172: SuperBox

Hey, hey, it's Jack, host of the show. I went to IKEA the other day to buy a lamp and when I went in, I saw that they had a recall notice on the bulletin board. Their garlic press was getting recalled. They said that 10 people got injured using it. And I think little metal bits would fall off and cut some fingers. So they stopped selling it and were issuing full refunds to anyone who bought one. And it made me think, hold on, has this ever happened with computers? Has the store ever recalled a computer because it was dangerous? And what does dangerous mean? There was a story that came out a few years back, which was about a super cheap gaming computer that was being sold on Amazon. But little did anyone know, the computer came with malware on it. People who bought it would get their crypto wallets drained, their steam accounts taken over, and their email compromised. The computers were made in China and came shipped with Windows 11. But the thing is, the company didn't want to pay for Windows keys so that they could sell the computers cheaper. So they found a hacked version of Windows 11 installer, which would bypass the whole license key thing. But the problem is, the installer would embed malware into the Windows install. So the seller didn't even know it had malware on it. Amazon reviews started showing up. This computer is unsafe. Don't buy it. One star. And more reports came in about people saying that their computers came with malware on it. And I mean, if you got a new gaming PC and during the time you were setting it up, it stole your cryptocurrency, took over your email, and stole your Steam account, how much would that hurt you? How dangerous is that? Would it hurt more than getting a metal sliver in your finger from a garlic press? I think so. Yet, as far as I know, computer shops such as Best Buy, Amazon, or wherever never issue recall notices for computers or tech, which are malicious. Retailers who sell defective items that are unsafe typically issue recall notices to buy back faulty items that are dangerous. But I just wonder if a computer riddled with malware doing enormous amount of harm to users will ever fall into the category of dangerous or faulty or harmful to retailers. These are true stories from the dark side of the internet. I'm Jack Reisider. This is Darknet Diaries. This episode is sponsored by Shopify. We've all got ideas, dreams, skills that we could turn into businesses. Look at me. I had a dream and now I'm over 150 episodes deep into my own podcast. And sure, I've struggled plenty getting here, but one of the hardest and scariest steps was just starting it. But that's where a partner like Shopify can step in. Shopify gives you everything you need to sell online and in person. Millions of entrepreneurs have already made this leap from household names to first time business owners just getting started. And to me and my t-shirt shop, that's shop.darknetdiaries.com. And I love Shopify because how easy it made getting my business online and how much I can customize the whole thing. As you grow, Shopify grows with you. Handle more orders, expand to new markets and do all of it from the same dashboard. It's time to turn your what ifs into with Shopify today. Sign up for your $1 per month trial and start selling today at shopify.com.darknet. Go to shopify.com.darknet. That's shopify.com.darknet. This episode of Darknet Diaries is brought to you by Flashpoint. 2025 has proven to be a pivotal year for security leaders. It's not just cyber threats anymore, physical risks, and geopolitical tensions are colliding, creating a web of challenges no one can afford to ignore. That's where Flashpoint comes in. As one of the largest private providers of threat intelligence, Flashpoint delivers what security teams need most, clarity. By combining cunning edge technology with the expertise of world-class analyst teams, their Ignite platform gives organizations instant access to critical data, expertly analyzed insights, and real-time alerts, all in one seamless platform. From Fortune 500 companies to government agencies, Flashpoint is a name trusted to keep people, assets, and operations secure. To access some of the industry's best threat data and intelligence, visit flashpoint.io. Today that's flashpoint.io. Today, I'm so excited because I finally get to talk with Deadass. It's good to see you again. I know. So we started, we started, I met you at DEF CON like five, six years ago. Like one of my first, like ever DEF CONs, yeah. It was your first DEF CON and you messaged me like, hey, you want to meet, where can we meet somewhere? I got something to tell you. I was like, yeah, where? And this was back in the days where I actually checked my DMs at DEF CON. Now, like, it's impossible for me to do that. And so I was like, okay, go to the chat zone. This is what I'm wearing. Okay, cool. And then we sat down at like a couch and you're like, okay, I got something. And it was still hush, hush. I was like, what is going on here? And you had, you had, I won't give names here, but you had a contact with somebody who you knew had a good story. You're like, I can connect you with this person. I was like, great. And we did, we connected and we had conversations. So thank you for that. And so that's where we first met. But then I just watched you have talk after talk and I learned more about you. Like at the time you told me your name was dead ass. And over time I've just learned that your name, you really should be called badass. You're, you're really like, I think even back then you were working on all kinds of really cool projects. You want to give us a background of just like your tech career. Yeah. I mean, it's kind of, I'm very much the textbook definition of non-traditional background as far as technology is concerned. Like I have an English degree. I went to Berkeley for rhetoric and propaganda. Like it wasn't, I, Okay. So I heard that today because we're here at CactusCon and I just heard your talk, but you did say that you have a degree in rhetoric and propaganda. Is that true or was that a joke? That's like legitimately basically what the degree was in. It was all about like understanding argument, understanding like the rhetorical devices and tools. And so I hyper focused on the efficacy of propaganda from that. And that actually is what informed when I started looking at the topic of my talk, why I knew there was something weird about it. Like it kind of like touched that part of my brain and I hadn't really seen anything like this yet. So you, that was a career path for you. I want to go into propaganda. Well, more so I want to go to law school or at least I thought I wanted to go to law school at one point and then like, you know, the bay is expensive, life is expensive. And then I, you know, built my first computer and I was like, oh wait, I can do this for like a job. Yeah. Why, why was I not just doing that? So you got into tech and then give us kind of a potted summary of some of the tech roles you've had. Yeah. So I've worked at some of the biggest names in security. So Palo Alto, Google, Apple. I've already been kind of around the valley as they say. And now I'm over at Census. Oh yeah. What, what do you do at Census? I'm a senior sales engineer. So not even like a researcher. I just do research for fun. But the thing is a few years back, dead ass discovered something that was like discovering something you weren't supposed to see. A discovery which would send her down a rabbit hole that would take her years of research to get to the bottom of. And it all started at her dad's house. I'm giving away too much. He's one of the senior people at his oil and gas company. Okay. And so you go to visit him and. Yeah. So my dad is very, I don't want to say nonchalant, but he's like, he's chill, right? Like he's a very chill kind of person. So for him to be excited, I was like, Oh, well, what, what are you excited about? Like you're, you're very deadpan. Like you don't get excited. Her dad was excited about all the channels and shows and movies that he could get on his TV. Like, look at this. I got hundreds of movies, full series of all the latest TV shows, thousands of channels, sports, even pay per view wrestling matches. You like wrestling, dead ass. You would love this thing. And he's telling me about it. And he's like, yeah, it's just 300 bucks. It just works. It's called the super box. And immediately I'm like, okay, this already sounds weird, but keep going. So I asked like, well, how does it work? And he says, Oh, it just works. That's not what I asked you. I asked you how does it work? And so my younger sister was also studying cybersecurity. She comes in and she says, Oh yeah, the network's been really slow at the house ever since those boxes came home. So that was kind of my final red flag to be like, I'm going to get one just to see what it's doing. Boxes. Yeah. Boxes. What? More than three. Why does he have so many? Because they're convenient. That's, that's how they get you. Oh, for each TV? Yeah. How did he get it? He, his job told him he needed to get one really, really bad. So he got one. She takes one home to look at it. She's not a researcher. So she's not sure where to start. She knows enough that she should quarantine this thing though. So she put it in a separate network so it doesn't learn about her home network or try to bother any of her other devices. And she puts it behind a firewall. Then she starts Googling where to start. It was the weirdest question I've ever asked out loud. How do I get P-caps at the house? Because I had to figure out how to get packet captures off the thing. And I'm like, how do you do P-caps at home? The idea was that when she turns it on, she wanted to see where it would try to talk out to. Who does this thing communicate with? How does it send those packets? So she learned how to do packet captures in order to watch this. I got one of those packet scrolls from hack five. And I had laughed to myself because I remember when I first came into security and thought I was going to be like a badass hacker. I was like, oh, I'm going to get all this stuff off hack five. So I had one and I hadn't ever opened it and I learned how to use it. And that was my kind of inline packet captures. So she gets it all set up, turns it on, and just lets it do its thing. And she watches what it talks to. The first thing it does is call out to Tencent, like just straight into it. Tencent is. Like in China, yeah, like qq.com. Tencent is a massive tech company that owns QQ in China. And it's not entirely unusual for something to be talking to it. So at first I was like, OK, maybe this isn't that bad. But then when you apply the rest of it like, oh, you're an oil and gas executive. Somebody new told you to get this. The network's running really slow and this thing is talking out to China. Right? Like it's it's it's all of that, right? Individually those things don't mean anything. But when we when we're looking at this like strategically or in a big picture, you're like, oh, I see. But maybe she's connecting dots that aren't there. So she keeps looking for traffic logs. I'm kind of just watching the traffic, watching the traffic. I would like turn them on for like a day, turn them off. I'm looking at logs. I'm kind of just trying to get a feel for what they're trying to do. And then I get a hit in my vulnerability log, like in the threat log on my Palo Alto firewall. And it's for a SCADA vulnerability. A SCADA vulnerability. This