Transcription performed by LeahTranscribes[Start of recording]
JACK: Hey, hey, it’s Jack, host of the show. I went to IKEA the other day to buy a lamp, and when I went in, I saw that they had a recall notice on the bulletin board. Their garlic press was getting recalled. They said that ten people got injured using it, and I think little metal bits would fall off and cut some fingers. So, they stopped selling it and were issuing full refunds to anyone who bought one. It made me think, hold on; [music] has this ever happened with computers? Like, has a store ever recalled a computer because it was dangerous? What does dangerous mean? There was a story that came out a few years back which was about a super-cheap gaming computer that was being sold on Amazon, but little did anyone know the computer came with malware on it. People who bought it would get their crypto wallets drained, their Steam accounts taken over, and their e-mail compromised. The computers were made in China and came shipped with Windows 11. But the thing is, the company didn’t want to pay for Windows keys so that they could sell the computers cheaper. So, they found a hacked version of Windows 11 installer, which would bypass the whole license key thing, but the problem is the installer would embed malware into the Windows install, so the seller didn’t even know it had malware on it. Amazon reviews started showing up; this computer is unsafe.
Don’t buy it. One star. More reports came in about people saying that their computers came with malware on it. I mean, if you got a new gaming PC and during the time you were setting it up, it stole your cryptocurrency, took over your e-mail, and stole your Steam account, how much would that hurt you? How dangerous is that? Would it hurt more than getting a metal sliver in your finger from a garlic press? I think so. Yet, as far as I know, computer shops such as Best Buy, Amazon, or wherever, never issue recall notices for computers or tech which are malicious. Retailers who sell defective items that are unsafe typically issue recall notices to buy back faulty items that are dangerous. [Music] But I just wonder if a computer riddled with malware doing enormous amount of harm to users will ever fall into the category of dangerous or faulty or harmful to retailers.
JACK: Today I’m so excited because I finally get to talk with D3ada55. It’s good to see you again.
D3ADA55: I know.
JACK: So, we started — we start — I met you at Defcon like five, six years ago.
D3ADA55: Like, one of my first ever Defcons, yeah.
JACK: It was your first Defcon, and you messaged me like, hey, you want to meet? Where — can we meet? I got something to tell you. I was like, yeah, where? This was back in the days where I actually checked my DMs at Defcon. Now it’s impossible for me to do that. So, I was like, okay, [inaudible]. This is what I’m wearing. Okay, cool. Then we sat down at a couch, and you’re like, okay, I got something. It was still hush-hush. I was like, what is going on here? You had — I won’t give names here, but you had a contact with somebody who you knew had a good story. Like, I can connect you with this person. I was like, great, and what e did. We connected and we had conversations. So, thank you for that. So, that’s where we first met, but then I just watched you have talk after talk, and I learned more about you. Like, at the time, you told me your name was D3ada55, and over time I’ve just learned that your name — you really should be called Badass, because you’re really — I think even back then you were working on all kinds of really cool projects. Do you want to give us a background of just like, your tech career?
D3ADA55: Yeah. I mean, it’s kind of — I’m very much the textbook definition of non-traditional background as far as technology is concerned. Like, I have an English degree. I went to Berkeley for rhetoric and propaganda. Like, it wasn’t…
JACK: So, you — okay, so, I heard that today because we’re here at CactusCon and I just heard your talk. But you did say that you have a degree in rhetoric and propaganda.
D3ADA55: Mm-hm.
JACK: Is that true or was that a joke?
D3ADA55: That’s legitimately basically what the degree was in. It was all about understanding argument, understanding like the rhetorical devices and tools. So, I hyper focused on the efficacy of propaganda from that. That actually is what informed — when I started looking at the topic of my talk, why I knew there was something weird about it. Like, it kind of touched that part of my brain, and I hadn’t really seen anything like this yet.
JACK: So, you — that was a career path for you; I want to go into propaganda.
D3ADA55: Well, more so I want to go to law school. Or, at least I thought I wanted to go to law school at one point, and then, you know, the Bay is expensive. Life is expensive. Then I built my first computer and I was like, oh, wait, I can do this for a job? Why was I not just doing that?
JACK: So, you got into tech, and then give us kind of a potted summary of some of the tech roles you’ve had.
D3ADA55: Yeah, so I’ve worked at some of the biggest names in security, so Palo Alto, Google, Apple. I’ve already been kind of around the valley, as they say, and now I’m over at CENSUS.
JACK: Yeah. What do you do at CENSUS?
D3ADA55: I’m a senior sales engineer, so not even like a researcher. I just do research for fun.
JACK: [Music] But the thing is, a few years back, D3ada55 discovered something that was like discovering something you weren’t supposed to see, a discovery which would send her down a rabbit hole that would take her years of research to get to the bottom of, and it all started at her dad’s house.
D3ADA55: Without giving away too much, he’s one of the senior people at his oil and gas company.
JACK: Okay. So, you go to visit him and…
D3ADA55: Yeah. So, my dad is very — I don’t want to say nonchalant, but he’s like — he’s chill, right? Like, he’s a very chill kind of person. So, for him to be excited, I was like, oh, well, what are you excited about? Like, you’re very deadpan. You don’t get excited.
JACK: Her dad was excited about all the channels and shows and movies that he could get on his TV now. He’s like, look at this. I got hundreds of movies, full series of all the latest TV shows, thousands of channels, sports, even pay-per-view wrestling matches. You like wrestling, D3ada55. You would love this thing.
D3ADA55: He’s telling me about it, and he’s like, yeah, it’s just 300 bucks. It just works. It’s called the SuperBox. Immediately I’m like, okay, this already sounds weird, but keep going. So, I asked, well, how does it work? He says, oh, it just works. That’s not what I asked you. I asked you, how does it work? So, my younger sister was also studying cybersecurity. She comes in and she says, oh yeah, the network’s been really slow at the house ever since those boxes came home. So, that was kind of my final red flag to be like, I’m gonna get one just to see what it’s doing.
JACK: Boxes.
D3ADA55: Yeah, boxes.
JACK: What?
D3ADA55: More than three.
JACK: Why does he have so many?
D3ADA55: Because they’re convenient. That’s how they get you.
JACK: Oh, are they all for each TV?
D3ADA55: Yeah, for each TV.
JACK: Okay. How did he get it?
D3ADA55: Somebody at his job told him he needed to get one really, really bad, so he got one.
JACK: She takes one home to look at it. She’s not a researcher, so she’s not sure where to start. She knows enough that she should quarantine this thing, though, so she put it in a separate network so it doesn’t learn about her home network or try to bother any of her other devices, and she puts it behind a firewall. Then she starts googling where to start. D3ADA55: It was the weirdest question I’ve ever asked out loud; how do I get PCAPs at the house? Because I had to figure out how to get packet captures off the thing, and I’m like, how do you do PCAPs?
JACK: The idea was that when she turns it on, she wanted to see where it would try to talk out to. Who does this thing communicate with? How does it send those packets? So, she learned how to do packet captures in order to watch this.
D3ADA55: I got one of those Packet Squirrels from Hak5, and I had laughed to myself because I remember when I first came into security and thought I was gonna be a badass hacker — I was like, oh, I’m gonna get all this stuff off Hak5. So, I had one, and I hadn’t ever opened it, and I learned how to use it, and that was my kind of inline packet captures.
JACK: So, she gets it all set up, turns it on, and just lets it do its thing, and she watches what it talks to.
D3ADA55: [Music] The first thing it does is call out to Tencent. Like, just straight…
JACK: Tencent is…?
D3ADA55: Like, in China, yeah, like qq.com.
JACK: Tencent is a massive tech company that owns QQ in China, and it’s not entirely unusual for something to be talking to it. So, at first I was like, okay, maybe this isn’t that bad, but then when you apply the rest of it — like, oh, you’re an oil and gas executive, somebody new told you to get this, the network’s running really slow, and this thing is talking out to China, right? It’s all of that, right? Individually those things don’t mean anything, but we — when we’re looking at this strategically or in a big picture, you’re like, oh, I see.
JACK: But maybe she’s connecting dots that aren’t there. So, she keeps looking for traffic logs.
D3ADA55: I’m kind of just watching the traffic, watching the traffic. I would turn them on for like a day, turn them off. I’m looking at logs. I’m kind of just trying to get a feel for what they’re trying to do. Then I get a hit in my vulnerability log, like in the threat log on my Palo Alto firewall, and it’s for a SCADA vulnerability.
JACK: A SCADA vulnerability. This makes no sense. SCADA is the control systems used in large-scale industrial settings. Think pumps, valves, conveyor belts, compressors, elevators, railway switches. This is where SCADA systems live. Why in the world is this box that’s here to deliver TV and movies attempting to trigger a SCADA exploit on D3ada55’ network? This is very concerning. So, she continues to look at the traffic this thing is sending. She notices it’s communicating hard with all the other devices on her local network. Typically, a streaming box will not care about what else is on your local network and only want to go out to the internet and get the content so that it can show it to you on your TV. But this box was super busy feeling around to see what else is in her network. Specifically, it starts arping out to any device in the same network as it. So, basically, ARP is when a device is like, hey, are there any computers on this network that have the IP 192.168.1.10, or whatever? If there is a device that has that IP, it’ll respond. It’ll say, yeah, that’s me. You want to chat? Here’s my MAC address. Then it gives the MAC address. So, this SuperBox was arping out to every IP in D3ada55’ network.
D3ADA55: I would say it was almost more of like an ARP DOS, because it was arping at things so hard that they would freak out and lose their IP address reservation. Yeah.
JACK: Really?
