WEBVTT 00:00:00.042 --> 00:00:04.240 JACK: I was just reading up on these Beatles superfans called Apple Scruffs. 00:00:04.240 --> 00:00:07.440 They weren’t the crazy fans you see screaming their heads off trying to 00:00:07.440 --> 00:00:10.800 grab at the Beatles any chance they could. No, the Apple Scruffs thought 00:00:10.800 --> 00:00:14.960 that was lame. They liked the Beatles so much that they dedicated years of their 00:00:14.960 --> 00:00:19.920 life to trying to support the Beatles. They were like, look, the Beatles are important. 00:00:19.920 --> 00:00:24.000 How do we make their lives better? So, they spent tons of time figuring out the 00:00:24.000 --> 00:00:27.760 exact location of where the Beatles would be every day and then go there to try to help, 00:00:27.760 --> 00:00:34.080 often holding back Beatlemania crowds or offering flowers or food or to run errands. Over time, 00:00:34.080 --> 00:00:38.160 they would get to know the Beatles. There are some stories of them even sneaking into places 00:00:38.160 --> 00:00:42.960 to act as staff in order to help them even more. George Harrison would later write a song 00:00:42.960 --> 00:00:48.560 called Apple Scruffs, where he said he loves them. I’m astonished to see what incredible 00:00:48.560 --> 00:00:53.680 lengths that some music fans go to. They’ll cross continents just for a fleeting moment 00:00:53.680 --> 00:00:59.520 with their idols or endure relentless weather or camp out for days, showing a level of devotion 00:00:59.520 --> 00:01:11.737 that defies logic. The risks and sacrifices that some fans make is truly remarkable. 00:01:11.737 --> 00:01:21.280 (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. 00:01:21.280 --> 00:01:37.994 This is Darknet Diaries. [INTRO MUSIC ENDS] 00:01:37.994 --> 00:01:39.400 JACK: Okay, are we ready to get started? 00:01:39.400 --> 00:01:41.280 PROFESSOR DUBSTEP: Yeah, that’s fine, 00:01:41.280 --> 00:01:44.520 but could you use — the name for me, could you use Professor Dubstep? 00:01:44.520 --> 00:01:47.581 JACK: Professor Dubstep. I like that. 00:01:47.581 --> 00:01:48.400 PROFESSOR DUBSTEP: Yeah, that’s fine. 00:01:48.400 --> 00:01:52.941 JACK: So, Professor Dubstep, where does this start? 00:01:52.941 --> 00:01:53.920 PROFESSOR DUBSTEP: The story? 00:01:53.920 --> 00:01:54.700 JACK: Mm-hm. 00:01:54.700 --> 00:02:00.560 PROFESSOR DUBSTEP: [MUSIC] Well, picture this; kind of early 2014. I was thirteen, 00:02:00.560 --> 00:02:05.280 sitting there working on my Minecraft server. It was breaking all the time. The host was 00:02:05.280 --> 00:02:12.720 terrible. The staff were fighting and I kinda just wanted to do something else. Knife Party, 00:02:12.720 --> 00:02:20.280 which is a musical act, had a new album coming out in 2014, and it was delayed. It was taking ages. 00:02:20.280 --> 00:02:24.640 JACK: Professor Dubstep was into this band, Knife Party, and wanted to hear their new album, 00:02:24.640 --> 00:02:29.600 and saw Knife Party was interviewed on a podcast and wondered if there was any mention of the new 00:02:29.600 --> 00:02:34.080 album in the interview, and there was. [MUSIC] Not only did they talk about it, 00:02:34.080 --> 00:02:38.800 but Knife Party actually played a snippet from the new album. Whoa, 00:02:38.800 --> 00:02:44.800 cool! Professor Dubstep is actually into making dubstep music themself, so this wasn’t so hard 00:02:44.800 --> 00:02:50.461 for them to just download the podcast and grab that song out of it and listen to it on its own. 00:02:50.461 --> 00:02:54.400 PROFESSOR DUBSTEP: I was like, well, this is kind of good. I’ll chop this together a little 00:02:54.400 --> 00:03:00.240 bit and then I’ll upload it to SoundCloud so that other fans can hear it and enjoy it 00:03:00.240 --> 00:03:07.360 as well. I put it up there. I didn’t expect it to get much popularity. But a few hours go by; 00:03:07.360 --> 00:03:13.200 I go back to working on my server. Then I check my SoundCloud after a couple of hours and the 00:03:13.200 --> 00:03:21.520 plays are just racking up; 10,000, 20,000. I open Twitter and Twitter is blowing up, 00:03:21.520 --> 00:03:28.080 too. The EDM — the electronic dance music news blogs have posted about it and said, oh, 00:03:28.080 --> 00:03:36.440 the track’s been uploaded to SoundCloud early and it’s a leak, blah, blah, blah, which it wasn’t. 00:03:36.440 --> 00:03:40.000 JACK: Professor Dubstep didn’t care to correct anyone, though. They just 00:03:40.000 --> 00:03:45.200 watched the madness unfold silently. But because people thought it was an early leak, 00:03:45.200 --> 00:03:48.061 they started sending them some private messages. 00:03:48.061 --> 00:03:52.800 PROFESSOR DUBSTEP: So, checking in my SoundCloud messages — and I saw I had 00:03:52.800 --> 00:03:58.160 a message from Dinodriller, and he was saying that I had some cool — well, he thought that 00:03:58.160 --> 00:04:04.080 I had some cool music, some cool, unreleased things. I had another message from Spintire, 00:04:04.080 --> 00:04:09.360 who — it was basically — he was asking to add me on Skype and talk some more. So, 00:04:09.360 --> 00:04:12.720 I took this opportunity and I’m like, well, we’ll see what he wants. So, 00:04:12.720 --> 00:04:18.720 he adds me up and he says, oh, so, how are you getting these things? I explain. I say, well, 00:04:18.720 --> 00:04:25.280 I don’t actually have anything. It’s just kind of blown into something that it wasn’t — but that I 00:04:25.280 --> 00:04:33.360 do like to look around and see if there’s hidden things that are kind of not really in — supposed 00:04:33.360 --> 00:04:37.520 to be in the main public view but are made public accidentally and things like that, 00:04:37.520 --> 00:04:43.040 or things that appear early. He said that he likes to do the same sort of thing, you know, 00:04:43.040 --> 00:04:49.040 looking in, trying to find open directories on servers and things and accidentally-public info. 00:04:49.040 --> 00:04:53.280 So, we kind of connected and we had a chat about that, and we were talking about that for hours. 00:04:53.280 --> 00:04:58.400 JACK: [MUSIC] Yeah, there’s a ton of stuff on the internet that shouldn’t be there. I’m 00:04:58.400 --> 00:05:04.400 very aware of the site Shodan which scours the internet looking for private stuff accidentally 00:05:04.400 --> 00:05:10.560 exposed publicly, like being able to view surveillance cameras, license plate readers, 00:05:10.560 --> 00:05:15.680 servers with default passwords, and entire databases that are just open. But that site 00:05:15.680 --> 00:05:21.360 is mostly exposing cyber-security flaws on websites. It’s not really a place to 00:05:21.360 --> 00:05:28.160 go find unreleased music. We’re trying to solve a different problem here. Maybe Google dorking 00:05:28.160 --> 00:05:33.520 can help. I know I’ve found quite a bit of music this way. You could search Google for any music 00:05:33.520 --> 00:05:39.280 files with the band name in the file name, and Google will happily show you tons of music that 00:05:39.280 --> 00:05:44.080 you can easily download, and sometimes you can find things that probably shouldn’t be public. 00:05:44.080 --> 00:05:48.080 So, they’re going over these strategies in chat, different ways to find music online, 00:05:48.080 --> 00:05:53.600 but the conversation just kept going. They’re sharing more secret ways to discover things. 00:05:53.600 --> 00:05:58.720 One of them starts talking about the website Bitly, which is a URL shortener. 00:05:58.720 --> 00:06:03.520 PROFESSOR DUBSTEP: It just allows you to shorten links, but they had a glaring flaw in their system 00:06:03.520 --> 00:06:11.280 where if you add a ‘+’ to the end of any shortened link that was made while logged into an account — 00:06:11.280 --> 00:06:16.000 and you could just — you could click on the public user profile of these accounts and see everything 00:06:16.000 --> 00:06:21.280 that they’d ever shortened using the service, and many of the links that we were looking at 00:06:21.280 --> 00:06:26.320 music-related would always be made by a management account, for example, and they would share 00:06:26.320 --> 00:06:31.800 internal things on the link shortener as well, and we’d be able to just see those and download them. 00:06:31.800 --> 00:06:37.120 JACK: So, one thing music production companies or dubstep managers do is promote the hell out of the 00:06:37.120 --> 00:06:41.760 musicians that are under them. So, together, Professor Dubstep and Spintire go on Twitter 00:06:41.760 --> 00:06:46.880 and check out these management companies, and yeah, they see managers using Bitly 00:06:46.880 --> 00:06:51.920 links to promote some bands. For instance, they might use it to link to some promotional flyers 00:06:51.920 --> 00:06:57.760 or tour dates or new releases, and they were using Bitly to shorten URLs for promotions. So, 00:06:57.760 --> 00:07:03.120 Professor Dubstep would use the Bitly bug to see what else this management company has used Bitly 00:07:03.120 --> 00:07:08.960 for, which gave them tons of links to go through and check out. A lot was for public consumption, 00:07:08.960 --> 00:07:13.440 but sometimes they’d find things which shouldn’t be in the public. 00:07:13.440 --> 00:07:16.480 PROFESSOR DUBSTEP: [MUSIC] Exactly. It would either be audio or Photoshop 00:07:16.480 --> 00:07:22.560 documents or sometimes were internal memos like promotion plans for upcoming releases and things, 00:07:22.560 --> 00:07:26.320 and just being able to get kind of a look into the inner workings of 00:07:26.320 --> 00:07:30.640 these labels and management companies of how they function and how they put 00:07:30.640 --> 00:07:34.360 their things together and make their plans, which was really interesting. 00:07:34.360 --> 00:07:39.120 JACK: This would give them new content to post on SoundCloud or Reddit. 00:07:39.120 --> 00:07:43.520 PROFESSOR DUBSTEP: On Reddit there was — Reddit also has direct messages, and a message 00:07:43.520 --> 00:07:49.840 came through to my inbox from a guy called Jay Brown. He added me on Skype as well, and we got 00:07:49.840 --> 00:07:55.840 to talking. He was a different kind of person. He was what’s known as a dubplate trader. Now, 00:07:55.840 --> 00:08:03.680 dubplates are a nickname for unreleased music, and in more modern times that’s just come to be 00:08:03.680 --> 00:08:08.560 on an MP3 file, basically, just an MP3 file that’s not released to the general public, 00:08:08.560 --> 00:08:14.080 and there’s a whole scene of trading these files in small circles. [MUSIC] It’s kind 00:08:14.080 --> 00:08:22.160 of like Pokemon cards; less-valuable cards are treated way differently to ones that are rarer, 00:08:22.160 --> 00:08:26.720 and it’s the exact same with dubplates. So, this guy called Jay Brown comes to me and he says, oh, 00:08:26.720 --> 00:08:30.160 I’ve got some stuff. Do you want to check out what I’ve got? I’ve got this and that 00:08:30.160 --> 00:08:37.360 and this and that, kind of presenting it as if he were some kind of drug dealer or something. 00:08:37.360 --> 00:08:43.760 I wasn’t really interested in anything he had. There was one specific track which was Knife 00:08:43.760 --> 00:08:52.640 Party’s Suffer, and I didn’t have anything that I wanted to give him because I wasn’t a trader. 00:08:52.640 --> 00:09:01.200 I had my couple of things that I found on my link shorteners, and I decided that I would 00:09:01.200 --> 00:09:08.400 try and make something out of nothing. [MUSIC] So, I took a clip of this radio recording and I 00:09:08.400 --> 00:09:13.280 kind of chopped it together into something that sounded semi-reasonable and presented it to him. 00:09:13.280 --> 00:09:17.970 JACK: Like, you were creating your own music that sounded similar, or…? 00:09:17.970 --> 00:09:19.175 PROFESSOR DUBSTEP: No… JACK: …editing it in a way that…? 00:09:19.175 --> 00:09:21.760 PROFESSOR DUBSTEP: …it was editing an unreleased track in a way to make 00:09:21.760 --> 00:09:29.040 it sound as if it was an original source file, but when it actually wasn’t a source file. So, 00:09:29.040 --> 00:09:34.400 it’s trying to make something seem real but that wasn’t so that he would believe it and 00:09:34.400 --> 00:09:40.600 send me the thing that he had that was real. It was quite a scheme. It was quite a scheme. 00:09:40.600 --> 00:09:47.280 JACK: Yeah, it does introduce quite an interesting situation of like, when you’re dealing with 00:09:47.280 --> 00:09:52.320 official releases, it’s coming from the official channel, right? But when you’re trying to get your 00:09:52.320 --> 00:09:58.960 hands on these unofficial releases, you — there isn’t any legitimacy to it. It could be from them, 00:09:58.960 --> 00:10:03.440 it might not be from them, and you were playing into that, of like, you know what? You’re not 00:10:03.440 --> 00:10:08.000 gonna know if this is from Knife Party or not. I’ll put a little clip in there from Knife Party 00:10:08.000 --> 00:10:12.461 just to kind of make you think it is, but then I’m just gonna make it up after that. 00:10:12.461 --> 00:10:17.520 PROFESSOR DUBSTEP: Yeah, that’s pretty much how it went. If you were good at this, making something 00:10:17.520 --> 00:10:23.600 sound semi-legitimate, these traders didn’t really know much better. It was quite easy to convince 00:10:23.600 --> 00:10:31.026 them of something and to kind of ignore what their own ears were telling them, and it worked. 