Transatlantic Cable podcast, episode 96

June 13, 2019

For the 96th edition of the Kaspersky Transatlantic Cable podcast, Dave and I jump all over the place with stories ranging from pizza to hacked US Customs and Border Patrol photos.

We kick things off with an interesting tale from the Brofist Army. Yep, we are talking PewDiePie and a recent advertisement he did with Ukrainian social media Nimses. While there is some concern and fake news surrounding the app and ad, we tried to cut to the meat and potatoes of the tale and the app itself.

From there, we bid farewell to Facebook’s Graph Search, and after that, we discuss the latest snafu from US Customs and Border Control. Seems they have some trouble with storing images of license plates and photos of people entering the States. For the next-to-last story, we discuss an upcoming paid version of Firefox, and to close things out, we discuss a tale of a lone guy who got his pizza account hacked and well, no pizza for him.

If you enjoy the podcast, consider subscribing and sharing with your friends who need more regular updates on security. For the full text of the stories, please visit the links below:

Jeff: This first story is a little bit weird. You know last time we talked about Nimses was back in 2018 on [Kaspersky] Daily after we updated a post from 2017. So what’s going on with PewDiePie?

Dave: Yeah, this one. It’s been rumbling along in the background for a while. And I don’t know, just off the cuff here as well. I don’t know if it’s Nemsis or Nimses. I’m just going to go with Nimses. The basic premise of the story is that PewDiePie did a sponsored ad or sponsored section on one of his videos promoting Nimses. And there was basically a bit of an online backlash against it because there is a little bit of, shall we say, concern around Nimses at the moment. And some people are thinking that, you know, it’s sort of private privacy just stripped bare. Sorry, stripping your privacy on a social media network that kind of gives you cryptocurrency, for want of a better word, but it’s kind of a sketchy app. A lot of people are saying that and so yeah, a lot of people kind of kicked up a bit of a fuss because PewDiePie is a 90-million-plus subscriber superstar on YouTube, and he is promoting what a lot of people see as a dodgy app. It’s a bit of a strange one. I don’t think this is quite finished yet.

Jeff: I think the thing for those of you that don’t know what the app is, it’s pretty much a social network meets cryptocurrency, and you’re getting virtual currency in exchange for time you spend online. So, take that for what it is. And I think if you look at it, any social network, you’re whenever you’re trading privacy for something, you better hope that there’s something of value in return. And you know, for me looking at it, this is more just something where, you know, the backlash unto itself is kind of funny, because these are the same people who are commenting on YouTube and vlogging. Then again, sharing on their Facebook and their Twitter’s you know, what the app asks for is something that looks like similar things for most app authorizations, you know, that ask for too much. But the thing for me is, I just find it funny that people get up in arms on something after it’s talked on via YouTube celebrity versus the fact that its privacy that’s being traded as currency.

Dave: Yeah, I think one of the things here is a lot of PewDiePie’s, followers and fans, and they call themselves the Bro army. And they’re really protective of PewDiePie. So for someone to kind of come out and criticize them in that he did they kind of rally around him a little bit. And I think that’s where a lot of this hysteria has come from, you know, there’s a lot of counteraccusations a lot of the Bro army’s up in arms saying that, you know, he’s, what he did is fine. And other people are saying no, we shouldn’t have done it. He did acknowledge it in a in a later video saying that he’s going to try and be a little bit more responsible with his sponsorships. But you know, if you’re a, I suppose a reasonable viewer of PewDiePie —

Jeff: — define reasonable.

Dave: Yeah, I was trying to word correctly. There are still questions about the app. And a lot of people are a little bit concerned about it, because it is basically stripping away your privacy into in exchange for — I wouldn’t say currency or money, because I don’t think you can actually spend this anywhere, can you, other than a handful of burger joints? So to call it currency is stretching it a little bit.

Jeff: And I’m reading through the article on Kaspersky Daily, catching up on it. And, you know, it’s just one of those things, you’re trading everything for it. It’s got the usual sketchy stuff on it, like most apps do, like the semiporn pictures and talking about services. So for a bigger background, I’d say check out the KD article, we’re going to link in the blog.