D3ADA55: Yeah, they were just so chatty, and that was also something weird to me, because normal devices, they’re chatty, but they’re not chatty like that, right? So, it’s this noisy thing on a network, it’s arping everything, it’s sniffing around. It’s just way too interested in things going on on my network.
JACK: So, this thing would ask, ‘who has this IP?’ and when the device with that IP would respond, then it would just continually ask again and again, thousands of times, flooding it with ARP requests until that device would get overwhelmed and go offline, which would then allow this SuperBox to pose as that device. It would change its own IP and MAC address to match that thing it just took down, which is such a wild attack to knock out other things and then pose as them to see if they are communicating with anything more juicy. Holy cow, this thing is scary. So, she keeps googling this thing to try to learn more. D3ADA55: It looks like it’s all been SEO poisoned because it’s the only place to buy the SuperBox. There’s no negative — like, you can’t even find Reddit posts even questioning anything about the SuperBox. The entire first page is where to buy and everything that’s great about it.
JACK: Now she’s getting curious. Who makes this thing? What brand is it? Where does it come from?
D3ADA55: [Music] One of the more common things a lot of us have probably done — we’re like, what’s this device? What’s its MAC address? Who makes it? I look into who makes it. It’s some weird looking, website templated, just strange-looking company called GBS Labs or something like that, and it’s basically a shell. Like, there’s stock photos on the site and just all kinds of the telltale signs of we stood this up to look just legit enough, not actually be legit. So, I look into them as a manufacturer. I’m finding fake LinkedIns and all kinds of stuff like that. So, I’m like, okay, this obviously isn’t real. So, I keep digging. I get worried because as I continue to kind of acquire boxes — I got a couple off Amazon, I got one from Best Buy, one from Walmart…
JACK: Whoa, whoa, whoa, these things are available at Amazon and Best Buy and Walmart?
D3ADA55: Yes, they are. Like…
JACK: You could buy a SuperBox right on these sites?
D3ADA55: Yeah.
JACK: Hold on a second. A bunch of pirated movies and TV shows sold in a box that you just plug into your TV and now you don’t have to pay for a cable or any movies, that sounds illegal.
D3ADA55: Yeah. I mean, it is, but they — even on the box itself, when you turn it on, it pops up a little disclaimer.
JACK: Here, I actually want to read to you the notice that pops up when you just plug this thing in for the first time. It says, thank you for choosing SuperBox. SuperBox is an empty and open entertainment device. Due to the nature of this item, we are not in any way responsible for the content streamed or viewed by any user. It is the user’s responsibility to satisfy themselves that the sites accessed for streaming the content to have correct copyright agreements in place and are entitled to the content. The burden of determining this falls completely on you, the user. SuperBox in no way takes any responsibility for how you use this device. Unbelievable. Does that even work?
Like, can you sell a box that markets itself for having thousands of pirated shows on it and movies but then put a disclaimer up that says, oh, we’re not reliable for anything that you do on it? I mean, they’re doing exactly that. So, in theory, no, it shouldn’t work, but in reality, yeah, it’s working since this is for sale on Amazon, Walmart and Best Buy’s websites. I should mention that Amazon, Walmart, and Best Buy aren’t listing this themselves. These are third-party marketplace areas of the site where anyone can go and set up a shop on those sites and start selling whatever they want. While these listings would get removed every now and then, they would just come right back up, listed by a totally different seller. Of course, eBay has them for sale too.
D3ADA55: So, as I start kind of looking around, I go into YouTube and I’m like, okay, SuperBox. So, I see a bunch of different influencers. They’re not like Linus Tech Tips, or, you know, some of these other bigger folks that have a huge following on YouTube. These are folks with sometimes 800 followers, sometimes fifty, sometimes, you know, 50k. One guy had pictures of motorcycles and his wife and pictures of food, and then just a hard right turn, and he’s now talking about SuperBoxes. I saw one kid who was talking about speakers, and then suddenly the SuperBox. So, I’m like, that’s really weird. So, obviously they had to be paying them. It took me a while to figure this out, but I went way back to a seven-year-old SuperBox video, and this one influencer was like, yeah, they contacted me, and they’re offering me 50% of the proceeds of every device that I sell if I talk about this.
JACK: Whoa. So, there’s SuperBox influencers out there, people paid to spread this thing? Gosh, this makes it a lot harder to control and stop this. If they’re being sold by random people just trying to make a few extra bucks, it’s almost like they have an army of marketers and salespeople.
D3ADA55: They start appearing in weird places. I start seeing it on TikTok. They’re on Facebook Marketplace. So, I start getting suspicious — even more suspicious because I’m like, this has to be a whisper campaign, because I’m not seeing it — like, I’m not watching cable television, and there’s like, an ad for the SuperBox. If that ever happens, I’m gonna just move out of the country at that point. But I haven’t seen that yet, but what I have been seeing is, oh, check out the SuperBox. Here’s YouTube Shorts about the SuperBox. Check out my Tiktok. Get it off my store. So, it’s spreading, and then I find out later that because of how they’re using the reseller market, they’re basically penetrating the suburbs everywhere to get these sold and get these out to people and get that kind of foothold across the United States.
JACK: Holy cow, these things aren’t just spreading; they’re spreading in specific places. Suburban families are getting them, and why there? Okay, let’s think about it. By targeting suburban families, it’s almost like a bottom-up approach to intelligence gathering. Don’t attack companies or even the government at the front door, where their strongest firewall and security control is set up. Don’t even come in through the back door. Instead, focus on the workers at their homes, because a lot of people bring their work home, and if they can jump off this thing onto a work laptop or find a VPN into the office from home, then bingo, they just gained access to the corporate network. Or even worse, it might hitch a ride in someone’s backpack or pocket and get plugged in at work. So, if this is a malicious device disguised to be a TV streaming box, then yeah, targeting suburban family homes in the US makes a lot of sense if your goal is to try to set up a large-scale attack against major US companies. Geez, that just gave me the chills. [To D3ada55] At that point, did you have any guesses as to who might be behind all this?
D3ADA55: So, that’s been kind of the weird part. I mean, obviously, if it’s talking to China, I just assumed China, but it does look like there’s a few layers to this. Still trying to crack the code, but a lot of folks here in the cybersecurity industry in the United States — of course, we’re very concerned about this because you can’t really detect them on a network unless you know what you’re looking at or know exactly where your things in your network live, and what the baselines are and what looks normal. So, if you’re not using it and it’s sitting there, your traffic is going to look normal. We all stream and everything, but what a lot of folks don’t know is that with traditional streaming services like a Netflix, a Hulu, whatever, when they ask you, are you still there? That’s the bandwidth control. So, it’s not just sucking up and chewing up the pipe. These don’t have anything like that. They’ll just keep going. Then when you factor in the residential proxy stuff, that’s a lot of bandwidth.
JACK: Oh, I see; if thousands of these are in homes across America, and those homes all have high-speed internet, that means these boxes have quite a lot of bandwidth at their fingertips. When you have control of that much bandwidth, there’s a lot of damage you could do with just that. So, at this point, it’s 2023. D3ada55 has really started to get deep into researching this thing. She learned that the operating system on this thing is just Android, and not Android TV, just Android.
D3ADA55: I looked at the Android information, and it was a patch from 2021.
JACK: Okay, so, a three-year-old operating system.
D3ADA55: At that point, yeah. it’s on purpose, because this was one of the ones that have a lot of holes in it. When we think about not-great Android patches that came out, 2021 was kind of a strange year for that. So, I’m looking at that and I’m like, okay, that’s super, super weird. I keep digging in. I’m looking at the box. I’m like, let’s look through the apps. Like, there’s TeamViewer on it, right? Like, why does it have TeamViewer?
JACK: TeamViewer? Okay, so, TeamViewer is a way to remotely manage a computer. It allows you to connect to that thing and control it as if you’re sitting right in front of it. So, with TeamViewer installed on it, that means that whoever is behind this has a dashboard at their fingertips of all the SuperBoxes out there with TeamViewer running, and with one click, they could just jump right into any of them. That’s horrible. Holy cow. The idea that someone is inside your home looking around in your network and you have no idea — no, no, no, no, I do not want this. Burn it with fire.
D3ADA55: Watching Reddit and stuff like that, and people are like, is this thing too good to be true? So, there was an account on Reddit that was created about — at that time, about four years ago, which lines up with kind of the initial timeline of everything we were seeing with this starting about 2019, 2020, and that account did not post a single thing for four years, and then it pops up just to say I’ve had the SuperBox for forever. I get NFL, MLB, you know, Sunday Ticket. Like, this is the best thing ever. Like, everyone should get one, and then it never posted again. So, they’re, of course, nudging it and trying to prop it up in places. I’m like, so this is — again, it’s spreading. People are talking about it, but I still have not heard a thing about it in the security community. So, I decided to do a talk on it initially, and that was my first ever technical talk at a hacker con. I was scared to even get up there.
JACK: So, she gave the talk at a BSides event, and the crowd was stunned with her findings. Her talk was so scary, I think everyone after the talk called home to see if their parents had bought one of these or installed anything like that. Which reminds me, I need to call my dad to see if he has one. Let me take a quick ad break real quick, but stay with us, because everything got way more serious after she gave that talk. Okay, my dad says he does not have one, but he says the guy at the gym has one, and he keeps inviting him over to come watch shows. [To D3ada55] Okay, so after that talk, what happened next?
D3ADA55: How can I put this without sounding crazy? Our government was very, very interested in knowing more. I can put it to you that way.
