Inside Mirai, the Hack that Broke the Internet

November 16, 2023 gear Leave a comment 18 Views

In October 2016, a malware tool named Mirai took down some of the biggest sites and services on the web, including Netflix, Spotify, Twitter, PayPal, and Slack. The blackout affected most of the East Coast of the United States, and the size and scope of the outage alarmed the cybersecurity researchers and law enforcement agencies tasked with thwarting such attacks. The code that caused this meltdown was created by three individuals, all in their teens or early twenties. The trio had built a tool that took control of internet-connected smart home devices and used them—like a massive zombie army—to knock the internet’s most vital servers offline. Now, years later, Mirai’s three creators have told their story.

This week, we talk to WIRED senior writer Andy Greenberg about Mirai’s creation, how the code did its damage, and how the three hackers were eventually caught.

Show Notes

Read Andy’s epic feature story, “The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story.” The story also graces the cover of the next issue of WIRED magazine.

Recommendations

Andy recommends the book Your Face Belongs to Us by Kashmir Hill. Mike recommends getting a wreath for Christmas instead of chopping down a tree. Lauren recommends Okinawan sweet potato haupia pie bars.

Andy Greenberg can be found on X as @a_greenberg and @agreenberg elsewhere. Lauren Goode is @LaurenGoode. Michael Calore is @snackfight. Bling the main hotline at @GadgetLab. The show is produced by Boone Ashworth (@booneashworth). Our theme music is by Solar Keys.

How to Listen

You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how:

If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts, and search for Gadget Lab. If you use Android, you can find us in the Google Podcasts app just by tapping here. We’re on Spotify too. And in case you really need it, here's the RSS feed.

Transcript

Note: This is an automated transcript, which may contain errors.

Lauren Goode: Mike.

Michael Calore: Lauren.

Lauren Goode: Have you ever been hacked?

Michael Calore: I don't think so. I haven't been outright hacked, but I'm also not certain that all of my devices are uncompromised at this point.

Lauren Goode: You have a lot of smart home gadgets.

Michael Calore: I do, yeah. A lot of little things that are connected to the internet that I never really check in on. So, I don't know, maybe I have been.

Lauren Goode: And we spend all day on the internet using like 200 apps.

Michael Calore: Yes. Oh, God, all the apps. OK. So yeah, maybe I have, I don't know. Why?

Lauren Goode: Have you read Andy Greenberg's latest story in WIRED?

Michael Calore: Yes, I have.

Lauren Goode: It's epic.

Michael Calore: It really is.

Lauren Goode: It's this incredible tale of these three teenage hackers—well, they were teenagers at the time—who basically took down the internet for one day in 2016. But the tale of how they got there, where they started and where they ended up, it blew my mind. And actually, it made me feel worried about all my stuffs on the internet.

Most PopularGearPS5 vs PS5 Slim: What’s the Difference, and Which One Should You Get?By Eric RavenscraftGear13 Great Couches You Can Order OnlineBy Louryn StrampeGearThe Best Radios to Catch Your Favorite AirwavesBy Nena Farrell GearThe Best Robot Vacuums to Keep Your Home CleanBy Adrienne So

Michael Calore: Yes, we should all be worried.

Lauren Goode: We should. And we have Andy on the show today to tell us more about this story.

Michael Calore: I can't wait.

Lauren Goode: So, let's talk about it.

[Gadget Lab intro theme music plays]

Lauren Goode: Hi, everyone. Welcome to Gadget Lab. I'm Lauren Goode. I'm a senior writer at WIRED.

Michael Calore: And I'm Michael Calore. I'm a senior editor at WIRED.

Lauren Goode: And we're joined this week by WIRED senior writer Andy Greenberg. He, of all of the hack stories. Andy, welcome back on the show. It's great to have you on.

Andy Greenberg: Thank you. Glad to be back.

Lauren Goode: So, Andy, we've brought you on because WIRED has just published your massive epic of a feature story titled “The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story.” It's the story of the hackers who created a malware tool called Mirai that took down some of the biggest websites back in 2016, including Netflix, Spotify, Twitter, PayPal, Slack, everything. It was a massive cyberattack that rocked the foundations of the internet. And now for the first time, the people who created that malware have told their story to you.

