 Daily Tech News show is made possible by its listeners thanks to all of you including Reed Fischler, Larry Bailey and Michelle Surge you Coming up on DTNS Jack reciter talks to us about how he gets those excellent stories for dark net diaries Plus should we just accept that people think hacker is a negative word and DARPA's plan to secure open source This is the Daily Tech news for Monday, July 18th, 2022 in Los Angeles. I'm Tom Merritt and from studio Redwood I'm Sarah Lane. I'm the show's producer Roger Chang and as I just mentioned joining us host of dark net diaries Jack reciter Thanks for joining us Jack. Glad to be here. Thanks for having me. I really appreciate you taking the time We are huge fans and when I say we not just us on the show But like every single person in our audience you were the number one person when we asked like who should we get on the show this week? So we really appreciate it. We'll have to do this more than once then. Yeah, absolutely. I'm in Let's start however with a few tech things you should know snap announced snapchat for web which lets users send snaps and chat through a desktop browser the features limited to snapchat plus Subscribers in the US the UK Canada Australia and New Zealand at launch Eventually expanding to subscribers in other markets and then to all users and yes The web app will also prevent users from taking screenshots But remember it can't stop anyone from taking a photo of a snap on the web with their phone Instagram added the option to shop through chat the feature began rolling out to qualified small businesses in select countries letting customers ask questions Get product details and check out using meta pay in the chat interface. What's app added chat based shopping back in October Denmark's data protection agency ruled that data processing of student data using google's workspace suite does not meet the requirements of gdpr The agency found that google's data processor agreement allows for data to be transferred to other countries to provide support Although ordinarily student data is stored in an EU based data center The agency ruled that schools in the municipality of helsinger must stop using workspace and chromebooks as a result Further saying that the ruling will probably apply to other municipalities and that it expects then to take relevant steps based on that decision If any of you missed the net neutrality debates, guess what they're coming back The washington post reports that u.s senators ed markey and ron wyden are preparing to propose So they've got a proposal and they'll propose it soon The net neutrality and broadband justice acts It's a small bill two pages, which is nothing for congress It would reclassify broadband telecommunications as a title to service or a common carrier as it was under the fcc During president obama's administration the internet was reclassified under president trump as title one an information service more like cable tv This new bill would also give the fcc the power to set rules against throttling blocking or paid prioritization The verges sources say they could introduce the bill sometime in august It's not clear if the bill would garner enough support to pass or not speaking of things like that FCC chairwoman jessica rosenwursel circulated a notice of inquiry to fellow commissioners seeking to increase the national broadband standard from 25 to 100 megabits per second and downloads from three to 20 megabits. I'm sorry 25 to 100 megabits up down three to 20 megabits up Remember the fcc is split to two right now. So she may not be able to get them to agree to that either Metta announced a plan to acquire giffy back in may of 2020 The deal attracted regulatory scrutiny in the uk with the competitions and markets authority Ultimately ordering meta to unwind the deal November of 2021 meta appealed the decision to the competition appeal tribunal That body largely sided with the cma but found that the cma failed to properly inform meta of snaps acquisition of giffy cat Thus undermining meta's defense as a result the tribunal ordered the cma to reconsider its ruling giving meta an opportunity to comment On its final report. Stay tuned All right, let's talk a little more about open source. Some people probably still think of open source software as a hobby Uh, you imagine the the individual tinkering around with their code railing against proprietary systems and and that kind of thing Absolutely still exists, but open source software is Much larger than that it underpins a large part of how the world operates the dominance of android and linux based servers Means that pretty much most tech that boots up boots the linux kernel at startup And that's just linux mit technology review notes that Multiple open source projects are essential for the infrastructure of the internet as well as things like power grids shipping transportation and more The theory goes that open source software can be more secure because it has more eyes on it than a closed software Uh situation, but there are so many projects now than inevitably a few are going to escape scrutiny For example in november of 2018 Someone managed to push a back door into a widely used javascript module called event stream After the volunteer who maintained it handed it over to somebody that they didn't know These cases aren't common. They're rare, but as spam has taught us at scale rare cases can cause problems So the united states defense advanced research project association, uh us's darpa You know the folks who brought you the internet have launched social cyber an 18 month long project designed to map understand And protect open source code and communities. They're going to use automated