All Episodes

October 7, 2021 25 mins

A hacker steals pretty much everything Twitch has. Facebook tries to downplay a whistleblower's allegations. And someone has taken over a US Navy Facebook page.

Learn more about your ad-choices at https://www.iheartpodcastnetwork.com

See omnystudio.com/listener for privacy information.

Mark as Played
Transcript

Episode Transcript

Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Welcome to tech Stuff, a production from I Heart Radio.
Hey there, and welcome to tech Stuff. I'm your host,
Jonathan Strickland. I'm an executive producer with I Heart Radio
and I love all things tech. And this is the
tech news for a Thursday, October seven, twenty twenty one.

(00:24):
And before I get to the news, uh, I need
to issue a correction because I totally bungled something in
yesterday's episode. So if you've already listened to that one,
there was you know, I was talking about space navigation
in that episode, and I made a dumb mistake on
my part, totally me and then I doubled down on it,

(00:45):
which made it worse. But fortunately Twitter user Charlie Tango
Bravo pointed this out to me. And the issue was
I was describing the inverse square law, and what I
said was that the intensity of a signal goes down
by half upon the square of the distance. This was
a complete misunderstanding on my part about the inverse square law.

(01:08):
I mean, yes, the strength of a signal decreases over distance,
but not that's not the relationship. Anyway. I could have
avoided this entirely by just taking a little bit more
time to make sure I understood the inverse square law
before I included an explanation of it in my podcast.
So again, this is all on me, and that stinks.

(01:31):
I never want to get something wrong, and of course
it's even worse than I could have avoided it if
I had just been a little more careful, so my
apologies to all of you for that. It also means
that the example I gave was fundamentally wrong. I have
recorded an updated segment that Tari is putting into yesterday's episode,
so that doesn't solve the problem for everybody who's already

(01:52):
listen to it, but it does mean that at least
in in the future, should someone be going back and
pulling up that episode, they won't have the wrong definition
and explanation in there. And again thanks to Charlie Tango
Bravo for the heads up. Uh and I I'll try
to do better. I'm gonna make mistakes. I just hope
they're not as embarrassing as that one. But let's get

(02:14):
to the news. First up, A hacker pulled more than
a hundred gigabytes of data down from Twitch, the video
streaming service that Amazon owns and caters, primarily to gamers.
That data included source code for the platform itself, so
like the actual code that Twitch runs on. Uh. It
included records showing how much top streamers were making due

(02:37):
to the platform. So we're talking about, you know, like
top performers making millions of dollars. Not all that information
was you know, new necessarily, but it was all in
one place. So a lot of people have been shocked
by that. Also, stuff like user data, including potentially encrypted passwords.
Now passwords being encrypted, that's a good thing. It that
means that, you know, you can't just immediately read them.

(02:59):
But however, with enough time and effort and a sufficiently
powerful computer system, you can break encryption. It's just a
question of how good was the encryption That will tell
you how long it will typically take for you to
break it. And for that reason, a lot of folks,
including myself, are suggesting that anyone who has a Twitch
account should go in and change their password. Hopefully you're

(03:21):
not using the same password on Twitch as you are
for other sites, because that could potentially mean that all
of those accounts are now vulnerable to right, because if
the hackers and all the people who are purchasing this
information on the you know, digital black market. If they
are all aware of the password you used and use

(03:41):
it everywhere, well, now you've just you know, you've handed
a skeleton key to people who just need to try
it in all the different locks. While you're at it,
while you're changing your password on Twitch, you should probably
also go ahead and activate two factor authentication. That way,
should someone ever get your password, they would still need
your phone before they could access your account. So it's

(04:01):
a good thing to have that active. Uh. It appears
that the hacker was taking advantage of a vulnerability that
was created when Amazon was doing some reconfiguration of Twitches servers.
We've seen a couple of examples of server reconfigurations leading
to big issues. In this case, it created an opportunity

(04:22):
for a hacker to attack. In Facebook's case, it led
to a situation where the internet essentially forgot that Facebook
and all of its services existed for like six hours.
So it really does tell us that you know, these processes,
even when they are routine and mundane, you have to

