Darknet Diaries

172: SuperBox

2026-04-07 · 07:00 UTC ·Darknet Diaries ·78 min read

Brief

Deadass traced a commercially sold streaming device called the Superbox from a casual discovery at her father's house to a multi‑year, multinational security incident. She began by quarantining a unit and capturing packets to see where it phoned home. Her early observations—immediate connections to Tencent infrastructure, repeated contacts to .top domains, and highly anomalous local network behavior—prompted her to buy additional units from Amazon, Best Buy and Walmart marketplace listings to replicate the findings.

Technically, the Superbox looked like a cheap Android appliance but behaved very differently from benign streaming hardware. Deadass reports the units run plain Android with a 2021 patch level, include remote access tooling (TeamViewer, ADB) and require installing a custom Superbox App Store delivered as heavily nested zip payloads. She was able to connect over ADB, escalate to root (SU), and dump firmware; the image contained many missing or hidden partitions. On the wire the devices performed aggressive ARP scanning and flooding that could knock devices offline and then impersonate their IP/MAC to harvest further information—an unusual combination of local reconnaissance, spoofing and lateral probing for an ostensibly consumer media device.

Distribution was as important as the code. Deadass and Jack Recyter describe an organized reseller/ influencer ecosystem: small creators and neighborhood sellers promoted the boxes (one influencer allegedly offered a 50% revenue share), and third‑party marketplace listings reappeared after takedowns. The campaign specifically targeted suburban homes, which the researchers worried could be an intelligence foothold: employees bring work devices home, and a compromised home network could become a pivot into corporate environments. The FBI’s public service announcement (cited by Deadass as June 2025) and follow‑on investigative interest underscore that federal authorities recognized the scale and national‑security implications.

As public attention grew—amplified by reporting from Krebs and others—the risk picture expanded. In January 2026 the Kim Wolf botnet produced record‑scale DDoS traffic (~31 Tbps) using an estimated ~2 million devices; Superbox‑family devices were later confirmed among nodes abused by that botnet. ISPs began seeing customers with massive upstream usage (examples given: 360 GB in a billing cycle and one case of 4,000 GB in a day), consistent with both DDoS participation and large‑scale data exfiltration/residential proxying. Deadass described targeted pushback: phishing attempts for her research, a short DDoS hitting her home, and aggressive pro‑Superbox media pieces (e.g., a Verge feature she said downplayed technical dangers) that complicated public understanding. Both speakers agreed on the technical threat and the psychological/marketing sophistication of the campaign; they differed only in speculation about ultimate attribution and long‑term intent.

The episode closes on practical and strategic concerns: the devices are a new kind of Trojan horse—cheap, attractive, and widely distributed—and may serve multiple criminal businesses (residential proxies, DDoS‑for‑hire, espionage). Deadass urged basic hygiene (network segmentation, guest networks, cautious use of public Wi‑Fi, and being skeptical of reseller pitches), and Jack framed the problem as broader than piracy: it’s a structural risk requiring coordinated responses from consumers, ISPs, platforms and potentially regulators. The story remains unfolding; the researchers warned that taking these devices off shelves is only one step in a larger cat‑and‑mouse problem of hostile hardware and the social channels that propagate it.

Why it matters

Deadass discovered a suspicious 'Superbox' at her father's house in 2023 and began packet-capturing its traffic; the device immediately called out to Tencent (QQ/Tencent infrastructure) and numerous .top domains (Deadass).

Key details

The Superbox runs plain Android (not Android TV) with a 2021 patch level, ships with remote-access tools (TeamViewer/ADB) and an unofficial 'Superbox App Store' packed inside multi-layer zipped files; Deadass said she obtained root via ADB (SU) and dumped firmware that showed 47 declared partitions but only ~15 visible.
Network behavior included excessive ARP scanning/flooding that could knock devices offline and then impersonate them (IP/MAC spoofing), plus lateral probing of local hosts — a reconnaissance and impersonation technique Deadass observed on her test network.
The devices were widely distributed through third‑party marketplace listings (Amazon, Walmart, Best Buy third‑party sellers) and an influencer/reseller program (some influencers reportedly offered up to 50% of proceeds), producing grassroots reseller networks targeting suburban homes (Deadass / Jack Recyter).
The FBI issued a public service announcement warning about compromised IoT devices (titled “Home Internet Connected Devices facilitate criminal activity”), which Deadass cites as a June (2025) PSA and said triggered formal government interest and an investigation that limited what she could publicly disclose.
In January 2026 the Kim Wolf botnet (reported by Jack Recyter citing public sources) launched record DDoS attacks—peaking at ~31 Tbps—using an estimated ~2 million devices; Superboxes were later confirmed as infected nodes in that botnet.