makes no sense. SCADA is the control systems used in large scale industrial settings. Like pumps, valves, conveyor belts, compressors, elevators, railway switches. This is where SCADA systems live. Why in the world is this box that's here to deliver TV and movies attempting to trigger a SCADA exploit on dead asses network? This is very concerning. So she continues to look at the traffic this thing is sending. And she notices it's communicating hard with all the other devices on her local network. Typically a streaming box will not care about what else is on your local network. You only want to go out to the internet and get the content so that it can show it to you on your TV. But this box was super busy feeling around to see what else is in her network. Specifically, it starts arping out to any device in the same network as it. So basically ARP is when a device is like, Hey, are there any computers on this network that have the IP 192.168.1.10 or whatever? And if there is a device that has that IP, it'll respond. It'll say, Yeah, that's me. You want to chat. Here's my MAC address. And then it gives the MAC address. So this super box was arping out to every IP and dead asses network. I would say it was almost more of like an ARP DOS because it was arping at things so hard that they would like freak out and like lose their IP address reservation. Yeah. Really? Yeah, they were they were just so chatty. And that was also something weird to me because normal devices like they're chatty, but they're not chatty like that. Right. So it's this noisy thing on a network. It's ARP and everything. It's sniffing around. It's just way too interested in things going on on my network. So this thing would ask, who has this IP? And when the device with that IP would respond, then it would just continually ask again and again thousands of times flooding it with ARP requests until that device would get overwhelmed and go offline, which would then allow this super box to pose as that device. It would change its own IP and MAC address to match that thing. It just took down, which is such a wild attack to knock out other things and then pose as them to see if they are communicating with anything more juicy. Holy cow. This thing is scary. So she keeps googling this thing to try to learn more. And it looks like it's all been SEO poison because it's only places to buy the super box. There's no negative. Like you can't even find Reddit posts even questioning anything about the super box. The entire first page is where to buy and everything that's great about it. Now she's getting curious. Who makes this thing? What brand is it? Where does it come from? One of the more common things a lot of us have probably done were like, what's this device? What's its MAC address? Who makes it? I look into who makes it. It's some weird looking like website templated, just strange looking company called like GBS Labs or something like that. And it's basically a shell. Like there's stock photos on the site and just all kinds of like the telltale signs of like we stood this up to look just legit enough, not actually be legit. So I look into them as a manufacturer. I'm finding like fake LinkedIn's and all kinds of stuff like that. So I'm like, okay, this obviously isn't real. So I keep digging. I get worried because as I continue to kind of acquire boxes, I got like a couple off Amazon, I got one from Best Buy, one from Walmart. Whoa, whoa, whoa. These things are available at Amazon and Best Buy and Walmart? Yes, they are. Like you could buy a super box right on these sites. Yeah. Hold on a second. A bunch of pirated movies and TV shows sold in a box that you just plug into your TV and now you don't have to pay for a cable or any movies. That's that sounds illegal. Yeah. I mean, it is, but they even on the box itself when you turn it on, it pops up a little disclaimer. I actually want to read to you the notice that pops up when you just plug this thing in for the first time. It says, thank you for choosing Superbox. Superbox is an empty and open entertainment device. Due to the nature of this item, we are not in any way responsible for the content streamed or viewed by any user. It is the user's responsibility to satisfy themselves that the site's accessed for streaming the content to have correct copyright agreements in place and are entitled to the content. The burden of determining this falls completely on you, the user. Superbox in no way takes any responsibility for how you use this device. Unbelievable. Does that even work? Like can you sell a box that markets itself for having thousands of pirated shows on it and movies, but then put a disclaimer up that says, oh, we're not reliable for anything that you do on it. I mean, they're doing exactly that. So in theory, no, it shouldn't work. But in reality, yeah, it's working. This is for sale on Amazon, Walmart, and Best Buy's websites. And I should mention that Amazon, Walmart, and Best Buy aren't listing this themselves. These are third party marketplace areas of the site where anyone can go and set up a shop on those sites and start selling whatever they want. And while these listings would get removed every now and then, they would just come right back up listed by a totally different seller. Of course, eBay has them for sale, too. So as I start kind of looking around, I, you know, I go into YouTube and I'm like, OK, I'm going to buy a super box. And so I see, you know, a bunch of different influencers. They're not like a Linus Tech Tips or, you know, some of these other bigger folks that have a huge following on YouTube. These are folks with like sometimes like 800 followers, sometimes 50, sometimes, you know, 50K. One guy had like pictures of like motorcycles and like his wife and like pictures of food. And then just a hard right turn. And he's now talking about super boxes. One kid who was like talking about like speakers and then suddenly the super box. So I'm like, that's really weird. So obviously they had to be paying them and it took me a while to figure this out. But I went way back to like a seven year old like super box video. And this one influencer was like, yeah, they contacted me and they're offering me 50% of the proceeds of every device that I sell. If I talk about this. Oh, so there's super box influencers out there. People paid to spread this thing. Gosh, this makes it a lot harder to control and stop this. If they're being sold by random people just trying to make a few extra bucks. It's almost like they have an army of marketers and salespeople. They start appearing in weird places. I start seeing it on TikTok. They're on Facebook marketplace. Like, so I started getting suspicious, even more suspicious, because I'm like, this has to be a whisper campaign because I'm not seeing it like I'm not watching cable television. And there's like an ad for the super box. And if that ever happens, like I'm going to just move out of the country at that point. But I haven't seen that yet. But what I have been seeing is, oh, check out the super box. Here's YouTube shorts about the super box. Check out my TikTok. Get it off my store. So it's spreading. And then I find out later that because of how they're using the reseller market, they're like basically penetrating like the suburbs everywhere to get these sold and get these out to people and get that kind of like foothold across the United States. Holy cow. These things aren't just spreading. They're spreading in specific places. Suburban families are getting them. And why there? Okay, let's think about it. By targeting suburban families, it's almost like a bottom up approach to intelligence gathering. Don't attack companies or even the government at the front door where there's their strongest firewall and security controls set up. Don't even come in through the back door. Instead, focus on the workers at their homes because a lot of people bring their work home and if they can jump off this thing onto a work laptop or find a VPN into the office from home, then bingo, they just gained access to a corporate network. Or even worse, it might hitch a ride in someone's backpack or pocket and get plugged in at work. So if this is a malicious device disguised to be a TV streaming box, then yeah, targeting suburban family homes in the US makes a lot of sense. If your goal is to try to set up a large scale attack against major US companies. Jeez, that just gave me the chills. At that point, did you have any guesses as to who might be behind all this? So that's been kind of the weird part. I mean, obviously, if it's talking to China, I just assumed China, but it does look like there's a few layers to this. Still trying to crack the code, but a lot of folks here in the cybersecurity industry in the United States, of course, we're very concerned about this because you can't really detect them on a network unless you know what you're looking at or know exactly where your things in your network live and what the baselines are and what looks normal. So if you're not using it and it's sitting there, your traffic is going to look normal. And we all stream and everything, but what a lot of folks don't know is that with traditional streaming services like a Netflix, a Hulu, whatever, when they ask you, are you still there? That's the bandwidth control. So it's not just sucking up and chewing up the pipe. These don't have anything like that. They'll just keep going. And then when you factor in the residential proxy stuff, that's a lot of bandwidth. Oh, I see. If thousands of these are in homes across America and those homes all have high speed internet, that means these boxes have quite a lot of bandwidth at their fingertips. When you have control of that much bandwidth, there's a lot of damage you could do with just that. So at this point, it's 2023. Deadass has really started to get deep into researching this thing. She learned that the operating system on this thing is just Android and not Android TV, just Android. I looked at the Android information and it was a patch from 2021. Okay. So three year old operating system. At that point, yeah. And it's on purpose because this was one of the ones that had a lot of holes in it. When we think about like, you know, not great Android patches that came out, 2021 was kind of a strange year for that. And so I'm looking at that and I'm like, okay, that's super, super weird. I keep digging in. I'm looking at the box. I'm like, let's look through the apps. Like there's TeamViewer on it. Right. Like, what is that? TeamViewer. Okay. So TeamViewer is a way to remotely manage a computer. Like it allows you to connect to that thing and control it as if you're sitting right in front of it. So with TeamViewer installed on it, that means that whoever is behind this has a dashboard at their fingertips of all the super boxes out there with TeamViewer running. And with one click, they could just jump right into any of them. That's horrible. Holy cow. The idea that someone is inside your home, looking around at your network and you have no idea. No, no, no, no, no, I do not want this. Burn it with fire. Watching Reddit and stuff like that. And people are like, is this thing too good to be true? And so there was an account on Reddit that was created about at that time, about four years ago, which lines up with like kind of the initial timeline of everything we were seeing with this starting about 2019, 2020. And that account did not post a single thing for four years. And then it pops up just to say, I've had the super box for forever. I get NFL, MLB, you know, Sunday ticket. Like this is the best thing ever. Like everyone should get one and then it never posted again. So they're, of course, nudging it and trying to like, you know, prop it up in places. I'm like, so this is again, it's spreading. People are talking about it. But like, I still have not heard a thing about it in the security community. So I decided to do a talk on it initially. And that was my first ever like technical talk at a hacker. I was scared to even get up there. So she gave the talk at a B-sides event and the crowd was stunned with her findings. Her talk was so scary. I think everyone after the talk called home to see if their parents had bought one of these or installed anything like that. Which reminds me, I need to call my dad to see if he has one. Let me take a quick ad break real quick. But stay with us because everything got way more serious after she gave that talk. What's even more alarming is that only 38% of organizations can actually detect these historical identity exposures that create ongoing risk. Knowing what's putting you and your organization at risk from stolen credentials to session cookies to PII is critical for protecting a different person. So what's really, really important is that you have to be aware of the risks that you're going to face. