Silk Road Founder Released + DeepSeek's Big Moment for Open Source AI + Scam Complaint Lines to Nowhere
Hacked
Deep Dive
Shownotes Transcript
This call is being recorded and is subject to monitoring. There are many recorded interviews with the Silk Road creator Ross Albrecht, aka Dread Pirate Roberts. But there's this one. It's from a prison phone, so the audio isn't great. A publication called Bitcoin Magazine got a hold of him in 2021. This is Ross Albrecht calling you today from prison from a maximum security federal protestory.
The story of Silk Road is one of the most significant chapters in the history of cybercrime. It's this moment when the dark web, cryptocurrency, law enforcement, all kind of collided in a way that thrust it all into the mainstream. By now, it's a very famous story. Very famous. I have lost my freedom. That's what I want to talk to you about today. I want you to understand what it means to lose your freedom.
In 2011, Ross Albrecht, a libertarian with this vision for a decentralized anonymous marketplace, launched Silk Road, a website hidden on the Tor network where users could buy and sell almost anything, mostly drugs, using Bitcoin. It was this experiment in online black markets and for over two years, a pretty thriving business. At its peak, Silk Road processed hundreds of millions of dollars in transactions and operated beyond the reach of traditional law enforcement.
Silk Road was a website I made when I was 26 years old. More than a decade ago now. It's core and Bitcoin to protect people's privacy. I called it an anonymous market. At the time, I thought, if Bitcoin makes payments anonymous and private, what are we waiting for? Why are we sitting around talking about it? Let's put it into action. But... There's a but. Always a but. Why is there always a but? There's always a but. It'd be a short podcast if there wasn't.
The anonymity that protected Silk Road also made it a pretty big target. The FBI, DEA, IRS, Homeland Security, they all worked together to unmask the man behind the alias, behind its operation, Dread Pirate Roberts.
Their investigation led them to Albrecht, who was arrested in 2013 in a very famous scene in a San Francisco public library. He was caught with his laptop open, giving the agents direct access to the marketplace's inner workings before he was able to slam it shut, encrypting the contents within. That impulsive. That's a 26-year-old who thinks she has to save the world before someone beats him to it. His trial was swift, the sentence pretty significant.
Albrecht was convicted on multiple charges, including conspiracy to commit money laundering and narcotics distribution and sentenced to life in prison without parole. I had no idea if Silk Road would work, but now we all know it caught on. It was used to sell drugs. And now I'm in prison. Now in 2025, Ross Albrecht is free. Granted a full and unconditional presidential pardon, his release reignites this whole discussion.
We got a whole bunch of stories to get to here, Scott. Too many, you could say. Deep Seek also just kind of came and went since-- I didn't went. It's still here. It's still very much here. I'd say it's actually more here now than it was like two weeks ago. This is probably true. We got to talk about all of it. So we're going to start here with the Silk Road, the investigation that brought it down, and what Albrecht's release kind of means. Hey, Jordan. Yes.
Do you know how he's titled if you Google his name by Wikipedia? No. American Enterpriser. I mean, where's the lie, Scott? There's no lie there. He is American, and he did Enterprise. We got to get into it on this episode of Hacked. ♪♪♪
Dial-up sounds. Scott, how you doing? Good. Thank you, Jordan. How are you doing? Doing good. I'm keeping busy.
Feeling good. Yeah, too busy. You could say I'm also keeping busy. You can say that I'm too busy. Big news. Yes, the YouTube channel. Yeah, cross 6000 subs today. Look at us go. And we're a partner. We're officially a YouTube partner. So thank you to everyone out there who has supported us. The new micro journey of YouTube is going well.
Yeah, excited by it. It's something new, something interesting. We're getting a lot of positive feedback from the old episodes, which always tickles me in the heart. It's true. We're trying to do more hacked stuff this year, more different kinds of hacked, which is a pretty good transition to something we're pretty excited to announce. We love making hacked. We want to make more of it. We want to share it in more places. And then we met Push Security. Push Security. So we've talked about them before. They came on as a smaller sponsor last year.
You might have heard their ads. Honestly, we'd met with them. We saw them at DEF CON. We've hung out with their CEO. We actually sat down and talked to them, what, six months ago before we even took them on as a sponsor. We just wanted to chat with them, make sure that they were in alignment with us. And here we are six months in, and we recently sat down with the CEO again.
and made an episode. That episode will be coming out in four or five days. Yeah, something like that. If you have any questions to why we decided to partner with these guys...
listen to that episode and you'll understand. Yeah. Like half of our episodes, and I'm being conservative, are about vulnerabilities and stories that start somewhere in an internet browser. And that's exactly what Push is tackling. They're a browser-based security platform. They help companies stop identity attacks. You can hear all about it. So we talked to them. We became pals. And now? And now they're coming on as our title sponsor. Yeah. It's pretty cool.
It's pretty exciting. We have a title sponsor. We have a title sponsor. It's a big deal for us. We're still fully editorially independent, but it just gives us a little bit more of a foundation to make more of this stuff, to make it even better. It's very exciting for us. If you haven't heard any of the previous ads, if you don't know anything about them, you should definitely check them out, especially if you're a CIO, CTO, CISO, CSO, any of the acronym super people that work around technical security, you should definitely check out their platform because their whole thing is...
and this is me, not them, is people are the problem. People are a risk. And they have created a platform to try and help mitigate that risk. And for me, that's the biggest thing in today's world. But yeah, they come on as our title sponsor and we couldn't be happier. We think that they're in perfect alignment with us and we're super happy about it. So hope you guys enjoy it too. It'll allow us to make more of the content, allow us to do more fun things with the pod. Very exciting. But right now,
We've got cybercrimes to talk about, Scott. That's true. We do. So Silk Road, when we talked about this story prior to this, you mentioned that you had read, I think the book is called American Kingpin.
Yeah, I read this back in like 20, I want to say this, like, I'm going to be stretching today to remember the details. But I think it was like 2017, 2018, which is what, like seven, eight years ago. So yeah, it's been a minute since I read the book. But I did read the book. Also, I haven't seen it. But do you know that they made a movie about it? A documentary or like a? No, like a Hollywood fictionalized drama called Silk Road. I think it came out in like the early 2020s.
