US Soldier Arrested for Hacking + Honey Plugin Scandal + Listener Creates Bitcoin Pizza Website
01:03:45 Share

I had this whole intro story written for this episode, and it concerned a 20-year-old U.S. Army soldier arrested near Fort Hood, Texas recently, accused of being Kyber Phantom, a hacker who leaked sensitive call records amongst that stolen data, logs of the then two presidential candidates. It's a fascinating tale. We're going to get to it. And then I remembered something that a listener sent us after the last episode, and I think we got to start here.

with a little website called HowMuchDidThePizzaCost.com. How much did the pizza cost, Jordan? Oh, well, why don't we go ahead and refresh it and find out. So for anyone that didn't listen to the last episode, or maybe doesn't know, there's this thing called the Bitcoin Pizza.

It's the first commercial transaction ever done using bitcoins. Laszlo Hanyacx, a Florida man, agreed to pay 10,000 bitcoins for the delivery of two Papa John's pizzas. He goes on a Bitcoin forum, says, quote, "I'll pay 10,000 bitcoins for a couple of pizzas, like maybe two large ones, so I'll have some leftover for the next day."

British guy takes him up on the offer, bought the two pizzas in exchange for the 10,000 Bitcoins. It's the first commercial transaction using crypto. Pretty famous. People like to talk about it. We talked about it on the show, didn't we, Scott? We sure did. And one of our listeners and one of our Discord members, whose name is... Asher Parasini.

Asher Parasini made HowMuchDidThePizzaCost.com, which you can visit at any time to see how much that gentleman paid for those two pizzas. And it is currently... Oh, no. Do you want to read it or do you want me to read it? Yeah. So at the time of the original purchase, it was about $41 worth of Bitcoin. And at time of recording, I'm just going to refresh it.

That is $915,529,600 for two Papa John's pizzas. That's right. If you want to know how much did the pizza cost, you can go to howmuchdothepizzacost.com, which we joked in the show. Surely someone must have made a website where you can track how much the pizza cost, something like howmuchdothepizzacost.com.

We were just really excited that Asher hacked this site together. It's 2025. It's a new year. It's a year of taking wacky ideas and making something out of it. So we're going to start here with howmuchdidthepizzacost.com. And then we're going to work our way backwards to crazy hacks and browser plugin scandals and all manner of interesting hacked stories on this episode of Hacked.

Scott, how was your break? Fantastic. Glad to hear it. Fantastic. Yeah, it was really good. I actually, it's been really sad because we were, for the first part of the Christmas break, we were actually down in California and we were surfing in L.A.,

And we were in the Pacific Palisades and a lot of the places, like we stayed in Brentwood, which is currently being threatened by the fires as of date of recording. And lots of the places we were, Topanga, you know, Pacific Palisades, edge of Santa Monica are all currently burning or have burnt.

So heart goes out to all of those affected by it and tragic, tragic loss of a beautiful part of the world, honestly. Yeah. My partner was down in LA kind of near the end of last year as well with a friend just sort of touring around and hanging out with folks that she knows there and

There's a lot of hope you're okay text messages going out over the last kind of week. And there's, I know folks that listen to this show that live in that part of the world. So if you've been affected by this or you know someone who has, hearts go out to you. It's,

It's just brutal. Yeah. What else? How was your break? Mine was fine. Comparatively speaking, it was good. I kind of came home, got to see a bunch of people, which was really, really nice. And then we came back here with just enough time to couch lock, veg out, relax a little bit. Recover. Recover and get ready for what is a very exciting but a nice dense year.

A lot of things going on. A lot of things like Hacked is now on YouTube. Hacked is now on YouTube. Part of the reason I wanted to open with the story of how much did the pizza cost.com was

Top five website immediately added to bookmarks was because we had spent, you know, a little bit of time before the break hacking together something ourselves. Just trying to make things and put them out in the world and see what it does. And one of those was a YouTube page of the show. In order to do that, we didn't want to just slap the album art on it and upload it. We wanted to do something a little bit more interesting. So we worked with a collaborator and friend, Nick, who's

who cracked open a piece of software that I hadn't really worked with before called Cavalry. Yeah, we...

I wrote a Python script that took the RSS feed, compiled all of the relevant information in the audio files into an Excel spreadsheet, CSV. Nick was then able to load that into Cavalry. He built out a bunch of animation loops. So actually what you're seeing in the YouTube animations is real video footage that has been edited.

kind of broken down to a grayscale version of itself and then ASCII art re-rendered as ASCII art with different characters representing different blocks of the grayscale. So we managed to automate the process and we managed to animate 100 back episodes. So we've been releasing one a day. I think we're on five episodes

As of time of recording. If you are a fan of the podcast, a fan of us, if you want to help out, please visit youtube.com slash at hacked podcast. Sub, watch some of the videos, drop some likes. We would appreciate it greatly. The URL again was youtube.com slash hackedpodcast.

hacked podcast, but we're trying to get to partner status. We need a thousand subs and, and everyone helps. So if you have the ability to, we would greatly appreciate you taking the effort right after you visited how much did the pizza cost.com. You can use that same tab to shoot over to YouTube, give it a like, give it a sub and,

Click the bell for the notifications. And yeah, we've been putting out one a day just in the back catalog episodes. Something that some people don't know and most people don't know, I would say, is that Jordan and I have been recording the more recent episodes with video.

And we're trying to figure out what we're going to do with that to release actually like a video version of the podcast, as well as we've been working on some ideas and stories for some unique content pieces that will be coming in the new year. So the YouTube channel is something that we're going to be putting a lot of effort into. So we hope you take the time to join us on that journey.

Yeah, you guys did an awesome job. It looks fantastic. If nothing else than to see a really, really cool visualizer made with some neat, newish tech. It's definitely worth checking out. Hacked Podcast on YouTube. You'll recognize the album art. It's a lot of fun. And yeah, I think it could be a... I'm really excited for it. I think it's going to be a fun project in 2025. Yeah, same here. Same here. But in the meantime...

We've got some stories to talk about, Scott. Nothing's happened. Nothing's happened. Nothing's occurred. The world's the same as it was like four weeks ago, is it not? Totally.