Cleaned source text

title: 172: SuperBox

author: Darknet Diaries

content_type: podcast

publication: Darknet Diaries

published: 2026-04-07T07:00:00+00:00

source_url: https://www.podtrac.com/pts/redirect.mp3/dovetail.prxu.org/7057/cb64ead7-d1f0-41c4-885c-84ce8b3e42d9/darknet-diaries-ep172-superbox.mp3

word_count: 17593

[0:00] Introduction

Hey, hey, it's Jack, host of the show. I went to IKEA the other day to buy Lamp, and when I went in, I saw that they had a recall notice on the bulletin board. Their garlic press was getting recalled. They said that 10 people got injured using it, and I think little metal bits would fall off and cut some fingers. So they stopped selling it, and were issuing full refunds to anyone who bought one. And it made me think, hold on, has this ever happened with computers? Like, has a store ever recalled a computer because it was dangerous? And what does dangerous mean? There was a story that came out a few years back, which was about a super cheap gaming computer that was being sold on Amazon, but little did anyone know. The computer came with malware on it. People who bought it would get their crypto wallets drained, their steam accounts taken over, and their email compromised. The computers were made in China and came shipped with Windows 11. But the thing is, the company didn't want to pay for Wurliddle. Windows keys so that they could sell the computers cheaper. So they found a hacked version of Windows 11 installer, which would bypass the whole license key thing. But the problem is, the installer would embed malware into the Windows install. So the seller didn't even know it had malware on it. Amazon reviews started showing up. This computer is unsafe. Don't buy it. One star. And more reports came in about people saying that their computers came with malware on it. And I mean, if you got a new gaming PC, and during the time you were setting it up, it stole your cryptocurrency, took over your email and stole your Steam account, how much would that hurt you? How dangerous is that? Would it hurt more than getting a metal sliver in your finger from a garlic press? I think so. Yet as far as I know, computer shops, such as Best Buy, Amazon, or wherever, never issue recall notices for computers or tech, which are malicious. Retailers who sell defective items that are unsafe typically issue recall notices to buy back faulty items that are dangerous. But I just wonder if a computer riddled with malware doing enormous amount of harm to users will ever fall into the category of dangerous or faulty or harmful to retailers. These are true stories from the dark side of the Internet. I'm Jack Recyter. This is Darknet Diaries. This episode is sponsored by Threat Locker. If you've listened to Darknet Darius for a while, you've already heard of Threat Locker. I've talked about how they lock environments down, deny by default, zero trust, all of it. But the problem they were solving changed because attackers changed. They don't break in like they used to. Now they just log in with real credentials, real sessions, nothing that looks out of place. Once they're in, they're treated like they belong. So Threat Locker took what they already were doing and pushed it further, with their zero trust network access and zero trust cloud access.