Oh, by gum, they did. Weirdly... Shouldn't have been a shocker. No, it's not shocking at all. And I actually had seen this... I think I saw trailers for this years ago. And it fully... How do I put this in a nice way? It sure didn't come up while researching. They need to work on their SEO. I wonder how it is. But I will say the book, American Kingpin, was a good read. I remember when I read it, I have two things with books. I either get...
I either read a hundred pages and never pick it up again, or I read the entire book in like 48 hours. And this was one of those where I read the whole book in 48 hours just because it is such a fascinating story. It was such an interesting time in tech. And like, it talks about his entire lineage and lead up to how he wants, like why he did what he did. And all the dude wanted to do was, you know, buy mushrooms and sell mushrooms. Yeah. And that's where it all started.
It's an interesting story about a guy and an interesting story about a moment in tech history. And that's always a really nice sweet spot. And now he has been released. So this seems like about as good a time as any to just sort of take us through that story again. So...
Ross Albers was born in 1984 in Austin, Texas, like stable middle-class household. He was a good student, got a scholarship to university where he studied physics. He ends up pursuing a master's degree in material sciences and engineering at Penn State. So it's getting a little bit disillusioned with academia. And he starts getting into like libertarian economic theory. This guy Ludwig von Mises and the idea of agorism, which is like a market-based anarchist philosophy.
Which is the normally indicative indicative where the stories go. And more often than not, like the politics of someone while they were in university, isn't really that instructive of where they go. It's extremely informative to what happens next in this case.
So he graduates in 2009, kind of dabbles in a few different things like a lot of people do when they get out of university. He's trying day trading. He kind of starts dabbling in video game design. He starts on an online used bookseller called Goodwagon Books. None of it totally- Sounds very Austin-y. It's very Austin-y. Goodwagon Books. None of it takes off. The one thing he does latch onto that does, let's say, take off is he gets fascinated with Bitcoins.
decentralized currency everyone's familiar of course libertarian political theories decentralized currency these go together they all go into the same pot uh in 2010 he sketches out the concept for this like anonymous marketplace using tor and bitcoin
the initial name for it that I found interesting because Silk Road has become like part of the canon of cyber crime stories. It was originally called Underground Brokers, which is also a pretty good name. But Silk Road is, I would say an even better name. Totally. In a different timeline. You guys got a name and stuff. Yeah.
Get him in the marketing. Get him in the marketing. And as you mentioned, he'd been cultivating psilocybin mushrooms. And when he builds the first version of this, the first product listed on the Silk Road is Ross Ulbricht's magic mushrooms. 2011, January, Silk Road officially goes live and it starts operating. It is kind of from day one, an eBay style marketplace for illicit goods where all the transactions are happening.
Fully libertarian. You can buy and sell anything. Anonymous currency. I'm going to use quotes here for anonymous. Yep. Yeah. It's an onion service on the Tor network. Server locations are all hidden. It's using Bitcoin for everything. You can rate vendors. You can leave reviews. It's just like a little itty bitty crime eBay. And it blows up into the popular consciousness. There was a Gawker article in June of 2011, a huge traffic surge that,
And the important thing to know here is that Albrecht had adopted this alias of Dread Pirate Roberts, DPR. You're going to hear that a lot throughout this story. For anyone that is unfamiliar, that is from the motion picture of the Princess Bride. And that character in the story, the whole idea here is that it could be multiple people. It's an alias that multiple different people could be wearing is the idea behind the name Dread Pirate Roberts.
I feel like you tease it with the Princess Diary reference there. But the character in the Princess Diary, if I recall, wasn't it always a changing? There was always a Dread Pirate Roberts, but the person who was the Dread Pirate Roberts would change, and that's why the alias shift kind of works. Which is...
I'm by no means a princess diary expert. I have seen it probably two or three times in my life. I have seen it two or three hundred times. I only have part of it tattooed on me. And this is foreshadowing, too, for sort of where not to spoil things, but his criminal defense comes up later on the same subject. Yeah.
I think what's interesting about the Silk Road is that it was sort of the initial instance of a dark web marketplace. And the story of dark web marketplaces was you can buy and sell literally anything there. Drugs, yes, but assassinations, fine. Weapons, fine. Silk Road isn't actually indicative of that stuff that allegedly came later. There were rules about what you could and couldn't sell. We'll talk about them a little bit later.
People weren't ordering assassinations. There were explicit rules regarding anything that even resembled human trafficking and child abuse material was very, very not allowed on the Silk Road. Ethical libertarian marketplace. Yeah.
uh like anything you're trying to run an ebay entirely anonymous with people selling illegal stuff like it just became a business at a certain point like you are trying to like solve customer service disputes fraud instances technical vulnerabilities you start at a call center and a help desk like basically he has to expand
One of the administrators, a guy named Curtis Green, a.k.a. Chronic Pain, comes up later in the story but would have joined around then. Just for scale, did they ever release what the gross volumes of revenue that went through the site was? I had seen that just the drug side of it was over a few hundred million dollars. So I wonder if there's actually like a... Because they sold all kinds of other things. It wasn't just drugs, even though I think it was largely known for drugs. I remember being around when this all came out and...
I knew people that had bought stuff from the Silk Road. I also know a couple of people that maybe had, I don't know, a book with some
pieces of paper slipped between the pages of that book, that if you popped one on your tongue, you'd have a heck of a time. I knew a few people. I genuinely didn't. I was not savvy enough with the Bitcoins back then, but I knew some folks that dabbled. The dabbled with the coins? The dabbled with the coins. And on your question of how much money was flowing through this, there's one number that seems quite relevant. So in 2021, I'm going to
We're going to go nonlinear for a second here. Like over a decade later, essentially, the government seized 50,676 Bitcoin, which was $3.36 billion at a time from a hacker who had stolen them from Silk Road that were used to pay Albrecht's $183 million restitution. How many was that again?
50,676 Bitcoin. 676. BTC to USA. Crunch them numbies. Which I want to learn a little bit more about this because keen-eared listeners will note that $3.36 billion in Bitcoin recovered from the hacker who stole it from Silk Road is significantly more than $183 million in restitution. So cha-ching payday.