There's like, so there's some more urgent news type things. But there was this one story that I bumped into over the break. Crabzon Security did a bunch of really cool reporting on it. It was touched on by a couple other sources. It ties back to a bigger story from last year. And I want to dig into it a little bit. If for no other reason than it was going to be the intro story of the episode, replaced by the far more urgent story.

How much did a pizza cost.com? Pretty recently at the end of last year, a 20 year old us army soldier was arrested near Fort hood accused of being Kyber phantom, a hacker who leaked these sensitive call records inside of which were calls for Kamala Harris and Donald Trump. It was a big story.

Weeks earlier, another hacker, Connor Riley Mucha, known as Judish or Waifu, we've talked about him before, they all have many handles, was arrested up here in Canada.

Muchu is accused of breaching over 160 companies, including Snowflake. It's a hack we talked about on this show. They're a cloud storage service used by major corporations around the world. His attacks exposed tens of terabytes of sensitive data, telecom records, financial information. It was a big breach of 2024. According to investigators, including some really fantastic reporting from Krebs on security, there is a connection between the two of them.

Before his arrest, but after Mucha's, Wiginius reportedly admitted to his mother, "You know that guy on the news that we keep hearing about at the heart of this giant breach and hack and arrest? I know him. He was allegedly distributing stolen data as part of the same sprawling cybercrime network. And when Mucha got arrested, their paths got even more tangled up in each other." And it becomes something bigger than a story of just the two of them.

Um, as individuals, you've got this soldier trained on secure communications and a Canadian with a reputation for, I guess, extortion and cyber crime kind of orbiting one another in this really fascinating way that reveals all this stuff about systemic weaknesses in telecom security. 2020 kind of kicks off, uh,

That's when Mucha, Kitchener, Ontario, he's already kind of a prolific hacker going under the name Judish. He specializes in data breaches, extortion. He's targeted over like 160 companies by that point, allegedly major names, AT&T, Ticketmaster, and as we mentioned, Snowflake. Then you've got Cameron. He's this tech-savvy Minnesota native, joins the U.S. Army as a communications specialist. He's managing radio signals and network infrastructure stationed in South Korea.

The fascinating part of this story is, oh, there's a soldier doing this on his spare time. For anyone that doesn't remember the 2024 Snowflake breach, a cybercrime group called UNC5537 starts targeting accounts on Snowflake, this cloud storage platform. They exploited stolen credentials obtained through an InfoStealer malware to access a trough of corporate and government data.

Mucha was allegedly the primary orchestrator. He accessed the sensitive information, outsourced some of the stolen data's distribution to associates like, allegedly, Wagenius. Wagenius. What a name. Wagenius. Write the name. It's got Wagenius, right? It's got genius in it.

He was destined for something big. Yeah. Is he to a genius what Waluigi is to Luigi? That's not even meant as a dig. It's more just an observation of the wa prefix. I like your assessment. I appreciate that.

So news of Mooka, the Canadians arrest goes live and Cameron with genius under allegedly this alias Kyber phantom makes a pretty bold move, which is where we start to see the connections between these two. He goes on breach forums and he claims to have a bunch of AT&T call logs tied to Donald Trump, the then vice president. He put,

He does a post that says, in the event that you do not reach out to us at AT&T, an American news network, all presidential government logs will be leaked. It was signed with the hashtag, hashtag free waifu, in reference to Mucha's recent arrest. Wagenius then posted what he claimed was a data schema from the NSA via AT&T and started offering Verizon push to talk call logs. He's on a sales push, essentially, after Mucha gets arrested. Marketer. He's marketing for this whole operation. It's a natural thing.

He's a genius marketer. He's a genius marketer. So in November 26, Krebs on security, which is kind of where I started reading about this, identified that this Kyber Phantom character, this Waluigi of marketing for this larger operation is likely being a US army soldier. Despite some efforts to delete pretty incriminating Facebook content, Krebs' digital forensics tied with geniuses activity to his real identity.

There were telegraph messages where Wagenius was claiming to maintain a botnet that had some connection to this. There were just small little strings that they started to pull on, bringing us to this moment now and why we're talking about it. December 2024, right before the break, the arrests. Cameron Wagenius is arrested near Fort Cavazos, Texas, charged with unlawful transfer of confidential phone records.

It's a fascinating story about these two guys of the same generation, but from two totally different backgrounds, a Canadian and an American soldier who found each other in this ecosystem of online sites and work together. And there's a real sense that Wagenius was like pretty upset when Mucha got arrested, maybe potentially because of what it foreshadowed for him, but also just because these guys work together.

they were doing this giant operation together and it started to fall apart. It's a fascinating story. Well, did his bragging to his mother lead to what got him arrested? I didn't see any evidence of that. The only reference I could find to

to Wagenius' mother was that original piece of reporting from Krebs. I keep bringing him up because a lot of different platforms covered this story. There's a ton of other sources about Mucha and a bit about Wagenius, but he seemed to be the guy who went to the source and found that connection. And that specific part of it, I'll flag, isn't a direct quote. It's alluded to that there was a reference, but the text itself I don't think was provided. So I don't think there's any evidence that his...

How do I put this? His mom narc'd on him. But in retrospect, it was... See, the thing for me is I feel like we could build a wall of hubris and just all of the cyber criminals that get brought down not by their own misdeeds and their inability to cover their tracks, but actually just get brought down by...

bragging about it. I remember the one that always pops into my mind was an episode from last year. Alexander Zhukov, the self-proclaimed king of ad fraud. Yes. Can you guess what he got taken down for? Like it's those kinds of things where you're like a couple mil deep into a thing and there's no scent of law enforcement nearby. It's like,

I would imagine that the people who do this persistently for decades are the folks that are able to suppress those instincts to not... And again, Wagenius was picking fights. There's a cybersecurity researcher who spoke a bit about this, Allison Nixon from Unit 221B, who...