00:10:31.026 --> 00:10:33.920 JACK: [MUSIC] This is getting wild. Not only was Professor Dubstep looking for 00:10:33.920 --> 00:10:37.680 unreleased tracks or dubplates, as they say, but they were taking popular songs 00:10:37.680 --> 00:10:42.080 and putting in changes to make it seem like a new mix by that musician. Pretty shady and 00:10:42.080 --> 00:10:46.720 deceptive. But as a teenager, it doesn’t seem so bad to play around with someone 00:10:46.720 --> 00:10:50.061 else’s creation and see if someone will believe you that it’s original. 00:10:50.061 --> 00:10:54.240 PROFESSOR DUBSTEP: Well, that’s the thing, is it’s unspeakable. You never speak that you did 00:10:54.240 --> 00:11:01.920 an edit to it or something because it would give the whole game away. Me and Spintire kind of kept 00:11:01.920 --> 00:11:06.320 doing this between ourselves. We thought this was quite a good idea, that we would make some 00:11:06.320 --> 00:11:13.920 more fake things or edits and we could use them to float in these trading circles and 00:11:13.920 --> 00:11:21.040 just drain their whole collection of rare things without actually causing any damage ourselves to 00:11:21.040 --> 00:11:26.560 any of these releases, because the dubplate trading scene, it does cause massive damage. 00:11:26.560 --> 00:11:33.200 No matter how big or small the artist is, if their unreleased track gets leaked online in some way, 00:11:33.200 --> 00:11:40.960 depending if it had a release planned or not, once it’s leaked, it’s over for that track forever. So, 00:11:40.960 --> 00:11:46.760 it really — it’s not something to — it’s just not a good thing for the music scene, really. 00:11:46.760 --> 00:11:50.560 JACK: Because they recognized that publishing unreleased tracks hurts the 00:11:50.560 --> 00:11:55.760 artist, Professor Dubstep stopped posting unreleased tracks publicly. By the way, 00:11:55.760 --> 00:11:58.301 Professor Dubstep actually makes music themselves, too. 00:11:58.301 --> 00:12:01.360 PROFESSOR DUBSTEP: Well, I play — I’m a multi-instrumentalist, but also, 00:12:01.360 --> 00:12:06.560 I make dubstep myself, and this is something that I was learning to do at the time. 00:12:06.560 --> 00:12:10.621 JACK: So, this was a way to learn more about the music-making process. 00:12:10.621 --> 00:12:13.360 PROFESSOR DUBSTEP: I’m interested in these — unreleased music, but more to just listen to 00:12:13.360 --> 00:12:19.440 it and break down what’s going on with it, because not all of it remained unreleased. Some of it was 00:12:19.440 --> 00:12:24.720 just early versions of things, work-in-progress versions of songs that would then come out and be 00:12:24.720 --> 00:12:29.680 almost entirely different. So, it was interesting to just hear the differences between them, for me. 00:12:29.680 --> 00:12:32.701 JACK: Okay, can I ask you a question about dubstep? 00:12:32.701 --> 00:12:33.600 PROFESSOR DUBSTEP: Mm-hm. 00:12:33.600 --> 00:12:39.661 JACK: I’m afraid to ask this publicly, but what’s the deal with all the dolphins in dubstep? 00:12:39.661 --> 00:12:43.920 PROFESSOR DUBSTEP: The dolphins? What do you mean? 00:12:43.920 --> 00:12:50.844 JACK: You shared with me a playlist of dubstep music… 00:12:50.844 --> 00:12:50.874 PROFESSOR DUBSTEP: Yeah, yeah. 00:12:50.874 --> 00:12:59.440 JACK: …and in there is a track called Elephant by Barely Alive. 00:12:59.440 --> 00:13:00.560 PROFESSOR DUBSTEP: Oh, right, yeah. 00:13:00.560 --> 00:13:11.120 JACK: So…[MUSIC] this is the song, and they think this song’s about elephants, 00:13:11.120 --> 00:13:17.976 but it’s clearly not. So, listen to this part. 00:13:17.976 --> 00:13:21.489 SONG1: Elephant… JACK: There’s an elephant there, right? 00:13:21.489 --> 00:13:22.400 PROFESSOR DUBSTEP: Mm-hm. JACK: Right there was… 00:13:22.400 --> 00:13:22.820 SONG1: Elephant… 00:13:22.820 --> 00:13:29.680 JACK: That’s the dolphin. [MUSIC] Oh, I think…yeah, 00:13:29.680 --> 00:13:34.141 I see the dolphin in there. Let me show you another one. 00:13:34.141 --> 00:13:38.080 PROFESSOR DUBSTEP: Yeah, actually, I never put two and two together. That is a dolphin, isn’t it? 00:13:38.080 --> 00:13:40.000 JACK: Dolphin on Wheels. 00:13:40.000 --> 00:13:42.701 PROFESSOR DUBSTEP: [MUSIC] Oh, that’s the Dillon Francis tune, isn’t it? 00:13:42.701 --> 00:13:47.662 SONG2: Do you love your grandparents? 00:13:47.662 --> 00:13:51.994 JACK: Yeah. SONG2: Dolphin…[DOLPHIN SOUNDS] 00:13:51.994 --> 00:13:56.221 JACK: There’s a dolphin there, clearly, right? That’s the name of the song, Dolphin on Wheels. 00:13:56.221 --> 00:13:57.280 PROFESSOR DUBSTEP: Mm-hm. 00:13:57.280 --> 00:14:02.533 JACK: Alright, so another song you sent me was Cash by Barely Alive. 00:14:02.533 --> 00:14:02.800 PROFESSOR DUBSTEP: [MUSIC] Yeah, I remember that one. 00:14:02.800 --> 00:14:11.040 JACK: Do you hear that 00:14:11.040 --> 00:14:22.457 beep, beep, beep? Another song you sent me; Borg by FuntCase. [MUSIC] Pew, pew, pew. Bang… 00:14:22.457 --> 00:14:22.960 PROFESSOR DUBSTEP: So, I think… 00:14:22.960 --> 00:14:24.480 JACK: Bang by Wavedash… 00:14:24.480 --> 00:14:31.023 PROFESSOR DUBSTEP: …you might be onto something. [MUSIC] 00:14:31.023 --> 00:14:40.560 JACK: [LAUGHING] You’ll hear it there. Gem Shards by MUST DIE!…[MUSIC] 00:14:40.560 --> 00:14:43.181 That is a dolphin, is it not? 00:14:43.181 --> 00:14:44.640 PROFESSOR DUBSTEP: I have to concede on this. It is. 00:14:44.640 --> 00:14:50.960 JACK: The dolphin is the lead singer in every dubstep song that you sent me. 00:14:50.960 --> 00:14:52.240 PROFESSOR DUBSTEP: It might actually be true, 00:14:52.240 --> 00:14:56.720 because a lot of dubstep is kind of self-referential. 00:14:56.720 --> 00:14:58.935 JACK: Yeah, well…[CROSSTALK] 00:14:58.935 --> 00:14:59.480 PROFESSOR DUBSTEP: Yeah, it wouldn’t surprise me if… 00:14:59.480 --> 00:15:02.080 JACK: I went through Skrillex’s songs, 00:15:02.080 --> 00:15:15.680 and this is the dolphin I found in Skrillex. [MUSIC] [LAUGHING] 00:15:15.680 --> 00:15:16.697 That is a dolphin song. 00:15:16.697 --> 00:15:18.200 PROFESSOR DUBSTEP: Oh, it’s been a long time since I heard that one. 00:15:18.200 --> 00:15:23.600 JACK: Even in Skrillex. So, while I’m researching this episode, dolphin after dolphin kept showing 00:15:23.600 --> 00:15:28.560 up as the lead singer in all these songs, and it’s driving me crazy. Is this a thing? So, 00:15:28.560 --> 00:15:34.160 I Googled it, and, no. Nobody knows about this. There’s no results about this. 00:15:34.160 --> 00:15:39.440 So, I started formulating my own theories, and I’ve been dying to ask you about this. Okay, so, 00:15:39.440 --> 00:15:44.640 first of all, dolphins are one of my top-five favorite animals. I love dolphins. They’re so 00:15:44.640 --> 00:15:49.280 smart and amazing to watch. So, for me to find a whole genre of music that has one of my favorite 00:15:49.280 --> 00:15:54.320 animals featured in it song after song, it’s gorgeous to me. When I hear a dolphin in a song, 00:15:54.320 --> 00:15:57.680 the biggest grin comes on my face and I actually try to sing along with it, 00:15:57.680 --> 00:16:03.741 barking and chirping. So, I wonder if just — the dubstep community loves dolphins as much as I do. 00:16:03.741 --> 00:16:09.760 PROFESSOR DUBSTEP: I mean, you’ve got a point. You’ve got a point. Dolphins 00:16:09.760 --> 00:16:15.560 are a very intelligent animal, so it’s — dubstep is very intelligent music, clearly. 00:16:15.560 --> 00:16:20.800 JACK: I also wonder if there are sounds in the dolphin language that speak to us in a really 00:16:20.800 --> 00:16:25.200 profound way. Like, it might express an emotion that we just don’t have words for in English, 00:16:25.200 --> 00:16:31.760 but dolphins do and they can somehow teach us more about ourselves, and dubstep artists add these 00:16:31.760 --> 00:16:36.701 sounds in because they know the power of dolphins and want to help us ascend to new heights. 00:16:36.701 --> 00:16:40.160 PROFESSOR DUBSTEP: Yeah, well, we are — we all do come from the sea originally, 00:16:40.160 --> 00:16:46.320 so, you know, some common ancestor might have — we’re just going back to our roots in a way. 00:16:46.320 --> 00:16:49.280 JACK: The other thing I wonder is — since this is such a popular part 00:16:49.280 --> 00:16:54.720 of dubstep — if the dolphin is a secret mascot. Like, if you go to EDM parties, 00:16:54.720 --> 00:16:59.360 would I see people with dolphin stickers and patches and tattoos all representing some inner 00:16:59.360 --> 00:17:04.061 group where you’re not allowed in certain parties unless you have a dolphin tattoo or something? 00:17:04.061 --> 00:17:05.320 PROFESSOR DUBSTEP: It’s a secret society. 00:17:05.320 --> 00:17:10.720 JACK: Okay, sorry, I refuse to believe that’s a total accident. But when I Google this, 00:17:10.720 --> 00:17:15.120 nobody is talking about this, so I feel like it’s some closely-guarded secret. 00:17:15.120 --> 00:17:19.840 But whatever, we’re moving on. So, Professor Dubstep was loving all these early tracks, 00:17:19.840 --> 00:17:22.461 but only trading with a select few people. 00:17:22.461 --> 00:17:29.840 PROFESSOR DUBSTEP: It was kind of a little triangle. It was me, Dino, Jay, and Spintire. We’d 00:17:29.840 --> 00:17:36.720 sit there, the four, kind of not talking to each other but relaying between each other, and these 00:17:36.720 --> 00:17:41.920 tracks would go around in that little circle like that. Dinodriller, he was fourteen — at the time, 00:17:41.920 --> 00:17:47.600 a fourteen-year-old dubstep producer, the same age as me. We’d just hang out on Skype now and then. 00:17:47.600 --> 00:17:51.280 JACK: Dinodriller somehow got the attention of Excision, 00:17:51.280 --> 00:17:56.880 who was a big-time dubstep artist. Excision had quite a few big hits and was pretty popular, 00:17:56.880 --> 00:18:00.240 and saw how Dinodriller was trying to come up in the scene. 00:18:00.240 --> 00:18:04.720 PROFESSOR DUBSTEP: Yeah, ‘cause Excision does — he does a lot of things to support the underground 00:18:04.720 --> 00:18:10.640 artists in the scene and help them get some exposure and things. He owns a record label 00:18:10.640 --> 00:18:15.680 that was called Rottun Recordings which he signed a lot of up-and-coming people to, 00:18:15.680 --> 00:18:21.680 actually help them get a head start. So, Dino was one of these up-and-coming producers Excision was 00:18:21.680 --> 00:18:29.320 trying to help out. So, he invited young Dino over to the house in Canada to make some new tunes. 00:18:29.320 --> 00:18:34.480 JACK: Oh, and by the way, if you’re wondering if Excision uses dolphins in their music, 00:18:34.480 --> 00:18:40.750 here’s a snippet from his song, Asteroid. 00:18:40.750 --> 00:18:40.776 SONG3: [MUSIC] Get back… 00:18:40.776 --> 00:18:45.200 JACK: Brrp, brrp, brrp. What do these chirps mean? Okay, so, Excision and Dinodriller were 00:18:45.200 --> 00:18:49.440 working together at Excision’s house making some cool music, and he was really helping 00:18:49.440 --> 00:18:55.440 Dinodriller out a lot, actually. But since Dino was also into trading unreleased tracks, 00:18:55.440 --> 00:19:00.880 he couldn’t help but wonder; what unreleased stuff does Excision have? Being right there 00:19:00.880 --> 00:19:07.680 in his house made him very curious. One day, Excision invited Dinodriller to come over and 00:19:07.680 --> 00:19:13.440 work on some music while he’s at the gym. This meant Dinodriller was going to be there alone, 00:19:13.440 --> 00:19:18.320 so he gets on Skype to tell Professor Dubstep and Spintire the plan. 00:19:18.320 --> 00:19:21.120 PROFESSOR DUBSTEP: [MUSIC] When Dino goes to Excision’s house, 00:19:21.120 --> 00:19:26.160 Dino will go and dig through all — the old hard drive and things and search for some 00:19:26.160 --> 00:19:31.400 unreleased or work-in-progress goodies and things from people in the scene. 00:19:31.400 --> 00:19:39.261 JACK: No; so, Dino was — had a nefarious plan for visiting Excision’s house. 00:19:39.261 --> 00:19:39.880 PROFESSOR DUBSTEP: Yeah. 00:19:39.880 --> 00:19:46.480 JACK: Oh, my gosh. So, Excision wasn’t around and trusted — so, that’s the thing; 00:19:46.480 --> 00:19:52.800 this is betrayal at this point. He trusted Dino to — come on in when I’m not around. 00:19:52.800 --> 00:19:57.741 It’s cool. You’re a musician. I like your stuff. We’re hanging out, we’re friends. 00:19:57.741 --> 00:19:58.320 PROFESSOR DUBSTEP: Yeah. 00:19:58.320 --> 00:20:00.640 JACK: Now Dino’s like, ah, 00:20:00.640 --> 00:20:04.541 it’s working as planned. I can — I’ve got full access to your stuff. 00:20:04.541 --> 00:20:05.428 PROFESSOR DUBSTEP: That’s exactly it. 00:20:05.428 --> 00:20:06.640 JACK: I’m gonna grab some hard drives. 00:20:06.640 --> 00:20:10.480 PROFESSOR DUBSTEP: We were sitting there on Skype like, oh, look for this and that and this and 00:20:10.480 --> 00:20:16.480 that — sending him file names. Like, could you look if there’s this thing and this other thing, 00:20:16.480 --> 00:20:24.080 and blah, blah, blah. Meanwhile, Excision was out at the gym. We’d just be sitting there like, 00:20:24.080 --> 00:20:30.080 get this, get that. Eventually Dino ran out of old hard drives to comb. So, we were like, 00:20:30.080 --> 00:20:37.680 well, there’s stuff missing from here that should be there. So, the final 00:20:37.680 --> 00:20:44.480 location that was searched was Excision’s actual sock drawer for CDs and USB drives. 00:20:44.480 --> 00:20:47.893 JACK: What did he find in Excision’s sock drawer? 00:20:47.893 --> 00:20:53.360 PROFESSOR DUBSTEP: [MUSIC] Old CDs with the things on that we were looking for. I’m not kidding. 