Do you want to know what the current value of 50,676 BTC is? No, but yeah. What is it? $58.9 billion. Goddamn, Ross. That's like Bill Gates money. He's in the Bill Gates sphere of money. That's pretty remarkable. And again, that, I think...
was hacked from the Silk Road quite a while ago. Yeah. So it wouldn't have been worth that much. But it was recovered in 2021, which meant whoever stole it sat on it for a very, very long time. And they sat on $59 billion. That's a long time to sit on it. And who gets to keep it? I assume the Treasury Department? Yeah. When it's been seized by the government? Yeah.
I imagine it just all goes into the same coffers at a certain point, like just general revenue. But I don't know the answer to that. Yeah, me either. What I do know is that to jump back to sort of its early days after that Gawker article in 2011, basically the entirety of the U.S. law enforcement apparatus went, nope. FBI, DEA, IRS, Homeland Security, Secret Service, they all start independent investigations of the Silk Road.
a DEA agent, Carl Mark Force Four. Carl Mark Force Four? The fourth? Yeah, he is, because he then goes to jail for 78. Okay, wait, just a smaller bridge here. Yeah. If your last name is Mark, like almost Marks, do you name your kid Carl? And then he gets embroiled in an anarcho-libertarian... Oh, wow. So...
Karl Mark Force, we call him Karl Marks for short. No, Karl Mark Force is sort of his own fascinating, very, very weird story. He went undercover and infiltrated Silk Road under the alias Nom. He was later sentenced to 78 months in prison. It's a really big mess. We're going to skim over that a little bit.
2012 FBI cybercrime agent Chris Tarbell launches Operation Onion Peeler, which is a task force that was dedicated to unmasking Silk Road's infrastructure. And the way that this all kind of eventually unravels was that investigators discovered a misconfigured Silk Road server leaking IP addresses, giving them their first sort of major breakthrough into this.
Just for anybody that doesn't know, the dark web, quote unquote, is based on Tor, which is what they call onion routing. So it's like layers of routing. So the Tor browser and the Tor client kind of puts you into this onion layer-based network, virtual network, essentially, just to try and make traceability things so easy.
Whenever we say Tor, that's what we're talking about. When we talk about onions, because if you look at the Tor projects, like primary logo is like an onion. It's a cute little, cute little purple onion. It's good. I like it.
Something that people always talk about when they're talking about this story is the series of text messages where Dread Pirate Roberts is allegedly talking about having an assassination done. It was one of the major things saying this is more than just a website administrator. This is organized crime. But that all kind of kicks off in 2013 when Curtis Green, the guy that I mentioned earlier, one of the first people to kind of join this project, gets arrested in a sting operation following that IP address leak.
In messages from the DPR account, Fearing Green might become an informant. They started discussing the idea of arranging a hit on him, paying $80,000 to Knob, the undercover agent who we discussed a moment ago. Folks are messy. DPR also allegedly plotted other assassinations, including against a user named Friendly Chemist and a Hells Angels member. There's...
Some stuff there with who was actually operating the DPR account and some pretty good evidence that it was multiple different people using it. Those charges were at a certain point. I think they were dropped or they were rejected with prejudice by a judge, but that's not, while that has always been part of the headlines, it isn't actually part of why Ross Albrecht is in jail.
Well, he's no longer a jail. This is true. Yeah, spoiler. Yeah, I think when I read the book, I'm going to be stretching for facts here, I remember there being a lot of complexity around the fact that there was so much virtual, untraceable money floating about that it became really challenging for police people. Yeah. And then you had people using shared accounts. Mm-hmm.
It's all quite murky. October 1st, 2013, the FBI executed a sting at Glen Park Library in San Francisco. It is quite a famous story at this point. An agent staged a fight nearby to distract Albrecht, getting him to turn away from his computer, giving an undercover agent enough time to grab the open laptop before he could shut it and encrypt it.
It is quite a remarkable story. I get why you would write a book about it and make a film about it. The laptop contained chat logs, transaction records, like a personal diary detailing Silk Road's operations. They had him dead to rights. Yeah, they had him at the admin screen for the actual Silk Road. So that was open on his screen, I think, when they got the laptop. The actual tale, and I won't ruin it, but you should read the book. Maybe watch the movie. I don't know. I have no recommendations on the movie, but read the book.
The way that they track and isolate where he is. Because apparently he had a number of places where he would go use open internet. So they kind of triangulate and have to monitor all these locations. They kind of triangulate where he probably is residing based on... Anyway, it's a good story. Recommend to read. Recommend to read. Yeah, it's this fascinating thing of what happens when...
Again, almost every major law enforcement organization in the United States points itself at kind of one person versus one person with a laptop. And it is like, if you look at the timeline, it's like one person with a laptop got away with it for years. It's fascinating. And it kind of foreshadows the world that we live in a little over a decade later, where major operators of cybercrime outfits are
can kind of go uncaught for years at a time. Like they are standing on the shoulders of the giant that is Dread Pirate Roberts. A metaphor that will come up again later. February 2015, Albrecht is convicted on seven counts, engaging in a continuing criminal enterprise, conspiracy to commit money laundering, conspiracy to distribute narcotics via the internet. He's sentenced to double life in prison plus 40 years without parole. I think this becomes one of those...
discussions about like transitive liability and it's sure sure it's like i don't know how much can you glue to somebody based on the actions of their website something that i'm sure we'll we'll see in our lifetime for the social media companies potentially this is true yeah and so
Yeah, it's, as we discussed, like the court case itself is its own whole story. There's a bunch of different layers of defense here. Not that he had nothing to do with it, but there's the argument that he wasn't the only person using that DPR account.
The prosecution argued that Albrecht was the sole administrator of Silk Road for the purposes of their case from start to finish to the moment he was arrested. There is a counter argument to that. HSI special agent Jared Der Yegayan initially believed that other figures such as a guy named Mark Carpels and Ashley Barr were also running Silk Road. And then a week after Ross was arrested,
In solitary confinement with no internet access, there were folks logging into DPR's account. We already spoke a little bit about the multiple assassinations claim that was dismissed with prejudice in 2018, meaning it can't be refiled. It's really hard to know. We are talking about $59 billion in today's current value. Like you kind of lose it in the whole thing, don't you? But it is a really cartoonish amount of money. Yeah.