So, Andy, we wanted to talk about the specific tools that these hackers used, and then later in the show, we'll talk about how it all came tumbling down. But first, how did you get in contact with these guys? What made them finally want to tell their story?

Andy Greenberg: Well, it's one of these strange winding one person leads you to the next things that happens when you've been covering this beat for, I don't know, 15 years or whatever I've been doing. So, Marcus Hutchins, who I wrote a cover story about, another former teen hacker who went down a rabbit hole of cybercrime and then redeemed himself in a sense by stopping the worst cyberattack in history at the time with this other massive cyberattack called WannaCry. Anyway, I won't retell his story, but he put me in touch with weirdly, not these hackers, but the FBI agent who tracked them down, because Marcus has turned into a white hat hacker. He was part of this working group of security researchers who are trying to stop massive cyberattacks. And so, he knows this FBI agent in Alaska named Elliott Peterson, who wanted to talk to me about the work of this research group, which I was kind of interested in.

But then I found out that Elliott, this Alaskan FBI agent, was the one who tracked down these three young hackers who had created Mirai, by some measures, the biggest botnet in history, responsible for these massive cyberattacks that were like, where were you when that happened? Moments in cybersecurity for really everybody in this field. And when I found that out, not only that he was the one who had done that investigation, but that, to spoil the ending here, that he had found these guys, flipped them one by one, turned them into essentially FBI informants and then made them like his own internal research team at the FBI, that as part of their sentence, they had worked for him for five years and that those five years were about to be up.

I wheedled my way into introductions to all three of these guys and started trying to convince them to tell this epic and very twisty story of how they had themselves become cybercriminals, how they'd built this massive monster, how they lost control of it, and then how they ultimately ended up working for the FBI.

Lauren Goode: Hold on one second. Oh, I'm sorry. I think that's Hollywood knocking. Should we let them in?

Andy Greenberg: I wish it were that easy. This is ultimately a story that takes place on the internet, which I find that screenwriters have a tough time with.

Lauren Goode: Oh.

Andy Greenberg: But if you know anybody who is really good at, I don't know, depictions of some sort of metaverse where all this drama happens online, then yeah, please let me know.

Lauren Goode: Well, previously on this podcast, Mike has recommended an entire criterion movie selection of films just about people playing around on the internet.

Michael Calore: Yeah, the techno thrillers.

Lauren Goode: So, it is possible. It is possible, but let's put a pin in that and come back to it.

Michael Calore: Andy, I think we need to do a little bit of background here before we dive into the particulars of the attack, because the thing that the Mirai code is known for is DDoS attacks. Can you briefly explain for our listeners who may not know what a DDoS attack is, what it is, how it works?

Andy Greenberg: So, DDoS stands for distributed denial of service, and it's actually a very simple idea, which is that if you send enough junk traffic at any computer on the internet, you can basically cause a traffic jam that knocks that computer offline. And it turns out that one way to do this is to … The distributed part of this really in the distributed denial of service is that if you can hack hundreds of thousands of computers around the world and then use them as a kind of zombie hoard, what we call a botnets, like a network of bots. Then you can aim their junk traffic at any target you want and launch one of these DDoS attacks that just floods any server, any website, sometimes even an individual's internet connection with this massive tsunami of junk traffic that they just cannot defend against. And they're suddenly knocked offline and sometimes can be held offline for days on end.

In fact, this is a eternal problem of the internet. I was hesitant to tell a big story about this because it's such an old and simple kind of attack, but it was interesting to me in part because it is just so fundamental. It is just unsolvable, it still persists today, and companies spend millions and millions of dollars to try to protect themselves from these attacks. It's like this kind of constant tax on the internet.

Michael Calore: And I think the thing that set the Mirai attack apart was that this botnet that these three individuals built was not just other people's computers, it was not just dormant computers or servers out there on the internet. They tapped into the internet of things, right?