She had a great quote on this. It was, um, anonymously extorting the president VP as a member of the military is a bad idea, but it's an even worse idea to harass people who specialize in de-anonymizing criminals. And that's what you see in the tone of this is, uh, assuming with genius is Kyra phantom. He was bringing a real like internet gaming shit poster dialogue style of like, kind of like scrapping over the internet and,

to a breach forms post about like very, very, very high level, serious cyber crime. And if nothing else, that's not a good idea on like an emotional level. It's like, you're just, you're bothering them. Like that, that mode of communicating is to bother other people and maybe don't bother them because you are doing international crime. Allegedly. You're inciting your own downfall. A little bit. Yeah. Yeah. Fascinating story that we were going to open on except, uh,

We didn't. The pizzas. The pizzas, Scott. 10,000 Bitcoin for pizzas. We're just going to keep looping on that all year long. Just keep looping on it. Yeah. It's just, you can't get away from it. No. $1 billion. Round it up to $1 billion. I feel like that's... We'll round it up to $1 billion. We'll round it up to $1 billion.

Where should we go next? I feel like one of the big things that I saw a lot over the Christmas was the fall of honey. Yes. I think we got to talk about that one. Have you ever used honey? No, because...

I would never. This is falling into those, like, there's another story that broke over the holidays that's kind of related to this. It was somebody leaked a list of common applications on your cell phone that are actually just selling your personal tracking information, like your location data. Oh, sure. So it's like, I feel like Honey was the OG of that, you know? Like, the second I saw Honey, I was like, this is just a company that's stealing my data and selling it.

And I was like, I'm not going to install this. It's demanding access to all of my browsing history, my live browsing pages, all this stuff. I was like, I know what this is doing. And I was like, I'm not getting it. And now they're in trouble. Surprise. They sure are. It's interesting because my joke, we make internet content and we read ads sometimes. And my joke, whenever I'm talking to people about my job, is I'll just randomly pepper in a reference to, brought to you by...

some drop shipped mattress company that I won't say. But I feel like Honey was really the pioneer of that. Like Honey was one of the first major brands that was sponsoring online creators. And that's why we all know about them, even if we didn't use it. They were huge in that ecosystem. And it makes the nature of the alleged fraud all the more fascinating because they weren't

To your point, they might have been stealing customer data, but that's not why they're in trouble. No. They're in trouble for what they were doing to that ecosystem of creators that they were, in a very real sense, kind of pioneers of. Yes. I feel like this is going to open up a philosophical conversation about...

As content creators and content creation grows, as this ecosystem gets bigger, how much liability do the content creators have for their partners and advertisers? Like you saw this with FTX.

Larry David got sued over the FTX scandal. And it's like, he was just in a TV commercial. He was an actor, paid an acting fee to show up and read lines. And next thing you know, they're like, you are part of the problem. I'm naming you in my lawsuit because you...

Convinced me to open an FTX account a YouTube creator called mega lag posted this giant YouTube kind of essay breaking down What honey is allegedly doing it resulted in sort of a cascade of other content creators posting about it for anyone that doesn't know Honey is a essentially a coupon browser extension the idea goes you install honey You go to a website to buy something you click a little button and it goes and finds the best coupon code on the internet and

What Honey is being accused of doing kind of has two different parts to it. If anyone's interested in this, the Megalag video is really good. It's worth watching. Suffice it to say, there's a bunch of content creators who are now suing PayPal. Honey's owner...

Honey hasn't been found guilty, but we'll dig into why. When a content creator forwards someone to a website to go buy something, typically they get a cut. It's a pretty big part. We don't talk about products on this show, but that's a huge part of the internet content creator economy is just forwarding people to sites where they buy something and then the content creator gets a cut. The first of the two things that Honey was allegedly doing is stealing that affiliate revenue. So they're paying content creators to tell people how great Honey is.

And then if at any point in the future, the viewer of that piece of content is installed, honey, and they get a direction from that original content creator saying, yes, I am going to buy this based on your recommendation. Honey, at the very last second, does something called last click attribution where they scoop away the money that would have been going to that original content creator and they claim it themselves.

This is the first major part of what Megalag was talking about in the video as Honey is doing that was a little bit duplicitous. Most people didn't know that for years they were using this plugin that whether or not they clicked on the coupon code, whether or not they used anything, like the second it was installed, all of that referred money that should have been going to those content creators was now going to them. The second part of it had more to do with what the promise of the product actually is, which is that we go and we find the absolute best coupon code on the internet for you.

That's the reason you install it. There's a little bit of a deal between the user and Honey. And it turned out that Honey had something called a partner store system where brands could go directly to Honey and say, and we're rounding off a lot of detail here, don't serve them the best coupon, please.

- Serve them this coupon and we'll give you 5% kickback. - Provide a different coupon for less money. Provide our preferred coupon. I'm guessing this is on a case by case basis between the companies and Honey, but between the fact that Honey was engaged in this last click attribution system

And the fact that they were selling people on finding them the best coupon code. But if you paid Honey, they wouldn't. That's sort of why the whole thing melted down. And now you have a bunch of people suing Honey. A bunch of high-profile people. Really high-profile people. I think Legal Eagle, if anyone is familiar with his...

It was great. It was good content. You should watch it. Marques Brownlee posted a big, long video about it. I think Linus Tech Tips. These aren't folks necessarily involved in the lawsuits, but they've all posted some piece of content saying, boy, sure does suck what Honey did. Yeah, it does. Here at Hacked, we only read ads. We have not had any kind of deal like this, but I could see that being a massive thorn in someone's side, especially...

When so much of their audience, so much of their credibility went to pushing something. And then to have all of the rewards of that execution to be taken away is ad fraud. King of ad fraud. Yeah.

How expensive is your car? Allegedly. It's alleged ad fraud. Alleged ad fraud. There's a lot of allegeds in this episode. One thing that isn't alleged that we think I can just talk about, trying to work through stuff that happened over the break. Are you familiar with a technology product called, I want to make sure I'm pronouncing this right, Siree? Do you want my phone to go off? Is that what you're trying to say? Yeah, I'm trying to avoid everyone's phone going off by saying it wrong.

Apple's intelligent assistant. Yes. The one that's on your phone and watch and laptop. Yeah. S-I-R-I. S-I-R-I. I think I've avoided triggering it both times. I have noticed over the break, I was doing some research on some smart home stuff, and a lot of it talks about Amazon's smart home system, which has the name...

And I notice in all of the content...