Yeah. You keep chatting and I'm going to look up market capitalizations for publicly traded companies. So you can just pepper in, you're like, oh, it's a GM. Cool. Yeah. Ford Motor Company. Wow. There was talk of a 10 year plea deal. That one's not quite as interesting. The written deal was never made. So basically the argument is that he rejected this 10 year plea deal. The plea deal left open life as like a possibility. So they were scared that they were going to push for it anyway. Yeah.
There's the sort of headlines that went out that this was a platform where you could buy truly everything. And there were, it was called the seller's guide on Silk Road that banned what I'll call worse stuff than drugs. Just so you know, I looked up GM just because he said it. 47 and a half billion. So he easily could have purchased GM. From a laptop. Right.
Yeah, that's the story in tiny, tiny part of Ross Albrecht, this guy who is either a drug kingpin or a website administrator or something kind of in the middle. I feel like in reading the book, you get the picture that he is...
A philosophical person who believes strongly in his philosophy and is executing and manifesting his philosophy into the real world by allowing libertarian freedom of choice, things like that, and creates a system to allow for the trade of goods that the regulatory system doesn't allow. And the judicial system punishes for that. And he got punished for it.
that's the it really comes across that he's like a at least it's the way that i took it is that he's probably like an all right guy like somebody that i'd have a beer with and like just somebody that like really believes in a specific set of the philosophy like a political philosophy and is motivated by it and like i could say the same thing about dozens of my friends you know i have anarcho-comi friends i have hardcore capitalist friends i have
environmentalist friends and it's like they all just have really rigid deep beliefs in a specific silo of philosophy and he's one of those people
Yeah. Again, I haven't read the book and I haven't met the guy. I can't speak to his character as a person, but I don't get the sense that this was an exercise in how much money can I make and how fast. Every record says that he didn't do the Lambo thing. He didn't do the thing where you make all the money and spend all of it. It seemed like a project project.
And, uh, well, to borrow his phrase, a quote, he said this later, quote, Silk Road turned out to be a very naive and costly idea that I deeply regret. And as though it, while it was a very pure expression of a, of a man's personal philosophy, he had literally every major law enforcement body coming down on him. And it was in that sense, like it was a naive concept to do this. Um, he wasn't doing it for the reason that a lot of people I think thought he was both can be true.
Well, a few things, like the Lambo thing. So he lived with rubies. When he was arrested, he was renting a bedroom in a flat in San Francisco. He was not by any means outliving it up like you would see in today's crypto rug pull people and things like that. Very different motivations. The other thing I would say is that one of the reasons why I think he got so much legal attention, aside from what he was doing and what was happening, is that...
Truthfully, I think the dark web and cryptocurrency probably scared the shit out of judicial bodies, like the law bodies. Those are two things that are like, okay, they now have a shadow currency that we can't trace, which actually changed a lot in this prosecution. So in the pursuit of DPR...
They actually broke down and figured out how to trace crypto, I believe. It all kind of was in this one case. Yeah, right. Same with Tor. It was two massive technological shifts that could have been leveraged really significantly for illegal terrorist actions, things like that. And Ross Albrecht's Silk Road marketplace was the shining star of both of them.
And I feel like that's why it got so much legal attention. Yeah, sure. Like, I think those same things kind of exist today. You know, often they're selling Visa card numbers and login credentials, but ransomware, malware. No, there's a parallel. I see what you're saying. But it's like just the time and space at which he was popular, like flew a big flag and a shining star that the legal system was like, oh my God, what's going on over there? We have to do something to figure out because...
This is one bad use of it, but it could get way worse if we don't figure out. So at least that's my theory. If you've come here for my theories, there's my theory. There it was. I think I would agree. To wrap it up, January 21st, 2025, he was issued a full and unconditional presidential pardon, said in government overreach. He was immediately released from USP Tucson and is now a free man. Lots of time packing there. Government overreach.
I don't know. I don't know if I agree with that. I'll take it on just maybe start releasing nonviolent drug offenders. Maybe that's a cool idea.
Good luck with that one. Yeah, I'm shooting for it. The war on drugs is coming back. I don't know if you've read any of the news lately. Yeah. Well, not if a Libertarian National Convention likes you. But anyway. So funny enough, so Trump kind of forebode this in his speech to the Libertarian National Convention last year during his campaign. He said he was going to release Ross and did.
Which is crazy. Ross, if you want to come on the show. Oh my gosh, please come on. We would love to chat with you. We have heaps of questions. I think it would be a fun conversation. I think that's the Silk Road. That's the Silk Road. Has anything else happened since the last episode that we should talk about?
Anything at all in the world of AI and technology? Well, it depends if you're an investor in NVIDIA or not. Oh, why? Did something happen to the stock price? Let's get into it. DeepSeek. DeepSeek. DeepSeek. DeepSeek. Fascinating. Interesting. I like the DeepSeek story for me. Mm-hmm.
is more about the investment thesis piece of it. It's actually like, well, there's some interesting sides to it on the other side where it's like all the finger pointing about like your model only works because you stole it from our model. Oh, you stole something from the people who stole everything. That seems to be the common thing. I don't want to be glib, but it's hard to muster too much sympathy on that front. Yeah, yeah.
So the DeepSeek, if you don't know what it is, a Chinese hedge fund, a bunch of brilliant quants, I think for fun, built an LLM. That's a good term for it. And they, rumor, allegedly, used OpenAI's ChatGPT platform to train their LLM. But they actually did some brilliant work.
technological changes that apparently open AI hadn't done. So one of the things that I've read that they did, so let me go back in time here. So one of the big shocks for deep seeks AI is that apparently they trained it and built it for like a fraction of the cost. And when I say a fraction, it was like $5 million for all the processing to load and train the model.
And that importantly wasn't all the money they'd spent to get to that point in development. It was the specific cost of training the most recent model. So it wasn't $5 million in and out, but it did cost $5 million as opposed to, I think, $500 million for one of them or something like that for one of the most recent instances. Like 03? Yeah. OpenAI is 03 or Cloud. Anthropix Cloud. Cloud. Cloud. One of the things that's interesting
was the biggest shock that rocked the stock market was the fact that they, because they're Chinese, they don't have access to all of the most recent NVIDIA superchips because it's all under government lockdowns and stuff and trade, you know. I don't know the exact details, but the United States government doesn't want Chinese companies having...
all of the super chips. Yeah. Shortly after, if I remember right, I think this was like a year and a half ago, there was an embargo on selling chips to China as part of kind of this like AI trade worry type thing. And it was basically, it was presented as an umbrella policy and it was just basically everyone looking at NVIDIA and being like, cut that shit out. So this operation was using, is it NVIDIA H800s? Like an older generation of them and far fewer. Yeah.