Dave: Well worth reading.

Jeff: And I think it’s just one of those things. If you’re going to use this app, it’s another social network. So just be cautious and aware of what you are trading for using a free app.

Dave: So, speaking of free apps, and privacy and concern, I’m gonna say Facebook, never off podcast, it feels anyway. So yeah, this one’s over from And it’s a good one, actually. So Facebook is quietly changing one of their advanced search tools called Facebook graph. I think, from what I gather from the story that basically just closing Facebook graph, or restricting access to it.

Jeff: I think this story is really interesting, because I see both ways of this. They’re talking about, you know, investigators, and journalists who use this to kind of harvest information for stories to see if stuff’s being covered up by certain governments or just crimes against humanity happening, which are very important things to be investigating. But companies also abused us. Let’s be honest here, like with graph search, you can pretty much find somebody based upon certain search string queries if you do it the right way.

Dave: And for those of you who don’t know what Facebook graph is, it is basically just an advanced search tool that Facebook have. And in the article here, or I’ll just quote the article, which kind of gives you a good example of what is possible using Facebook graph. So “Facebook quietly made changes to a set of advanced features that previously allowed users to search the social network in powerful ways, such as finding all posts on Facebook by keyword, within a certain date range, all of the people who like a certain Facebook page and live in a particular city, or places visited by two specific people.”

Jeff: Oh, it was a fantastic tool.

Dave: I never used it personally. But you know, that sort of power in a search function, I mean, you don’t have to be Albert Einstein to figure out that that can be abused. And Facebook, going off the back of their whole new privacy stance, and sort of focusing on user privacy, I still find that odd to say, Facebook, slightly more focused in on user privacy. That’s a really strange sentence for me. Yeah, Facebook has shut it down. And, you know, going back to what you said, I see both sides of the coin here, because a lot of journalists were able to use this, as, as you rightly say, for human rights abuses, and things like that. And if something’s getting covered up on Facebook, via government, but, you know, the flip side is, this has been abused quite badly by a lot of companies, and also, you know, third party malicious actors who want to sort of create databases of people in certain countries. So, you know, I suppose Facebook’s in, in between a rock and a hard place a little bit here.

Jeff: Yeah, like, I think with great power comes great responsibility. And, you know, we’re not talking about Peter Parker here, but we’re talking about Mark Zuckerberg and company. On one hand, you’ve got, as we say, this thing is great from a, you know, open intelligence standpoint for people to be able to gather data, but even some of the companies talking about how they’ve lost access to their tool, talking about how the tools have been abused. And it’s kind of like that old analogy of having your cake and eat it too. I don’t think it’s possible to keep this open and be able for them to keep this and stick to their “Hey, we like privacy stuff.”

Dave: The final nail in the coffin, I think, when they announced the changes to privacy, and how they will double down on user privacy. I think that was the end of graph search in that presentation.

Jeff: Happy trails to you, graph search. I really enjoyed you while you lasted. It had some really funny stuff that you could do with it. Like, if you wanted to see people who like Nickelback in a certain area not named Canada, it was awesome. You didn’t want to know those people? Oh, I used to do that one and shame people.

Dave: There are people out there who like Nickelback, sadly.

Jeff: I don’t know any of them. But all right, so jumping along, this one kind of comes back to the US. And it’s kind of a pretty big snafu by my government, isn’t it, Dave?

Dave: Yeah, we were joking about this one. So this is on the Washington Post, and it’s talking about how US Customs and Border Protection is saying photos of travelers were taken during a recent data breach. Now there’s a lot of gray area in the story. They don’t know who the hackers were, they don’t know if these photos are being sold on the dark net or anything like that. But what we do know is that these photos, and I think it’s a faces and license plates were taken on a land border. Now, I mean, they didn’t specify which land border but I’m no genius. I’m no genius, and I’m not great at geography, but I’m pretty sure that you guys in the States only have two land borders, right? You know, you have to do, you don’t have to be Einstein to figure out that it’s one of the two. And I think most people are going to figure this one out. But the story itself is troubling, because US Customs and Border Protection are looking to use this information to make sure people aren’t overstaying their welcome in the States and things like that, which is, you know, it’s a border issue. But for this information to get leaked is troubling, right?

