WEBVTT 00:00:00.890 --> 00:00:02.810 JACK: Today we’re going to talk with a wanted man. 00:00:02.810 --> 00:00:03.810 GIRAFFE: Hi. 00:00:03.810 --> 00:00:04.810 I’m Hacker Giraffe. 00:00:04.810 --> 00:00:07.990 JACK: He’s responsible for doing some hacking that’s hit the news in the last few months. 00:00:07.990 --> 00:00:12.680 GIRAFFE: Which are all hacks made to raise awareness about open devices and at the same 00:00:12.680 --> 00:00:17.179 time promote a YouTuber that I liked, which is PewDiePie. 00:00:17.179 --> 00:00:22.910 This is actually quite surreal for me ‘cause just three months ago I was introduced to 00:00:22.910 --> 00:00:25.090 your podcast right, and I was listening. 00:00:25.090 --> 00:00:29.329 I was like damn, what if I end up on one of these podcasts? 00:00:29.329 --> 00:00:34.400 It’s just so surreal for me because I totally did not expect any of this to happen. 00:00:34.400 --> 00:00:38.289 The last month of my life is a complete turn of events, really. 00:00:38.289 --> 00:00:44.190 DAVY: You best start believin’ in hacker stories, Mr. Giraffe. 00:00:44.190 --> 00:00:45.960 You’re in one. 00:00:45.960 --> 00:00:52.989 JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. 00:00:52.989 --> 00:00:57.600 I’m Jack Rhysider. 00:00:57.600 --> 00:01:02.239 This is Darknet Diaries. 00:01:02.239 --> 00:01:11.320 [OUTRO MUSIC ENDS] 00:01:11.320 --> 00:01:17.450 JACK: Just as a quick warning up top here, there are a few cuss words in this episode 00:01:17.450 --> 00:01:20.479 so if that’s an issue for you, you might want earmuffs. 00:01:20.479 --> 00:01:24.490 As we listen to our guest tell his story I want you to try to figure something out. 00:01:24.490 --> 00:01:27.340 Is he a good guy or a bad guy? 00:01:27.340 --> 00:01:29.259 An ass or a bro? 00:01:29.259 --> 00:01:31.439 And where exactly did he go wrong? 00:01:31.439 --> 00:01:35.180 He’s not exactly a master hacker but he’s learning. 00:01:35.180 --> 00:01:38.259 By the time he was in high school he had an obsession with computers. 00:01:38.259 --> 00:01:44.610 GIRAFFE: I had an enthusiasm with technology news and computer news and a lot of people 00:01:44.610 --> 00:01:45.610 didn’t seem to share. 00:01:45.610 --> 00:01:50.240 I always kind of felt out of place ‘cause everybody else wants to talk about cars, football, 00:01:50.240 --> 00:01:51.649 and stuff like that. 00:01:51.649 --> 00:01:52.649 I’m just like no. 00:01:52.649 --> 00:01:53.740 I want to talk about any of that. 00:01:53.740 --> 00:01:58.510 I just want to talk about computers and have you seen the latest news and latest tech? 00:01:58.510 --> 00:02:02.619 Oh look, somebody hacked I don’t know what, and stuff like that. 00:02:02.619 --> 00:02:04.299 I guess that’s how it started. 00:02:04.299 --> 00:02:10.869 Then people actually started saying oh, here’s The Hacker and my local nickname kind of – between 00:02:10.869 --> 00:02:12.410 my friends, I was The Hacker. 00:02:12.410 --> 00:02:14.489 I guess that’s how it kind of grew on me. 00:02:14.489 --> 00:02:16.550 HAGRID: You’re a hacker, Harry. 00:02:16.550 --> 00:02:18.200 HARRY: I’m a what? 00:02:18.200 --> 00:02:22.349 HAGRID: A hacker and a thumpin’ good ‘un, I’d wager, once you’re trained up a little. 00:02:22.349 --> 00:02:23.430 JACK: This was when he was young, though. 00:02:23.430 --> 00:02:26.970 He was simply known as The Hacker among his friends but he did earn the title of Hacker 00:02:26.970 --> 00:02:29.910 in high school because he was actually hacking into stuff. 00:02:29.910 --> 00:02:31.909 GIRAFFE: The school is running Windows XP. 00:02:31.909 --> 00:02:35.909 Just fire up good old Metasploit and just line a couple shelves, mess with the teachers 00:02:35.909 --> 00:02:37.550 and stuff like that. 00:02:37.550 --> 00:02:39.760 JACK: Messing with the teachers by hacking into their machines. 00:02:39.760 --> 00:02:40.780 What a jerk. 00:02:40.780 --> 00:02:45.380 But wait, he actually didn’t change his grade or didn’t steal any files. 00:02:45.380 --> 00:02:46.959 He didn’t dox the whole school’s faculty. 00:02:46.959 --> 00:02:51.260 He had access to this stuff but instead he just messed with the teachers like changing 00:02:51.260 --> 00:02:52.819 their desktop background and stuff. 00:02:52.819 --> 00:02:57.530 So yeah, it’s not cool to hack into the teacher’s computer but it kind of was a 00:02:57.530 --> 00:02:58.530 harmless prank. 00:02:58.530 --> 00:03:00.819 He kept learning more about hacking and computers. 00:03:00.819 --> 00:03:05.180 GIRAFFE: Being public and you need WiFi, so you just crack open one of the hot spots that 00:03:05.180 --> 00:03:08.890 are nearby, things like that, just really small. 00:03:08.890 --> 00:03:14.110 It’s like the equivalent of party tricks really, but hacking. 00:03:14.110 --> 00:03:19.209 JACK: You ever go to a place like a hotel or airport and when you connect to the WiFi 00:03:19.209 --> 00:03:21.120 there it asks you to pay to get on the internet? 00:03:21.120 --> 00:03:25.630 You ever try to figure out way to get around that and get on the internet without paying? 00:03:25.630 --> 00:03:29.060 That’s the kind of stuff The Hacker was doing in those days. 00:03:29.060 --> 00:03:31.620 Years go by of him doing various things like this. 00:03:31.620 --> 00:03:35.400 He’s becoming better at coding, better at computers, better at hacking. 00:03:35.400 --> 00:03:38.500 But of course he likes hanging out on Reddit and playing video games, too. 00:03:38.500 --> 00:03:42.769 For those of you who are redditors, do you think if we look at your favorite subreddits 00:03:42.769 --> 00:03:45.439 we’d be able to tell what kind of person you are? 00:03:45.439 --> 00:03:49.379 I’m personally always hanging out in the Podcasting subreddits, and then I like checking 00:03:49.379 --> 00:03:53.269 out the Crappy Design subreddit, and Tech Support Gore, and Cable Fail. 00:03:53.269 --> 00:03:56.040 Can you get a sense of who I am through that? 00:03:56.040 --> 00:04:01.220 These are The Hacker’s favorite subreddits: the Hacking subreddit, well, of course. 00:04:01.220 --> 00:04:02.220 Programmer Humor. 00:04:02.220 --> 00:04:03.220 Okay, funny IT jokes. 00:04:03.220 --> 00:04:04.280 I like those, too. 00:04:04.280 --> 00:04:10.129 Humans Being Bros. Oh yeah, wholesome stories and gifs of people doing nice things; good. 00:04:10.129 --> 00:04:11.979 Dank Memes. 00:04:11.979 --> 00:04:13.400 So he likes his memes dank. 00:04:13.400 --> 00:04:14.940 Okay, to each his own. 00:04:14.940 --> 00:04:15.940 Made Me Smile. 00:04:15.940 --> 00:04:19.220 Again, a nice wholesome subreddit. 00:04:19.220 --> 00:04:21.940 He also likes the subreddit I’m Going To Hell for This. 00:04:21.940 --> 00:04:27.920 Yeah, these jokes are a little too soon or are unfair but really funny anyways, making 00:04:27.920 --> 00:04:31.080 you feel like you might end up going to hell for laughing at it. 00:04:31.080 --> 00:04:34.910 For instance there’s a joke on there that says These Were Stephen Hawking’s Last Words: 00:04:34.910 --> 00:04:39.940 [WINDOWS SHUT-DOWN SOUND] Yeah, funny but tasteless. 00:04:39.940 --> 00:04:43.550 What can you say about a person who likes all these things at once? 00:04:43.550 --> 00:04:49.320 Maybe that he’s one part computer nerd, one part wholesome, one part dark. 00:04:49.320 --> 00:04:51.110 What does this recipe create? 00:04:51.110 --> 00:04:55.330 [MUSIC] There’s one more thing that The Hacker also likes; PewDiePie. 00:04:55.330 --> 00:05:00.800 GIRAFFE: Right, so PewDiePie is a Swedish YouTuber and plays games, makes jokes, and 00:05:00.800 --> 00:05:01.800 makes me [00:05:00] laugh. 00:05:01.800 --> 00:05:03.120 JACK: He’s not just some Swedish YouTuber. 00:05:03.120 --> 00:05:05.990 He’s the single most popular YouTuber in the world. 00:05:05.990 --> 00:05:11.390 In September of last year, four months ago, he had 65 million subscribers which is just 00:05:11.390 --> 00:05:12.390 phenomenal. 00:05:12.390 --> 00:05:16.090 I mean, these are bigger numbers than some mass media outlets get and he’s just an 00:05:16.090 --> 00:05:17.090 independent creator. 00:05:17.090 --> 00:05:21.340 He’s just some goofy guy who posts a lot of memes, internet jokes, and mispronounces 00:05:21.340 --> 00:05:24.400 a lot of stuff, makes fun of a lot of people, and plays video games. 00:05:24.400 --> 00:05:28.240 He gets into some trouble sometimes too when he says things that aren’t politically correct 00:05:28.240 --> 00:05:32.590 which outrages some people, but it only makes his channel bigger when that happens. 00:05:32.590 --> 00:05:37.300 In my opinion, I think PewDiePie’s content is low-quality and he’s sometimes insensitive. 00:05:37.300 --> 00:05:41.130 If you don’t think he’s insensitive, then why does he do apology videos sometimes? 00:05:41.130 --> 00:05:42.130 I mean, listen to this. 00:05:42.130 --> 00:05:45.740 PEWDIEPIE: I’m disappointed in myself because it seems like I’ve learned nothing from 00:05:45.740 --> 00:05:47.160 all these past controversies. 00:05:47.160 --> 00:05:51.380 I’m really sorry if I offended, hurt, or disappointed anyone. 00:05:51.380 --> 00:05:56.320 JACK: I counted four apology videos like this where he felt he did an oopsie so bad that 00:05:56.320 --> 00:05:59.050 he needed to say sorry to millions of people. 00:05:59.050 --> 00:06:04.240 Yeah, because he’s so popular a lot of people look up to him and are influenced by him. 00:06:04.240 --> 00:06:08.210 I mean jeez, I just realized I’ve never put memes in my podcast before and already 00:06:08.210 --> 00:06:12.130 this episode has two crappy ones and it must be because I’ve watched so many of his damn 00:06:12.130 --> 00:06:15.060 videos that I feel like it’s a normal thing to do now. 00:06:15.060 --> 00:06:16.520 Even I’m influenced by him. 00:06:16.520 --> 00:06:18.900 Ugh, I can’t believe I’m talking about PewDiePie this much. 00:06:18.900 --> 00:06:22.640 You have no idea how many videos I had to sit through to research this episode. 00:06:22.640 --> 00:06:27.280 I want that time back and now YouTube is giving me PewDiePie as suggested videos to watch 00:06:27.280 --> 00:06:29.280 next. Aah! 00:06:29.280 --> 00:06:30.850 I do not want to know any more about PewDiePie. 00:06:30.850 --> 00:06:35.470 But there’s stuff to learn in this story so stick with me. 00:06:35.470 --> 00:06:40.870 [MUSIC] Two years ago PewDiePie was the first YouTuber to hit 50 million subscribers and 00:06:40.870 --> 00:06:43.140 he’s been the most subscribed-to channel for years. 00:06:43.140 --> 00:06:47.280 While there are a lot of companies that create YouTube videos, the independent creators is 00:06:47.280 --> 00:06:49.530 what makes YouTube so amazing. 