at IT, just try IT on these things.

Just try on the and the old skype account. Okay, IT works. IT looks straight and to .

school lix the .

skype account. Yeah, he was an old active, a camp. He was, he was dead. He was not being used, but the password worked. And I said, well.

how do you get this? Yeah, good question. Critics is the biggest name. And dubstep. He's a grammy I award winning artist loved by millions of people. He has millions of followers on twitter, too, to get his password on skype. A pretty big deal.

I say, well, how do you get this eventually explains, he says, is this database of leaked from all kinds of sites? There was quite a lot of database that got stolen an upload online in two thousand sixteen. There was drop box, had their data base e stolen.

Last FM had their data base stolen. My space had their date based, len as well. And the old just uploaded to this thing called, I think he was leaked source.

You could basically pay for, pay twenty dolla month for access to this, and IT would give you access to all of these database. So you could just view the results, the hash, passwords and things. You can just take the hash and and just decrepit IT yourself, because they were really poorly protected. Just standard M D five, which almost the whole N D five table been cracked by that one.

Oh my god, this is about to get insane. Huge database breaches with millions of usernames and past where hash is. Combine that with and his fans wild stop at nothing to break in the two step, and still whatever they can to post IT to extra and school licks is one of the first to get a working password for the biggest club step artists in the world.

My good is my brain is running a million miles an hour right now. There is going to be an all out on slot of people they're gonna trying to hug in to these musicians files. I mean, fun up right now.

So what we done basically is just put the email in that we that we knew of these artists. And if they had a result come up from some old, old database that had been lead that was poorly encrypted, you could take that as hash result in descript IT and just hope that they that their security was not so great and that they kept reusing this password for all this time and use the same one on every, every site or whatever.

And think that is a sweet combination of past F. M. Drop box and myspace. IT pretty much means every dubstep artists would be somewhere in those database breaches. IT was just a matter of finding the right user name or email the use, because those three sites were used a lot by musicians. Dropbox is extremely popular for file sharing.

And if a musician has a label or manager or someone else they're collaborating with, sharing their work in progress on drop box is very common in this circle. Last F, M, in myspace are places were going to post your music, which when you're in up and coming artist, you definitely want to be posting everywhere. And yes, my space is still around.

So um yeah, i'm just imagining like we hold on a second, we've guide screen s password works on an old skype account. This is gotta be the pinacle of the whole story. We got into critics, drop .

backs, specs, drop boxes, for we actually managed to get in the bottom. We tried a bunch of different accounts after sky, but none of them, none of IT was working. So all of the other things .

have been closed off, so you couldn't .

get any drops.

No nice jobs, glick. neither. He wasn't reusing passwords or heard about this database breach and changed all his passwords. Either way, he was ahead of the hackers here. And my goodness, if they got in the slick of drawing x, that would be the most epic thing to hear his latest stuff before anyone else that would be in saying. But they .

couldn't get in. no. So wait, we we decided instead maybe his manager would be a good target to try and look to see if the, if there was any anything, lead in the database for his manager.

And so I had a look that was, he was a really old result from two thousand and eight, but IT had been the same result appeared in all of the database. So IT had a good chance of, you know, working instance. The old sites that have been inactive would have been used in the past for for sharing a music and stuff in internally to mean spin.

I was SAT there on skype when we tried IT on media fire page, which worked, love is in, and there was some interesting suffer there. There was photoshop documents. There were a couple of unreleased tracks that i'd never come out before, never even .

been heard lic .

tracks.

Dd, that I mean, I don't know if if you're seeing the way i'm seeing, but that's gotto be the biggest find ever of so far, at least in the story .

IT in a way IT was. But at that time, we're hearing so many tracks from from the traders, but IT kind of didn't seem as big to us as IT actually was. And what we what we were doing as well, logging into accounts and things, we didn't really kind of realize how deep that was really going cause us.

That's way further than just trading something. You're in a small circle. This been got one of the trader that's going into account and taking something directly, and we were just doing IT like as if IT was nothing pretty, which is really ridiculous when I think about think back to announced is ridiculous.

That's a huge invasion of privacy. But, you know, IT worked. We got these tracks and kind of made a resolve to ourself. But other people would be doing this at the same time as us. Other people would be figuring this out who would get these things and trade them and leak them.

So that's what means spin, tire with basically saying with each other, like is Better that we're doing IT and we can keep these things safe and listen to them between ourselves. And you have the interest with that. And then and then keep IT secret, keep IT from leaking.

What is so part of kept IT from leaking is changing this manager password or deleting IT out of there or something, right? yeah.

So we'd go in would take with dropped the files and then either either just change the password straight up so that no one else could get into the account or to contact the person that we'd loved into and say, you know, we've compromise your account, you need to change his password in which many of the times we actually did that we contact them, said, you know, you have been comprised here. This is how happened. You need to change your passwords.