[3:32] Access isn't just about logging in

So now access isn't just about logging in, it's about the device, the connection, and whether any of it should be trusted at all. If you want to see what zero trust looks like when it's done right, go to threatlocker.com slash darknet. That's threatlocker.com slash darknet. This episode is sponsored by Meter, the company building networks from the ground up. If you employ and work with IT engineers, you're going to know how hard it is for them to do their job well. What your business needs is performant, reliable, secure networking infrastructure. But what you get is IT resource constraints, unpredictable pricing, and fragmented tools. What you and your engineers need is a modern platform you can all trust to support your business. Enter Meter. Meter delivers a complete networking stack, wired, wireless, and cellular in one solution that's built for performance and scale. Alongside their partners, meter designs the hardware, writes the firmware, builds the software, manages deployment, and runs support. That means less time your employees spend writing to multiple vendors and more time working and improving your IT systems. Meeter's full stack solution covers everything from first site survey to ongoing support, giving you a single partner for all your connectivity needs. Thanks to Meeter for sponsoring this show. Go to meter.com slash darknet to book a demo now. That's spelled M-E-T-E-R, meter.com slash darknet. And go book a demo. Today, I'm so excited because I finally get to talk with DeM-E-T-R-E-R-M-E-R. It's good to see you again. I know. So we started, we started, I met you at DefCon like five, six years ago. Like one of my first, like ever DefCon's, yeah. It was your first DefCon. And you messaged me like, hey, you want to meet? Where are, can we meet? So I got something to tell you. I was like, yeah, where. And this was back in the days where I actually checked my DMs at DefCon. Now it's impossible for me to do that. And so I was like, okay, go to the child zone. That's what I'm wearing. Okay, cool. And then we sat down at like a couch. And you're like, okay, I got something. And it was still hush, hush. I was like, what is going on here? And you had, you had, I won't give names here, but you had a contact with somebody who you knew had a good story. You're like, I can connect you with this person. I was like, great. And we did. We connected and we had conversations. So thank you for that. Yeah. And so that's where we first met. But then I just watched you have talk after talk. And I learned more about you. Like, at the time, you told me your name was deadass. And over time, I've just learned that your name, you really should be called badass. You're really, like, I think even back then you were working on all kinds of really cool projects. Do you want to give us a background of just like your tech career? Yeah. I mean, it's kind of, I'm very much the textbook definition of non-traditional background as far as technology is concerned. like I have an English degree. I went to Berkeley for rhetoric and propaganda. It wasn't. Okay, so I heard that today. Yeah. We're here at CactusCon and I just heard your talk, but you did say that you have a degree in rhetoric and propaganda. Is that true or was that a joke? That's like legitimately, basically what the degree was in. It was all about like understanding argument, understanding like the rhetorical devices and tools. And so I hyper-focused on the efficacy of propaganda from that. And that actually is what informed when I started looking at the topic of my talk, why I knew there was something weird about it. Like, it kind of like touched that part of my brain and I hadn't really seen anything like this yet. So you, that was a career path for you. I want to go into propaganda. Well, more so I want to go to law school, or at least I thought I wanted to go to law school at one point. And then, like, you know, the bay is expensive. Life is expensive. And then I, you know, built my first computer and I was like, oh, wait, I can do this for like a job. Why was I not just doing that? So you got into tech and then give us kind of a potted summary of some of the tech roles you've had. Yeah, so I've worked at some of the biggest names in security, so Palo Alto, Google, Apple. I've already been kind of around the valley, as they say. And now I'm over at census. Oh, yeah. What do you do at census? I'm a senior sales engineer, so not even like a researcher. I just do research for fun. But the thing is, a few years back, dead ass discovered something that was like discovering something you weren't supposed to see. A discovery which would send her down a rabbit hole that would take her years of research to get to the bottom of. And it all started at her dad's house. Without giving away too much, he's one of the senior people at his oil and gas company. Okay. And so you go to visit him and... Yeah, so my dad is very... I don't want to say nonchalant, but he's like he's chill, right? Like, he's a very chill kind of person. So for him to be excited, I was like, oh, well, what are you excited about? Like, you're very deadpan. Like, you don't get excited. Her dad was excited about all the channels and shows and movies that he could get on his TV now. He's like, look at this. I got hundreds of movies, full series of all the latest TV shows, thousands of channels, sports, even pay-per-view wrestling matches. You like wrestling, dead ass. You would love this thing. And he's telling me about it. it and he's like yeah it's just 300 bucks it just works it's called the super box and immediately i'm like okay this already sounds weird but keep going so i ask like well how does it work and he says oh it just works that's not what i ask you i ask you how does it work and so my younger sister was also studying cybersecurity she comes in and she says oh yeah the network's been really slow at the house ever since those boxes came home so that was kind of my final final red flag to be like, I'm going to get one just to see what it's doing. Boxes? Yeah, boxes. What? More than three. Why does he have so many? Because they're convenient. That's how they get you. Oh, for each TV? Yeah, for each TV. Okay. How did he get it? Somebody at his job told him he needed to get one really, really bad, so he got one. She takes one home to look at it. She's not a researcher, so she's not sure where to start. She knows enough that she should quarantine this thing, though. So she put it in a separate network. it doesn't learn about her home network or try to bother any of her other devices, and she puts it behind a firewall. Then she starts Googling where to start. It was the weirdest question I've ever asked out loud, how do I get P-Caps at the house? Because I had to figure how to get packet captures off the thing, and I'm like, how do you do P-Caps? The idea was that when she turns it on, she wanted to see where it would try to talk out to. Who does this thing communicate with? How does it send those packets? So she learned how to do packet captures in order to watch this. I got one of those packet scrolls from Hack 5, and I had laughed to myself because I remember when I first came into security and thought I was going to be like a badass hacker. I was like, oh, I'm going to get all this stuff off Hack 5. So I had one, and I hadn't ever opened it, and I learned how to use it. And that was my kind of in-line packet captures. So she gets it all set up, turns it on, and just lets it do its thing. And she watches what it talks to. The first thing it does is call out to Tencent, like just straight into it. Like in China, yeah, like QQ.com. Tencent is a massive tech company that owns QQ in China, and it's not entirely unusual for something to be talking to it. So at first I was like, okay, maybe this isn't that bad, but then when you apply the rest of it, like, oh, you're an oil and gas executive, somebody new told you to get this, the network's running really slow, and this thing is talking out to China, right? Like, it's all of