tools to do code analysis looking for potential bugs And also things like sentiment analysis on social interactions. So for example the linux kernel mailing list They would look to see hey, do we detect any patterns that indicate somebody's maybe up to no good Darpa contracted multiple teams of security researchers Who are going to look at code contributions to critical open source projects like the linux kernel? They also mentioned python would be one of these as well And they will identify areas of under investment where important parts of the open source ecosystem are run entirely by handfuls of volunteers For example, new york's margin research is mapping out who works on the linux kernel Turns out the largest contributor is huawei But code is also written by russia's positive technologies Which is currently sanctioned by the us and also members of the us nsa The point of the project seems to be getting a handle on where code is coming from As well as how to safeguard that the code is indeed benign jack. Do you have any thoughts on whether this is a good idea? a good a good path forward Yeah, I think uh, I think it's probably good for someone To have like a second set of eyes on some of this stuff I mean one of the one of the early stories that really got me into why I make my show was the heart bleed story And this was a vulnerability in open ssl and um, that was a big problem, right? It resulted in lots of stuff happening And so there was some folks that were like well, we're going to make our own version of open ssl And we're going to fork it and that was I think liber ssl And at the same time open ssl was finally getting some funding And so open ssl was getting all this extra bugs fixed and stuff and liber ssl was like a fork of it And they were fixing bugs and it were like it was going in all these directions And it wasn't it was like interesting to see what happened after heart bleed, right? And I wasn't seeing that and that's kind of why I was like wait I want this update of what happened after that What were all the changes that happened and and you know, did it get the funding it needed and the support it needed? so um, I think we've seen quite a bit of vulnerabilities happen in major open open source software that it would be nice to have I don't know some some significant support on them to audit it or review it or You know, maybe even give some sort of approval of like this is allowed to be used in Software or something like that because you know, we've got all sorts of standards that the government has to Agree to before they can accept software and so their systems and stuff too So yeah, I think it's an important thing that's going on here is Open source is is important to just the fabric of the internet and having some sort of support there because a lot of these projects are lacking support Yeah, I think having an organization that is independent that tries to keep track of things is necessary now because of the number of projects that are out there It's it's just impossible For it to be done without a little bit of organization Whether DARPA is the right ones to do that or not I think is debatable But I think they are the right ones to maybe point the way And maybe what comes out of this is The information you need to be able to set up some kind of independent effort That that in the open source tradition will allow people to like get on board and say, okay We're going to be the folks that we're going to be the ombudsman so to speak that that try to look over everything like this I think it's a good start for sure Yeah, I think there's just like massive amounts of open source projects out there So it's going to be interesting to see which ones they actually look at and do anything with because you know They'll probably be able to touch less than 1% of of what's out there But you know the important ones out there. What's the what's the critical infrastructure that needs to have a good solid Working framework to it is going to be fascinating to see what they deem critical. I suppose totally Well in tech circles the term hackathon has been part of the common parlance of our time Skating together a group of engineers programmers working intensely on a project over a day or two We are used to hackathons Then you've got yourself one the term even made it into the oxford english dictionary back in 2012 But stacey morford recently published a piece in the conversation She made the case that while the term is common in the tech industry Might be time for some alternative names to take root, especially in the health industry Yeah, so the the marathon part of hackathon the thawne part of the portmanteau Isn't really the problem nor is the efficacy of hackathons themselves But morford points out that research shows the general public thinks of the word hack as negative They associate it with malicious behavior and while it may seem like an innocuous difference when you have organizations Organizing hackathons around things like health care and other sensitive data sets the term Sometimes does these efforts no favors There are alternative names. I mean hackathon could be called a data thawne maybe a code fest But morford notes that these pale in comparison to the popularity of hackathon which shows about 90 90 times more results in google search compared to data thawne and about 30 times more in scholarly publications Yeah, she's talking specifically about the health care industry in her conversation column But I I think there's a there's a wider topic here for a long time on this show We try to refer to malicious hackers as attackers Or something else specific to what they're doing and we try to reserve the use of the term hacker for