Yes, far fewer older generation. But what they had done is instead of using NVIDIA's programming interface, they actually jacked in and used the machine code and coded directly to the chips, bypassing any of the framework overheads, which was apparently the big takeaway. Like, oh my God, why didn't we all do that? So that was their gift to the AI community is like, hey, quit using...
the development frameworks and started just jacking directly into the chips with the machine code. And you'll increase your processing potential for less time, less power, less everything. So that was the big technical takeaway from it. Interesting. Yeah, the way I kind of come to understand it. So
For the last few years, the way that these different companies have tried to scale this technology has just been like, what if we just throw more compute than God at this thing? We have unlimited money. We have a trade embargo that means we're the only companies basically on earth that can purchase this hardware. Why don't we just buy a ton of it? I guess invest in nuclear to power all of it and then just throw compute. So every single time that you're talking to ChatGPT, Claude, Gemini, any one of these things,
They're booting up this entire model with all of this compute behind it to answer, to rewrite your email. Correct. And the way that I kind of understood deep seeks differentiating feature was it was an architectural shift towards something called mixture of experts. Um,
Traditional LLMs and stop me when I biff this, but this is my understanding was the traditional LLMs use every single parameter in the model for every single task. So if you ask it to rewrite an email, it's kind of also checking like code tokens, basically like it's checking the whole data set. DeepSeek R1, the model that blew up and got all this pressed uses this mixture of experts. So instead of engaging the full model, it activates specialized little parts of the model.
So instead of using all 671 billion parameters, if it just needs to do something languagey, it'll just activate 37 billion of them with giant energy consumption gains and lower inference costs. Yes. I am learning. One of the other things that I did like the DeepSeek did is it would show you its rationale for the prompt before the answer, which I think just from a user interface perspective. So I've been doing a lot of like...
API interactions with Python. So like writing a lot of little scripts for things. Like I wrote a podcast summarizer for our YouTube video descriptions and like I've started building all these little Python apps that interface with different models. Yeah. And one of the big things that I have a hard time with is like getting the prompt right and making sure that it knows exactly what I'm asking and exactly what I want for outputs.
So I think that that's a brilliant user experience step that they made there that we'll probably see immediately replicated across the ecosystem. Yeah.
Honestly, none of this, aside from the efficiency gains, really rises above the level of a feature in one of these other platforms. The thing that's remarkable about DeepSeek isn't that it's vastly, vastly better than ChatGPT or Cloud or Gemini. It's that it's a lot more efficient. And also then sort of the meta-narrative that it came out of this Chinese company that managed to do it while these embargoes were in place, blah, blah, blah, blah, blah. It's the efficiency gain that's fascinating and...
That's a nice little feature. I really like being able to see it think through what it's doing before it presents the answer. Totally. Yeah. It also helps with like, if I need to refine the prompt, ask it again, I can see where it's judgment misstepped and be like, make sure you're like, you know, maybe wrap it in a tighter domain being like, only think about it. Only think about, you know, novels from 2015. Yeah. Like you give it, give it a tighter dimension, but the,
Yeah, I think that so the big hit was to the stock market, obviously. NVIDIA went down 20 some percent the next day losing, I want to say it was 500 and some billion dollars in market cap. Has it bounced back? I feel like DeepSeek in a very weird turn kind of like entered and left the news cycle since like by the time we're recording this, it almost feels like a thing of the past.
Uh, which is really remarkable given what was a $500 million in value was wiped out. And this is how fast the new cycle moves right now. It's not, it hasn't bounced back the entire way. It's about 50% retraced, but the, yeah, I agree with you, but I think largely what had happened is that their infrastructure got overwhelmed. So in all of my muddling with LLMs through Python, um,
I've been trying to get a deep seek key and actually just got it today. So I finally, their platform side where you can jack into their API came back today. So I think they were largely just overwhelmed. Like their infrastructure wasn't set up for the volume of, of requests and chats that they were receiving. So I think they're probably in a very active scaling situation right now. Interesting. Yeah. It's a fascinating story. Efficiency cost. It,
AI rapidly became an energy consumption story. And like I sort of alluded to earlier, there's been a massive investment in nuclear, which honestly cool from a climate perspective. And this sort of disrupted that part of things. Maybe this can be done a little bit more efficiently. And then maybe also importantly for the economic state of these large companies, the argument up until this point has been that like the reason you shouldn't even try and come at us is
is because the moat of the training cost of creating these models is so unfathomably high. Why would you even, why would you want to come at the king? The moat is so big and so deep. And it's like, well...
That little $5 million kayak managed to get across that moat. And yes, it was sitting, again, on the shoulders of giants of some of these open source models. But so is your model sitting on the giant of some tech that had come before that, and then it's just giants all the way down. Maybe the moat's not that big. You just touched on something really interesting, too, which is that all the DeepSea code is open sourced. It's open sourced, yeah. You can go on GitHub. You can clone it. You can muck it. You can branch it. Run it local.
You can run it. I saw right when it came, like the day it was the big splash, people had set up like Mac mini farms and they had like, that's kind of dope. Maybe I just like the new, I like the new hardware, but I like that. They had like deep secret running on like 10 Mac minis. And that was this like processing farm. So it's like, it's people have it up on a hugging space, hugging face, hugging face.
I should know what it's called because I use it all the time. You've been deep in, deep in the movie. Yeah. Yeah. So it's up on Hugging Face. Like they have the whole training set too. Like the Hugging Face kind of has a training set that they've compiled. They, anyway, there's,
Really cool. Really interesting shift in the democratization of AIs. Yeah. I remember a year and a half or two years ago, whatever it was, when Facebook announced Lama. And obviously that's a complicated situation because, yes, here's this open source foundation, but they also have closed source models that they're monetizing and using. So Facebook is meta, I guess, is...