Andy Greenberg: Yeah. The real innovation of these three very young hackers, I mean, who were really teenagers when they started going down this rabbit hole and only 19 and 20 when they caused their biggest cyberattacks, their big invention was to not just hack PCs or servers, but to look at this whole menagerie of internet connected devices, many of which were super vulnerable, it turns out, and enslave all of them as part of this Mirai botnet. That is how they amassed such a huge collection of zombie devices and how they were able to launch such giant floods of traffic by hacking light bulbs and smart toasters and refrigerators and routers.

And actually, the most powerful of all, it turns out, were the digital video recorders for security camera systems. DVRs have a lot of processing power, and there's a ton of them out there. They're really insecure. And those were, along with routers, home routers, were some of the most powerful conscripts into this botnet.

Lauren Goode: Mike, I think you should be concerned about your smart home gadgets. Andy, I'm wondering if you can tell us a little bit about these hackers' personalities, what was driving them or motivating them to do this? And I'm also wondering at what point maybe they started to realize that they were doing some harm, right? Because initially it seemed like they were convinced they weren't really hurting anybody, and then things got more intense, at one point one of them was swatted by a rival hacker. At another time, one of them took down the Rutgers University network so hard that some Rutgers students started to demand tuition refunds. So, at what point would you say these guys actually started to realize what they were doing was perhaps harmful?

Andy Greenberg: Right. Well, this is the part of the story that really got me excited about telling it. I mean, to be honest, my colleague, Lily Hay Newman, had covered the Mirai attacks as news when they happened, and even another WIRED writer, Garrett Graff, had done some stories more from law enforcement's perspective about this investigation.

So, this was just the first time that anybody had gotten these three guys to talk and to tell their stories. And those turned out to be just wonderful, fascinating, tragic, but I don't know, inspiring personal stories ultimately. But each one of them was such an unlikely cybercriminal. Josiah White who in some ways was the primary inventor of some of these internet of things hacking techniques. He was a homeschooled Christian kid who worked in his family's computer repair shop in Pennsylvania and just took one tiny step at a time convincing himself always that what he was doing was just messing around, that it was victimless, that he was just a Steve Wozniak kind of figure. But then like a boiling frog, just slowly finding himself deeper and deeper into a truly disruptive and dangerous form of cybercrime.

His first accomplice, I guess, was this other kid, Dalton Norman, who had a much more tragic story. He had a debilitating stutter that he thought would prevent him from having a normal life. He told himself, "Yes, you're super talented at this stuff, but you'll never be able to have a normal job in tech because you cannot even say your own name in a job interview. So, this black hat cybercrime thing is your only hope of survival in the world." That's what his teen brain was telling him. And he was also displaced by Hurricane Katrina, he was from New Orleans. And just struggled as a teenager to find his footing and ended up sinking deeper and deeper into this world of for-profit hacking.

And then, the third of them was Paras Jha, who was the son of Indian immigrants and incredibly talented at coding. I mean his parents, I think just coming from a culture that stigmatized neurodivergence, refused to acknowledge that he had really severe ADHD, it seems like. And he ended up, himself, getting increasingly disillusioned and isolated and depressed, I think. Until in college he was just DDoSing the Rutgers network to try to delay exams. Actually, he started out because he wanted to register for computer science classes, and the seniors and juniors were taking all of the spots. So, he would try to DDoS the enrollment system until it was his turn so that he could get into the computer science classes he wanted. But he was just so alienated from his surroundings and had no social life.

And this is how these three kids who ultimately are all, I think it's fair to say they are good people, if there is even such a distinction. I think in some sense, all people are good fundamentally, but this is how they ended up building this monster and doing such damage despite being kids who came from loving families and are just normal American kids.

Michael Calore: So, shortly after these three teamed up, they actually had the idea of legitimizing their services, right? By starting a company together?

Andy Greenberg: Well, that's right. I mean, that's part of this stepwise, just incremental bit by bit slide that they took into the biggest cybercrimes of their kind ever. And that was that Paras and Josiah decided that they were going to create a cybersecurity firm to defend against the kind of cyberattacks that they were increasingly becoming really talented at launching. They thought-

Michael Calore: That's called a protection racket.