that, right? individually those things don't mean anything, but when we're looking at this like strategically or in a big picture, you're like, oh, I see. But maybe she's connecting dots that aren't there. So she keeps looking for traffic logs. I'm kind of just watching the traffic, watching the traffic. I would like turn them on for like a day, turn them off. I'm looking at logs. I'm kind of just trying to get a feel for what they're trying to do. And then I get a hit in my vulnerability log, like in the threat log on my Palo Alto firewall. and it's for a SCADA vulnerability. A SCADA vulnerability? This makes no sense. Skata is the control systems used in large-scale industrial settings. Think pumps, valves, conveyor belts, compressors, elevators, railway switches. This is where SCADA systems live. Why in the world is this box that's here to deliver TV and movies attempting to trigger a SCADA exploit on Dead Assess's network? This is very concerning. So she continues to look at the traffic. thing is sending. She notices it's communicating hard with all the other devices on her local network. Typically, a streaming box will not care about what else is on your local network and only want to go out to the internet and get the content so that it can show it to you on your TV. But this box was super busy feeling around to see what else is in her network. Specifically, it starts arping out to any device in the same network as it. So basically, ARP is when a device is like, hey, are there any computers on this network that have the IP 192168, 1.10 or whatever. And if there is a device that has that IP, it'll respond. He'll say, yeah, that's me. You want to chat. Here's my Mac address. And then it gives the Mac address. So this super box was arping out to every IP in Dead Assess Network. I would say it was almost more of like an ARP DOS because it was arping at things so hard that they would like freak out and like lose their IP address reservation. Yeah. Really? Yeah, they were just so chatty. And that was also something weird to me because normal devices, like, they're chatty, but they're not chatty like that. Right? So it's this noisy thing on a network. It's ARP and everything. It's sniffing around. It's just way too interested in things going on on my network. So this thing would ask, who has this IP? And when the device with that IP would respond, then it would just continually ask again and again, thousands of times flooding it with ARP requests until that device would get overwhelmed, and go offline, which would then allow this super box to pose as that device. It would change its own IP and Mac address to match that thing it just took down, which is such a wild attack, to knock out other things and then pose as them to see if they are communicating with anything more juicy. Holy cow, this thing is scary. So she keeps Googling this thing to try to learn more. It looks like it's all been SEO poison because it's only places to buy the superbox. There's no negative. Like, you can't even find Reddit posts even questioning anything about the Superbox. The entire first page is where to buy and everything that's great about it. Now she's getting curious. Who makes this thing? What brand is it? Where does it come from? One of the more common things a lot of us have probably done are like, what's this device? What's its Mac address? Who makes it? I look into who makes it. It's some weird looking, like website templated, just strange looking company called like GBS Labs or something like that. And it's basically a shell. Like there's stock photos on the site and just all kinds of like the telltale signs of like, we stood this up to look just legit enough, not actually be legit. So I look into them as a manufacturer. I'm finding like fake LinkedIn's and all kinds of stuff like that. So I'm like, okay, this obviously isn't real. So I keep digging. I get worried because as I continue to kind of acquire boxes, I got like a couple off Amazon. I got one from Best Buy, one from Walmart. Whoa, whoa, whoa, these things are available at Amazon and Best Buy Walmart? Yes, they are. You could buy a super box right on these sites. Yeah. Hold on a second. A bunch of pirated movies and TV shows. It's sold in a box that you just plug into your TV, and now you don't have to pay for cable or any movies. That sounds illegal. Yeah. I mean, it is, but even on the box itself, when you turn it on. It pops up a little disclaimer. Here, I actually want to read to you the notice that pops up when you just plug this thing in for the first time. It says, Thank you for choosing Superbox. Superbox is an empty and open entertainment device. Due to the nature of this item, we are not in any way responsible for the content streamed or viewed by any user. It is the user's responsibility to satisfy themselves that the sites accessed for streaming the content to have correct copyright agreements in place and are entitled to the content. The burden of determining this falls completely on you, the user. Superbox, and no way takes any responsibility for how you use this device. Unbelievable. Does that even work? Can you sell a box that markets itself for having thousands of pirated shows on it and movies, but then put a disclaimer up that says, we're not reliable for anything that you do on it? I mean, they're doing exactly that. So in theory, no, it shouldn't work, but in reality, yeah, it's working, since this is for sale on Amazon, Walmart, and Best Buy's websites. And I should mention that Amazon, Walmart, and Best Buy aren't listing this themselves. These are third-party marketplace areas of the site, where anyone can go and set up a shop on those sites and start selling whatever they want. And while these listings would get removed every now and then, they would just come right back up listed by a totally different seller. Of course, eBay has them for sale too. So as I start kind of looking around, I go into YouTube and I'm like, okay, Superbox. And so I see, you know, a bunch of different influencers. They're not like Alinus Tech Tips or, you know, some of these other bigger folks that have a huge following on YouTube. These are folks with like sometimes like 800 followers, sometimes 50, sometimes, you know, 50K. One guy had like pictures of like motorcycles and like his wife and like pictures of food and then just a hard right turn and he's now talking about super boxes. I saw one kid who was like talking about like speakers and then suddenly the super box. Yeah. So I'm like, that's really weird. So obviously they had to be paying them. And it took me a while to figure this out. But I went way back to like a seven-year-old, like, super box video. And this one influencer was like, yeah, they contacted me. And they're offering me 50% of the proceeds of every device that I sell if I talk about this. Whoa, so there's super box influencers out there. People paid to spread this thing. Gosh, this makes it a lot harder to control and stop this. If they're being sold by random people just trying to make a few extra bucks, It's almost like they have an army of marketers and salespeople. They start appearing in weird places. I start seeing it on TikTok. They're on Facebook marketplace. So I start getting even more suspicious because I'm like, this has to be a whisper campaign because I'm not seeing it like, I'm not watching cable television and there's like an ad for the Superbox. And if that ever happens, like I'm going to just move out of the country at that point. But I haven't seen that yet. But what I have been seeing is, oh, check out the Superbox. here's YouTube shorts about the Superbox, check out my TikTok, get it off my store. So it's spreading. And then I find out later that because of how they're using the reseller market, they're like basically penetrating like the suburbs everywhere to get these sold and get these out to people and get that kind of like foothold across the United States. Holy cow. These things aren't just spreading. They're spreading in specific places. Suburban families are getting them. And why there?