JACK: [Music] Okay. Yeah, word got out and an investigation was opened up, and they brought her in to learn more. If this is another nation trying to plant boxes in family homes across America with malicious intent, then the Department of Defense was interested in knowing more. But the thing was, because this was now an active investigation, it meant D3ada55 had to be quiet about this, so she wasn’t allowed to talk publicly about it. But it didn’t stop her from researching it further and talking privately about it. So, for years she continued to research it and gave talks, but every one of those talks had to be no cameras, no recording, no photos in order to keep this hush hush, and it’s been driving me crazy since I’ve been attending her talks for years, and I think it’s such a good story to get out to you, but she’s never been allowed to be interviewed for it. That’s why I’m so happy to finally, finally, finally get this interview to tell you her story. But as it turns out, this wasn’t the first time we’ve seen bad boxes.
D3ADA55: Human security and Google and all those guys had kind of done the stuff on the first bad box, and so — and they were sourced for a lot of the stuff on the second bad box. But we basically discovered that this thing was part of what’s now referred to as the BadBox botnet.
JACK: The BadBox botnet. So, we’ve been referring to it as SuperBox this whole time.
D3ADA55: Yeah.
JACK: Where’s BadBox come from? BadBox comes from the fact that there are just other Android streaming devices, and they’re actually a lot cheaper. This was actually an anomaly that I noticed when I was looking at the SuperBox. They’re like, anywhere from thirty bucks to maybe, like 100 at most. So, again, cheap devices, they’re kind of everywhere, they can get them out there pretty quickly. So, a lot of those made sense already infected. You know, the behavior looked the same once I started kind of like providing information and stuff. So, we all came to the determination that it should just be — it’s still BadBox, but it’s BadBox 2.0 even though we had shut down the first BadBox. So, yeah, it’s for any Android, basically, device that’s got malware or is beaconing out to interesting places, etc. But the SuperBox — my focus on it is because it’s $300 and the rest of them are $30. So, why is this one $300?
JACK: So, she gave the authorities all the information that she discovered about this.
D3ADA55: I provided network traffic, some logs, just things so that they could get an idea of what they were looking at, and they just kind of took it from there, so…
JACK: Okay, and then for your own — you didn’t stop with your own research.
D3ADA55: Oh, no, I was like, there were not even — we haven’t even scratched the surface.
JACK: I know.
D3ADA55: Like, I’m — you know, we’re still — at that point, I was just like, there’s still more. I know there’s still more because there were still so many unanswered questions. Like, okay, I get why it’s beaconing. I get that it’s talking to this IP, but, again, why? Why? So, I keep digging. [Music] I just keep digging, and I continue to dig, and I continue to dig.
JACK: She got obsessed with this box, and she knew she needed to skill up in order to research it better. So, she took some SANS courses, got her GCIA certification, upgraded her tools, and once again looked at the traffic this thing was sending. She saw that it was talking to a lot of domains ending in .top. Most websites end in .com, but not this box. It likes speaking to things in the .top domain.
D3ADA55: Which, we all know there’s nothing good for anybody at .top domain. That’s not for us.
JACK: Of course, it talked a lot to the .cn domains, too, which is clearly China. She studied protocols deeper, domains, IP addresses, analyzed the hardware and the company that makes it all, and she saw that this thing was just automatically downloading different apps and stuff for Android and was able to capture those and analyze those.
D3ADA55: So, that was new for me, too. I said, I worked at the SOC. I did my little alerts and like, okay, escalate. That’s all I used to do. So, to figure out how to decompile APKs was insane, but I figured it out, and I kind of started looking inside of them. I’m like, oh, that doesn’t seem right. You shouldn’t be sending that in clear text, or — you know, stuff like that. So, I mean, there was just so much smoke, right? I knew there was going to be fire.
JACK: Because this thing is running the Android operating system, it has the Google Play Store. But of course, that’s not where you’ll find the thousands of channels that it says it has. Instead, you need to basically rip out the Google Play Store and instead install something called the SuperBox App Store.
D3ADA55: What got me is when I tried to download the app store, and my firewall basically showed me that it was like a multi-layer encoded file. So, it was zipped up like six, seven times. So, that was weird, because that’s still not normal for an app store. If anything, you should just be using the Google Play Store; it’s an Android device. But they have their own app store that you had to download and install to get access to their piracy apps.
JACK: Their app store looked nice and polished?
D3ADA55: Oh, my god, it was — it’s pretty brutal. It’s weird because you click on it, it installs, it turns blue, which I thought was just kind of funny. I’m like, it’s — why is it blue? You click on it, and it just has the three apps in there. There’s nothing else in it. So, it’s only so you can, again, get access to their stuff, and they want it to look as legitimate as possible so people will use it. You’ll appreciate this; so, they’re all running Android Debug Bridge, which makes sense if they’re pretending to be an Android device, because it’s not an Android TV device. It’s just straight up Android, which is already weird from the other types of devices. This was super strange to me because there’s no authentication on it. I was able to connect just straight across the Android Debug Bridge, and then I just typed in, you know, ‘su’ for Switch User, and it gave me a root shell.
JACK: So, you have root access to the SuperBox?
D3ADA55: I have root access to the six that I have in my house, yeah.
JACK: Oh my gosh.
D3ADA55: Then I did finally dump the firmware, and there’s entire sectors missing off of the device. If you’re looking at, say, the structure, like the boot structure, there’s twenty-seven partitions, but you can only see fifteen.
JACK:What?
D3ADA55: Right. That doesn’t make any sense. It’s not normal.
JACK: That is strange.
D3ADA55: Yeah.
JACK: I just assume that if there are partitions on it but you can’t see them, then that means it has some sort of software deep inside it, and who knows what’s going on in there? What’s in those partitions, and how scary is it? Nobody knows.
D3ADA55: I’m also, at the same time, still digging into the shell company. They have these weird fake certificates of award to look legitimate. I’m like, what even is — is that supposed to be a certificate of authenticity? That’s basically what they’re putting out for the SuperBoxes to make them look legit.
JACK: Yeah. So, the packaging of this thing, you got a few, right? So, what is…?
D3ADA55: Oh, man.
JACK: Does it just look like a regular device, or is there anything silly about it?
D3ADA55: I mean, I look at it and I’m like, why does it look evil? It feels evil to me. Have you ever seen something and you’re like, I don’t like that? It kind of gives me those vibes. But it says 6k on the box.
JACK: 6k…
D3ADA55: Right? Like, what is 6k? I must have missed that memo between 4 and 8k. But yeah, it has 6k on the box. There’s even regulatory information printed on the box, but then we can’t find FCC information on it.
JACK: Okay, so, the regulatory stuff looks like it’s just made up.
D3ADA55: Yeah.
JACK: Yeah. Like, oh, we’re certified in all these things, but not really.
D3ADA55: Right, and again…
JACK: Well, that’s crazy. That’s illegal.
D3ADA55: Well, and so, the average everyday person, it looks like anything else they might buy. It’s got the regulatory information. It tells me what the product is. It says who makes it.
JACK: That seems highly illegal. The government’s not going to want you to put regulated — or, you know, certifications on there that aren’t, especially for some of the safe electronics out there…
D3ADA55: Exactly.
JACK: ….and make it safe for consumers. They’re just putting it on there and not…
D3ADA55: It’s not actually vetted. They’re just like, here you go. This is safe for consumers.
JACK: Okay.
D3ADA55: It’s ridiculous, and it just stays ridiculous. So, you know, just buckle up. [Music] There’s just so many glaring red — I would call them more like neon red flags, if that’s even a thing. I’m just — again, at this point — this is like the end of 2024 at this point. I’m just like, does no one else see this? Like, no one else sees this, really? So, I get into 2025 and that’s where it kind of like really started to take off. So, the BadBox PSA comes out in June. That was a huge deal.
JACK: Oh yeah, I saw that announcement. Let me pull it up for you. It’s titled Home Internet Connected Devices Facilitate Criminal Activity. Here’s what the FBI warning says. The FBI is issuing a public service announcement to warn the public about cyber-criminals exploiting IoT devices. Cyber-criminals gain unauthorized access to home networks through compromised IoT devices such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames, and other products. Most of the infected devices were manufactured in China. Cyber-criminals gained unauthorized access to home networks by either configuring the product with malicious software prior to users purchasing or infecting the device with back doors, usually during the setup process. Gosh, wow. So, the FBI put this warning out, but that wasn’t enough for them to get banned off of Amazon, Best Buy, and Walmart marketplaces, and even with this FBI warning, it wasn’t enough for D3ada55 to convince her father to get rid of it, either.
D3ADA55: He did, at least, unplug it.
JACK: Only when you’re home.
D3ADA55: Only when I’m home.
JACK: He probably plugs it back in when you leave.
D3ADA55: It’s just so frustrating.
JACK: Alright, so, how do you convince…? I imagine it’s my dad here or your dad here. What do you say to them? Say, do not do this? Because, what matters to them, right?
D3ADA55: Yeah.
JACK: So, you have to bring it to their level.
D3ADA55: Well — so, what was interesting — I think what got through to my dad was when I said, hey, if something goes wrong with this — and, you know, you’re in a pretty high position at your company — I mean, people were reporting their bank accounts getting hacked. Like, do you care about your money? Do you care about your retirement? Again, they’re looking at your credentials. They’re monitoring the network. They’re going to see when you’re logging into your bank, and they’re going to see when you’re doing things that we might all consider sensitive. If you don’t want that to now become a negative or get exploited or become a problem, you have to think about what you’re bringing home on the network.
JACK: Okay, you said someone’s bank account got wiped out from this thing?
D3ADA55: Yeah. Somebody — yeah, somebody reported on Reddit. They’re like, oh, they tried to hack our bank account, so put it on a guest network. Not stop using it. Just put it on a separate network.
