Are we worth more than your cable TV? Or 10 bucks a month? 20? 100? A million? Just go to the WBAI.org website and sign up with your credit card. You'll barely notice it. In return, you get a WBAI tote bag to show off, free or discounted entry to special WBAI events, and other perks. Another cool thing about being a BAI buddy is less fundraising interruptions to your favorite programs. Go to WBAI.org. You can donate in the name of your favorite show, like Ecologic. Or Off the Hook, which is on right now, here on WBAI, New York. Off the Hook. Off the Hook. Off the Hook. Off the Hook. Off the Hook. Off the Hook. Off the Hook. And it's another exciting edition of Off the Hook, here on WBAI. Emmanuel Steen, I'm with you. Joined tonight by Rob T. Firefly. Good evening. And Kyle. Hi there. Howdy. It's not a fundraising edition. That's right, we will be taking phone calls from our listeners, who hopefully are still with us. We want to thank people who called in with their pledges over the last few weeks. And we want to give updates on all the things that are going on throughout the world. Of course, today, the ... This is the mic check for Cat Radio. How did that happen? You know what? I brushed against the keyboard and this thing jumped at the edge. Be careful, you'll knock the clock. You know what? Finish what you were saying. I am so sick of technology today, where if you touch something in slightly the wrong way, all hell breaks loose. What's with kids today with their tiny little fingers, you know, tapping the phones and knowing exactly how hard to hit something. I can't even get a program to load. And when I do, I hit the wrong button and I'm a half hour recovering from that. Okay, so did I break the computer? Is that what happened? It's playing a lot of things now. You know what? I can't be bothered. I think it's okay for now. I think we've stabilized. Yeah, right. We've checked the heck out of that mic. Okay, well, what I was trying to say was the big news today is that Facebook was down or is down. I don't know. I don't care. But a lot of people are talking about it. I didn't notice. No. Neither did I. No. It's because we don't spend our time on Facebook. But Facebook, Instagram. So a lot of people's lives are ruined today. Oh, Insta. Yeah. So that's ... They don't know what the cause is. It's an apparent outage. It's an obvious outage. I don't know what they mean by apparent outage. A cute outage? Yeah. I think it's pretty cute. It's not cute. According to Roland Dobbins, who had the misfortune of being quoted in USA Today, an engineer with a network performance firm, NetScout, said the outage was due to an accidental traffic jam issue with a European internet company that collided with Facebook and other websites. How do you do that? How do you collide with Facebook? Because I'd like to. I'd like to figure out ways to do that. Some users of Facebook-owned WhatsApp reported having issues sending photos on the popular messaging app. And as with nearly every Facebook outage, users headed to Twitter with the hashtag Facebook down, quickly becoming a top trending topic in the United States. Oh, God help us. Well, I think that's interesting from an infrastructure standpoint. Hopefully, the internet still works the way it ought to, which is it's fairly fault tolerant. In other words, when it runs into these things, it works around them and your information goes to the right place. But is this perhaps a symptom of these sorts of platforms having agreements or any glimmer of the net neutrality changes that we've talked about on this show? Perhaps. Maybe. I mean, if things are closed and less open in terms of routing in some way, maybe these kinds of things happen. I don't know. I don't know anything about the story. I'm just interested in any other side effects that people might have seen on the internet in general from Facebook being down. Because I remember years ago, I was running a network at home that had Facebook blocked at the router level. Just nothing from Facebook or their associated machines could get through. And I noticed every so often, some completely unrelated site would end up broken because they were depending on some chunk of code from Facebook to sell t-shirts or something. I noticed people going outside and breathing in air, exercising, socializing with each other face to face, which I know isn't done anymore. But yeah, walking up to somebody and saying, hey, look at this picture. Is this cool? And getting approval that way. Yeah. And you get a thumbs up. Yeah. I miss those days. I really do miss those days. Real life. Walk down the street and people just give you the thumbs up. Yeah. Well, Facebook, Instagram, it'll probably be back before you know it. If it's not already back. So enjoy it while you can. In real news, Chelsea Manning is in prison. That's kind of important. Yeah, she got locked up. Yeah. And do you know why? Because she refused to testify in a secret grand jury. Yeah. I want to read you the opening paragraph in the New York Times story, which by the way, has not been updated in a week. And in fact, there's precious little news about this anywhere, which I think is atrocious. Yeah. This is a big story. It's a big deal. Now, Chelsea Manning, as we know, is the former army intelligence analyst who provided archives of secret military documents to WikiLeaks in 2010 and was taken into custody this past Friday, after a federal judge found her in contempt for refusing to testify before a grand jury that is investigating the anti-secrecy group. Think about that. She wants to, or she's being told that she has to testify about an anti-secrecy group in secret. I mean, how do you think that's going to go? You know, anyone with any conviction whatsoever is going to stand up against that kind of a thing. Of course, very few people will, but that is how we should act when we are called to, regardless of what you think about WikiLeaks, to be forced to do that, to be forced to testify in private, it's unacceptable. And she's paying the price for it, and commendably so. The question is, how long will this go on for? I don't know. The one thing we can say for this is that this time around, unlike last time she was imprisoned, this time around she knew, I think, what she was getting into when she made her decision and was able to, I guess, prepare for it in whatever way she could. Yeah, but I don't doubt that the lawyers and there's plenty of people that are helping and I'm sure we'll have more information about ways people can help and different organizations that we've talked about in the past. I'm sure the EFF is involved in following this, as well as groups like the ACLU. So I mean, this is important stuff, but it's, I guess, laudable to have principles and be firm in your conviction and refuse to help with