Andy Greenberg: Well, it wasn't at first. They thought that they could actually just sell real protection services, but then when they couldn't get any customers, it turns out people don't really shop around for these things until they have to. They decided, "Oh, well, maybe we can create some of those situations where they have to, by hitting off," as they put it, "some of the customers of their competitors and then calling them up to sell their own services."

Lauren Goode: The timing was uncanny.

Andy Greenberg: Yeah. I think that it didn't work out in part because it was a little suspicious to get a call from this very young salesman for this company selling a service that you need at the moment that you've just had your network destroyed by a well-timed cyberattack.

So, it didn't entirely work out. They found that that wasn't enough to keep their business alive. And so, they turned to this even more criminal step of just building this massive botnet to sell cyberattacks as a service, even then initially thinking, "Oh, we'll just make some money just to keep our defense business alive." But soon found that that was just too fun, too seductive, well, in some ways, too profitable, although they didn't actually make that much money. And they just fell headlong into this addictive feeling of launching these massive DDoS attacks on a scale that nobody had ever seen before.

Lauren Goode: And at one point, one of the hackers said to another, "This is illegal, right?" And the other said, "Kind of."

Michael Calore: An understatement.

Lauren Goode: Yes. We're going to talk more about that in the second half of the show.

[Break]

Lauren Goode: Andy, tell us how the hacker's attacks started to escalate and then how it all started to unravel.

Andy Greenberg: Right. Well, once these three guys had created Mirai, they put it up for sale, basically, or rather, rent really, that you could rent time with this botnet to launch attacks on anybody you wanted to. And very quickly, people were taking down massive Minecraft services. They were attacking the Rio Olympics. They were taking place that summer of 2016. But then the big one that really got everyone's attention was when one of their customers started launching cyberattacks at Brian Krebs, this very well-known independent cybersecurity reporter. And that is not a good idea. Brian is really well known for eventually chasing down hackers and doxxing them, revealing their identities. Well, his website was taken offline for multiple days, which was shocking. I mean, it wasn't actually the biggest cyberattack of its kind that anybody had ever seen, but it seemed like it because it was so high profile, nobody really noticed some of the other ones that were even bigger, like a full-

Lauren Goode: Right. People are like, "Oh, PayPal. Brian Krebs. You've got my attention."

Andy Greenberg: Well, they were hitting off, it was more like some Minecraft server I've never heard of. Nobody's paying attention. Even the Rio attacks somehow were defended against and did not actually take anything down, despite being pretty big. This French hosting company, OVH, was hit with a terabit a second of DDoS, which I don't know, it's hard to even grapple with the size of that, but it is hundreds of times bigger than the very large attacks that people were used to at the time. So, then Brian Krebs was hit with an attack about half that size, which still seemed just unbelievable. And there was no way that he could defend himself. I mean, his site was truly just torn offline for days. So, that was really a poking the bear moment.

And soon after that, the FBI was on their trail. When these three guys started to get the sense that an FBI agent, Elliott Peterson, this Alaskan FBI agent was looking into them, they panicked. And one of them decided that as a smoke bomb distraction, he would release the source code for their botnet as a way to just muddy the waters, make it possible for anybody to create a Mirai bot. He thought, who was the original Mirai? It would be like some kind of I am Spartacus moment. But of course, what that really did was just unleash incredible chaos across the internet. Just instead of one massive out of control botnet, there were now just countless ones, including one that within three weeks would launch this particular cyberattack that was the big one, essentially, that would take down a massive chunk of the internet for the entire United States.

Michael Calore: Yes. Tell us about the big one. We remember it because we were working here, and as you mentioned, we were writing about it, and I'm sure some of our listeners might remember it, but talk through what happened on that day.

Andy Greenberg: Well, right, I mean, WIRED in fact was taken down by this attack too. I'm not sure we were aware of that at the time, but nobody on the East Coast of the US for a little while could actually reach WIRED.com. So, this attack, which happened in October of 2016, really just weeks before the 2016 election and that's part of what created this feeling of like, "Oh my God, this is the big one. It has to be the Russians. This is a practice run for the attack on election day." But really, it was actually just some hacker who was using one of these copycat Mirai botnets to attack the PlayStation Network, but they went after the PlayStation Network's DNS service and DNS is, sorry to have to define another thing, but it's the domain name system. It's the directory system for the internet. It's how domain names like google.com get translated into IP addresses so that you can just type a name into your web browser instead of a long string of numbers.