Everybody that reads that word, they like dub it down 40 decibels so that it doesn't trigger all their devices. So I think we have to do the same thing here. It's S-Eerie. S-Eerie. S-Eerie. Well, Apple has agreed to a $95 million settlement with users whose conversations were captured inadvertently by a voice assistant whose name we will not mention and potentially overheard by human employees. Proposed settlement. It's been reported on a little bit. I think Bloomberg broke the story.

could be paying US-based Apple product owners for up to five Siri-enabled devices, 20 bucks a pop. Still requires approval by a judge, but it's a pretty big story. It's not all iPhones, but it's a very large subset of US-based people. Because it's iPhones, iPads, Apple Watches, MacBooks, iMacs. Their whole product line has this thing woven into it, 20 bucks a pop.

$20, 95 million to Apple is like a rounding error. The currency fluctuations between European and US dollars on a daily basis are way more than 95 million in their books. So I would call this negligible, which is funny. Only 100 million negligible to them.

Yeah, totally. You could call it a slap on the wrist, but you would notice a slap on the wrist. Yeah, exactly. It's a class action lawsuit brought against Apple. There was a report in The Guardian in 2019 which alleged that third-party contractors hired by Apple could, quote, regularly hear confidential medical information, drug deals, and recordings of couples having sex. That is pulled from the original Guardian report. Yeah.

when they were working on Siri's quality control specifically. Siri is supposed to be triggered by a deliberate wake-up, oh, I just triggered her, hit. It's supposed to be triggered by a wake word, like I just used the whistleblower in this Guardian report that led to this lawsuit alleged that accidental triggers are extremely common. The one I liked was the sound of a zipper opening.

sounds enough like saying that word that it could wake her up and then suddenly you have whatever audio it's receiving being kicked on over to Apple where it is in some cases allegedly handled out to third-party contractors and Apple might notice if they lose this lawsuit they might not notice if they lose this lawsuit they probably don't notice

I think as long as their stuff with the Federal Trade Commission goes well, they'll be just happy. And I bet it does, and I bet they will, for a bunch of reasons. Why don't we... Why don't we kick it over to the Attawasis? I think we kick it over to the Attawasis. And then when we come back, I think we've got a big old location data breach to talk about, as well as just a really, really weird story set in the school. Ha ha ha! Ha ha ha!

Every once in a while, a new security tool comes along and just makes you think, this makes so much sense. Why has nobody done this already?

And why didn't I think of it? Well, Push Security is one of those tools. I'm in a browser right now. Most of us do pretty much all of our work in a browser nowadays. It's where we access our tools and apps using our digital identities. Push turns your employees' browsers into a telemetry source for detecting identity attack techniques and risky user behaviors that create the vulnerabilities that identity attacks exploit.

It then blocks those attacks or behaviors directly in the browser, in effect, making the browser a control point for security. Push uses a browser agent like Endpoint Detection Response uses an endpoint agent. Only this time, it's so you can monitor your workforce identities and stop identity attacks like credential stuffing, adversary in the middle attacks, session token theft.

Think back to the attacks against Snowflake customers earlier this year. These are the kind of identity attacks that Push helps you stop today. You deploy Push into your employees' existing browsers: Chrome, Arc, Edge, all the main ones. Push then starts monitoring your employees' logins so you can see their identities, apps, accounts, and the authentication methods that they're using.

If an employee gets phished, Push detects it and blocks it in the browser so those credentials don't get stolen. Like we said before, it's one of those products where you ask yourself, why isn't everyone already doing this? The team at Push all come from an offensive security background. They do interesting research.

into identity SaaS attack techniques and ways of detecting them. You might know of the SaaS attack matrix. Well, that was the folks at Push that helped develop it. And those are the kind of attacks that they're now stopping at the browser. A lot of security teams are already using Push to get better visibility across their identity attack services and detect attacks that they couldn't previously see with endpoint detection or their app and network lock.

I think this is an area that's blowing up and not just identity threat detection response, but also doing threat hunting at the browser level. Like it just makes sense. Push security is leading the charge here. It's a very cool product, a very cool team, and it's well worth checking them out. Push security.com slash hacked. That's push security.com slash hacked. Scott.

Why do you love Notion? I love that you just tossed this to me because I love it so much. Because I know you love Notion. Because I'm reading this data and this advertising notes out of Notion. I love it because it's just a great place to put things.

It's a great place to structure data. It's a great place to build small apps. It's a great place to use contextual AI to facilitate, you know, my work and personal life. Like I store everything in it. Now I have literally have notion documents that store all of my bikes and my wife's bikes and every part on them. So that when I have to order maintenance pieces for them, I know exactly what model of, you know, rear shock it has and,

I use it for so many things. So I can't tell you why I love it. I just love it. It's just a feeling, something you feel in your heart. When you get a really good piece of software that combines your notes and docs into one place, that's simple and beautifully designed with the power of AI built right inside of it. Not another separate tool in a different browser or a tab. You don't have 75,000 tabs running live. You just got Notion. We used it just the other day. We use it every day. It's a huge part of our workflow. Just the other day, it's like I have...

two instances of it in front of me right now. Um, notion is a place where any team can write, plan, organize, and rediscover the joy of like, it makes work feel a little bit more playful. And that's really, really cool. Um, it's a workplace design, not just for making progress, but like, you know, getting inspired, like you're in the same room together. It's also like the, the, the big thing for me is that it's like a, it's like a app building environment. It's like, you can build data driven applications so quickly and easily. Um,

I know lots of famous content creators that use Notion to manage their workflows and projects when they're making new YouTube videos or podcast episodes. It's just a great place to put data, access data, structure data, move processes. It's just so good for so many things. And you know what? Our fine, fine listeners can try Notion for free when they go to notion.com slash hacked.com.

That's all lowercase letters, notion, N-O-T-I-O-N.com slash hacked. You can start turning ideas into action. And when you use our link, that hacked link, you're supporting our show. So when you invariably do go to sign up for Notion, because it rips, notion.com slash hacked.

The NFL playoffs are better with FanDuel because right now new customers can bet $5 and get $200 in bonus bets. Guaranteed. That's $200 in bonus bets. Win or lose. FanDuel, an official sportsbook partner of the NFL. 21 plus and present in select states. First online real money wager only. $5 first deposit required. Bonus issued as non-withdrawable bonus bets which expire seven days after receipt. Restricted.