00:20:53.360 --> 00:21:01.360 There was a demo from Skrillex called Dimbow which was a demo of one of his biggest songs, 00:21:01.360 --> 00:21:05.440 Kyoto, and there was just all kinds of things on there, 00:21:05.440 --> 00:21:11.000 just work-in-progress things that had never come out that no one had ever heard before. 00:21:11.000 --> 00:21:14.781 JACK: Mostly made by Excision. 00:21:14.781 --> 00:21:18.800 PROFESSOR DUBSTEP: Well, there was some Excision, there was some Skrillex, 00:21:18.800 --> 00:21:24.080 there was some Knife Party, some Noisia, all kinds of things that 00:21:24.080 --> 00:21:31.280 these communities had been looking for for years and begging for. It was right 00:21:31.280 --> 00:21:38.960 there on these CDs in the sock drawer, and they were now being sent to us on Skype. 00:21:38.960 --> 00:21:43.760 JACK: Dino was pretty careful to just copy everything right there 00:21:43.760 --> 00:21:46.480 in the house and put it all back exactly where it was so 00:21:46.480 --> 00:21:51.661 Excision wouldn’t know anything got taken, and then he passed it around. 00:21:51.661 --> 00:21:56.160 PROFESSOR DUBSTEP: Yeah, shares it with me and Spintire, and we just listened to it together, 00:21:56.160 --> 00:22:09.440 like, this is amazing. This is really interesting stuff. That’s kind of unbelievable. I thought that 00:22:09.440 --> 00:22:16.880 would be the end of it, but no. After a week or so, literally just a week, some of these things 00:22:16.880 --> 00:22:22.400 started to leak onto Reddit. [MUSIC] Dino was trying to blame me for it and saying, oh, well, 00:22:22.400 --> 00:22:27.520 you must have traded this, and telling everyone that I was trading it and leaking it and this 00:22:27.520 --> 00:22:32.880 and that. I nearly got the blame pinned on me for it. I nearly did. But the way that I found 00:22:32.880 --> 00:22:40.640 him out was that some of the things that leaked were things that I was never sent. So, it must 00:22:40.640 --> 00:22:49.360 have meant that he traded two batches of things that were slightly different, one to me and other 00:22:49.360 --> 00:22:54.720 batches to whoever else which contained different files. So, I caught him out and I managed to spin 00:22:54.720 --> 00:23:00.880 it back around and say, nope, I can prove that it was you, that it’s the reason for these leaks. 00:23:00.880 --> 00:23:04.861 JACK: So, Dino leaked it and blamed it on you. 00:23:04.861 --> 00:23:09.640 PROFESSOR DUBSTEP: Yeah. Well, he didn’t leak it; he sent it to the traders like Jay Brown. 00:23:09.640 --> 00:23:20.080 JACK: Mm-hm. The traders like this idea of providing the public this 00:23:20.080 --> 00:23:22.800 stuff. It gives them a thrill. They’re like, oh, look at that, 00:23:22.800 --> 00:23:26.480 I’m getting a lot of upvotes, getting a lot of downloads, making some waves. Got 00:23:26.480 --> 00:23:30.400 a article written about it. This is going great. That’s what they thrive on, right? 00:23:30.400 --> 00:23:35.520 PROFESSOR DUBSTEP: Sort of. It’s more that they — the traders themselves thrive on just the status 00:23:35.520 --> 00:23:41.120 of having these rare things so they can go to people and say, oh, I’ve got this and that, 00:23:41.120 --> 00:23:48.240 and I want that and this. They can trade them for that, and then eventually it just — everyone goes 00:23:48.240 --> 00:23:53.200 in a loop and carries on doing that between each other until eventually someone posts it online. 00:23:53.200 --> 00:23:56.560 JACK: Then once it’s posted, that song is burned 00:23:56.560 --> 00:24:02.160 in the trading community. It’s no longer a rare item to have. 00:24:02.160 --> 00:24:06.480 PROFESSOR DUBSTEP: [MUSIC] Christmas 2015, there was an event called Leakmas where 00:24:06.480 --> 00:24:12.480 hundreds of things got leaked onto xTrill, onto Reddit. All of the things that Dino had taken 00:24:12.480 --> 00:24:17.120 from Excision’s house, all of them leaked. There wasn’t one single thing that didn’t get leaked, 00:24:17.120 --> 00:24:19.560 and it was all just because it was being traded like crazy. 00:24:19.560 --> 00:24:22.941 JACK: Did Excision ever figure out that Dino did this? 00:24:22.941 --> 00:24:32.600 PROFESSOR DUBSTEP: No, to this day he’s never realized. He never found out. 00:24:32.600 --> 00:24:38.080 JACK: We’re gonna take an ad break here, but stay with us because this story is gonna go 00:24:38.080 --> 00:24:44.960 way off the rails. Professor Dubstep was getting deeper into the unreleased dubstep trading scene. 00:24:44.960 --> 00:24:48.400 PROFESSOR DUBSTEP: 2016 comes around. The tactics that traders were using 00:24:48.400 --> 00:24:52.320 to obtain the unreleased music files was changing a little bit, 00:24:52.320 --> 00:24:58.480 and there were a couple of incidents where artists had played a DJ set at a club and 00:24:58.480 --> 00:25:02.400 someone would go up after the show and just take the USB drive straight out of the mixer… 00:25:02.400 --> 00:25:03.120 JACK: Whoa. 00:25:03.120 --> 00:25:05.680 PROFESSOR DUBSTEP: …with all the secret stuff on it, yeah. 00:25:05.680 --> 00:25:08.701 JACK: They’d go right up on stage and grab the equipment? 00:25:08.701 --> 00:25:11.680 PROFESSOR DUBSTEP: Yeah. Well, these pioneer CD Jay systems, 00:25:11.680 --> 00:25:17.040 they’re — you basically just put a small USB flash drive into the top. So, if someone walked past it, 00:25:17.040 --> 00:25:21.600 they could just swipe it really easily and no one would notice until it was too late. 00:25:21.600 --> 00:25:24.320 JACK: Well, I mean, doesn’t the music immediately stop? 00:25:24.320 --> 00:25:26.640 PROFESSOR DUBSTEP: If it’s after the show’s just finished, 00:25:26.640 --> 00:25:29.520 there’s a small window where someone could grab it and no one would notice. 00:25:29.520 --> 00:25:33.760 JACK: Whew, that’s some balls, you know, to go to a live show, 00:25:33.760 --> 00:25:41.501 say that performing artist you like, and then to steal their files right from under their nose… 00:25:41.501 --> 00:25:43.040 PROFESSOR DUBSTEP: Yeah, it’s been known to happen 00:25:43.040 --> 00:25:46.440 about three or four times in the space of one year. 00:25:46.440 --> 00:25:54.320 JACK: Holy moly. The lengths these people go to to get unreleased music is unreal. I 00:25:54.320 --> 00:25:58.800 think it’s a testament to just how dedicated and motivated the fans were to hear more, 00:25:58.800 --> 00:26:03.840 to get the latest stuff. You don’t see consumers just going to a sewing trade 00:26:03.840 --> 00:26:09.200 show and stealing the latest sewing machine from the demo booth, you know, because that passion 00:26:09.200 --> 00:26:16.000 doesn’t exist there. Music has this way to give us a meaning to life. It can be our therapist, 00:26:16.000 --> 00:26:23.600 our best friend, our lover, and our dance partner. It moves us in a way that not much else can. So, 00:26:23.600 --> 00:26:29.021 some people would risk getting arrested to steal a thumb drive with new music on it. 00:26:29.021 --> 00:26:33.360 PROFESSOR DUBSTEP: Yeah, it happened plenty of times. There was a guy called Snails who 00:26:33.360 --> 00:26:39.200 was blowing up in the scene in late 2015. He had his USB stolen, all of the files from it 00:26:39.200 --> 00:26:45.120 leaked onto Reddit. Skrillex had his USB stolen as well. All of those things ended 00:26:45.120 --> 00:26:52.560 up leaking in late 2016 onto Reddit. Again, it’s something that keeps happening. I think it still 00:26:52.560 --> 00:26:57.990 happens to this day that artists have their USB drives stolen out of the equipment on stage. 00:26:57.990 --> 00:27:04.400 JACK: Ah, what do you do here, weld your USB drive into your equipment? Or what about putting a decoy 00:27:04.400 --> 00:27:12.480 USB drive in, but it’s really a trap? If somebody goes to grab it, they get an electric shock. It’s 00:27:12.480 --> 00:27:19.120 also interesting to just parse the idea that music is just files. It’s data on a computer, 00:27:19.120 --> 00:27:26.000 or a USB drive in this case, and I never thought about applying cyber security to music, you know? 00:27:26.000 --> 00:27:32.320 It’s acoustic sound waves, not computer files. But, no, it is computer files, and so, it needs 00:27:32.320 --> 00:27:38.720 its own version of cyber security, too. [MUSIC] Okay, so, let’s talk about Reddit. The poppin’ 00:27:38.720 --> 00:27:45.840 subreddit for all this was xTrill, which is a place to post links to unofficial dubstep music. 00:27:45.840 --> 00:27:50.560 You know, live recordings from concerts, radio mixes, stuff that wasn’t on the artists’ official 00:27:50.560 --> 00:27:56.400 Spotify or YouTube or SoundCloud. But it is from that artist, and these alternate versions are 00:27:56.400 --> 00:28:02.461 sometimes better than the original version. Fans were loving this subreddit to listen to new mixes. 00:28:02.461 --> 00:28:05.680 PROFESSOR DUBSTEP: Leakers in the scene were frowned upon. So, 00:28:05.680 --> 00:28:09.880 things actually being leaked — whoever leaks something is — it burns their reputation. 00:28:09.880 --> 00:28:14.480 JACK: That’s the nuanced thing about it, though; while people went crazy over leaked 00:28:14.480 --> 00:28:19.520 tracks and would get a lot of people excited, the subreddit had to take action on this to avoid 00:28:19.520 --> 00:28:25.901 being labeled as a leak site and get shut down. So, they’d remove the leaks and ban the leakers. 00:28:25.901 --> 00:28:29.360 PROFESSOR DUBSTEP: Because it was — it just goes — one thing; the traders, 00:28:29.360 --> 00:28:33.760 they don’t like things leaking, and two, it does damage things. Three; 00:28:33.760 --> 00:28:37.600 it invites trouble. It invites legal trouble if you are the one to leak something. 00:28:37.600 --> 00:28:43.120 JACK: The xTrill subreddit is layered like an onion, though. Basic stuff was on skin level. 00:28:43.120 --> 00:28:49.280 Peel it back and you find some juicier content, traders with rare stuff. There were rules, though; 00:28:49.280 --> 00:28:57.341 no piracy allowed and no posting unreleased music. But the rules were often abused. 00:28:57.341 --> 00:29:03.680 PROFESSOR DUBSTEP: To the outside, xTrill looked like a place that was just a rampage of things, 00:29:03.680 --> 00:29:10.800 totally uncontrolled. But actually, behind the scenes, it was kind of a front. So, if an artist 00:29:10.800 --> 00:29:18.000 was cool and contacted the moderators of the subreddit or the people in charge, they could say, 00:29:18.000 --> 00:29:23.280 please prevent this thing from leaking. There’s release plans for it soon. Just, 00:29:23.280 --> 00:29:25.840 would you mind keeping it off? If they were nice about it, 00:29:25.840 --> 00:29:30.800 they could get their brand added to the filter so that nothing could be posted. 00:29:30.800 --> 00:29:35.280 JACK: It really takes a certain set of eyes to understand what’s going on in xTrill, 00:29:35.280 --> 00:29:39.520 because even when something is posted, are you familiar enough with that band 00:29:39.520 --> 00:29:44.701 and that track to know if this is legit or made up or a leak at all? 00:29:44.701 --> 00:29:50.160 PROFESSOR DUBSTEP: So, late 2016 rolls around. Spintire comes to me on Skype and says, look, 00:29:50.160 --> 00:29:56.240 we’ve got this old password of Skrillex’s. I say, okay, well, how? How does this happen? He 00:29:56.240 --> 00:30:00.800 kind of hesitates to explain it at first and just says, well, just look at it. Just try it on these 00:30:00.800 --> 00:30:08.360 things. Just try it on the old Skype account. [MUSIC] Okay, and it works. It logs straight in. 00:30:08.360 --> 00:30:10.941 JACK: To Skrillex’s Skype account. 00:30:10.941 --> 00:30:14.720 PROFESSOR DUBSTEP: Yeah. It was an old, inactive account. It was dead. It was not 00:30:14.720 --> 00:30:18.640 being used. But the password worked, and I was like, well, how did you get this? 00:30:18.640 --> 00:30:22.720 JACK: Yeah, good question. Skrillex is the biggest name in dubstep. He’s 00:30:22.720 --> 00:30:26.960 a Grammy Award-winning artist loved by millions of people. He has millions of 00:30:26.960 --> 00:30:31.880 followers on Twitter, too. To get his password on Skype is a pretty big deal. 00:30:31.880 --> 00:30:35.600 PROFESSOR DUBSTEP: I said, well, how’d you get this? Eventually he explains. He 00:30:35.600 --> 00:30:41.920 says databases have leaked from all kinds of sites. There was quite a lot of databases that 00:30:41.920 --> 00:30:46.800 got stolen and uploaded online in 2016. There was — Dropbox had their database 00:30:46.800 --> 00:30:53.440 stolen. Last.fm had their database stolen. MySpace had their database stolen as well, 00:30:53.440 --> 00:31:01.120 and they’re all just uploaded to this thing called — I think it was LeakedSource. You could basically 00:31:01.120 --> 00:31:08.800 pay for — pay $20 a month for access to this, and it would give you access to all of these 00:31:08.800 --> 00:31:15.040 databases. So, you could just view the results, the hashed passwords and things. You could just 00:31:15.040 --> 00:31:20.000 take the hash and just decrypt it yourself because they were really poorly protected; 00:31:20.000 --> 00:31:25.840 just standard MD5, which almost the whole MD5 table had been cracked by that point. 