something that you truly don't believe is just. Yeah, well, according to the Times, the grand jury's questions pertain to disclosures from nine years ago, took place six years after an in-depth computer forensics case. And actually, she's referring to her case, in which I testified for almost a full day about those events. I stand by my previous testimony, I will not participate in a secret process that I morally object to, particularly one that has been historically used to entrap and persecute activists for a protected political speech. So that, to me, is definitely commendable. And her take on this has been that she gave the answers that they're looking for in her previous testimony, which is on the record. So I think if that's indeed the case, then I think what they're doing is basically just kind of a punitive measure to just get her in prison, because if they really wanted the info that she gave in the past, they would have it, because she gave it in the past. Yeah, I think this is kind of a case of trying to force somebody to submit and yield to their demands, and she's not having that. It could also be a test of the social network that she's involved in, and the activist community at large. I think that this kind of thing would be perhaps a wide net of requests like that. And then the refusals and people's reaction to them once they get their heads around what's going on, then sort of fall into suit, whether you want to cooperate or not. So I think maybe, yeah, it is just kind of like what Rob said, maybe just a little bit of a punitive thing just to kind of entangle, and maybe even a mild threat, like spooking people and making them think, yeah, okay, maybe I was okay for a while, or I was pardoned, or this or that, or the other thing, giving them a sense of more ability of freedom or way of acting that changes as a result of their freedom being threatened as a red flag or something that they're looking to further their investigation. Who knows? I mean, that's the problem of a secret hearing. Yeah, and that's the thing. I wish Alex was here to give us the legal slant on this, but I'm not sure, are you allowed to talk about anything that happened when you're in front of a grand jury? I don't believe you are. I think you're sworn to secrecy as well. I could be wrong on that, because I've never been hauled in front of a grand jury somehow. I almost was on one once, but I just narrowly escaped. It's not like regular juries. The rules don't apply. People who are being questioned aren't entitled to defense the same way that they are in a regular jury. It's really kind of a strange system, a holdover from many, many years ago, and I can totally see why somebody would be opposed to being in that particular room. Rob? Well, just to put out there, Chelsea's official website, where there appears to be ways and means to help her out and support the effort to support Chelsea, can be found at her official site, which is xychelsea.is, xychelsea.is, and she's xychelsea on Twitter. Okay. Some other news, if you're in Texas, specifically the Lancaster, DeSoto region, and possibly even as far as Dallas, you may have heard tornado sirens and been told in the middle of the night that, don't worry, this doesn't mean anything. Turns out their sirens were hacked. Yeah. Officials say a hacker was behind the early morning tornado sirens that rousted residents of the city neighboring DeSoto with an unwanted wake-up call on Tuesday. It's become evident that a person or persons with hostile intent deliberately targeted our combined outdoor warning siren network, the city said in a statement issued early Tuesday evening. The sirens sounded around 2.20 a.m. and didn't go silent until sometime after 3. Can you imagine? The incident was initially described as a malfunction. Unlike Saturday morning, no severe weather was taking place in the area. That's when the sirens went off and meant it. The emergency outdoor warning sirens have malfunctioned and are automatically sounding. We are currently working to address the concern and will provide follow-up as quickly as possible. That's what the city posted on its Nextdoor page. Sorry about the inconvenience. Does anybody know what a Nextdoor page is? Nextdoor is a, it's a sort of a social network, kind of a Craigslist-y type of thing that goes by the area in which you live, the neighborhood in which you live, and you'll find a lot of municipal agencies now have a presence on Nextdoor to do things like that, communicate things like this. So if a tornado were to come in the area, I would not know to go to the Nextdoor page because I'd never heard of it before. Wow. And I imagine a lot of people in the middle of the night, their first instinct is not to go to a webpage. It's basically to go to a storm cellar and some of them might still be there. Before 11 a.m., the city of DeSoto issued a tweet that read, hopefully, by now they were all quiet, which hopefully didn't wake anybody up when they sent that. The city also alerted residents via its Code Red notification system, which sounds interesting, saying everything was all clear and there was no emergency. And an earlier tweet said, please disregard the emergency sirens that you hear going off in some parts of the best southwest cities, that's what they call their region, best southwest cities around 2.30 a.m. Tuesday. This is the result of a malfunction and not an emergency. We are working to correct the problem. So basically, they said that the system was hacked. They're not giving any details. I'm trying to find some details. I know in 2017, Dallas had a similar situation, 156 sirens were activated late one night after someone hacked into the city's emergency system. Apparently, they didn't learn from that. That was like a UHF or VHF frequency? Yeah, it's something over the radio. What gets triggered? I think that's the way it worked in that scenario. And I remember that story, I believe, as you said, it was Dallas or somewhere in the south there. And yeah, it was like a frequency that someone triggered over the air. And then each of the individual sirens is tuned and then picked up the signal that then activates a relay or otherwise engages those alerts. I don't know if it's the same type of system or the same system, but this is something clearly that is open to abuse and is being abused. And they need to look into that. They had an announcement yesterday saying that sabotaging a public warning system is more than vandalism and said technical experts would be consulted and the investigation turned over to police. I would imagine that it was already turned over to police, but I guess they're getting around to it. I know these things can be triggered either through some kind of online access or through radio communications. If people have specific information, I