(04:42):
do them with a lot of care or else you
can introduce some pretty big problems. Facebook founder Mark Zuckerberg
attempted to downplay some statements that were made by the
whistle blower and former Facebook employee Francis Hogan that she
was making to the United States Senate. Zuckerberg said that

(05:02):
the research Hoggan was citing had been taken completely out
of context, and that it was painting a misleading portrait
of what Facebook is, and he should know because he
and other Facebook executives have made it kind of an
art form to present, let's call it a highly curated
image of Facebook, highlighting stuff that appears positive and then

(05:26):
downplaying or even ignoring stuff that's negative, and meanwhile the
entire time claiming that the company is operating in a
transparent way. At one point, when The New York Times
published an article that showed how Facebook was being selective
to choose, you know, what kind of data to report
and what data not to report, a Facebook spokesperson brushed

(05:48):
it off and said, we're guilty of cleaning up our
house a bit before we invited company. Okay, so here's
the thing, though, Um, that's not what transparency means. Transparency
doesn't mean let's just show you the pretty stuff. That's
not transparency Facebook. Well, anyway, I suspect we're going to
see a lot more scrutiny into the company in the
weeks to come, and probably more examples of spin and

(06:11):
damage control from the company as well. But I think
tolerance for Facebook's shenanigans is at kind of a low
point right now. I'm not saying it can't go lower.
It might, but um, yeah, I think Facebook is kind
of treading on thin ice at the moment. I think
the government is of the United States in particular, is

(06:32):
UH is kind of gearing up to to lay the
smack down on Facebook, and the same is true in
other parts of the world. By the way, all right,
let's get back to hoggins testimony for a second. At
one point, she talked about how Facebook's algorithms have exacerbated
xenophobic rhetoric and made dangerous situations a whole lot worse

(06:53):
in different parts of the world. One of the things
you refer to was the coup in Myanmar, the military cue,
and how face books algorithm pushed posts that turned the
dial up with calls for things like ethnic violence within
that country. And she also warned that the same thing
is kind of unfolding now in Ethiopia. Researchers with the

(07:14):
human rights organization Global witness back up that statement. They
conducted a study in the mean Mar case. They actually
looked to to a Facebook page that was a page
dedicated to Myanmar's military, and that page didn't have any
violations to Facebook's policies on it. They then liked that
page to see what would happen next, and then Facebook

(07:37):
started to suggest other pages that they might want to follow,
and among those pages there were a bunch that had
abusive content in them, stuff that was calling for like
violence against specific ethnic minority groups. And even if you

(07:57):
start from a place that doesn't violate Facebook's terms of service,
it does not take long for stuff that is not
playing by the rules to pop up, promoted by Facebook itself.
I mean, you wouldn't necessarily even know it existed except
for the fact that Facebook's algorithm is suggesting it to you.
So this can quickly lead to a situation where a
person sees frequent posts calling for violence or discrimination or

(08:19):
promoting harmful and hateful ideologies, and it gets reinforced with
every visit to Facebook. And now, I don't think anyone
would go so far as to say that Facebook is
the root cause of these problems. That is far too simplistic.
It's just not reflective of the truth. But I think
it's fair to say that Facebook is acting like an amplifier.

(08:42):
It's taking a signal and boosting it. U S Senator
Elizabeth Warren and House Representative Deborah Ross have introduced proposed
legislation that they're calling the Ransom Disclosure Act, So they're
calling for companies to have a legal obligation reveal when
they have paid off a ransom as a result of

(09:04):
a ransomware attack. Now, if you've been listening to my
show for a while, you know I mean I I've
beaten this dead horse so many times that I always say,
never pay the ransom, because paying a ransom means you're
sending the signal this criminal activity is profitable that encourages
future attacks both against you and other entities. Plus, you

(09:27):
can never guarantee that the attackers will actually return to
you whatever it is that they have locked down, just
in case. Ransomware is something you're not really familiar with. Typically,
this involves hackers gaining access to a system and then
they will encrypt large amounts of data and file folders
and things like that in the system. So without a

(09:50):
decryption key, without a way to reverse that process, all
that data becomes unusable. It's it's it's gibberish, so you
can't do anything with it. Um. Now, there are some
different variations on this attack, but they all basically boiled
down to a hacker trying to make critical systems or
data inaccessible to the rightful owners. And then the hackers say,