00:31:25.840 --> 00:31:32.240 JACK: Oh, my god. This is about to get insane. Huge database breaches with millions of usernames 00:31:32.240 --> 00:31:37.280 and password hashes; combine that with the ravenous fans willing to stop at nothing to 00:31:37.280 --> 00:31:42.880 break into dubstep artist’s digital lives and steal whatever they can to post it to xTrill, 00:31:42.880 --> 00:31:46.560 and Skrillex is one of the first to get a working password for, 00:31:46.560 --> 00:31:51.760 the biggest dubstep artist in the world? My goodness, my brain is running a million miles 00:31:51.760 --> 00:31:55.680 an hour right now. There is going to be an all-out onslaught of people that are gonna 00:31:55.680 --> 00:32:00.640 be trying to hack into these musicians’ files. Yo, I’m eating Fun Dip right now. 00:32:00.640 --> 00:32:03.840 PROFESSOR DUBSTEP: So, what we’ve done, basically, 00:32:03.840 --> 00:32:11.040 is just put the e-mail in that we knew of these artists, and if they had a result come 00:32:11.040 --> 00:32:17.920 up from some old database that had been leaked that was poorly encrypted, you could take that 00:32:17.920 --> 00:32:25.920 hashed result and decrypt it and just hope that their security was not so great and that they 00:32:25.920 --> 00:32:31.600 kept reusing this password all the time and used the same one on every site or whatever. 00:32:31.600 --> 00:32:37.440 JACK: Dang, that is a sweet combination of Last.fm, Dropbox, and MySpace. It pretty 00:32:37.440 --> 00:32:41.840 much means every dubstep artist would be somewhere in those database breaches. It was 00:32:41.840 --> 00:32:46.480 just a matter of finding the right username or e-mail to use, because those three sites 00:32:46.480 --> 00:32:51.680 were used a lot by musicians. Dropbox is extremely popular for file sharing, 00:32:51.680 --> 00:32:55.760 and if a musician has a label or a manager or someone else that they’re collaborating with, 00:32:55.760 --> 00:33:02.400 sharing their work in progress on Dropbox is very common in this circle. Last.fm and MySpace are 00:33:02.400 --> 00:33:05.760 places where you can go to post your music, which, when you’re an up-and-coming artist, 00:33:05.760 --> 00:33:11.840 you definitely want to be posting everywhere. Yes, MySpace is still around. So, yeah, 00:33:11.840 --> 00:33:16.480 I’m just imagining like, wait, hold on a second. We’ve got Skrillex’s password. It works on an old 00:33:16.480 --> 00:33:25.821 Skype account. This has got to be the pinnacle of the whole story. We got into Skrillex’s Dropbox. 00:33:25.821 --> 00:33:28.960 PROFESSOR DUBSTEP: Skrillex’s Dropbox is the — we actually didn’t manage to get in there, 00:33:28.960 --> 00:33:36.080 but we tried a bunch of different accounts after Skype, and none of it was working. So, 00:33:36.080 --> 00:33:37.960 all of the other things had been closed off. 00:33:37.960 --> 00:33:40.381 JACK: So, you couldn’t get into his Dropbox. 00:33:40.381 --> 00:33:40.800 PROFESSOR DUBSTEP: No. 00:33:40.800 --> 00:33:46.480 JACK: Nice job, Skrillex. Either he wasn’t reusing passwords or heard about this database breach and 00:33:46.480 --> 00:33:50.640 changed all his passwords. Either way, he was ahead of the hackers here. My goodness, 00:33:50.640 --> 00:33:56.160 if they got into Skrillex’s Dropbox, that would be the most epic thing. To hear 00:33:56.160 --> 00:34:02.053 his latest stuff before anyone else? That would be insane. But they couldn’t get in. 00:34:02.053 --> 00:34:07.840 PROFESSOR DUBSTEP: [MUSIC] No, so we decided instead, maybe his manager would be a good target 00:34:07.840 --> 00:34:16.640 to try and look to see if there was anything leaked in the databases for his manager. So, 00:34:16.640 --> 00:34:25.280 we had a look, and there was. It was a really old result from 2008, but it had been — the 00:34:25.280 --> 00:34:33.440 same result appeared in all of the databases. So, it had a good chance of working in some old sites 00:34:33.440 --> 00:34:42.560 that had been inactive but had been used in the past for sharing music and stuff internally. So, 00:34:42.560 --> 00:34:49.520 me and Spintire, we sat there on Skype and we tried it on a MediaFire page, which worked. 00:34:49.520 --> 00:34:56.800 It logged us in. There was some interesting stuff in there. There was Photoshop documents, 00:34:56.800 --> 00:35:01.880 there were a couple of unreleased tracks that had never come out before, never even been heard. 00:35:01.880 --> 00:35:03.901 JACK: Skrillex tracks. 00:35:03.901 --> 00:35:05.400 PROFESSOR DUBSTEP: Mm-hm. Yep. 00:35:05.400 --> 00:35:11.040 JACK: Hot diggity, that’s — I mean, I don’t know if you’re seeing it the way I’m seeing it, 00:35:11.040 --> 00:35:16.541 but that’s gotta be the biggest find ever so far, at least, in the story. 00:35:16.541 --> 00:35:21.680 PROFESSOR DUBSTEP: In a way it was, but at that time we’re hearing so many tracks from 00:35:21.680 --> 00:35:28.320 the traders that it kind of didn’t seem as big to us as it actually was. What we were doing as well, 00:35:28.320 --> 00:35:35.120 logging into the accounts and things, we didn’t really realize how deep that was really going, 00:35:35.120 --> 00:35:41.360 ‘cause that’s way further than just trading something in a small circle that’s been got 00:35:41.360 --> 00:35:46.800 from another trader. That’s going into someone’s account and taking something directly, and we were 00:35:46.800 --> 00:35:53.520 just doing it as if it was nothing, really, which is really ridiculous. When I think about — think 00:35:53.520 --> 00:36:02.000 back to it now, it’s ridiculous. That’s a huge invasion of privacy. But it worked. We got these 00:36:02.000 --> 00:36:07.520 tracks and kind of made a resolve to ourselves that other people would be doing this at the same 00:36:07.520 --> 00:36:12.640 time as us. Other people would be figuring this out who would get these things and then trade them 00:36:12.640 --> 00:36:16.320 and leak them. So, that’s what me and Spintire were basically saying with each other. Like, 00:36:16.320 --> 00:36:20.320 it’s better that we’re doing it and we can keep these things safe and listen to them 00:36:20.320 --> 00:36:28.760 between ourselves and have the interest with it, and then keep it secret, keep it from leaking. 00:36:28.760 --> 00:36:34.080 JACK: So, part of keeping it from leaking is changing this 00:36:34.080 --> 00:36:37.581 manager’s password or deleting it out of there or something, right? 00:36:37.581 --> 00:36:42.320 PROFESSOR DUBSTEP: Yeah. So, we’d go in, we’d take — we’d grab the files and then either just 00:36:42.320 --> 00:36:47.680 change the password straight up so that no one else could get into the account or to contact 00:36:47.680 --> 00:36:53.360 the person that we’d logged into and say, we’ve compromised your account; you need to change this 00:36:53.360 --> 00:36:59.600 password. Which, many of the times we actually did that. We contact them; said, you know, 00:36:59.600 --> 00:37:04.080 you’ve been compromised here. This is how it happened. You need to change your passwords. 00:37:04.080 --> 00:37:08.960 JACK: Whoa, what a weird moral compass that is. They knew breaking into someone else’s 00:37:08.960 --> 00:37:14.400 account is wrong, but their attitude was if it’s not us who breaks in, 00:37:14.400 --> 00:37:19.200 it’ll surely be someone else who breaks in, and they could cause big problems. So, 00:37:19.200 --> 00:37:24.400 it’s better that we do it so we can fix it, and for the incentive of getting in and fixing it, 00:37:24.400 --> 00:37:28.160 we’ll just take a listen to whatever we find along the way and just keep it for ourselves. 00:37:28.160 --> 00:37:33.120 PROFESSOR DUBSTEP: We decided to look in these databases for Dino’s — if he had 00:37:33.120 --> 00:37:36.880 had his passwords leaked in some database and that we could try them out on Skype. 00:37:36.880 --> 00:37:40.960 JACK: Oh, wow, Dino was that guy who stole things from Excision and then leaked that 00:37:40.960 --> 00:37:44.861 stuff to other people, then tried to blame Professor Dubstep for the leak. 00:37:44.861 --> 00:37:51.920 PROFESSOR DUBSTEP: Yeah. This is where it gets good. [MUSIC] 00:37:51.920 --> 00:37:58.240 So, we had a look and there was one — there was — well, there was one password that had been 00:37:58.240 --> 00:38:03.840 leaked five or six times on different services. So, that just indicates that he’s using it on 00:38:03.840 --> 00:38:09.280 everything and maybe he hasn’t realized that it’s compromised. So, we took that password 00:38:09.280 --> 00:38:19.840 and we logged into his Skype. It worked the first time. It was six characters. It was really basic. 00:38:19.840 --> 00:38:22.880 We just logged straight in, and we could see his chats and we could see him talking to 00:38:22.880 --> 00:38:29.360 some guy called Shane, and Shane was the owner of xTrill. They were talking with 00:38:29.360 --> 00:38:36.000 each other about trying to hack into accounts using these databases. So, they were doing it 00:38:36.000 --> 00:38:41.880 themselves and trying to figure it out, as me and Spintire were also doing it between each other. 00:38:41.880 --> 00:38:46.800 JACK: Oh, interesting. It’s almost like there are two teams on this now; Spintire and Professor 00:38:46.800 --> 00:38:53.181 Dubstep, and then Dino and Shane. Spying on the other team might be really useful here. 00:38:53.181 --> 00:38:55.040 PROFESSOR DUBSTEP: So, one of the targets that Dino was trying to 00:38:55.040 --> 00:39:01.360 hack into while we were watching him was us, me and Spintire. So, 00:39:01.360 --> 00:39:05.360 he was looking in these databases trying to find our info, and we were watching him 00:39:05.360 --> 00:39:10.720 do it and watching him attempt to get into our accounts live in real time. 00:39:10.720 --> 00:39:13.200 JACK: Which accounts of? Like your Skype account? 00:39:13.200 --> 00:39:15.760 PROFESSOR DUBSTEP: Yeah, anything he could manage; our Skype, 00:39:15.760 --> 00:39:19.760 our Dropboxes, SoundClouds, anything, basically. 00:39:19.760 --> 00:39:30.320 JACK: Oh, so, Dino’s talking with Shane like, hey, do you have Professor Dubstep’s — did you see them 00:39:30.320 --> 00:39:35.360 in this at all in the data…? Yeah, I see them in the data — oh, cool. Let’s check their password. 00:39:35.360 --> 00:39:40.301 Try logging in. This is the chats you saw, and then it’s like, no, it didn’t work. Oh, bummer. 00:39:40.301 --> 00:39:44.240 PROFESSOR DUBSTEP: Yeah, exactly that. Literally just a real-time feed of watching them try to 00:39:44.240 --> 00:39:48.400 hack into us. Now, I think more what it was was that he was paranoid and he was trying 00:39:48.400 --> 00:39:53.920 to see if we were sharing stuff behind the scenes and keeping things from him, 00:39:53.920 --> 00:39:57.760 because everyone in this little trading game was backstabbing each 00:39:57.760 --> 00:40:02.160 other. It’s just what was happening. Everyone was backstabbing each other. 00:40:02.160 --> 00:40:05.920 JACK: Well, I mean, so what is your reaction to that? If somebody’s trying to hack me, 00:40:05.920 --> 00:40:10.400 I’d be like, whoa, whoa, whoa, this is now — I’ve gotta be very careful with this person. 00:40:10.400 --> 00:40:12.461 How would — how did you react to this? 00:40:12.461 --> 00:40:16.240 PROFESSOR DUBSTEP: Well, me and Spintire, we just sat there like, 00:40:16.240 --> 00:40:20.560 wow, we’re actually seeing this. They’re actually trying to get into our stuff 00:40:20.560 --> 00:40:30.640 right now. This is strange. This is a lot to break down. But we just sat there like, oh, 00:40:30.640 --> 00:40:35.440 well, good thing we have proper security on ourselves. Otherwise we’d be screwed. 00:40:35.440 --> 00:40:42.160 JACK: [LAUGHING] There’s the funny bit, is like, yeah, you’re scared, you feel like, 00:40:42.160 --> 00:40:47.120 okay, I could be screwed here. This person is clearly attacking us. But 00:40:47.120 --> 00:40:53.021 you’re in their Skype looking at their messages, so you are also attacking them. 00:40:53.021 --> 00:40:54.880 PROFESSOR DUBSTEP: Yeah, exactly. 00:40:54.880 --> 00:40:58.541 JACK: I don’t know whose side to take here. You’re both in the wrong. 00:40:58.541 --> 00:41:01.200 PROFESSOR DUBSTEP: We are both in the wrong. Everyone in this story is in the 00:41:01.200 --> 00:41:07.280 wrong. There is no right here whatsoever. The only thing that is marginally right 00:41:07.280 --> 00:41:12.280 is contacting people to say that you’re compromised. That’s the only good thing. 00:41:12.280 --> 00:41:16.701 JACK: I gotta have a hero I want to cheer for, and I don’t know what to do. 00:41:16.701 --> 00:41:22.880 PROFESSOR DUBSTEP: Yeah, you’re not — I’m telling you now, you’re not gonna get one. I don’t want 00:41:22.880 --> 00:41:28.960 to glorify any of this because it’s not — it’s a terrible thing, the dubplate trading, the hacking. 00:41:28.960 --> 00:41:36.240 It’s all just damaging to everyone involved; the artists, the people doing the hacking. It’s 00:41:36.240 --> 00:41:41.520 dangerous stuff and it’s just a bunch of kids who don’t know better doing it at the time. You know, 00:41:41.520 --> 00:41:47.480 we were fourteen, fifteen, just sat there. Spintire was a lot older. He was about thirty. 00:41:47.480 --> 00:41:52.240 JACK: All this reminds me of one of those old heist movies where the criminals steal the cash, 00:41:52.240 --> 00:41:56.240 but then when they get away and they’re all just sitting around looking at the stolen money and 00:41:56.240 --> 00:42:01.680 each other, they all start wondering if they can trust each other. Clearly these are criminals 00:42:01.680 --> 00:42:04.880 you’re working with willing to break the law for this money. Are they gonna 00:42:04.880 --> 00:42:09.600 steal it from me? Then you realize, yeah, someone is gonna steal my cut, 00:42:09.600 --> 00:42:14.800 so then you steal their cut first and get outta there. Well, here we have both sides completely 00:42:14.800 --> 00:42:18.960 not trusting each other and are actively trying to hack into each other’s accounts to keep an eye on 00:42:18.960 --> 00:42:25.600 them. But it’s interesting that Dino was working with Shane who was the moderator and owner of the 00:42:25.600 --> 00:42:31.040 xTrill subreddit. Through these chats, they could clearly see how involved Shane was in the trading 00:42:31.040 --> 00:42:35.821 scene. He really liked collecting dubplates and getting his hands on unreleased stuff. 