think it should be made public so that they can correct it because clearly they don't correct it when somebody messes with it. If you have information, email us, oth at 2600.com or drop something into our Secure Drop mailbox. Go to our Secure Drop page, 2600.com slash Secure Drop, for all of the info on how to do that completely anonymously. It brings to mind the story from last year where there was some agency, and I'm not remembering this fully, but there was some agency that someone at the agency had hit the wrong switch and set off the missiles are coming toward us alert. And I think they initially said they were hacked as well before admitting that it was their own incompetence that triggered the alarm. That was the incident in Hawaii, and I believe it was a dropdown or a radio button on a web portal. Right. And the options were right next to each other. Administrative webpage. Yeah. And this individual had not indicated that it was a test or otherwise fumbled a bit in that. And then it was characterized as a hack when in fact it was just an error on the operator's part. And it's become such a default thing for entities to immediately claim they were hacked even when they've messed something up themselves because they don't want to own up to having messed up. Well, so much is dependent on these machines and applications and software that it's hard to tell the difference between when it's screwed up by someone who's got the access or ought to be using it versus a hack or a legitimate error or anomaly. What's the difference anymore? Absolutely. Well, you know, that is the instinct. When somebody posts racist or homophobic content on a Twitter feed, my account was hacked. It wasn't me. I didn't get drunk last night and say all these horrible things. Somebody hacked my account. That's the default go-to. Blame the hacker. Well, in Japan, they're blaming a hacker. They're blaming a 13-year-old girl actually from the city of Korea. It's not really Korea. It's spelled K-A-R-I-Y-A. I'm sure it's not pronounced Korea. How about Korea? What do you think? That's probably better. Spell it. I just did. K-A-R-I-Y-A. Korea. Yeah, it sounds like you're saying Korea, and I know in Japan they don't want to say that. Korea. You know what? It doesn't matter. The city is not the story. That's not the point here. Yeah, continue, please. Basically, she posted browser exploit code online. It was a mere prank that triggered an infinite loop in JavaScript to show an unclosable pop-up when users accessed a certain link. The pop-up could be closed in some browsers like Edge and Firefox on desktop, but could not be closed in others like Chrome on desktop and the majority of mobile browsers. The pop-up was hosted in several places online, and police say the teenager helped spread the links throughout the internet. She did not create the malicious code. It was shared in online forums by multiple users for the past few years. She basically just told people how to access it, and I don't know what the crime is there. I'd like to be able to tell people how to access it. If you want to make a phone go nuts, here. Click this link. At least you tell people what it is before they go there. NHK, the Japanese national broadcaster, reported that police also searched the house of a second suspect, a 47-year-old man from Yamaguchi, that word I can say, and they're also looking at three other suspects for the same crime of sharing the link on internet forums. Sharing a link. They're raiding people's houses. Japan is a country that has been historically tough on cybercrime, even in its lightest forms. For example, Japan was the first country to send a person to prison for embedding the coin hive in browser cryptojacking script inside a game cheating tool. In July last year, Japanese authorities sentenced a 24-year-old man to one year in prison, suspended for three years, despite the man making only $45 from his exploits. Wow. How does that work when you're sentenced to a year, but it's suspended for three years? Does that mean you have to wait three years and then go to prison? Because when they suspend the sentence, that generally means you don't have to do what the sentence says. It might be that kind of deal where you have a year sentence, but it's suspended because it's sort of put aside, and you have three years to just keep your nose clean, not screw up because if they bust you for something else, then immediately you're going back for that sentence that you already had. Yeah. That sounds like a deferment of some kind so that you get three years probation instead of serving that full year immediately. Some kind of supervised or deferred probation period. There's a lot of mischievous 13-year-olds apparently in Japan, because in September of 2017, Japanese police arrested a 13-year-old teen from Osaka for creating, advertising, and selling a mobile virus that blocked smartphone screens and prevented users from using their devices. They arrested a 17-year-old boy in February 2018 for creating malware that stole the passwords of cryptocurrency wallets, and another 14-year-old in June 2017 for creating ransomware and later sharing the code online despite the teen never using the ransomware in any attacks, and later admitting to having created it as a curiosity. Wow. You know, that whole thing of punishing people for creating something but not actually exploiting it, that is kind of scary to me. And that's apparently what's going on in Japan right now. And it's something that we've been seeing in the hacker world since the old days of personal computers, where some clever kid comes up with something that catches the grown-ups unawares and the instinct of the grown-ups is to immediately punish them. Yeah. Didn't that happen with the Melissa virus? Somebody, I think in Jersey, created it and was sent to prison simply for posting it on Usenet or something like that. It's nuts. But there are good things going on in Japan as well. In fact, somebody sent us this particular article. One of our listeners named O'Toole Patty. Thank you for tweeting this at us, our Twitter account, Hacker Radio Show. If Twitter is working, feel free to send us material. This is all about the importance of pay phones after disasters. This is what we've been saying for years here on this program. Apparently in Japan, they get it. Public pay phones turned out to be a vital lifeline during the major earthquake and tsunami that hit northeastern Japan eight years ago, as they tended to work even when cell phone networks went down. Most children these days are unfamiliar with them, which is something a telecom firm is working to change. NTT East surveyed parents with children in elementary school. Nearly 80% said their sons or daughters do not know about pay phones or have never used them. To encourage