Wo, what a weird moral compass that is. They knew breaking in to someone else is account is wrong, but the attitude was, if it's not as to breaks in, it'll surely be someone else who breaks in and they could cause big problems. So it's Better that we do IT so we can fix that and for the incentive of getting in and fixing. And we will just take a listening to whatever we find along the way and .

just keep IT for ourselves. We decided to look in these database for dinner as if he'd his passwords leaked in some database that we could try them out on the skype.

Oh, wow, I know was that guy who stole things from excision and then leak that stuff to other people, then try to blame professor dub step for the league.

This is, this is where he gets good. So I had a look and there was one there was well, there was one password that had been leaked five or six times on different services such as indicates that he's using IT on everything and maybe hasn't realized that it's compromised. So we took that password and we logged into his skype.

IT worked first time. IT was six characters, was really basic. We just look straight in and we could see his chat, and we could see him talking to some guy I called shame.

And shame was the owner of. And they were talking with each other about trying to hack into accounts using these data. Es, so they they were doing at themselves and trying to figure out out mean spin tire, we're also doing IT each other.

interesting. It's almost like there are two teams on this now spin tires and professor dub step and the dino and shame spying on the other team might be really useful here.

So one of the targets the dinner was trying hack into, but we were watching him, was us mean spin tire. So he, so he was looking in these database, trying to find our info, and we were watching him. And do IT watching him attempt to get your accounts, like, live in real time.

What do account of.

like your skype account? Yeah, anything he could manage, our skype or drop boxes, sound clouds, anything, basically.

So, so do not talk. I A shame. Like, hey, you have a professor dub steps as you see them in this at all in the data yeah, I see them in the days way all cool as checked our password. Try logging in like, this is the chat you saw and that's like, no, I didn't work exactly .

that literally just a real time feed of watching, trying to hack into us. Now I think more what IT was was that he was paranoid and he was trying to see if we were sharing stuff behind scenes and keeping things from. Because everyone, everyone in this little trading game was back stabbing each other. It's just, it's just what was having. Everyone was back seven each other.

What I mean, so what does your reaction to that like if someone is trying to hack me and be like wall, this is now i've got to be very careful with this person. Well, how how did you react to this means .

spin to I would just that like, oh, we're actually we're actually seeing this like that. They're actually trying to get into our stuff right now. This is, this is strange, this is, this is, this is a lot to break down. But we would just like like all the good thing, we have proper security on our service.

otherwise would be screwed. Like there is a funny bit is like, yeah, you're scared you're you feels like, okay, I could be screwed here 啊 this is this person is clearly attacking us， but you are in their escape. Look at their messages. So you are also attacking them.

Yeah, exactly. I don't know who to take here.

You're both in the wrong. We all in the wrong.

Every everyone in the story is in the wrong IT. There is no, there is no right here whatsoever. The only thing that is marginally right is contacting people to say that you compromise. The only good thing .

I gotto have a hero I wanted cheer for, and I don't know what to do.

Yeah, yeah, yeah. You're not gone, am telling you now you're not gonna get one. I don't only I don't want to glorify any of this because it's not is it's a terrible thing that the the play trading, the hacking, it's all just damaging to everyone involved, the artist, the people doing the hacking.

You know, that is dangerous stuff, and it's just a bunch of kids who don't know Better. Doing IT at the time, forty and fifteen just set spent tire was also older. He was about thirty. All this reminds .

of me of one of those old highly movies where the criminals steal the cash. But then when they get away and y'all just sitting around looking at the stolen money and each other, we'll start wondering if they can trust each other. Clearly, these are criminals you're working with, willing to break up with this money.

Are they going to steal IT from me? And then you realized, yeah, someone is gonna steal my cut. So then you see they are cut first to get out there.

Well, here we have both sides completely not trusting each other, and are actively trying to hack into each other other's accounts to keep an eye on them. But it's interesting that dino was working with shame, who was the moderator and owner of the extra submit. Through these chats, they could clearly see how involved shame was in the trading scene. He really liked collecting double plates and getting his .

hands on unreleased stuff. So we Carry on. We we take some try and get some more targets. We think of other sites that we can try and log into. So we we take a look at box stock com, which is a cloud storage provider usually used by small businesses, big businesses, record label production companies, anything it's it's very popular because they offer great group cup collaboration options. So we we take care correctly, managers password and we try on the box stock come account and IT logs is straighten straighten them into the inner workings of as relax as record label. But we get in there, we can see that coming releases and their production files, promotion plans.

upcoming releases .

for screens for critics and and all the .

artists on his label that that sounds like a big treasure show.

IT was a couple of terrible tes worth files in there.