[23:46] Think about it By targeting suburban

[1:18:00] This guy Dort who's the one

So now this guy, Dort, who's the one who made the Kim Wolf botnet, controls the superboxes. I mean, if I wasn't already extremely concerned about who's in these superboxes listening, now there's Dort in there too, and who knows what he's doing with these things, turning them into weapons, I guess. And if Dort can get into any superbox that's on the Internet, then does that mean anyone else can get into these things too? Like, are there a dozen spies in these things listening to us, seeing what we're doing on our microphones and stuff and poking around on our networks. Gosh, I was telling someone about this the other day, and their first incident is that the CIA must be in there listening to. And you know what, at this point, I don't doubt it. The fact that these superboxes are getting infected with more malware by random people on the internet just makes it so much worse. So at this point, it doesn't even matter of China's behind this, because pretty much anyone can take these things over and eavesdrop on us, or use the device to attack someone else with. This thing is radioactive, and it should be. smashed, burned, and yeated into space. Cloudflare, you know, put out a report that talks about kind of the DDoS statistics for the year for 2025. And they said that the Aceru Kim Wolf Botnet was the busiest. And they mitigated, I think it was, I think of the number was crazy. Like over 2,000 attacks they mitigated originating from this botnet. I'm like, wow. So it's been busy. Basically, the Kim Wolf Botnet is a DDoS as a service business. You can pay them money. And then they'll aim this botnet wherever you want. The target of your choice. and it'll take down whatever you tell them to. So it's purely profit-driven for whoever's behind it. Did this box try to communicate with other devices on the network? Yeah. Internally? Yeah. So I had my two little sacrificial raspberry pies, as I call them. I was like, well, once you've touched this network, you can never go back anywhere else. So thank you, my little lambs. And so the raspberry pies sit there on the network. And I, you know, I didn't even name them anything interesting. But I'm looking, I've got TCP dump running on them. and the boxes are just going freaking crazy. Like all of them are just actively trying to like poke at it. I'm watching scanning. I'm like, are you guys end mapping this like little raspberry pie in here? Like, what the hell? Again, they're doing that discovery when they get on a network to see what's on the network. Yeah. So if you're working, say, from home and maybe you're in a position of trust, you're in some type of like important position or you have like, you know, privileged credentials, things like that, you have this thing sitting on your network and don't know, like, what it's, you're in. potentially doing, it could be sniffing creds every time you log into work. It could be discovering your work device on your home network because a lot of folks don't have any segmentation on their home networks. I mean, you know, the possibilities really are endless if we think about it as just like an attack tool. I did get a report from someone that there was one at a remote employee's house that was actively trying to poke stuff on their corporate network. Okay, so try to figure, do they have a VP between their home and corporate network? Uh-huh. Gosh, this thing is bad. I still cannot get over how it scans your house, attacks the devices on your network, knocks them offline, and impersonates them. Ah, this is such a nightmare. It's like a perfect Trojan horse, like in the traditional sense. Like, if we go back to the original story, here's this big present, and we're going to hide inside. Here's this device that lets you get all the channels and somebody is going to hide inside. Okay, fair. It solves a ton of, of problems for people, and that's the big reason why they want to get it. But my gosh, at this point, the veil is lifted. We can see the spies are inside of it, and I'm glad that word is out now, right? And that means that there's enough information that everyone should be extremely careful and not by these things, and it should be clear that nobody should get this thing because it's just pure evil, right? Earlier this week, an article comes out on The Verge. And I'm like, oh, the Verge. And it's talking about the Superbox and the VC box. And basically, and you know, I'm a big wrestling fan. So, you know, we call it getting over or putting someone else over. It's basically trying to put over the super box and say like, oh, well, like, you know, there's people at the farmer's market selling these. And, you know, they've also got like some goat cheese and stuff. So they're just trying to make it. And like, this guy was a retired cop in upstate New York. And now he's trying to help, you know, his church get access to quality television. And I'm reading this like, this is literal propaganda. Like, oh my goodness. Like, this is this is. what they mean when they say like it's going to be plain as day in your face and you're not going to understand that like again an average everyday person is going to read that and be like oh well these people don't care like in the article like it verbatim said like oh i don't care about sending a couple thousand dollars a month to china every month because i you know i'm helping people get affordable tv sorry i had to pick my jaw up off the floor what this verge article is titled everyone is stealing TV. And yeah, it simply talks about how so many Americans are selling and using these things, like they interviewed Jason and Natalie and James and Eva, all who are happy superbox users and resellers. The quote from Eva is, I've been on a crusade to try to convert everyone. I'm completely flabbergasted by this article. Like, what are we even doing? I mean, let me read one part to you. They interviewed this guy, Jason, who earns a commission for every superbox he sells. After signing him up as a reseller, Jason's Superbox contact also recruited him for a unique side gig. Whenever Jason finds a Superbox advertised for less than the company's suggested retail price, he buys it and sells it back to the company for a premium. He says that the Superbox maker then checks the device's Mac address against a list of past sales and remotely deactivates all boxes it sold to the reseller who openly advertise the unauthorized discount. Offending sellers are then asked to pay a fine, Jason says. Consumers who happen to buy a box for the wrong price find it locked, with an on-screen warning telling them to contact their service provider. To alleviate the concerns of would-be buyers fearful of getting scammed, device makers maintain online verification tools. Each reseller gets a certificate with a unique code. Enter that code into a web form, and the company will tell you if the reseller in question isn't good standing. Oh, thanks, Virge, for squashing my concerns about being scammed by someone selling me a cheap superbox. I feel much better now that you told me that there's an online verification tool to check whether this seller is legit or not. This article, in my opinion, is all hyped for this thing. It doesn't raise any of the red flags that I see on it. I simply cannot believe the Verge posted this article. This is ridiculous. I am officially nominating this article for a pony award. Then yesterday, there was like, I think, I think it was called like the Tech Brew Ride Home or something like that. At the end of the episode from yesterday, he spends about five minutes and he's basically, it sounds like he's reading The Verge article. And I'm like, no, like, don't repeat it. Like, we're already, again, they're already trying to discredit any of the research that any of us have done on this to basically prove that like this isn't something you should be getting. And what cracked me up is in the article that said, well, it's not like you can get these at Walmart and Best Buy. because everyone knows it's illegal to have pirate devices at the store. And I'm like, no shit. But they're at Walmart and Best Buy. And I don't think you understand how crazy it is to have an influencer marketing campaign working against us here. You're not buying these things from some shady guy in a dark alley who you know is 100% illegal and is probably scamming you. You're buying it from a soccer mom, a guy with a stand at the farmer's market, your church friend, family members, gym buddies, coworkers. And when it comes into your life in this way, it doesn't feel illegal. It doesn't seem shady. It feels like you're clever and smart to get such a cool gadget. I remember kind of the old adage, like you know, back in the 90s, early aughts, like especially all of us who've been on the internet a long time and those who were like in high school and stuff like that when in the early days of the internet, you know, you felt like you could spot a scam from a mile away because the skill wasn't there. But this is sophisticated. Like, again, they're hitting it from a few different angles, they're making sure that they have people ready to counter any negative, like press or posts or anything like that. They're making sure, like we've said, to tap into the economic anxiety. Like, it's crazy. I'm like, wow, they've put so much time into this. But then you think about where these things end up. I mean, you know, you know, people that work weird shifts, or maybe they work in, like, you know, some kind of weird office. It's boring at night. Maybe they're on graves. Oh, I want to watch the UFC. fight, let me bring my super box. And then that thing just gets busy devouring all the computers at work. Or it's brought to a hotel to watch TV on the go. Or maybe the coffee shop owner installed one so they could play shows on the TVs in the shop. And now when you get on the Wi-Fi in that shop, suddenly you're on the same network as a computer that's proving and scanning you and attacking you. This is why I never use Wi-Fi in a coffee shop or a public place. I just picture it riddled with these diseased, infected boxes that are desperately trying to get access to my machine the moment it connects. I bring my own Wi-Fi hotspot with me everywhere I go, so I only trust my own network. The funniest thing I think that has happened so far was being out at a fa restaurant, and, you know, I'm looking around because someone had just told me they were at a fall restaurant and saw three of them in there.