awareness of pay phones, the company has set up a website aimed specifically at children. The site has quizzes and videos to help explain how to use the phones. Unfortunately, we would need to know Japanese in order to make use of that. It also features a pay phone locator, which is pretty cool as well. NTT East says it will add a virtual reality experience so children can play at finding a pay phone and making a call on the site. Wow, how awesome is that? I want to play with this. A spokesman for NTT East said we hope children can use pay phones regularly and get used to different kinds so they're prepared when disaster strikes. The company also says it wants children to make sure they know the key numbers to call in an emergency because obviously you need to be able to call somebody and know a phone number if you're going to use a pay phone. You can't just hit a speed dial and expect that to work. This is a lot of fun because as we know from our own experiences at stuff like Maker Faire when we put phones out and kids who come up, we ask them to use them. Of course, ours are very old and rotary dialed, but even beyond that, pay phones are not, at least in this part of the world, something that kids are familiar with at all unless they've seen it in old films. It is interesting that there's now this renewed effort to celebrate the actual usefulness of that sort of infrastructure when you've got it instead of replacing it with dubious Wi-Fi networks. The system itself, the teaching of it, I think is crucial and memory regarding numbers because again the condition from the smartphone era is all about lists of contacts and things and you're not going to have that in an emergency. So that is critical stuff I think for young people to know as like a basic teaching thing. That's a really interesting thing to have it sort of mandated in a moment when we basically, like I was indicating, just year after year talk about it just becoming less available, less prevalent, less knowledge, more gaps and generationally speaking when you're talking to people about different types of telephone technology and it's a real treat to try to engage and open people's eyes to that and this formalized way I think is important. I think there's probably parallels, there's probably really good things here in the States we could pick up on especially with these new kiosks we're getting and so on and so forth. But remembering one or two numbers, that could be critical especially for a student, like an elementary age student in an emergency or they were lost or whatever the scenario might require. The thing is with those kiosks, they're not going to do well in a power outage, you know? They're going to just go dark whereas a phone gets its power from the phone line itself, the power you need to be able to speak on a copper line. I have the feeling in Japan they're keeping these things operational so that these kids are being taught how to use them will actually be able to find one. Where do you find pay phones in our streets anymore? They've all been taken away so even if you do teach kids how to use them, they still need to figure out how to find them. I think we lost the love affair with our pay phones. I don't think we have that sort of endearing like wistfulness, like we don't romanticize them as much anymore and we're not maintaining them. I think they're a little ugly too. I've looked at a lot of different pay phones from around the world over the years. You do know we have a very popular feature printing pay phones and I don't know if people would agree that they're not attractive. Yeah, no. It's actually because of that that I'm aware of so many more designs and colors and variations and I think maybe this is a moment we could benefit from a revamping of these old phones that we're not maintaining and nobody cares about. They really are trash. We get, I think, more imagery in the publication of American phones that are in bad shape. Mostly they're broken or burnt or removed. I haven't seen hackers publishing a lot of good pictures of happy, healthy pay phones but again, this is a maintenance thing. It's because it's fallen out of favor and the wireless has been so much more popular. Here's an idea for a competition. Find the happiest, healthiest pay phone in the United States. Something that is cherished and maintained and still works. We'll definitely print that. Or you could start a neighborhood pay phone watch where people take care of the pay phone, you know? People have like a schedule. They go and like spray it with Lysol or something. I don't know what you do. They name it. Stanley or something. That's their pay phone and it's a member of the neighborhood. Maybe get a little turtle wax, shine it up every now and then. Maybe boat polish. Yeah, that's what you do. And get a nice gloss on there and it'll be good for the community and then the community can care for it and check up on it and stuff. It also shows the differing attitudes toward the public infrastructure as well. One thing we're always going on about on this program is the value of older technology when our local authorities and entities in control want to get rid of the copper lines and they want to get rid of the old dependable stuff and replace it with things that you need AC power for and all kinds of other things just because they don't want to maintain the old stuff anymore. And here we have sort of a public attitude of like we have this infrastructure. How can we keep it useful? Yeah, I would love to see a survey of the lines that are maintainable and not going to disintegrate. In other words, if you had a new version or you had pay phones that you liked enough to install somewhere, what lines would you even install them on for like 10 or 20 years out? In other words, what lines are actually going to be there in that infrastructure? And you start going down that rabbit hole of what the heck is going on with the public phone network. And I don't know. It seems that in general we're replacing with these smart kiosks but they, like you said, don't have that background infrastructure that's going to go all the way to a central office and keep it up for hours and days and weeks. And that central management, that one thing of having power in a place like a central plant is critical in an emergency situation mostly. And I have a question since you brought it up. I'm wondering really how long would the new link NYC kiosks last in an outage or do they have dedicated power that's maybe off the regular grid? There's only one way to find out. Let's have an outage and see what happens. I know. I mean, I'm curious. Would it flip into an emergency mode and maybe have any kind of battery power at all? I have no idea. It was never really talked about when those were introduced and perhaps maybe