Holy cow, box stock come is .

a little bit more advanced. They send, they send log in notifications for on recognize logans. So the first one of the first, first things we did was going to the settings and have a lot, you know, did IT say that we've locked in, and this, this guy, this account that we've logged into, he turned off the log and notifications, so he had no idea that we've got in there. none.

Oh my gosh, there's a lesson there, isn't there?

Yes, you know, leave something on for something like that, which is heavily relating to your business. You need to have these notifications turned on to tell you if your secure is compromised.

Unreality tracks are worth more than demos. Demos are just early versions or remixes of songs people have already heard. But on release tracks, nobodies ever heard yet. Okay, the begin a list of things you found on there.

There was unreal select songs. There was individual audio assets for some critics, things. And the right is on his label, like this, individual mastery, mater stems and things for songs, multitasking, so that you could basically break them down into their parts and things. Everything was stored in.

There was photoshop documents, promotion plans, documents saying what they were gonna be doing for the next year or two years, even internal voice recordings, meetings between the label executives and things, is that was all kinds of stuff that really should yeah IT gets confidential things. And IT was is really unprotected files. There was no, there was no individual passwords on voters, and things is all open with fifty. The other accounts shared on all of them.

My g, i'm just trying to think of what that could like if that did get in the public, what kind of a rocket that would have .

caused IT would, of course, a lot, a very large amount what we did to we copy the shelling for each photo that was in there. We set the permissions on that so that anyone with that sharing could still view the photo even though that not log in. And we also copied the collaborator invite links for the voters because the option was not passed, were protected. So we could invites like a new burner account so that we would still have access for ourselves on new accounts l together, and the original one would be closed down. So no one else were bailed to get access to IT apart from us.

Ah that's interesting. I want to make sure you understand this. The access scri x managers boxed coma caro k. They saw these folders there and made the parent one sharing.

And what this means is that anyone with that link can now view the contents of that folder and all the sub folders without needing a user name or password. So now they don't need to log back in to see what new files were upload. They can just use that share link to get in there and view IT without logging in at all.

On top of that, the manager had the ability to invite new collaborators. So they just made a new email account and invited themselves as collaborators and then told the manager he, look, your account is in security, should change the password, which fix the manager account, so that no one else could use the same exploit to get in. No other hacker could get in the same way.

This is a, this is a back door persistence into sexy media company, yes, but it's a back door in a way that I never thought I would be a back door, right? If I say I have back door access to box 点 com， you're thinking, oh, well, you got some somewhere planted and reverse as a stage shell no, just just a share link. Oh yeah yeah I like IT.

but IT IT gives .

you a total different perspective of vote back or even is yeah because because .

he said back to all that you can just built in this site, built site exactly the only reason we were able to get these in the first because people don't exercise proper security, you know, they use the same password on every site for years and years and years and don't enable two factor r authentication on their account either. So it's just open. If you've got the password, you can just go you just walk straight in and do whatever good rest at the place if you if you so wanted to, which is ridiculous.

Just sitting here talking about this, like in thinking a back door is built into all the file sharing sites, my box outcome, google drive, I cloud, proton drive, draw box, whatever. Because if there exists a shared folder link, anyone with that link can see into that folder. It's a feature of the site itself.

You can take that away or ruins the point of the site. And what you think is yours and private really isn't. If there are public links to IT, when you make something shareable and you say only people with this link can see this file, IT feels like this is still private, but it's not.

It's security through obscurity. Your link is hidden but not secure. And if that link is out, it's viewable by anyone without a user name or password. And i've been doing cyber security for decades and nobody is talking about auditing dropbox links to make sure only the stuff that should be public is public because every file and folder may have that option and going through them all is simply unreasonable to do by hand.

And when you're moving at the speed of business, nobody he's going back to clean up or check what folders have sharing links and what do I say it's best to treat everything on your cloud storage and if IT is publicly accessible and only temporarily put things up there if you want to share with someone privately and then remove IT as soon as they get IT. I also want to enjoy your attention of websites like you are else can. Di o, this is a site that is attempting to look at. You are s to see if they're safe for malicious, but users can go there and search the site to see what you are else are in the database. And sometimes you can find .

you else that probably .

shouldn't IT be in the public. But they are like, imagine if you take a photo of your kid and it's on google drive, but then you want to create a link to show IT to grandma, and you specifically say only people with this link can see this photo, and you detail the link to grammar. Well then gramma has some browser plug in and examines all the links to make sure they are safe to click.

So when this link gets examines somewhere, bingo, bingo. Suddenly, that link to your kid's birthday party is now floating around on the internet in all kinds of database, being clicked down by who knows who you. Where else can collect links like that? Hybrid analysis is another tool.