[1:30:54] I go into places that I'm

[1:37:07] You have to have 10 different

So now you have to have 10 different streaming subscriptions and people are sick of this. So they're just like, we got the solution for you. It's perfect. You get all the channels. And we don't care about breaking the law. Exactly. Yeah, so someone is doing this. Do you have an idea who might be behind this? I mean, given everything that's going on geopolitically, like, of course, everyone was kind of just like, you know, hands up like China. Like, it just seems like it's obvious, right, at this point, because why else would it be beckoning straight into Tencent? The other thing, too, is that as I've kind of been, like, looking at this and everything else, the devices themselves, like, they've got a whole, like, manufacturing arm that has to be, again, China's gotten the manufacturing thing down. Like, we're all sitting around with iPhones and all these other things like China makes our stuff. So they've gotten really good at how to fabricate this stuff. And so it actually looks nice. Like it looks like it's good quality to make it look even more credible for the price that people are paying. And if we think about, like you said, everyone's stressed out for money. Everybody always wants a quick fix. We are such suckers for get rich quick schemes. and things like that, and that is like peak multi-level marketing. The distributors get a cut from the resellers. The resellers get a cut from the boxes. And then if you get friends to also help you resell, you get more of a cut of their boxes. So, like, it's a perfect MLM. So they're hitting us from the things that are built into our culture, TV, multi-level marketing, get rich quick. They're building into our economic anxiety. They're building into our complacency with just accepting things that, even if, you know, we don't know that much about it, it's like, oh, well, we get all our stuff from Walmart or all our stuff from Best Buy. Yeah, social proof. Yeah. So they're hitting us from a few different angles just psychologically, like not even from a technical perspective. Like the tactics and everything that the box are using, those are like table stakes. Like you expect reconnaissance. You expect some of these other things. You don't expect an influencer network that's trying to get these out there. You don't expect there to be marketing. Because if you look at some of the other devices, like there might be one or two. two videos here and there, like, maybe talking about like an NVIDIA shield as an example. But this thing has, like, a whole campaign, websites and everything else. I'm like, who is doing? Like, you set up a whole brand just to sell these things. Like, this is insane. And so, yeah, all that to say, like, we're now at this point where I'm like, okay, well, we have to make a decision, I guess, as like a nation. Do we want cheap, easy cable, or do we want to continue to have basically backdoors, plugged into all of our networks. Okay, so if it is China, even the Chinese government, it's crazy to think that the Chinese government would be behind this, but it sounds like it may be. They have that unified front as far as integrating everything with the military. Sure. So if the Chinese government is trying to get into Americans' homes in order to gain more access into them and visibility and all that sort of things, it doesn't seem like we'd be their first target. So I'm just wondering if there is a, if we've seen this activity in other countries, these kind of boxes show up in other countries. Yeah, that was kind of interesting because I kind of like immediately, you know, when I first started looking at it, of course I wanted to see if there was anything else that had been reported. There was a researcher. I'm spacing on his name right now. But he had done a write-up on the malware that was in the T-95 box. So that kind of got me already thinking like, okay, so we have seen behavior similar to this before. I did look in like other countries and stuff, and like China had already cracked down on these types of device. I think like New Zealand had already cracked down on these types of devices. So it seems like this had already been like a similar problem, but apparently there was also a similar campaign in Taiwan. About 10-ish years ago, it was all centered around illegal piracy of sports. And so it was the same idea, though, they have these streaming boxes that were convenient, and you could get all the sports channels, and they were all over Taiwan. And then they got busted, and then they weren't all over Taiwan anymore, but that could have been a test bed to then see, okay, well, how do we make it work here? Hmm. So how does country bust them to that it's no longer valid in that country or whatever? Like, what are the even approach to stop something like this? I mean, they, of course, were like, you got to pull them off the shelves, their bands, like they can't be imported, you know, those big kid controls, as I like to call them. I don't know how long it's going to take to even see that here. We did just finally get some stuff taken off the shelf that, again, we all had concerns about China. We all had concerns about, like, you know, what are these devices actually doing? But it was like years after the fact when it was already a problem. Yeah. I mean, even if you did get it banned from Walmart and Amazon and Best Buy, you still have the soccer mom down the road, slinging them and your electricians coming over and saying, I got some extra stuff for you if you want to buy these things. Man, yeah. So it would be really hard to put the genie back in the bottle at this point. So that's one prong. And then maybe another prong is getting ISPs to do something and say, hey, this is illegal streaming. So we don't allow that here. Yeah. And the ISPs have been really good about this. I actually got word from a friend who works on an ISP. And he says that a lot of users, are reporting that their allocated bandwidth is getting maxed out super early in their billing cycle. And they're like, I'm not online that much, yet it says I've uploaded 360 gigabytes of data. Clearly, you have a faulty meter. So the ISP technicians go out to the house and investigate, and they can't find an issue, so they swap out their ISP devices and reset their bandwidth usage. But then the problem persists. Next month, the customers call