JACK: Gosh, what are we even doing? Imagine you had some roommate that tried to steal money from your bank account every time you turned your back and was constantly spying on you. You wouldn’t just move them to the guest bedroom; you’d throw them out of the house. How is it that this thing can clearly be so dangerous, yet people still don’t throw it in the trash? It’s because it’s still proving value to them even after it’s an apparently dangerous and harmful device to have in your home. This puts me in deep thought, actually, on how to fix this. This isn’t a one off. It’s an industry trend, and it’s not even just an industry trend in cybersecurity. It’s a bug in human beings. We often ignore good advice. Like, we all know you should take your health seriously, eat healthy, work out five times a week, and get plenty of sleep.
Yet, most of us don’t do it. It’s not because we don’t know better. We all know better, and there’s nothing you should value more in your life than your own life. So, it’s not like there’s something more important to focus on. Yet, we still don’t take care of ourselves properly. This is what I think is a bug in human beings. We know what the right thing to do is, yet we still don’t do it. Here’s an example of this bug being exploited so perfectly. Even when the SuperBox rears its ugly head and shows us how dangerous and harmful it is, people still use it because they like getting their TV shows. [To D3ada55] To be clear, how do you feel about piracy?
D3ADA55: I mean, I personally do not care. That’s you and your business of — between you and your ISP. That has nothing to do with me.
JACK: Yeah, that’s not what you’re out here…
D3ADA55: No.
JACK: …saying is bad.
D3ADA55: Yeah. It’s the fact that like, to make it easier to have access to these things, because a lot of people do not have the technical know-how to potentially participate in sailing the internet high seas safely. This is a one stop, easy pre-box shop.
JACK: Can we talk more about who you were seeing getting these things?
D3ADA55: Yeah. So, I had folks reporting to me that they were getting them mailed to them at their house. [Music] I’m like, what? They work in oil and gas. They’re like, I didn’t order this. I’m like, yeah, definitely don’t plug it in. So, one of those got sent to me.
JACK: Wow. How scary is that, to have one mysteriously show up at your doorstep and you work in oil and gas? Man, this is a very serious and dangerous campaign. I already said this thing should be burned with fire, but now I think you need to take a sledgehammer to it first and then burn it.
D3ADA55: Of course, I’m seeing stuff on social media, kind of all the different platforms; like, oh, my parents got gifted one. My uncle was telling us about it. All the — again, it was lots of stuff like that. I had a friend in Sacramento tell me that he saw one of the single moms that is known in the neighborhood — she had them. I’m like, That’s so weird. Again, if it’s the gray money, I guess, and you want to make some extra cash on the side, it’s a great business. I mean, that’s…
JACK: I mean, if we look back at — I think it was the late 90s, early 2000s we had a similar thing where you could buy the — some sort of streaming box. It was a cable box, but it was like a…
D3ADA55: Like a black box, or whatever?
JACK: Yeah, it was jailbroken, and so, you would get free cable. So, this wasn’t sold by the moms in the neighborhood.
D3ADA55: Right.
JACK: This wasn’t sold by your — maybe your uncle, but…
D3ADA55: But it was some guy.
JACK: It was sold in the seedy parts of town.
D3ADA55: Yeah, exactly.
JACK: Or you had to know someone who knew someone who knew someone, and then make a deal with them to get your pirated — you know, your jailbroken cable box.
D3ADA55: Yeah.
JACK: That’s what this — this doesn’t smell the same. This has a different scent to it, because it’s people who are — the people who are selling it are almost like hustlers in some way…
D3ADA55: Yeah, exactly.
JACK: ….where they’re — they got like, six side businesses…
D3ADA55: Exactly.
JACK: ….and they’ve got a lot of free time.
D3ADA55: Mm-hm. It’s like a — there’s a weird profile overlap that I was noticing, because at first it was real estate agents. I’m like, okay, I could kind of see that. Then I’m seeing reports online where someone’s like, oh, my cable guy tried to sell me one. I’m like, your cable guy who just installed your internet is trying to sell you one of these boxes? Like, what? Then, of course, there’s the whole issue with just as you’re — you know, as we start looking at kind of the whole thing, I’m like, okay, well now I’m starting to see people — like you said, like five, six businesses, and they’re not tech savvy people. They’re just like, oh yeah, it just works. I’ve been using mine for two years. I don’t have any problems. They’re usually the ones that will go into a lot of these social media posts and naysay anyone trying to say anything negative about it. They’re ready to squash any negativity as soon as you try to post about it.
JACK: The marketing images of this thing is ridiculous. There’s one with a family sitting on a couch, which looks like a stock photo, and the SuperBox is oddly placed on the TV in front of them, and the mother is smiling, all happy with this thing, holding her daughter. Again, to me, this thing looks like it’s targeting suburban families.
D3ADA55: There’s a piece here that I don’t think we talk about enough in cybersecurity, and it’s really, truly the cyberpsychology of us as consumers, of us as practitioners, of everyone, really. So, we don’t have a culture of understanding, again, scams and stuff. We lose billions of dollars every year to pig butchering, fishing, all kinds of get-rich-quick schemes. Everybody wants to make a buck, or everybody thinks that, oh, I’m gonna — I’m no longer going to be a temporarily-embarrassed millionaire; I’m going to be a millionaire now. Or, I get to watch TV and I don’t see what the problem is.
JACK: Yeah, I want to — I was — at first I was going to push back and say, well, you know, we assume that the stuff we buy has already been vetted and secure and all that stuff…
D3ADA55: Absolutely.
JACK: ….or else it wouldn’t be in the store, because the store should have some sort of responsibility.
D3ADA55: There’s implied trust when you go to Best Buy, right? There’s a reason I’m not going to go stand out here on the corner and say, hey, does anyone have an iPhone 17 I can just buy real quick? I’m gonna go to Apple. I’m gonna go directly to Best Buy. So, again, as consumers, especially in the United States like you said, we go to Best Buy, we assume that what we’re getting is okay.
JACK: Okay. Well, let me ask you this; once the FBI warning came out, did all of the stuff evaporate off Best Buy and Walmart?
D3ADA55: Nope, it’s still there, and part of the problem is because they have very un-monitored third-party marketplaces. However, I did receive reports from other contacts that they had a parent that was able to get one off the shelf at Best Buy.
JACK: What?
D3ADA55: Which, I was like, how did that even happen? Because it’s very hard to get things on the shelf at Best Buy. But if there’s this other kind of influence of like, hey, let me slide you some cash in this envelope, secondarily, put this on the shelf at Best Buy. I can absolutely see that happening if we just think about humanity.
JACK: So, I mean, I want to assume that it did get wiped off of all these online marketplaces, but then it’s a cat and mouse game, and so, it just comes right back. There is a different seller selling it, and there’s another person, and maybe there’s tens or dozens or hundreds of people trying to get it back onto Amazon, and since Amazon has this sort of — anybody could come on and sell something, then it becomes very hard for Amazon to pop every mole on the head.
D3ADA55: Like police it, yeah.
JACK: Okay, so you feel like that’s what happened?
D3ADA55: I think that’s probably got a lot to do with it. I mean, the third-party marketplace thing — I still have questions about how Temu came out of nowhere and got two Super Bowl commercials the first year of its existence. But, yeah, looking at Amazon, I did look recently and it’s actually harder to find them. So, I think Amazon did make some changes. But Walmart is still just pages and pages and pages. Again, I mean, they get a lot of money out of having all these sellers on their marketplaces, but they’re selling something that’s kind of dangerous.
JACK: Gosh, this device is so insidious in the way it’s wriggling into our homes across the nation. We humans are vulnerable to scams and manipulation, and this seems to be the perfect thing to exploit that. Americans are sick of paying for twenty different streaming services. Like, if you pay for Netflix, Disney+, Amazon Prime, and HBO Max, you still don’t get any news channels. It’s so fractured and crazy. I just remembered this YouTube video by videogamedunkey, who has a guide on how to watch all the seasons of Pokemon. Here, take a listen.
DUNKEY: [Music] For Pokemon, there is a website that tells you how to watch this. You start off on Netflix, then swap over to the Pokemon streaming service, which is the only place that has Season 2, then swap over to Prime Video for Seasons 3 through 5, swap to Freevee, then Hoopla. Season 13 is only on Amazon, though. Then swap to Tubi, then Hulu, then Roku channel, and then finally back to the Pokemon streaming, and then Netflix. Easy.
JACK: What are these streaming services doing? It’s like the more they battle, the more we lose. Disney bought Marvel in 2009 for $4 billion, but even Disney+ doesn’t have the rights to play all the Spider Man movies? What’s happening? So, this SuperBox hit us right where our pain point is when it comes to watching TV and movies. It solves so many problems. People don’t want to pirate, but when it’s so painful and so complicated to find the shows you want to watch, then they just migrate to a simpler way to watch the shows. It’s not even less expensive, since they’re paying $300 or $400 for one of these boxes, which just has all the shows they want to watch.
I’m sure they’d be happy paying a monthly fee if it was for a streaming service which gave them what they wanted. But piracy is on the rise because of how complicated and frustrating streaming services are today, and when it’s 1000 times easier to pirate a movie than it is to research where things are streamed, only to create an account there, only to find that they’re no longer streaming it there, then people are going to give up and just pirate. Honestly, I blame the streaming services for this explosion of piracy that we’re currently seeing. They need to start treating their users with more respect, and we’d all be much happier for it.