Restrictions apply. See terms at sportsbook.fanduel.com. Gambling problem? Call 1-800-GAMBLER. And we're back. And we're back. Here we are, learning together. Speaking of learning.

Arizona State Board for Charter Schools, just before the break, it was December 19th on a sleepy little Monday, by a 4-3 vote, they approved something called Unbound Academy. It's a private school serving grades four through eight. And I wanted to talk about it because they approved a fully online AI-based instruction. So there's going to be kids throughout Arizona getting taught pretty much entirely by chatbots. It's already running in Texas. Yeah.

which is how it got approved. So cool. Love this. Yeah. So a two hour learning model. I think they're looking at going to Arkansas and Utah as well for this, which is like, why not? Why not? But, but, but it's apparently it's largely AI driven. The curriculum is constructed, but it uses a lot of Khan Academy, IXL, other like online resources for the actual training pieces. Yeah.

which is good. There's still humans in those. If you've ever done a Khan Academy thing, which I have, um, they're pretty good. Yeah. They're fine. Pretty good. Yeah. No. So yeah, like you said, they use something called a two hour learning model. Um,

Yeah, kids are getting two hours of like traditional academic instruction daily. They've taken a bunch of content from things like Khan Academy, IXL. They've processed it through an AI system. It seems just based on my initial reading of this proposal. And then they have AIs analyzing students' responses, the amount of time they spend on tasks. Even they describe them as emotional cues in some of their documentation. There's a private school in Texas called

run by and bound. The Alpha School. The Alpha School. It claims that students learn twice as much as traditional school students despite limited academic hours. These are starting to pop up all over the United States. It's basically just trying to figure out how much time can a student not be in front of a teacher and instead be talking to a chatbot that was trained on real teachers through services like Khan Academy.

I don't really know what to do with this story. Other than to say I'm very infrequently, I don't feel like doomered. Like I don't feel blackpilled or anything by tech stories all that often. I think it's a...

It's a slow march and it is what we make of it. But man, there's something about kids in a classroom getting taught by chatbots that just really bums me right the fuck out. I don't like it one little bit. Well, so this is an interesting one for me because I'm surrounded. Like a lot of my in-laws are all teaching. They're all education people. And when COVID hit, we had really intense philosophical conversations about learning. And for me, like, and this is going to be

putting a foot in the risky category, but it's like, there's been nothing disruptive in the educational space for a long time. You know, the educational space is, is a public service that's largely controlled by massive, powerful unions that,

Any disruption to it would affect their membership base. So they don't want major disruptions. I can see the look of uncomfort coming on your face. But in reality, that system hasn't evolved much. It's been the same since our parents and our parents' parents were students. And in reality, we know way more about the way that people learn. Different children learn in different ways.

different children recall in different ways and the system hasn't been really truly modified at a systemic level to affect that.

So it's like, I am actually a large fan of us disrupting and evolving the education system because like it didn't work for me. I was like a high performing student that got good grades, but like I didn't need to be in class for those grades class. I was a disruptor in the class. I affected other kids learning where if you'd given me, if you'd given me something like this two hours a day to just

brutally consume information, I would have loved it. I would have crushed it. And I would have the rest of my day to go about my pursuits and hobbies and activities and cyber crime. Sure. Doing crimes. I hear you. So for me, it's like I'm more pro on this issue than I am dystopian about it. I think that there should be

That the education system does need some disruption to be better suited to handle all of the different types of learners in it. Because I feel like it's structured for like the lowest common denominator baseline student, where I think that we see now that there are

So many different ways to teach and distractions and kids that have anxieties and different, different things that impact their learning. You know, not even that, like I would say that I've carried that into my professional career. Like my most effective hours are between 9 PM and 1 AM. So it's like, I save all of my like hardest, most brain tasks, like,

till 9 p.m. at night. And I happily work those hours because that's when I'm most effective at writing, doing advanced thought, things like that, because my brain slows down enough for me to focus on it. And the same thing went for school. I was never a great student. I had good grades, but I was never a great student. The larger point that a one-size-fits-all educational system for kids isn't good is couldn't agree with you more. I think we've known for a really long time that trying to fit

heck, 30 kids into the same box doesn't work. And then you scale that to the level of a school district. Kids fall through the cracks. And hopefully they're shrewd enough to fall in kind of the right direction. The idea that there hasn't been disruption, I'm fascinated by that. Because on one hand, yes. But that word gets used in different ways, right? Like there's the business way that we talk about disruption. And then...

So maybe it isn't disruption. Maybe it's natural evolution. Teachers Google things and use AI in their own like work processes in ways that are completely unrecognizable to when I went to school. And there were things teachers doing that were completely unrecognizable when my parents went to school.

I'm not sure that a move fast and break things approach to pedagogy, like in situ with kids is like, I don't know that we, I don't know that that is the mode for how that progress should take place. I think it, I think it should be more incremental. Yeah. But like the, one of the things like, so in, in Canada, the province of Ontario. Yeah.

had spent 10 years building essentially an online content delivery education platform for students to be able to take courses from wherever they wanted to, et cetera, et cetera.

That system was never implemented, even though it existed for 10 years until COVID hit. The second COVID hit, they turned it on instantly because they're like, well, we have a solution to this new problem of kids not being able to come to the classrooms. And it had spent 10 years on the lam because the unions wouldn't allow it to happen because it meant it might affect educational assistants, teachers, and other roles that were unionized, which causes essentially...

an inhibitor to evolution. I totally hear what you're saying about the existing system slowing down that kind of evolution or progress. I don't know that a race to reduce costs using this technology is the way to get over that hurdle, which you've correctly identified as a hurdle. But the last thing, I want to bring this up because I think this matters so much. I also bristled at parts of

my educational history. Like there were things that I was really good at and then there were parts of it that I wasn't great at. Some of it had to do with authority of teachers, some of it had to do as with all students with other students. I think that if there had been a system that someone could have just said, you know what? Let's let him avoid all of that friction.