And basically by going after this PlayStation DNS service, they actually probably accidentally took down this whole DNS company, Dyn, that provides DNS for 175,000 websites for users across the United States, and essentially broke the internet for millions and millions and millions of users.

Lauren Goode: And how long was the internet broken for?

Andy Greenberg: This really lasted for just half a day, but that's a long time for 175,000 websites to be offline. And I did even talk to people inside of Dyn, this DNS company, about what this felt like, and it was just total chaos. It also happened to be on the very day that Dyn was completing, was signing off on a deal to be acquired by Oracle for $600 million. And there was just absolute panic within the company of nobody wanted to be the middle manager responsible for the entire internet going down on the day that the new bosses were watching.

And it was just absolutely this cascading … It was almost like a DDoS attack inside the company, as one staffer described it to me, with managers just flooding their subordinates with requests for information about what was happening and nobody had any answers. And that just led to this feeling of absolute pandemonium inside the company.

Lauren Goode: Yeah. I wonder who's going to play the middle manager in the Hollywood version of this story? Maybe it's like their first week on the job and they're just-

Michael Calore: Jason Segel.

Lauren Goode: Yeah. Rami Malek. OK.

Andy Greenberg: Oh, those are very handsome middle managers.

Lauren Goode: Agreed.

Andy Greenberg: I was thinking more like Steve Buscemi or something.

Lauren Goode: OK. So, you've mentioned this Alaskan FBI agent, Elliott Peterson, who was on their tail at this point. There was also a security researcher, Allison Nixon, who around 2014, became aware of the hacker called Lightspeed, though she didn't know his real name at the time, she started digging deep into hack forums. How did researchers and agents eventually catch up with these guys?

Andy Greenberg: Well, they didn't make it easy. I mean, they were actually, as was described to me by the FBI and by other researchers, they were pretty sophisticated about covering their tracks, but they did make some mistakes. So, Josiah at one point, for instance, used his own IP address to scan the internet in the same way that Mirai did, which was the first thing that led Elliott Peterson to him, to start asking him questions. And then it turned out that Paras had actually created this burner account on one of the hacker forums that he would use to cheerlead for himself under a different name, and then also to take swipes at critics of Mirai. And Elliott Peterson very cleverly figured out that that probably was him, and then actually got the email address for that account and subpoenaed Google and found out that it was the same IP address that he was using for something else.

And so, there turned out to be a trail of breadcrumbs that led to these guys. And then Elliott Peterson, by following those few clues, was able to start flipping them one by one and turning them against one another in this web of betrayal and paranoia.

Lauren Goode: Oh, I like that. Who plays Elliott Peterson? Sterling K. Brown.

Michael Calore: Don't know who that is.

Lauren Goode: I don't know. I'm just-

Andy Greenberg: Neither do I, but it's a great FBI sounding kind of name.

Michael Calore: So, speaking of Elliott Peterson, one of my favorite details in this story was the fact that he's this FBI agent in Alaska, and in order for him to make this a case that he can work on, he has to determine that they've compromised a computer in Alaska. So, he starts looking at all of the places that the botnet has spread, and he's like, "Oh, it's actually several thousand devices here in Alaska, so this should be easy."

When I got to that part of the story, I started looking around my house and I was looking at the security camera that's on the side of my house, my eero, my light bulbs, my Sonos speakers, my Apple TV, and I kept thinking, "OK, all of these things are probably some part of a botnet." And then later that night I was watching something on HBO and I was streaming, and the picture quality started to degrade. And I said to myself, "This is it. My Apple TV is being used as part of a distributed denial of service attack, and here I am participating in it right in front of my face." So, it really got me thinking, is all of our stuff compromised? Should we actually be paranoid about this as users of internet of things devices? Should we worry that we are contributing to the internet crashing?