D3ADA55: I had been hyper-focused on the SuperBox, but then I saw some of the same characteristics of a bunch of sellers and folks on social media talking about the vSeeBox. [Music] So, again, another one that’s like, still something something box, but a lot of the same stuff; oh, we’ve got this playback feature, you get all the channels. I’m like, this sounds familiar. So, I start digging into the vSeeBox, and so, I buy one of these.
JACK: This thing looks equally as strange.
D3ADA55: It was another weird Reddit post, too. Reddit was weird and got me all these breadcrumbs, by the way, because people just tell on themselves in Reddit piracy, by the way. But this particular post stuck out to me because they’re like, oh yeah, there’s no Chinese here. I got this new box and it still gives you all the channels, and it’s better than the SuperBox.
JACK: Does it say no Chinese here?
D3ADA55: It literally says — that’s the first thing it says. They started the post like that. I’m like, what? Like, why? Who? In the thread, no one said anything about China. That’s the thing that was weird. I was like, why are you telling on yourself? So, I read this post. This person in particular was like, no, everything was great. My seller was awesome. Everything’s responsive. It’s the best ever. You should get the vSeeBox now. I’m like, why is there another one? So, they look like almost competing companies. So, I buy one, and it’s also beaconing straight to China via Tencent infrastructure. I’m like, I’m not crazy, right? So, I put them all on the same network together, and they all start talking to each other.
JACK: Really?
D3ADA55: Yeah. I was like, oh no, are you guys sentient? I’m scared. So, again, I continue to dig. I continue to dig. I’m looking again, actually getting access to — I was using CENSUS at this point because I started at CENSUS in the beginning of 2025.
JACK: What is their tool?
D3ADA55: They’re internet intelligence, internet scanning, like Shodan for grownups. Got to do the job. So, as — again, it just continues kind of to get weird. I’m now tracking the different marketing campaigns. I’m tracking when new models come out. So, when I started, the SuperBox S5 was the model that was available, and now they’re up to the 7. So, they’re still just releasing…
JACK: They’re coming out with new versions.
D3ADA55: With new versions.
JACK: Wow.
D3ADA55: I’m like, wow, this one has USB C on it. Look at them go. So, yeah. So, again, it’s — just kind of continued. I got to the — kind of towards the end of 2025, and I start seeing more posts about suspicious activity blocked from users on Reddit, getting messages about — oh, my ISP says that I’m visiting malicious IPs and things like that. So, I’m like, okay, so maybe there’s some traction picking up here, because now there’s starting to be signals that — folks are starting to pick up on this. Folks are starting to notice this and make those changes with regard to our own infrastructure. So, I’m still looking, and in the beginning of last year, I found a third box called the Magabox.
JACK: Manga.
D3ADA55: Maga.
JACK: Oh, Magabox.
D3ADA55: Like M-A-G-A.
JACK: Oh my gosh.
D3ADA55: That actually — finally I got the answer I was looking for just this week from an interesting Verge article I’ll talk about here in a second. But that one, of course, stuck out to me because I’m like, well, who could they possibly be trying to advertise to? I was just like, wow. It was so blatant, and it looked just like the SuperBox. That’s what got me. I’m like, why does it look like the SuperBox? I don’t understand. So, again, there was just so many weird things. I’m like, why is this still happening? Just a lot of like, why this?
JACK: Did you get one of the Magaboxes?
D3ADA55: I did. I think it — I don’t know if they killed it or what, because I hooked it back up recently to kind of put back into my little baby botnet that I’m running at the house, and it wasn’t getting updates or anything. So, something else may be going wrong with that, or they’ve just kind of shifted focus back to the other ones. But yeah, I ran it for a little bit; kind of the same thing. Had a weird little, you know, get the little app store. Get the little video app. Watch your TV shows. Here’s your local listings of channels. They have, you know, all the different fandoms and things that you can get access to, but it worked like the other two.
JACK: Do these things come with remotes?
D3ADA55: They come with remotes.
JACK: Anything interesting in the remote?
D3ADA55: They have self-signed certificates for some reason. They, of course, have microphones, but again, they have open ports on them as remotes. So, I can — if I’m looking for SuperBoxes on the internet, I can actually see the ports, but it’s the remote. So, I still have some some mysteries I’m trying to solve there, but I did see it had a long antenna. I’m like, why is that antenna so long if it’s just like an infrared remote?
JACK: Yeah. Okay, so, infrared wouldn’t even need an antenna.
D3ADA55: Exactly.
JACK: So, did you find any — do you know what protocols it can handle?
D3ADA55: I mean, I know it’s Bluetooth. My tinfoil-hat moment is cellular, but I haven’t confirmed that yet. I’m talking to some cellular nerds to see if we can have a way to figure that out. But again, it’s very strange, because with most of the Android boxes I found — I bought some cheap ones, and they just have a generic Android TV remote.
JACK: Okay.
D3ADA55: The remotes are specific to the SuperBox that it comes with, or the vSeeBox that it comes with. You have to use the remote they give you. Even if you go on, say, Amazon, Best Buy, and you look for, say, SuperBox remote, it’ll — it’s a specific remote that you can only use with those boxes. It doesn’t work with other Android boxes, which is also weird.
JACK: God, this thing just gets worse and worse. It’s like a never ending nightmare. The remote has a microphone? At this point, I’m certain that that thing must always be on and is listening and maybe even using AI to parse out what’s being said in the privacy of our living rooms and bedrooms and sending those conversations to who knows where, which — the living room is probably the place where you make private phone calls and stuff. Holy cow. It interacts with the SuperBox using infrared. So, why in the world is there even a Bluetooth antenna on it at all? Look, let me tell you, a lot of us are walking Bluetooth signals. The Bluetooth that’s on our phone is always looking to see what it can connect to. You might have a Bluetooth smartwatch or earbuds, and I’ve seen pacemakers and hearing aids with Bluetooth, and all this can make quite a fingerprint that’s unique to you. I mean, have you ever gone to add a new Bluetooth device and you see things like Diane’s Earbuds or Bill’s Fitness Tracker?
I imagine that this thing is taking notes of what Bluetooth devices come near it, so we can tell who’s nearby. As a side note, to improve my home defence strategy, I recently got a Bluetooth antenna which is just scanning for what Bluetooth devices are near my home, and it records it. My theory is that if someone ever breaks into my home, I’ll pull up the logs to see what Bluetooth devices were in range at that point and try to see if they ever visited before to try to figure out who it was. There is a lot of data you can get from sniffing Bluetooth signals. So, if this remote has a Bluetooth antenna, a long one at that, and is quite the malicious little box, I can only take guesses as to what it’s doing with that antenna. Keep in mind, it doesn’t use Bluetooth as a feature. You can’t connect to it that way, and it doesn’t try to connect to Bluetooth speakers or anything. The Bluetooth antenna is covertly installed on it and is not user accessible. Brr!
D3ADA55: Then we get to kind of fall 2025. I see BSides Portland.
JACK: I did go to BSides in Portland, a hacker conference, and at that point, she’s given talks about this box about a half dozen times, but because there’s a federal investigation going on, she has strict rules; no cameras, no mics, no recording, no pictures. It’s a very hush-hush kind of talk that she gives, but it was one of my favorite talks I’ve ever seen, and the crowd was stunned for two hours after the talk. She had a mob of people around her just asking more questions about what she found, and they were giving her information. I even stood there perplexed by this whole thing, listening to everyone ask her questions for hours.
Everyone thought it was such a fascinating little box. At this point, this is probably the third or fourth time I’ve seen her give a talk on this, and it just gets better every single time because there’s just more to the story. Every time I would tell her, listen, when you’re ready, let’s please make an episode. But she was very hesitant, mostly because there’s an active investigation, and if she exposes them in a big way, it might ruin the ability to collect more evidence. But at the same time, the story was burning in her. She wanted to get the word out as a warning to everyone and their parents; don’t buy these things. But she felt worried about it, so she told me, no, not yet, but soon.
D3ADA55: Then Mr. Krebs reached out to me not too long after that, and he was asking about the SuperBox. So, he wrote a really good article that basically broke down kind of the interconnection between the SuperBoxes and the residential proxy networks. I didn’t think that the SuperBox finding was going to be anything major. I was just kind of like, hey, I wanted to share, and come to find out that all of the residential proxy stuff and the botnet stuff and all that stuff that we’re seeing in the news, a lot of that were breakthroughs because of what we all discovered looking at streaming devices. We hadn’t considered them a true vector until recently.
JACK: So, when she says Mr. Krebs, she’s talking about Brian Krebs, the journalist behind Krebs on Security. [To D3ada55] How’d you feel about that article?
D3ADA55: You know what? I thought — I mean, I didn’t say anything factually incorrect in the article. So, there was that. No, I think it was a good article because I think that was kind of another big push to kind of just show awareness. Some awesome folks also got quoted in that article, folks from Spur and things like that, who also specialize in proxy networks and stuff like that. That’s what they hunt. So, it was really cool to kind of see this amalgamation of all the different little pieces that all of us were looking at, and then kind of seeing the full picture and having it explained in an approachable way. Because when you’re sitting here listening to me talking about this, you’re like, oh my god, this is so much stuff. I’m like, I know, but there’s a lot of this other stuff that kind of builds up to sort of these major events that we’ve had happen in the last sixty days, just beginning of 2026 and end of 2025.
So, the Krebs article comes out, [music] and then I get phished, or at least someone tried to fish me, because when Mr. Krebs published that article, another IoT researcher got a SuperBox and started finding some cool stuff, and there was a posting of the store itself. Like, the repo they were using was just kind of out there. When it started to get bigger on YouTube because of Matt Brown’s work, all of the sudden the store is not there. It’s not — you can’t find the repo anymore. Then I get this e-mail saying, hey, do you have the app store dumps? Do you have some TCP dump? But I’m like, first of all, that’s a very personal question. You don’t just start off asking for people’s TCP dump logs. Come on. But I’m like, holy crap. It’s, of course, coming from a Proton Mail. They said they were a computer science student, but they’re not emailing me from an academic e-mail. They emailed me at my academic e-mail where I adjunct that I don’t put out anywhere.