Let's let him just, he just talks to a teacher for two hours and the rest of the time he's just using this software. It's this nice, and it goes, wonderful software. The bot's talking. It knows everything. It's trained on the best experts. There's videos here that explain everything. That's great. I would be such a, like,

this is just me I'm talking about. I think I would be like deeply stunted in a bunch of ways. Cause having to learn, I'm an only child. Like I had to learn to be around other kids. Yeah. Yeah. Yeah. I had to learn to talk and engage with adults that weren't my parents and like, but up against them. Like it's something about that. It might be that the educational content could be just as good. Um, it's that I'm like, Ooh, I, that, that one stresses me out. I don't disagree with you. Like, like, like,

When you come to the realization that the educational system is like a socialization system as much as it is an education system. But the thing for me is like, I think that that's a case by case basis. Like I get that you were an only child and I'm not saying that we should, like this is the thing. No, you're not defending it. You're not defending this specific thing. No, but I like the idea of advancements in educational delivery because I think that...

Truly, people don't understand or like people do understand. They're just not adapting for it. But the learning models that work for you might not work for me. And learning models that work for me won't work for Johnny. And that's fine. It's just the system should be able to adapt to it. Like one of the things that gets me is like the removal of...

like high performing students, like IB and AP education programs and stuff. Like if you are a shooting star of a student, the system should have a runway for you

And I hate that those runways seem to be going further and further away. Like they seem to be removing more of them. And I just don't think that's great for society. I think that the all-stars in society, the people that were born with the genetic ability to do highly active, highly academic functions should be harnessed and utilized by society. Like, you know, there are going to be a large creator of utility in society and they need to be identified early and adapted and

Anyway, I have strong opinions on this. No, I find it fascinating. This feels like a... I mean, there's two things there. There's what I think this is, which is a frantic rush towards austerity at any cost. And boy, we can sure replace a lot of buildings and human beings with bots. And whether or not those human beings have organized themselves in a labor context, it's like, oh, I don't think that's good. I don't think this is where we find those austerity measures. Yeah.

But systems like this, I feel like I had teachers who, again, figured out the ways. I don't think that being exceptional is like a single stat slider in a video game. It's like there's a myriad of ways people can be great at things. And it was teachers recognizing the things that I was good at that made me different.

That had a really big impact on me. Then you had good teachers. I did have good teachers. I would say that I had the opposite. I had some shit teachers. I had some really shitty teachers, but it only takes one. Yeah. Agreed. There's, there is a world in which, and I know T I'll have a lot of teacher friends and they're using AI in ways that to me is like interesting and compelling.

Like they're just using it the way that we use it as a tool. It can expedite certain processes. Well, knowing a lot of teachers and seeing them plan coursework,

I would say that they're just doing what the AIs are doing here. Like they're putting a Khan Academy video up in their classroom and being like, watch this and learn how to do fractions. In a very brief, small part of their job. Yeah, correct. They're able to use these tools. But to say that the tool is then doing their job is like, nope, that's a bad conclusion based on the previous point. Agree, agree. I do think that the... Like for me, I don't see this as a race to austerity. I don't see this as a way to get rid of bodies in a building. I see this as a...

as another form of delivery. Like you got to imagine, like say there's an exceptional athletic student who's been identified and he's going to be the world's greatest lacrosse player. But his becoming the world's greatest lacrosse player requires physical training, sport training, sports specific training,

All these other things that consumes way more time. And if he was going to be spending seven hours sitting in a classroom like you and I did, he would never achieve that goal. Where here they can give him a concentrated version of his or their curriculum. They can learn the academic things, which allows them to go pursue the other goals that they're gifted at.

And to me, like I see that as more of where this is, is like opening up time and space to pursue greatness in other regions while still meeting the barriers and bars that society holds as norms for educational and pedagogy. It's hopeful. Yeah.

I sure wouldn't have wanted to got taught this way. I would have liked it. The thing for me that this would have, like, even for my personal story, like as of grade 10, I went down to a three hour school day and I worked the rest of the day. Like I worked in tech. I built educational online course delivery systems for universities. And it was like, you know, that was when I was like 14, 15 years old. So it's like this, this,

to me, would have been great. Like, if I could have got my entire school day done by 10 o'clock in the morning and worked from 10 till 6, I would have been ecstatic. But I guess this isn't a story about a tool available to a tall poppy or whatever it is. This is a story about school boards seeing if they can administer this at scale with no mind towards whether or not this is going to be good for kids. Totally. To me, that's where it feels like it's not about...

a custom built learning opportunity for a specific kid. And it's like, what can we get away with? This is why you're the pest. It's weird that I get to find myself as the optimist role in this podcast so often, but for me, it's an optimism. Like even right in there, in their statements, they say that the,

The theory is that you spend less time on your traditional curriculum to free your rest of your days up for life skills stuff, which they also train, be it financial literacy, public speaking, goal setting, entrepreneurship, critical thinking, creative problem solving, and other like what I would consider to be more exciting topics than the traditional like pedagogy of school. So for me, I'm optimistic about this. I like, I think this is, it could be a huge failure. And if it is,

At least we tried. There's more lost in indecision than a wrong decision in my eyes. So I'm happy people are trying new things and looking at different things to better adapt and suit for every child so that every child gets the best quality education for them. We're agreed there. I'm hopeful. I'm always hopeful. I'm optimistic. Hmm.

While we're ranting about AI, I did see some less... Well, almost in the exact same similar light, you know, optimism, pessimism. The Zuck put out a story. It might have been in his interview on Joe Rogan. I haven't watched it. I don't know if you've seen it. Yeah, I really need to watch it just from like a social understanding, cultural perspective. But apparently...

They're finding AIs to be as good as most of their mid-level engineers. I saw this. And they're looking at ways to essentially integrate AI into their engineering core and reduce their headcount on engineers. It's a wild thing not to be trying to do. It's very intuitive that you would try to do it. It's a wild thing to say publicly. Very much so. To me, I actually think it's not...

like having used AI to facilitate development. It's like, like I've said it before on the show, it's like a junior programmer. Like I'm like, write me a function that takes these inputs and outputs these things and checks these condition cases. And it's like, here it is.