Jeff: Not just the leaking, but they also named this thing — they don’t want to name the vendor. We’re not going to name them here. But they also put the vendor name in the name of the word document they sent over to the WaPo. So this is I think, here is a bigger issue. And I think this is for countries in general. Like I think, how many times are you photographed when you come into a country?

Dave: If you’re in Europe, or especially in London …

Jeff: Yeah, a lot. But I think even when you come through, like I know, I’ve got Global Entry, and we were joking about this before, we come through and for the US what that means for those of you in the UK is you come in, it scans your face, scans your fingerprints, you answer the little questions like you used to do on a piece of paper, boom, it prints out a receipt, you go hand it to a guy, if they’ve got questions, they ask you questions. Other than that, you go wait, you go walk through, and if you haven’t checked luggage, you can walk right out the airport. Yeah. Unfortunately, with checked luggage, it usually takes about 20 minutes to get out.

Dave: Yeah, yeah, the thing that kind of baffles me and you would be better placed to add to this, Jeff, but over in Europe, at least, when I’ve traveled, we have e-gates to be honest, e-gates are a great way of saving time, because you just you just present your passport to the electronic gate. They scan you, take photo of you, and you walk through. It takes, I don’t know, a minute, maybe unless it doesn’t work, which happens a lot. But I was watching the video on the Washington Post article, and the video kind of alludes to the fact that these things are quite new in the States.

Jeff: Yeah, we don’t have them like you guys do. So the machines themselves, you know, we’ve moved to more of a digital system. But you still have to see an agent for the most part. You know, I know it’s different when you’re in the Eurozone and you can just pass in and out, you know, with the passports if you’re in the region. I can’t, still, when I go through Europe, so I still have to go and see an agent. But I can tell you I used the e-gates in Abu Dhabi, Sint Maarten. So where else was it? And also, I think in Dubai, to like to leave the country? Yeah. And it is so much faster. And I think, I think it’s also in Europe, it probably helps with a lot of the frickin tight turnarounds, that there are some airports.

Dave: Yeah, it is immensely useful. I remember having a flight flying back from Moscow, and I had to go through Amsterdam. And it was a tight turnaround. The best of times were delayed in Moscow. So coming into Amsterdam, we have 30 minutes, and we had to go through security again. Yeah, and there was a huge queue at Border Patrol, but the e-security gates, you just kind of breezes through really, really quick. And I actually get my flight. So it was it was great. However, the video does go on to say that, you know, what what’s the trade-off? This this info, these photos are stored somewhere wants to trade off in terms of privacy? That’s a good question. I don’t think we’ve got enough time to answer it.

Jeff: I think it’s I think it’s also a matter of how are we protecting these photos? And I think it’s a bigger question for all of the places you go through because they’re storing your passport has got so much information on it, that you’re kind of just wondering where it’s going to end up at. And I think there’s gonna be more to this story. And you know, their Congress is going to be grilling the agency in the next month or so. It’ll be interesting to see what comes with it.

Dave: Yeah, definitely. Um, I’m gonna have to follow that story. I think just see what happens. Shall we move on to the next couple of stories? This one is an interesting one, actually, because we’ve not seen sort of paid browsers since Netscape days — before that, probably. So to see Firefox and Mozilla try a paid Firefox is an interesting one. Because we, you know, like I say, Chrome is free agent and Internet Explorer throne with Windows Safari, as we Windows and as well, as sorry, so far as with iOS and Mac OS. And

Jeff: I think this will be interesting. I think it you know, they haven’t disclosed the pricing yet, but, you know, some of the features they talked about, including like a VPN to the browser, could be really good.

