Review: Darknet Diaries

(Originally posted September 22, 2018)

Genre: Anthology, Technology
Possible Triggers: N/A
Safe For Work: Yes
Content: PG

These are true stories from the dark side of the Internet. I’m Jack Rhisyder, and this is Darknet Diaries.

If you’re a member of the “Internet Stranger Danger” generations, then I’m sure you remember you remember as well as I do the lectures we got from concerned parents who didn’t understand how technology worked. “Don’t use your real name.” “Don’t tell people what state you live in.” “Don’t tell anyone how old you are.” Ah, the good old days.

As it turns out, the dangers of the Internet aren’t just the one-in-a-million weirdos we meet online. They’re the dark, shadowy figures that we never see.

Darknet Diaries, hosted by Jack Rhysider, details the stories of these shadowy figures, showing the good and the bad of the Internet in each episode. Rhysider knows a lot about cyber security, and combines his own knowledge with stories from different hacking events throughout the Internet era to explain how these events happened, who carried them out, and what could have been done to stop them.

With a series like this, it would be easy to just focus on the bad parts and the bad people who haunt the dark corners of the cyber world. Rhysider takes the show in a different direction, however, focusing both on the bad and “chaotic good” people in the world.

Episodes 7 and 8, for example, focus on a gamer/hacker named Manfred, who started hacking into MMORPGs (Massively Multiplayer Online Roleplaying Games) and exploiting holes and bugs he found in the programming to collect and sell digital merchandise for real profit (think in-game purchases, but they’re sold by a third party instead of by the company). Manfred began this lucrative career by accident, after discovering a bug in a game called Shadowbane which allowed him to earn experience and level up at a completely unbelievable and unprecedented rate. When he reported the bug, his account was banned. He received the same response several times, and then began exploiting the bugs and making it his full-time job (from which he only recently retired). Manfred had a moral code, however – he wouldn’t do this with games that already offered real in-game purchases, so as to not take profit away from the company.

Listening to these stories is both fascinating and horrifying. Manfred and his friends, after being banned from one game, attacked the game’s programming and sent it completely haywire, turning safe zones into PvP zones, spawning monsters in newbie areas so new players would be immediately attacked, and overall turning the game into chaos. Imagine playing a game and resting in a safe zone when someone suddenly comes up and stabs you. Sure, it’s only the online world, but that’s a game and a character you’ve put hundreds of hours of work into, and you just wanted a break. Luckily for gamers, Manfred turned away from the chaos and used his knowledge for profit, rather than chaos.

Then there’s the story of the VTech hacker. Vtech is a company that sells various toy tablets, watches, and laptops for kids, and even has its own app store where kids can download games and books. When the child receives their new VTech product, the parents have to register and make an account with their name, address, credit card number, and email. They then create an account for their child, using the child’s real name and sometimes a real photo as a profile picture, assuming this is perfectly safe – no one would endanger children’s identities after all, right?

This was proven very, very wrong in 2015, when an unidentified hacker, after finding some tips online, decided to randomly try hacking into a VTech website – and succeeded. He discovered hundreds of gigabytes worth of unencrypted data, including account passwords, credit card information, home addresses, and – perhaps worst of all – photos and videos children had taken with their VTech products, including pictures of themselves.

The hacker wasn’t a criminal, but rather a concerned citizen – he emailed VTech about the breach and the holes in their security, and after several months of no replies or changes to the websites, sent everything he knew to a journalist. What followed was akin to a PR nightmare, which led to VTech taking all their servers and websites offline for months while they tried to patch up all the holes. The hacker was caught, those his name was never released, and to this day no one knows what happened to him.

Now imagine all that data in the hands of someone who intended to do harm. Children’s photos sold to child pornography websites. Credit card numbers sold on the deep web. Home addresses posted for anyone and everyone to see. This story could have been so much worse than it truly was.

“Well, those are just isolated incidents,” you’re saying now, in an attempt to assure yourself that everything is okay. “And the people weren’t really bad.”

To which I say- tell that to the victims of the TalkTalk hack. TalkTalk was a UK mobile provider, which suffered from a series data breach in 2015, which led to thousands of customers being scammed out of money. Or to the people who were victims of the major retailer hack detailed in episode 15, when a company discovered their cash registers were riddled with malware that was skimming all the information off of every credit card used. Then imagine if Manfred and the VTech hacker weren’t morally decent people.

It’s enough to make you swear off the Internet forever, isn’t it?

Beginner Friendly?: Yes; most episodes are standalone, though listening in order is fun

LGBTQIA Friendly?: N/A

Pay to Listen?: No, but they accept donations.

Length: 20-30 minutes

Overall: Darknet Diaries, while terrifying, is also enrapturing. Listening to the details of these attacks, how the aftermath was handled, the lengths some people will go to cover a data breach, and hearing ways to prevent more attacks like these, is informative and fun. The technical jargon gets to be a bit much at times, although Rhysider does his best to put everything in laymen terms. You don’t have to be a technology genius to understand the moral of the stories though – there are good people, there are bad people, there are people who do these things for a living, and there are people who are just bored.

You better hope it’s one of the good people who get their hands on your private information.