someone could write us, oth at 2600.com if you know a little bit more about how those kiosks behave in emergencies. But one thing is for sure. They're not going to stay up as long as a payphone would if a payphone were connected to the central office because the current comes down. The phone line and basically you don't need a whole lot of features. You just need that dial tone. You need the voice to be able to be transmitted. And all this new technology, cell phones and kiosks, things like that, it's great. I love playing with them. I love using them. But when you sign yourself over 100% to be under their, to trust them and to be there when you need them, they'll be there most of the time. But when you really need them, when there's an emergency, you're going to find a lot of things just go out of power. They just cycle down. And what happens then? And that's a problem with a lot of technology is that we wind up giving up all the old ways and pouring ourselves completely into the new ways without realizing that there might be a cost to that. You know, recently I was reading, I think it was Abbie Huffman's Steal This Book. It was definitely something from that era. But I think it was Steal This Book. And there was a tip in there, a dubious tip where you could, if your electricity was out or you didn't want to pay your electric bill and you didn't want to pay your phone bill, you could still use the phone line that existed in everyone's house back then to power like a lamp or something, which I'm sure was totally illegal, probably still is. But it was a way to use the power in a line that you weren't paying for because there would still be power in the line even if your service was shut off. Think of it, people had princess phones and they would light up. How did they light up? They weren't plugged into anything. It was the phone line. Absolutely. But that was a dependable source of electricity for at least shady hippies to do that sort of thing. What made the phone ring? What made the actual audible sound? It's the bell ringing, but what gave it the power to do that? Wasn't plugged in. That's the magic of the old technology. And using technology in ways that aren't typical, they aren't the usual way, and in an emergency a voice line becomes this incredible tool. It's not just this novelty. It's like a lifeline when you have a problem or you need to get information across town or whatever the case is. Yeah. I read a story last week, I believe, of this diner opened up on Long Island and they had some kind of technical problem where they had too many customers and the computers crashed. They couldn't keep up with it. So they had to close. They literally closed down for a week to fix their computers. They didn't have a means of falling back onto the standard way of taking orders that didn't involve computers. They couldn't do it. And they lost all this business as a result of that. I think we need to be better trained to deal with things when technology stops working. And I just fear that we're being taught not to do that. Yeah. new convenient things and shedding the knowledge and the things that you would react to a situation like that. Like, you know, a manager would perhaps continue to make sales, make food, you know, keep things going in a venue like that in response, you know, OK, that's failed. We'll take it with a notepad and a paper. But people get so locked into the behaviors that the technology has conditioned them in their work or whatever day to day scenario it is that they're paralyzed by the lack of technology when it's when it's away and can't quickly snap out of it and realize, OK, no, this is a situation where I have to be the smart entity, not the phone. I'm trying to find out the name of the diner, but our Internet connection is down. So that's hilarious. I guess that is the ultimate irony here that we can't get that information. But it's out there somewhere. And I'm sure other people have examples, too. And again, we're not saying the new technology is bad. We're not saying it's an inherently bad thing. But there's nothing wrong with keeping hold of a dependable old fail safe. Absolutely. OK. Here's another story that I found to be incredibly interesting. In fact, I believe we have an honor to bestow on this particular person, Hacker of the Week. I think that's something. We don't have music for it yet, but we should get music for it. A new mobile app described as the Yelp for Conservatives is leaking user records and business reviews. That's according to a French security researcher. The app is named Yelp for Conservatives. The app is named 63 Red Safe. I'm sure that means something. OK. It features a motto of keeping conservatives safe and was launched over the weekend or a couple of weekends ago, actually, on the Apple and Google mobile app stores. Maybe it's number of senators, 63 red senators. I don't know. I'm sure that means something. I'm doing everything I can. Red makes me think. I know what red means. Yeah. That's the political party, I think, affiliation. You see, this whole myth that conservatives are perpetuating, saying that it's unsafe for them to walk the streets with their MAGA hats and, you know, all kinds of conservative getup. You know, there might be some instances, there's instances where people wear all kinds of things and get harassed. It's wrong in all cases. Depends on what you're talking about. Safe. OK. Yeah. You know, if people tell you what they think about what you're wearing and you don't feel safe. I'm sorry. You know, you maybe should you maybe shouldn't feel safe wearing that if opinions and people's reaction to what you're wearing is is your is perceived in some way as hostile. Perhaps it's a rightful reaction, you know, and what you are going to get if you walk around the East Village with a MAGA hat, you are going to get critiques and you're going to have to be prepared for that. But you know, you shouldn't get smacked in the face for wearing that. No, that's what I think is different. No, I'm not saying an air conditioner should fall on you just because you're wearing a MAGA hat. Well, that could happen to anybody, especially in East Village. But whatever. Anyway, the app describes itself as a service where users can read or write reviews of local restaurant and businesses from a conservative perspective, because that is what is needed. Helping insure, they spelled insure wrong, by the way, that you're safe when you shop and eat. Yeah. In media interviews, Scott Wallace, the app's creator, said he built the app after a series of incidents where conservatives were forced to leave or take MAGA gear off to eat at restaurants or enter various businesses across the US. Well, you know, if if you're a fascist lawmaker making all kinds of laws and saying all kinds of racist things, you