It's like that would have taken a junior programmer two hours to do, and you just did it in 15 seconds. Sure. I guarantee all of their existing engineers are already using these tools. Totally. I'm just curious why a person would go – well, I guess I'm not really curious. He has shareholders, Jordan. That's why he would go. I was going to say. I was like, I know the answer to this, and it's that you care more about pissing off or rather making happy shareholders than existing engineers.

Employees. Engineers and employees. And so you go on Joe Rogan and you say that. Yeah, that was a fascinating one. His quote, we will get to a point where all the code in our apps and the AI generates will also be written by AI engineers instead of people engineers. And this is shortly after Meta's...

call it failed rollout of AI bots inside of Instagram, I think primarily was where it was. They had a series of these AI generated personas and that were labeled to their credit as AI that I think were largely there for like data gathering purposes, like just seeing how people interact with different pieces of content, different demographics interact with certain types of

Sure, it's data mining. It's just data mining, for lack of a better word. So it's a fascinating one-two punch of that story followed immediately by this. Yeah, and then followed immediately by the open AI whistleblower being found dead in their apartment. Okay, what happened there?

So there's some engineer who had been three or four years at OpenAI left and didn't like what was happening in the for-profit conversion of OpenAI. It started as a not-for-profit converting into a for-profit entity. And this young engineer left and was perceiving themselves as a whistleblower. I don't know all the details on it, but they were found dead in their apartment.

So, you know, I'm not sure if it's a Boeing-esque situation, allegedly. Yeah. Open AI whistleblower Sushir Balaji. It's a young man's family, believes he was murdered. Yeah, wow. So there's some reporting on this in the San Francisco Standard. His mother has started publicly claiming not only was her son killed as opposed to dying by suicide, which is what the medical examiner at the city ruled was the cause of death. But that, yeah.

You can assume where it goes from there. That's a rough one. Yeah, there you go. Real dystopian. Real dystopian. Yeah. And I think he was blowing the whistle on where a lot of the data sets had come from and what the training data they'd been using was. Which I think is going to be the haunted closet in the AI ecosystem. I think you're dead right. I think that we're going to be untangling that for years. And it's kind of just this race to how woven into the world...

can this technology become before we realized it's built on a foundation of stolen, stolen, stolen shit. Yeah. And a big debate about whether or not that is stealing, which I will say that I, it's a fascinating, I used open AI the other day too. So there's like, I don't know if I should even say this, but it's like open AI is,

there's a lot of like market research companies that produce poor reports on things like, you know, an industry sector spec, like, like breakdown and, you know, be it marketing, finance, trending, you know, all these things. So there's these large research groups that make these large reports that they then charge large amounts of money for. It's like, we've spent months putting compile of like highly intelligent people doing research and compiling this data and putting out this report and

it's $5,000 if you want to read it. And it's like, okay. I asked open AI to summarize one for me that I did not have a copy of.

Actually, it started giving me bullet points about the report in other questions. Oh, you didn't feed it the report. You just asked it if it knew about the content inside of a very specific, like a dated, like real. And then I asked it if it could give me a very extensive, long form summarization of the report. Leave out no detail. Leave out no detail. And it did. Yeah.

And I was like, this is a $5,000 piece of information that I'm pretty sure they don't have a license to be giving to me on my $9 a month AI plan. And it just gave me $5,000 worth of information summarized by AI. So I didn't even have to read it. Didn't even have to upload it. So maybe somebody else uploaded it and was like, summarize this for me. And then it became part of its knowledge base. That's another, like if I'm, if I'm, if I'm one of those companies that,

I'm throwing up the flags right now being like, hold up. Yeah. Especially if, Oh yeah. There's a really wonderful piece of like investigative journalism to be done there. Um,

of, because I I'm sure that whatever that report was, there's other writing on the open internet about that report. And you could imagine it having parsed that kind of content. But what I'm curious about is if there's anything in there that is only contained inside of the original report, will it produce stuff that is hidden behind the wall? That is this $5,000 document that costs hundreds of thousands of dollars to produce blah, blah, blah, blah, blah. Cause if so, uh,

we found another one. Yes. I think we found another one. Oh, no. Oh, that's really interesting. I'm super curious. Off mic, we're going to talk about what that report is. Yeah, yeah, yeah. But if you found...

any content that shouldn't be indexed inside of an artificial intelligence, or you have any other fascinating story that you want to share with us, you should get, get at us at hotline hacked. Why don't we hotline hack.com and hack.com. Let's go throw it in here. Why not? Cause I'm curious about this. If anyone out there, maybe, maybe I'll do that story as, as maybe I'll have an AI, make a voice and I'll be on my line hacked episode.

Yeah, throw it in. Send it through the email. Oh, that's a good one. All right. Okay.

Why don't we wrap it up with just like a, just like a big old data breach. Sure. Let's do a big old, just a nice classic, just a classic one. Yeah. Uh, this one's fascinating because it's locations, extremely, extremely specific locations. It's great. You can put them on a map. You can see where stuff is that you shouldn't, uh, gravy analytics, a major location data broker in the States suffered a data breach, exposing location data of millions of people, uh,

The alleged hacker published samples of stolen data from consumer apps, fitness apps, dating apps, transit platforms. There were tens of millions of location points revealing where individual users of these platforms live, work, travel. The breach occurred. There was a misappropriated key in Gravy Analytics' Amazon cloud environment. January 4th, the hacker contacted Gravy Analytics directly saying, hey,

We got several terabytes of data. We got it. It was posted on a Russian cyber crime forum. 30 million location data points leaked so far, including sensitive sites. To say that the location of the White House was leaked or the Kremlin is a little bit silly, but there are sure people in those locations that

Some pretty high-risk stuff. And again, these are dating apps in some cases. Information from Tinder, Grindr, information from Flightradar. Though these companies are denying direct ties to Gravy, the original aggregator of this stuff, the data sure seems to be in there. Yeah. So funny enough, I actually talked about this exact...

data hack earlier when I mentioned all of the apps that track data started getting on. Yeah. Oh, with honey. It was because of this. No shit. Because of this data breach that they linked all the apps up and they could figure it out.

