Hotline Hacked Vol. 9
58:03 Share

Thank you for calling Hotline Hacked. Share your strange tale of technology, true hack, or computer confession, after the beep. Hello Jordan and Scott, I recently found your podcast on Spotify and obviously subscribed. A bit about me, I'm currently studying cyber security at college, which I began after recovering from fourth year engineering about five years ago.

Anyway, when I was still allowed at that university, foreshadowing, I ended up in a building on campus at 2.30am. As if that wasn't weird and concerning enough, the building was also supposed to be locked. This building, let's call it Building 1, was rectangular with eight entrances, two on each side. It's certainly possible that Building 1 continues to be rectangular to this day, but I digress.

Each entrance was locked to the public after 10pm, but remained accessible to certain students and faculty who could unlock the doors with RFID cards. One night, walking home from the bar after last call, I saw Building 1. And as most normal people would in such circumstances, I was immediately compelled to "buy" the building, which, as I'm sure you know, entails walking around to each entrance and sarcastically tapping my credit card on each RFID transceiver.

As I walked around to each of the eight entrances, I conducted my NFC acquisition procedure, each time seeing the RFID scanner next to the door flash red and remain locked. After tapping my maxed out credit card at the first seven entrances, I did the same to the eighth. However, this time the light turned green and the door was unlocked.

After aimlessly wandering around the hallways for about 20 minutes, I heard a door from the stairwell open and a team of police and campus security came speedwalking toward me. They positioned themselves in a circle around me, presumably to reassure me that I was safe and not in any sort of trouble. They asked for my ID, but I was so frazzled and nervous that I forgot which pocket my wallet was in and told them I left it at home.

The four of them began to ask me a series of questions at the same time, and eventually the officer standing behind me said, While I continued to stand calmly with my arms at my side, I asked what I was being charged with, and he said, At that point, I explained how I had not broken anything. He seemed skeptical and asked,

How did you get in here then? So I calmly explained that the door was already unlocked when I pulled it open and suggested that they might want to have that particular door serviced if that's an issue for them. After continuing to not handcuff me, we all walked outside and I received a lifetime ban from the institution and all of its jurisdiction. I'm curious if you guys have any insight as to how a credit card could theoretically bypass an RFID locked door.

something something buffer overflow something failed open something or something really appreciate your podcast take care welcome back to hotline hacked welcome to hotline hacked it's the call-in show where you can share your strange tale of technology true hack or computer confession such as trying to purchase a building that is still rectangular to this day with your credit card

Hotline Hacked is brought to you by Delete.me, something that we'll get to later. Join delete.me.com slash hacked. Something, something buffer overflow. Okay, so we've got a caller. They're wandering around on campus. It's the dead of night, and they do a lap around a building tapping their credit card. Weirdly, this is not, I think, the first time we've had someone call in with a tale of buying a building by tapping a credit card on RFID on campus online.

Are you familiar with this? Because the first time we got it, I thought it was an anomaly. And now I'm realizing it's a thing. That's the thing that lands for me here is like, am I just culturally out of it? Like we're Canadian. Like maybe this is an American or British or German. We used AI to give this person a voice. This was a tech submission. We have no idea what culture they are. What culture is like, let's buy buildings. I'm just going to tap my credit card on RFID pads and like I take possession of it.

It's mine now. It's mine now. My credit limit is way too low to buy a building. I know that. So technically, I have no idea what's going on here. I'm curious for your take on this. I do like the interaction with the cops. They swarm in. They put you in handcuffs, hands behind your back. It's an alarming experience if you've ever been through that.

What am I being charged with breaking and entering? Didn't break anything. Didn't really break anything. So if he didn't break anything, do you have a sense of what he did? Well, aside from what he's telling us, he did. Sure. Like, I'm sure we could sit here and theorize. Maybe there was an issue with the door. Maybe the RFID pad was, you know, having some form of problem, but like tapping your credit card,

Which has an RFID chip in it, right? Like that's the thing. It's like you're actually triggering the like RFID handshake between your credit card and the pad, but it's then validating that against a database of like authorized, you know,

RFID IDs to see whether it will open the door for you or not. And chances are his credit cards RFID ID is not going to be in that list. And if it wasn't in the list for the first seven pads, it would definitely not have been in the list for the eighth pad because they all probably look at the same database. So in reality, he probably was right. There probably was some kind of issue or he's lying and he broke into the building. Sure. Yeah.

It is a pretty good thing to riff off the top of your head if you're standing there in handcuffs and the cop says, oh, we're charging you with breaking and entering. And you say, I didn't break and enter.

I tapped my credit card on the door and it let me in. And I'm picturing like you've got a little bit of beer on your breath as you're saying this, and none of them are quite tech literate enough to know if that's how any of this works. I feel, I feel like that's a good point. I feel like he would probably have more than a little bit of beer on his breath. That's just right. Um, at three o'clock in the morning, trying to buy a building with your maxed out credit card. I only ever do that drunk. Uh, I'll be honest with you. I've only ever tried to buy buildings. Uh,

I'm going to start doing this. If I'm ever drunk again, I will immediately pull my credit card out and try every RFID pad I see. Scott just wandering around on campus trying to charge a building to a visa.