might get harassed a bit when you go out in public, because it's the public that feels the effect of what you're doing. That should not be a surprise. That should not be something that is objectionable. Just simply wearing a hat, that's a little different. But again, you know, you will get some pushback if it's something controversial. Anyway, according to Baptiste Robert, he's a French security researcher who goes online under the pseudonym of Elliot Anderson, the name of the main character from Mr. Robot, the 63 red safe app is leaking almost all of its data. It's true. He says the app's source code contains the credentials of its author, but also a list of API endpoints to which it connects to store or retrieve data. This backend API doesn't use any form of authentication, Robert said. This means that anyone can look at the app's source code, get the API endpoints, and then extract data from the app server with no challenge or restriction. Using this technique, the French researcher was able to determine that 4,466 users had registered and created profiles since the app was launched. And for each profile, Robert said he was able to retrieve information such as username, email, avatar, follower count, following count, profile creation slash update dates, a ban status, and something called a hot score. Other API endpoints also allowed Robert to block users and tamper with the app's database logs and hide unauthorized intrusions. According to ZDNet, Robert said he did not test whether or not he could tamper with user reviews of restaurants or businesses. He didn't test that, but he was able to do almost everything, to be frank. Asked why he looked into the 63 red safe app, the researcher said this was because he found a similar leak in another mobile app for US-based conservatives in the past. What is wrong with them? Why can't they find a secure app? Some months ago, I analyzed the Donald Daters app. Oh my God, Donald Daters app, three hours after its release. I thought it was fun to analyze the same kind of Donald Trump-related app, he told ZDNet. And as for 63 red and the safety of its users, the researcher says he didn't notify the company of his findings, which he shared publicly in a Twitter thread. I didn't contact them, Robert said. Let's say I don't really like Trump fans, and that's why you're Hacker of the Week. Thank you. Thank you for that. Well, for me, the company is striking back. Oh, oh. Yeah. Oh no. We take this matter very seriously and have already taken action to additionally protect our data, which they should have done in the first place. The security of our users and conservatives generally is our primary concern, and we will continue to improve our systems in any way possible to guarantee their safety. But they, you know, like so many conservatives, they did not stop talking, they kept going. The individual who noticed the original issue never gained access to any user's passwords, nor were they able to change or alter any data in our servers, nor were they able to log into our servers or access our databases directly. As we have seen across the United States, conservatives particularly have come under attack for their political beliefs, verbally, physically, and electronically. This is unacceptable in a free society, and we will take every action to stop it and assist our users in that as well. We see this person's illegal and failed attempts to access our database servers as a politically motivated attack, and we'll be reporting it to the FBI later today. Okay, you know what? You're lucky this person came along and told the world about it before you got 5,000 people using it, you know, or maybe 6,000 people, but that's pretty much all I think would ever do it, and really found yourself in some trouble there. This kind of thing is good to reveal, and we also are revealing these ridiculous apps as well, so if you don't want to play in the playground, stay on the other side of the fence. Yeah, you don't get a free pass to have an insecure app just because you're conservative or whatever else, but it does also seem to be a conservative thread where they're referring to his successful attempt to access their system as a failed attempt to access their system, but yeah, we've got to give this guy a proper shout-out because, you know, Hacker of the Week, you can find him. His screen name is a mutation of Fsociety from Mr. Robot, but it's spelled funny because we do that sort of thing, so it's FS0C131Y, and that's his username on Twitter, and that's also his .com if you want to just go to his site, but yeah, and I think pretty much everyone in InfoSec should be following this guy because he posts a lot of good stuff, not just that. I think it's interesting, I mean, talking about how the auditor of a particular software program didn't get access to this, that, or the other thing within it while auditing and telling people that your program isn't really as secure and well put together, it's kind of interesting because I'm really curious, isn't it still leaking data? I mean, unless they fix it, the threat was never the auditor, in other words, the person looking at it saying, hey, this is broken. They make it out to, in the PR piece there, the press release, that he's been neutralized and they're reporting this thing to the FBI, but as he said, they should heartily thank him and then fix their stuff, because otherwise it's still potentially broken, and so talking about how this one individual didn't get into this and that really is irrelevant, it makes no sense, because your stuff still is crap. It wasn't an attack, it was a revelation of a security hole, and he is under no obligation, at 2600 we've lived by this for decades, we reveal security holes, we are under no obligation to help the company fix them before anybody finds out about them, if it's something that involves people's personal information, they have the right to know that their information is out there and insecure, and if you listen, if you listen to what is being said by the people who are discovering these things, you might actually fix it before too much damage is done. And a big thing with exploits and stuff, and we've talked about why and covering those in general on the show before, but couldn't he have sold this vulnerability and sold it on the open market to whomever wanted, maybe an intelligence agency, maybe some opposition research firm, whomever, would want to get data about these creatures, it could then have been something that got top dollar, and he didn't say anything to anyone. So what- He went on Twitter. He went on Twitter, so I mean- Right, right. But- He embarrassed them. Right, but to act as though the looking and the evaluation of it was as much of the problem as the broken program is really, really silly. But this is- It's