its broader meaning of Somebody who likes to mess around and try things But i'm wondering now after you know 20 some years of doing that Whether that battle is over English is a living language and sometimes you just have to admit that the language has moved on Is hacker one of those words? Is it generally a negative term now jack? I can't imagine you haven't given this some thought yourself Yeah, I think um hacker has become such a common day parlance term. I mean i'm thinking immediately The life hacker dot com hack a day. Um, there's a book called parenting hacks I mean i've gotten an aunt who's not into computers much at all Yet when I go with her to the the smoothie shop, she's like i've got a hack on how to get You know a certain kind of smoothie that they can't make on the menu or something like check it out And i'm like that's not a hack and and but I love how everyone thinks that they're a hacker Just because they can navigate a food menu properly um So I think that term I mean if my aunt is using it and she doesn't have that um, you know Hacking mentality like we imagine what a hacker sounds like Um, what is hack anymore? Right? And so, uh, I think it it definitely doesn't have a negative connotation Just in the sense of like, yeah, I've got a I've got a travel hack or I've got a parenting hack Like that's totally not negative at all. That's a great thing. Oh, I want I want to hear about that Tell me about your parenting hack and so yeah, I I take I take uh You know, I disagree with the idea that hack has such a negative term I think it's used very commonly now I I feel like you have given me new hope jack Because you're right like we have we go to the bubble tea place And people talk about like, you know, like, oh, I've got a hack for getting more, uh, you know regular user things on the on the frequent bubble tea card And and we never think of that as negative. You're you're absolutely right So we just need to wait it out maybe and and continue to use like, you know These are attackers or these are sophisticated actors or whatever it is for the people doing malicious things because I think it's only in terms of Stories about computer attacks that hacker has that negative connotation Yeah, and I think Go ahead. Oh, okay. Uh, I I was just going to say I love you bringing up life hacks Life hacker, you know, one of my favorite websites, but life hacks in general I use that term all the time and I don't even realize it and people know what I mean They don't think I'm breaking into someone's computer when I say something like oh, I've got a good life hack for you into their life Right, and I I think also there You mentioned the bubble tea place tom I subscribe to a newsletter that's all about Flight travel hacks basically how to save yourself money as much money as possible You know when you're traveling somewhere, maybe when you get to the hotel There's a hack to get upgraded to a better room type of thing No, nobody doesn't think you either read the newsletter or you don't but if you're interested in that sort of thing It's like this can save me money and time. These hacks are good. I think that Probably everyone in the audience knows better But people who say oh computer hacker, well that means, you know, they're gonna Take down a you know the department of energy, you know If we don't stop them first that's a scary kind of hack because a lot of people don't understand that Yeah, I think uh I think everyone wants to be a hacker secretly And that's why we use things like oh, I got a travel hack and stuff but um, I I I do um I do kind of want to unveil like what this on what this hacker thing is And that's kind of why I do my podcast like oh, it's this person in the basement with a hoodie on or whatever And um, you know oftentimes my show talks about like no this kid was in fifth period class And he just found a post-it note on the teacher's desk and grabbed it Like that's not like the hacker you imagine and he's doing it on a tablet in the back of class Like it's it's a different like gives you a whole different view set of what Uh, you know criminal hacker might be and and I agree with you instead of using the term hacker on my show I often use a hacker or or Extorter or criminal or that a thief or something like more more specific. Yeah. Yeah No, I there's a mischievousness to hacking That is apparent in these life hack travel hack examples, right? Which is like you're not maybe you're skating along the line of of the rules or the or the law But you're not up to no good You're just you know trying to see how the system works and that I'm I'm glad that you pointed out that that ethos is still preserved in in those arenas. So Um, yeah, like I said, you've you've given me new hope for this. I'm gonna. I'm gonna keep it up Uh folks as you as you may realize it's special guest week here on dtns all uh this week If you like what you're hearing, please Tell others and thank our guests for coming on Tell your friends to watch or listen to daily tech news show all this week Darknet Diaries is an investigative podcast that focuses on various aspects of cyber crime, but also online security Hosted by jack here. Uh, it is as I said hugely popular amongst the folks in our audience and the staff here Jack explain dark net diaries. Why why did you start this? I feel like I wanted a slow news version of Of cyber security stories, right? So if you if you listen to the news, it's like well, here's the breaking news and this You know site is down or this place got hacked, but you don't know what's what happened You don't know who did it or what so I was like, okay Let's wait until four or five six years later and let's cover that whole story I want