00:06:49.530 --> 00:06:54.100 We expect high quality, top-notch stuff from companies but technology had advanced in such 00:06:54.100 --> 00:06:59.180 a way that anyone can create a YouTube channel and teach, or do funny things, or make art. 00:06:59.180 --> 00:07:02.410 It’s sometimes better than what big companies can do. 00:07:02.410 --> 00:07:07.180 The YouTube community has always been about the independent creator; fostering them, promoting 00:07:07.180 --> 00:07:08.950 them, and putting the spotlight on them. 00:07:08.950 --> 00:07:12.110 But lately YouTube has been sort of dropping this ball. 00:07:12.110 --> 00:07:16.660 They’ve been working more closely with companies to bring in more sponsors and to enforce copyright 00:07:16.660 --> 00:07:18.000 violations closer. 00:07:18.000 --> 00:07:23.780 But look, YouTube has 1.8 b-b-billion users log in each month. 00:07:23.780 --> 00:07:25.690 Holy cow, that’s a lot of people. 00:07:25.690 --> 00:07:29.570 When you have that many people watching and creating and uploading videos, it’s impossible 00:07:29.570 --> 00:07:31.800 to enforce anything effectively. 00:07:31.800 --> 00:07:36.080 A lot of YouTubers are being hit with copyright violations or strikes against their channel 00:07:36.080 --> 00:07:37.650 when they did nothing wrong. 00:07:37.650 --> 00:07:42.450 I really feel like once something grows to a certain size you just lose control of it. 00:07:42.450 --> 00:07:46.410 The independent creators are being enraged over all this YouTube drama of strikes and 00:07:46.410 --> 00:07:48.510 accounts being banned for really dumb reasons. 00:07:48.510 --> 00:07:53.000 For instance, I saw a musician write an original song and then someone else used that song 00:07:53.000 --> 00:07:56.880 in their video and then did a copyright strike against the original musician saying they 00:07:56.880 --> 00:07:58.750 stole it from that video. 00:07:58.750 --> 00:07:59.750 Ridiculous. 00:07:59.750 --> 00:08:03.090 It’s not the YouTube we all grew to love but there’s no other good alternative so 00:08:03.090 --> 00:08:05.220 we keep hoping that YouTube changes. 00:08:05.220 --> 00:08:09.960 Anyways, during the height of all this YouTube drama, PewDiePie posts a video. 00:08:09.960 --> 00:08:13.140 PEWDIEPIE: Another YouTube channel is taking over. 00:08:13.140 --> 00:08:18.820 That’s right, in no less than in November this year PewDiePie will not be the biggest 00:08:18.820 --> 00:08:20.070 channel on YouTube. 00:08:20.070 --> 00:08:21.470 We must fight back. 00:08:21.470 --> 00:08:23.720 Who is this T-Series channel? 00:08:23.720 --> 00:08:26.110 This channel will pass PewDiePie. 00:08:26.110 --> 00:08:29.070 [HIGH-PITCHED TALKING] I’m number one. 00:08:29.070 --> 00:08:30.840 I’m number one. 00:08:30.840 --> 00:08:34.650 I’m throwing my glove at you, T-Series. 00:08:34.650 --> 00:08:37.930 Fight me IRL to the death. 00:08:37.930 --> 00:08:39.400 No boxing glove and helmets. 00:08:39.400 --> 00:08:41.850 I’m talking about to the death here. 00:08:41.850 --> 00:08:44.210 Wait, they have 46 billion views? 00:08:44.210 --> 00:08:45.780 It’s an Indian channel? 00:08:45.780 --> 00:08:47.350 It’s an Indian channel? 00:08:47.350 --> 00:08:48.920 It’s an Indian channel? 00:08:48.920 --> 00:08:53.520 JACK: This other YouTube channel named T-Series was projected to pass by PewDiePie in just 00:08:53.520 --> 00:08:54.690 two months’ time. 00:08:54.690 --> 00:08:58.770 Their subscriber rate was so much higher than PewDiePie, which could make them the most-subscribed 00:08:58.770 --> 00:09:00.360 channel on YouTube. 00:09:00.360 --> 00:09:01.660 But who is this T-Series? 00:09:01.660 --> 00:09:04.950 It’s a music record label company based in India. 00:09:04.950 --> 00:09:10.310 [MUSIC] And they’re rapidly posting like, three new music videos a day from many of 00:09:10.310 --> 00:09:11.800 the top performers there. 00:09:11.800 --> 00:09:17.260 Since India has such a big population, their subscriber count is exploding, outpacing everyone. 00:09:17.260 --> 00:09:18.260 Back to PewDiePie. 00:09:18.260 --> 00:09:19.380 PEWDIEPIE: Let it be clear. 00:09:19.380 --> 00:09:20.920 I don’t care, okay? 00:09:20.920 --> 00:09:24.430 The thing is I’ve expressed that I don’t want to be the number one channel on YouTube 00:09:24.430 --> 00:09:25.810 for a long time, okay? 00:09:25.810 --> 00:09:29.500 I would prefer if someone else passes me. 00:09:29.500 --> 00:09:35.080 If T-Series was an actual individual and not a company, I would gladly congratulate them 00:09:35.080 --> 00:09:36.210 on becoming number one. 00:09:36.210 --> 00:09:38.870 JACK: I believe this is the real rallying cry here. 00:09:38.870 --> 00:09:40.810 This is not a war to keep PewDiePie on top. 00:09:40.810 --> 00:09:45.580 It’s a fight between the independent creators and the takeover of a company becoming the 00:09:45.580 --> 00:09:46.630 most subscribed channel. 00:09:46.630 --> 00:09:50.800 While an independent creator is on top, it forces YouTube to acknowledge that its users 00:09:50.800 --> 00:09:54.150 like content from independent creators more than companies. 00:09:54.150 --> 00:09:57.670 Some fear that if a major company is the most subscribed-to channel, then this seals the 00:09:57.670 --> 00:10:01.610 coffin for YouTube working even more closely with companies and less [00:10:00] with indie 00:10:01.610 --> 00:10:02.610 creators. 00:10:02.610 --> 00:10:05.290 Anyways, you can believe that or not but that’s what a lot of people rallied behind. 00:10:05.290 --> 00:10:07.860 Who doesn’t like watching a good competition? 00:10:07.860 --> 00:10:10.060 This race became heated and exciting. 00:10:10.060 --> 00:10:12.680 Major celebrities started tweeting to subscribe to PewDiePie. 00:10:12.680 --> 00:10:16.930 With sixty-five million subscribers, Pewds was able to motivate a lot of people to help 00:10:16.930 --> 00:10:18.700 him stay on top. 00:10:18.700 --> 00:10:20.240 Everyone began chanting the same thing. 00:10:20.240 --> 00:10:21.430 YOUTUBER1: Do me this one favor. 00:10:21.430 --> 00:10:25.570 If this is the last thing you do, subscribe to PewDiePie. 00:10:25.570 --> 00:10:27.400 Do not let T-Series win. 00:10:27.400 --> 00:10:28.820 YOUTUBER2: Tell your grandmas. 00:10:28.820 --> 00:10:31.960 That’s right, both of them, to subscribe to PewDiePie. 00:10:31.960 --> 00:10:36.870 YOUTUBER3: Hello gang, do our Logang family proud and subscribe to our Swedish leader 00:10:36.870 --> 00:10:37.870 man, PewDiePie. 00:10:37.870 --> 00:10:41.760 JACK: I even bet that someone in the last four months has told you to subscribe to PewDiePie, 00:10:41.760 --> 00:10:43.360 or you’ve seen it in your feed at some point. 00:10:43.360 --> 00:10:44.890 That’s how big this has become. 00:10:44.890 --> 00:10:49.360 PewDiePie was getting a massive bump of new subscribers, like over 50,000 new subscribers 00:10:49.360 --> 00:10:50.400 a day. 00:10:50.400 --> 00:10:53.310 But despite everyone’s greatest efforts, it wasn’t working. 00:10:53.310 --> 00:10:58.030 T-Series kept gaining ground, inching closer and closer to becoming the top channel. 00:10:58.030 --> 00:11:03.560 So PewDiePie created a music video in an attempt to compete with T-Series, a music video channel, 00:11:03.560 --> 00:11:04.560 on their own turf. 00:11:04.560 --> 00:11:08.230 PEWDIEPIE: [MUSIC] I don’t like you, T-Series. 00:11:08.230 --> 00:11:21.500 Nothing personal kid, but I must go all out just this once. 00:11:21.500 --> 00:11:40.670 Bob’s over gone, whichever will it be? 00:11:40.670 --> 00:11:41.670 Sit the fuck down T-Series. 00:11:41.670 --> 00:11:42.670 I’m here to spill the real tea. 00:11:42.670 --> 00:11:43.670 You trying to D[L1] through me for a spot on number one, but you’re India. 00:11:43.670 --> 00:11:44.670 You lose, so best think you haven’t won. 00:11:44.670 --> 00:11:45.670 When I’m through with you, we’re gonna be completely fucking done ‘cause we only 00:11:45.670 --> 00:11:46.670 just begun. 00:11:46.670 --> 00:11:47.670 I review you zero. 00:11:47.670 --> 00:11:48.670 Bye, bitch, gone. 00:11:48.670 --> 00:11:49.670 So come on T-Series, looking hungry for some drama? 00:11:49.670 --> 00:11:50.670 Here, let me serve you bitch lasagna. 00:11:50.670 --> 00:11:51.670 Bitch lasagna, bitch lasagna. 00:11:51.670 --> 00:11:52.670 T-Series say nothing but bitch lasagna. 00:11:52.670 --> 00:11:53.670 Bitch lasagna… 00:11:53.670 --> 00:11:54.670 JACK: This video blew up and currently has over 100 million views which is twenty times 00:11:54.670 --> 00:11:55.670 more than the average video he gets. 00:11:55.670 --> 00:11:59.820 It was epic and hilarious actually, and it significantly brought awareness of this race 00:11:59.820 --> 00:12:02.730 and boosted the growth of PewDiePie’s channel even more. 00:12:02.730 --> 00:12:03.730 Higher and higher it soared. 00:12:03.730 --> 00:12:07.100 Keep in mind it’s reaching new heights that nobody has ever hit before. 00:12:07.100 --> 00:12:10.670 But T-Series was right behind him, around 67 million subscribers. 00:12:10.670 --> 00:12:13.120 The race almost became a dead heat. 00:12:13.120 --> 00:12:16.960 As soon as PewDiePie would hit 70 million subscribers, T-Series would have 70 million 00:12:16.960 --> 00:12:17.960 the next day. 00:12:17.960 --> 00:12:22.570 When PewDiePie hit 75 million, T-Series hit 75 million two days later. 00:12:22.570 --> 00:12:29.320 Each channel was getting a massive 120,000 new subscribers every day which is just unbelievable 00:12:29.320 --> 00:12:30.360 growth. 00:12:30.360 --> 00:12:34.310 This wasn’t the only thing the YouTube community was doing to teach YouTube a lesson. 00:12:34.310 --> 00:12:38.350 In December, the same time that all this was going on, YouTube published an annual mash-up 00:12:38.350 --> 00:12:40.210 video called Rewind. 00:12:40.210 --> 00:12:44.360 It was supposed to put a spotlight on the creators but the YouTube community hated it. 00:12:44.360 --> 00:12:48.910 They felt it catered more towards sponsors and didn’t represent the community at all. 00:12:48.910 --> 00:12:53.840 That video quickly became the world’s most disliked video of all time. 00:12:53.840 --> 00:12:57.000 It currently has over fifteen million dislikes. 00:12:57.000 --> 00:13:00.520 When YouTube itself tries to make a video to be a spotlight on the community, and the 00:13:00.520 --> 00:13:05.410 community downvotes it more than any other video in history, it sends a powerful message 00:13:05.410 --> 00:13:06.610 to YouTube. 00:13:06.610 --> 00:13:10.150 There was this fervor at the time that the users were trying to show YouTube they need 00:13:10.150 --> 00:13:13.050 to pay more attention to what the community wants. 