Cloud flared rate ul scanner is another not to mention DNS providers all over the world are logging things too. It's not just google drive and drop box. There are tons of other online storage websites that you could look for ee cloud box 点 com sink night， I don't knows, high drive, A W S S, three buckets, pro time drive, so many more.

This goes on and on. So the data is available. It's just a matter of shifting through IT to find something juice.

In this case, they were looking specifically for doug step music and stepping over anything else that they came across. Okay, so I was just you in spin tire that got access to this. Yes, and you just kept between you. Nobody shared IT beyond that.

right? So I thought how I wish, because, as usual, a few weeks went by and other people started to hint that they had these files, or, well, the traders got access to some things, and that IT was no explanation for IT other than that spin, tii must have shared there was someone. So I quiz them on IT, and I said, you know, if you have just add, rather, you just tell me, I won't be angry.

I'll just want to know you still deny IT. So I start thinking, I will. Someone else must have got access somehow, like, aside from us, someone else must have vanished, got access to the account.

So I treat IT as that for a while now. Let's spin tires have the benefit of the doubt we Carry on going. We think of some more accounts to try get into different people.

Another no thing we trying with management company for diplo and major laser who are be closer to pop music and we tried to his managers box stock come account based on what we've found in these in these league days basis and turn off password worked IT loved is in. There was another couple of terribles of data in. There was a lot more than just major laser in there.

There was diploid. There was a tracks. There was still in Francis. There are about twenty different actions of this management company. We could view all of their stuff from within this box stock.

At this point, we've gained access to terra bits of data from these music managers, which was just too much downloaded at all. Hard drive would fill instance. So then I had to be selective of what they were grabbing.

Like I I don't know what this is like to come across this, but I imagine you cancel your weekend plans. You like I got a whole one to cool stuff that just arrived in the mail and I can't wait to dig in and listen to stuff because you can't speed through listening to these things. You'd you've got really be like, wow, i'm gonna let this one play.

All the whole thing like this is nobody else is hearing this, but maybe four people in the world. And diplo made IT like, wow, wow. yeah. This is where .

IT gets a bit, a bit more dangerous because some softer they've had in that in that box stock come account, they were basically keeping all of their artists and people that were involved in towing and things, production crew, they will keep. This management company was keeping all of these people's personal documents in there, calling them contact sites, and that contact sheet would have more than just their contact information on them.

I would have the the artist, social security numbers, bank routing info, passwords, all kinds of insane stuff that was just supremely dangerous to keep in largely unsecured folders with no extra passwords on them and seemingly no reason for that info in the document. What's weather and then do not secure your own account properly. It's exposing all people the millionaire. It's kind of just lucky that with the none of me or spin tii, all any of the people are eventually doing this, that that none of them were interested in anything more than just the music, because they might have damage that could have come from. That is insane.

Here is the situation when the management label for musicians was being careless with the artist. Private data drivers license social security numbers and saved passwords were sitting there on these online drives. And while IT wasn't meant for the public to see, there were gobs of people who did have access to this that worked for the management companies, or even other musicians can see each other, others files. IT just goes to show, if you're not protecting your own private data, nobody else will either.

These photo all have the opposite of fifty people shared on them. Everyone like in the business could accessing things. The interns could access these things to. Anyone could grab these things, or anyone that got into the account could grab these as well and just have IT and there be no notification that had been compromised.

And that's too many people to have access all this because the more people you have involved, the more back doors might be created. Because just think, if a music production company is going to use drawbacks to store all their work in progress, IT sounds to me like they don't have an internal file storage system and maybe no internal network at all. They probably, I need things like email, chat system.

They going to make social media graphics, a much store blog, the media count newsletters, project management and collaboration tools and an internal knowledge base for Vicky. Chances are small businesses today are using public facing websites for all these solutions and not self hosting things on their own servers and their own data center. So that means that fifty people work at this place.

That's fifty accounts times how many services. I just asked what? ten. So we're talking five hundred various log against different websites now who's got permission to see what and where?

Small businesses are not auditing these things and it's an auditing nights are even if they tried. No, this isn't an ad. I'm not gonna to give you a solution.

I just wanted tell you about the problems that a arise when you start using cloud based solutions. And there are a little bunch of kids who are desperately trying to exploit those to. These kids had valid user names and passwords to get into people's accounts, right? OK.

Well, that's a problem to begin with, about whatever they were grabbing things. But they were also being smart at trying to establish persistence. If the owners of these accounts change the passwords, they would be locked out so they created share links so that even if they can't get locked out, they could see what files are being uploaded later.

cool. But you can really take this to crazy levels. I'm talking about creating ghost loggins.

Let me get out on this for a second because I wanted try to break your brain. Okay, till, let's consider is up here and how I can be used maliciously. Zapp er is a tool that lets you automate things.