It's not quite a bastion of open source tech. But that story never really took off. People didn't do that much with it. This felt like a really big moment for the open source side of this. It even got Sam Altman to acknowledge that their tactic of an incredibly closed off ecosystem probably wasn't super smart. You could argue that that's a stock price saving play.
It doesn't mean it's not true. This tech clearly can be operated open source. This model, you can run it on a server farm made of Mac minis. And I guess just to very briefly touch on it, that wave of press, DeepSeek is a Chinese company. They're subject to all Chinese laws, which involve...
Things that you can and cannot talk about, Tiananmen squares and the like. Taiwan's. Taiwan's. And this product is totally subject to those rules. You can also run it locally if you want a version of it that isn't subject to those rules. So do with that what you will. Well, I think it was you that pointed out to me right when it launched. Yeah. When you ask it something controversial...
It'll actually spit out the response and you'll watch it talking about Taiwan. And then all of a sudden it goes, and it's gone. And then it's like, we cannot discuss this. Yeah. The model's totally capable of crunching that number. It is a sort of like final gate check based on those regional laws that they've put on this. And that was honestly, there was about a week where that was the only headline was just look at what it can't say. And I was like, totally. Yeah.
It's not like the other ones can't say stuff too, but it is, it is interesting and it is relevant. Yeah. I'm fascinated that you can run this thing local. I think that that's, that's very, very different than the other ones. That's that along with the efficiency is maybe the biggest part of this story. Like you, you're not, you're not running GPT for locally. I think the, the beauty of what they're doing at hugging face is like giving that kind of like that community, their own,
play pen yeah and it's like i think there's going to be some really interesting like the improvements that were made on the technical side here i think we're going to start to see the open source community start making those it's going to be really cool when and i want to use wikipedia as an example of this but like when there is essentially a large open sourced version of one of these models that's very cheap to use and by donation things like that because i see that future for it
Yeah. Yeah. Probably not much Microsoft wants to hear about their investment in AI, but. No, but I like that. I like the idea that a university could have its own LLM running on some servers in a basement somewhere. I like the idea that a company that isn't just trying to ride an AI bubble that wants to use this technology for some other independent purchase. They're not monetizing AI models, but they want to use AI models to do something else. Doesn't just sort of have to pay. Like it's essentially like it's,
It's a rent that the industry was barreling towards. They'd be like, oh, you want to do anything with this tech? You just have to pay us rent. You've got to pay for our tokens. And it's like, well, maybe you don't. Maybe you don't. Maybe you can run it yourself. And that's kind of cool. Well, I think, and the thing too is like the more, like not that API tokens are expensive. DeepSeek actually, their API tokens are like shockingly cheap. Like it's essentially would be,
It would take more time to set up your own version of it than it would just be to use theirs. But if you look at product expansion and AI integration into other products. Exactly. I had a meeting yesterday. Jordan and I work in advertising. I had a meeting yesterday with some consumer information, consumer data companies. And they're building AI-driven chatbots that have all of the market research data for everybody in the world loaded into them. And you can just query it through prompts.
Hey, we're doing a campaign about this in this region. You know, what marketing channels are the best to reach the people that are most interested in? Oh, here you go. AI digs through the data, comes back, spits you out a response. And it's like, those are cool little features. Instead of me spending four hours looking through tables of data, a robot can do it in eight seconds. I've had positive interactions with LLM based chatbots recently.
never times. And if you insist on making one, I'm glad you don't have to tithe money to another company in order to do that. So, so idea. Like I would, I would rather it be cheap.
If it's not going to be good, I'd rather it be cheap. Environmentally, too. I wrote the most budget AI chatbot. So I wrote a Python library that I can just jack into any Gradio Python apps. This means nothing to lots of you, but it might mean something to somebody out there.
And you can essentially just say, here's a text entry box that I'm going to use to take a prompt in. And there's a button that creates a button under it called refiner. And then it pops up an AI chat bot where you have a discussion with the AI to tune your prompt. Yeah. Because it's just like, that's the thing is like, I feel like, you know, everybody's running around saying like prompt engineering is going to be the next thing. And like, how good are you at prompts? And it's like the robots way better at it than any human is. So just be like,
This is the information I'm trying to get. Here's the prompt I was thinking about. What else should I add to it? And it's like, bing, add these 12 things. And you're like, here's that data. And it's like, here's your prompt. And you're like, thanks. And it just dumps it back in the prompt box. Interesting. Anyway, sidetracked. No, I like it. Shall we kick it over to some advertisements? Advertisements. Shall we? You know, one of the fun things about hosting a cybersecurity podcast is that we get...
weird stories about hacking, tech, AI, these kind of things. But we also get to see into this ecosystem. We get to see the new tools and companies pop up, come and go. Some of them stay around. Some of them get acquired. It's a pretty interesting world. And I mean, we talked to a lot of them. We saw a bunch of DEF CON last year. And some of them have cool ideas and great solutions. And some of them just have solutions that are looking for problems.
Sometimes one of these things comes along and we have a moment of like, damn it. Why didn't we think of that, Scott? It's obvious in hindsight, someone was going to build this. This actually happened for this product. You did say those words. Yeah, when I first heard about this tool and was first talking to Adam, I was like, why didn't I think of this? This is so obvious. It makes so much sense.
So, given the way that identity theft is going and how many attacks rely on coming through someone's identity, this just makes so much sense. So, push security is 100% one of those tools. So, the problem that they're tackling is identity attacks.
phishing, credential stuffing, session hijacking, account takeover. That's basically the number one cause of breaches right now. And their approach, it's very interesting. Instead of trying to lock everything down at the infrastructure level, they start where people actually work in the browser. They built a browser extension that observes employee credentials, creates corporate identities and logs into the work apps, which when you think about it, makes a lot of sense.
And because they've got this visibility, they can see exactly how the identities are being used. Are people using stolen credentials? Are they reusing passwords when they shouldn't? Are they skipping MFA? Have they found loopholes? Are they using local accounts when they should be using single sign-on accounts?