I was like, how the hell did you get this, number one? Number two, wow. That was a hard nudge trying to kind of sniff around and see what was going on. So, of course I didn’t answer. I was just like, nope. Then I got a LinkedIn phishing message, too, asking about — we want to see your SuperBox research. We work at ISP. I’m like, that’s the tell. There’s certain things that give away these folks. So, obviously, the stuff that I’ve been working on and looking at this — like, this is making somebody a lot of money. So, I’m sure they don’t want me going around telling people not to buy the SuperBox, but here’s me just blanket saying don’t buy the SuperBox. So, a lot of interesting points have been kind of interested in what I’ve been finding and where I got. So, after that happened, I got d-dossed at my house. [Music]
JACK: What?
D3ADA55: Yeah. That was wild.
JACK: Externally coming from the internet to you?
D3ADA55: Yeah, yeah.
JACK: How in the world would anybody know your IP?
D3ADA55: Well, I don’t think — I think in the very, very beginning — and I’ve changed ISPs, too, which I thought was kind of hilarious that I still got hit. But again, depending on who’s behind it, they probably have more resources than I do. So, I mean, if they really wanted to know, they could probably find out. But, yeah, I got nailed pretty bad.
JACK: How long did it last?
D3ADA55: I think it was like fifteen minutes. We couldn’t — nothing would play, nothing would stream. I was actually on a Signal voice call with a friend, and it was all choppy more so than usual, because Signal voice can be hit or miss anyway, but it was really bad. I’m like, holy crap. I can’t even talk to you.
JACK: Did you look at the Palo Alto when it was telling you?
D3ADA55: Oh yeah, it was just over, over, over. It was just — it was like, three pages worth of just this one IP. I looked it up. It was in Ireland. I’m like, okay, well, that’s not — it was in Cloudflare. I’m like, Okay, well, I don’t know who the hell did it right now. But yeah, I was more upset that, you know, my husband was watching Spaceballs and that totally got paused because of this DDoS attack. So, yeah, I was like, wow, I made a new friend. I got d-dossed at the house.
JACK: So, this brings us into January of 2026, and around then we saw the largest botnet DDoS attack ever. It was the Kimwolf botnet, and it was launching attacks at 31 terabytes per second. It basically had control of 2 million devices, and could tell them all to send traffic to a specific IP on the internet, which would basically flood any computer with so much traffic that it would knock it offline. [To D3ada55] You think the SuperBoxes were part of that botnet.
D3ADA55: They were confirmed as part of that botnet.
JACK: But here’s the thing; from my understanding, it wasn’t the makers of SuperBox who were involved at all in this botnet. These things shipped with a really old version of Android and are loaded with all kinds of remote access features like TeamViewer, Netcat, and stuff. So, the person behind the Kimwolf botnet simply found how vulnerable these SuperBoxes were and spread their botnet onto a ton of them. So, now this guy, Dort, who’s the one who made the Kimwolf botnet, controls the SuperBoxes. I mean, if I wasn’t already extremely concerned about who’s in these SuperBoxes listening, now there’s Dort in there, too, and who knows what he’s doing with these things; turning them into weapons, I guess. If Dort can get into any SuperBox that’s on the internet, then does that mean anyone else can get into these things, too?
Like, are there a dozen spies in these things listening to us, seeing what we’re doing on our microphones and stuff and poking around on our networks? Gosh, I was telling someone about this the other day, and their first instinct is that the CIA must be in there listening, too. You know what? At this point, I don’t doubt it. The fact that these SuperBoxes are getting infected with more malware by random people on the internet just makes it so much worse. So, at this point, it doesn’t even matter if China’s behind this, because pretty much anyone can take these things over and eavesdrop on us or use the device to attack someone else with. This thing is radioactive and it should be smashed, burned, and yeeted into space.
D3ADA55: Cloudflare put out a report that talks about the DDoS statistics for the year for 2025, and they said that the Aisuru-Kimwolf botnet was the busiest, and they mitigated — I think it was — I think the number was crazy, like over 2,000 attacks they mitigated originating from this botnet. I’m like, wow. So, it’s been busy.
JACK: Basically, the Kimwolf botnet is a DDOS-as-a-service business. You can pay them money, and then they’ll aim this botnet wherever you want, the target of your choice, and it’ll take down whatever you tell them to. So, it’s purely profit-driven for whoever’s behind it. [To D3ada55] Did this box try to communicate with other devices on the network internally?
D3ADA55: Yeah, yeah. So, I had my two little sacrificial Raspberry Pis, as I call them. I was like, well, once you’ve touched this network, you can never go back anywhere else. So, thank you, my little lambs. So, the Raspberry Pi’s sit there on the network, and I — you know, I didn’t even name them anything interesting, but I’m looking; I’ve got tcpdump running on them, and the boxes are just going freaking crazy. Like, all of them are just actively trying to poke at it. I’m watching scanning. I’m like, are you guys nmapping this little Raspberry Pi in here? Like, what the hell? Again, they’re doing that discovery when they get on a network to see what’s on the network. So, if you’re working, say, from home, and maybe you’re in a position of trust; you’re in some type of important position where you have privileged credentials, things like that, you have this thing sitting on your network and don’t know what it’s potentially doing. It could be sniffing creds every time you log into work. It could be discovering your work device on your home network, because a lot of folks don’t have any segmentation on their home networks. I mean, you know, the possibilities really are endless if we think about it as just like an attack tool. I did get a report from someone that there was one at a remote employee’s house that was actually trying to poke stuff on their corporate network.
JACK: Okay, so try to figure — do they have a VPN between their home and corporate network?
D3ADA55: Uh-huh.
JACK: Gosh, this thing is bad. I still cannot get over how it scans your house, attacks the devices on your network, knocks them offline, and impersonates them. Ah, it’s such a nightmare.
D3ADA55: It’s like a perfect Trojan horse, like in the traditional sense. If we go back to the original story, here’s this big present, and we’re gonna hide inside. Here is this device that lets you get all the channels, and somebody is going to hide inside.
JACK: Okay, fair, it solves a ton of problems for people, and that’s the big reason why they want to get it. But my gosh, at this point the veil is lifted, we can see the spies are inside of it, and I’m glad that word is out now, right? That means that there’s enough information that everyone should be extremely careful and not buy these things, and it should be clear that nobody should get this thing because it’s just pure evil, right?
D3ADA55: Earlier this week an article comes out on The Verge, and I’m like, oh, The Verge. It’s talking about the SuperBox and the vSeeBox, and basically — and, you know I’m a big wrestling fan, so we call it getting over or putting someone else over. [Music] It’s basically trying to put over the SuperBox and say, oh, well, there’s people at the farmers market selling these, and, you know, they’ve also got some goat cheese and stuff. So, they’re just trying to make it. This guy was a retired cop in upstate New York, and now he’s trying to help his church get access to quality television. I’m reading this like, this is literal propaganda. Like, oh my goodness. This is what they mean when they say it’s gonna be plain as day in your face and you’re not gonna understand that — again, an average, everyday person is going to read that and be like, oh, well, these people don’t care. In the article it verbatim said, oh, I don’t care about sending a couple thousand dollars a month to China every month because I’m helping people get affordable TV.
JACK: Sorry, I had to pick my jaw up off the floor. What? This Verge article is titled Everyone is Stealing TV, and yeah, it simply talks about how so many Americans are selling and using these things. They interviewed Jason and Natalie and James and Eva, all who are happy SuperBox users and resellers. The quote from Eva is, I’ve been on a crusade to try to convert everyone. I’m completely flabbergasted by this article. What are we even doing? I mean, let me read one part to you. They interviewed this guy Jason, who earns a commission for every SuperBox he sells. After signing him up as a reseller, Jason’s SuperBox contact also recruited him for a unique side gig; whenever Jason finds a SuperBox advertised for less than the company’s suggested retail price, he buys it and sells it back to the company for a premium. He says that the SuperBox maker then checks the device’s MAC address against a list of past sales and remotely deactivates all boxes it sold to the reseller who openly advertised the unauthorized discount.
Offending sellers are then asked to pay a fine, Jason says. Consumers who happen to buy a box for the wrong price find it locked with an on-screen warning telling them to contact their service provider. To alleviate the concerns of would-be buyers fearful of getting scammed, device makers maintain online verification tools. Each reseller gets a certificate with a unique code. Enter that code into a web form, and the company will tell you if the reseller in question is in good standing. Oh, thanks, Verge for squashing my concerns about being scammed by someone selling me a cheap SuperBox. I feel much better now that you told me that there’s an online verification tool to check whether this seller is legit or not. This article, in my opinion, is all hype for this thing. It doesn’t raise any of the red flags that I see on it. I simply cannot believe The Verge posted this article. This is ridiculous. I am officially nominating this article for a pony award.
D3ADA55: Then yesterday there was — I think it was called the Tech Brew Ride Home or something like that. At the end of the episode from yesterday, he spends about five minutes and he’s basically — it sounds like he’s reading The Verge article. I’m like, no, don’t repeat it. We’re already — again, they’re already trying to discredit any of the research that any of us have done on this to basically prove that this isn’t something you should be getting. What cracked me up is in the article it said, well, it’s not like you can get these at Walmart and Best Buy, because everyone knows it’s illegal to have pirate devices at the store. I’m like, no shit, but they’re at Walmart and Best Buy.