(10:13):
fork over the money, usually in the form of cryptocurrency,
and then we'll hand you the decryption key so that
you can get all your stuff back. So this bill,
if passed into law, would require companies to disclose any
ransom payment they made to hackers within forty eight hours
of having made that payment, including how much they paid

(10:36):
and in what format they paid it in. I imagine
that if this bill does become law, it will discourage
companies from trying to quietly handle these sorts of matters
in the hopes that no one finds out about it,
because if the government does find out that a company
paid a ransom and that it did not comply with
the rules, there's going to be some pretty serious consequences. Uh.

(11:01):
Of course, this has not been passed into a law,
it may never make it to a law, but is
interesting to see the proposal over in Europe. A majority
in the European Parliament voted on a band throughout the
EU with regard to police using facial recognition surveillance to
identify people who are not suspected of committing a crime.

(11:22):
And as we've seen many times through lots of different studies,
facial recognition technologies are incredibly prone to bias. Bias tends
to disproportionately affect people in ethnic minority groups, and the
European Parliament also released a statement that said, at least
in part quote, to respect privacy and human dignity, m

(11:43):
EPs ask for a permanent ban on the automated recognition
of individuals in public spaces, noting that citizens should only
be monitored when suspected of a crime. Parliament calls for
the use of private facial recognition databases like the clear
View AI system which is already in use, and predictive
policing based on behavioral data to be forbidden end quote.

(12:07):
And we've seen a growing concern around the world regarding
how various authorities, particularly in law enforcement capacities, have been
relying upon facial recognition technologies and how the technology can
cause harm to innocent people. Even if everyone's using the
tech correctly, the tech itself can just be wrong. So

(12:27):
that's assuming if you're using it correctly. That's a big assumption.
There are a lot of cases where people are just
not using tech the right way. I'm sure you've encountered
this just in general. Well, when you're talking about people
in positions of authority who are using that to be
part of a surveillance package on citizens, that becomes an

(12:49):
incredibly dangerous situation, one that can lead to an authoritarian
police state, uh and a lot of human rights being
violated in the process. So I think this is an
important point and something that I'm seeing pop up in
other places around the world. Well, we have a few

(13:11):
more stories to go through, but before we get to
any of those, let's take a quick break. BlackBerry, which
is a name I've not heard in a long time,
A long time anyway. BlackBerry has a research team that

(13:35):
reports that it discovered a Chinese state sponsored hacker group
that was using three different fishing schemes, all targeting companies
and individuals in India. The BlackBerry researchers say that it
looks like the hackers were operating both as spies, so
conducting espionage on behalf of the Chinese government and also

(13:57):
pursuing quote financially motivated operations end quote. So you know,
tricking people out of money and stealing and also spying
on behalf of an authoritarian government. You know the usual.
The name of this hacker group is APT forty one,
and they lured in targets by sending out messages claiming

(14:17):
to be related to official matters like you know, taxes
or COVID nineteen measures. These are common tactics, right. You
You set the bait by picking something that is likely
to get a reaction from your target, something that that
they would be concerned about. If you send them a
message saying, hey, you know, we found some money that

(14:39):
we owe you in taxes because you overpaid, a lot
of people are gonna think, oh awesome and just open
that up, right, very common tactic, or sometimes they pray
on fear. Right, They say, it looks like you underpaid
and if you don't pay this fee, then you're going
to end up facing jail time and you're scaring them

(14:59):
into a opening up the the attachment, which typically has
some form of malware on it, or it lures you
into sharing information you really shouldn't. The researchers showed that
these hackers weren't being particularly careful about disguising the fact
that a single group was behind the different fishing schemes.
They were kind of using some of the same assets

(15:20):
across the three different types of attacks. And they also said, like,
there's not a whole lot they can do in these
cases because you know, it's a it's an organization that's
within China. It's you know, kind of you know, untouchable.
So the best thing to do, you know, you can
start to try and block IP addresses and stuff, but
there are ways around that. So the best thing to