00:42:35.821 --> 00:42:42.400 PROFESSOR DUBSTEP: So, we carry on. We take some — try and get some more targets. We think of other 00:42:42.400 --> 00:42:48.800 sites that we can try and log into. [MUSIC] So, we take a look at box.com, which is a Cloud storage 00:42:48.800 --> 00:42:55.520 provider usually used by small businesses, big businesses, record label production companies, 00:42:55.520 --> 00:43:03.440 anything. It’s very popular because they offer great group collaboration options. So, 00:43:03.440 --> 00:43:09.360 we take Skrillex’s manager’s password and we try it on the box.com account, and it logs us 00:43:09.360 --> 00:43:19.200 straight in, straight into the inner workings of Skrillex’s record label. But we get in there 00:43:19.200 --> 00:43:25.400 and we can see all their upcoming releases and their production files, promotion plans… 00:43:25.400 --> 00:43:27.661 JACK: Upcoming releases for Skrillex? 00:43:27.661 --> 00:43:31.200 PROFESSOR DUBSTEP: For Skrillex and all the artists on his label. 00:43:31.200 --> 00:43:36.960 JACK: Wow, that sounds like a big treasure trove. 00:43:36.960 --> 00:43:40.920 PROFESSOR DUBSTEP: It was a couple of terabytes worth of files in there. 00:43:40.920 --> 00:43:43.501 JACK: Holy cow. 00:43:43.501 --> 00:43:48.080 PROFESSOR DUBSTEP: Box.com is a little bit more advanced. They send log-in notifications 00:43:48.080 --> 00:43:53.280 for unrecognized log-ins. So, one of the first things we did was go into the settings and have 00:43:53.280 --> 00:43:58.080 a look. You know, did it say that we’d logged in? This guy, this account that we had logged into, 00:43:58.080 --> 00:44:04.840 he’d turned off the log-in notifications, so he had no idea that we had got in there, none. 00:44:04.840 --> 00:44:08.941 JACK: Oh, my gosh. There’s a lesson there, isn’t there? 00:44:08.941 --> 00:44:11.760 PROFESSOR DUBSTEP: Yeah. You know, leave something on for something 00:44:11.760 --> 00:44:16.240 like that which is heavily relating to your business. You need to have 00:44:16.240 --> 00:44:19.640 these notifications turned on to tell you if your security is compromised. 00:44:19.640 --> 00:44:25.120 JACK: Unreleased tracks are worth more than demos. [MUSIC] Demos are just early 00:44:25.120 --> 00:44:30.160 versions or remixes of songs people have already heard, but unreleased tracks, 00:44:30.160 --> 00:44:34.781 nobody’s ever heard yet. Okay, so, give me a list of things you found on there. 00:44:34.781 --> 00:44:41.040 PROFESSOR DUBSTEP: There was unreleased Skrillex songs, there was individual audio assets for 00:44:41.040 --> 00:44:46.640 some Skrillex things and the other artists on his label like the individual master, 00:44:46.640 --> 00:44:51.200 master stems and things for songs, multi-tracks, so that you could basically break them down into 00:44:51.200 --> 00:44:54.880 their parts and things. Everything was stored in there. There was Photoshop documents, 00:44:54.880 --> 00:45:00.720 promotion plans, documents saying what they were gonna be doing for the next year or two years, 00:45:00.720 --> 00:45:06.720 even, internal voice recordings, meetings between the label executives and things. 00:45:06.720 --> 00:45:11.600 It was all kinds of stuff that really should — it’s confidential things and it 00:45:11.600 --> 00:45:17.200 was really unprotected files. There was no individual passwords on folders and 00:45:17.200 --> 00:45:21.520 things. It was just all open with fifty other accounts shared on all of them. 00:45:21.520 --> 00:45:26.080 JACK: My gosh. I’m just trying to think of what that could — if that 00:45:26.080 --> 00:45:31.581 did get in the public, what kind of ruckus that would have caused. 00:45:31.581 --> 00:45:36.160 PROFESSOR DUBSTEP: It would have caused a lot, a very large amount. 00:45:36.160 --> 00:45:40.240 What we did was we copied the share link for each folder that was in there and we set the 00:45:40.240 --> 00:45:44.160 permission on that so that anyone with that share link could still view the folder even 00:45:44.160 --> 00:45:49.840 though they’re not logged in. We also copied the collaborator invite links for the folders 00:45:49.840 --> 00:45:56.880 because that option was not password-protected. So, we could invite a new burner account so that 00:45:56.880 --> 00:46:01.600 we would still have access for ourselves on new accounts altogether, and the original one 00:46:01.600 --> 00:46:06.640 would be closed down so no one else would be able to get access to it apart from us. 00:46:06.640 --> 00:46:11.200 JACK: That’s interesting. I want to make sure you understand this. They accessed 00:46:11.200 --> 00:46:16.720 Skrillex’s manager’s box.com account, okay, and they saw these folders there and made 00:46:16.720 --> 00:46:22.000 the parent one shareable. What this means is that anyone with that link can now view the 00:46:22.000 --> 00:46:28.240 contents of that folder and all the subfolders without needing a username or password. So, 00:46:28.240 --> 00:46:32.800 now they don’t need to log back in to see what new files were uploaded. They could just use that 00:46:32.800 --> 00:46:38.800 share link to get in there and view it without logging in at all. On top of that, the manager 00:46:38.800 --> 00:46:43.360 had the ability to invite new collaborators. So, they just made a new e-mail account and invited 00:46:43.360 --> 00:46:47.360 themselves as collaborators, and then told the manager, hey, look, your account isn’t secure; 00:46:47.360 --> 00:46:51.680 you should change the password, which fixed the manager’s account so that no one else 00:46:51.680 --> 00:46:57.120 could use this same exploit to get in and no other hacker could get in the same way. 00:46:57.120 --> 00:47:05.440 This is a backdoor persistence into Skrillex’s whole media company. Yeah, but it’s a backdoor in 00:47:05.440 --> 00:47:09.360 a way that I never thought would be a backdoor, right? If I say, oh, I have backdoor access to 00:47:09.360 --> 00:47:16.240 box.com, you’re thinking, oh, wow, you’ve got some malware planted and reverse HHS shell. Nope, 00:47:16.240 --> 00:47:24.141 just a share link. Oh. Yeah, it gives you a total different perspective of what a backdoor even is. 00:47:24.141 --> 00:47:27.920 PROFESSOR DUBSTEP: Yeah, because it’s a backdoor that you can just — it’s built into the site. 00:47:27.920 --> 00:47:29.581 JACK: It’s built into the site, exactly. 00:47:29.581 --> 00:47:32.720 PROFESSOR DUBSTEP: The only reason we were able to get these in the first place is because people 00:47:32.720 --> 00:47:36.880 don’t exercise proper security. They use the same password on every site for years 00:47:36.880 --> 00:47:41.440 and years and years and don’t enable two-factor authentication on their accounts, either. So, 00:47:41.440 --> 00:47:44.400 it’s just open. [MUSIC] If you’ve got the password, then you can just go — you can just walk 00:47:44.400 --> 00:47:52.200 straight in and do whatever. You could ransack the place if you so wanted to, which is ridiculous. 00:47:52.200 --> 00:47:57.840 JACK: I’m just sitting here thinking about this, letting it sink in. A backdoor is built 00:47:57.840 --> 00:48:03.360 into all the file-sharing sites like box.com, Google Drive, iCloud, Proton Drive, Dropbox, 00:48:03.360 --> 00:48:10.240 whatever, because if there exists a shared folder link, anyone with that link can see into that 00:48:10.240 --> 00:48:15.520 folder. It’s a feature of the site itself. You can’t take that away or it ruins the point of 00:48:15.520 --> 00:48:22.240 the site. What you think is yours in private really isn’t if there are public links to it. 00:48:22.240 --> 00:48:27.680 When you make something shareable and you say only people with this link can see this file, 00:48:27.680 --> 00:48:34.560 it feels like this is still private, but it’s not. It’s security through obscurity. Your link 00:48:34.560 --> 00:48:40.080 is hidden but not secure, and if that link gets out, it’s viewable by anyone without a 00:48:40.080 --> 00:48:45.440 username or password. I’ve been doing cyber security for decades and nobody is talking 00:48:45.440 --> 00:48:50.480 about auditing Dropbox links to make sure only the stuff that should be public is public, 00:48:50.480 --> 00:48:55.760 because every file and folder may have that option and going through them all is simply unreasonable 00:48:55.760 --> 00:49:01.040 to do by hand. When you’re moving at the speed of business, nobody’s going back to clean up 00:49:01.040 --> 00:49:07.200 or check what folders have sharing links and what don’t. I say it’s best to treat everything on your 00:49:07.200 --> 00:49:13.200 Cloud storage as if it is publicly accessible, and only temporarily put things up there if you 00:49:13.200 --> 00:49:16.800 want to share it with someone privately, and then remove it as soon as they get it. 00:49:16.800 --> 00:49:21.280 I also want to draw your attention to websites like URLscan.io. This 00:49:21.280 --> 00:49:25.680 is a site that is attempting to look at URLs to see if they’re safe or malicious, 00:49:25.680 --> 00:49:30.720 but users can go there and search the site to see what URLs are in the database, and sometimes 00:49:30.720 --> 00:49:37.360 you can find URLs that probably shouldn’t be in the public, but they are. [MUSIC] Like, 00:49:37.360 --> 00:49:42.160 imagine if you take a photo of your kid and it’s on Google Drive, but then you want to create a 00:49:42.160 --> 00:49:47.760 link to show it to grandma, and you specifically say only people with this link can see this photo, 00:49:47.760 --> 00:49:52.640 and you e-mail the link to grandma. Well then, grandma has some browser plugin that examines 00:49:52.640 --> 00:49:58.000 all the links to make sure they’re safe to click, so when this link gets examined somewhere, bingo, 00:49:58.000 --> 00:50:04.400 bango, suddenly that link to your kid’s birthday party is now floating around on the internet in 00:50:04.400 --> 00:50:10.560 all kinds of databases, being clicked on by who knows who. URLScan collects links like 00:50:10.560 --> 00:50:16.720 that. Hybrid Analysis is another tool. Cloudflare Radar URL scanner is another. Not to mention, DNS 00:50:16.720 --> 00:50:23.120 providers all over the world are logging things, too. It’s not just Google Drive and Dropbox. There 00:50:23.120 --> 00:50:28.720 are tons of other online storage websites that you could look for; iCloud, box.com, Sync, Ignite, 00:50:28.720 --> 00:50:34.160 IONOS, HiDrive, AWS, S3 buckets, Proton Drive, and so many more. The list goes on and on. So, 00:50:34.160 --> 00:50:39.360 the data is available. It’s just a matter of sifting through it to find something juicy. 00:50:39.360 --> 00:50:44.400 In this case, they were looking specifically for dubstep music and stepping over anything 00:50:44.400 --> 00:50:52.701 else that they came across. Okay, so, it was just you and Spintire that got access to this. 00:50:52.701 --> 00:50:53.160 PROFESSOR DUBSTEP: Yep. 00:50:53.160 --> 00:50:57.920 JACK: And just — you just kept it between you. Nobody shared it beyond that, right? 00:50:57.920 --> 00:51:06.880 PROFESSOR DUBSTEP: So I thought. How I wish, ‘cause as usual, a few weeks went by and other 00:51:06.880 --> 00:51:13.040 people started to hint that they had these files. Or, well, the traders got access to some things, 00:51:13.040 --> 00:51:18.320 and there was no explanation for it other than that Spintire must have shared it with 00:51:18.320 --> 00:51:23.200 someone. So, I quizzed him on it and I said, if you have, just — I’d rather you just tell 00:51:23.200 --> 00:51:28.720 me. I won’t be angry. I just want to know. He still denies it. So, I start thinking, oh, well, 00:51:28.720 --> 00:51:33.920 someone else must have got access somehow aside from us. Someone else must have initially got 00:51:33.920 --> 00:51:39.360 access to the account. So, I treat it as that for a while. I let Spintire have the benefit of the 00:51:39.360 --> 00:51:46.400 doubt. We carry on going. We think of some more accounts to try and get into, different people. 00:51:46.400 --> 00:51:51.680 [MUSIC] Another thing we were trying was the management company for Diplo and Major Lazer, 00:51:51.680 --> 00:51:59.840 who are a bit closer to pop music. We tried his manager’s box.com account based on what 00:51:59.840 --> 00:52:08.960 we’d found in these leaked databases, and sure enough, the password worked. It logged us in. 00:52:08.960 --> 00:52:14.080 There was another couple of terabytes of data in there. It was a lot more than just Major 00:52:14.080 --> 00:52:18.400 Lazer that were in there. There was Diplo, there was A-Trak, there was Dillon Francis, 00:52:18.400 --> 00:52:24.080 Kill the Noise. There were about twenty different artists under this management 00:52:24.080 --> 00:52:29.280 company, and we could view all of their stuff from within this box.com account. 00:52:29.280 --> 00:52:36.080 JACK: At this point they’ve gained access to terabytes of data from these music managers, 00:52:36.080 --> 00:52:39.760 which was just too much to download it all. Their hard drives would fill up instantly, 00:52:39.760 --> 00:52:44.720 so they had to be selective of what they were grabbing. I don’t know what this is like, 00:52:44.720 --> 00:52:51.520 to come across this, but I imagine you cancel your weekend plans and you’re like, I got a whole bunch 00:52:51.520 --> 00:52:56.160 of cool stuff that just arrived in the mail and I can’t wait to dig in there and listen to stuff. 