00:13:13.050 --> 00:13:16.660 The race between T-Series and PewDiePie was growing more intense now. 00:13:16.660 --> 00:13:20.920 PewDiePie was just barely holding on top; PewDiePie knew he wouldn’t last and he was 00:13:20.920 --> 00:13:24.630 running out of trap cards to play so he turned to his viewers and said… 00:13:24.630 --> 00:13:26.960 PEWDIEPIE: This sub gap is getting closer. 00:13:26.960 --> 00:13:29.190 Do something! 00:13:29.190 --> 00:13:32.990 JACK: [MUSIC] This brings us back to The Hacker. 00:13:32.990 --> 00:13:37.070 As you heard earlier, he’s a fan of PewDiePie and well, a hacker. 00:13:37.070 --> 00:13:40.779 GIRAFFE: This really wasn’t a project that was planned. 00:13:40.779 --> 00:13:42.230 There was zero planning in this. 00:13:42.230 --> 00:13:45.030 I was just trying to have some fun. 00:13:45.030 --> 00:13:46.030 I was bored. 00:13:46.030 --> 00:13:48.930 I think the most dangerous thing is a bored hacker, to be honest. 00:13:48.930 --> 00:13:51.660 I’m usually lurking around Shodan. 00:13:51.660 --> 00:13:54.310 It’s the search engine for connected devices. 00:13:54.310 --> 00:13:58.120 JACK: Yeah, this is a website that scans the entire internet to see if any well-known ports 00:13:58.120 --> 00:14:00.930 are open and makes that database searchable for anyone to see. 00:14:00.930 --> 00:14:05.180 If you go to shodan.io you can easily find security cameras to watch remotely, Telnet 00:14:05.180 --> 00:14:08.920 ports that are open, and a whole bunch of other stuff that shouldn’t be on the internet. 00:14:08.920 --> 00:14:12.570 Its goal is to help us be aware of how insecure the internet is. 00:14:12.570 --> 00:14:17.460 GIRAFFE: I’m usually just searching around looking for something to mess with. 00:14:17.460 --> 00:14:23.860 I was really looking for is there a protocol that should never, ever be open to the public-facing 00:14:23.860 --> 00:14:24.860 internet? 00:14:24.860 --> 00:14:28.720 JACK: While bored one night he did some research to try to find anything new to look at on 00:14:28.720 --> 00:14:29.720 Shodan. 00:14:29.720 --> 00:14:34.170 GIRAFFE: I came across this article for IT admins that’s like, these protocols should 00:14:34.170 --> 00:14:35.720 never escape your network. 00:14:35.720 --> 00:14:38.800 The thing that caught my attention was a network printer. 00:14:38.800 --> 00:14:42.470 JACK: He found that printers often listen on three ports and if these ports were exposed 00:14:42.470 --> 00:14:46.220 to the internet it may mean that someone can print to that machine from anywhere in the 00:14:46.220 --> 00:14:47.220 world. 00:14:47.220 --> 00:14:52.580 He searched Shodan to see if any computers had port 9100 open, 515, and 631. 00:14:52.580 --> 00:14:55.770 GIRAFFE: The total was above 800,000. 00:14:55.770 --> 00:14:58.390 JACK: He was horrified by this. 00:14:58.390 --> 00:15:03.380 Why in the world are 800,000 printers [00:15:00] directly on the internet ready and listening 00:15:03.380 --> 00:15:06.360 for anyone in the world to send print commands to it? 00:15:06.360 --> 00:15:10.200 He became very interested in this to see if he could do something with these. 00:15:10.200 --> 00:15:13.180 GIRAFFE: At that point I was really messing around. 00:15:13.180 --> 00:15:15.740 I wanted to go for the low-hanging fruit. 00:15:15.740 --> 00:15:18.580 I wanted to go for the easiest thing possible. 00:15:18.580 --> 00:15:25.290 The easiest thing to mess around with was the ones open on port 9100 which were around 00:15:25.290 --> 00:15:26.300 50,000 in total. 00:15:26.300 --> 00:15:28.100 JACK: This port is the easiest to use. 00:15:28.100 --> 00:15:31.650 There’s no authentication or encryption; you simply send your PDF file to the port 00:15:31.650 --> 00:15:33.970 with the command to print and the printer will print it. 00:15:33.970 --> 00:15:37.810 He messed around with this a little and his initial tests seemed to be working. 00:15:37.810 --> 00:15:42.510 His packets were sent and there were no errors but it was hard to tell if anything actually 00:15:42.510 --> 00:15:43.510 printed. 00:15:43.510 --> 00:15:46.190 GIRAFFE: I literally had no way of finding out if it was working. 00:15:46.190 --> 00:15:48.880 JACK: Being the curious little researcher that he is, he looked to see if there were 00:15:48.880 --> 00:15:52.030 any tools that could help him with this and sure enough there was one. 00:15:52.030 --> 00:15:56.339 A German college student wrote a master thesis on doing security testing against printers 00:15:56.339 --> 00:16:00.470 and wrote a program called PRET and made it freely available for anyone on GitHub. 00:16:00.470 --> 00:16:05.000 GIRAFFE: I found PRET, which is the Printer Exploitation Toolkit and it showed me that 00:16:05.000 --> 00:16:10.580 hey, if you find a printer that’s open on port 9100 this tool can connect and you can 00:16:10.580 --> 00:16:16.390 do all kinds of things like list the files, reset the printer, and all kinds of stuff. 00:16:16.390 --> 00:16:20.080 But the thing that caught my attention was the actual print. 00:16:20.080 --> 00:16:22.910 JACK: Sure enough it worked like a charm. 00:16:22.910 --> 00:16:25.980 He realized he could make a little program to cycle through all the printers and send 00:16:25.980 --> 00:16:28.200 a message to 50,000 people. 00:16:28.200 --> 00:16:31.820 Now, I wonder what would you do in this situation? 00:16:31.820 --> 00:16:35.620 Let’s say you stumbled upon the capability of being able to print any message you wanted 00:16:35.620 --> 00:16:37.460 to 50,000 printers at once? 00:16:37.460 --> 00:16:38.620 What do you do? 00:16:38.620 --> 00:16:40.880 Do you report it to someone? 00:16:40.880 --> 00:16:42.850 Who though, the printer companies? 00:16:42.850 --> 00:16:45.750 Do you write it up and post it to your social media? 00:16:45.750 --> 00:16:50.130 I’m genuinely curious what you would do in this situation, so curious that I’m going 00:16:50.130 --> 00:16:54.510 to take a pause here, drive downtown, and ask people on the streets what they’d do. 00:16:54.510 --> 00:17:01.000 [TRAFFIC] Can I ask you a quick question for a podcast? 00:17:01.000 --> 00:17:02.770 MVOL.1: What’s up? 00:17:02.770 --> 00:17:06.980 JACK: Alright, so imagine you’re on the internet and you’re clicking around and 00:17:06.980 --> 00:17:12.590 you find that 50,000 printers are exposed to the internet in a way they shouldn’t 00:17:12.590 --> 00:17:15.740 be and you have the ability to print whatever you want to 50,000 printers. 00:17:15.740 --> 00:17:17.150 What would you do in that situation? 00:17:17.150 --> 00:17:18.150 Would you print something? 00:17:18.150 --> 00:17:19.550 Would you report it someone? 00:17:19.550 --> 00:17:22.820 MVOL.1: I honestly don’t think that I would care enough to do anything. 00:17:22.820 --> 00:17:24.839 I would just move on with my day. 00:17:24.839 --> 00:17:30.371 FVOL.1: Oh, I barely have anything I would like to say to 300 people on Facebook let 00:17:30.371 --> 00:17:33.040 alone send out a message to 50,000 people. 00:17:33.040 --> 00:17:40.250 FVOL.2: I think it’s unethical to use somebody else’s equipment without their permission. 00:17:40.250 --> 00:17:42.500 Maybe I’d put it in the hands of the media. 00:17:42.500 --> 00:17:47.490 I mean, what else would I print to somebody else’s printer other than a message like 00:17:47.490 --> 00:17:49.309 secure your damn printer? 00:17:49.309 --> 00:17:50.309 You know? 00:17:50.309 --> 00:17:54.940 MVOL.2: I would print Out with the Negative and In with the Positive. 00:17:54.940 --> 00:18:03.710 FVOL.3: Despite ethics, I would definitely send all the book manuscripts by Andreas Antonopoulos 00:18:03.710 --> 00:18:06.950 to them, the manuscripts for his undrafted speeches. 00:18:06.950 --> 00:18:11.110 Then he has a couple longer ones that – one that explains Bitcoin and one that explains 00:18:11.110 --> 00:18:12.110 Ethereum. 00:18:12.110 --> 00:18:15.340 JACK: So you’d print like, a hundred page book on everyone’s printer? 00:18:15.340 --> 00:18:19.070 FVOL.3: That might be a jerk thing to do but I think the message is real. 00:18:19.070 --> 00:18:23.750 Maybe I could just find a shorter summary like the whitepaper and an explanation of 00:18:23.750 --> 00:18:26.130 it for Bitcoin and for Ethereum. 00:18:26.130 --> 00:18:27.320 [BACKGROUND LAUGHING] 00:18:27.320 --> 00:18:31.490 MVOL.3: Knowing as little as I do about the whole thing, probably what I would do from 00:18:31.490 --> 00:18:37.050 a moral standpoint is I would send somebody – each one of those printers saying this 00:18:37.050 --> 00:18:40.910 is not secure and you probably want to do something about it. 00:18:40.910 --> 00:18:46.000 FVOL.3: However, if they receive an unsolicited message about something like Blockchain, they 00:18:46.000 --> 00:18:48.020 would already be aware of that fact. 00:18:48.020 --> 00:18:49.750 JACK: Would you print something? 00:18:49.750 --> 00:18:50.750 FVOL.4: No. 00:18:50.750 --> 00:18:51.750 JACK: Why not? 00:18:51.750 --> 00:18:56.150 FVOL4: I think I would not print anything because that seems kind of weird and maybe 00:18:56.150 --> 00:18:58.360 a misuse of resources. 00:18:58.360 --> 00:19:02.680 I really like trees and that’s a lot of paper. 00:19:02.680 --> 00:19:10.250 MVOL4: Well first I would print a bunch of obnoxious memes to every printer on there 00:19:10.250 --> 00:19:11.580 and then I’d report it. 00:19:11.580 --> 00:19:14.240 MVOL5: I’d probably request a reward for it. 00:19:14.240 --> 00:19:20.330 Nah, not hold a hostage or nothing but just request a reward for turning something in. 00:19:20.330 --> 00:19:25.141 As long as I got something out of it, you know? 00:19:25.141 --> 00:19:26.141 JACK: Thank you for that. 00:19:26.141 --> 00:19:30.020 You all have a lot of wildly different opinions on what you would do in this situation. 00:19:30.020 --> 00:19:31.500 What did the hacker do? 00:19:31.500 --> 00:19:33.370 He decided to print something. 00:19:33.370 --> 00:19:38.480 [MUSIC] His primary goal was to make people aware that their printers were vulnerable. 00:19:38.480 --> 00:19:42.460 But then while doing that, why not help out a YouTuber he likes? 00:19:42.460 --> 00:19:43.580 He typed up a PDF. 00:19:43.580 --> 00:19:49.070 It said, “Attention: PewDiePie is in trouble and needs your help to defeat T-Series. 00:19:49.070 --> 00:19:51.420 Unsubscribe from T-Series and subscribe to PewDiePie.” 00:19:51.420 --> 00:19:53.679 The letter goes on to say, “Smile. 00:19:53.679 --> 00:19:55.240 The world is a great place. 00:19:55.240 --> 00:19:58.040 Never mind, it’s 2018 and we’re all gonna die. 00:19:58.040 --> 00:20:00.490 Pro tip: your printer is exposed to the internet. 00:20:00.490 --> 00:20:01.960 [00:20:00] Please fix that.” 00:20:01.960 --> 00:20:05.060 GIRAFFE: At the bottom it said, “Greetings from your friendly giraffe.” 