So like if I get a new invoice in my email, I can automatically upload the invoice to drop box so that the accounting team can see IT. Okay, exact year can do that for you. But noted for that to work, it's gotta have the ability to see your inbox and have the ability to view and upload things to your drop box.

So to set IT up, you need to give IT permissions to do that. Wo now if a hacker gets into your drop box like these kids were doing and they wanted to maintain their access like these kids wanted, and they could see that you hooked up zapp er to do automation. So now they can create their own fresh zapp er account that they control and connected to your drop box.

And this could give them visibility into your drop box forms appear and you wouldn't even know they're there because to you, all you see is that sap your house permission to view your files, but you sit that up when you were set up your invoice automation thing. This is what I mean by a ghost log in someone who's in your account who doesn't even need your user name or passport to stay in, change the password you want. There are still gonna stay connected to your stuff.

Another way to create a ghost logging to create a secondary loggin. Some sites allow you to blog in through, like a google or microsoft, facebook, or even as self. And suppose that's how you set up your account by logging in using your facebook account.

Now if a hacer has your password like these kids did and gets in through that some sites might have the option to connect another log in. Like if you use facebook to log in, the site might let you also connect google account too. And so yeah, a hacker could just create a brand new google account and connect IT to your account and start using that to get in the account from then on to even if you change all your passwords, that access would persist.

So if you really want to change your passwords, you really need to go through all of the websites that you have to see all of the connected services and alternate loggins and ever hits a mess. It's a mess. And of course, another way is if the site has a way to generate an A P I K, you can do that and then access a stuff from there.

There are so many options to create ghost log gans to maintain access to an account, even if the user changes are password. This is what I mean. If fifty people all have access to someone's drivers license and drop box, then perhaps nobody is looking closely at permissions.

If that's the case, there is a high potential being able to create a ghost loggin that stays working for years. And I must say this is a new territory for security teams to navigate. You hear about this and like general terms, like least user privilege and the sort of stuff. But you don't have people who are like experts and zapp er account security who will audit what apps you have given permission to regularly. This is a big chAllenge to keep up with uh so with all this data like a terribly and terribles from some of the biggest h stars in this a dubstep world, do you ever think like, you know, we can make some money of this?

I wasn't into that, but I would like to find out this bin tire was sort of starting to get into that. I mean, after a while of these things keeping leaking start to leak on reddit that were meant to be just kept between us and that no one else was supposed to have access to, I clocked on that this spin time must have been being dishonest about IT. So I confronted him in mid october.

I said, are, are you sharing these? Just tell me right now, are you sharing this and he says, no, it's not quite like that. I said, how is IT then says, I can't say say it's paying for them. He says, yeah. So I think h well, finally, after I have missed IT and i've caught him out on in his whole game plan and he goes on to explain that he quit his actual job to sell these files to some rich kid.

The other side of the world, I say a world, this goes against the every year, the whole reason that we were doing this in the first place, we to keep these files somewhat safe and prevent these people from getting access to them, to be able to, so they can do this thing with that. And then he's doing IT himself. IT really made me quite angry. I felt mislaid on the whole thing.

This a tRicky situation. And navigate for a teenager, like, what do you do when your partner in crime starts doing things you don't approve of? Together you made a map of all the berry treasures, all the shared links and log games and passwords and slogans.

Terribles have downloaded data, and a whole system of techniques and piles of data to sit through, to find more. And suddenly both of them are now highly suspicious of each other. Now that I was known that's been tired with selling this stuff, spin tires offered them a cut of the money. So I keep things quiet and stuff I said.

yes, but what I meant was, I agree so that he keeps, you know, he he thinks that thinks that i'm on his side still so I end the chat and I go and talk to shame. From extra shine was .

the moderator and admin of the extra professor upset was like, listen, these leaks that have been happening lately, I know where they are coming from, spin tire is selling IT, and I don't want more to leak out. So here are the other things that might leak.

So he he grazing is like, yeah, know what we can to prevent binti from Carrying on with the stuff. So we started working together from that point on on these things. Me and chain. And another friend, or Annie, was another .

guy very tuned in to the unpleased music scene, and he was a wiz with all these online services and how their security can be exploited, which could be really handy to break in a more share drives and stuff. And shame had seen that dinner wasn't trust worry. So they stopped working together.

So the new crew is professor dubstep, shame and arnie spend time and dinner were out. And not only that, but they all agreed that spin higher needs to be stopped till they put filters in place on the sub to keep certain tracks from getting posted. But they also started going through the ghost loggins and shared links that spent tire had to lock him out.

They were changing passwords and disabling shared links. It's kind of funny that this teenage crew knew exactly the steps to take to keep hackers out. Yet the music labels themselves either did not know or did not want to stop these kids.

Yeah, I mean, that's just kind of what we start doing. Our main plan was just prevent spinal re from from retaining access to these to these accounts and these folders that we spent so longest to gain ourselves access to. And then we're locking them off to try specifically to try and prevent things to prevent this.