(15:40):
do is to raise awareness in as many people as
possible to try and decrease the number of positive attacks.
If you can make it to the point where hackers
just aren't getting that many hits, you can get it
to a point where where the return on investment is
so low that there's no point and even bothering. Uh,
it's unlikely to ever reach that point, but it's a
good gold strike for In past episodes, I've talked about

(16:03):
the Pegasus software that's you know kind of it's really malware.
It's software that uses a zero click attack through iOS
and I Message. In particular, Apple includes I Message by
default in all iPhones. You cannot uninstall it, at least
not under normal conditions, and I Message will automatically accept

(16:23):
any messages sent from other iOS devices that have sent
a message to that phone's specific phone number. So really
you just need your Targets phone number, and you need
an iOS device that has the Pegasus software on it,
and you can send an attack that effectively turns your
Targets phone into a spying device. It can give you
access to stuff like that phone's camera and microphone. Essentially

(16:47):
you can operate the phone as if you were in
direct possession of it. It's a powerful malware tool. This
product comes from an Israeli company called n s O Group,
and they say that the purpose to the malware is
to give governmental authorities their customers a tool to infiltrate,
you know, like criminal and terrorist organizations. You use this

(17:09):
when you're doing like a sting operation. But you know,
it doesn't really matter what the company says the tool
was intended to do. It actually matters how people really
use the tool. So the whole thing was to set
up the fact that a UK judge has said that
Sheik Mohammed bin Rashid al Maktoum, the ruler of Dubai,

(17:31):
used Pegasus to infect the phone belonging to his ex wife,
the Princess Hya bin al Hussein. And I should also
add that he targeted, according to the judge, her entire
legal team. And this was all during a very acrimonious
custody battle between the Sheik and the princess over there

(17:52):
their two children. Um So the UK Judge Andrew McFarlane
factored this into his ruling on that case. Now, that
whole judgment was done a year ago, but it was
held in private. It was it was under lock and
key for a full year before being published this year.
The chik has subsequently denied the allegations and also argued

(18:16):
that the court didn't actually have the authority to share
that kind of information anyway, and also heads of foreign
state or exempt from inquiries into the legality of their actions.
That doesn't really say to me, hey, I totally didn't
do that thing you accused me of doing. And the
story actually gets worse from there, but it also gets
away from the tech angle. So I'll just say there's

(18:36):
a lot more to it. But it's another example of
how a tool could be, you know, made to do
one specific thing and maybe that that effort was sincere.
But if people start turning it to another use, that's
still that's still a bad thing, right, Like you still

(18:57):
have to look at the company that's making the tool
and say, hey, you are propagating a piece of malware
that is causing an enormous amount of harm, And it
doesn't really matter what your intent was anyway. Have you
ever found yourself waiting into a flame war on Twitter?
Maybe you got your dander up and you jumped into

(19:18):
a hotly contested thread before you really thought it over.
Maybe you even did it by accident. You were just
replying to someone cheekily and then it blew up in
your face, and maybe you regretted it afterwards. Maybe you've
got all these different replies and retweets and stuff, and
maybe just going on Twitter now is stressful and upsetting. Well,
now Twitter is rolling out a feature to folks using

(19:40):
the Android and iOS Twitter apps that could help prevent
this from happening. The apps will now occasionally show prompts
when it looks like you might be engaging in a
Twitter thread that appears to be quote unquote intense. One
example they gave was a prompt that reads, let's look
out for each other and the mess our values make

(20:01):
Twitter better. And then they includes some reminders to maybe
convince you to act like, you know, a compassionate human being.
Like it says that, you know, chances are the person
who's on the other end of that Twitter handle is
a person that ignores the fact that there's like a
rampant bot problem on Twitter, but you know, you get it.

(20:22):
And it also says, hey, you know, we shouldn't ignore facts.
Facts are important. Facts are facts, and even if they're
inconvenient to our own perspective, we cannot just dismiss a fact. Uh.
It also says, yeah, having different perspectives is a good thing,
you know, Like you can get people who have different
perspectives having a conversation, and new ideas can develop and

(20:44):
people can be opened up to other points of view,
which is sometimes true. Essentially, what Twitter is trying to
do is to remind us not to go nuclear on
the platform, and I think that is good advice. But
I also think this is important for Twitter because social media,
your platforms can really come under fire if it looks
like they're facilitating stuff like hate speech and misinformation. Apple

(21:07):
has established a new policy that app developers will need
to follow starting January thirty one next year. Uh at
least any app developers who release apps that require users
to create an account of some sort. Apple wants all
of those kinds of apps to include an option to
delete user accounts if the user wants to do that.