00:20:05.060 --> 00:20:09.870 It was just something that just came off the top of my head, really. 00:20:09.870 --> 00:20:13.559 I had no intention of actually taking credit for it at all. 00:20:13.559 --> 00:20:16.240 It was just supposed to be something funny and then that’s it. 00:20:16.240 --> 00:20:18.150 People will forget about it in like, three or four days. 00:20:18.150 --> 00:20:22.510 JACK: Now that he had a list of 50,000 IPs in a text file, the PRET tool all set, he 00:20:22.510 --> 00:20:26.080 just needed to make a simple program to loop through them all and print the PDF. 00:20:26.080 --> 00:20:28.170 He created a very short bash script to do this. 00:20:28.170 --> 00:20:32.940 GIRAFFE: It was like, four IP in the text file and I provided the text file. 00:20:32.940 --> 00:20:34.309 That was the first line. 00:20:34.309 --> 00:20:40.950 The second line is literally just calling the tool with the IP and Print PDF as the 00:20:40.950 --> 00:20:41.950 command. 00:20:41.950 --> 00:20:43.050 It’s just one line. 00:20:43.050 --> 00:20:45.290 Then the third line is just to end the forward loop. 00:20:45.290 --> 00:20:49.020 JACK: All it took to do this was three lines of code. 00:20:49.020 --> 00:20:50.020 Three lines. 00:20:50.020 --> 00:20:55.580 To find the 50,000 printers was a simple search for port 9100 that anyone can do on Shodan. 00:20:55.580 --> 00:20:58.260 I mean, this sounds really easy to do. 00:20:58.260 --> 00:21:02.270 GIRAFFE: Yes, this is quite literally zero skill required. 00:21:02.270 --> 00:21:03.270 Yeah. 00:21:03.270 --> 00:21:04.610 JACK: That just makes me think of this. 00:21:04.610 --> 00:21:07.310 COMM’D: You are without doubt the worst hacker I’ve ever heard of. 00:21:07.310 --> 00:21:09.020 SPARROW: But you have heard of me. 00:21:09.020 --> 00:21:12.640 JACK: Now, the moment of truth. 00:21:12.640 --> 00:21:16.800 He’s got everything built and is ready to hit Print on 50,000 printers. 00:21:16.800 --> 00:21:18.370 He just needs to hit Enter. 00:21:18.370 --> 00:21:21.860 GIRAFFE: [MUSIC] There were a thousand things going through my mind. 00:21:21.860 --> 00:21:22.860 Is this gonna work? 00:21:22.860 --> 00:21:23.860 Should I even do this? 00:21:23.860 --> 00:21:25.990 Am I doing this properly? 00:21:25.990 --> 00:21:29.390 There was even this programmer voice inside me like dude, this script is trash. 00:21:29.390 --> 00:21:30.950 You should just make another one. 00:21:30.950 --> 00:21:35.980 There was this sense of hesitation ‘cause I knew that there was kind of no going back, 00:21:35.980 --> 00:21:36.980 really. 00:21:36.980 --> 00:21:40.490 I mean there technically really was; I could have just stopped the script at like, ten 00:21:40.490 --> 00:21:44.710 printers but I knew that once it was running I wouldn’t have stopped it. 00:21:44.710 --> 00:21:47.960 I did hesitate. 00:21:47.960 --> 00:21:51.831 That hesitation was for maximum five seconds and then I was like nope, this is way too 00:21:51.831 --> 00:21:53.831 cool. I press Enter. 00:21:53.831 --> 00:21:58.180 JACK: [MUSIC] His script would connect to one printer at a time, send it a PDF, and 00:21:58.180 --> 00:21:59.921 tell it to print. 00:21:59.921 --> 00:22:01.200 Each connection took a while to complete. 00:22:01.200 --> 00:22:04.690 He would sit there and watch the count go up on how many print jobs he sent. 00:22:04.690 --> 00:22:07.470 GIRAFFE: It does provide some output. 00:22:07.470 --> 00:22:09.120 It just added a couple of statistics. 00:22:09.120 --> 00:22:12.670 It was like we’ve reached IP 500 out of 50,000. 00:22:12.670 --> 00:22:19.870 ‘Cause I could actually tell if a printer printed successfully or if it did fail to 00:22:19.870 --> 00:22:20.870 connect. 00:22:20.870 --> 00:22:22.929 There were some improvements that I was doing on the fly. 00:22:22.929 --> 00:22:28.260 I feel so sorry for the first 500 printers, I’d say, ‘cause I’ve run the script 00:22:28.260 --> 00:22:31.800 like seven to eight times ‘cause every time I’d just be like no, I don’t like this. 00:22:31.800 --> 00:22:34.679 I’d change it and it’d just go over the list again. 00:22:34.679 --> 00:22:36.780 I was also renaming the printers. 00:22:36.780 --> 00:22:39.030 On the LCD it would say Hacked. 00:22:39.030 --> 00:22:44.060 JACK: Once he finally got the script built the way he wanted it, he let it run. 00:22:44.060 --> 00:22:45.240 And run it did. 00:22:45.240 --> 00:22:51.410 It successfully printed to 100 printers and then 1000 printers and then 10,000 printers. 00:22:51.410 --> 00:22:55.230 This was taking a long time for it to reach that many printers, hours and hours. 00:22:55.230 --> 00:22:57.190 He was nervous and excited that it was working. 00:22:57.190 --> 00:22:59.850 GIRAFFE: I was seriously just refreshing Twitter. 00:22:59.850 --> 00:23:07.760 I typed in PewDiePie printer, and in another tab printer hack, and in another tab PewDiePie 00:23:07.760 --> 00:23:08.760 print. 00:23:08.760 --> 00:23:11.059 Just completely refreshing; somebody tweet about this. 00:23:11.059 --> 00:23:13.380 I want to see if this is working. 00:23:13.380 --> 00:23:15.190 The number is going up. 00:23:15.190 --> 00:23:18.770 The number’s like you said, the number’s hitting 10K, it’s hitting 20K. 00:23:18.770 --> 00:23:21.620 Where are the tweets? 00:23:21.620 --> 00:23:29.890 I think around halfway is when – around like, 23 to 22K is when the tweets actually 00:23:29.890 --> 00:23:31.870 started rolling out. 00:23:31.870 --> 00:23:42.370 The very first tweet I saw was a woman saying that their local police station printed this 00:23:42.370 --> 00:23:44.750 paper out of the ticket counter. 00:23:44.750 --> 00:23:48.980 I was like what? 00:23:48.980 --> 00:23:53.520 I had zero concerns whatsoever about any consequences. 00:23:53.520 --> 00:23:56.990 I was so into it ‘cause yes, this is working. 00:23:56.990 --> 00:23:58.350 This is so cool. 00:23:58.350 --> 00:24:00.620 I’ve gotta tell everybody that this is working. 00:24:00.620 --> 00:24:04.320 JACK: He got up out of his chair and started pacing back and forth in the room, hovering 00:24:04.320 --> 00:24:07.340 over his computer, texting his friends telling them what’s going on. 00:24:07.340 --> 00:24:10.150 GIRAFFE: Everyone was like yeah, okay. 00:24:10.150 --> 00:24:11.150 Cool, dude. 00:24:11.150 --> 00:24:20.070 Nobody really showed any interest but I was having the time of my life. 00:24:20.070 --> 00:24:23.410 JACK: More people were tweeting about their printer telling them to subscribe to PewDiePie. 00:24:23.410 --> 00:24:25.300 GIRAFFE: I just left it running. 00:24:25.300 --> 00:24:30.630 It honestly took around 24 to 28 hours to actually complete the full 50,000 IPs. 00:24:30.630 --> 00:24:35.390 JACK: But this was so exciting for him that he didn’t sleep or get to any of the real 00:24:35.390 --> 00:24:37.220 life stuff he needed to do that day. 00:24:37.220 --> 00:24:40.210 GIRAFFE: I completely forgot about any work that I had to do. 00:24:40.210 --> 00:24:42.140 I was so pulled into this. 00:24:42.140 --> 00:24:48.690 I was like this is working and as you said I’m pacing back and forth. 00:24:48.690 --> 00:24:49.690 This is crazy. 00:24:49.690 --> 00:24:50.690 How is this actually happening? 00:24:50.690 --> 00:24:51.690 This is so simple. 00:24:51.690 --> 00:24:53.530 I couldn’t believe how simple this was. 00:24:53.530 --> 00:24:58.220 That’s the thing, exactly like you said, it requires zero skill. 00:24:58.220 --> 00:25:03.290 It completely blew my mind [00:25:00] that this was actually working and that the number 00:25:03.290 --> 00:25:07.230 was actually hitting something pretty close to 50,000. 00:25:07.230 --> 00:25:09.169 I was like, no way. 00:25:09.169 --> 00:25:13.120 There’s no way this is actually happening. 00:25:13.120 --> 00:25:18.610 There was a mix of the rush; I was like oh, I am gonna be so famous. 00:25:18.610 --> 00:25:19.610 I need to make a Twitter account. 00:25:19.610 --> 00:25:21.460 I need to get behind this. 00:25:21.460 --> 00:25:26.370 I have to take credit for this ‘cause a lot of people were blaming PewDiePie at first, 00:25:26.370 --> 00:25:29.270 like hey, why are you doing this? 00:25:29.270 --> 00:25:34.150 They were serious about it so I was like no, okay, I have to take credit and I have to 00:25:34.150 --> 00:25:35.150 properly explain. 00:25:35.150 --> 00:25:39.080 ‘Cause I’ve seen what happens when people do anonymous hacks. 00:25:39.080 --> 00:25:40.840 The media goes crazy. 00:25:40.840 --> 00:25:45.820 I really didn’t want somebody to publish an article saying that I’m some sort of 00:25:45.820 --> 00:25:52.750 Russian crazy spy agency trying to – I’m hacking into your printers and I’m printing 00:25:52.750 --> 00:25:57.480 this funny paper but I’m actually stealing all your money, or some crazy conspiracy theory. 00:25:57.480 --> 00:26:04.919 No, this was just your everyday, normal, coincidental Shodan find. 00:26:04.919 --> 00:26:07.400 I created the Twitter account. 00:26:07.400 --> 00:26:11.500 JACK: Thus, the Hacker Giraffe was born. 00:26:11.500 --> 00:26:12.910 This was what he called his Twitter account. 00:26:12.910 --> 00:26:18.540 GIRAFFE: I started tweeting at the people who were posting the pics, hey, it’s me. 00:26:18.540 --> 00:26:22.530 [MUSIC] What happened first is people were DMing me, like oh dude, how do I fix my printer? 00:26:22.530 --> 00:26:25.660 It was really slow at first. 00:26:25.660 --> 00:26:27.410 Then it skyrocketed. 00:26:27.410 --> 00:26:33.530 It skyrocketed the moment one Twitter account has a huge follower base and you tweeted about 00:26:33.530 --> 00:26:34.530 it. 00:26:34.530 --> 00:26:38.660 I got media in my DM sending me hey, you want to write a story about this? 00:26:38.660 --> 00:26:46.950 It blew up in the span of like, six hours from the moment that tweet happened. 00:26:46.950 --> 00:26:52.809 The Twitter account literally went from like zero followers to something like 20K in about 00:26:52.809 --> 00:26:54.670 six to ten hours. 00:26:54.670 --> 00:26:59.730 JACK: For me at least, this is where I think the Hacker Giraffe made a mistake. 00:26:59.730 --> 00:27:00.730 I think he agrees, too. 00:27:00.730 --> 00:27:01.730 GIRAFFE: It was a horrible idea. 00:27:01.730 --> 00:27:03.580 Yes, it was a horrible idea. 00:27:03.580 --> 00:27:08.070 JACK: Taking credit for the hack, leaning into this whole thing; that is playing with 00:27:08.070 --> 00:27:09.070 fire. 00:27:09.070 --> 00:27:12.400 What he did was technically illegal and now he’s taking credit for it? 00:27:12.400 --> 00:27:15.450 This can’t end well and it doesn’t. 00:27:15.450 --> 00:27:20.730 After the break we’ll hear how everything unravels and falls apart. 