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important. And that's what's really important.哎哎哎 My dad says he does not have one, but he says the guy at the gym has one and he keeps inviting him over to come watch shows Okay, so after that talk what happened next? Um How can I put this without sounding crazy Our our government was very very interested in knowing more I can put it Yeah, word got out and an investigation was opened up and they brought her in to learn more If this is another nation trying to plant boxes and family homes across America with malicious intent Then the Department of Defense was interested in knowing more But the thing was because this was now an active investigation It meant dead ass had to be quiet about this So she wasn't allowed to talk publicly about it, but it didn't stop her from researching it further and talking privately about it so for years she continued to research it and Gave talks, but every one of those talks had to be no cameras no recording no photos in order to keep this hush-hush And it's been driving me crazy since I've been attending her talks for years And I think it's such a good story to get out to you But she's never been allowed to be interviewed for it And that's why I'm so happy to finally finally finally get this interview to tell you her story But as it turns out this wasn't the first time we've seen bad boxes Human security and Google and all those guys had kind of done the stuff on like, you know the first bad box and so And they were sourced for a lot of the stuff on the second bad box But we basically discovered that this thing was part of what's now referred to as the bad box botnet Bad box botnet so we've been referring to it as superbox this whole time. Yeah, where's bad box come from bad box comes from? The fact that there are just other Android like streaming devices and they're they're actually a lot cheaper and this was actually an anomaly that I noticed when I was looking at the Superbox they're like anywhere from like 30 bucks to maybe like a hundred at most and so again cheap devices They're kind of everywhere they can get them out there pretty quickly And so a lot of those made sense already infected, you know, the behavior looked the same Once I started kind of like providing information and stuff and so we all came to the determination that it should just be It's so bad box. It's bad box to auto even though we shut down the first bad box And so yeah, it's it's for any Android basically device that's like got malware or is beaconing out to interesting places, etc But the superbox like my focus on it is because it's three hundred dollars and the rest of them are like 30 So why is this one three hundred dollars? So she gave the authorities all the information that she discovered about this I provided, you know Network traffic some logs just things so that they could get an idea of what they were looking at and I just kind of took it from there so okay, and then And then for your own you didn't stop with your own research. Oh, no I was like there were not even we haven't even scratched her. I know I'm you know We're still like at that point. I was just like they're still more like I know They're still more because there were still so many unanswered questions like okay. I get why it's beaconing I get that it's talking to this IP, but like again, why? Why so I keep digging I Just I just keep digging and I continue to dig and I continue to dig She got obsessed with this box and she knew she needed to skill up in order to research it better So she took some sans courses got her GCIA certification Upgraded her tools and once again looked at the traffic this thing was sending She saw that it was talking to a lot of domains ending in dot top like most websites end in Dot-com but not this box They would like speaking to things in the dot top domain which like we all know there's nothing good for anybody It's hot hot domain like that's not for us Of course it talked a lot to the dot CN domains to which is clearly China She studied protocols deeper domains IP addresses Analyze the hardware and the company that makes it all and she saw that this thing was just Automatically downloading different apps and stuff for Android. I was able to capture those and analyze those So that was new for me too. Like I said, I worked in the sock Like I did my little alerts and like okay escalate like that's all I used to do So to figure out a like decompile APKs was like insane But like I figured it out and I kind of started like looking inside of them And I'm like, oh, that doesn't seem right like you shouldn't be sending that in clear text or you know stuff like that So I mean there was just so much smoke, right? Like I knew there was gonna be fire because this thing is running the Android operating system It has the Google Play Store But of course that's not where you'll find the thousands of channels that it says it has instead You need to basically rip out the Google Play Store and instead install something called the Superbox app store what got me is when I tried to download the app store and My firewall basically showed me that it was like a multi-layer encoded file So it was zipped up like six seven times So that was weird because that's still not normal for an app store Like and I mean if anything like you should just be using the Google Play Store It's an Android device But they have their own app store that you had to download and install to get access to their piracy apps And their app store looked nice and polished. Oh my god. It's pretty brutal It it's weird because you you click on it. It's it installs. It turns blue Which I thought was just kind of funny. I'm like, it's it why is it blue? You click on it and it just has the three apps in there like there's nothing else in it So it's only so you can again get access to their stuff and they want it to look as legitimate as possible So people will use it you'll appreciate this so they're all running Android the bug bridge Which makes sense if they're you know pretending to be an Android device because it's not an Android TV device It's just straight up Android Which is already weird for the other types of devices This this was super strange to me because there's no there's no Authentication on it like I was able to connect just straight across the Android debug bridge And then I just typed in you know su for switch user and it gave me a root shell So you have root access to the super box I have root access to like the six that I have at my house Yeah, and then I did finally dump the firmware and there's entire sectors missing off of the device Like if you're looking at say like the the structure like the boot structure There's 27 partitions, but you can only see 15 What right that doesn't make any sense. It's not normal That is strange. Yeah, I Just assumed that if there are partitions on it, but you can't see them Then that means it has some sort of software deep inside it and who knows what's going on in there What's in those partitions and how scary is it? Nobody knows I'm also at the same time still digging into the shell company They have these weird like fake certificates of award to like look legitimate And I'm like what even is is that supposed to be like a certificate of like authenticity That's basically what they're putting out for the super boxes to make them look legit Yeah, so the the packaging of this thing you got a few right and so what is it? What is this like a regular device or is there anything silly about it? I mean I look at it I'm like why does it look evil like it feel it feels evil to me like if you ever like seen something you're like I Don't like that. It kind of gives me those vibes, but like it says 6k on the box Six six right like what is what is 6k? I must have missed I must have missed that memo between four and 8k But yeah has 6k on the box and there's even like regulatory information like printed on the box But then like we can't find like FCC information on it Okay, so so the regulatory stuff looks like it's just made up. Yeah. Yeah, and like oh We're certified and all these things but not really right and well, that's crazy like that's illegal Well into the average everyday person it looks like anything else they might buy yeah got the regulatory information It tells me what the product is it says who makes it That seems highly illegal the government is not gonna want you to put Regulated or you know Certifications on there that aren't especially for like some of the safe electronics out there exactly that make it safe for consumers Mm-hmm. They just putting it on there and not it's not actually vetted. They're just like here you go This is safe for consumers It's ridiculous it just and it just stays ridiculous so like you know just buckle up There's just so many glaring like red flag I would call them more like neon red flags if that's even like a thing I'm just again at this point. This is like the end of 2024 at this point And I'm just like does no one else see this like No one else sees this really and and so I get into 2025 and that's where it kind of like really started to take off So the bad box PSA comes out in June that was a huge deal. Oh, yeah, I saw that announcement. Let me pull it up for you It's a titled home internet connected devices Facilitate criminal activity. Here's what the FBI warning says The FBI is issuing a public service announcement to warn the public about cyber criminals exploiting IoT devices Cyber criminals gain unauthorized access to home networks through compromised IoT devices such as TV streaming devices digital projectors Aftermarket vehicle infotainment systems digital picture frames and other products most of the infected devices were manufactured in China Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to users purchasing Or infecting the device with backdoors usually during the setup process gosh, wow, so the FBI Put this warning out But that wasn't enough for them to get banned off of Amazon Best Buy and Walmart Marketplaces And even with this FBI warning it wasn't enough for dead ass to convince her father to get rid of it either He did at least