2024-11-23 01:47:48
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we talk about conjuring gaming memories, AI-generated Birkin bags, and a rejection of a certain type of criticism.
JOSEPH: Yesterday I did something unthinkable. Deranged. Sordid. I played World of Warcraft.
On Thursday Blizzard launched fresh servers for the Classic version of the massively multiplayer online roleplaying game. Basically this means that, although World of Warcraft is still going strong (its recent expansion, The War Within, has got pretty good reviews and player counts), and despite there already being World of Warcraft Classic (which started at the original, or ‘vanilla’, state of the game and has steadily progressed through its expansions), there is now a third, maybe fourth parallel strand of the game which has gone right back to the beginning.
I played World of Warcraft a lot back in the day. I joined during The Burning Crusade, the first expansion which came out in January 2007. The idea was to keep in touch with a best friend at the time who had moved away. I was absolutely playing it for social reasons rather than anything about the game itself. But I got heavily invested. I became one of the best PvP (player versus player, where players kill each other) players on my server. I will never forget the moment I crossed the threshold of a particular ranking which meant I unlocked the final piece of PvP armor in the game.
2024-11-23 01:34:23
This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. To subscribe to Court Watch, click here.
Six men have been indicted for allegedly stealing trucks full of expensive electronics from Meta and Microsoft, including a truck hauling $1.5 million-worth of Oculus headsets, according to court documents.
According to the indictment, the six men traveled from various locations across the United States to Indiana, Kentucky, Ohio, Tennessee and other states “to steal products that were shipped in interstate commerce”. The co-conspirators allegedly surveilled distribution facilities “used by various national companies to distribute their products” and followed semi-tractor trailers leaving those distribution facilities. When those truck drivers stopped to rest or refuel, the co-conspirators would steal the entire semi-tractor and trailer, hook up the trailer to their own semi, and abandon the stolen tractor.
In many cases, the co-conspirators “would paint over any logos and/or identifying numbers on the stolen trailer, and use different license plates in an effort to conceal the identity of the trailer and evade law enforcement detection.” In many cases, they transported the stolen goods to Dade County, Florida, where they sold it to another buyer “for a fraction of the stolen load’s retail value.”
According to the indictment, one of the facilities the thieves monitored in Louisville, Kentucky was a distribution facility used by Meta. On May 6, 2022, two of the co-conspirators “located a semi-tractor trailer that left the Louisville, Kentucky facility laden with Oculus reality goggles valued at approximately $1.5 million.” The two stole the truck from a Pilot truck stop in Haubstadt, Indiana and drove it to Vanderburgh County, where they abandoned the tractor and trailer.
Meta wasn’t the only big tech company hit by the truck thieves. On August 31, 2022, they stole a truck “laden” with unspecified Microsoft products valued at approximately $940,000. On November 7, they stole two trucks: One hauling unspecified Sony products (the indictment didn’t approximate the value of these), and another hauling Harmon-JPL audio products valued at approximately $530,000.
The spree continued into 2023, when the thieves stole semi-tractors hauling Logitech products valued at $180,000, more JBL products, Meta electronics, and Bose audio speakers.
While it sounds like the defendants here were accumulating enough stolen goods to open their own Best Buy, their truck-stealing spree didn’t focus on tech products only. Over the course of 2023, they also stole trucks transporting CF Moto ATVs and Victoria’s secret and BGath and Body Works Products valued at $1 million.
Meta did not immediately respond to a request for comment.
2024-11-22 00:34:39
People are using Spotify playlist and podcast descriptions to distribute spam, malware, pirated software and cheat codes for video games.
Cybersecurity researcher Karol Paciorek posted an example of this: A Spotify playlist titled “*Sony Vegas Pro*13 Crack Free Download 2024 mysoftwarefree.com” acts as a free advertisement for piracy website mysoftwarefree.com, which hosts malicious software.
🚨 Cybercriminals exploit Spotify for #malware distribution. 🎵
— Karol Paciorek (@karol_paciorek) November 18, 2024
Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links. pic.twitter.com/MGloGZykCp
“Cybercriminals exploit Spotify for #malware distribution,” Paciorek posted on X. “Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links.”
"The playlist title in question has been removed,” a spokesperson for Spotify told 404 Media in a statement. “Spotify's Platform Rules prohibit posting, sharing, or providing instructions on implementing malware or related malicious practices that seek to harm or gain unauthorized access to computers, networks, systems, or other technologies."
But as BleepingComputer reported, piracy on Spotify isn’t limited to this one playlist, but is a widespread problem across the streaming platform. “Vbucks generators,” for generating more in-game currency in Fortnite, are easy to find all over Spotify.
Seems like the "Fortnite Vbucks" spammers found a way to involve Spotify Podcasts into their SEO poisoning campaign, featuring SPAM links to movies and books fake downloads... (And of course Fortnite Vbucks 😎)
— Who said what (@g0njxa) August 21, 2024
👀 @Spotify pic.twitter.com/0dbqjil9zX
Sites offering “license key cracks,” which provide license keys for pirated software, are also all over Spotify in the form of podcast episodes and playlists. As Paciorek noted, Spotify links are indexed by search engines, making it easy to find these listings through Google even if Spotify blocks the keywords from being searched. Searching for “license key cracks” on Spotify, for example, doesn’t return the malicious titles, but searching it on Google shows Spotify hosts many of these links.
The audio in these episodes are often noise or text-to-speech nonsense about clicking the link in the description. A “podcast” called forlinks, for example, is just a bunch of three second “episodes” with descriptions that link to Turkish gambling sites. A user called “soupiz” is just uploading 22 second text-to-speech clips that all say the same thing in broken English about audiobooks and clicking the link. Podcast episode titles for these spam accounts often contain popular keywords about TikTok personalities or porn, boosting their search engine reach.
2024-11-21 22:00:27
I haven’t owned a cellphone since around 2017. For years I used an iPod Touch to send emails or encrypted text messages. When Apple discontinued that iPod in 2022, I moved to a WiFi-only iPad Mini, which requires me to either carry a small bag or a jacket with pockets that can fit the not-so-mini communications device.
This was an extreme way to live in the previous decade, and arguably it’s even more extreme in 2024. But every time I inch closer to finally buying a phone, some cybersecurity incident happens that reminds me why I made this radical choice: telecoms and data brokers selling location data to bounty hunters or other third parties; hackers (repeatedly) stealing peoples’ sensitive personal information from T-Mobile; stalkers tricking Verizon into handing over a target’s address by haphazardly posing as a cop; and AT&T storing the call and text metadata of “nearly all” of its customers inside a Snowflake instance that young, reckless hackers gained access to.
Then there is the constant threat of SIM swapping, where hackers trick a telecom into transferring the victim’s cell service from their normal SIM card to one the attacker controls. Another lesser but still relevant concern is SS7, where private surveillance companies, governments, and even financially motivated hackers can tap into the telecommunications backbone to track a device’s location or intercept calls and texts (I’ve been called up by the owner of an SS7 surveillance company after I wrote about them).
2024-11-20 22:00:00
We start this week with Emanuel's story on how AI-powered ads on Buzzfeed are recommending people buy things like a hat worn by a person who died by suicide. After the break, Joseph talks about an unprecedented leak out of phone forensics tech Graykey. In the subscribers-only section, Sam tells us about HarperCollins' AI deal and how MIT Press is exploring one too.
Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.