And when they do find those vulnerabilities, they can automatically enforce controls to fix them. All right, they're nice and clean in the browser. - But it's not just about protecting the identities. Push are also monitoring them too in real time for attacks using adversary in the middle tool kits, clone login pages, stolen credentials, fish kits, stolen session tokens. - The way we'd kind of describe it is like it's endpoint detection and response for the browser. It's very cool. - The team though, super smart.
has a lineage in red teaming. They've done killer research into identity attacks. They recently put out this, this blog post on cross identity provider impersonation where attackers can essentially completely bypass multi-factor authentication, single sign on by just setting up their own identity provider for the same domain. Yeah. That one's pretty wild. Honestly, you got to see them demo it. So yeah, push security, super smart, great team, interesting research,
really great people to work with and we've become close friends with them. Check them out, pushsecurity.com. That's pushsecurity.com. Hey, Jordan, do you know the status of your compliance controls right now? Like right now? Well, we know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. More than 9,000 companies have continuous visibility into their controls.
With Vanta. Vanta brings automation to evidence collection across over 350 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows for policies, access reviews, and reporting, and helps you get security questionnaire done five times faster with AI. Now that, that right there, that's a new way to GRC. And for a limited time, listeners can get $1,000 off Vanta at vanta.com slash hacked.
That's Vanta, V-A-N-T-A dot com slash hacked. Get $1,000 off today. Hey, Jordan, what's that URL again? That's Vanta, V-A-N-T-A dot com slash hacked. Real talk. 52% of men over 40 experience some form of ED between the ages of 40 and 70. But it's always been a very taboo topic.
Thankfully, HIMS is changing that by providing affordable access to ED treatment all online. HIMS is changing men's healthcare by providing access to affordable and discreet sexual health treatments, all from the comfort of your couch. HIMS provides access to clinically proven generic alternatives to Viagra and Cialis up to 95% cheaper, with options as low as $2 per dose. The process is simple and 100% online, no uncomfortable doctor's visits.
Answer a series of questions on their site. A medical provider will determine the right treatment option and if prescribed, your medication ships directly to you for free and in discreet packaging. No insurance needed. You pay one low price for your treatments, online visits, ongoing shipments, and provider messaging. HIMSS has hundreds of thousands of trusted subscribers. So if ED is getting you down, it's time to change that.
Start your free online visit today at hymns.com slash hacked. That's H-I-M-S dot com slash hacked for your personalized DD treatment options. hymns.com slash hacked. Prescriptions require an online consultation with a healthcare provider who will determine if appropriate. Restrictions apply. Please see website for details and important safety information. Subscription required. Price varies based on product and subscription plan.
Scott, what do you like best about Shopify? Oh, Shopify. Well, the cha-ching sound, you know, I adore. But actually... You mean this cha-ching sound? Yes, Jordan. That cha-ching sound. But truthfully, I love Shopify just because it is a well-thought-out, well-designed, well-conceived, well-executed service.
That makes my life easier. And what more can you ask for in today's world than paying for a service that you don't hate, that you actually love? I like Shopify in the same way that I like a lot of kind of creative software. For a lot of people, you got an idea in your head, you want to put it out into the world, but you don't have the right tool to do it. Selling stuff on the internet is one of those things that seems like it should be really trivial and simple because Lord knows everyone is doing it. And then you try and figure out how, and it's complicated. Yeah.
Not with Shopify. Shopify lets you plug all the different stuff you want into one place, gives you a really nice, clean, easy front end for people to shop from, lets you receive payment, lets you run your product through it. It's how we got the hacked store running far easier than a bunch of other tools that exist. We genuinely really appreciate it. That's what I love about Shopify.
Yeah, yeah, I completely agree. It is as complicated as you want it to be, or you can use it at a pretty high level like we do, and it's very easy. So upgrade your business and get the same checkout we use with Shopify.
Sign up for your $1 per month trial period at shopify.com slash hacked, all lowercase. Go to shopify.com slash hacked, H-A-C-K-E-D, to upgrade your selling today. Scott, one more time. That's shopify.com slash hacked.
So we made an episode a long time ago called the problems with passwords. And I was pretty critical about password managers. And funny enough, years ago, the company that I work for and run,
started using 1Password teams, and it's been amazing. I now gift 1Password subscriptions to people for birthday presents and Christmas presents because it's made such a profound impact on my life, my cybersecurity, even just my organization.
of access to accounts and accounts that I forgot about when there's hacks, it notifies me. I changed passwords. It's been amazing. And we're happy to have them now on as a sponsor. One password extended access management is the first security solution that brings all these unmanaged devices, apps, identities, gets them all under your control, ensures that every user's credential is strong and protected. Every device is known and healthy and every app is visible.
1Password Extended Access Management solves the problems traditional IAM and MDM can't. It's security for the way we work today, and it's now generally available to companies with Okta and Microsoft Entra and in beta for Google Workspace customers.
1Password's award-winning password manager is trusted by millions of users and over 150,000 businesses from IBM to Slack. Now they're securing more than just passwords with 1Password Extended Access Management. Secure every app, device, and identity, even the unmanaged ones, at 1Password.com slash hacked. That's all lowercase. That's 1, the number one, password.com slash hacked. 1Password.com slash hacked.
And we're back. We're back. Okay, is Cash App...
Is Cash App like Venmo? Yeah, I think so. We're Canadian, for anyone listening that's like, how do you not know what Cash App is? Cash App is like Venmo, and Venmo is e-transfers, but easier. Yeah, I think the big difference is that I think, and this is again, we're not Americans, we don't use these things. I think Venmo is a collective between all the major banks in the States, and Cash App is an independent company. So it's kind of like...
Venmo is what our equivalent to Interact would be-ish. Like it's kind of used by all the banks. They're all partners and stakeholders in the project. Oh, I didn't know that. Yeah, and then Cash App, I believe, is like just CashApp.com. An independent company. You can sign up. You can send money through it. And it sounds like they might have to return tens of millions of dollars to people. Yeah, so they...
And this is like a funny little side story, but I was just reading through the news a couple weeks ago. And they have to pay up to nine figures to settle a fight with federal regulators, all because of their customer service helpline. So they had a phone number or a web? They had a portal where people could submit complaints regarding, I guess, identity fraud, stolen accounts.