back, saying, it shows that I've uploaded so much data that my ISP is now throttling me. One customer was even seen, uploading 4,000 gigabytes in a single day. So the ISP asks the customers, by chance you have a super box, and many of them say, yeah, I do. Why? Well, it's because those things are sending enormous amounts of data to the internet. But what is it sending? Sure, it's part of a botnet, so it's attacking other devices by sending floods of data, but also it just might be exfiltrating tons of data that it's collecting in that home network, voice logs, network data, photos, files, anything that it might find valuable. It just sucks it up and sends it off. I mean, if a device is sending terabytes of data a day or a month, then the question isn't what is it uploading? It's more like what isn't it uploading. So yeah, ISPs are getting hit in the face with these boxes too and are unsure how to effectively handle them. I think the telecom and ISP networks understand, I think, their vulnerabilities is a little bit better. They're like, okay, yeah, we actually have to look at what is going on in home networks because we are no longer at the point where we can just pretend, oh, well, it's consumer. That doesn't impact me. We're all in it now. Like there's no, we can't, like you said, we can't put the genie back in the bottle. So they've been pretty good about trying to, of course, sinkhole traffic. So ISPs can, of course, see downstream. But we have to kind of think about, like, are we prepared to be a country where we are now policing what's going on on home networks. And obviously, like, that would be problematic for a lot of people. I think that's going too far. Right. No, exactly. Like, I think, and I don't think we should have to do that. This might be the one time that I want Disney to get litigious. Yeah, right? Because why hasn't Disney figured out, hey, they're streaming this pirity. And because I know that they've always been really inside this. The mouse is always like ready to strike when it comes to that stuff. I'm actually really surprised that it hasn't been like one of these bigger like media companies like actually striking back. I mean, Google sued the bad box operators. Okay. And there was a bunch of like DMCA, like, kind of notices and stuff like that, but it's still going. So is that going to actually do what we want it to do? I don't know. Like, we still, you know, so much has happened in the last couple of weeks that, like, it's going to be a busy year in 2026. That's all I can really say. Like, it's, there's so much more that's going to come from this. I guarantee it. Yeah. And it seems like so easy for it to just be eliminated since it is illegal. And that's the thing I'm just surprised. I've been stuck on that, honestly. Like, to me, I'm just like, this is the most blatant example of this. And like, y'all are out here sending like these, you know, ISP letters to like a single mom because she wanted to like download Shrek to for like her kids. But like we're not doing anything about this entire network of bootleg streaming. That's what's so surprising is the, is the, the pushback on piracy all these years and how terrible it's been to torrent things and how people are, yeah. Yeah, we're all evil trash for... Apparently, that's not a problem anymore. Or they haven't got the memo. That's what's surprising about it. Yeah. And so that's what I think is going to unravel this year. It's no longer unknown. And it's like, okay, this is clearly... Because if it is allowed, then why don't we just make a legit one? A legit one. Not a legit one, but a non-malicious one. Like, we could have a whole new business model. I'm like, and again, I'm surprised someone just hasn't, right? Like, I won't be surprised when somebody's like, hey, I'm ethical and I'm going to help you get all the channels like, well, like, here comes everyone else's money because we don't want implant devices. But again, there's just a lot all going on at the same time. Like, obviously, like when we think about the whole. geopolitical picture. There's a lot of different moving pieces. We've seen a lot of stuff overseas internationally. And so I still am trying to understand how this might even be a part of that. So I will be digging more this year. That's for sure. Oh, yeah. I mean, I hope that the update, whatever comes next, isn't these bad boxes destroyed America. Yeah. Oh, my God. It is. You're right. They said, if you're putting in, this is a prepositioning move, what is their final intent and maybe we don't know yet. And that's what I, yeah, that's the part that I'm still kind of scratching my head about. Like, it's just, it's the why. I mean, I'm like, yeah, I guess like maybe the ad fraud, maybe it's the, you know, residential proxy business they're running. Maybe it's just the botnet. But like, there's so many other ways to do all of that. That's not stand up a whole brand and then market these boxes to people so they buy them. Yeah. I predict that we haven't seen the full wrath of what these things are capable of yet. It's possible that all this is just some prepositioning move of some kind. And whoever's behind this is trying to get blue-collar workers to give them access into U.S. corporations. And then what? If someone gets a hold of our critical infrastructure in a large-scale way, it's like having a chokehold on us. They could do whatever they want. So the potential damage these things could do could feasibly be in the realm of nation-fell. toppling. Does that make me crazy to say that? This is a very reason why I don't like getting into politics. Politics is designed to confuse you and to keep you from getting to the truth so you can never be sure of what's actually happening. But even when you get a glimpse of the truth, you then sound like a lunatic when you start telling other people. Because if I ever see one of these things plugged in anywhere, I'm going to immediately unplug it and try smashing it to bits. And I can only imagine the owner of it yelling at me, hey, what are you doing, man? And I'd be like, don't you know this thing is evil, and if we don't stop it, it might be the end of our nation. I feel like a lunatic just thinking that scenario through. But maybe this is the new world that I just need to get used to. Because even if we all team up to get these things smashed and burned and yeated once and for all, there's just going to be