now I know it all and now I know who did it I know they were arrested and I know they were caught and all this sort of thing So we can finally go back to the beginning tell the whole story Soup to nuts and I think that's a proper way to tell a cyber security story And I was lacking that in the in the world. I couldn't find that so I decided to make it myself Like what's that whole story like I mean the full story now not just a current a current version When we were asking people, uh, you know, okay We're gonna have jack on what what kind of things would you like to hear him talk about? Universally people wanted to know how do you find these stories? How do you get these people to talk to you? Hmm. I've kind of got three maybe four different ways of finding stories Um number one is I just keep my head in the in the game, right? I'm on twitter I'm I'm watching the news. I'm all this kind of stuff So I kind of know what's happening and what are the big stories and the big stories I let simmer for quite a while before I do anything about, you know People are like hey, there's you know stuff happening coronavirus hacks are happening or something I'm like, okay four years from now I might cover that But thanks for telling me now because I've got a pin in it and I'll come back to that So just like knowing what's out there, but I do um, I've got some google alerts like hacker sentenced I think is a good google alert because when they're sentenced now I know they were arrested and if they're arrested that means they've done a crime And if they've done a crime now, I know what they've done and I can go all the way back and and figure out from the start So there's a bunch of google alerts that I have that just look for stories um some other google alerts are like biggest hack ever biggest, uh data breach ever like Hack that reads like a Movie, you know, like just these strange things that people might write about Um, but then I also have people at this stage I've gotten so popular that people are bringing me stories And so people are coming out of prison and like I don't know who you are But my friend says I should talk to you to tell my story and I'm like, okay And they're like in a halfway house calling me on a borrowed phone or something and it's amazing Some of those stories are really incredible. So yeah, I'm lucky to have stories brought to me at this point I'm curious. Oh go ahead, sir I was going to say we certainly we cover some of what you cover, but we're a daily techno show, right? So we cover things and then we cover them again when we find out more information and often stories can go years and years and years And we've we've gone back to them several times and even had to correct information as information has changed Do you ever I know that you like to play the long game when it comes to to your the diaries themselves because you Want to have all the information and and be able to tell the full story? especially when people are Coming to you with stories that would be and could be very compelling. Do you ever feel the need to Rush anything out to revisit later? Yeah, there's sometimes like very rarely there's I get lucky where there's a You know a hacking story in the news or whatever and the person who did it comes to me and says I'm the one I'm the one and then these headlines and I'm like, okay. Well, I guess I could Tell your story before you get arrested or something like it'd be interesting to hear what from your perspective So that doesn't happen too often. I usually do Wait, like if somebody comes to me and says I'm you know actively doing criminal stuff. I'm like, okay I'm not going to like publish that because I have some sort of um I don't know a responsibility that I don't want to glamorize some of the criminal behavior that people are doing and so I really kind of like like I I prefer if they Like if somebody comes to me and says I've got I've done some criminal stuff in the past I'd like to tell you my story. I'm like, were you arrested. That's my first question like tell me show me your indictments Show me the the you know Court documents because that'll um help me understand that there's kind of a narrative there as well of like yeah You've done all this terrible stuff But then you were um caught and you've received some sort of punishment for it because like I said, there's some sort of Responsibility I have of not glamorizing it too bad You've mentioned several times about people coming to you and I that partially answers my question But why why do you think people want to talk to you? You would think it would be the opposite that people want, you know, don't want to make their crimes known Especially if they haven't been arrested yet Yeah, and and to top it off. I think it was very difficult for me to ask people Hey, do you feel like telling me about that worst day of your life at time where you were hacked Or you did this like horrible crime or whatever and like I was really nervous and not even wanting to talk about it, but You know as I got in as I asked those really hard questions in some of those early interviews Those people were telling me like wow I've never actually spoke about this in such detail with you with anyone Nobody's asked me how I felt the moment I pushed enter, you know, like that that's like a whole new question that nobody Nobody's ever asked so it was it's almost cathartic for some of these People to just express it all and get it off their chest and say yeah, that's what happened And you know some of the news stories get it wrong and so now they want to come on and say I want to I want to set the record straight. This is not the kind of person. I am here Here's more clearly like what why I