But here's the thing, like the thing that I'm most surprised about is the response. Because if lots of students and staff have RFID cards that do give them access to this building 24-7, then just seeing a student wandering through the halls of the building shouldn't have been that alarming. Do you know what I'm saying? Yeah, for sure. I mean, I guess the, was the building closed down for the night at that point, presumably? And how uncommon is it for there to just have been a student who was left over in

Like I fell asleep at little cubicles inside of library buildings and stuff on campus, uh,

more than once and kind of just like snuck my way out. So I'm assuming there's more to it than that. I'm assuming there's a security camera feed of a guy wandering, stumbling, let's just call it, around a building, tapping a card against the thing. Like I'm guessing they had a little more evidence than just he was physically inside the building. The thing for me is like I had an RFID card and I had 24-7 access to buildings on campus when I was in grad school to certain buildings, computer science faculty buildings.

And there were students in there all the time. Especially that faculty. There's a lot of night owls in competing science. A lot of people that do some of their best work, and I am one of them in the middle of the night. Yeah. So to me, it was just like having a student be present inside of a building that has 24-7 access to students that have access to it. Seems like a...

a large response for that unless there was some other trigger for it. So, yeah, I mean, this is probably unsatisfying for the caller who was genuinely asking if there's a technical explanation for how a credit card could open a door. And we're just immediately jumping to assumptions that that's not maybe what happened. I just, I, I simply don't know technically how that could occur. And I'm going to make it worse right now because I'm also aware of the fact that there is a great way to open a locked door with a credit card.

Definitely. Done it many times. Done it many, many times. The latch is inside of a thin little gap of a door that is a little bit thicker than a credit card. And you can just pop one of those bad boys in there. A fine butter knife works better than a credit card. Okay. Yeah. That makes sense. You're in an Airbnb in the little lock closet where they keep all the extra coffee and toilet paper. Oh, just a little butter knife. That's a good one. Yeah, yeah, yeah. I've had to do that many times in Airbnbs. You haven't?

They put out one roll of toilet paper for like a week's day and you're like, come on, come on guys. And then you have to like break in and get more toilet paper. That's true. There is always the one little locked area. And normally I would just try and respect that boundary. But sometimes there's like a suggestion of a towel. Not me. There's like a half of a towel when you get there and you're like, this is not, I can't abide this.

Time to start tapping credit cards and buying cupboards. So to loop back to a satisfying technical explanation, I will loop back to what I already said, is that given that you failed on seven things, there's no way that it was a random coincidence that your RFID handshake from your credit card was in the database of authorized RFID things. So no, there's no technical explanation besides faulty infrastructure. Maybe there was...

I have no idea, honestly. It could be, there is a, I think faulty infrastructure could express itself in a couple different ways. One of which is that door was just open. Like I tap a thing on the door and it makes a beep noise and I go to open it. And my brain makes the connection that I unlocked the door and it was like, I wonder what would have happened if you would just turn to that doorknob prior to tapping the credit card. Um,

And the cops are already on their way because they saw a guy doing laps trying to buy a building. Thank you for reintroducing that concept to us because I might start doing it too. Yeah, so no satisfying technical response. I do think that Jordan's probably...

is probably the most likely, which was that the door was actually just open and, uh, happened stance matter of chance, tap your credit card on it, pull the door handle in the door. You convince yourself that you're tapping of the credit card, open the door, which would inadvertently make your legal defense ironclad. Yeah. Opening a already unlocked door is even less breaking and entering. Um,

I'm not sure it's necessarily legal, but depending on what the signage things were publicly accessible space, but that the access is limited to within time, whatever, we don't have to get into the legalese of whether you broke the law or not. I'm glad that you didn't get charged, but it did sound like it might've had an impact on your educational pursuits as a little bit banned from the premises.

Well, I'm glad you recovered from fourth year engineering, which I also liked that opening line. And I hope you're doing well, caller. I hope you've bought plenty of buildings in the interim. We appreciate the fact that you reached out. We wish you the best of luck on your cybersecurity educational adventures. And thanks for your submission. Jordan, do you ever wonder how much of your personal data is out there on the internet just for anyone to see?

I mean, you're talking about like my name, my contact info, my social security number, my home address, even information about my family members. Yeah, yeah, yeah. All of that stuff is being compiled by data brokers and then sold online. Anybody on the web can buy your private details online.

This facilitates identity theft, phishing attempts, harassment, unwanted spam, you name it. I mean, that sucks. I hate that. But now you can protect yourself and protect your privacy. How? With Delete Me. Oh, heck yeah. I mean, it's people that exist publicly, especially people that share opinions online about buying buildings.

I'm thinking about my safety and my security. It's easier than ever to find personal information about people on the internet. All this data just hanging out, being harvested and collected and resold by data brokers, it sucks. And it can have real consequences. And that's why we personally recommend Delete.me.

We do.

Scott, how do they get a discount? Today, and most of the days, you get 20% off your Delete Me plan when you go to joindeleteme.com slash hacked and use promo code hacked at checkout. That's the only way to get 20% off is to go to joindeleteme.com slash hacked. Enter code word hacked at checkout. That's joindeleteme.com slash hacked. Code word hacked. Sponsor of Hotline Hacked.

Highly recommend them. Love them for being a supporter of the show. Check them out. Hey, Jordan. Hey, Scott. Fan of the podcast. Not a big fan, but a fan. Anyways, I think I have a pretty good story you guys will like. Not a big fan, but a fan.