00:27:20.730 --> 00:27:26.650 [MUSIC] More and more people started tweeting about this, shocked and outraged that printers 00:27:26.650 --> 00:27:28.360 were promoting PewDiePie now. 00:27:28.360 --> 00:27:32.010 News agencies started picking up on this story and he started getting private messages on 00:27:32.010 --> 00:27:33.010 Twitter from the media. 00:27:33.010 --> 00:27:34.970 GIRAFFE: The first one was The Verge. 00:27:34.970 --> 00:27:37.710 They reached out for a comment and then they wrote it out. 00:27:37.710 --> 00:27:38.710 They published it instantly. 00:27:38.710 --> 00:27:41.600 JACK: Someone Hacked Printers Worldwide Urging People to Subscribe to PewDiePie. 00:27:41.600 --> 00:27:43.230 GIRAFFE: That was the very first article. 00:27:43.230 --> 00:27:45.730 JACK: Hacker Giraffe’s popularity grew quickly. 00:27:45.730 --> 00:27:48.360 More and more news agencies started publishing stories about these printers. 00:27:48.360 --> 00:27:51.840 GIRAFFE: I was drowning in DMs. 00:27:51.840 --> 00:27:56.110 I think a lot of media sources couldn’t actually reach out for a comment and they 00:27:56.110 --> 00:27:57.980 just started rolling out their own articles. 00:27:57.980 --> 00:27:59.789 But it was crazy the amount of articles. 00:27:59.789 --> 00:28:04.309 A Google search would show up one article and then an hour later it was five, to six, 00:28:04.309 --> 00:28:05.570 to seven. 00:28:05.570 --> 00:28:12.230 They were sticking this whole PewDiePie super hardcore fan image on me. 00:28:12.230 --> 00:28:18.200 Yes, sure, I do like the guy genuinely, like I enjoy his content. 00:28:18.200 --> 00:28:20.270 I would call myself a fan. 00:28:20.270 --> 00:28:21.741 I’m not a like, a die-hard fan. 00:28:21.741 --> 00:28:25.691 I was like no, that’s not the point here. 00:28:25.691 --> 00:28:31.429 You just completely went over the actual point which is the printers. 00:28:31.429 --> 00:28:35.460 For god’s sake, what do I have to do to make you guys pay attention to the actual 00:28:35.460 --> 00:28:36.460 devices? 00:28:36.460 --> 00:28:38.429 JACK: This newfound status he had was intoxicating. 00:28:38.429 --> 00:28:41.720 GIRAFFE: I was just baffled. 00:28:41.720 --> 00:28:43.620 I was completely baffled. 00:28:43.620 --> 00:28:44.620 This is insane. 00:28:44.620 --> 00:28:49.480 Again, just pacing around my house. 00:28:49.480 --> 00:28:50.480 This is crazy. 00:28:50.480 --> 00:28:54.929 I’m calling up my friends and was like there’s an article about me. 00:28:54.929 --> 00:28:57.220 I was just like every other normal person. 00:28:57.220 --> 00:28:58.500 I wasn’t popular. 00:28:58.500 --> 00:29:01.919 I wasn’t anything, just your average person, really. 00:29:01.919 --> 00:29:06.300 Just maximum like 50 followers on Twitter or something. 00:29:06.300 --> 00:29:08.970 It was such a new experience. 00:29:08.970 --> 00:29:12.530 If I said something on Twitter, people instantly responded. 00:29:12.530 --> 00:29:14.020 There was this whole audience. 00:29:14.020 --> 00:29:16.059 It was complete euphoria, really. 00:29:16.059 --> 00:29:20.419 JACK: Needless to say, that night the Hacker Giraffe did not sleep at all. 00:29:20.419 --> 00:29:23.670 He kept tweeting that he’s going to sleep but then he’d just come right back online. 00:29:23.670 --> 00:29:25.830 GIRAFFE: There was no sleep. 00:29:25.830 --> 00:29:29.320 I was so pulled into that Twitter account. 00:29:29.320 --> 00:29:34.700 I was, no joke, every five minutes I had to open and tweet something or just check my 00:29:34.700 --> 00:29:38.960 notifications, check the replies, check the DMs. 00:29:38.960 --> 00:29:44.980 The rush of popularity completely overwhelmed me. 00:29:44.980 --> 00:29:49.650 Literally, every five minutes I opened my phone and I’d look at the Twitter account. 00:29:49.650 --> 00:29:50.670 Okay, anything new? 00:29:50.670 --> 00:29:51.840 Should I tweet something? 00:29:51.840 --> 00:29:53.120 Do I say something funny? 00:29:53.120 --> 00:29:56.820 Do I try to pull off oh, look at me, I’m the greatest hacker alive, stuff like that? 00:29:56.820 --> 00:29:59.840 I kept saying okay, I’m logging off, goodnight guys. 00:29:59.840 --> 00:30:02.190 [00:30:00] Then I’m like alright, I’m back. 00:30:02.190 --> 00:30:04.179 Here I am; here’s another tweet. 00:30:04.179 --> 00:30:08.790 JACK: After waiting 24 hours for all the 50,000 printers to print and then spending another 00:30:08.790 --> 00:30:13.669 long time on Twitter basking in his newfound popularity, the Hacker Giraffe finally crashed 00:30:13.669 --> 00:30:14.669 and fell asleep. 00:30:14.669 --> 00:30:17.400 By this time the news had spread even further and wider. 00:30:17.400 --> 00:30:22.400 The story ran on all these sites; The Verge, ZDNet, Forbes, The Hacker News, Threatpost, 00:30:22.400 --> 00:30:26.950 Wired, and Gadget, NBC, Vice News, The Register, and IGN published the story. 00:30:26.950 --> 00:30:30.740 Not to mention the dozens of smaller news agencies and YouTube channels that also talked 00:30:30.740 --> 00:30:31.740 about it. 00:30:31.740 --> 00:30:33.190 This was seemingly huge. 00:30:33.190 --> 00:30:37.900 That’s what amazes me about this story; this is a lot of coverage for such a simple 00:30:37.900 --> 00:30:38.900 hack. 00:30:38.900 --> 00:30:41.940 I mean, there’s some big breaches that come out but only make it onto a couple news sites 00:30:41.940 --> 00:30:44.100 and really aren’t talked about that much. 00:30:44.100 --> 00:30:46.429 I wonder why this one was so popular. 00:30:46.429 --> 00:30:51.380 GIRAFFE: That’s the secret; it was the PewDiePie thing. 00:30:51.380 --> 00:30:58.900 Honestly if you think about it, this really would have gotten at maximum just an article 00:30:58.900 --> 00:31:02.690 on some security news site and that’s it. 00:31:02.690 --> 00:31:06.950 If it was just a plain oh look, printers are printing out. 00:31:06.950 --> 00:31:10.630 But it was because of the PewDiePie. 00:31:10.630 --> 00:31:12.850 You know how much the media loves PewDiePie. 00:31:12.850 --> 00:31:19.429 I really think that without the whole PewDiePie message it wouldn’t have spread this much 00:31:19.429 --> 00:31:23.540 but it did spread because it had PewDiePie’s name on it, in a sense. 00:31:23.540 --> 00:31:25.070 JACK: Oh, I see now. 00:31:25.070 --> 00:31:28.580 Hacker Giraffe just wanted to spread awareness that some printers were vulnerable but simply 00:31:28.580 --> 00:31:32.730 sending that message to some printers probably wouldn’t have made that much coverage so 00:31:32.730 --> 00:31:37.990 Hacker Giraffe’s trick was to put PewDiePie’s name on it which helped this problem get so 00:31:37.990 --> 00:31:43.160 much more attention which would make a lot of people double-check their printer settings. 00:31:43.160 --> 00:31:44.720 I even checked mine. 00:31:44.720 --> 00:31:47.090 This is actually a brilliant awareness strategy. 00:31:47.090 --> 00:31:50.850 OFFICER: That’s got to be the best hacker I’ve ever seen. 00:31:50.850 --> 00:31:52.620 COMM’D: So it would seem. 00:31:52.620 --> 00:31:56.240 JACK: You might be wondering why so many printers are exposing themselves to the internet like 00:31:56.240 --> 00:31:59.100 this, and it all comes down to UPnP. 00:31:59.100 --> 00:32:03.890 [MUSIC] This is otherwise known as Universal Plug and Play and here’s what happens; networked 00:32:03.890 --> 00:32:07.820 devices like printers can reach out to the router and request that port 9100 be opened 00:32:07.820 --> 00:32:09.280 so people can print to it. 00:32:09.280 --> 00:32:13.260 The router automatically opens that port without any user interaction. 00:32:13.260 --> 00:32:15.410 But the problem is it opens it too much. 00:32:15.410 --> 00:32:20.890 Maybe it should only open it to internal networks but instead it opens it up to the world. 00:32:20.890 --> 00:32:25.320 It’s a technology that’s in many home routers to help make your life easier and 00:32:25.320 --> 00:32:26.320 it does. 00:32:26.320 --> 00:32:29.820 There are a lot of devices in our homes that need people to connect to it so having UPnP 00:32:29.820 --> 00:32:32.669 automatically configure this stuff can be helpful. 00:32:32.669 --> 00:32:36.690 Things like Chromecast, gaming consoles, WiFi hotspots, and printers all need connections 00:32:36.690 --> 00:32:39.610 to it and the router needs to permit those connections. 00:32:39.610 --> 00:32:43.570 But these printers that Hacker Giraffe found were all likely exposed to the internet because 00:32:43.570 --> 00:32:48.250 either the printer asked for too much to be opened or the router opened too much automatically. 00:32:48.250 --> 00:32:51.000 So who’s responsible for fixing this? 00:32:51.000 --> 00:32:52.250 The printer makers? 00:32:52.250 --> 00:32:53.340 I guess. 00:32:53.340 --> 00:32:54.340 The router makers? 00:32:54.340 --> 00:32:55.470 Yeah, them too. 00:32:55.470 --> 00:32:58.520 But what about the users who could have configured this properly but didn’t? 00:32:58.520 --> 00:33:02.250 It’s a combination of all these things and we all just want our tech to work when we 00:33:02.250 --> 00:33:03.250 buy it. 00:33:03.250 --> 00:33:06.610 This is what happens when we expect stuff to work right out of the box. 00:33:06.610 --> 00:33:10.820 It works too well and opens you up to more serious problems so let’s take this lesson 00:33:10.820 --> 00:33:15.060 from Hacker Giraffe and all go check your UPnP settings on your home router. 00:33:15.060 --> 00:33:17.710 I’ve completely disabled that setting on mine. 00:33:17.710 --> 00:33:21.530 When Hacker Giraffe woke up he went right back to Twitter, again in euphoria for being 00:33:21.530 --> 00:33:24.060 so popular and seeing his work get so much coverage. 00:33:24.060 --> 00:33:28.539 He’s actually published security research before but only four people read it. 00:33:28.539 --> 00:33:32.220 Now he’s got thousands, no, millions of people noticing the vulnerabilities that he’s 00:33:32.220 --> 00:33:33.450 found and exposed. 00:33:33.450 --> 00:33:37.480 He really did want people to fix their printers and he was happy to see so many people talking 00:33:37.480 --> 00:33:38.480 about it. 00:33:38.480 --> 00:33:41.320 I followed up with a few people who tweeted that their printers were hacked. 00:33:41.320 --> 00:33:44.200 They all told me they fixed it right away. 00:33:44.200 --> 00:33:50.000 But most of the conversations were about PewDiePie and somewhat ignoring the UPnP issue altogether, 00:33:50.000 --> 00:33:53.110 kind of assuming the hacker did something elite or magical and didn’t even bother 00:33:53.110 --> 00:33:54.770 checking their home printers. 