[1:53:01] That pops up A 3D printer

another thing that pops up. A 3D printer with spyware, a drone with spyware, a projector with spyware, a router, a computer, or even a car. Because if these things are cheaper or better than the competition, or if they just have a better marketing campaign by paying influencers to spread it, then this battle to discover it and eradicate it is just going to start all over again. And I'm not sure it's possible to fix this. And that's what makes it so scary. A whole goal of information security is to conduct business in a hostile environment. Like, for instance, when you do anything online, you're traveling through a bunch of networks that you have no idea of, who owns them. So you have to operate in a zero-trust kind of way by encrypting your connections so that they can't snoop on you and doing things to verify that they didn't tamper with the message. So maybe this is the new hostile environment that we need to learn how to operate safely in. Our homes and workplaces, our coffee shops and bars could all be out against us now. I never expected our home networks to be hostile environments. But let's take this as a sign that they probably are. And Spring is here now, so it's time to clean up our networks and make them safe again. I'm drawing a line on my front door. Spyware is not allowed past this point. Thank you so much to Deadass for finally sharing this story with us. It has been such a treat watching her progress through this over the years, and I'm so happy to finally tell you all about it. Hey, listen, I've got some big things cooking up this year. I'm going to be releasing a new bonus episode real soon here, which is going to only be available to premium subscribers, and I'm also going to be releasing a whole new podcast later this year. This is by far the most insane story anyone has ever told me, and it's taken me eight years to make, and it's finally in its final touches. But premium subscribers are going to get to listen to it way earlier than everyone else. What I'm saying is I really want you to become a premium subscriber. So you just let me know what it is I need to do in order for you to buy me a cup of coffee once a month. Not even 1% of you are premium subscribers. So I know it's not you, it's me. I need to do something to amaze you or wow you or give you something that you can't find anywhere else. So you just let me know what is it that I can say or do. So you chuck me a few bucks for what I bring you. And if you're like, oh, Jack, you've given me enough. Now it's time for me to give to you, then thank you. I really appreciate that. You can become a premium subscriber by going to plus.darknetdirees.com, and you'll get ad-free episodes and a bunch of bonus episodes, and you'll be the first to listen to my new podcast coming out in a few months. The show is created by me, the failed pro gamer, Jack Recyter. Our editor is AI's worst nightmare, Tristan Ledger. Mixing done by proximity sound and our intro music is by the mysterious breakmaster cylinder. What's a pirate's favorite movie? Anything rated. This is Darkened That Diaries.