A fan is just a big fan you haven't met yet. That's what people say. I'm a fan, but not a stan. Oh, yeah, there it is. There it is. So this caller brought us a lot of really great information about a very funny story. We're going to summarize the first little chunk of it for you here. They basically tell a story about their relationship with their little brother, who they codename Timmy. Let's just call him Timmy.

Little Timmy was in grade eight in school. It gives him Chromebooks. Timmy! And it covers a long arc of starting when his little brother was in elementary school, he gets a Chromebook. It's a little bit locked down, so the brother helps him crack it so that his little brother can watch YouTube on it.

Little brother gets older and older. Some years pass. He gets to junior high or high school, and he gets a fancier laptop, a fancy little Lenovo with a touchscreen. And this time, he wants to, I think it was, play the frickin' Wii. You know what I really want to do? I want to play Wii. I want to play the frickin' Wii on this thing. Yeah, Wii emulator. Some classic titles. Get some Twilight Princess going. Can we just stop for a second and say, what school is this kid going to where they are giving, like, every class?

year he's getting like a fancier computer from the school next he needs him to crack the vr the apple reality pro or vision pro or whatever it's called um so the little brother gets a new computer comes back to his older brother who says i want i want help being able to play play my mario kart and the brother brother helps him out takes us through the details of how we cracked this computer and we start to get a sense that this is sort of just a little recurring thing in the relationship the tech literate older brother helping out timmy

And it brings us to... I cannot do it. It's very hard not to. Which brings us to the start of the story proper, which is where we're going to jump in, where this caller, the older brother, has an idea for a little prank. Fast forward probably till, I don't know, April, May, end of the year. I just, I don't know how I came up with this idea. I just had this random ass idea one day.

And I thought, you know, I'm just going to do a little prank on my brother since, you know, I helped him out with this esports thing and unlocking the entire laptop or whatever. So I'm just going to do a little prank, just a little prank. And so my idea was to create something I called the sound bomb. Basically, what it was, was a script that locked down the entire laptop and just blasted music at full volume.

So to execute this, though, I had to do a ton of testing on my own laptop. The first issue, how to set the volume to 100% at all times. I found this command line utility called setvol, which allowed me to set the volume through the command line. And so I just had a batch script that looped every second to set the volume to 100%.

And then another very important factor was choosing what music to blast and eventually decided on this Piano Man parody. Should we play it? Sure. I don't think I've actually listened to this yet. No, I didn't listen to it yet. You didn't listen to it? I listened to it. It's nine o'clock on a Saturday. Regular crash of a... Okay.

That's enough of that. 444,000 views, I will add. All right, Andy Salad. Okay, so he's decided on the piece of music he wants to play for this sound bomb. Cranking the volume, looping the set vol command to make sure that the volume stays max, even if you turn it down. And it sounds like he's going to hammer you with that beautiful, beautiful tune. Another thing I need to do, I need to disable the mouse and keyboard. You know, this is before the days of Chet Jippity.

So I had to find some random. Okay. Pause it. Pause it. Chat. Sorry. Love that. That was like a bolt of lightning. Like cancel everything. Chat. Chippity. Chippity. Oh, my God. Resume. But keep that one in my pocket. Chat. Chippity. And stack up for scripts that actually worked.

And another thing I want to do was I wanted this to be live stream. That's rude. Like sound bombing, somebody locking their laptop, playing Maxwell, this insane cover of piano, man. Funny.

Then also broadcasting it live. Oh, that's really, that's pretty funny. I mean, once you get the shape of a joke in your head, it becomes like a checklist where you're like, and it would be funnier if the mouse didn't work. And it would be funnier if the webcam turned on and it would be funnier if it's straight. Like I, it's like a snowball rolling downhill. If it was broadcasting live and saving itself on YouTube. Which he did send links to. And we're going to get to them.

So I got OBS installed and I managed to start it through the command line and also in the background and live stream to my own YouTube channel. I went like all out on this. I went as far as to disable the audio port. So if you plug something in, it would still play from the speakers. And then I also remember I tried my best to disable like the power button. Basically, I made it.

where I think somewhere in the control panel settings, power settings in there, like instead of just tapping the power button, you have to like hold it down for a good like five seconds. Like I just wanted to make this as annoying as possible.

I like that he's covering his bases, making sure that no matter what you try and do, he's still going to bombard you with the sound bomb. I like that just the metric of success is just annoyance. That's like, yeah, that's right. You're going down that road. The first part of this all, though, was getting it on my brother's laptop. Since I was the one who unenrolled the laptop, I had set up a lookalike account for my brother. So I knew the password, discount, and everything.

At the time I wasn't like great at using the command line, so instead of connecting remotely with like SSH or RDP, I decided to do this physically on the laptop itself. So that meant like I had to find opportune times where my brother would not see me on his laptop

I just remember the best time for the setup and everything was when my brother would go to like a friend's house for a weekend. I just remember I had to sneak on his laptop a lot. And there was a couple of close calls where he'd like go use the restroom and then I'd sneak on his laptop real quick and mess with some settings or whatever, mess with the scripts.

and then i'd have to like right when i heard hear the door creak i just run off what eventually came up with triggered the script was a scheduled task that would trigger in the morning on a school day whenever you log into his account my commitment tried to pray that he actually went to school on the day of the triggering i remember i want to set it up where it only triggered if the laptop was connected to the school's ssid that's so that's so thoughtful too like it's so elaborate i gotta also say like

There's so much attention went into this plan. It is, it's such a good prank and it is the worst crime. It's like, it's a suspect pool of one. He immediately knows who is responsible. Yeah, totally. I also love that. Like he just say that there, that didn't know command line like very well back then.