nothing new for us. I mean, every kid in high school who has been busted by his computer science teacher for figuring out how to get to a DOS prompt when he's not supposed to can tell you that the defensiveness of the system admin who realizes he doesn't know as much as a 13-year-old, that is something that's- it's a force to be reckoned with. Yeah, and I'm just arguing in parallel that I think that what is more common now is that people will be self-serving and want to make some money, and there's a huge market for it thanks to the intelligence and surveillance machine that exists in this country. But that is often an outcome, so to have reported it, and like you said, traditionally, we're under no obligation as private individuals to do anything really in good faith. In fact, often it's bad faith. But the people who sell these things, they are scum as far as I'm concerned. It's got nothing to do with what hackers are all about. Totally. What this guy did, that's what a hacker does, reveal the security hole, tell the world, and often face all kinds of threats as a result. Rob? It's a known process in information security that there's many different ways you could choose to do your disclosure if you'd like to disclose an exploit that exists in someone's system. And if you want to play nice, you can tell the entity affected quietly and give them time to fix it, and then later say what happened. But you're not really under an obligation to be nice, and you're not under an obligation to coddle anyone who wants to put an app out there and doesn't take the basic security measures that they should have. And yeah, there is a market out there where people buy and sell exploits like this. And it's a thing that exists, and it's crappy, but this person, this researcher could have just gone and had a nice payday, but instead chose to put it out there so it does get fixed. And if you're running an app or a service or a site or whatever, and you get wind, whether it's by someone playing nice or whether it's by someone posting it on freaking Twitter, your priority is to fix the holes, or take down your system until you can get it working in a functionally safe way. Your priority is not to punish that person as though they caused the holes, they found the holes. Yeah. You should be thanking them. Not that I ever expect that to happen. Hey, we said we were going to take phone calls. We're going to do that. The phone number is 212-209-2877. I'd like to read a letter that we got from one of our listeners concerning last week's show with Bill from NoStarch. It was great to hear Bill at NoStarch Press, but it wasn't great to hear that he and his authors are being pirated by Amazon, no less. I'm a big fan of their books. In fact, I've got impractical Python projects, cracking codes with Python, and wicked cool shell scripts sitting on my desk at work. I checked the spines. They're legit. Thank goodness. I purchased two of those from Amazon before I knew all this was happening. The last one I bought directly, and I will only buy NoStarch books from the NoStarch store going forward. I even placed a pre-order last night, actually, after listening to the show. What some listeners may not know is that when you order directly, you get a free PDF version with every hard copy purchase. That's a ridiculously good deal, no DRM, of course, so you're going to get some jerks posting torrents, but I hope the majority don't do that. I don't want to see one of the really good publishers go out of business because the books are super high quality. Since I'm in Southern California, I'm a podcast listener, so I can't call in live during the show to pledge. Once I heard about the NoStarch package, I went straight to give2wbai.org and pledged for it. I don't know if it's still possible to do that, but anyone listening now should try that. Go to give2wbai.org and see if the NoStarch package is still there, along with our other packages that we offered over the past month. It's a fantastic deal for a couple of great books, one of which I was going to buy anyway, so if it helps you guys out, double bonus. Thanks for having Bill on. Thanks for the great package offer. Thanks for keeping the show and the station going, and yes, I voted since I pledged last year. I got the email. I voted as, I guess, their conscience dictated. Hope it helps. Tharn Raven, thank you very much for that letter, and you can write to us too, oth at 2600.com. Again, our phone number, 212-209-2877. We'd love to hear from our listeners. Let's hear from one of our listeners, in fact. Good evening. You're on off the hook. Go ahead. Yes. I saw some information from GlobalResearch.ca about the power outage in Venezuela, that it was, I'm guessing that it's a type of Stuxnet thing that they used to disrupt Iran's nuclear plants a few years ago, and that they should get Kaspersky, that Venezuela should get Kaspersky on the case to fix this. I mean, it shows one serious vulnerability in centralized electricity, rather than decentralized solar power. But I wonder if you have any comments on a power outage, very, very severe situation in Venezuela. Yeah. It's a terrible situation. I'm no fan of the regime there, but what's happening, I think, is terrible for the people, and this is a very suspicious outage, as far as its timing goes. The thing that gets me is that people are saying, oh, yeah, it's conspiracy theory to say the U.S. had something to do with the power outage, but these very same people will say that Russia, or some other country, or just hackers in general have hacked into our electricity grid. Yeah, that's believable, but it's not believable that our country would hack into some other country's electrical grid, especially one that they're trying to topple. So we don't know what's going on, but we certainly can entertain the possibilities, and that is one definite possibility. Thank you very much for the call, and we'd like to hear other theories about that as well. Again, our phone number, 212-209-2877. I was trying to race before the line went away, and if your phone is ringing somewhere, it's not ringing here. We have this weird system where it transfers to another part of the station after something like 10 rings. If your phone is ringing, please call back, 212-209-2877. Just with regard to that, the example she gave was in relation to centrifuges and a system, I believe it's called SCADA microcontrollers, and that was part of what that software exploited once it got into the network of the refining facility. So a power plant would be a different type of network, and different controllers, and as you said, Kaspersky coming in there, or someone coming in to audit and otherwise take a nice forensic look at what might have happened, is difficult under the circumstances. So we may not know