did things and stuff So they don't like how the media portrays them sometimes and they want to get that cleared up but um, I mean, I think a lot of criminals kind of like um, you know having that sort of Feather in their hat of like look at the cool thing I did or something, you know, even though they were arrested and Served prison time and stuff like that. Um, the thing that I don't hear much of at all. I mean, I get pitched every day I'd like, you know, we have the CEO of our of our cyber security company I would like to come on your show and talk about You know be an expert in these emerging threats and stuff and I'm like I want to hear the time when your company got breached or when you got inside a threat That just took you down and hit you and you were on your knees and you didn't have a plan And you had to figure out how to work through this and no CEO wants to come on my show to tell me this and so we do have these kind of embarrassing moments of like Well, that was a horrible time. Why would I tell you that it doesn't look good on my company at all? I want to come on your show to look good not to look bad And I think we are lacking that just kind of in the industry and I want to I want to bring that out of like here Let's expose ourselves in in this vulnerable way of like just saying this is where we sucked This is where we dropped the ball. This is how we could have done better And this is how bad it was, but this is how we're fixing things in the future I wish I could hear more of those stories honestly. Yeah, I feel like it would be just as therapeutic for the industry You know once once that if that were to become the norm for companies to feel like, oh, okay We we aren't risking everything by admitting that something happened In fact, we're able to better defend in the future because we're sharing information more at least it feels like it might Be like that. I mean I go to conferences to try to find people who share the same pains as me, right? And so if we're sharing them publicly, then I think it could connect us in a better way Yeah, well folks you hear that get in touch with jack be the first be the one to to to brave the change Well moving on to space the first pictures from nasa's james web space telecope This telescope have been making the round some really beautiful stuff You've probably seen at least a few but the new telescope has already had a few rough patches in a short time in operation Back in june nasa disclosed that a micro meteoroid struck one of the telescope's 18 hexagonal mirrors between may 22nd and may 24th nasa have released a new report on the incident detailing more about what the damage actually entailed While the number of micro meteoroid strikes met pre-launch expectations You're going to run into stuff in orbit That's just how space works and the magnitude of one of these caused a significant blemish in one area That nasa said caused significant Uncorrectable change in the overall figure of that segment nasa expects the overall impact of the telescope's mission to be small As the other mirrors remain unblemished and realigning the mirrors allows it to operate within performance limits The next dust generating event that the telescope needs to look out for is flying through particles from halley's comet in 2023 and 2024 Well, they had better luck than Hubble I guess which if you remember they they had to fly up and change stuff out at least they could just sort of you know Get around uh this this problem, but but yeah, maybe I don't know Do they need more shields or something like that's that's scary that that happened already Uh, thankfully it did not it did not Affect the amazing pictures that were getting out of it so far and it seems like it won't Fingers crossed. Yeah, no kidding. Uh, I I mean I've been very transfixed by some of the images So james webspace telescope. We believe in you Just stay away from the micro meteoroids or even the bigger meteorites micro meteoroids stay away from the jwst Please Yeah, yeah, go bother somebody else. We're doing good work here Come on The humans need information Uh, thank you so much jack reciter for being with us today. Such a pleasure Let folks know if they would like to DM you some cyber crime tips or follow your podcast or anything else that you do. Where should they go? I'm most active on social media on twitter. So my name there is jack reciter And um, you can follow my podcast on the website dark net diaries.com Very cool. Um, very very beautiful art on that website as well And I like your explanation of how you make art and then somebody who's really really good at it makes it really really cool Yeah, it's a combination of a little collaboration I'll I'll do the initial design and then give it to an artist to uh, kind of clean it up Yeah results are pretty cool. Uh, thanks to our brand new bosses andrew and eric came in over the weekend Just started backing us on patreon. Thank you so much, andrew. Thank you so much, eric one for each day on the weekend, right? That's perfect. Y'all are best like a tag team Yeah, and you know tomorrow it could be you There's a longer version of the show called good day internet. Sometimes we call it gdi. It's available at patreon.com Slash dtns and we roll into it right after dtns wraps up Just a reminder we do the show live monday through friday at 4 p.m Eastern 200 utc find out more at daily tech news show dot com slash live We're back tomorrow with scott johnson joining us and special guest wil smith on the democrat democratization Of broadcasting a special guest week rolls on talk to you then This show is part of the frog pants network Get more at frogpants.com Diamond club hopes you have enjoyed this program