unplug it Only when you're home only when I'm home like I'll be back in when you leave. It's it's alright. So how do you convince? Imagine it's my dad here or your dad here. How do what do you say to them to say? Don't not do this because what what matters to them, right? Yeah, you have to bring it to their level Well, so what was interesting? I think what got through to my dad was when I said hey like If something goes wrong with this and you know, you're in a pretty high position at your company like I mean People reporting their bank accounts getting hacked like do you care about your money? Do you care about your retirement? Like there again, they're looking at your credentials. They're monitoring the network They're gonna see when you're logging into your bank and they're gonna see when you're doing things that we might all consider Sensitive and if you don't want that to now become a negative or get exploited or become a problem Like you have to think about what you're bringing home on the network. Okay. You said someone's bank account got wiped out for this thing Yeah, somebody yeah, somebody reported on Reddit like oh, they tried to hack our bank accounts So put it on a guest network not stop using it. Just put it on a separate network Gosh, what are we even doing? Imagine you had some roommate that tried to steal money from your bank account every time you turned your back and was constantly spying on you You wouldn't just move them to the guest bedroom. You throw them out of the house How is it that this thing can clearly be so dangerous? Yet people still don't throw it in the trash It's because it's still proving value to them even after it's an apparently dangerous and harmful device to have in your home And this puts me in deep thought actually on how to fix this This isn't a one-off. It's an industry trend and it's it's not even just an industry trend in cybersecurity It's a bug in human beings. We often ignore good advice Like we all know you should take your health seriously eat healthy work out five times a week and get plenty of sleep Yeah, most of us don't do it. It's not because we don't know better We all know better and there's nothing you should value more in your life than your own life So it's not like there's something more important to focus on yet. We still don't take care of ourselves properly And this is what I think is a bug in human beings We know what the right thing to do is Yet we still don't do it And here's an example of this bug being exploited so perfectly Even when the superbox rears its ugly head and shows us how dangerous and harmful it is People still use it because they like getting their tv shows To be clear, how do you feel about piracy? I mean, I personally do not care. That's you and your business of between you and your isp That has nothing to do with me. Um, that's not what you're out here. No saying is bad Yeah, it's it's the fact that like To make it easier to have access to these things because a lot of people do not have the technical know-how to Potentially participate in sailing the internet high seas safely Um, this is a one-stop easy pre-box shop Um, can we talk more about who you were seeing getting these things? Yeah, so You know, I I had folks reporting to me that they were getting the mail to them like at their house I'm like what and they work in oil and gas And they're like I didn't order this So I'm like, yeah, definitely don't plug it in and so one of those got sent to me Wow, how scary is that to have one mysteriously show up at your doorstep and you work in oil and gas Man, this is a very Serious and dangerous campaign. I already said this thing should be burned with fire But now I think you need to take a sledgehammer to it first and then burn it Of course I'm seeing stuff on like social media kind of all the different platforms like oh my parents got gifted one My uncle was telling us about it like all the again, it was it was lots of stuff like that. Um, I had a friend in Uh, sacramento tell me that he saw like one of the single moms that like is known in the neighborhood like she had them And I'm like that's so weird like Again, if it's if it's the gray money, I guess and you you know, you want to make some extra cash on the side Like it's a great business. I mean that's if we if we look back at uh, I think it was the late 90s early 2000s we had a similar thing where you could buy the uh, the Some sort of a street streaming box. It was it was a it was a cable box, but it was like a like a black box or whatever Yeah, it was uh, you know jailbroken and so you would get free cable And so this was this wasn't sold by the moms in the neighborhood. This wasn't sold by your uncle Maybe your uncle, but it was sold in the seedy parts of town Or you had to know someone who knew someone who knew someone and then make a deal with them to get your Your Your pirated, uh, you know your your jailbroken uh cable box. Yeah, and that's what that's what this this doesn't smell the same This has a different scent to it because it's people who are People who are selling it are almost like hustlers in some way. Yeah, exactly where they're where they've got like six side businesses And they've got a lot of free time It's like a weird there's a weird profile overlap that I was noticing because at first it was like real estate agents I'm like, okay. I could kind of see that then I'm seeing reports online where someone's like, oh my cable guy tried to sell me one I'm like your cable guy like who just installed your internet is trying to sell you one of these boxes like what? um, and then of course there's the whole issue with just As you're you know As as we start looking at kind of like the whole thing. I'm like, okay Well, now I'm starting to see like people like you said like five six businesses and they're not tech savvy people They're just like, oh, yeah, it just works. I've been using mine for two years I don't have any problems You know and they're usually the ones that will go into a lot of these social media posts and they say anyone trying to say Anything negative about it like they're ready to squash any negativity as soon as you try to post about it The marketing images of this thing is ridiculous There's one with the family sitting on a couch Which looks like a stock photo and the superbox is like oddly placed on the tv in front of them And the mother is smiling all happy with this thing holding her daughter And again to me this thing looks like it's targeting suburban families There's a piece here that I don't think we talk about enough in cyber Cyber security and it's really truly like the cyber psychology of us as consumers as of us as practitioners of of everyone really and so we don't have a culture of understanding Again like scams and stuff like we we lose billions of dollars every year to pig butchering Fishing all kinds of get rich quick schemes like everybody wants to make a buck or everybody thinks that you know Oh, I'm gonna I'm no longer going to be a temporarily embarrassed millionaire like I'm going to be a millionaire now Or I get to watch tv and I don't see what the problem is Yeah, I want to I was at first I was going to push back and say well, you know We we assume that the stuff we buy has already been vetted and secure and all that stuff Or else it wouldn't be in the store because the store should have some sort of uh, you know There's an there's implied trust when you go to like best buy right like there's a reason I'm not going to go like stand out here on the corner and say like hey Does anyone have like an iphone 17? I can just buy real quick like I'm gonna go to apple I'm gonna go directly to best buy and so again as consumers, especially in the united states like you said We go to best buy we assume that what we're getting is okay Okay, well, let me ask you this once the fbi warning came out Did all of the stuff that you evaporate off best buy and walmart? Nope, it's still there and part of the problem is because they have very unmonitored third party marketplaces Um, however, I did receive reports from other contacts that they had a parent that was able to get one off the shelf at best buy What which I was like, how did that even happen because it's very hard to get things on the shelf at best buy But if there's this other kind of influence of like hey, let me slide you some cash like in this envelope like Secondarily like put this on the shelf at best buy like I I can absolutely see that happening If we just think about like, you know humanity So, I mean I'm I want to assume that it did get wiped off of all these online marketplaces But then it's a cat and mouse game and so it just comes right back and there is a different seller selling it and there's another person and maybe there's tens or dozens or hundreds of People trying to get it back on to amazon and since amazon has this sort of anybody can come on and sell something Then that becomes very hard for amazon to pop every moment ahead. Yeah Okay, so You feel like that's what that's what happened. I think that's probably got a lot to do with it I mean the third party marketplace thing, you know I still have questions about how how team who came out of nowhere and got two super bowl commercials the first year of its existence um But what yeah like looking at amazon like I did look recently and it's actually harder to find them So I think amazon did make some changes Um, but like walmart is still just like pages and pages and pages And again, I mean they get a lot of money out of having all these sellers on their marketplaces But they're selling something that's that's kind of dangerous Gosh, this device is so insidious in the way it's wriggling into our homes across the nation We humans are vulnerable to scams and manipulation And this seems to be the perfect thing to exploit that Americans are sick of paying for 20 different streaming services like if you pay for netflix disney plus amazon prime and hbl max You still don't get any news channels. It's so fractured and crazy I just remember this uh youtube video by video game dunkey Who has a guide on how to watch all the seasons of pokemon here take a listen for pokemon There is a website that tells you how to watch this you start off on netflix Then swap over to the pokemon streaming service, which is the only place that has season two Then swap over to prime video for seasons three through five swap to frievi then hoopla season 13 is only on amazon though Then swap to tubi then hulu then roku channel and then finally back to the pokemon streaming and then netflix easy What are streaming services doing? It's like the more they battle the more we lose like disney bought marvel in 2009 for four billion dollars But even disney plus doesn't have the rights to play all the spider-man movies What's happening? So this super box hit us right where our pain point is when it comes to watching tv and movies It solves so many problems people don't want to pirate But when it's so painful and so complicated to find the shows you want to watch Then they just migrate to a simpler way to watch the shows It's not even less expensive since they're paying 300 or 400 dollars for one of these boxes Which just has all the shows they want to watch I'm sure they'd be happy paying a monthly fee if it was for a streaming service Which gave them what they wanted But piracy is on the rise because of how complicated and frustrating streaming services are today And when it's a thousand times easier to pirate a movie