Andy Greenberg: Well, I think it's smart to worry. I do think that it's important to remember that Mirai was a peak moment in this insecurity of the internet of things that happened in late 2016. And hopefully, I do think it served as a wake up call to the whole tech industry that you can't just start pumping out all of this internet connected crap without consequences. That even if the consequences of your smart light bulbs being insecure are not that serious for your customers, they contribute to this just pollution of hackable detritus out there that can be wrapped up into these massive cyberattacks.

I don't know, I might be speaking out of turn, but I feel like things have gotten more secure. I don't imagine your Apple TV is vulnerable to some of the sometimes very simple exploits that these guys were using. I mean, they were hacking a lot of these devices with truly just username: admin, password: admin, vulnerabilities that exist in a lot of the not brand name, but very cheap and very numerous internet of things devices that were out there at the time. Probably many of them are out there today.

So, I think things have gotten better, but I do think that yes, you should be thinking about what in your home you have connected to the internet. You should be setting passwords on those, changing the default passwords on them. You should be updating them. I mean, if you have an internet connected fridge, when was the last time you thought about updating it? Not to mention your home router.

Michael Calore: Not to mention why did you buy an internet connected fridge in the first place?

Lauren Goode: Right. Not to mention why does everything have to be internet connected?

Andy Greenberg: Well, I felt bad saying that on the Gadget Lab podcast, but truly, I don't-

Lauren Goode: No, it's OK. We keep it real here.

Andy Greenberg: I don't truly want any of my stuff other than my computer and my phone to be connected to the internet. I have two kids. I've never bought an internet connected baby monitor, for instance. I'm terrified of this stuff. And it's really just because it's very hard to know that it's secure. Not only could it become a zombie in one of these botnets, but that it could be used against you in your own home too. So yeah, I feel like just keep it analog when you can, or at least offline digital.

Lauren Goode: Aside from the internet of things, I mean, what would you say is the part of internet hygiene that consumers should be just most cautious around, knowing that there are hackers who live on these hacker forums and are just constantly trying to poke holes in the internet and our gadgets when they can?

Andy Greenberg: Well, if you look at what these three guys did, they were not … It's interesting because most of the hackers that I write about who are the most sophisticated, the most interesting, are going after a specific target. If they want to cause a blackout in a Ukrainian electrical utility, they have a relatively hard target and they spend a year finding a vulnerability, finding a way to spread their access, finding a way to get from the IT side of the network, do the part where you can start turning off circuit breakers. That is not what these guys were doing. They were scanning the whole internet and looking for really simple vulnerabilities and just trying to do this at scale.

And I think that to protect yourself from the first kind of hacker I was talking about is almost impossible. To protect yourself from the second is actually pretty easy. It is a matter of just not outrunning the bear, but outrunning the guy next to you. And that means just setting strong passwords, using a password manager, using two-factor authentication, updating your devices, all the boring stuff that we do write about periodically in the security section at WIRED. These eat your vegetables and brush your teeth kind of prevention methods.

Lauren Goode: Yeah, password managers are hugely important. I've had conversations on dates where I'm like, "You're not using a password manager. How are you not using a password manager? We need to talk about this." It's really scintillating stuff. It's true. And we've written guides to password managers here at WIRED too. That's really good advice, Andy.

Andy Greenberg: You also just limit your attack service is another principle in cybersecurity. And that means yes, not connecting your fridge to the internet if you don't need to. And I don't know, not connecting your security cameras with that DVR that's such a powerful piece of a botnet. And if everybody did follow these principles, I feel like there would be a lot less ammunition out there for this DDoS-focused hacker too.

Lauren Goode: Well, Andy, your story is epic. There's so much in there that we couldn't possibly cover on this podcast. So, for folks who are interested in learning more about how the hackers were eventually caught, how they were turned on each other, what happened next, what they're doing now, all of that, please go read Andy's story or you can pick up a copy of WIRED. It's the cover story this month. Andy, stick around because when we come back, we're going to do our weekly recommendations.

[Break]

Lauren Goode: Andy, as our guest of honor, you get to go first. What's your recommendation this week?