JACK: I don’t think you understand how crazy it is to have an influencer marketing campaign working against us here. You’re not buying these things from some shady guy in a dark alley who you know is 100% illegal and is probably scamming you. You’re buying it from a soccer mom, a guy with a stand at the farmers market, your church friend, family members, gym buddies, co-workers. When it comes into your life in this way, it doesn’t feel illegal, it doesn’t seem shady. It feels like you’re clever and smart to get such a cool gadget.
D3ADA55: I remember kind of the old adage — you know, back in the 90s, early aughts, especially all of us who’ve been on the internet a long time and those of us who are in high school and stuff like that, when in the early days of the internet you felt like you could spot a scam from a mile away because the skill wasn’t there. But this is sophisticated. Again, they’re hitting it from a few different angles. They’re making sure that they have people ready to counter any negative like press or posts or anything like that. They’re making sure, like we’ve said, to tap into the economic anxiety. It’s crazy. I’m like, wow, they’ve put so much time into this.
JACK: But then you think about where these things end up.
D3ADA55: I mean, you know; you know people that work weird shifts, or maybe they work in some kind of weird office. It’s boring at night. Maybe they’re on graves. Oh, I want to watch the UFC fight. Let me bring my SuperBox.
JACK: Then that thing just gets busy devouring all the computers at work, or it’s brought to a hotel to watch TV on the go, or maybe the coffee shop owner installed one so they could play shows on the TVs in the shop. Now when you get on the Wi-Fi in that shop, suddenly you’re on the same network as a computer that’s probing and scanning you and attacking you. This is why I never use Wi-Fi in a coffee shop or a public place. I just picture it riddled with these diseased and infected boxes that are desperately trying to get access to my machine the moment it connects. I bring my own Wi-Fi hotspot with me everywhere I go, so I only trust my own network.
D3ADA55: The funniest thing, I think, that has happened so far was being out at a pho restaurant. I’m looking around because someone had just told me they were at a pho restaurant and saw three of them in there. So, now I go into places and I’m looking and making sure there’s not a SuperBox behind the TV and stuff like that, because even if it’s not doing anything else, just the fact that anything you connect to it, it wants to know about it, and it’s gonna start poking at it, to me, is scary. If I connect my — and what made me upset about this whole situation with my dad was like, I went over there and didn’t know he had these and had connected my work computer at the time and my phone and stuff to the home network ‘cause I was visiting for a couple days, and I’m like, you have these things in the — these have been plugged in the whole time? What? So, it exposes all of us in a lot of ways that we may not want to be exposed in. I’m not doing anything shady, but like, I want my privacy.
JACK: I saw you are bringing a Faraday bag with you everywhere you go. Is this why?
D3ADA55: I mean, it could have something to do with it, for sure, but also just trying to be more cognizant of my own personal security hygiene, because I think for a lot of us that have been doing this for a while, there’s always gonna be places where we’re just like, eh, I just don’t care, because we already were already in it so much all the time. But I spent some time kind of reflecting on — I was out traveling, and I think I got popped with something because my phone was acting crazy and all this other stuff. So, I blew away everything in the house, re-imaged everything. Everything’s fine now, but I’m like, I’m just gonna take some extra steps just to make sure. ‘Cause I usually — you know, I always have VPNs on and stuff like that, but a VPN can only do so much if somebody’s really interested in what you’ve got going on on the other side of that. So, yeah, I will just encourage everyone to just keep practicing basic security hygiene, because the moment we get complacent, that’s usually when we get got.
JACK: Okay, that’s it. I’m taking D3ada55’ cue here. If she always keeps her phone in a Faraday bag, I think I have to do that now, too. A Faraday bag is one that just doesn’t let wireless signals pass in and out of it. Think of it like the door of your microwave, which blocks it so your microwave doesn’t cook the whole kitchen. Because who knows what coffee shops and restaurants have these things in them and are scanning my phone even if I’m not connected to the Wi-Fi? Like, what’s with the Bluetooth and other antennas on this thing? It’s proven to be so malicious that I don’t trust it for a second. I don’t even want to be in range of this thing. [To D3ada55] Let’s put all the pieces together.
D3ADA55: Yeah.
JACK: Where do you land on this?
D3ADA55: Okay, so the whole picture is somebody — and I’m going to be vague on purpose, because I am still working to get the full picture of the somebody. Somebody is basically getting influencers, of course, to show these. There’s an entire distribution network of distributors and resellers. So, they’re getting folks in their neighborhoods and in their communities and all these places to sell these boxes to friends, family, everybody, as much as they can, which, again, already weird. They’ve already infiltrated all the big box stores. So, again, it’s — now looks like this normal, every day has-been-around-for-nine-years consumer product. We still, of course, have the whole issue with them targeting people directly in oil and gas, which that’s still — to me, I’m like, this got mailed to you at your house, friend? Are you gonna move? I just, you know, I’m worried for you. Then we still, of course, just have the endless problem of there’s no legitimate regulatory tracking on it.
They’re dark. There’s no FCC IDs. You can’t find really any information on these things. The one that we did find information on, when you’re importing something and it’s coming from overseas, you have to sign off on it and say that it’s — everything’s correct, it’s labeled, it’s got the FCC ID, things like that. It had a signed one, but the name did not — it was a QQ e-mail that signed it. I’m like, so the US agent has a qq.com e-mail signing off on this device that — it has all the regulatory information and the things it’s supposed to have when it doesn’t.
JACK: That’s not legit.
D3ADA55: Yeah. So, it’s kind of like — they’ve got us on the MLM thing, too. I don’t know what it is about America, and we love our MLMs, man. There’s been, you know, Amway and all the — there was even a power one. So, this is just a new MLM. It’s a streaming box MLM, it seems like.
JACK: Yeah, and I think they’re hitting us in such a unique way, ‘cause they know we’re frustrated with the rising cost of cable, and all the different streaming services are branching off into their own, so now you have to have ten different streaming subscriptions. People are sick of this, so they’re just like, we got the solution for you.
D3ADA55: It’s perfect. You get all the channels.
JACK: We don’t care about breaking the law.
D3ADA55: Exactly.
JACK: Yeah, so, someone is doing this. Do you have an idea who might be behind this?
D3ADA55: I mean, given everything that’s going on geopolitically, of course, everyone was kind of just like, hands up. Like, China — it just seems like it’s obvious right at this point, because why else would it be beaconing straight into Tencent? The other thing, too, is that as I’ve kind of been looking at this and everything else, the devices themselves, they’ve got a whole manufacturing arm that has to be — again, China’s gotten the manufacturing thing down. We’re all sitting around with iPhones and all these other things. China makes our stuff, so they’ve gotten really good at how to fabricate this stuff. So, it actually looks nice. It looks like it’s good quality to make it look even more credible for the price that people are paying. If we think about like you said, everyone’s stressed out for money.
Everybody always wants a quick fix. We are such suckers for get-rich-quick schemes and things like that, and that is peak multi-level marketing. The distributors get a cut from the resellers. The resellers get a cut from the boxes. Then if you get friends to also help you resell, you get more of a cut of their boxes. So, it’s a perfect MLM. So, they’re hitting us from the things that are built into our culture, TV, multi-level marketing, get rich quick. They’re building into our economic anxiety. They’re building into our complacency with just accepting things that even if you know we don’t know that much about it, it’s like, oh, well, we get all our stuff from Walmart or all our stuff from Best Buy.
JACK: We got social proof.
D3ADA55: Yeah. So, they’re hitting us from a few different angles just psychologically, not even from a technical perspective. The tactics and everything that the box are using, those are like table stakes. You expect reconnaissance. You expect some of these other things. You don’t expect an influencer network that’s trying to get these out there. You don’t expect there to be marketing, because if you look at some of the other devices — there might be one or two videos here and there maybe talking about an NVIDIA Shield as an example. But this thing has a whole campaign, websites and everything else. So, I’m like, who is doing…? You set up a whole brand just to sell these things. This is insane. So, yeah, all that to say we’re now at this point where I’m like, okay, well, we have to make a decision, I guess, as like a nation. Do we want cheap, easy cable, or do we want to continue to have basically back doors plugged into all of our networks?
JACK: Okay, so, if it is China, even the Chinese government — it’s crazy to think that the Chinese government would be behind this, but it sounds like it may be.
D3ADA55: They have that unified front as far as integrating everything with the military, so…
JACK: Sure. So, if the Chinese government is trying to get into Americans’ homes in order to gain more access into them and visibility and all that sort of things, it doesn’t seem like we’d be their first target. So, I’m just wondering if there is a — if we’ve seen this activity in other countries, these kind of boxes in other countries.
D3ADA55: Yeah. That was kind of interesting because I kind of immediately — when I first started looking at it, of course, I wanted to see if there was anything else that had been reported. There was a researcher. I’m spacing out his name right now. But he had done a write up on the malware that was in the T95 box. So, that kind of got me already thinking like, okay, so we have seen behavior similar to this before. I did look in like other countries and stuff, and China had already cracked down on these types of device. I think New Zealand had already cracked down on these types of devices. So, it seems like this had already been a similar problem, but apparently there was also a similar campaign in Taiwan about ten-ish years ago. It was all centered around illegal piracy of sports. So, it was the same idea, though; they had these streaming boxes that were convenient, and you could get all the sports channels, and they were all over Taiwan, and then they got busted, and then they weren’t all over Taiwan anymore. But that could have been a test bed to then see, okay, well, how do we make it work here?