than it is to Research where things are streamed only to create an account there only to find that they're no longer streaming it there Then people are going to give up and just pirate Honestly, I blame the streaming services for this explosion of piracy that we're currently seeing They need to start treating their users with more respect and we'd all be much happier for it Like I had been hyper focused on the super box But then I saw some of the same characteristics of a bunch of Sellers and folks on social media talking about the vc box So again another one that's like still something something box But a lot of the same stuff. Oh, we've got this playback feature Like you get all the channels. I'm like this sounds familiar And so I start digging into the vc box and so I buy one of these And this thing looks equally as strange It was another weird reddit post you read it was like weird and like got me all these breadcrumbs By the way because people just tell them themselves in like reddit piracy by the way But this this particular post stuck out to me because they're like, oh, yeah, there's no chinese here I got this new box and it still gives you all the channels and it's better than the super box Does it say no chinese here? It literally says that's the first first thing it says Like they started the post like that. I'm like what? Like why who and in the thread no one said anything about china like that's the thing that was weird I was like, why are you telling on yourself? And so I read this post There this person in particular was like no everything was great. My seller was awesome Everything's responsive. It's the best ever you should get the vc box now and i'm like Why is there another one and so they look like like almost competing companies So I buy one and it's also be getting straight to like china via Tencent infrastructure. I'm like I'm not crazy, right? So I put them all in the same network together and they all start talking to each other Really? Yeah, I was like, oh no Are you guys sent to you? I'm scared. So Again, I continue to dig. I continue to dig. I'm looking again Actually getting access to I was using census at this point because I started census in the beginning 2025 What is their tool? Um, they're internet intelligence internet scanning Like show it in for grown-ups Gotta do the job um So as I again it just continues kind of to get weird. I'm I'm now tracking the different marketing campaigns I'm tracking, you know when new models come out and so when I started This the the super box s5 was the model that was available and now they're up to the seven So they're still just releasing with new versions new versions Wow I'm like wow this one is usb c on it. Look at them go like So, yeah, so again, it's just kind of continued. Um I got to the kind of towards the end of uh 2025 And I start seeing more post about like suspicious activity blocked from users on reddit um getting you know messages about Oh, uh, my isp says that i'm visiting malicious ip's and things like that So i'm like, okay, so maybe like there's some traction Picking up here because now they're starting to be signals that Folks are starting to pick up on this folks are starting to notice this and make those changes with regard to like our own Infrastructure, so i'm still looking And in the beginning in the beginning of last year, I found a third box called the maga box Maga oh maga box like ma ga. Oh my gosh And that that actually finally I got the uh the answer I was looking for just this week From an interesting verge article. I'll talk about here in a second But uh that one of course stuck out to me because i'm like well, who could they possibly Be trying to advertise you Um, and I was just like wow like it was so blatant and it looked just like the super box That's what got me. I'm like, why does it look like the super box? Like I don't understand So again, there's just so many weird things. I'm like I Why is this still happening like just a lot of like why why this and did you get one of the maga boxes? I did I think it like I don't know if they killed it or what because uh I hooked it back up recently to kind of put back into my little baby bot net that i'm running at the house And it wasn't getting updates or anything So something else may be going wrong with that or they've just kind of shifted focus back to the other ones But yeah, I ran it for a little bit kind of the same thing had a weird little you know Video you know get the little app store get the little video app watch your tv shows Here's your local listings of channels. They have like You know all the different like you know fandoms and things that you can get access to but it worked like the other two Things come with remotes. They come with remotes and anything interesting in the remote. Um, they have self-signed certificates For some reason, um, they of course have microphones, but like again, they have open ports on them As remotes so I can if i'm looking for super boxes on the internet. I can actually see the ports, but it's the remote So I still have some some mysteries i'm trying to solve there, but I did see it had a long antenna and i'm like Why isn't tennis along if it's just like an infrared remote? Yeah, if okay, so infrared wouldn't even need an antenna exactly Um, so did you find any uh, like do you know what protocols it can handle? I mean, I know it's bluetooth. Um My tin foil hat moment is cellular, but I haven't confirmed that yet. I'm talking to some cellular Nerds to see if we can have a way to figure that out But again, it's very strange because with most of the android boxes I found I bought like some cheap ones And they just have like a generic like android tv remote. Okay, the remotes are specific to the super box that it comes with or the VC box that it comes with like you have to use the remote they give you and even if you go on say like amazon Best Buy and you look for say like super box remote It'll it's a specific remote that you can only use with those boxes It doesn't work with other android boxes, which is also weird God this thing just gets worse and worse. It's like a never-ending nightmare The remote has a microphone At this point I'm certain that that thing must always be on and is listening And maybe even using ai to parse out what's being said in the privacy of our living rooms and bedrooms And sending those conversations to who knows where Which the living room is probably the place where you make private phone calls and stuff Holy cow And it interacts with the super box using infrared So why in the world is there even a bluetooth antenna on it at all? Look, let me tell you a lot of us are walking bluetooth signals The bluetooth that's on our phone is always looking to see what it can connect to And you might have a bluetooth smartwatch or earbuds and i've seen pacemakers and hearing aids with bluetooth And all this can make quite a fingerprint. That's unique to you I mean, have you ever gone to add a new bluetooth device and you see things like Diane's earbuds or bill's fitness tracker I imagine that this thing is taking notes of what bluetooth devices come near it so we can tell who's nearby And as a side note to improve my home defense strategy I recently got a bluetooth antenna which is just scanning for what bluetooth devices are near my home And it records it my theory is that if someone ever breaks into my home I'll pull up the logs to see what bluetooth devices were in range at that point And try to see if they ever visited before to try to figure out who it was There is a lot of data you can get from sniffing bluetooth signals So if this remote has a bluetooth antenna a long one at that and is quite the malicious little box I can only take guesses as to what it's doing with that antenna And keep in mind it doesn't use bluetooth as a feature you can't connect to it that way And it doesn't try to connect to bluetooth speakers or anything the bluetooth antenna is Covertly installed on it and is not user accessible um And then uh, we get to kind of fall 2025 I see besides portland I did go to b-sides in portland a hacker conference and at that point she's given talks about this box about a half dozen times But because there's a federal investigation going on she has strict rules no cameras no mics no recording no pictures It's a very hush hush kind of talk that she gives But it was one of my favorite talks i've ever seen and the crowd was stunned for two hours after the talk She had a mob of people around her just asking more questions about what she found and they were giving her information I even stood there perplexed by this whole thing listening to everyone ask her questions for hours Everyone thought it was such a fascinating little box And at this point this is probably the third or fourth time i've seen her give a talk on this And it just gets better every single time because there's just more to the story And every time I would tell her listen when you're ready Let's please make an episode But she was very hesitant mostly because there's an active investigation And if she exposes them in a big way it might ruin the ability to collect more evidence But at the same time the story was burning in her She wanted to get the word out as a warning to everyone and their parents don't buy these things But she felt worried about it. So she told me No, not yet, but soon and then uh, mr. Krebs reached out to me Uh, not too long after that and he was asking about the super box And so he wrote a really good article that basically broke down kind of the interconnection between the super boxes and the residential proxy networks And you know, I didn't think that the super box finding was going to be anything major I was just kind of like hey, I wanted to share And come to find out that like all of the residential proxy stuff and the botnet stuff and all that stuff that we're seeing in the news A lot of that will break through is because of what we all discovered looking at streaming devices Like we hadn't considered them a true vector until recently So when she says mr. Krebs, she's talking about brian krebs the journalist behind krebs on security Uh, how'd you feel about that article? Um, you know what? I thought I mean, I didn't say anything factually incorrect in the article So there was that no, I think it was a good article because I think that was kind of another big push to kind of just show awareness Um, some awesome folks also got quoted in that article Folks from spur and things like that who also specialize in like proxy networks and stuff like that That's what they hunt and so it was really cool to kind of see This amalgamation of all the different little pieces that all of us were looking at And then kind of seeing the full picture and having it explained in an approachable way Because when you're sitting here listening to me talking about this you're like, oh my god, this is so much stuff I'm like, I know But there's like a lot of this other stuff that kind of builds up to sort of these Major events that we've had happen in the last 60 days, uh, just you know beginning of 2026 and end of 2025 So the krebs article comes out And then I get fished or at least someone tried to fish me Because when mr. Krebs published that article another iot researcher got a superbox and started finding some cool stuff And um, there was a posting of the store itself like the the repo they were using was just kind of out there Um, when it started to get bigger on youtube because of matt brown's work