00:52:56.160 --> 00:53:00.720 ‘Cause you can’t speed through listening to these things. You’ve gotta really be like, 00:53:00.720 --> 00:53:05.200 wow, I’m gonna let this one play all — the whole thing. Like, this is — nobody else is 00:53:05.200 --> 00:53:11.948 hearing this but maybe four people in the world, and Diplo made it. Like, wow. Wow. 00:53:11.948 --> 00:53:15.920 PROFESSOR DUBSTEP: Yeah, this is where it gets a bit more dangerous because some stuff that 00:53:15.920 --> 00:53:21.760 they had in that box.com account — they were basically keeping all of their artists and 00:53:21.760 --> 00:53:26.320 people that were involved in touring and things, production crew, they were keep — this management 00:53:26.320 --> 00:53:32.080 company was keeping all of these people’s personal documents in there, calling them contact sheets, 00:53:32.080 --> 00:53:35.840 and that contact sheet would have more than just their contact information on them. It would have 00:53:35.840 --> 00:53:42.960 their artists’ social security numbers, bank routing info, passwords, all kinds of insane 00:53:42.960 --> 00:53:51.360 stuff that was just supremely dangerous to keep in largely unsecured folders with no extra passwords 00:53:51.360 --> 00:53:56.240 on them and seemingly no reason to put that info in the document whatsoever. Then to not 00:53:56.240 --> 00:54:02.800 secure your own account properly — it’s exposing all the people that are, you know, millionaires. 00:54:02.800 --> 00:54:10.880 It’s kind of lucky that none of — me or Spintire or any of the people that eventually were doing 00:54:10.880 --> 00:54:15.200 this, that none of them were interested in anything more than just the music, 00:54:15.200 --> 00:54:18.640 because the amount of damage that could have come from that is insane. 00:54:18.640 --> 00:54:23.840 JACK: Here’s a situation where the management label for musicians was being careless with 00:54:23.840 --> 00:54:28.560 the artists’ private data. Driver’s license, social security numbers, and saved passwords 00:54:28.560 --> 00:54:33.120 were sitting there on these online drives, and while it wasn’t meant for the public to see, 00:54:33.120 --> 00:54:37.920 there were gobs of people who did have access to this that worked for the management companies. Or, 00:54:37.920 --> 00:54:41.120 even other musicians could see each other’s files. It just goes 00:54:41.120 --> 00:54:46.061 to show if you’re not protecting your own private data, nobody else will, either. 00:54:46.061 --> 00:54:50.000 PROFESSOR DUBSTEP: These folders all had upwards of fifty people shared on them. 00:54:50.000 --> 00:54:53.920 Everyone in the business could have accessed these things. The interns could access these 00:54:53.920 --> 00:54:59.360 things. Anyone could grab these things. Or, anyone that got into the account could grab 00:54:59.360 --> 00:55:04.600 these as well and just have it, and there’d be no notification that it had been compromised. 00:55:04.600 --> 00:55:08.880 JACK: Man, that’s too many people to have access to all this, because the more people 00:55:08.880 --> 00:55:13.440 you have involved, the more backdoors might be created. Because, just think; 00:55:13.440 --> 00:55:18.240 if a music production company is going to use Dropbox to store all their work in progress, 00:55:18.240 --> 00:55:23.600 it sounds to me like they don’t have an internal file-storage system and maybe no internal network 00:55:23.600 --> 00:55:28.960 at all. They probably need things like e-mail, chat system. They gotta make social media 00:55:28.960 --> 00:55:33.760 graphics, a merch store, blog, social media accounts, newsletters, project management and 00:55:33.760 --> 00:55:39.040 collaboration tools, and an internal knowledge base or Wiki. Chances are, small businesses 00:55:39.040 --> 00:55:44.400 today are using public-facing websites for all these solutions and not self-hosting things on 00:55:44.400 --> 00:55:49.440 their own servers and their own data center. So, that means if fifty people work at this place, 00:55:49.440 --> 00:55:54.960 that’s fifty accounts times however many services I just listed. What, ten? So, we’re talking 00:55:54.960 --> 00:56:00.640 five hundred various logins to different websites now. Who’s got permission to see what and where? 00:56:00.640 --> 00:56:04.400 Small businesses are not auditing these things, and it’s an auditing nightmare 00:56:04.400 --> 00:56:09.520 even if they tried. No, this isn’t an ad. I’m not gonna try to give you a solution. I just 00:56:09.520 --> 00:56:13.520 want to tell you about the problems that arise when you start using Cloud-based solutions and 00:56:13.520 --> 00:56:17.360 there are a whole bunch of kids who are desperately trying to exploit those. So, 00:56:17.360 --> 00:56:22.320 these kids had valid usernames and passwords to get into people’s accounts, right? Okay, well, 00:56:22.320 --> 00:56:26.800 that’s a problem to begin with, but whatever. They were grabbing things but they were also being 00:56:26.800 --> 00:56:32.400 smart at trying to establish persistence. If the owners of these accounts changed the passwords, 00:56:32.400 --> 00:56:37.920 they’d be locked out. So, they created share links so that even if the account gets locked out, 00:56:37.920 --> 00:56:43.200 they could see what files are being uploaded later. Cool. But you can really take this to 00:56:43.200 --> 00:56:48.800 crazy levels. I’m talking about creating ghost logins. [MUSIC] Let me geek out on this for a 00:56:48.800 --> 00:56:54.400 second because I want to try to break your brain. Okay, so let’s consider Zapier and how it can be 00:56:54.400 --> 00:57:01.920 used maliciously. Zapier is a tool that lets you automate things. So, if I get a new invoice in 00:57:01.920 --> 00:57:07.680 my e-mail, I can automatically upload that invoice to Dropbox so that the accounting team can see it. 00:57:07.680 --> 00:57:13.360 Okay, Zapier can do that for you. But in order for that to work, it’s gotta have the ability 00:57:13.360 --> 00:57:18.640 to see your inbox and have the ability to view and upload things to your Dropbox. So, 00:57:18.640 --> 00:57:22.480 to set it up, you need to give it permissions to do that. Well, now, 00:57:22.480 --> 00:57:26.880 if a hacker gets into your Dropbox like these kids were doing and they wanted to maintain their 00:57:26.880 --> 00:57:33.840 access like these kids wanted and they could see that you hooked up Zapier to do automation — so, 00:57:33.840 --> 00:57:40.480 now they can create their own fresh Zapier account that they control and connect it to your Dropbox. 00:57:40.480 --> 00:57:46.640 This could give them visibility into your Dropbox from Zapier. You wouldn’t even know they’re there, 00:57:46.640 --> 00:57:51.840 because to you, all you see is that Zapier has permission to view your files. But you set that up 00:57:51.840 --> 00:57:57.040 when you were setting up your invoice automation thing. This is what I mean by a ghost login, 00:57:57.040 --> 00:58:01.920 someone who’s in your account who doesn’t even need a username or password to stay in. Change 00:58:01.920 --> 00:58:06.400 the password all you want. They’re still gonna stay connected to your stuff. Another way to 00:58:06.400 --> 00:58:12.000 create a ghost login is to create a secondary login. Some sites allow you to log in through 00:58:12.000 --> 00:58:17.120 Google or Microsoft or Facebook or even SSL. Suppose that’s how you set up your account, 00:58:17.120 --> 00:58:21.520 by logging in using your Facebook account. Now, if a hacker has your password like these 00:58:21.520 --> 00:58:27.440 kids did and gets in through that, some sites might have the option to connect another login. 00:58:27.440 --> 00:58:32.640 Like, if you used Facebook to log in, the site might let you also connect your Google account, 00:58:32.640 --> 00:58:38.560 too. So, yeah, a hacker could just create a brand-new Google account and connect it 00:58:38.560 --> 00:58:44.480 to your account and start using that to get into your account from then on. So, even if you change 00:58:44.480 --> 00:58:49.840 all your passwords, that access would persist. So, if you really want to change your passwords, 00:58:49.840 --> 00:58:54.320 you really need to go through all of the websites that you have to see all of the 00:58:54.320 --> 00:59:01.280 connected services and alternate logins, and it’s a mess. It’s a mess. Of course, another 00:59:01.280 --> 00:59:06.960 way is if the site has a way to generate an API key, you can do that and then access the stuff 00:59:06.960 --> 00:59:11.520 from there. There’s so many options to create ghost logins to maintain access to an account 00:59:11.520 --> 00:59:17.040 even if the user changes their password. This is what I mean. If fifty people all have access 00:59:17.040 --> 00:59:23.200 to someone’s driver’s license and Dropbox, then perhaps nobody is looking closely at permissions, 00:59:23.200 --> 00:59:27.680 and if that’s the case, there’s a high potential of being able to create a ghost login that stays 00:59:27.680 --> 00:59:34.240 working for years. I must say, this is a new territory for security teams to navigate. You 00:59:34.240 --> 00:59:37.920 hear about this in general terms like ‘least user privilege’ and this sort of stuff, 00:59:37.920 --> 00:59:42.720 but you don’t have people who are experts in Zapier account security who will audit what 00:59:42.720 --> 00:59:48.480 apps you have given permission to regularly. This is a big challenge to keep up with. So, 00:59:48.480 --> 00:59:56.800 with all this data, terabytes and terabytes from some of the biggest stars in this dubstep world, 00:59:56.800 --> 01:00:01.341 do you ever think like, you know, we can make some money off this? 01:00:01.341 --> 01:00:07.920 PROFESSOR DUBSTEP: I wasn’t into that, but I would later find out that Spintire was sort of starting 01:00:07.920 --> 01:00:15.680 to get into that. I mean, after a while of these things keeping leaking, starting to leak on Reddit 01:00:15.680 --> 01:00:20.960 that were meant to be just kept between us and that no one else was supposed to have access to, 01:00:20.960 --> 01:00:27.120 I clocked on that Spintire must have been being dishonest about it. So, I confronted him in 01:00:27.120 --> 01:00:34.080 mid-October. I said, are you sharing these? Just tell me right now. Are you sharing these? He says, 01:00:34.080 --> 01:00:39.040 no, it’s not quite like that. I said, well, how is it, then? He says, I can’t say. I say, 01:00:39.040 --> 01:00:46.160 is someone paying you for them? He says, yeah. So, I think, oh, well, finally I’ve — he’s admitted 01:00:46.160 --> 01:00:52.000 it and I’ve caught him out on his whole game plan. He goes on to explain that he quit his 01:00:52.000 --> 01:00:57.760 actual job to sell these files to some rich kid on the other side of the world. I say, 01:00:57.760 --> 01:01:03.680 well, this goes against every — the whole reason that we were doing this in the first place was to 01:01:03.680 --> 01:01:08.640 keep these files somewhat safe and prevent these people from getting access to them, 01:01:08.640 --> 01:01:12.240 to be able to — so that they can’t do this thing with it, and then he’s doing 01:01:12.240 --> 01:01:17.200 it himself. It really made me quite angry ‘cause I felt misled on the whole thing. 01:01:17.200 --> 01:01:21.840 JACK: Huh. This is a tricky situation to navigate for a teenager. Like, what do you do when your 01:01:21.840 --> 01:01:27.920 partner in crime starts doing things you don’t approve of? Together, you made a map of all the 01:01:27.920 --> 01:01:33.280 buried treasures, all the shared links and logins and passwords and ghost logins, terabytes of 01:01:33.280 --> 01:01:38.960 downloaded data, and a whole system of techniques and piles of data to sift through to find more. 01:01:38.960 --> 01:01:44.880 Suddenly, both of them are now highly suspicious of each other. Now that it was known that Spintire 01:01:44.880 --> 01:01:50.320 was selling this stuff, Spintire offered them a cut of the money to keep things quiet and stuff. 01:01:50.320 --> 01:01:57.760 PROFESSOR DUBSTEP: I said yes, but what I meant was I’ll agree so that he keeps — he 01:01:57.760 --> 01:02:04.400 thinks that I’m on his side still. So, I end the chat and then I go and talk to Shane from xTrill. 01:02:04.400 --> 01:02:09.280 JACK: Shane was the moderator and admin of the xTrill subreddit. Professor Dubstep was like, 01:02:09.280 --> 01:02:14.160 listen, these leaks that have been happening lately, I know where they’re coming from. Spintire 01:02:14.160 --> 01:02:19.200 is selling it, and I don’t want more to leak out. So, here are the other things that might leak. 01:02:19.200 --> 01:02:25.440 PROFESSOR DUBSTEP: So, he agrees and he’s like, yeah, we’ll do what we can to prevent 01:02:25.440 --> 01:02:30.080 Spintire from carrying on with this stuff. So, we started working together from that 01:02:30.080 --> 01:02:36.226 point on on these things, me and Shane and another friend called Arnie Kurtz. 