Andy Greenberg: Well, I will recommend my friend Kashmir Hill's book. She's a New York Times reporter and she's written this book, Your Face Belongs to Us, which is about AI and facial recognition, and it's specifically the story of her investigation into Clearview AI, this very dystopian startup that created the ability to do a Google search or a Shazam-style search on anyone's face and finds their identity based on just what they look like, which is a really simple sounding tool that disassembles all of our ideas about privacy. And it's really just a wonderful detective story that she tells of incredibly impressive reporting, but also this parable about what happens when dystopian tech falls into the hands of people who are just willing to take it to its limits.

Lauren Goode: What was the thing about Kash's book that surprised you most?

Andy Greenberg: The thing that I really didn't know that was in some ways most interesting was that Clearview AI did not really come up with a technological breakthrough to be able to do this very disturbing facial recognition, that actually, Facebook and Google had these abilities and made the choice not to develop or release those tools. As Kashmir says, this was not a technological breakthrough, it was an ethical breakthrough or an unethical breakthrough, that just shows the importance in the history of technology of just somebody being willing to cross the line, which is exactly what this startup did.

Lauren Goode: That is a great recommendation. I have Kash's book on my list. I can't wait to read it. Thanks, Andy. Mike, what's your recommendation?

Michael Calore: OK. So, I'm going to recommend that if you're the type of person who celebrates the upcoming holidays by getting a tree and decorating the tree, I'm going to recommend that you not do that. And instead, you get a fancy wreath.

Lauren Goode: Say more.

Michael Calore: OK. So, there's no reason to cut down a tree. I mean, don't cut down the trees. The trees are beautiful things and they grow out of the ground. And then right when they're just about to become adults, we cut them down and we put them in our homes, and then they end up as sad garbage in early January on our front lawns and our stoops. So, let's not do that, people. Let's use the branches that come off the tree, but keep the tree alive and make a wreath, because wreaths are much more easy to manage. They're easier to care for than a tree. They are beautiful. You can put them on the outside of your house if you want, so that people walking by can see them. They're much more versatile than trees. I enjoy a beautiful wreath. It smells just as good as a tree smells.

Also, you don't have to use a plant wreath. You can use a designer wreath, like a reusable wreath. There are really nice artsy wreaths that you can get at the various Christmas stores or holiday stores that are popping up right now. So, this is my recommendation, that trees are from your childhood, and that was cool and everything, but if you're going to do the Christmas thing, get a wreath instead.

Lauren Goode: But, wait, if you take away the trees, then they're not going to be a part of other people's childhoods. You're just stopping the childhood tree.

Michael Calore: Right. And instead, introducing something that is vastly superior, which is the wreath.

Lauren Goode: This is a tough one. I do love a good Christmas tree. Fortunately, I travel for Christmas, so I'm wholly dependent on the people who I travel to, to get the tree. I don't do the tree.

Michael Calore: Right.

Lauren Goode: But maybe an eco-friendly solution is just to gather as many people as possible around your tree each year. So, 20 people celebrate one tree instead of groups of four or five each having a tree.

Michael Calore: Yes.

Lauren Goode: I don't know. Really, you're ending Christmas trees? We're probably going to get … There's going to be some political campaign against the Gadget Lab because you're canceling Christmas trees.

Michael Calore: That's fine. I can handle it. All I'm saying is that wreaths and garlands, I should not leave garlands out of the conversation, they're better all around, from an ethical standpoint and just from an aesthetic standpoint. It's weird to walk into your house and just see this giant dead tree just sitting there with all this stuff hanging off of it.

Lauren Goode: They can also be fire hazards.

Michael Calore: They can also be fire hazards.

Lauren Goode: Just be careful.

Michael Calore: Wreaths are where it's at, people.

Lauren Goode: Do you have a wreath?

Andy Greenberg: Well, I don't know the difference between a wreath and a garland, but maybe you can just put some links in the show notes for that.

Michael Calore: Or, I can just very quickly say that a garland is a long-

Lauren Goode: It's like a scarf.

Michael Calore: Yeah, it's like a scarf that you put on your banister.

Lauren Goode: On your mantle.

Michael Calore: On your mantle.

Andy Greenberg: Oh, of course. Yeah.

Lauren Goode: And it's green. It's pine, right?