Clearly developing those skills through this prank. Yes. It's like, you know, he's talking about how he didn't use like a remote shell to connect into the computer and do it remotely, which he probably would now. So obviously he's been growing since this prank, which is good. And to set up and check to make sure that the computer is on the Wi-Fi before you execute the prank to make sure the live stream goes. Italian chef's kiss. Yeah.

Yeah, chef's kiss for sure. But when I tested that on my own laptop and my own Wi-Fi, I just could not get that setting to work, which really frustrated me. So yeah, anyways, I had the task scheduled to trigger on a random day in May, and I was freaking hyped. The day of the prank literally felt like Christmas morning to me. It sounds like so much buildup that the payoff...

I can, I can, I can understand. Like it sounds like you spend months planning and executing this. I would fine tuning the details, getting it ready. Soundbomb. I'd be freaking hyped too. It was the closest I've ever felt. The 10 year old me waking up in the morning for presents. I was glued to my computer screen the entire morning, uh, watching my YouTube account, waiting for my live stream to appear. Then at like around 9 30 AM, my YouTube stream appears with a very confused Timmy on the screen. Um,

Unfortunately, the stream only lasted like six seconds. What I later realized was I totally forgot to disable the touch sensor, so my brother was able to exit out of all of the scripts just tapping the screen. I should have had all the scripts run in the background, but at the time I was just too lazy and incompetent. It does not sound like he was too lazy. No. It sounds like he spent a lot of time... I don't know if incompetence is the right word. I would say maybe just...

Learning, learning. I appreciate that he is relatively, to his current knowledge, knew less back then, but lazy. No one could accuse you of being lazy, sir. Yeah, yeah. So I just want to provide a little clarity for anyone listening to this, is that this caller, and boy do I appreciate this, brought receipts. So while we're not going to share the video...

And there's not really much audio in this first one. We do have YouTube videos of these live stream events. The first of which labeled a failure is a brief clip from the perspective of a webcam of a student opening a laptop with what looks like school windows behind them with a scowl on their face because a heinous version of Billy Joel's Piano Man is playing. It lasts for about five seconds and then the video is done. So...

Here's the audio from that. There you have it. You cannot hear the piano man, though, which is the thing that I find surprising. So that could just be the noise cancellation from the built-in microphone because it would be coming out the speakers. I wanted it scheduled for the next day, but I had it scheduled to trigger on the same exact day. So when my brother went to log into his account, it instantly triggered.

and yeah i didn't know this at the time until i'd hear the music blasting in the background with walls in my room looking back at the live streaming recording for whatever reason my brother started hiding in the basement and then in a closet apparently he had like suspicions it was me and didn't want me to know about it and just want to fix it himself um of course he eventually went to me once he realized he couldn't do anything

And so I first turned off the computer and turned it back on, you know, and I tried accessing command prompt from the lock screen through like the accessibility button. But when I clicked on the ease of access button, it was not showing command prompt. You know, it was showing the normal accessibility settings. And so I thought, all right, I'll just put in a Windows install, you know, and access command prompt from there.

But to my horror, the drive was freaking encrypted. BitLocker somehow got installed, and to this day I have no clue how it actually got on there without it being unenrolled in the domain and everything. What I think happened was some kind of MDM was on there and deployed some fixes or something. Like when I unenrolled the laptop, I didn't remove third-party remote tools IT had just because I didn't want to raise any suspicions or whatever.

So anyways, as a last ditch effort, I tried using the stylus to exit out of the scripts after logging in, and to my surprise, that actually worked. Apparently, the touch sensor and stylus sensor are two different things. And yeah, from that point forward, my brother watched over his laptop like a hawk.

would not be anywhere near it uh breaking many many years of trust we had i feel i feel like this person breaking many years of trust we have having done irreparable harm to my relationship with my brother

I love how he locked the computer up so well that he almost couldn't get access back to disable it all. And this person clearly has gone into a career in IT, like just his use of acronyms like MDM, like mobile device management software. So like an enterprise or school district would have like an MDM running to deploy remote patches and fixes and changes to the thing. Oh, God, yeah.

So it's like, yeah, like this person's skills definitely developed on and you can tell that they've gone on to a probably a successful career in IT, which is always a positive output of these things. But their relationship with their brother has never been the same. Yeah, he was not invited to the wedding. And so, yeah, that's my fun little story.

until fast forward to my brother's senior year of high school. He's in 12th grade. Now the trust is just starting to be rebuilt. We're slowly rebuilding the relationship. Trust is coming back. And, and then what happened? He asked me to unenroll it and put games on it again. Even after what had all just happened before, he just, I don't know. He didn't care. Um,

Yeah, I guess my brother has the memory of a goldfish or something. All I could think about was finishing what I started. All I could think about was finishing what I started. My grand vision was not fully executed and I needed...

to embrace it and adapt it. You likened the first version of this to Christmas morning for a 10-year-old. And I'm just, it's like, yeah, it's Christmas in June kind of situation. Someone walks into your room with a big old present. This time around, it was much better with the mainline and I had backdoor accounts and open SSH and RDP installed and set up like 99% of the scripts remotely. There's a couple of things I had to go on the laptop for. I think like OBS was hard to set up remotely. Some of the task scheduling,

But yeah, even after triple checking all the scripts and settings and the task trigger conditions, my script refused to go off. Like it was not triggering. The task was all like screwed up or something. So I started doing some troubleshooting the next morning and I accidentally set off the script. Basically one of my trigger conditions was for any user to log in when it should have just been Timmy's account login that triggered the task. And so the whole thing went off again at home at like six in the morning.