All of the sudden the store is not there. It's not you can't find the repo anymore Then I get this email saying hey, do you have like, you know the app store dumps? Do you have some tcp dump? But i'm like first of all, it's a very personal question like you don't just you know start off asking for people's tcp Tump logs like come on But i'm like holy crap and it's of course coming from a proton mail They said they were a computer science student But they're not emailing me from an academic email and they emailed me at my academic email where I adjunct that I don't put out anywhere And I was like, how the hell did you get this number one? number two Wow, like that was a that was a hard nudge trying to kind of sniff her out and see what was going on So of course I didn't answer I was just like no and then I got a linkedin fishing message to Asking about we want to see your superbox research. We work at isp. I'm like that's the tell like there's there's certain things that give away these folks and so Obviously the stuff that I've been working on and looking at this like this is making somebody a lot of money So I'm sure they don't want me going around telling people not to buy the superbox But here's me just blanket saying don't buy the superbox. Um, and so a lot of interesting points have been kind of uh Interested in kind of what I've been finding and where where I got so after that happened. I got d-dost at my house What? Yeah That was wild externally coming from the internet to you. Yeah How how in the world would anybody know your ip? Well, I don't think I think in the very very beginning And I've changed isp's too, which I thought was kind of hilarious that I still got hit but Again, depending on who's behind it. I mean they probably have more resources than I do So they I mean if they really wanted to know they could probably find out But yeah, I got nailed like pretty bad along. What did it last? Um, I think it was like 15 minutes like we couldn't like like nothing would play nothing would stream Like I was actually on a signal voice call with like a friend and it was like all choppy Like more so than usual because signal voice can be like hit or miss anyway, but it was like really bad I'm like, holy crap like I can't even talk to you and did you look at the palo Alto and it was telling you Oh, yeah, it was just like just over over over like it was just it was like three pages worth of just this one ip Um, I looked it up. It was in like ireland. I'm like, okay. Well, that's not it was in cloud flare I'm like, okay. Well, I don't know who the hell did it right now Um, but yeah, I was more upset that like, you know, my husband was watching space balls And like that totally got paused because of the std else attacks. So yeah, I was like wow I made a new friend. I got D. Dost at the house So this brings us into january of 2026 and around then we saw the largest botnet D. Dost attack ever It was the kim wolf botnet and it was launching attacks at 31 terabits per second It basically had control of two million devices and can tell them all to send traffic to a specific ip on the internet Which would basically flood any computer with so much traffic that it would knock it offline And you think the super boxes were part of that botnet? They they were confirmed as part of that botnet But here's the thing from my understanding It wasn't the makers of super box who were involved at all in this botnet These things shipped with a really old version of android and are loaded with all kinds of remote access features like team viewer Netcat and stuff. So the person behind the kim wolf botnet simply found how vulnerable these super boxes were And spread their botnet onto a ton of them So now this guy dort who's the one who made the kim wolf botnet controls the super boxes I mean if I wasn't already extremely concerned about who's in these super boxes listening Now there's dort in there too and who knows what he's doing with these things turning them into weapons I guess and if dort can get into any super box that's on the internet Then does that mean anyone else can get into these things too? Like are there a dozen spies in these things listening to us seeing what we're doing on our microphones and stuff and poking around on our networks Gosh, I was telling someone about this the other day and their first incident because that the cia must be in there listening too And you know what at this point? I don't doubt it The fact that these super boxes are getting infected with more malware by random people on the internet just makes it so much worse So at this point it doesn't even matter of china's behind this because pretty much anyone can take these things over And eavesdrop on us or use the device to attack someone else with This thing is radioactive and it should be smashed burned and yeeted into space Cloudflare, you know put out a report that talks about kind of the d-dos statistics for the year for 2025 And they said that the aceru kim wolf botnet was the busiest and they mitigated I think it was I think the number was crazy like over 2000 attacks. They mitigated Originating from this botnet. I'm like wow. So it's been busy Basically the kim wolf botnet is a d-dos as a service business You can pay them money and then they'll aim this botnet wherever you want the target of your choice And it'll take down whatever you tell them to so it's purely profit driven for whoever's behind it Did this box try to uh communicate with other devices on the network? Yeah, yeah, so I had my my two little sacrificial raspberry pies as I call them I was like well once you've touched this network you can never go back anywhere else So thank you my little lambs and so the raspberry pies sit there on the network and I you know I didn't even name them anything interesting But I'm looking I've got tcp dump running on them and the boxes are just going freaking crazy Like all of them are just actively trying to like poke at it. I'm watching scanning I'm like are you guys end mapping this like little raspberry pie in here? Like what the hell Again, they're they're doing that discovery when they get on a network to see what's on the network Yeah, so if you're working say from home And maybe you're in a position of trust you're in some type of like important position or you have like, you know Privilege credentials things like that You have this thing sitting on your network and don't know like what it's potentially doing It could be sniffing creds every time you log into work It could be Discovering your work device on your home network because a lot of folks don't have any segmentation on their home networks I mean You know the possibilities really are endless if we if we think about it as just like an attack tool The I did get a report from someone that there was one At a at a remote employees house that was actively trying to poke stuff on their corporate network Okay, so try to figure us do they have a vpn between their home and corporate network? Uh-huh Gosh this thing is bad. I still cannot get over how it scans your house Attacks the devices on your network knocks them offline and impersonates them Ah, this is such a nightmare. It's like a perfect Trojan horse like in the traditional sense like if we go back to the original story Here's this big present and we're gonna hide inside Here is this device that lets you get all the channels and somebody is going to hide inside Okay fair it solves a ton of problems for people and that's the big reason why they want to get it But my gosh at this point the veil is lifted We can see the spies are inside of it and I'm glad that word is out now Right and and that means that there's enough information that everyone should be Extremely careful and not by these things and it should be clear that nobody should get this thing because it's just pure evil Right earlier this week an article comes out on the verge And I'm like, oh the verge and it's talking about the super box and the vc box and basically and you know, I'm a big wrestling fan So, you know, we call it getting over or putting someone else over it's basically trying to put over the super box and say like oh well like You know, there's people at the farmers market selling these and you know, they've also got like some goat cheese and stuff So they're just trying to make it and like this guy was a retired cop in upstate new york And now he's trying to help, you know, his church get access to quality television And I'm reading this like this is literal propaganda like oh my goodness Like this is this is what they mean when they say like it's going to be plain as day in your face And you're not going to understand that like Again an average everyday person is going to read that and be like, oh well these people don't care Like in the article like it verbatim said like oh, I don't care about sending a couple thousand dollars a month to china Every month because I you know, I'm helping people get affordable tv Sorry I had to pick my jaw up off the floor. What? This verge article is titled everyone is stealing tv and yeah It simply talks about how so many americans are selling and using these things like the interview jason and natalie and james and eva All who are happy superbox users and resellers the quote from eva is i've been on a crusade to try to convert everyone i'm completely Flabbergasted by this article like what are we even doing? I mean, let me read one part to you. They interviewed this guy jason who earns a commission for every superbox he sells After signing him up as a reseller jason's superbox contact also recruited him for a unique side gig Whenever jason finds a superbox advertised for less than the company's suggested retail price He buys it and sells it back to the company for a premium He says that the superbox maker then checks the device's mac address against a list of past sales and remotely Deactivates all boxes it sold to the reseller who openly advertised the unauthorized discount Offending sellers are then asked to pay a fine jason says Consumers who happen to buy a box for the wrong price find it locked with an on-screen warning telling them to contact their service provider To alleviate the concerns of would-be buyers fearful of getting scammed device makers maintain online verification tools Each reseller gets a certificate with a unique code Enter that code into a web form and the company will tell you if the reseller in question is in good standing Oh Thanks verge For squashing my concerns about being scammed by someone selling me a cheap superbox I feel much better now that you told me that there's an online verification tool to check whether this seller is the chitter not This article in my opinion Is all hyped for this thing. It doesn't raise any of the red flags that I see on it I simply cannot believe the verge posted this article. This is ridiculous I am officially nominating this article for a pony award then yesterday um, there was like I think it was called like the tech brew Ride home or something like that at the end of the episode from yesterday He spends about five minutes and he's basically it sounds like he's reading the verge article and I'm like No, like don't don't repeat it like We were already again They're already trying to discredit any of the research that any of us have done on this to basically prove that like This isn't something you should be getting and what cracked me up is in the article It said well, it's not like you can get these at walmart and best buy