01:02:36.226 --> 01:02:39.440 JACK: [MUSIC] Arnie was another guy very tuned in to the unreleased music scene, 01:02:39.440 --> 01:02:44.160 and he was a whiz with all these online services and how their security can be exploited, 01:02:44.160 --> 01:02:49.360 which could be really handy to break into more shared drives and stuff. Shane had seen that 01:02:49.360 --> 01:02:54.800 Dino wasn’t trustworthy, so they stopped working together. So, the new crew is Professor Dubstep, 01:02:54.800 --> 01:03:01.360 Shane, and Arnie. Spintire and Dino were out. Not only that, but they all agreed that Spintire needs 01:03:01.360 --> 01:03:05.280 to be stopped. So, they put filters in place on the subreddit to keep certain tracks from 01:03:05.280 --> 01:03:09.280 getting posted, but they also started going through the ghost logins and shared links 01:03:09.280 --> 01:03:14.160 that Spintire had to lock him out. They were changing passwords and disabling shared links. 01:03:14.160 --> 01:03:19.600 It’s kinda funny that this teenage crew knew exactly the steps to take to keep hackers out, 01:03:19.600 --> 01:03:24.941 yet the music labels themselves either didn’t know or didn’t want to stop these kids. 01:03:24.941 --> 01:03:28.640 PROFESSOR DUBSTEP: Yeah, that’s kind of what we started doing. Our main plan was just 01:03:28.640 --> 01:03:35.040 prevent Spintire from retaining access to these accounts and these folders that we had spent so 01:03:35.040 --> 01:03:41.280 long to gain ourself access to, and then we’re locking them off to try — specifically to try 01:03:41.280 --> 01:03:46.960 and prevent things, to prevent this from — it is kinda strange that it changed in that 01:03:46.960 --> 01:03:52.240 way. I had cut Spintire off in mid-October. I had been friends with him for two years at 01:03:52.240 --> 01:03:58.240 that point. It was difficult to cut him off. He was fun to hang out with. But, you know, 01:03:58.240 --> 01:04:03.200 it had to be done. Damage was actually being caused, and I was recognizing that. 01:04:03.200 --> 01:04:07.840 JACK: What a headful to navigate as a teenager, you know? Like, to be sitting in, 01:04:07.840 --> 01:04:13.280 what, history class, just thinking in the back of the class what stuff Spintire might steal next, 01:04:13.280 --> 01:04:17.280 and then to rush home and change more passwords to try to lock him out. But then when you’re in there 01:04:17.280 --> 01:04:21.440 cleaning things up, you’re reminded, oh yeah, this is the account with all those banking details for 01:04:21.440 --> 01:04:26.080 this major musician who’s a millionaire. Huh, that’s funny. Not gonna touch that, 01:04:26.080 --> 01:04:30.880 but I will stop Spintire from getting back in here. Once they were slowing down Spintire and 01:04:30.880 --> 01:04:36.533 locking him out the best they could, it was time to start looking for new treasure troves. 01:04:36.533 --> 01:04:40.080 PROFESSOR DUBSTEP: [MUSIC] I think at the peak of things, we probably had a network 01:04:40.080 --> 01:04:47.520 of twenty-five accounts. It was a lot. We were doing this sort of stuff just all day, 01:04:47.520 --> 01:04:53.760 basically, just trying to figure out what could be next. What could Spintire’s next target be? 01:04:53.760 --> 01:04:58.480 What could be something dangerous that he would get access to that he shouldn’t get access to, 01:04:58.480 --> 01:05:02.800 and then go and get access to it ourselves instead. It was ridiculous. 01:05:02.800 --> 01:05:07.360 JACK: Their standard system was to find a musician’s e-mail address, search for that 01:05:07.360 --> 01:05:11.920 e-mail address in the breached databases, get the hash, crack the hash, then use that 01:05:11.920 --> 01:05:16.941 on a whole bunch of sites that musicians might use and hope they might be reusing passwords. 01:05:16.941 --> 01:05:21.040 PROFESSOR DUBSTEP: Yeah, that’s the thing as well with box.com or Dropbox; 01:05:21.040 --> 01:05:24.960 if you make a shared folder and you invite other collaborators to it — like, 01:05:24.960 --> 01:05:29.520 these management companies are inviting fifty people to a folder. You could go through and 01:05:29.520 --> 01:05:33.600 browse that list of people and take their names and their e-mail addresses off there, 01:05:33.600 --> 01:05:38.320 and then you could run those through the database search, as well. So, you could — if you spent 01:05:38.320 --> 01:05:43.680 long enough on it, you could tunnel through to all kinds of places that way by just going 01:05:43.680 --> 01:05:48.600 on it again and again and again until you get somewhere. You could build up a network that way. 01:05:48.600 --> 01:05:52.320 JACK: Of course, you all should know by now the dangers of reusing the same 01:05:52.320 --> 01:05:56.880 password on multiple sites. Here’s a clear reminder why you should never do that. But 01:05:56.880 --> 01:06:01.821 you should also watch out that you’re not too lazy when making different passwords. 01:06:01.821 --> 01:06:06.160 PROFESSOR DUBSTEP: Quite a few times they’d not change it very much. They’d maybe just add a 01:06:06.160 --> 01:06:11.600 capital letter or an extra number on the end. There was one manager that we were looking at; 01:06:11.600 --> 01:06:15.520 his password was the same thing for everything, but he just changed the letter at the end and 01:06:15.520 --> 01:06:19.920 it would be — the letter at the end would be the initial of whatever site the account was for. So, 01:06:19.920 --> 01:06:23.840 if the account password had leaked for MySpace, it would be ‘word’ and 01:06:23.840 --> 01:06:29.280 then the letter M at the end. So, to get to the password for box.com or Dropbox, 01:06:29.280 --> 01:06:33.600 you’d just change the letter at the end to a D or a B and it would work. You 01:06:33.600 --> 01:06:39.120 would also not get a notification that that password was compromised, because it wasn’t. 01:06:39.120 --> 01:06:43.280 JACK: Yeah, that’s interesting, because I regularly check all my passwords to see if 01:06:43.280 --> 01:06:47.920 any of them have been exposed in a database breach, and I change any that do get seen. 01:06:47.920 --> 01:06:51.840 But if my password is guessable because it’s just one letter off on every site, 01:06:51.840 --> 01:06:57.280 then those would never appear in any database breach to make me want to change it. Now, 01:06:57.280 --> 01:07:01.821 one of the songs they got ahold of early was Purple Lamborghini. 01:07:01.821 --> 01:07:05.760 PROFESSOR DUBSTEP: Yeah, Purple Lamborghini was something that came from Diplo’s manager’s 01:07:05.760 --> 01:07:10.720 account. One of the artists that they were managing was called Flosstradamus. They do 01:07:10.720 --> 01:07:17.280 DJ sets at the main festivals throughout the year for trap music and dubstep music. In one of these 01:07:17.280 --> 01:07:23.920 contact sheets that was stored on this management box was all of the passwords for this DJ duo. 01:07:23.920 --> 01:07:29.920 One of them was the password for their Splice account. Splice was a service that offered 01:07:29.920 --> 01:07:36.400 project file storage for music software. So, we got into that and we downloaded their DJ set 01:07:36.400 --> 01:07:42.240 preparation files. Because they were semi-big players, they had all these work-in-progress 01:07:42.240 --> 01:07:47.760 versions of tracks from other people in the scene, and the Purple Lamborghini demo was one of them. 01:07:47.760 --> 01:07:50.880 JACK: By the way, if you’re wondering if there’s a dolphin in Purple Lamborghini, 01:07:50.880 --> 01:07:59.600 there sure is. It’s right here. [MUSIC] Ba, ba, ba. I swear if I listen to this enough, 01:07:59.600 --> 01:08:02.640 I’m gonna learn the language. Now, the thing is this is a demo version, 01:08:02.640 --> 01:08:06.480 which I think is better than the official version, but this demo wasn’t released when 01:08:06.480 --> 01:08:11.680 the official one came out and I don’t think had any plans of ever getting out. So, at this time, 01:08:11.680 --> 01:08:16.053 only Professor Dubstep and a handful of people in the world ever heard this. 01:08:16.053 --> 01:08:19.520 PROFESSOR DUBSTEP: [MUSIC] Yeah, and basically what happened was — it’d been a few months since 01:08:19.520 --> 01:08:25.440 I cut Spintire off, and I was missing my friend. I went and unblocked him and I started talking to 01:08:25.440 --> 01:08:31.360 him again. I said, you know, are you still doing the selling? ‘Cause we’d been trying to prevent 01:08:31.360 --> 01:08:36.960 him from doing it, preventing him from getting anything to sell. He said, no, I’ve finished with 01:08:36.960 --> 01:08:42.000 that. I’ve cut off those people. I realized that they were trading and leaking the things after, 01:08:42.000 --> 01:08:48.320 blah, blah, blah. So, I was like, okay, should we be friends again? He said, sure. Let’s go back to 01:08:48.320 --> 01:08:55.120 how things were a couple of years ago, just talk about music and not be involved in any of this 01:08:55.120 --> 01:09:02.800 dodgy stuff. I say, okay, sure. We kept talking. It led into, oh, I’ve got these couple cool, 01:09:02.800 --> 01:09:08.640 new things. Do you have any cool, new things? So, we share a couple of things back and forth with 01:09:08.640 --> 01:09:16.960 each other like old times. The Purple Lamborghini demo was one of those things. About a week goes by 01:09:16.960 --> 01:09:29.760 and as usual, it leaks on Reddit. The one single, possible culprit; Spintire. I just — I blew up at 01:09:29.760 --> 01:09:36.320 him over it. Say, this has happened again. You’re the only explanation for this thing leaking. You 01:09:36.320 --> 01:09:41.440 broke my trust again. So, I couldn’t back off, but it was too late by that point. The thing had 01:09:41.440 --> 01:09:47.760 leaked. That was my own stupid fault. But December rolls around and we had one last big thing that 01:09:47.760 --> 01:09:56.320 we wanted to try and do, which was to get into a Major Lazer production account for where they held 01:09:56.320 --> 01:10:00.720 all their song files and their production files for things that they were working on, things that 01:10:00.720 --> 01:10:05.840 you could load up into music software and see all the individual bits of and change things. 01:10:05.840 --> 01:10:12.240 [MUSIC] So, we had the idea to go for one of Major Lazer’s production team and see if we 01:10:12.240 --> 01:10:18.560 could get into their things. So, we had one last go on the database and see if we could get the 01:10:18.560 --> 01:10:26.160 paths to their Dropbox, and we did manage it. We were talking back and forth with each other, 01:10:26.160 --> 01:10:34.880 me and Arnie and Shane in group chat, saying, oh, it’s here. There was one specific song that we 01:10:34.880 --> 01:10:40.320 wanted to get. It was called Terrorize, featuring Collie Buddz. So, we logged into this account, 01:10:40.320 --> 01:10:46.480 and the first thing we searched for was ‘Terrorize project file’ and it was there, 01:10:46.480 --> 01:10:53.040 the actual one that they were — that the group were working on at the very day. So, 01:10:53.040 --> 01:10:55.840 we’re talking back and forth with each other, like, oh, it’s Terrorize season, 01:10:55.840 --> 01:11:00.560 it’s Terrorize season. GOAT, greatest of all time. But there was more than just 01:11:00.560 --> 01:11:05.920 that in Dropbox. There was another terabyte of stuff that was being worked on at that minute, 01:11:05.920 --> 01:11:14.720 like the inner workings of a major billboard, top-100 pop artist, and everything was there; 01:11:14.720 --> 01:11:24.160 individual assets, drum samples, synth files, all kinds. So, we grabbed all that stuff. Well, 01:11:24.160 --> 01:11:31.120 I mean, it was too much to grab. In many of these cases, it was too much. There was too much there. 01:11:31.120 --> 01:11:36.400 The things that Spintire had got hold of from before he was cut off had started 01:11:36.400 --> 01:11:43.040 to — it would — the leaking had really picked up, and me and Shane and Arnie basically decided 01:11:43.040 --> 01:11:49.040 that we needed to make even more efforts to contact these people who had been compromised, 01:11:49.040 --> 01:11:55.760 so — and I’m pretty sure it was Arnie that did it. He rang up the actual manager’s phone number and 01:11:55.760 --> 01:12:03.120 left a message on the voicemail to say this has happened, this is what will happen next, and you 01:12:03.120 --> 01:12:09.040 need to start taking steps to secure your stuff straightaway, otherwise the damage would just 01:12:09.040 --> 01:12:16.000 rack up into hundreds of thousands of dollars. So, their legal team started talking about this. Like, 01:12:16.000 --> 01:12:21.360 oh, how could this happen? Blah, blah, blah. It’s impossible. We sort of — we ended up in contact 01:12:21.360 --> 01:12:27.600 with these legal teams under false identities to explain to them how it had happened, why it 01:12:27.600 --> 01:12:33.200 was happening, and how they could prevent it. They were basically saying, oh yeah, 01:12:33.200 --> 01:12:38.720 we had plans for these songs. We had plans for Terrorize. It was gonna be a big thing ‘cause 01:12:38.720 --> 01:12:43.680 so many people wanted the song. That was — they basically just all — cancelled all of that because 01:12:43.680 --> 01:12:48.760 it was — the potential for it to leak early was there, so they cancelled all of those plans. 