And it was triggered when I RDP'd into one of the backdoor accounts. RDP remote desktop. So he remote desktopped into this thing to see now. And yeah, my brother was really pissed off and he didn't say much. Just kept telling me to fix it so he could go back to sleep. And so yeah, I failed twice and never got a chance to pull off the soundbomb, unfortunately. Surprisingly though, my brother still asked me for help with his laptop. I have not firmly broken his trust yet.

Anyways. Wait till he finds out you told this story to like 100,000 people on the internet. Yeah, that's my story. Thanks for listening. Y'all better put this on the next Hotline Hacker or I'm going to cancel my monthly donation of $2 USD. I know that's a lot of money in Canadian dollars. Thanks.

See, he said he wasn't a big fan, but he's a patron. And it means the world to us. I also just like, and I haven't broken his trust yet. Which brings us to the final video of the Scholar's Submission, which is, I mean, it's a video of what he described. It's a black screen because the laptop was closed for about the first minute and a half, at which point a webcam opens and

And there's, yeah, what looks like a high school senior lit by the eerie glow of a Lenovo laptop screen frantically trying to get a heinous version of Piano Man to stop playing. This is an achievement, I gotta say. This one made me really happy.

See, but he says he failed. Yes, he did not. But I feel like he succeeded. He did not fail. But here's the other thing that I find funny about this is just how calm Timmy looks in this video. Like, Timmy knows what's going on. He's not, like, shocked by it. He's this, like, fucking asshole. Like, that's the look on his face. But this is a portrait of a man on the brink. I'm not an initial. It sucks.

It's like a creepy pasta. It's really good. And I know this is unsatisfying to listen to people laugh at a video that we, for ethical reasons, cannot share. For ethical reasons, probably shouldn't even be watching. It's really funny, though. And in a second, you get... Oh, my God. Click forward. I just want you to see this, even if we don't include this audio. Is it click forward in the video? Because I think you see his brother come in.

If I'm reading this right. Yeah, so partway through the video, the lights of the bedroom crash on and what I think is a second person who I'm assuming is the caller comes in with a look on their face.

It reminds me of when I saw someone get arrested on an airplane, like a person being caught because he is ostensibly was in the other room, remote accessing in. And then here's the music start blaring through the thin walls of their like house and comes rushing in with this really intense look on his face, trying to shut it down. The brother's not confused about who's responsible for this. Just looks angry. It's really good. Kudos to you, caller. Yeah. Kudos to you. You did it.

If you haven't broken his trust yet, that, I mean, I don't know what will, but that's pretty fun. You clearly learned a lot doing this project, and you've clearly come a long way since. So it was a learning opportunity, really. Yes. I love that you collected the receipts that you streamed to your YouTube and kept those videos unlisted. Just the fact that you took a trophy from it is...

Well, criminal-esque, but still very good. Yeah, appreciate you. Appreciate calling in. Appreciate you being a patron. Appreciate you sharing the YouTube links, which brings me to the fact that we now have a YouTube. We do. YouTube.com slash at symbol.

Hacked podcast. It's been up for about two weeks. I think there's 20 some hundred of you have managed to find it, follow it. Some new people, a bunch of new viewers and content. So we're putting up an episode from our back catalog every day. I think we're on episode 14 right now upon recording. So by the time this comes out, it might be a few more.

Go check them out. It's been actually really fun to listen to the old episodes. We've had some comments and feedback from a lot of listeners that say, hey, you know, I completely forgot about the old episodes. They're great. I love them. So please go check it out. Like and subscribe. It means a lot. Like and subscribe. Smash that like button. Why don't you? Smash the like button. Hit the sub and the noti bell. Yeah, we're trying to get to partner. We've got a bunch of plans for YouTube this year and next year, all of which require us to be partner status. So we're...

We're healthily past the subscriber requirement and now grinding our way through the hours watched requirement. So hopefully we hit those both sooner than later and we can really get to work on our YouTube channel. And long kind of arc of it is going to be there's content going up there that is different from the podcast eventually at some point. Eventually. Eventually.

And that's something that we're really excited to be building just so we can bring more different types of hack. I feel like the show has changed shape and tried different things over the years and adding a visual channel to it on Spotify, YouTube, wherever you watch video is going to be a lot of fun. Yeah, we've all the back episodes. We've kind of done this really cool ASCII art rendering. So Nick, a friend of the pod and colleague of ours did the animation and rendering for them.

So they all have this like hacked visualizer for each episode of the back catalog. We brought on friend of the pod, Matthew, who is going to be helping out with some of the original content pieces that we're going to be working on. So we're planning to do great things on YouTube to be part of the YouTube generation. One foot in the audio, one foot in the video. So just as like another thing is we have been video recording us making these podcasts for a few months now.

Whether that means that the more recent episodes, once we get to them, are actually us could be a thing. We'll see. We'll see. We're playing around with templates, concepts, formats for how to do it. Given the fact that Jordan is in another part of the country, we do record them online. So we're not sitting in the same room as much as we'd love to be. Maybe we need to do some in the same room episodes. Yeah.