because everyone knows It's illegal to have pirate devices at the store and I'm like no shit, but they're at walmart and best buy And I don't think you understand how crazy it is to have an influencer marketing campaign working against us here You're not buying these things from some shady guy in a dark alley who you know is 100% Illegal and is probably scamming you you're buying it from a soccer mom a guy with a stand at the farmers market your church friend Family members gym buddies co-workers and when it comes into your life in this way It doesn't feel illegal. It doesn't seem shady. It feels like you're clever and smart to get such a cool gadget I remember, you know kind of the old adage like you you know back in the 90s early odds Like especially all of us who've been on the internet a long time and those of us who were like in high school and stuff like that when in the early days of the Internet You know you felt like you could spot a scam from a mile away because the skill wasn't there But this is sophisticated like again, they're hitting it from a few different angles They're making sure that they have people ready to counter any negative like press or posts or anything like that They're making sure like like like we've said to tap into the economic anxiety like it's crazy I'm like wow, they put so much time into this But then you think about where these things end up I mean you you know you know people that work weird shifts or maybe they work in like, you know, some kind of weird office It's boring at night. Maybe they're on graves. Oh, I want to watch the UFC fight. Let me bring my superbox And then that thing just gets busy devouring all the computers at work Or it's brought to a hotel to watch tv on the go Or maybe the coffee shop owner installed one so they could play shows on the tv's in the shop And now when you get on the wi-fi in that shop Suddenly you're on the same network as a computer. That's probing and scanning you and attacking you This is why I never use wi-fi in a coffee shop or a public place I just picture it riddled with these diseased infected boxes that are desperately trying to get access to my machine the moment it connects I bring my own wi-fi hotspot with me everywhere I go. So I only trust my own network the funniest thing I think that has happened so far was uh being out at a a far restaurant and uh, you know, I'm looking around because someone had just told me they were at a far restaurant Saw three of them in there So now I like go into places and I'm like looking and making sure there's not like A superbox behind the tv and stuff like that because even if it's not doing anything else Just the fact that like anything you connect to it It wants to know about it and it's going to start poking at it to me is scary Like if I connect my phone like and what what made me upset about this whole situation with my dad I was like I went over there and didn't know he had these and had connected like My work computer at the time and like my phone and stuff to the home network because I was visiting for a couple days And I'm like you have these things in the house. These have been plugged in the whole time like You what and so it exposes all of us um in a lot of ways that we may not want to be exposed and You know, I'm not doing anything shady, but like I I want my privacy And I saw you are bringing a fair day bag with you everywhere you go. Is it this is why? Um, I mean it could have something to do with it for sure But also just trying to be more cognizant of my own like Personal security hygiene because I think for a lot of us that have been doing this for a while There's always going to be places where we're just like, uh I don't just I just don't care that much because we already were already in it so much all the time But I I spent some time kind of reflecting on you know, I was out traveling Um, and I think I got popped with something because my phone was acting crazy and all this other stuff So I blew away everything in the house Re-imaged everything everything's fine now, but I'm like, hmm I'm just going to take some extra steps just to make sure because I usually you know I always have vpns on and stuff like that But you know a vpn can only do so much if somebody's really interested in what you've got going on on the other side of that So yeah, I I will just encourage everyone to just keep practicing basic security hygiene because the moment we get complacent That's usually when we get gone. Okay, that's it. I'm taking dead ass as q here if she always keeps her phone in a fair day bag I think I have to do that now too A fair day bag is one that just doesn't let wireless signals pass in and out of it Think of it like the door of your microwave which blocks it so your microwave doesn't cook the whole kitchen Because who knows what coffee shops and restaurants have these things in them and are scanning my phone Even if I'm not connected to the wi-fi like what's with the bluetooth and other antennas on this thing It's proven to be so malicious that I don't trust it for a second I don't even want to be in range of this thing. Let's put all the pieces together. Yeah, and and where do you where do you land on this? Okay, so so the whole picture is Somebody and I'm going to be vague on purpose because I am still working to get the full picture of the somebody somebody is Basically getting influencers, of course to show these there's an entire distribution network of Distributors and resellers so they're getting folks, you know in their neighborhoods and in their communities and you know All these places to sell these boxes to friends family every everybody as much as they can Which again already weird They've already infiltrated all the big box stores. So again, it's now looks like this normal every day has been around for nine years consumer product We still of course have the whole issue with them targeting people directly in oil and gas Which that's still to me. I'm like, it's got mail to you at your house friend. Like are you gonna move? Like I just you know, I'm worried for you And then we still of course just have the endless problem of like there's no like legitimate like regulatory tracking on it They're dark There's no FCC IDs. Like you can't find really any information on these things The one that we did find information on, you know, when you're importing something and it's coming from overseas You have to sign off on it and say that like, you know, it's it's everything's correct. Like it's got it's labeled It's got the FCC ID things like that and it had a signed one But the name did not It was a qq email that signed it and I'm like so the us agent has a qq.com email Signing off on this device that it has all the regulatory information of the things it's supposed to have when it when it doesn't That's not that's not legit. Yeah So it's kind of like they've got us like on the mlm thing too Like I don't know what it is about america and we love our mlm's man Like there's been like, you know amway and all the you know, there's there was even like Like a power one. So this is just like a new mlm. It's just streaming box mlm It seems like yeah And I think they're hitting us in in such a unique way because they know we're we're frustrated with the Rising costs of cable and all the different streaming services are branching off into their own So now you have to have 10 different streaming Subscriptions and people are sick of this. They're just like we got the solution for you It's perfect. You get all the channels and we don't care about breaking the law So, yeah, so someone is doing this. Do you have an idea who might be behind this? I mean given everything that's going on geopolitically like of course everyone was kind of just like You know hands up like china like it just seems like it's obvious Right at this point because why else would it be beaconing straight into 10 cent? um The other thing too is that as I've kind of been like looking at this and everything else The the devices themselves like they've got a whole like manufacturing arm that has to be Again, china's got the manufacturing thing down Like we're all sitting around with iPhones and all these other things like china makes our stuff So they've gotten really good at how to fabricate this stuff And so it actually looks nice like it looks like it's good quality to make it look even more credible for the price that people are paying And if we think about like you said everyone's stressed out for money Everybody always wants a quick fix We we are such suckers for get rich quick schemes and things like that and that is like peak multi-level marketing The distributors get a cut from the resellers the resellers get a cut from the boxes And then if you get friends to also help you resell you get more of a cut of their boxes So like it's a perfect mlm So they're hitting us from the things that are built in the agriculture tv Multi-level marketing get rich quick. They're building into our economic anxiety They're building into our complacency with just accepting things that even if you know, we don't know that much about it It's like, oh, well, we get all our stuff from walmart or all our stuff from best buy social proof Yeah, so they're they're hitting us from a few different angles just psychologically like not even from a technical perspective Like the the tactics and everything that the box are are using those are like table stakes like you expect reconnaissance You expect some of these other things You don't expect an influencer network that's trying to get these out there You don't expect there to be marketing because if you look at some of the other devices like there might be one or two videos here And there like maybe talking about like an Nvidia shield as an example But this thing has like a whole campaign websites and everything else i'm like Who is doing like you set up a whole brand? Just to sell these things like this is insane And so yeah all that to say like we're now at this point where i'm like, okay Well, we have to make a decision. I guess as like a nation Um, do we want cheap easy cable or do we want to continue to have basically backdoors? plugged into all of our networks um Okay, so If it is china even the chinese government It's crazy to think that the chinese government would be behind this but it sounds like it may be they have that unified You know front as far as integrating everything with the military So sure so if the chinese government is trying to get into americans homes in order to gain more access into them and visibility and all that sort of things It doesn't seem like we'd be their first target. So i'm just wondering if there is a uh If we've seen this activity in other countries, um these kind of uh boxes Yeah, in other countries. Yeah, that was kind of interesting because I kind of like immediately You know when I first started looking at it, of course, I wanted to see if there was anything else that had been reported Um, there was a researcher. I'm spacing on his name right now Um, he but he had done a write-up on the malware that was in the t95 Box so that kind of got me already thinking like okay, so we have seen behavior similar to this before um, I did look in like other countries and stuff and um, like china had already cracked down on these types of device Uh, I think like new zealand had already cracked down on these types of devices So it seems like this had already been like a similar problem But apparently there was also a similar campaign