JACK: So, how does a country bust them so that it’s no longer valid in that country or whatever? What are the — even approach to stop something like this?
D3ADA55: I mean, they, of course, were like, you got to pull them off the shelves. They’re banned. They can’t be imported. Those big-kid controls, as I like to call them. I don’t know how long it’s going to take to even see that here. We did just finally get some stuff taken off the shelf that — again, we were — we all had concerns about China and we all had concerns about — what are these devices actually doing? But it was years after the fact when it was already a problem.
JACK: Yeah. I mean, even if you did get it banned from Walmart and Amazon and Best Buy, you still have the soccer mom down the road slinging them…
D3ADA55: Exactly, exactly.
JACK: ….and your electrician coming over and saying, I got some extra stuff for you if you want to buy these things.
D3ADA55: Man, yeah.
JACK: So, it would be really hard to put the genie back in the bottle at this point. So, that’s one prong, and then maybe another prong is getting ISPs to do something and say, hey, this is illegal streaming, so we don’t allow that here.
D3ADA55: Yeah, and the ISPs have been really good about this.
JACK: I actually got word from a friend who works on an ISP, and he says that a lot of users are reporting that their allocated bandwidth is getting maxed out super early in their billing cycle. They’re like, I’m not online that much, yet it says I’ve uploaded 360 gigabytes of data. Clearly you have a faulty meter. So, the ISP technicians go out to the house and investigate, and they can’t find an issue, and so they swap out their ISP devices and reset their bandwidth usage. But then the problem persists. Next month, the customers call back saying it shows that I’ve uploaded so much data that my ISP is now throttling me. One customer was even seen uploading 4,000 gigabytes in a single day. So, the ISP asks the customers, by chance, do you have a SuperBox? Many of them say, yeah, I do.
Why? Well, it’s because those things are sending enormous amounts of data to the internet. But what is it sending? Sure, it’s part of a botnet. So, it’s attacking other devices by sending floods of data, but also it just might be exfiltrating tons of data that it’s collecting in that home network; voice logs, network data, photos, files, anything that it might find valuable. It just sucks it up and sends it off. I mean, if a device is sending terabytes of data a day or a month, then the question isn’t what is it uploading? It’s more like, what isn’t it uploading? So, yeah, ISPs are getting hit in the face with these boxes, too, and are unsure how to effectively handle them.
D3ADA55: I think the telecom and ISP networks understand, I think, their vulnerabilities a little bit better. They’re like, okay, yeah, we actually have to look at what is going on in home networks, because we are no longer at the point where we can just pretend, oh, well, it’s the consumer. That doesn’t impact me. We’re all in it now. There’s no — we can’t — like you said, we can’t put the genie back in the bottle. So, they’ve been pretty good about trying to, of course, sinkhole traffic. So, ISPs can, of course, see downstream. But we have to kind of think about are we prepared to be a country where we are now policing what’s going on on home networks? Obviously, like that would be problematic for a lot of people.
JACK: Yeah, I think that’s going too far.
D3ADA55: No, no, right. No, exactly. I think — and I don’t think we should have to do that.
JACK: But this might be the one time that I want Disney to get litigious.
D3ADA55: Yeah, right?
JACK: Like, why hasn’t Disney figured out, hey, they’re streaming this pirate — ‘cause I know that they’ve always been…
D3ADA55: The mouse is always ready to strike when it comes to that stuff. I’m actually really surprised that it hasn’t been one of these bigger media companies actually striking back. I mean, Google sued the BadBox operators.
JACK: Okay.
D3ADA55: There was a bunch of DMCA kind of notices and stuff like that, but it’s still going. So, is that gonna actually do what we want it to do? I don’t know. We still — so much has happened in the last couple of weeks that it’s gonna be a busy year in 2026. That’s all I can really say. There’s so much more that’s going to come from this. I guarantee it.
JACK: Yeah, and it seems so easy for it to just be eliminated since it is illegal, and that’s the thing I’m surprised at.
D3ADA55: I’ve been stuck on that, honestly. To me, I’m just like, this is the most blatant example of this, and y’all are out here sending these ISP letters to a single mom because she wanted to download Shrek 2 for her kids. But we’re not doing anything about this entire network of bootleg streaming devices.
JACK: That’s what’s so surprising, is the pushback on piracy all these years, and how terrible it’s been to torrent things, and how people are — yeah.
D3ADA55: Yeah. We’re all evil trash for…
JACK: Apparently, that’s not a problem anymore.
D3ADA55: Yeah, I guess…
JACK: Or they haven’t got the memo. That’s what’s surprising about it. So, that’s what I think is going to unravel this year, is there’s — it’s no longer unknown. It’s like, okay, this is clearly — but because if it is allowed, then why don’t we just make…
D3ADA55: A legit one.
JACK: Not a legit one, but a non-malicious one?
D3ADA55: Non-malicious one. We could have a whole new business model, man. Again, I’m surprised someone just hasn’t, right? I won’t be surprised when somebody’s like, hey, I’m ethical and I’m gonna help you get all the channels. Like, here comes everyone else’s money, because we don’t want implant devices. But again, there’s just a lot all going on at the same time. Obviously when we think about the whole geopolitical picture, there’s a lot of different moving pieces. We’ve seen a lot of stuff overseas, internationally, and so, I still am trying to understand how this might even be a part of that. So, I will be digging more this year, that’s for sure.
JACK: Oh, yeah. I mean, I hope that the update or whatever comes next isn’t — these BadBoxes destroyed America.
D3ADA55: Yeah. Like, oh my God, no.
JACK: Because it is — you’re right; I said if you put — this is a pre-positioning move, what is their final intent? And maybe we don’t know yet.
D3ADA55: That’s what I — yeah, that’s the part that I’m still kind of scratching my head about. It’s just — it’s the why. I mean, I’m like, yeah, I guess maybe the ad fraud, maybe it’s the residential proxy business they’re running, maybe it’s just the botnet. But there’s so many other ways to do all of that that’s not stand up a whole brand and then market these boxes to people so they buy them.
JACK: Yeah, I predict that we haven’t seen the full wrath of what these things are capable of yet. It’s possible that all this is just some pre-positioning move of some kind, and whoever’s behind this is trying to get blue-collar workers to give them access into US corporations. Then what? If someone gets a hold of our critical infrastructure in a large scale way, it’s like having a chokehold on us. They could do whatever they wanted. So, the potential damage these things could do could feasibly be in the realm of nation toppling. Does that make me crazy to say that? This is the very reason why I don’t like getting into politics. Politics is designed to confuse you and to keep you from getting to the truth, so you can never be sure of what’s actually happening. But even when you get a glimpse of the truth, you then sound like a lunatic when you start telling other people.
Because if I ever see one of these things plugged in anywhere, I’m going to immediately unplug it and try smashing it to bits, and I can only imagine the owner of it yelling at me, hey, what are you doing, man? I’d be like, don’t you know this thing is evil? And if we don’t stop it, it might be the end of our nation. I feel like a lunatic just thinking that scenario through. But maybe this is the new world that I just need to get used to, because even if we all team up to get these things smashed and burned and yeeted once and for all, there’s just going to be another thing that pops up, a 3D printer with spyware, a drone with spyware, a projector with spyware, a router, a computer, or even a car. Because if these things are cheaper or better than the competition, or if they just have a better marketing campaign by paying influencers to spread it, then this battle to discover it and eradicate it is just going to start all over again. I’m not sure it’s possible to fix this, and that’s what makes it so scary.
The whole goal of information security is to conduct business in a hostile environment. For instance, when you do anything online, you’re traveling through a bunch of networks that you have no idea who owns them, so you have to operate in a zero-trust kind of way by encrypting your connections so that they can’t snoop on you and doing things to verify that they didn’t tamper with the message. So, maybe this is the new hostile environment that we need to learn how to operate safely in. Our homes and workplaces, our coffee shops and bars could all be out against us now. I never expected our home networks to be hostile environments, but let’s take this as a sign that they probably are. Spring is here now, so it’s time to clean up our networks and make them safe again. I’m drawing a line on my front door. Spyware is not allowed past this point.
(Outro): [Outro music] Thank you so much to D3ada55 for finally sharing this story with us. It has been such a treat watching her progress through this over the years, and I’m so happy to finally tell you all about it. Hey, listen, I’ve got some big things cooking up this year. I’m going to be releasing a new bonus episode real soon here, which is going to only be available to premium subscribers, and I’m also going to be releasing a whole new podcast later this year. This is by far the most insane story anyone has ever told me, and it’s taken me eight years to make and it’s finally in its final touches, but premium subscribers are going to get to listen to it way earlier than everyone else. What I’m saying is I really want you to become a premium subscriber. So, you just let me know what it is I need to do in order for you to buy me a cup of coffee once a month. Not even 1% of you are premium subscribers.
So, I know it’s not you; it’s me. I need to do something to amaze you, or wow you, or give you something that you can’t find anywhere else. So, you just let me know what is it that I can say or do so you chuck me a few bucks for what I bring you. If you’re like, oh, Jack, you’ve given me enough; now it’s time for me to give to you, then thank you. I really appreciate that. You can become a premium subscriber by going to plus.darknetdiaries.com, and you’ll get ad free episodes and a bunch of bonus episodes, and you’ll be the first to listen to my new podcast coming out in a few months. The show is created by me, the failed pro gamer, Jack Rhysider. Our editor is AI’s worst nightmare, Tristan Ledger, mixing done by Proximity Sound, and our intro music is by the mysterious Breakmaster Cylinder. What’s a pirate’s favorite movie? Anything rated R. This is Darknet Diaries.
[End of recording] Transcription performed by LeahTranscribes