So if you have any ideas for really cool guests that it would be worth us all convening together to talk to, get at us at Get It Hacked Podcast. We'd love to hear about them. Hey, guys. Big fan here. Really enjoy the work you guys do. Started listening to you guys because I was looking for something similar to Darknet Diaries, which I know.

We both really enjoy as well. But probably don't need to obfuscate my voice for this one. It's nothing super serious. But I'm a college student in the States, and I'm in a fraternity at my school. So I live at this fraternity house. And to give you a little context about the whole situation, we have two houses.

We'll call them main house and then second house. We have one driveway. They're right across the driveway from each other. But as fraternities get up to, we drink. Shocker. First time hearing about it. Shocker. And there's usually drunk people around our house, which is not really a surprise. Most of them are just like the brothers that actually live there. But the second house, they have this...

ritual you could call it of uh getting drunk and uh basically uh trashing uh the main house which is where i live well you've clearly oppressed them and kept them in the second house this is like a this is a revolt yeah it's the ruling this is kind of a snow piercer situation the back of the train raiding the front also the most creative use of the word ritual i've ever heard i live on the third floor and uh we have like a shared bathroom for the third floor

One day, there was a very repeat offender from the second house that was drunk or intoxicated, and he decided to trash. I like the clarification there. Drunk or intoxicated. Or intoxicated. He might not be drunk. He might not have drank something, but he's definitely not sober. He's not sober.

I had a main house, third floor bathroom at like four in the morning when no one was awake. And I had my toiletries bag in there that I just chucked out the window. It was on the roof. It was gone. That kind of gives the context of why I decided to do what I did. I wasn't doing anything serious.

Is this like the prank and get back episode? Yeah, it's always funny when someone's halfway through a call and they do that moment. They're like, so anyway, that's why I did what I'm about to tell you about. That inspired this. So obviously I was mad. I had, I think, a couple of expensive colognes in there that my brother and my mom had gotten me for my birthday. So I was pretty pissed. And I was like, how do I...

remedy this situation because obviously the person who did it didn't own up to it and like you can go through like, you know, like I don't know

if you guys can relate to this at all, but fraternities usually have a judicial board system, which is like a within the house, I guess, court system. It's really stupid. It might work for some other fraternities, but for us, it's just a joke, really. So the person didn't own up to it. He wasn't going to get jayboarded. So me and the rest of main house, we all banded together and we're like, let's take action.

So we're Canadian. Canada doesn't have nearly the fraternity and sorority system that is so popular in the States. We have them, but they're like... A pale imitation of the American system, which is quite robust from what we understand. So yeah, what we understand. We've never been a part of them. The one thing I will say that I did not know is that they have their own

judge jury and what sounds like executioner inside of them. Yeah. Like you mess around inside the frat and the frat like has its own tribunal system. I mean, I did not know that. I mean, given that the story starts with the framing of there's two houses, one of which has a ritual of getting drunk and trashing the main house. I'm going to go ahead and say, this is a little bit of a kangaroo court situation. Uh, given the extra judicial vigilante justice, I smell coming around the corner. Mm. Mm. Mm.

I'm a computer science student, so I know my way around a computer. And the first thing that pops into my head was, hey, let's DOS them. I will DOS them, which is...

Stupid thing to do or even think of, but you know. Denial of service, knock them off the internet. I'm sure everybody listening knows, but just so you know. It is what it is. That's my plan of action. So I Googled how to commit a DOS attack. This is going bad places, I feel like. Go listen to DDoS for hire. I'm sure we're about to get there.

Had knowledge of like what like a DDoS attack was but like a simple DOS attack I Wasn't really too sure about so I literally found a tutorial about how to do it and I Went through the whole process of like watching the video reading the tutorial Setting up like the virtual machines and stuff like that and then I realized I

I needed like an external Wi-Fi adapter and those things are, they're not super expensive, they're like 20 bucks. And I was like, am I really going to spend 20 bucks on trying to like DOS second house? And being the immature college frat guy that I am, I was like, absolutely. Yeah, I'm spending the $20. So I spent $20 and I'm trouble shooting, trying to run the attack. I realized that the Wi-Fi adapter I got doesn't even support like monitor mode, which if you know what that means, it's like,

I don't know, some technical thing where you can like inject packets to a router, some of them. Um, so I had to spend 20 more dollars. Uh, I returned the other one and I, I got a compatible wifi adapter and it was working. Uh, and then I got just so involved in it that I realized that it was only working for like certain, uh,

So Wi-Fi networks, depending on the version, there's 2.4 gigahertz, 5 gigahertz, and now 6 gigahertz with Wi-Fi 7. So what I think he's running into is that he was capable of dossing out maybe the 2.4 or the 5 gigahertz channel, but the failover is that all the devices would just knock themselves to a different channel.