No IT IT is kind of strange that IT change in that way. I'd cut spin, tire off and the dog, I mean, i'd been different than for two years at that point. IT was divulged to cut him off, was funding out, was so, but, you know, I had to be done. Damage was actually being caused. And I was recognizing that .

what I headful to navigate as a teenager, er, you know, like to be sitting in what history class, just thinking in the back of class, what stuff spent tire might still next, and then the rush home and change more passwords to try to lock them out. But then when you're in there cleaning things up, you remind IT, oh yeah, this is the account of those banking details for this major musician who's a millionaire. That's funny. Not gona touch that, but I will stop spin tires from getting back in here once they we're slowing down spin tire. Could IT was time to start looking for new treasure troops?

I think at the peak of things probably had like a network of twenty five accounts, IT was a lot. I mean, we were doing this, this sort of this all day, basically just trying to figure out what could be what could be next, what could spin time as next target be, you know, what could be something dangerous that he would get access to that shouldn't get access to going, get access to ourselves instead IT IT was ridiculous.

The standard system was to find and musicians email address, search for that email address in the breach database, get the hash, crack the hash, then use that on a whole bunch of sites that musicians might use and hope they might be reusing passwords.

Yeah, I mean, that's the thing as well with with box up or drop box. If you if you make a shared folder and you invite all the collaborators is to IT. These management companies are inviting fifty people to have folder and you could you go through embroils that list of people and take their names and their e mail addresses off there and then you could run those through the data. So could if you spent long enough on that, you could tunnel through to all kinds of places that way by just going on IT again and again again until you get somewhere and you you could build up a network that way.

Of course, you all should know by now the dangers of raising the same password on multiple sites. Here's a clear reminder why you should never do that, but you should also watch out that you're not too lazy when making different passwords .

quite a few times. Did not change IT very much that maybe just add a capital letter or an extra number on the end or there was one one manager that we were looking at his passing. IT was the same thing for everything, but he just changed the letter at the end.

And IT letter at the end would be the initial of what every site the account is for. So if if the account password had league for my space, IT would be word and then the let m at the end. So to get to the past work for box, stock, car or drop box, you know, you just changed literally end to A D or be and that would work. You'd also not get a notification that that password was compromised because IT wasn't. Yeah.

that's interesting because I regularly track all my passwords to see if any of them have been exposed in the data breach, and I change any that do get seen. But if my password discussions because it's just one letter off on every size that those would never appear in any database breach to make me want to change IT. Now, one of the songs they got a hold of early was purple lambkin.

I yeah poco lambkin. I was something that came from the or displays manage account. One of the arms that they were managing called flutter damas, they do D.

J sets that the main festivals throughout the year, but trap music can upset music. And in one of these contact sets that was stored on this management box with all the passwords for the D. J.

Jew, and one of them was the password for there, what for their split account splice with a service offered project files, storage for music software to eat. We got into that, and we dow loaded their D, J. Set preparation files. And because they were, tell me, big players, they had all these working progression versions of tracks from from other people in sen. And purple lambinon demo was one of them.

By the way, if you wondering if there's a dolphin in purple Amberg inning, the service is is right here. Thing is, this is a demo version, which I think is Better than the official version, but this demo wasn't released when the official one came out, and I don't think had any plans i've ever get out. So at this time, only professor dub step and a and full of people in the .

world ever heard this. Basically what happened was a few months since I got spin terror, and I was missing my friend, and I went and blocked him, and I started talking to him again. I said, you know, are you still doing the selling? Because we'd would have been trying preventing from doing IT, preventing him from getting anything sell he said, no, you know, i've finished with that.

I've caught of those people realized that they were trading and leaking the things after blah, blah. So say, okay, well, you know, to be friends again. Sure, let's go back to houses where couple years ago, just talk about music.

Can not do not be involved in a new of the dog stuff. Not say, okay, sure. You know, we kept t talking IT LED into, oh, no, i've got these couple cool new things. Do you have anything cool new things? So we share a couple of things back and forth with each other.

I called times the purple ameinias demo is one of those things that a week goes by as usual, IT leaks on reddit, the one single possible corporate spin tire, just a blow up my so, you know, this has happened again. You're the only explanation for this stingey akin my trust again. So I cut him back off. But it's too late by that point. And to think at late, that was my own stupid thoughts.

But december rules around, and we had one last big a thing that we wanted to try and do, which was to get into a major laser production production account for whether held all their songs files and their production files for things that they were working on, things that you could load, open the music software and seal the individual bit server and change things. So we had the idea to go for one of major lasers production team and see if we could, we, if we get into their things. So we had one last, go on the database and see if we could get the, get the past to their to their drop box.