Dave: I think pricing wise. I, I’ve heard rumors around $6.99, so 7 bucks, $7 a month, which — it depends what you get with it, I think. There’s rumors going around that there’s going to be a VPN, and possibly cloud storage and a password manager. But I’ve had kind of mixes of, you know, one, two, or three of these. So, I mean, if you’ve got all three plus additional privacy protection, and privacy security, as well, as you know, the browser itself, is it worth it? Possibly, and VPNs are cheap these days. I think you can get a VPN as well, you can get them free, but they’re generally not a good idea. But you can get VPNs for a couple dollars a month.

Jeff: Right? I think it’s I think it’s a pretty cool feature, especially given a lot of the backlash around Chrome lately, and people moving to Firefox for more privacy. This is gonna be an interesting story to keep an eye on. Because, you know, I know you love Firefox. I’m just too lazy to change from Chrome. That’s really what it comes down to. But yeah, so I think and this will be another story just like that Border Patrol things that keep an eye on. But Dave, my favorite story of the week. You’ve been waiting. It’s pizza time.

Dave: Yeah, this one’s, um — I’m trying to think of pizza puns, but they’ve all just gone out of my head. Or cheese puns or anything.

Jeff: It’s floppy. It’s got a little flop on.

Dave: So this is a hilarious story. It’s on, talking about how Pizza Hut loyalty scheme so I don’t know. You buy pizzas and you accumulate points and you get points towards free stuff, free pizzas, etc. Pizza Hut loyalty scheme, hackers steal customers free pizza. And it is exactly what it says on the tin. You know, someone compromised some user’s Pizza Hut accounts, logged into their accounts, and ordered free pizza. My favorite line in this entire article is: With one money-saving finding, his points were used to order a medium BBQ meat pizza.

Jeff: I think the best part about this — and there’s nothing funny about hacking — but this one kind of is, so he tracks where the pizza delivered to. And the best part is this one customer so when we saw this, this this link when I shared it with you. I saw it on Twitter, and it said “Pizza Hut hacked,” and I was like, Oh, great. This could be an interesting story for the podcast. And it’s one person. And here’s the best part of it. So my favorite line is I also saw my Pizza Hut rewards, which is how they cut their pizza. I phone Jake’s number and checked, and they exist and have a WhatsApp not brave enough to do more than hang up. Yeah,

Dave: Jason is the guy who ordered the hack me account presumably him and got the free pizza.

Jeff: Yeah, some friends told me to ask if they enjoyed their pizza.

Dave: I mean, you know, when you shared this link with me, I thought I’ll go you know another day breach story. Yeah, we talked about them every week. And I thought okay, you know, I’ll read this story. And then it just got better and better as I read this story, as far as I can understand, according to the story, literally what one piece has been ordered. This whole data breach. Jake has ordered one, medium BBQ meat cheese pizza.

Jeff: Jake, Jake, all I gotta say is hopefully it was worth it. Because you’re probably good for pizza worst. And worst case scenario, your Mama’s gonna yell at ya.

Dave: This I can’t I can’t help but laugh every time I read this story isn’t Yeah, it’s sort of I think the article kind of makes it out to be like, Oh, you know, it’s really serious. This pizza got stolen. And it is serious You know, he said data breach in in technical terms, but if it makes me laugh is a piece of but

Jeff: but I think this is the matching this PR person is aware of this incident and we’re speaking with the customer.

Dave: Yeah, the individual customer. Poor guy lost his points. Hopefully he gets those points back.

Jeff: Hey, listen, if not, you know, just start saving for a pizza. So with that said, I’m hungry for pizza. Even though it’s super early in the morning. We’re wrapping up this recording, but this week’s edition of the Kaspersky Transatlantic Cable podcast has come to a close. If you like what you heard, please subscribe below. Leave us a comment or give us a good rating. If you think it’s a good podcast for some of your friends, please share it with them because sharing is caring. And if you think there’s a story we should cover hit us up at Kaspersky on Twitter or Facebook. And we’ll try to get those stories into a future podcast. And again, thank you all for checking us out and thanks for the comments. Have a great day.