01:12:48.760 --> 01:12:54.080 JACK: Yeah. If you go on Major Lazer’s Spotify or YouTube channel, there is no such song as 01:12:54.080 --> 01:12:59.120 Terrorize. Collie Buddz didn’t release it either even though he sings in it. The song 01:12:59.120 --> 01:13:04.080 never got released despite there being quite a decent amount of people really looking forward 01:13:04.080 --> 01:13:11.760 to it. I guess this is why it got cancelled. The hackers ruined it. But if you’re curious what the 01:13:11.760 --> 01:13:20.400 dolphin sounds like in it, here you go. [MUSIC] This is actually a remix of it I found. The one 01:13:20.400 --> 01:13:25.600 that got leaked was a little different. But it’s wild that this totally unreleased Major Lazer song 01:13:25.600 --> 01:13:30.720 is out there in the world for anyone to listen to, but because it wasn’t an official release, 01:13:30.720 --> 01:13:36.160 it doesn’t have many plays, and it’s not an official song by Major Lazer. It could have been 01:13:36.160 --> 01:13:41.520 a hit. Major Lazer has three songs on Spotify with over a billion plays, and Collie Buddz is pretty 01:13:41.520 --> 01:13:48.240 popular, too. A reggae dubstep crossover song? That’s a great idea. But it was never released. 01:13:48.240 --> 01:13:53.760 The project permanently halted. How odd, you know? Just to think, an early version of a song 01:13:53.760 --> 01:13:59.501 that gets leaked too soon, it upsets the label so much that they just give up on the song entirely. 01:13:59.501 --> 01:14:04.560 PROFESSOR DUBSTEP: A album that was being worked on at the time, Music is the Weapon, 01:14:04.560 --> 01:14:09.840 that was cancelled, too. Well, not cancelled outright, but really delayed. It only came out 01:14:09.840 --> 01:14:15.760 in something like 2020, 2021, which was four years after all these incidents. But we were 01:14:15.760 --> 01:14:19.840 basically just talking with each other trying to come up with these plans of how can we prevent 01:14:19.840 --> 01:14:24.400 these things from leaking? We want to help you to figure this out because we know these people 01:14:24.400 --> 01:14:28.960 that are involved with this. These legal teams are coming up with these ridiculous plans. Like, 01:14:28.960 --> 01:14:35.920 oh, well, we’ll fly Spintire out to New York and we’ll take him to dinner and we’ll hand him 01:14:35.920 --> 01:14:42.000 $30,000 in exchange for his hard drives, and then that will secure our files. I was telling — trying 01:14:42.000 --> 01:14:48.400 to tell him, no, that will not work. He’ll just make a copy of it. That’s ridiculous. 01:14:48.400 --> 01:14:52.000 They were not having it. They were saying, oh, well, this definitely seems like the best 01:14:52.000 --> 01:14:57.520 idea to me. I was like, no, no, please, no, don’t do that. I’m not sure if they actually 01:14:57.520 --> 01:15:01.640 did that in the end or if they realized that it was not gonna help their case. 01:15:01.640 --> 01:15:06.800 JACK: Well, did they know that you had the hard drives full of stuff, too? 01:15:06.800 --> 01:15:13.040 PROFESSOR DUBSTEP: Well, that’s the thing. Me, I didn’t download all the things. I’d pick and 01:15:13.040 --> 01:15:18.960 choose a couple of things here and there, but a lot of it was kind of just not so interesting. 01:15:18.960 --> 01:15:22.960 JACK: The thing is, Professor Dubstep enjoyed listening to early dubstep tracks, 01:15:22.960 --> 01:15:25.421 but that wasn’t the driving motivation for all this. 01:15:25.421 --> 01:15:28.800 PROFESSOR DUBSTEP: Personally, I’m not really a raving fan. I was just more interested in 01:15:28.800 --> 01:15:32.880 being able to break these things down and look at the production process ‘cause it 01:15:32.880 --> 01:15:38.800 could help me to learn how to make better music myself and see how it was being done, 01:15:38.800 --> 01:15:45.520 how the billboard top 100 stuff was being made, and I could use that to 01:15:45.520 --> 01:15:49.600 help me create better things myself. It’s a valuable learning resource. 01:15:49.600 --> 01:15:55.520 JACK: Hm, I feel like that’s a stretch, you know? You could go on YouTube and watch 01:15:55.520 --> 01:16:01.040 people making music and learn from them. You can hang out at groups and circles, 01:16:01.040 --> 01:16:05.920 other garage bands or whatever the case is and be like, how are you doing it? Oh, 01:16:05.920 --> 01:16:11.840 wow, that’s an interesting method. But you’re like, hm, I think I’ll hack into 01:16:11.840 --> 01:16:22.381 Diplo’s Dropbox to learn on my own. Thanks, I’m good. It’s quite a different path to learning. 01:16:22.381 --> 01:16:26.960 PROFESSOR DUBSTEP: Yeah, I see your point, but at the same time, it’s kind of unprecedented 01:16:26.960 --> 01:16:33.960 that you can go into a project file and look at the entire start-to-finish process of it. 01:16:33.960 --> 01:16:39.840 JACK: The entire project files were in these folders, all the effects, samples, 01:16:39.840 --> 01:16:44.480 everything that was used to make the song. See, most of this music is made in a DAW, 01:16:44.480 --> 01:16:49.040 a digital audio workstation. So, that might be tools like Ableton Live, Adobe Audition, 01:16:49.040 --> 01:16:53.600 or Pro Tools or something like that. These were the tools that you’d have to use to view how 01:16:53.600 --> 01:16:58.800 these songs were made, and Professor Dubstep had these tools to examine it all. Not only 01:16:58.800 --> 01:17:03.360 could they break apart the song, isolating tracks and sounds to see how it was composed, but there 01:17:03.360 --> 01:17:10.160 were different versions of the same song, too. They could see how the song evolved over time. 01:17:10.160 --> 01:17:15.840 What an amazing thing to explore for someone who wants to make electronic music as their career, 01:17:15.840 --> 01:17:20.880 to be able to study how the pros do it in such detail. You never get to see 01:17:20.880 --> 01:17:25.200 these behind-the-scenes bits. Even me as an up-and-coming podcaster, 01:17:25.200 --> 01:17:29.680 I would have loved to get my hands on the full project files for This American Life or some show 01:17:29.680 --> 01:17:33.440 that I was really inspired by. It would have been huge, and I bet it would have helped me 01:17:33.440 --> 01:17:38.160 understand the complexities and details of how all this gets put together. But not only that, 01:17:38.160 --> 01:17:43.840 but to see such a variety of songs and musicians’ project files — it really puts them in a unique 01:17:43.840 --> 01:17:49.280 position to have such a close and upfront understanding of how all this music was made. 01:17:49.280 --> 01:17:53.840 PROFESSOR DUBSTEP: You have to know some in-depth music stuff already to be able to 01:17:53.840 --> 01:17:59.360 figure out what you’re even looking at. The fact that I’ve been able to look at all this and take 01:17:59.360 --> 01:18:07.352 some insight from it that can help me later on is basically invaluable. It’s priceless. 01:18:07.352 --> 01:18:10.800 JACK: I just imagine Professor Dubstep in some music class where the teacher’s like, 01:18:10.800 --> 01:18:14.400 here’s the proper way to use this effect. They’re just like, uh, no, 01:18:14.400 --> 01:18:20.480 that’s not how Skrillex does it or Diplo or Major Lazer or Excision. Oh, yeah? Well, 01:18:20.480 --> 01:18:26.960 how do you know? Oh, never mind. Carry on. Anyway, it took them a lot of convincing, 01:18:26.960 --> 01:18:30.480 but they were finally able to get the legal team to fix all the problems. 01:18:30.480 --> 01:18:37.120 PROFESSOR DUBSTEP: The end of 2016 was the final — called it quits and stopped doing all this hacking 01:18:37.120 --> 01:18:43.680 stuff, which — it’s not right to call it hacking, really. It’s not even on script-kitty level. It’s 01:18:43.680 --> 01:18:52.160 just searching through things and using logic to try and figure out passwords. It’s not really 01:18:52.160 --> 01:18:58.640 like complex hacker stuff. It’s just — I don’t know a good word to use to describe it, but… 01:18:58.640 --> 01:19:03.040 JACK: I’ve been thinking for a good word to use here this whole episode, myself. ‘Thief’ 01:19:03.040 --> 01:19:07.280 and ‘stealing’ isn’t quite right because the original copies are still there. I feel like 01:19:07.280 --> 01:19:12.080 for it to be stealing, you need to rob the person so they don’t have that thing anymore. If you post 01:19:12.080 --> 01:19:15.840 something online and someone makes a copy of it, that’s not stealing. That’s just downloading a 01:19:15.840 --> 01:19:20.560 copy. That’s what they did, often just downloading copies of things that had public links to it. Was 01:19:20.560 --> 01:19:27.360 it supposed to be public? No, but was it? Yes. So, the term I think that best describes this 01:19:27.360 --> 01:19:34.400 is exfiltration. They exfiltrated files that were not meant for public consumption but weren’t very 01:19:34.400 --> 01:19:40.781 well protected. To me, this has the right ring to it. Professor Dubstep, professional exfiltrator. 01:19:40.781 --> 01:19:46.400 PROFESSOR DUBSTEP: But yeah, fast forward to 2019, and I’d just finished college. I 01:19:46.400 --> 01:19:52.080 did a music course at college. I had left all this stuff behind. It was all kind of calmed 01:19:52.080 --> 01:19:58.000 down. Nothing was leaking anymore. No accounts had been compromised. Well, not by me, anyway. 01:19:58.000 --> 01:20:03.920 I kind of thought, I’ll find out what the old people were doing in modern day. I had a chat 01:20:03.920 --> 01:20:11.360 with Shane. I had a small talk with Arnie. Shane was still going on with the stuff, 01:20:11.360 --> 01:20:19.120 from what I could gather. Arnie had moved away from doing it and he’d got — I think — I’m pretty 01:20:19.120 --> 01:20:24.640 sure he went to work for the FBI and got security clearance, top security clearance for something 01:20:24.640 --> 01:20:31.280 or other. Other people in the xTrill crew, some of them had got raided. Some of them had gone to 01:20:31.280 --> 01:20:36.640 join the military and things like that. Everyone had gone off to do different things apart from 01:20:36.640 --> 01:20:43.520 the one guy who had got in the most weird and awkward situation possible. Spintire had gone 01:20:43.520 --> 01:20:51.360 from being the seller and the leaker of so many hundreds of gigabytes of data — he’d gone from 01:20:51.360 --> 01:20:56.200 leaking these Skrillex demos and trading them to being on Skrillex’s production team himself. 01:20:56.200 --> 01:20:57.501 JACK: Whoa. 01:20:57.501 --> 01:21:03.680 PROFESSOR DUBSTEP: And was now technically Skrillex, because — yeah, and with that, 01:21:03.680 --> 01:21:06.000 Skrillex is one of the ones that is ghost written, 01:21:06.000 --> 01:21:11.280 ghost produced. He’s not real. He’s just a face, a brand. 01:21:11.280 --> 01:21:13.680 JACK: So, you’re saying a lot of Skrillex’s music 01:21:13.680 --> 01:21:17.645 today is made by someone else and then Skrillex just puts their name on it. 01:21:17.645 --> 01:21:19.040 PROFESSOR DUBSTEP: All of it. JACK: All of it? 01:21:19.040 --> 01:21:24.880 PROFESSOR DUBSTEP: Yeah, there’s a team of — in 2019, the team was at least five, 01:21:24.880 --> 01:21:30.187 six people putting together these songs, and that’s what it’s always been, really. 01:21:30.187 --> 01:21:36.960 Skrillex’s first release in 2009 and 2010, like Scary Monsters and Nice Sprites, his first ep, 01:21:36.960 --> 01:21:43.760 was ghost produced by Noisia to, well, quite a large extent. Maybe not entirely, but a large 01:21:43.760 --> 01:21:50.080 portion of his sounds over the years have come from other people putting it all together. So, 01:21:50.080 --> 01:21:56.880 yeah, this ghost producing runs deep in this scene. So many of the big players are fake. 01:21:56.880 --> 01:22:01.840 JACK: Alright, I can’t find any article saying that Skrillex doesn’t make his own music. 01:22:01.840 --> 01:22:06.640 Musicians collaborate all the time with other musicians to make music. That is no surprise, but 01:22:06.640 --> 01:22:12.080 the allegation here is that these musicians aren’t crediting the people who helped make the song. So, 01:22:12.080 --> 01:22:17.200 while you think it was them who made it, it really wasn’t. Skrillex is known for being very hands-on 01:22:17.200 --> 01:22:22.000 with his music, but there are some well-known cases where other big-time musicians have been 01:22:22.000 --> 01:22:27.360 accused of taking someone else’s music and calling it their own without giving proper credit. So, 01:22:27.360 --> 01:22:31.680 this is known to happen. Honestly, I don’t know what to think of that. On one hand, 01:22:31.680 --> 01:22:36.080 if an EDM musician is just playing someone else’s music, that’s called being a DJ, 01:22:36.080 --> 01:22:41.920 and it’s a bit of a stretch to say you made this music. But on the other hand, what do I care if 01:22:41.920 --> 01:22:46.480 you really wrote this song or had someone else write it for you and you just put your name on 01:22:46.480 --> 01:22:52.480 it? The music is what matters. It’s fascinating to me, though, because I’m endlessly obsessed with 01:22:52.480 --> 01:22:57.680 the dark parts of the internet, and this digital underground is bustling with activity but with 01:22:57.680 --> 01:23:13.017 hushed tones, and it’s all right under our noses. It’s a world we rarely see, but sometimes hear. 01:23:13.017 --> 01:23:15.280 (OUTRO): [OUTRO MUSIC] A big thank you to Professor Dubstep for sharing 01:23:15.280 --> 01:23:19.280 this story with us. This episode was made by me, the AI adventurer, 01:23:19.280 --> 01:23:24.560 Jack Rhysider. Our editor is the code conjurer, Tristan Ledger, mixing done by Proximity Sound, 01:23:24.560 --> 01:23:28.880 and our intro music is by the mysterious Breakmaster Cylinder. Ultra Miami, 01:23:28.880 --> 01:23:34.480 your circuits are about to be blown, because next up is an unreleased track by the legendary 01:23:34.480 --> 01:23:40.160 Breakmaster Cylinder. Overclock your headphones. Compile your grooves. It’s time to execute some 01:23:40.160 --> 01:24:38.000 killer dance moves. No lag. No latency. Tonight, we reach peak bandwidth. This is Darknet Diaries. 01:24:38.000 --> 01:24:40.960 [MUSIC]