And we did manage IT. We were talking back and forth each mean onion chain in the group chat, saying, oh, it's here. Who was one specific songs that we wanted to get called terrorised, featured colly.

So we we looked into this account. The first thing we searched for was terrorized project file. And was there the actual one that were that the group were working on at this, the very, the very day.

So we were talking back and forth with each other. I H. It's terrorist season, terrorist season. Goat, greatest able time. But there was more than just that in drop box.

There was another terribly of stuff that was being worn at that minute, like the inner workings of a, of a major of billboard top one hundred pop artist. And everything was there, individual assets, your drum samples. So synthes all kinds, which graph? All that stuff.

Well, I mean, IT was too much to wrap. And in many of these cases, IT was too much. IT was too much there. The things that spent I got hold off from before he was cut off outside to, you know, he was the leaking had really picked up and mean chain and on you basically decided that we needed to make even more efforts to contact. These people have been compromised.

So and i'm pretty sure is only that this he he ran up actual managers phone number and left a message on on the voice mail e to say, you know, this is happened. This is what will happen next. You need to start taking steps to secure your stuff like straight away, the wise, the damage you would just rack up, like into hundreds of thousands of dollars to their legal teams started talking about this, like, oh, how could this happen? 8888888。 impossible.

We sort. We end up in contact with with these legal teams on the both identities to explain to them how IT happened, why IT was happening and how they could prevent IT basically single. Yeah, you know, we had plans for these, for these song.

We had plans for terrorism. That was gonna like A A big thing, because so many people wanted the sun. And that was that basically just cancelled all of that because I was the potential for IT leak early was there. So they cancelled all .

of those plans. Yeah if you go on major laser spotify youtube channel, there is no such song as terrorized colly birds didn't release IT either, even though he sings in IT, the song never got released. Despite they're being quite a decent amount of people really looking forward to IT.

And I guess this is why I got cancelled. The hackers ruined IT. But if you you're curious what the dolphin sounds like in IT, here you go. This is actually remix of that are found the when they got leaked was a little difference.

But it's wild that this totally unreleased major laser song is out there in the world for anyone to listen to but because IT wasn't an official release, IT doesn't have many plays and it's not an official song by a major laser. IT could have been a hit. Major laser has three songs on spotify with over a billion place.

And Polly boys is pretty popular too, a reggae dub step cross over song. That's a great idea, but IT was never released. The project permanently halted. How are, you know, just to think an early version of the song that gets league too soon, IT upsets the label so much that they just give up on the .

song entirely, an album that was being worked on at the time, music as the weapon that was cancelled to or not cancelled out rolet, but really delayed. They only came out in something like twenty to any two to anyone. IT was four years after all these incidents, but we were basically just talking with each other, trying to come up with these plans of how can we prevent these things from leaking.

You know, we want to help you to figure this out because we know these people that are involved with this, and these legal team are coming up with these ridiculous plans, like will fly, spin, tire out to new york, will will taken to dinner and will hand him thirty thousand dollars in exchange as hard drives and and then that will secure our files. I turned to trying to tell them, know that will not work. He will will just make a copy of IT you know, as a ridiculous and they were not having was saying all this thing.

This definitely seems like the best idea to me. And I was think, no, no, please. No, don't do that. I'm not sure if they actually did that in the end or if they realized that I was not gonna help their case.

What did they know that you had the drive or you know, hard drive, full stuff too.

Well, this is the thing me, I didn't download all the things, so i'd pick and choose couple of things here and there. But a lot of IT was was kind of just not so interesting.

The thing is, professor dumb step enjoys listening to early dumb step tracks, but that wasn't the driving motivation for this place.

I'm not here arriving fan ales just more interested in being able to break these things down and and look at the production because they could help me to to learn how to make Better means at myself and see how you how I was being done, how how the the bill board top one hundred stuff is being made. And I could, I could, I could use that to help me create Better things myself is the valuable .

learning resource. I feel like that's a stretch. You know, like you could go on youtube and watch people making music and learn from them.

You can hang out at, you know, groups and circles. Other garage ban or whatever the case is really, how are you doing? Oh, oh, that's an interesting method. Like, but you're like, I think I hack into disclose the drop box to learn on my own things. I'm good like it's it's it's quite a different really like paths of learning.

Yeah, I see your point. But at the same time, IT is kind of one precedent that you can go into. You can go into a project violin and look at the entire start to finish process of IT.

The entire project files were in these folders, ers, all the effects samples, everything that was used to make the song seat. Most of this music is made in adore, a digital audio work station. So that might be tools like able in life, and to be audition or pro tools or something like that.

These were the tools that you'd have to use, view how these songs were made. And professor dogs that had these tools to examine at all. Not only could they break apart the song, isolated tracks and sounds to see how was composed, but there were different versions of the same song too.