00:33:54.770 --> 00:33:58.549 Hacker Giraffe tried to use his newfound popularity to guide the conversations back to how to 00:33:58.549 --> 00:34:01.600 secure your own systems and to teach people about security. 00:34:01.600 --> 00:34:03.860 He started doing a live stream to teach people. 00:34:03.860 --> 00:34:09.139 GIRAFFE: When I did the very first audio live stream, people were jumping in, people were 00:34:09.139 --> 00:34:11.639 commenting on it live. 00:34:11.639 --> 00:34:12.639 I was like oh, I love this. 00:34:12.639 --> 00:34:14.529 This is so much fun. 00:34:14.529 --> 00:34:19.980 That first day kind of sparked me to make more accounts so now there was a Patreon, 00:34:19.980 --> 00:34:25.750 now there was Discord, now there was Reddit account and all kinds of fun, really. 00:34:25.750 --> 00:34:28.540 JACK: He started thinking maybe this could be his life now. 00:34:28.540 --> 00:34:32.729 He was attending college at the time but this hacking incident was way more exciting than 00:34:32.729 --> 00:34:37.539 thinking about class right now, but neglecting his classwork caused a lot of problems. 00:34:37.539 --> 00:34:43.629 GIRAFFE: Yes, I was gonna give you a very [inaudible] and be ignoring the things I had 00:34:43.629 --> 00:34:48.480 to do in college was the biggest mistake, probably. 00:34:48.480 --> 00:34:54.549 I really did suffer a blowback from it. 00:34:54.549 --> 00:34:57.029 At that time I really didn’t care. 00:34:57.029 --> 00:34:59.630 It felt like my whole life was set up for me. 00:34:59.630 --> 00:35:04.960 I’m gonna be so famous [00:35:00] and I’m just gonna live off of doing more of these, 00:35:04.960 --> 00:35:07.280 doing research publically and all this kind of stuff. 00:35:07.280 --> 00:35:15.559 I was living this insane fantasy where I was gonna be king of the world and at the time 00:35:15.559 --> 00:35:19.760 the Twitter account just kept fuelling that fantasy and more articles came out. 00:35:19.760 --> 00:35:21.530 It just kept fueling that fantasy. 00:35:21.530 --> 00:35:27.730 This voice of consequence in my mind was just completely crushed by dude, look how many 00:35:27.730 --> 00:35:33.519 followers I’m getting, look how many people are tweeting at me, and look at all the articles. 00:35:33.519 --> 00:35:39.150 I was on a rush for I think about three to four days. 00:35:39.150 --> 00:35:44.319 I guess it kind of calmed down after that, really. 00:35:44.319 --> 00:35:48.009 It started calming down after three to four days, maybe even a week. 00:35:48.009 --> 00:35:51.890 JACK: A lot of people were blaming PewDiePie so he became aware of this hack, too. 00:35:51.890 --> 00:35:54.539 GIRAFFE: He followed me on Twitter and he mentioned me on Twitter. 00:35:54.539 --> 00:35:59.069 Then his editor Brad came up and told me that you’re gonna be in the next video. 00:35:59.069 --> 00:36:00.359 I was completely losing my mind. 00:36:00.359 --> 00:36:01.589 I was like dude, no way. 00:36:01.589 --> 00:36:03.319 PEWDIEPIE: Can you believe this? 00:36:03.319 --> 00:36:08.989 Someone hacked printers worldwide urging people to subscribe to PewDiePie. 00:36:08.989 --> 00:36:10.319 Thank you, printers. 00:36:10.319 --> 00:36:12.319 Very cool. See? 00:36:12.319 --> 00:36:13.319 This is what I’m talking about. 00:36:13.319 --> 00:36:15.240 Even printers are doing their part. 00:36:15.240 --> 00:36:22.789 The message was basically printed and told people to number one, unsubscribe from T-Series. 00:36:22.789 --> 00:36:24.700 Number two, subscribe to PewDiePie. 00:36:24.700 --> 00:36:27.440 “Pro tip: your printer is exposed to the internet. 00:36:27.440 --> 00:36:28.440 Please fix that. 00:36:28.440 --> 00:36:30.529 Greetings from a friendly giraffe.” 00:36:30.529 --> 00:36:33.609 This is made by the Hacker Giraffe. 00:36:33.609 --> 00:36:37.839 This is getting more media attention than anything I’ve seen in recent memory revolving 00:36:37.839 --> 00:36:38.839 me, at least. 00:36:38.839 --> 00:36:44.540 It was featured in a ton of different media websites; IGN, Wired. 00:36:44.540 --> 00:36:51.049 I love this one ‘cause it says, “Printers were exploited for PewDiePie propaganda.” 00:36:51.049 --> 00:36:56.690 Obviously this raises awareness because a lot of people’s printers could easily be 00:36:56.690 --> 00:37:00.529 exploited and actually cause damage. 00:37:00.529 --> 00:37:05.630 The Giraffe said that he could have targeted more but decided not to and he also mentioned 00:37:05.630 --> 00:37:10.450 that I killed two birds with one stone; raised awareness for this issue and helped PewDiePie 00:37:10.450 --> 00:37:11.800 get a slight edge. 00:37:11.800 --> 00:37:13.049 That’s what I need. 00:37:13.049 --> 00:37:14.729 That’s what I’m talking about. 00:37:14.729 --> 00:37:17.700 All this support to keep me on top is so funny. 00:37:17.700 --> 00:37:18.739 I love it. 00:37:18.739 --> 00:37:19.739 Please keep it up. 00:37:19.739 --> 00:37:21.540 Just don’t do anything illegal, okay? 00:37:21.540 --> 00:37:23.089 ‘Cause that will look bad on me. 00:37:23.089 --> 00:37:24.380 That’s the only reason. 00:37:24.380 --> 00:37:29.030 GIRAFFE: Hearing him talk about me raising awareness, he said all kinds of nice things 00:37:29.030 --> 00:37:33.270 like he’s doing this to raise awareness, it’s this great job, your printers are exposed 00:37:33.270 --> 00:37:34.470 and you should fix it. 00:37:34.470 --> 00:37:39.469 It was honestly, it was cool. 00:37:39.469 --> 00:37:43.150 That’s the best way to describe it. 00:37:43.150 --> 00:37:44.890 It was cool. 00:37:44.890 --> 00:37:48.701 JACK: [MUSIC] You might think that remotely printing to a printer is not that big of a 00:37:48.701 --> 00:37:51.109 deal and it’s not that impressive of a hack. 00:37:51.109 --> 00:37:52.109 But consider this. 00:37:52.109 --> 00:37:55.880 The Printer Exploitation Tool Kit, or PRET, has more options than just printing. 00:37:55.880 --> 00:37:58.529 Historically, I’ve discovered that printers are very insecure. 00:37:58.529 --> 00:38:02.790 They’re usually left with default passwords; they often act as mail relays, and DNS relays, 00:38:02.790 --> 00:38:04.200 which opens them up to abuse. 00:38:04.200 --> 00:38:08.579 They sometimes store a copy of all the files that were printed in its internal hard drive. 00:38:08.579 --> 00:38:12.640 I even was at a talk at Defcon once where they demonstrated how you can send a malicious 00:38:12.640 --> 00:38:16.660 PDF to a printer and get command line access to the printer. 00:38:16.660 --> 00:38:19.039 GIRAFFE: Yeah, and PRET actually did that. 00:38:19.039 --> 00:38:23.869 PRET would generate malicious PDFs for you and you could actually get terminal access 00:38:23.869 --> 00:38:24.869 onto the printer. 00:38:24.869 --> 00:38:29.190 You could legitimately change files, download files, run commands. 00:38:29.190 --> 00:38:31.440 You could do whatever you wanted. 00:38:31.440 --> 00:38:36.430 Like you said, you could gain access to the thing. 00:38:36.430 --> 00:38:41.319 This printer could legitimately be a gateway into the actual inner network, in a sense. 00:38:41.319 --> 00:38:48.269 You can actually use it as a proxy or VPN of sorts to actually jump into a network. 00:38:48.269 --> 00:38:54.299 Or worse, you can write your own botnet and just infect all these printers with that botnet 00:38:54.299 --> 00:38:59.760 and you’d have 800,000 bots at your disposal. 00:38:59.760 --> 00:39:04.359 JACK: This attack could be much more serious than simply printing something like this. 00:39:04.359 --> 00:39:09.150 It’s an issue that deserves more awareness and more people looking into the problem. 00:39:09.150 --> 00:39:12.789 After a few days of basking in his newfound popularity, the Hacker Giraffe was seeing 00:39:12.789 --> 00:39:15.799 another guy copying him and hacking printers, too. 00:39:15.799 --> 00:39:17.329 Their name was User. 00:39:17.329 --> 00:39:18.670 GIRAFFE: I accused him of being a copycat. 00:39:18.670 --> 00:39:22.380 I reached out to him and I was like hey dude, you’re copying what I’m doing. 00:39:22.380 --> 00:39:23.440 Don’t do that. 00:39:23.440 --> 00:39:24.510 It’s not cool. 00:39:24.510 --> 00:39:30.020 Then we kind of discussed through DMs and we came to the conclusion that this guy actually 00:39:30.020 --> 00:39:31.460 knew what he was doing. 00:39:31.460 --> 00:39:36.170 He was basically doing the same idea but executing it way differently. 00:39:36.170 --> 00:39:41.009 I’m like hey dude, that’s pretty cool, your stuff. 00:39:41.009 --> 00:39:45.630 We came together after seeing a few articles came out and then nobody really did anything 00:39:45.630 --> 00:39:46.630 about it. 00:39:46.630 --> 00:39:51.640 We were like okay, we have the rest of the 800,000 printers. 00:39:51.640 --> 00:39:55.589 We have two other protocols that we haven’t really tested. 00:39:55.589 --> 00:39:58.479 Let’s go for it. 00:39:58.479 --> 00:40:04.769 This is when I wrote the actual code for the [00:40:00] other protocols and we ran it. 00:40:04.769 --> 00:40:09.420 We hit the full 800,000 IP addresses, like the whole thing. 00:40:09.420 --> 00:40:14.069 [MUSIC] We went through the full 800,000 with the same message again. 00:40:14.069 --> 00:40:18.950 It was the same message just altered a bit differently, this time with our actual Twitter 00:40:18.950 --> 00:40:20.440 handles, me and User. 00:40:20.440 --> 00:40:23.060 That’s when the BBC article came out. 00:40:23.060 --> 00:40:27.339 That was the first actual major news source to cover it. 00:40:27.339 --> 00:40:30.209 JACK: Again, this brought his popularity even higher still. 00:40:30.209 --> 00:40:32.739 Thousands more people were following him, now. 00:40:32.739 --> 00:40:35.479 GIRAFFE: It was again, that renewed sense of euphoria. 00:40:35.479 --> 00:40:38.499 Like oh yeah, this is happening again. 00:40:38.499 --> 00:40:45.690 There was this feeling that oh no, my popularity is kind of dying and it’s kind of stale 00:40:45.690 --> 00:40:47.579 on my Twitter right now. 00:40:47.579 --> 00:40:52.319 ‘Cause it’s been a week and I haven’t really done anything. 00:40:52.319 --> 00:40:53.710 Okay, we’ve gotta fix this. 00:40:53.710 --> 00:40:57.450 This whole sense of loneliness was creeping back in again. 00:40:57.450 --> 00:41:01.400 Like oh, I’m just going to be forgotten now. 00:41:01.400 --> 00:41:08.799 So there was that hidden incentive that I guess I kind of lied to myself; I said no, 00:41:08.799 --> 00:41:10.549 no, this not for popularity. 00:41:10.549 --> 00:41:14.099 This is totally – like oh yeah, people secure printers, whatever. 00:41:14.099 --> 00:41:18.479 JACK: But the higher his online euphoria was, the lower his excitement was for real life 00:41:18.479 --> 00:41:19.700 which gave him depression. 