Yeah, I could see Gravy Analytics not being the person that they have the licensing agreements with, but I'm sure Gravy Analytics licenses that information from whomever they have the licensing agreements with. Yeah. Yeah. They rely on something, I find this interesting, it's called bid stream data, which I hadn't heard of this term before. It's data that's exposed during ad auctions. Hmm.

So the vulnerability seems to have been where if those sites have ads inside of them, the auctioning process, I guess, is how they... Grabs the location data. And that seems to be sort of where it came from. There's a lot missing in that explanation, but it seems to be rooted in the ad side of things, which again brings us back to... To ad fraud. King of ad fraud. To ad fraud. Okay.

Alex Sukoff. He's not a friend of the show. Yeah, it's a fascinating story. We hit a point where we kind of just stopped talking about more data got leaked. There needs to be more to it than that. But this one was interesting, I think, just because of the location side of things. And there's sure going to be more of those this year. Yeah. I think we talked extensively about location-based advertising in a previous episode, of which I cannot recall the number of.

Watch for it on the YouTube channel, youtube.com slash ad hack podcast. The, the, this to me is like a whole thing, you know, like it's, I don't think people fully grasp how much advertisers know about them. And that's speaking as somebody who works with this data in advertising. So it's, it's truly dizzying. Yeah. Um,

And a lot of it is, I think there's a lot of people that have a sense of like, you know what? I use this app and I don't pay any money for this app.

So presumably my data is being used to pay for this app. And I think a lot of people understand that a shit ton of people don't understand that. And that sucks. I, everyone should understand that if you were using a lot of these services that you are basically paying with your, your private data and that that's the deal you're making. And that deal was unpacked across 300 pages of terms and conditions that you certainly didn't read. Cause no one can read all of that shit. Um, but that is the deal you're making. Yeah. And like the,

behavioral analysis on your locations. Like, like how much do I want to unpack here? So like if you have location services on your phone, you have one of these apps that tracks your information and sells it to advertising data brokers. A little bit of analysis tells them where your home is because the device is often there, especially overnight. Yeah.

Then I can tie that to census data and other statistical information to figure out what the average household income probably is. I can look at your frequent stops. So the thing is, the double-edged blade of location information is that it's not permanent. It's not real-time tracking you. So it's only when you get a ping. So if you have notifications on on your apps and you have an app that has a location tracker in it,

They're pinging you notifications all the time to make you open the app so that they can take a location ping. It has nothing to do with just driving you to the content, but also to get another ping for your location. So it's a dirty business. And it's very valuable for us as marketers. But for privacy and other things like that, maybe not the greatest thing.

Yeah, that's fascinating. I would have assumed that that deluge of, hey, do you remember that this app exists? I won't name one. But that kind of pop-up that I just sort of systematically turn off every single time I get a new device. I think of them as being, we're just trying to boost our user hours. We're just trying to get people in this thing looking at it because some subset of them will either watch the content or click on the ad or use the service or pay for the thing.

a little, Hey, quickly give us a GPS ping so we can check out where you're at. Assuming you've enabled that you on your phone. That's interesting. Yeah. And I hadn't thought about it and that's a,

I know back in the day, like a lot of these were sports apps, like getting updates for games that are underway and things like that. Like those updates essentially did the same thing. Same with like weather apps, because you always have location services on for a weather app. So if you're using a free weather app full of ads, chances are your location data is being sold on you. Like there's, it's like a...

It's an interesting expose waiting to happen because I don't think, I think as much as you and I take it for granted and probably listeners of the show, I don't think the general public knows it. I think people have post Cambridge Analytica, a better sense that the like, are they listening to us through our phones? No, it's more insidious. But like that, that whole question is,

And the advertising side of the internet essentially are like, this is the same thing. If you're trying to understand the degree to which you are tracked and monitored on the internet and how the advertising ecosystem of the world works, it's like you were trying to understand the same thing.

Because there's not really much other reason to do it. No. Other than to try and sell people shit. And on that bombshell, thanks for listening to another episode of Hack Podcast. Please... The pizza costs $920 million. Oh, it went up. Or did it go down? Who knows? I thought it was $915 maybe at the beginning of the show. Who knows? It might have been. $919. Anyway. Very volatile. Continue with the show wrap-up.

Hotlinehack.com. Tell us your crazy stories. Store.hackpodcast.com. Buy some crazy stuff.

Hack podcast.com redirects to Patrion also redirects to the YouTube. Now please visit the YouTube asking politely and subscribe. Type in hacked podcast on YouTube. Uh, check out a cool visualizer and subscribe because we're going to be making some content that won't really be anywhere else at some point. Um, so, so jump in, join us please. And yeah, I think, um, a little teaser. We got a bit of a bit of an announcement in the works for later this month.

So a little tease there, a little salt. Just go drop it. Just leave it at the side of the table. And we'll see you next time. We'll catch you in the next one. Thanks for listening. You're a startup founder. Finding product market fit is probably your number one priority. But to land bigger customers, you also need security compliance.

Obtaining your SOC 2 or ISO 27001 certification can open those big doors, but they take time and energy, pulling you away from building and shipping. That's where Vanta comes in. Vanta is the all-in-one compliance solution helping startups get audit ready and build a strong security foundation, quickly and painlessly.

Vanta automates the manual security tasks that slow you down, helping you streamline your audit. The platform connects you with trusted experts to build your program, auditors to get you through audits quickly, and a marketplace for essentials like pen testing.

So whether you're closing your first deal or gearing up for growth, Vanta makes compliance easy. Join over 8,000 companies, including Y Combinator and Techstar startups who trust Vanta. For a limited time, get $1,000 off Vanta at vanta.com slash simplify. That's V-A-N-T-A dot com slash simplify for $1,000 off. Hey there, Ryan Reynolds here. It's a new year, and you know what that means. No, not the diet. Resolutions. Resolutions.

A way for us all to try and do a little bit better than we did last year. And my resolution, unlike big wireless, is to not be a raging a**hole and raise the price of wireless on you every chance I get. Give it a try at mintmobile.com slash switch. $45 upfront payment required, equivalent to $15 per month. New customers on first three-month plan only. Taxes and fees extra. Speeds lower above 40 gigabytes on unlimited. See mintmobile.com for details.