(21:27):
Uh So, like if you just delete an app off
your phone, that doesn't delete your account, The account is
still sitting there on the servers of whatever developer I
created the app for you, and it's still holding all
that data, So you might want to close an account
out entirely. Apple wants that to be built into the
apps themselves, so that you're not just saying I'm not

(21:50):
just using this app anymore. You know, you're saying I
don't want to have an account anymore. The Verge has
pointed out that Apple's policy has some wiggle room in it.
For example, there's nothing thing that would stop a company
from routing any sort of cancelation request to a customer
service agent who then tries their best to talk you
out of canceling your account, which reminds me of every

(22:12):
experience I've ever had while trying to cancel cable service.
But I think that generally speaking, this is a good move.
It's not going to solve every problem, of course, but
it at least gives users a chance to make a
cleaner break when they decide they no longer want to
rely on a specific service. Speaking of Apple, I've talked
before about how a US judge has ruled that Apple

(22:34):
must allow developers who want to use a different in
app purchase option besides Apple's official one to be able
to do so. That's what the judges said. They said
that these developers, if they want to sell stuff within
their apps, you know, like a video game app, offering
things like character skins, that they are not required to

(22:54):
go through Apple's own system to do that. That Apple
should not require that to be the case. This is
at the heart of how Apple makes a ton of
revenue through the app store. It's not by creating apps,
but rather by taking a chunk out of you know,
taking a cut of up to like out of these
in app purchases. And a Dutch antitrust authority has made

(23:17):
a similar judgment against Apple. The authority has said that
the rules that Apple had in place are anti competitive
and that Apple must allow developers to offer their own
in app purchasing options if they want to. So it
looks like there's a growing movement to push back against
Apple's policies. South Korea made a similar ruling, which affects

(23:37):
not just Apple but also Google because Google does the
same thing. So we're starting to see more countries say,
you know, you can't do this. It's anti competitive and
it's harmful to developers who you know, are really reliant
upon those in app purchases to generate the revenue they
need to stay in business. Finally, someone managed to get
access to the Facebook profile page for the U S

(23:59):
n V ship the U S S Kid. The person
has used that Facebook profile to stream game sessions of
Age of Empires, a real time strategy computer game. Vice
dot com reports that whomever is responsible is h might
be good at guessing the Navy's passwords, but they are
not a good Age of Empires player, according to Vice,

(24:23):
and I checked the profile just before I started recording
this episode, and at least when I checked it, it
looked like the Navy had not re established ownership of
the page. But then again, nothing has been posted to
that page since October four. However, all those gaming sessions
were still up on the profile at the time of
this recording, which suggests to me that the Navy has

(24:45):
not regained control of that page yet, which makes me
wonder what's going on. I would think that Facebook would
respond to that. Maybe the Navy just has Maybe there's
just too much going on right, maybe they just haven't
sent the request yet. Well that's the news for Thursday,
October seven, two twenty one. And yes, I did just

(25:05):
have to look at a calendar because I had already
forgotten what day it was. If you have suggestions for
topics I should cover in future episodes of tech Stuff,
please reach out to me. The best way to do
that is on Twitter. The handle for the show is
text Stuff H s W and I'll talk to you
again really soon. Text Stuff is an I Heart Radio production.

(25:31):
For more podcasts from My Heart Radio, visit the I
Heart Radio app, Apple Podcasts, or wherever you listen to
your favorite shows.

TechStuff News

Advertise With Us

Follow Us On

Hosts And Creators

Oz Woloshyn

Oz Woloshyn

Karah Preiss

Karah Preiss

Show Links

AboutStoreRSS

Popular Podcasts

Dateline NBC

Dateline NBC

Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com

Las Culturistas with Matt Rogers and Bowen Yang

Las Culturistas with Matt Rogers and Bowen Yang

Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

© 2025 iHeartMedia, Inc.