And those complaints were just sort of – I think the way I likened it when we were talking prior to this call was it's like food coming in one window of the car at the drive-thru and then getting just thrown out the window on the other side of the car. Yeah, so I think –
Allegedly. Allegedly. Allegedly. Allegedly. Is their like fraud line and like in-person helpline, which I think they were by requirement supposed to have, literally was just by all takes a recording being like, thanks for calling. Please log into the app and go to the support section.
click. And that therefore violated some regulations for the industry in which they found themselves working in, notably finance. According to the agency filing charges, the Consumer Financial Protection Bureau, they sort of like shirked, for lack of a better word, their legal responsibilities to look into complaints by customers who claimed that their accounts had been taken over or that they'd fallen kind of victim to some other type of scam, and that they inappropriately
kind of blocked off requests to refund on these unauthorized charges. Quote, and this is from CFPB Director Rohit Chopra in a statement, quote, Cash App created the conditions for fraud to proliferate on its popular payment platform. When things went wrong, Cash App flouted its responsibilities. Well, I think one of the big kicks for it was that when people would try to call in
Hmm. Yeah. Right.
I find another phone number on some fake site. And then all of a sudden I call, yeah, I call some fraud scam center in, you know, Nepal. And next thing you know, I'm cash apping money to new scammers. Right. You have a platform.
where fraud takes place and you don't have an outlet for those complaints or some system by which people can seek recompense, they're going to end up seeking it elsewhere and might inadvertently end up getting scammed a second time. Oh, that's insidious. It sounds like this is sort of also just a problem across all of these. Um, there's a similar lawsuit I know against Zell, which another is another one of these things. And then, uh, so a day before this announcement came out, um,
This came a day after the parent company of cash, which is Block, agreed to a different $80 million settlement with financial regulators for failing to oversee or failing to address money laundering happening on the app. So just a very, very bad week for Block. Yeah.
Your mentioning of the word Zelle there made me remember that it's not Venmo that is the partner, like all the institutional financial partners. Oh, it's Zelle. Zelle is the partnership one. Venmo must therefore also be just another third-party company. Got it. But Zelle, I think, was the one. I got the two confused. And for that, I apologize. Please roast me in the comments. I was trying to get someone back for...
I want to say over the weekend, went for a hike and we got donuts after I was trying to send it back. And I was like, wow, it's seven clicks for me to be able to send you money through my banking provider. It's a lot of clicks to send someone money.
And everyone talking about Venmo and how these services exist down in the States. I wouldn't be mad if we had one thing like that up here. I know I Apple with iMessage was in app transfers of money. And I'm like, I would be great with that. $20 in two clicks. Yeah. I think the, the big thing here is like our, just our financial regulations in Canada are so much tighter and to, to,
Like there are very rarely no new, like new banks don't just show up in Canada. And the problem is, is that to create a system like that, you need to partner with a bank who pays tons of fees and then you have to pay them tons of fees. So like a single transaction to send $3 for donuts to your friends actually is going to cost the backend like a dollar, which is just like unfeasible.
We were talking about moats earlier. It's like we have very intense financial regulations and a very small cohort of banks that basically control the country that are super cool about that. It's good stuff. To wrap up, so we've talked about PumpFun. New story. We've talked about PumpFun on this show before. It's a Solana-based meme coin platform.
If you've heard stories about meme coins over the last six months, give or take, they were probably created and largely sold on PumpFun. I feel like everybody's heard about meme coins in the last six months. The Hawk2A coin? Yep. That actually comes up in this story. So this one's, there's a lot of...
There's a lot of allegedlys floating around in this one. This is why we're ending on it. So there's a class action lawsuit against the Solana-based meme coin platform, PumpFun. And it's taken this kind of weird turn when some researchers did an on-chain analysis that linked the law firm behind the suit to a very controversial token. It's called Dogecoin.
language warning, a dog shit to token, which is a meme coin that searched to $23 million before collapsing 90% of value. Um, so this legal action filed by Berwick law and Wolf Popper on January 30th, ledges that tokens created through pump fund constitute unregistered securities, an interesting argument, uh, and that the platform had amassed about $500 million in fees for selling these unregistered securities. Uh,
Court documents reportedly, however, contain wallet addresses that connect the law firm to Dogshit2, leading to speculation that the firms were in some ways financially involved in the same speculative market that they're now litigating against. This one's just interesting. It's just a fascinating story that...
if you want evidence about how many folks are involved in meme coins, potentially so is a lawsuit that is suing the meme coin platform. In standard Scott way, I sidetracked and saw if the hack meme coin and what the market cap of it is. And the market cap is currently zero. So maybe we should buy all of the meme coins. No, we should not. I'm nodding and shaking my head. No, I love,
May it stay at zero. By the way, we have no affiliation with the hack meme coin. We genuinely don't. I don't want to speak for you, but I think neither Scott nor I are very fond of meme coins. As a form of investment vehicle. If you feel like burning some money, then why not? Yeah, if you want to burn money, join our Patreon. Patreon.com slash hack podcast. Not this way. Yeah, interesting. Interesting. Yeah.
Yeah, that's an interesting one. Okay. Do we have anything else we want to talk about? I don't think we do. I think we could probably stick on this for a little bit longer, but we're pretty close to the end. It's been about an hour. Hopefully everyone that was driving somewhere while listening to this has arrived at their destination, and I feel like we can probably put a pin in it. Okay, well, I think another shout-out to our YouTube, youtube.com slash at hackedpodcast.
store.hackpodcast.com if you want to grab some merch, some gear. Patreon, patreon.com slash hackthepodcast. And then I'm just going to give one big final shout out to our new presenting sponsor. Again, we're very, very excited to have them. That's Push Security. It's a super smart approach to a really big problem. If you want to lock down identities in the browser at your organization, check out pushsecurity.com.
And to tag onto that, I will say, listen to the next episode that we released with Adam. Because it's really good, especially if you're technically inclined, he's very smart and you can tell, and he lives and breathes this ecosystem and yeah, it's worth a listen. Definitely check it out. Yeah. We, uh,
Just to peel back the curtain a little bit, we didn't need to have him on as part of the sponsorship. We'd just spoken with him enough times that we're like, this is the kind of person that we would just have on the show. This is going to be a cool conversation. We think our audience might genuinely like it. So yeah, that's some SpawnCon right there. But we did it because we think you might like it. Totally. So we hope you check it out. Until the next time, however, I think that's another one in the bucket. Take care. Catch you in the next one.
you