Think that's I think that's what he's explaining. Mm-hmm. So right now so the tack was ready so I literally like sat in one of my friends room who was a He was I guess like a neutral party in the second house versus main house conflict I sat in his room on a like the entirety of Sunday and I was running this entire attack and everyone was in their rooms like watching football and they're all complaining because I

like a standard the authentication attack it's just like it disconnects your device from the the wi-fi the funny thing is for like iphone devices is that when people get disconnected it would prompt on my phone like you want to share the wi-fi password with this person and i was getting that the entire day eventually i turned off like my wi-fi um

And I thought it was pretty funny because the walls are super thin. It's an old house. It's a frat house, not super well kept. And I could just hear them complaining like, yo, what is wrong with the Wi-Fi? It was really funny. Unfortunately, the cable box still worked, so they were still able to watch football in some of the rooms. The streaming TVs weren't able to. I didn't want to go for the cable box because I didn't want to get our internet service provider involved. But yeah, that's basically my petty story.

come back to them throwing my stuff out the window. It's pretty nerdy. I guess not really what you expect from a frat guy, but I do go to like a tech school. I guess the funniest part about it all is that I ended up using those Wi-Fi adapters for my senior project that I needed to graduate.

And I was doing some stuff with like row Wi-Fi networks. So ultimately, it gave me good experience for when I needed to graduate. But yeah, I really love the show. Thanks again.

There's always that payoff, you know? It seems like so many of these end up with like, yeah, you know, I wanted to do this thing and I did this thing and maybe it wasn't so good, but I learned all about the Wi-Fi protocol and then I did my senior project on it and graduated. Now I'm a computer scientist. Yeah, sure. How'd I make it to the C-suite? Some silly shit I did in college.

I love his apologizing for being the frat guy too. It's like, come on, there's a lot of frat guys out there. Don't worry about it. A lot of frat guys even in computer science. I would say that the frat and comm sci circles overlap. It's not quite one circle then diagram situation, but there's some overlap between those. Not a ton, but a bit. I remember when I was in competing science school, very male-dominated academic program.

So a lot of frat dudes, even in a country that had no frats really, and like frat membership was like non-existent. There were still a decent amount of frat dudes in my computer science class. Yeah. There was one major frat on the campus of the school we both went to. And it was like a little baby version of a big frat. Like it was sort of the one that sat in for the entire Greek culture thing.

of fraternities on our campus. And it, it kind of had the same vibe of this, a bunch of people sort of both really close to one another, but also shit talking and pranking each other with just like a deluge of liquor kind of constantly sloshing around inside of it. I like the, the mention of the repeat offender from house two who was drunk and came in and

Just tossed a bag of toiletries out the window. Like the level of chaos that this is a repeat offense of just like this guy, like Tasmanian devils is way into your goddamn house. Starts throwing shit out the window. It's like, this is not sophisticated. No, this is not like the, the animal house, like elaborate pranks. Yours was way more elaborate than guy just came in and threw thing out window. You put way more thought into it than he did. I do like that. It seemed like he'd spent like,

A bunch of time prepping for this attack. Figured out how to do a bunch of de-auths and knock people off Wi-Fi. Waited for the big game, you know? Went and bought a bunch of accessories that he needed to execute it. Set it all up and then was successful in his like afternoon attack, except for that it did nothing because everybody still watched the football game on the TVs. Bingo. Just people were complaining that they couldn't like scroll Instagram or like TikTok or Snapchat while they were watching the game.

But you know, I'm happy you learned something from it. I'm happy you learned something from it. It's a pretty, it's a good goof. It's an elevated goof. It's pretty innocent compared to guy destroying property. You have a, I think that's a good thing. I think that a level head and not too much of a temper would serve you well across the rest of your life. In your future C-suite position. Precisely.

Hi, Jordan and Scott. Firstly, I just wanted to let you know that your podcast is one of the best I've ever heard, and I always make sure I tell my friends about how good it is and how interesting they find the topics you guys discuss. Secondly, I just want to put it out there that I...

Never did any of the hacks I'm about to discuss. I'm not technically confessing anything. I'm just sharing some stories. Of course. Yeah, this is all hypothetical. Hypothetical. Yeah, hypothetically. Didn't do anything. Donnie Dobbs gave my voice because I'm just recounting tales I heard in the pub. It's sort of an improv exercise we do here at Hotline Hack. I get it. So my confession is I'm from Australia. Yeah.

This is not a confession. This is just you telling us a story, remember? Yeah, you were so close. You were so, so close to getting away with it scot-free. And back in the late 80s, early 90s, there were these little orange payphones that were all around the country in small businesses mostly.

And it had a little hack where if you lift the receiver and you push the follow on button down and then push the receiver down again, the phone would use audio commands to say when it had hung up and you could trick the phone into keeping the dialer active.

Classic fishing. He provided us with links to the images for what these phones looked like. They are hilarious looking. Adorable. The industrial design of this is great. It's like a big old stick of butter. Gold phone. Gold phone. They are, honestly, I can see them making a comeback as a retro device. It's like, get a new home phone, get a gold phone. They'd blow up in Australia, I'm sure. You'd lift the receiver, hit the follow-on, and then...

um push down the receiver and then you'd still have the dial tone available to make a call after that free phone call um you know like this the the timing i used to get that to happen is ka-ching so back in the day it wasn't trademarked as a name for any particular companies that might sponsor certain shows uh you could just he's talking about shopify just so you know that would be the um

That would be the timing, ka-ching, to get that to work. Now, these phones started being phased out, and the major telco in here started installing a new model of payphone. So just to hang on that for a second, this was very similar to how old payphones in Canada and the United States used to work. So you'd pick up the receiver, and actually putting a coin in

caused an audio signal to go over the line back to the control, like back to the telephone switching, which actually activated a real line. So you'd put a coin in, the internals of the phone would send an audio signal across the phone line, which would then tell the control center that the phone line was active or needed to be active. So...