00:41:19.700 --> 00:41:25.430 GIRAFFE: The real life compared to this online persona was exactly as you said; it was such 00:41:25.430 --> 00:41:26.609 a depressing comparison. 00:41:26.609 --> 00:41:32.499 You’re like oh, I have to go back to my normal life now where it’s just gonna be 00:41:32.499 --> 00:41:36.690 this one person all by himself doing stuff and hoping to achieve something. 00:41:36.690 --> 00:41:38.569 But I have this online persona. 00:41:38.569 --> 00:41:43.800 I have this audience that I can grow on. 00:41:43.800 --> 00:41:49.660 I can use this and grow. 00:41:49.660 --> 00:41:51.109 It wasn’t only popularity. 00:41:51.109 --> 00:41:57.380 It was kind of this loneliness that hey, there’s a lot of people that I can talk to online 00:41:57.380 --> 00:42:02.349 now that pushed me further to be absorbed into that whole persona, the Hacker Giraffe 00:42:02.349 --> 00:42:03.349 persona. 00:42:03.349 --> 00:42:05.190 JACK: This took a serious toll on him. 00:42:05.190 --> 00:42:07.109 He ended up failing one of his college classes. 00:42:07.109 --> 00:42:10.960 His friends were getting sick of him talking about this constantly and the real world just 00:42:10.960 --> 00:42:14.130 wasn’t as sparkly and fun as his online persona was. 00:42:14.130 --> 00:42:18.470 This created a profound sense of loneliness and to top it off he was getting a lot of 00:42:18.470 --> 00:42:20.349 hate messages and harassment, too. 00:42:20.349 --> 00:42:23.029 GIRAFFE: I was getting a lot of negative DMs on Twitter, yes, definitely. 00:42:23.029 --> 00:42:26.329 The negative DMs had categories, right. 00:42:26.329 --> 00:42:31.049 It was either some other hacker on Twitter calling me a script kitty and they’re like 00:42:31.049 --> 00:42:34.849 dude, you just downloaded a script off GitHub and all you’re going is doing on Shodan. 00:42:34.849 --> 00:42:39.960 You’re just stealing other people’s work and you’re a nobody. 00:42:39.960 --> 00:42:43.680 Then it was people who had been affected who were like why are you doing this? 00:42:43.680 --> 00:42:45.049 I don’t care. 00:42:45.049 --> 00:42:47.799 Leave my shit alone. 00:42:47.799 --> 00:42:48.900 You’re such an asshole. 00:42:48.900 --> 00:42:50.630 Why do you keep doing this? 00:42:50.630 --> 00:42:54.619 Then it was the other people who were angry about the PewDiePie part, people who were 00:42:54.619 --> 00:42:59.800 like dude, why are you promoting this racist asshole, this Nazi? 00:42:59.800 --> 00:43:04.640 Are you a Nazi too, is that what you’re trying to say? 00:43:04.640 --> 00:43:08.329 Is that where your conscience lies? 00:43:08.329 --> 00:43:14.690 JACK: The Hacker Giraffe was riding an emotional rollercoaster. 00:43:14.690 --> 00:43:17.499 So many ups, so many downs. 00:43:17.499 --> 00:43:21.099 While the ups were great, he wasn’t handling the downs well at all. 00:43:21.099 --> 00:43:25.789 When you become an overnight success it’s hard to know how to handle this kind of popularity. 00:43:25.789 --> 00:43:27.650 This added to his depression. 00:43:27.650 --> 00:43:33.539 He had a large audience now and he wanted to demonstrate something else that was vulnerable. 00:43:33.539 --> 00:43:35.150 He didn’t know what else to exploit, though. 00:43:35.150 --> 00:43:37.940 He didn’t want to harass those 800,000 printers anymore. 00:43:37.940 --> 00:43:41.469 GIRAFFE: We’ll literally just be assholes if we just go over the same range again. 00:43:41.469 --> 00:43:46.559 We just go over the same printers again and okay, people will definitely get the wrong 00:43:46.559 --> 00:43:47.559 message. 00:43:47.559 --> 00:43:50.200 JACK: He found a lot of Minecraft servers that were open but didn’t think it was a 00:43:50.200 --> 00:43:51.200 good idea. 00:43:51.200 --> 00:43:53.220 But then he came across the Chromecast. 00:43:53.220 --> 00:43:56.349 This is a simple little device that plugs into your TV and lets you control what plays 00:43:56.349 --> 00:43:58.749 on the TV using a phone or computer. 00:43:58.749 --> 00:44:02.910 Hacker Giraffe looked into this and started seeing ports for Chromecast were in fact open 00:44:02.910 --> 00:44:03.910 all over the world. 00:44:03.910 --> 00:44:10.339 GIRAFFE: What happened was hey, Chromecasts are actually a viable target. 00:44:10.339 --> 00:44:14.709 I decided to go in and see okay, what exactly can we do with Chromecast? 00:44:14.709 --> 00:44:16.940 Is it just changing videos? 00:44:16.940 --> 00:44:24.999 After a lot of research I came across the port 8008 and 8443 which is basically the 00:44:24.999 --> 00:44:26.970 SSO version of 8008. 00:44:26.970 --> 00:44:29.741 I tried to figure out okay, this webserver is open. 00:44:29.741 --> 00:44:31.779 This API is open. 00:44:31.779 --> 00:44:35.430 What exactly can we pull from it? 00:44:35.430 --> 00:44:42.549 [MUSIC] Not only was it just exposing information that could be relatively sensitive and not 00:44:42.549 --> 00:44:51.099 only could you reset, reboot, rename, connect it to your own WiFi with it, it was just something 00:44:51.099 --> 00:44:55.519 that very clearly should not be open to the internet. 00:44:55.519 --> 00:45:00.999 JACK: These Chromecasts were also exposed to the internet because of UPnP. [00:45:00] 00:45:00.999 --> 00:45:04.250 The Chromecast requests from the router to open these ports to that things can talk to 00:45:04.250 --> 00:45:07.390 it but it was opening up way too much. 00:45:07.390 --> 00:45:11.500 Anyone in the world can connect to a Chromecast on a poorly secured network and start playing 00:45:11.500 --> 00:45:12.579 TV shows. 00:45:12.579 --> 00:45:18.509 GIRAFFE: I was originally thinking of playing Black Mirror on so many Chromecasts but I 00:45:18.509 --> 00:45:24.049 feel like a Black Mirror episode randomly playing on Chromecast would have spooked people 00:45:24.049 --> 00:45:25.960 way more. 00:45:25.960 --> 00:45:30.269 We just went with the safest option which was YouTube, which is an app that we knew 00:45:30.269 --> 00:45:31.269 was installed. 00:45:31.269 --> 00:45:34.029 It had to be installed on the Chromecast ‘cause it comes by default. 00:45:34.029 --> 00:45:38.680 It’s super easy for us to just point it at a YouTube vid. 00:45:38.680 --> 00:45:43.099 At that time I asked someone in my discord server, I was like hey, who’s good with 00:45:43.099 --> 00:45:44.099 video editing? 00:45:44.099 --> 00:45:45.099 I need a very quick video. 00:45:45.099 --> 00:45:48.489 Just give me a ten, fifteen second video. 00:45:48.489 --> 00:45:54.709 Let it play Bitch Lasagna in the background and make it very obvious that this is about 00:45:54.709 --> 00:46:00.650 Chromecasts ‘cause we wanted to minimize the PewDiePie element. 00:46:00.650 --> 00:46:04.910 We wanted like hey, this is really about Chromecasts. 00:46:04.910 --> 00:46:06.079 This is not about PewDiePie. 00:46:06.079 --> 00:46:11.480 That’s why in the video, the PewDiePie thing is the very last thing. 00:46:11.480 --> 00:46:15.619 JACK: This video told the people to visit a website which explains how to secure your 00:46:15.619 --> 00:46:16.619 network. 00:46:16.619 --> 00:46:19.799 He did a search on Shodan to find a list of IPs to run this against and it returned a 00:46:19.799 --> 00:46:24.469 list of 120,000 potentially vulnerable Chromecasts. 00:46:24.469 --> 00:46:27.530 [MUSIC] But in this list were not just Chromecasts. 00:46:27.530 --> 00:46:31.749 Apparently Google Home Devices were also opening up this port and they had an API, too. 00:46:31.749 --> 00:46:35.589 He found you could connect to the Google Home Device and see how much noise the microphone 00:46:35.589 --> 00:46:36.589 is picking up. 00:46:36.589 --> 00:46:37.759 GIRAFFE: Noise level? 00:46:37.759 --> 00:46:38.759 Seriously? 00:46:38.759 --> 00:46:41.130 Is that something that really should just be open to the internet? 00:46:41.130 --> 00:46:47.140 ‘Cause if I was a criminal and I was physically near that Google Home, I could actually figure 00:46:47.140 --> 00:46:50.549 out if there was anybody at home by checking the noise level. 00:46:50.549 --> 00:46:52.750 If it was dead silent then I knew they’re either asleep or nobody’s home. 00:46:52.750 --> 00:46:56.140 That’s the kind of thing that was going through my head. 00:46:56.140 --> 00:46:59.859 JACK: He definitely wanted to expose this issue and make it into a big deal so it gets 00:46:59.859 --> 00:47:03.430 fixed but his friends were not happy that he was planning another attack. 00:47:03.430 --> 00:47:07.289 GIRAFFE: A lot of them actually tried to stop me from doing the Cast tech. 00:47:07.289 --> 00:47:08.339 They’re like dude, that’s it. 00:47:08.339 --> 00:47:09.339 Just drop it. 00:47:09.339 --> 00:47:12.769 You’ve been safe so far, the attention died out. 00:47:12.769 --> 00:47:15.269 Just let it die and fade off into – fade off. 00:47:15.269 --> 00:47:20.029 Don’t try to come back with another hack. 00:47:20.029 --> 00:47:28.130 But I guess my ego and like I said, wanting to go through that euphoria again. 00:47:28.130 --> 00:47:34.579 Again, that sense of loneliness and isolation, it’s like no, I want to get back. 00:47:34.579 --> 00:47:38.010 I have to do another thing. 00:47:38.010 --> 00:47:39.589 There was more hesitation. 00:47:39.589 --> 00:47:43.380 There was much more hesitation this time. 00:47:43.380 --> 00:47:47.479 The other voice won eventually, the voice of just go with it. 00:47:47.479 --> 00:47:48.920 It won. 00:47:48.920 --> 00:47:54.319 JACK: Him and User had everything ready, the list of 120,000 vulnerable Chromecasts, the 00:47:54.319 --> 00:47:58.589 video, the script, and he even built a website with live statistics of the hack. 00:47:58.589 --> 00:48:00.999 He tweeted that Chromecasts were next. 00:48:00.999 --> 00:48:04.569 He got on his Discord chat room and told everyone to get ready. 00:48:04.569 --> 00:48:07.269 GIRAFFE: There was even a countdown to when it would start. 00:48:07.269 --> 00:48:08.579 Everybody was in the server. 00:48:08.579 --> 00:48:11.859 They were like alright, three, two, one, launch. 00:48:11.859 --> 00:48:16.529 JACK: [MUSIC] The script started going through the list of IPs, playing the YouTube video. 00:48:16.529 --> 00:48:20.219 Hundreds of Chromecasts not only were playing the video, but also the device was being renamed. 00:48:20.219 --> 00:48:24.329 The live website was displaying the number of devices rising higher and higher. 00:48:24.329 --> 00:48:28.470 Soon, thousands of Chromecasts had played the video but all of a sudden the number stopped 00:48:28.470 --> 00:48:29.470 rising. 