They could see how the song evolved over time. What an amazing thing to explore for someone who wants to make electronic music as their career to be able to study how the prose do IT in such a detail. You never get to see these behind the skin's bits.

I mean, even me, as an up in coming pod R, I would have loved to get my hands on the full project files for this american knife, for some show that I was really inspired by. I have been huge, and I bet that would have helped me understand the complexities in details of how all this gets put together. But not only that, but to see such a variety of songs and musicians, project files, IT really puts them in unique position to have such a close and upfront understanding of how all this music was made.

You you have to know some indepth music stuff already to build to figure out out what what you're even looking at. The fact that i've been able to to look at all this and and take some insight from IT that can help me later on is basically invaluable. This Price, this I just .

imagine professor dub step in some music class for the teachers like, here's the proper way to use effect. And they're just like, uh, no, that's that's not how rics does IT or or diplo or major lation. Oh yeah, how how do you know? Never mind. Carry on anyway. IT took him a lot of convincing, but they were finally able to get the legal team to .

fix all the problems and and twenty sixteen was was was the final, you know, called IT quits and stop doing all this this hacking stuff, which I mean is is not a right to call IT hacking really is not even on script ity level is is just searching through things and using logic to try and figure out passwords is not it's not it's not really like complex hacker stuff, but it's just and I I know a good word to use to describe that.

But you know, i've been thinking for a good word to use here this whole episode myself. The if and stealing isn't quite right because the original copies are still there. I feel like for you to be stealing, you need to rob the person's.

They don't have that thing anymore. And if you post something online and someone makes a copy of IT, that's not stealing, that's just downloading a copy, and that's what they did off and just downloading copies of things that had public links to IT. Was I supposed to be public? no.

But was IT. yes. So the term I think that best describe this is x filtration. They exhilarated files that were not meant for public consumption, but weren't very well protected to me. This has the right ring to IT professor dub step professional accelerator.

And fast forward to to twenty nineteen. And I just, I just finished college. I did a music course at college.

I've left all this stuff behind IT IT was all kind of calm down. Nothing was leaking anymore. No accounts were being compromised or not by me anyway. And I can't thought, you know, I will find out what the what the old people were doing in in modern day to chat with shame, had a small talk with oni in chain was still going on with his thought from one I together. Annie had moved away from from doing IT and he did him.

You've got I think i'm pretty sure he went to work for the FBI and got security clearance, top security clearance for something or other other people in in the extra crew had some of them have got rated. Some of them have gone to join the three things like that. You know, everyone had gone ough to do different things, apart from the one guy who who had had done the most weird and awkward ard situation possible, spin tia had had gone from being the seller and the liquor of so many hundreds of gig bites of data he had.

He had gone from leahy ney school x demos and trading them to being on school's production team himself was now technically critics. S because because yet and with that, you know, to correctly one of the ones that is go shitten goes to produced. No, he's he's not real. He's just to face a brand.

But you so you're saying a lot of the school lexis music today is made by someone else and as scholar just puts .

money on IT all of IT does the team of yeah there's a team of mean in two and ninety IT was the team was at least five, six people putting together these songs and that's that's what it's always been really it's collect is first release in two thousand and nine and two ty ten, like every month, is a nice Price.

His first D P, was ghost produced by noise to quite a large extent, maybe not entirely, but a large portion of the of his all of this sounds over the years have come from other people putting putting IT altogether. So yeah, this is producing runs deep in the scene. So many of the big players, uh, uh, fake.

All right. I can't find any article saying that crick doesn't make his own music. Musicians collaborate all the time with those musicians to make music.

That is no surprise. But the allegation here is that these musicians aren't crediting the people who helped to make the song. So what you think IT was then he made IT.

IT really wasn't slick is known for being very hands on with his music, but there are some well known cases where other big time musicians have been accused of taking someone else's music and calling IT their own without giving proper credit. So this is known to happen. And honestly, I don't know what to think of that.

I mean, on one hand, an edm musician is just playing someone else's music that's called being A D J. And it's a bit of a stretch to say you made this music. But on the other hand, what do I care if you really wrote this song or had someone else write for you and you just put your name on IT?

The music is what matters is fascinating to me though, because i'm endless ly obsessed with the dark parts of the internet. The digital underground is bustling with activity, but with hush tones. And it's all right under our noses. It's the world we rarely see, but sometimes here.

A big thank you to professor dumps up for shing. The story with us. This episode was made by me, the A I adventure.

Jack sider, our editor is the code conjure chin leger mixing done by proxy sounded our inter music is by the mysterious s breakfasted. Sooner amy are to be known because next is. Unit is time to execute some no leg, no lazzi. Tonight we reach peak band with this is ternant diaries.

晒晒。

upside.