The microphone on the handheld devices was often still live. So you could just play that audio signal into the phone, which would then essentially tell the control center to activate the line. As though a coin had been put into the phone. As though a coin had been put into the phone.

So pay phones have always been a point of, less obviously now that everybody has phones everywhere. Sure. But back in the day, figuring out like the old fishing club and crew spent a lot of time figuring out and hacking with pay phones. So it was a pretty interesting thing back then. So I'm excited to hear the next bit of the story. Now, the new model, obviously, you couldn't do the ka-ching on it anymore. But what you could do is if you had a straw, you simply flattened it.

And then you could slide it into the refund slot just above where it enters and knock out your coin and the phone wouldn't know. So you could make free phone calls. So that was, yeah, my two little hacks back in the 90s. If you went to any payphone in Australia and you reached behind the phone, you would pretty much be guaranteed to find a straw in there. Anyway, the telco picked up on it and...

Had to change the way it was manufactured and it got fixed. And now all calls are free on pay phones. So there you go. It's moving with the times. It's changed. Anyway, I love the show and that's my confession. Well, thank you for calling in. Love you too. Glad you're a fan. Yeah. I like that this episode so far we've had what can really only be described as campaigns of terror.

A sound bomb, a DOS attack between these two frat houses. I'm like, I figured out how to make a quarter's worth of phone call for free. But the campaign part of it sounds like the fact that everybody knew how to do it, which is why there was always a straw wedged behind the phone.

Yeah, that's true. I feel like at a certain point you just leave the straw inside the booth for the next person. You just pay it forward. So it also does sound, and this is, you know, we obviously don't live in Australia, but it sounds like, and I've done a bit of reading into this, is that the pay phones are still existent in Australia. Yeah.

And they are free because they're considered like essentially an emergency service device. Oh, yeah. So they're not really there to, I don't think, you know, be used for the way they were used in the 80s and 90s. But they are still there just in case people need to make a call and don't have access to a phone.

Yeah. Which is interesting. Cause that is not the case in North America. No, I was going to ask, do they only contact emergency services or do they just have the good sense of saying like, you know what? Maybe you desperately need to make a phone call. There can be free phones for people. Yeah. Yeah. That's a great idea. Yeah, exactly. So the, something that we should adopt here, I would say when he said he reached behind them, we,

You used to, on certain models of them, actually be able to reach behind them and find the actual RJ cable, like the actual phone line. So back in the old days when you actually had dial-up modems and laptops that had modems built into them, you could actually go into some phone booths and unplug the payphone and just have a raw phone line. Oh, cool. Yeah, yeah. Yeah.

So yeah, pay phones. Always been a hacker's play thing, I think, as long as I can remember. Yeah, I've always loved the idea of that kind of signal jamming where you play a piece of audio that reproduces the audio signal that is sent, I guess, through the phone company to make stuff happen. I always thought that was so cool. It's just very intuitive. I think in some of the earliest episodes we talked about that concept. It was one of the first things that made me grasp

this larger world we were diving into was that you can just make a thing, do a thing it wasn't designed to do. By, by mimicking the thing that it was expecting. Yeah, totally. Exactly. That's really cool. The gold phone. And again, give this, give these things a Google. I don't know what comes up when you Google gold phone, Australia, but if you see a big old, big old yellow rectangle, you found the right thing and they're pretty fantastic. Yeah.

Okay. Well, I think that is another episode of Hacked. Hotline Hacked, brought to you by Delete.me. Brought to you by Delete.me. Go to joindelete.me.com slash hacked. Code word. If you want to get your discount. Code word. Code word. Code word hacked. Oh, code word hacked. Yeah, yeah. My bad. Code word hacked.

Uh, check out our YouTube at hacked podcast. You can check out our Patreon, uh, patreon.com slash hacked podcast. You can find all this at hot at a hacked podcast.com. And again, if you want to share your story, we have a, we're, we're developing a little bit of a back catalog. So if you've submitted stories, there's a few folks that have submitted multiple. Um, it's not going unread. We just, we've got a lot of these things and it's, it's pretty exciting for us.

And if you want to share yours too, go to hotlinehack.com. There's a phone number. There's an email submission. You can send in text. You can send in AI audio. You can call in. If that's your vibe, we'd just love to hear from you because for... It's our vibe. It's our vibe too. We love weird tales of tech.

There's something I particularly love about this, like the Hotline Hacked episodes, like just hearing from people and the creative things that they do. It's like so satisfying. And especially like, this is just as I'm getting older and more sentimental. It's always lovely to hear like, yeah, when I was younger, I did this crazy shit. And now I'm the chief technology officer for a bank in Switzerland. And it's like sweet.

We contain multitudes. Yeah, yeah. It's a lot of fun just getting to listen to these calls and hearing from folks that listen. It's great. We really appreciate it. Totally. Keep them coming. Thank you for listening. We'll catch you in the next one. Take care.

Ryan Reynolds here from Mint Mobile with a message for everyone paying big wireless way too much. Please, for the love of everything good in this world, stop. With Mint, you can get premium wireless for just $15 a month. Of course, if you enjoy overpaying, no judgments, but that's weird. Okay, one judgment. Anyway, give it a try at mintmobile.com slash switch. Upfront payment of $45 for three-month plan, equivalent to $15 per month required. Intro rate first three months only, then full price plan options available. Taxes and fees extra. See full terms at mintmobile.com.