00:48:29.470 --> 00:48:34.489 GIRAFFE: Five minutes, or five to ten minutes into our attack, Google actually disabled 00:48:34.489 --> 00:48:39.819 the ability to play YouTube videos over their HDP API. 00:48:39.819 --> 00:48:41.190 It was just completely – you couldn’t. 00:48:41.190 --> 00:48:45.079 JACK: Google had somehow gotten word that this was going on and they issued an emergency 00:48:45.079 --> 00:48:48.420 patch to all Chromecasts in the middle of this hack. 00:48:48.420 --> 00:48:51.999 They removed the ability to play YouTube videos over the API. 00:48:51.999 --> 00:48:53.430 This stopped the whole operation. 00:48:53.430 --> 00:49:00.510 GIRAFFE: But I quickly started researching what are other alternate ways – ‘cause 00:49:00.510 --> 00:49:01.799 my Chromecast was still working. 00:49:01.799 --> 00:49:05.660 I could still send the YouTube videos so there must be something else going on. 00:49:05.660 --> 00:49:13.560 I found out another port, port 8009 which uses Google’s own protocol. 00:49:13.560 --> 00:49:15.181 I started reading up on that. 00:49:15.181 --> 00:49:21.949 I was under so much pressure because the number of Chromecasts being forced to play the video 00:49:21.949 --> 00:49:25.890 is not going up ‘cause they’re not playing the video anymore. 00:49:25.890 --> 00:49:31.009 I quickly modified the script and I was like okay, I saw in the library that lets me talk 00:49:31.009 --> 00:49:32.369 to this port 8009. 00:49:32.369 --> 00:49:36.450 I plugged it into the script and I restarted it. 00:49:36.450 --> 00:49:40.890 JACK: [MUSIC] After switching to this port, the whole thing was working again and the 00:49:40.890 --> 00:49:41.890 numbers were rising again. 00:49:41.890 --> 00:49:48.470 The video was now playing on 10,000 Chromecasts, then 20,000 Chromecasts. 30, 40, 50, 60,000 00:49:48.470 --> 00:49:52.819 Chromecasts were all playing the video explaining how your Chromecast was vulnerable. 00:49:52.819 --> 00:49:54.809 To do that many only took about an hour. 00:49:54.809 --> 00:50:00.029 GIRAFFE: When we were almost done, when there was around 10,000 Chromecasts left, they removed 00:50:00.029 --> 00:50:01.479 the YouTube video. 00:50:01.479 --> 00:50:04.930 JACK: [00:50:00] Google can do this because they own YouTube. 00:50:04.930 --> 00:50:08.199 Within an hour of the attack being launched, the video had been removed by them. 00:50:08.199 --> 00:50:09.220 GIRAFFE: They gave me a strike. 00:50:09.220 --> 00:50:10.549 They gave me a full strike. 00:50:10.549 --> 00:50:12.499 They were like hey, we’re clearly pissed. 00:50:12.499 --> 00:50:13.969 Don’t do this. 00:50:13.969 --> 00:50:15.890 I was like okay, whatever. 00:50:15.890 --> 00:50:18.819 There was just 10,000 left. 00:50:18.819 --> 00:50:21.809 I’m just gonna rename them and call it a day. 00:50:21.809 --> 00:50:25.890 JACK: In total he was able to play the video on 65,000 Chromecasts and renamed another 00:50:25.890 --> 00:50:28.380 8,000 of them to say Subscribe to PewDiePie. 00:50:28.380 --> 00:50:32.609 This again hit many news cycles which gave him thousands of more followers on Twitter 00:50:32.609 --> 00:50:34.400 and more patrons and more attention. 00:50:34.400 --> 00:50:37.469 But at the same time it gave him a lot more haters. 00:50:37.469 --> 00:50:41.549 GIRAFFE: There were death threats and people were like I’m gonna dedicate my life to 00:50:41.549 --> 00:50:47.119 finding out where you are, who you are, and come and get you. 00:50:47.119 --> 00:50:53.670 A lot of people were like I’m gonna make sure that you get in trouble for this. 00:50:53.670 --> 00:51:00.740 That was slowly adding onto this background voice that was screaming you’re gonna get 00:51:00.740 --> 00:51:01.740 yourself in trouble. 00:51:01.740 --> 00:51:05.479 JACK: A few days after the Cast hack he was on his Discord chat server. 00:51:05.479 --> 00:51:06.750 Someone sent him a private message. 00:51:06.750 --> 00:51:09.849 GIRAFFE: Who told me that hey, the FBI’s building a case against you. 00:51:09.849 --> 00:51:13.980 You gotta go dark, just stop this right now. 00:51:13.980 --> 00:51:20.299 At that point it really didn’t matter how much evidence they provided ‘cause they 00:51:20.299 --> 00:51:21.849 didn’t really provide any evidence. 00:51:21.849 --> 00:51:22.849 They just said it. 00:51:22.849 --> 00:51:32.789 But it just set off all of a sudden this voice of you’re gonna get in trouble, was so amplified. 00:51:32.789 --> 00:51:35.819 It was such a contrast. 00:51:35.819 --> 00:51:40.150 One second I’m just living my life, I’m happy and everything, and then the next second 00:51:40.150 --> 00:51:42.390 I’m in full panic attack mode. 00:51:42.390 --> 00:51:44.609 JACK: This gave him a severe panic attack. 00:51:44.609 --> 00:51:48.249 All of a sudden all the fear and worry that was in the back of his head was all he could 00:51:48.249 --> 00:51:49.249 think about. 00:51:49.249 --> 00:51:52.460 The idea of FBI agents visiting him particularly scared him. 00:51:52.460 --> 00:51:55.779 He thought the worst that would happen is to be banned from Twitter or something and 00:51:55.779 --> 00:51:58.479 he hadn’t really thought about law enforcement coming after him. 00:51:58.479 --> 00:52:02.519 But something about this private message made it all too real of a possibility. 00:52:02.519 --> 00:52:07.470 He quickly started deleting everything he could, removing all evidence of everything. 00:52:07.470 --> 00:52:09.769 He deleted his Reddit account, all his tweets. 00:52:09.769 --> 00:52:12.630 He deleted his Discord server and his Discord account. 00:52:12.630 --> 00:52:16.339 He deleted the Patreon page and the PayPal address linked to it and he wiped everything 00:52:16.339 --> 00:52:17.519 on his hard drives, too. 00:52:17.519 --> 00:52:19.819 He went onto Twitter to post goodbye to everyone. 00:52:19.819 --> 00:52:20.819 He said… 00:52:20.819 --> 00:52:23.529 GIRAFFE: I’m sorry for everyone and I’m sorry for everything I did. 00:52:23.529 --> 00:52:27.539 I don’t plan on coming back and please don’t copy me. 00:52:27.539 --> 00:52:29.349 Please don’t do what I did. 00:52:29.349 --> 00:52:31.650 It is not worth it. 00:52:31.650 --> 00:52:33.250 I can’t take this anymore. 00:52:33.250 --> 00:52:39.549 I typed up that whole Pastebin goodbye message and I posted it. 00:52:39.549 --> 00:52:42.869 JACK: He then took down his Twitter account and went completely dark. 00:52:42.869 --> 00:52:46.259 Just like, that he was gone. 00:52:46.259 --> 00:52:53.019 GIRAFFE: There was nothing left and I just sat there by myself just trying to calm myself 00:52:53.019 --> 00:52:54.019 down. 00:52:54.019 --> 00:52:57.039 I stopped checking the internet and I was like alright, I just need to calm down. 00:52:57.039 --> 00:52:58.499 It’s going to be okay. 00:52:58.499 --> 00:53:02.880 A lot of people, my friends especially, they were calling me and they were like dude, we 00:53:02.880 --> 00:53:04.670 saw what happened to your Twitter. 00:53:04.670 --> 00:53:06.619 Are you okay and everything? 00:53:06.619 --> 00:53:12.559 It took a day for me to calm down from the panic attack ‘cause I was completely irresponsive 00:53:12.559 --> 00:53:14.920 from everyone. 00:53:14.920 --> 00:53:19.529 Anybody who tried to talk to me just received the same statement over and over; I’m in 00:53:19.529 --> 00:53:23.259 trouble, I’m gonna get caught, they’re coming after me, I’ve done such a big mistake, 00:53:23.259 --> 00:53:25.410 and this was never worth it. 00:53:25.410 --> 00:53:32.989 Until the first day passed and I was still super scared when I woke up, super alert from 00:53:32.989 --> 00:53:35.400 everything, super scared from everything. 00:53:35.400 --> 00:53:39.890 I went into this extreme state of depression. 00:53:39.890 --> 00:53:48.499 [MUSIC] I was reading the articles roll out saying that oh, Hacker Giraffe quit, people 00:53:48.499 --> 00:53:54.880 calling me a coward for backing out, people saying look, that’s what you get. 00:53:54.880 --> 00:53:57.549 That’s what you deserve. 00:53:57.549 --> 00:54:00.990 The worst thing is that people couldn’t reach out for a comment right, so they just 00:54:00.990 --> 00:54:05.940 had to come up with their own story and own reason why everything happened. 00:54:05.940 --> 00:54:10.609 JACK: Hacker Giraffe spent almost two weeks in this severe depression, isolating himself 00:54:10.609 --> 00:54:15.200 in his room, trying to ignore the whole thing as hard as he could. 00:54:15.200 --> 00:54:17.670 After some time he had finally calmed down from all this. 00:54:17.670 --> 00:54:24.359 GIRAFFE: I can go out and I actually did go out for the first time in two weeks. 00:54:24.359 --> 00:54:28.960 It was kind of like hey, I’m on the road to recovery right now. 00:54:28.960 --> 00:54:34.279 JACK: This whole story took place in the last two months starting late November 2018. 00:54:34.279 --> 00:54:38.680 It’s amazing how so much has happened in such a short period. 00:54:38.680 --> 00:54:43.019 Listening to Hacker Giraffe tell his story, it kind of sounds like hacking is like a drug. 00:54:43.019 --> 00:54:47.890 There’s such a rush and a high when it first happens and you forget about the real world 00:54:47.890 --> 00:54:49.150 for days. 00:54:49.150 --> 00:54:54.239 Then you start to come down and feel terrible and need a new bump to feel happy again. 00:54:54.239 --> 00:54:57.469 I’m hoping he really has quit this persona entirely. 00:54:57.469 --> 00:55:00.890 A week ago Hacker Giraffe logged into his Twitter account [00:55:00] to check it one 00:55:00.890 --> 00:55:06.739 last time and leave a few last words, then logged out possibly for the last time ever, 00:55:06.739 --> 00:55:12.099 unless the urge to get another high from hacking is overwhelming and he’s drawn to the sweet 00:55:12.099 --> 00:55:14.150 glow of popularity again. 00:55:14.150 --> 00:55:18.259 As for PewDiePie he’s still just barely beating T-Series. 00:55:18.259 --> 00:55:20.839 It’s been neck and neck every day. 00:55:20.839 --> 00:55:25.949 Since Hacker Giraffe started, PewDiePie has gained an extra 17 million subscribers and 00:55:25.949 --> 00:55:29.630 surely some of those people subscribed because of Hacker Giraffe. 00:55:29.630 --> 00:55:31.740 There’s a comic I read once. 00:55:31.740 --> 00:55:36.859 “You can be famous, you can be a criminal, but you can’t be a famous criminal and still 00:55:36.859 --> 00:55:38.230 expect to have your freedom.” 00:55:38.230 --> 00:55:45.799 JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. 00:55:45.799 --> 00:55:47.969 Thanks to the Hacker Giraffe for giving us the whole story. 00:55:47.969 --> 00:55:51.369 For show notes and links, check out darknetdiaries.com. 00:55:51.369 --> 00:55:56.130 This show is made by me, the hacker, hacker hippo, Jack Rhysider and theme music is by 00:55:56.130 --> 00:55:57.569 the hungry Breakmaster Cylinder.