in taiwan about ten years ago It was all centered around a legal piracy of sports And so it was the same idea though They have these streaming boxes that were convenient and you could get all the sports channels and they were all over taiwan And then they got busted and then they weren't all over taiwan anymore But that could have been a test bed to then see okay. Well, how do we make it work here? um So how does how does uh, you know country bust them to let us no longer Valid in that country or whatever like what are the what are the even approach to stop something like this? I mean they of course were like you got to pull them off the shelves. They're banned like they can't be imported You know those big those big kid controls as I like to call them Um, I don't know how long it's going to take to even see that here We did just finally get some stuff taken off the shelf that again We were we all had concerns about china and we all had concerns about like, you know What are these devices actually doing? But it was like years after the fact when it was already a problem. Yeah, I mean even if you did Get it banned from walmart and amazon and and best buy you still have the soccer mom down the road Swinging them and your electricians coming over and saying I got some extra stuff for you if you want to buy these things Man, so it would be really hard to put the genie back in the bottle at this point So that's one prong and then maybe another prong is getting isps to do something and and say hey This is illegal streaming. So we don't allow that here Yeah, and I the isp has been really good about this I actually got word from a friend who works on an isp And he says that a lot of users are reporting that their allocated bandwidth is getting maxed out super early in their billing cycle And they're like i'm not online that much yet. It says i've uploaded 360 gigabytes of data Clearly you have a faulty meter so the isp technicians go out to the house and investigate and they can't find an issue And so they swap out their isp devices and reset their bandwidth usage But then the problem persists next month the customers call back saying it shows that i've uploaded so much data that my isp is now throttling me One customer was even seen uploading 4 000 gigabytes in a single day So the isp asks the customers By chance you have a superbox and many of them say yeah, I do why? Well, it's because those things are sending enormous amounts of data to the internet But what is it sending sure it's part of a botnet so it's attacking other devices by sending floods of data But also it just might be exfiltrating tons of data that it's collecting in that home network Voice logs network data photos files anything that it might find valuable. It just sucks it up and sends it off I mean if a device is sending terabytes of data a day or a month Then the question isn't what is it uploading? It's more like what isn't it uploading? So yeah isps are getting hit in the face with these boxes too and are unsure how to effectively handle them I think the telecom and isp networks understand. I think their vulnerabilities a little bit better They're like, okay. Yeah, we actually have to like look at what is going on In home networks because we are no longer at the point where we can just pretend. Oh, well it's consumer that doesn't impact me We're all we're all in it now like there's no we can't like you said we can't put the genie back in the bottle So they've been pretty good about trying to of course single traffic So isps can of course see downstream But we have to kind of think about like are we prepared to be a country where we are now policing What's going on on home networks and obviously like that would be problematic for a lot of people I think that's going too far, but right. No exactly like I think and I don't I don't think we should have to do that This might be the one time that I want Disney Yeah, get litigious. Yeah, right. Why hasn't disney figured out? Hey, they're streaming this priority and because I know that they've always been really Always like ready to strike when it comes to that stuff I'm actually really surprised that it hasn't been like one of these bigger like media companies like actually striking back I mean google sued the bad box operators Okay, um, and there was a bunch of like dmca like kind of notices and stuff like that, but it's still going So Is is that going to actually do what we want it to do? I don't know like we still You know so much has happened in the last couple of weeks at like it's going to be a busy year in 2026 That's all I could really say like it's I there's there's so much more that's going to come from this I I guarantee it. Yeah And if it's it seems like so easy for it to just be Eliminated since it is illegal And and that's the thing I'm I've been stuck on that honestly like to me I'm just like this is the most blatant example of this and like y'all are out here sending like these You know isp letters to like a single mom because she wanted to like download shrek too for like her kids But like we're not doing anything about exactly this entire network of bootleg streaming That's what's so surprising is the the the pushback on piracy all these years and how terrible it's been to torrent things and how people are All right. Yeah, we're all evil. We're all evil trash for Apparently that's not a problem anymore. Yeah, I guess or or they haven't got the memo. That's what's surprising about it Yeah, and so that's what I think is going to unravel this year is is There's it's no longer unknown. Yeah, and it's like, okay This is clearly and but it because if it if it is allowed then why don't why don't we just make a lid A legit one not a legit one but a non Delicious one like we can have a whole new business model. I'm like I and again I'm surprised someone just hasn't right like I won't be surprised when somebody's like, hey I'm ethical and I'm gonna help you get all the channels like Like here comes everyone else's money because we don't want implant devices But again, there's just a lot all going on at the same time like obviously like when we think about the whole geopolitical picture There's a lot of different moving pieces. We've seen a lot of stuff overseas Internationally and so I still am trying to understand how this might even be a part of that So I will be digging more of this year. That's for sure Oh, yeah, I mean, I hope that the update whatever comes next isn't Bad these bad boxes destroyed them. Yeah Oh my god It is you're right. They said if you put in this is a prepositioning move What is their final? Intent and maybe we don't know yet. That's what I yeah, that's the part that I'm still kind of scratching my head about like It's just it's the why I mean, I'm like, yeah, I guess like Maybe the ad fraud. Maybe it's the you know residential proxy business. They're running Maybe it's just the botnet but like there's so many other ways to do all of that That's not stand up a whole brand and then market these boxes to people so they they buy them Yeah, I I predict that we haven't seen the full wrath of what these things are capable of yet It's possible that all this is just some prepositioning move of some kind And whoever's behind this is trying to get blue color workers to give them access into us corporations And then what if someone gets a hold of our critical infrastructure in a large-scale way It's like having a chokehold on us. They could do whatever they want So the potential damage these things could do Could feasibly be in the realm of nation toppling Does that make me crazy to say that? This is the very reason why I don't like getting into politics Politics is designed to confuse you and to keep you from getting to the truth So you can never be sure of what's actually happening But even when you get a glimpse of the truth You then sound like a lunatic when you start telling other people because if I ever see one of these things plugged in anywhere I'm gonna immediately unplug it and try smashing it to bits And I can only imagine the owner of it yelling at me. Hey, what are you doing, man? And I'd be like, don't you know this thing is evil? And if we don't stop it, it might be the end of our nation I feel like a lunatic just thinking that scenario through But maybe this is the new world that I just need to get used to Because even if we all team up to get these things smashed and burned and yeeted once and for all There's just gonna be another thing that pops up a 3d printer with spyware a drone with spyware a projector with spyware A router a computer or even a car Because if these things are cheaper or better than the competition Or if they just have a better marketing campaign by paying influencers to spread it Then this battle to discover it and eradicate it is just going to start all over again And I'm not sure it's possible to fix this And that's what makes it so scary The whole goal of information security is to conduct business in a hostile environment Like for instance when you do anything online, you're traveling through a bunch of networks that you have no idea who owns them So you have to operate in a zero trust kind of way by encrypting your connections so that they can't snoop on you And doing things to verify the data and tamper with the message So maybe this is the new hostile environment that we need to learn how to operate safely in Our homes and workplaces our coffee shops and bars Could all be out against us now I never expected our home networks to be hostile environments But let's take this as a sign that they probably are And spring is here now. So it's time to clean up our networks and make them safe again I'm drawing a line on my front door. Spyware is not allowed past this point Thank you so much to deadass for finally sharing this story with us It has been such a treat watching her progress through this over the years And i'm so happy to finally tell you all about it Hey, listen, I've got some big things cooking up this year I'm going to be releasing a new bonus episode real soon here, which is going to only be available to premium subscribers And i'm also going to be releasing a whole new podcast later this year This is by far the most insane story anyone has ever told me and it's taken me eight years To make and it's finally in its final touches But premium subscribers are going to get to listen to it way earlier than everyone else What i'm saying is i really want you to become a premium subscriber So you just let me know what it is I need to do in order for you to buy me a cup of coffee once a month Not even one percent of you are premium subscribers. So I know it's not you. It's me I need to do something to amaze you or wow you or give you something that you can't find anywhere else So you just let me know what is it that I can say or do so you chuck me a few bucks for what I bring you And if you're like, oh jack, you've given me enough now. It's time for me to give to you Then thank you. I really appreciate that you can become a premium subscriber by going to plus dot dark net diaries dot com and you'll get ad free episodes and a bunch of bonus episodes And you'll be the first to listen to my new podcast coming out in a few months The show is created by me the failed pro gamer jack rey sider our editor is ai's worst nightmare tristan ledger Mixing done by proximity sound and our intro music is by the mysterious breakmaster cylinder What's a pirate's favorite movie? anything rated r This is dark net diaries You