Michael Calore: Yep. Whereas a wreath is a decorative arrangement, usually in a circle. And it can be any size. It can be the size of a human. It can be the size of a small human. It can be the size of a cat.

Lauren Goode: All right, Mike, thank you, question mark, for that recommendation.

Michael Calore: You're welcome. Exclamation point. What is your recommendation?

Lauren Goode: My recommendation this week is sweet potato hopia pie bars.

Michael Calore: OK.

Lauren Goode: Those of you who follow me on Instagram know that I had a little bit of a failed baking experiment this past weekend, but I was in Hawaii recently, it was a short trip. And during that time I had these incredible, incredible sweet potato bars for breakfast. Got them from a local coffee shop there, came home and decided that I wanted to try to replicate it.

I did find a recipe, which I will link to in the show notes. I have not successfully replicated this recipe yet. Not a super good baker. But these are incredible. So, they use Okinawan sweet potatoes, purple sweet potatoes. You boil them, mash it up, puree it. You can use a different kind of crust, shortbread crust, graham cracker crust, pie crust. But then you pour in the filling, and then I think the hopia, which is the creamy coconut topping, is really what makes it. It's just delectable. It's so delicious.

Michael Calore: So, you make this in a sheet pan?

Lauren Goode: You can make it in a sheet pan. You can make it in a round pie plate. I mean, you could probably make it as a little individual cupcake bars. I don't know, I didn't try that.

Michael Calore: So, the ones I've seen, they come out-

Lauren Goode: They're bars.

Michael Calore: Yeah, they look like a lemon bar, except the lemony part is purple.

Lauren Goode: Yes. That's exactly right. That's exactly right. And the top is creamy coconut. And some people put some macadamia nuts on them. This was so incredible. Of course, I had it for breakfast and I was like, "This is the best breakfast bar ever." And then I realized it's just dessert-

Michael Calore: Yes.

Lauren Goode: … being served at 8:00 in the morning.

Michael Calore: I want two of them right now.

Lauren Goode: But sweet potatoes are very good for you. So, that's-

Michael Calore: Yeah, especially when you put a bunch of butter and sugar in them.

Lauren Goode: Cream and butter and sugar. Yeah. I'm sorry to say, Mike, you can probably make them vegan, the ones that I attempted to make were not vegan.

Michael Calore: Thank you for pointing that out.

Lauren Goode: I have to keep working on this recipe, but what a life changer. Highly recommend this recipe. Yeah. So, if you want to be that person who shows up at your friend's holiday parties and point at their tree and call them out for having a tree, you can make it all better by saying, "But you should try these sweet potato hopia pie bars that I made."

Michael Calore: Thank you. Question mark.

Lauren Goode: You're welcome. Exclamation point. All right, that's our show. Andy, thank you so much for joining us. It's always a pleasure having you on the Gadget Lab, and we need to have you back on again soon. So, I guess, get cracking on the next hack.

Andy Greenberg: I'll be working on it. Thank you both for having me.

Lauren Goode: And thank you, Mike, as always for being a great co-host.

Michael Calore: Of course. Thank you.

Lauren Goode: And thank you all for listening. If you have feedback, you can find all of us on the socials. Just check the show notes. Our producer is the excellent Boone Ashworth, who is not a hacker as far as we know. Goodbye for now. We'll be back next week.

[Gadget Lab outro theme music plays]

News

Inside Mirai, the Hack that Broke the Internet

Related Articles

About

Check Also

How to Preorder the PS5 Pro (Before a Scalper Bot Does)

Leave a Reply Cancel reply

The Hottest Startups in Helsinki in 2024

These Apps Help People With Disabilities Travel Smarter and Safer

7 Tips for Mastering ‘Metaphor: ReFantazio’

The Best Bug Sprays to Keep Bites at Bay

The Hottest Startups in Dublin in 2024

These Facebook marketing skills can help you become more hirable

Kicked Off Mint? Try These 5 Saving and Budgeting Apps

12 Ways to Upgrade Your Wi-Fi and Make Your Internet Faster

How to Get Free Kindle Books With Your Library Card

How to Back Up Your iPhone