immediately, but when the U.S. goes in someplace, I think in Iraq as an example, infrastructure's the first thing to kind of mess with to make things unstable and commence whatever else you're going to do there. And so in this situation, as E said, we're not really doing anything there. I'm putting that in big air quotes. Big air quotes, yes. Big air quotes. So maybe this is as far as we'll go right now, because we're mad about food not getting over and aid not getting over the border. Who knows? All right. And again, good to have some kind of backup system so that when this happens, if this is what is happening, there's a way to thwart it. Let's take another phone call. Good evening. You're on off the hook. Go ahead. Hi. I tweeted you guys. You were mentioning about taking loving care of one's pay phone. There's a pay phone outside my front door, and I haven't looked at it lately to see what shape it's in or if it's working. But I was just thinking about Douglas Adams writing about how lack of telephone sanitation engineers would doom the planet. Yeah, there's a lot of truth to that. Apparently, it's a high place to get lots and lots and lots of germs, the phones and keyboards. Yes, keyboards and definitely smartphones, too. They're with you all the time and with you before, during, and after every meal. No, I'm saying the pejorative, we, us, everybody using them. Maybe not you personally, of course, but yeah, absolutely, and that is a great reference. Thanks for sharing that. Please go visit that pay phone tonight if you can and check in. Check in with it and see if it's okay, and if it's not okay, find out who is responsible for it and maybe we can nurse it back to health. You want a report from me? Yes, absolutely, of course. I want a report on every pay phone in the city because there's so few of them. Okay, I don't know that I'll be doing it tonight. Well, by the next show, how about that? They're very neglected, so anything you can do would probably be quite welcome by that object or whomever does, once in a while, maintain them, but it might be kind of cool to get a design challenge, like a 2019 model. I want to see the latest in pay phone technology. What is there to offer? I doubt this is the latest in pay phone technology. It's probably a very old pay phone that's been sitting there for a long time. Yeah, that's my point. Maybe people would spit on them less if they were cooler or taken care of. I don't think they're even on vandals maps anymore. No, they're not. People just ignore them completely, so they don't even get vandalized because nobody wants to take the time. Who should I send my report to? You can email us, oth at 2600.com, or if we take phone calls next week, just call back. Okay. All right, thank you for calling. Bye. And we have room for one or two more calls, which have also transferred somewhere mysterious. 212-209-2877. If you're calling from overseas, of course, our country code is 1. We'd love to hear from our listeners. Since we're not asking for money anymore, except for saying that you can always go to give to WBAI.org, or become a BAI buddy, or text WBAI to 41444. But we're not on the air actively soliciting your calls, except to be on the radio, like this person is. Good evening. You're on Off The Hook. Go ahead. Oh, hi. This is really an off-the-air question. I just wanted to know, is there a place, is there an address where you take a sail mail? You mean at the radio station, or for the magazine? Both. Okay. Okay. Well, Rob, I think you've got some information. And by the way, you are on the air, so I'll turn you down, so that we can just answer your question. Go ahead. Well, the full mailing address for this radio station is on our website at WBAI.org. If you click to the Contact Us area, it's got the full info there. It's 388 Atlantic Avenue, Brooklyn, New York. I don't know what the zip code is, but I'm sure that's easy to find out. Neither do I. But yeah, 388 Atlantic Avenue. And yeah, you can write in care of whatever program or whatever producer you want to contact. All right. Let's take another phone call. Good evening. You're on off-the-hook. Go ahead. Just a side note. Uh-huh. I used to clean telephone booths. Really? Was that your job or your hobby? No, it's a true story. It was a subcontractor, subcontracted job. I was 18. Wow. I had a car. And because I did so much on my route, they didn't want to hire me. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. So I had to do a lot of work. And because I did so much on my route and I was trustworthy, they let me take the car home at night. But I had to swear not to drive it anywhere, but to and from my jobs. And so I did completely one end of Long Island to the other. You mean you wash payphones all the way down Long Island? I did. Wow. Yes. Only certain ones. And I came out on a printed, old-fashioned system. I'd have it printed out. I'd have it printed out, you know, itemized place where each phone booth was. Uh-huh. And the person that had the contract had an electric store in Best Page, and subcontracted it out to kids. So whatever he made, he gave us a cut. Interesting. So not only payphones, you were cleaning the actual phone booths. The phone booths, yeah. Wow. Yeah. On behalf of everyone who was terrible to the phone booths, I grant you the deepest apologies. I think I might have left a gum wrapper or two in them in my time. Let me just ask, I'll probably never have this opportunity again, but what was the biggest challenge involved in cleaning these payphones? The hardest and disgustingest thing was a dead dog in one of the phone booths in Montauk. A dead dog in a phone booth in Montauk? Yes. Wow. There's your concept album. Right. Who was looking for a concept album? That's it, right? Disgusting things. Wow. Okay. Disgusting things and payphones. That was a phone booth, I take it. Yes. Wow. But I just had to say that I always wanted to tell people that was an actual job. Thank you for your service. Yes. Thank you very much. And sadly, those days are over. Maybe there'll be some future opportunities for things like that, but great to hear these stories. I mean, I remember a picture of a rat inside of one of those MetroCard machines, you know, where the coins come out. And he was alive. It wasn't a dead rat. That was a living rat. I don't know how he got in there, and I don't know how he got out of there. But boy, what a surprise for anybody getting a MetroCard. That's going to be our show for tonight. Thank you, everybody who called in. Sorry to those we didn't get to. You can write to us, oth at 2600.com, listen to all of our shows on 2600.com slash Off the Hook. They date back to 1988. And listen again next week when we come back for another exciting edition of Off the Hook. Please continue to listen to WBAI. Have a good night.