The Underground Trade of Car Hacking Tech

by UbiCo are the original passkeys.

Small, sturdy, and easy-to-use physical security keys that prevent phishing attacks and account takeovers.

Unlike basic multi-factor authentication or MFA methods, such as text message, one-time passcodes, or mobile authenticator apps, UbiKeys provide modern MFA and are a proven security solution that cannot be hacked or bypassed by malicious actors.

They safeguard against AI-powered cyber attacks, online identity scams, fraud, and account takeovers.

UBKeys help businesses of all sizes stay ahead of evolving cyber threats and regulatory requirements.

They also protect individuals and everyday users by securing over a thousand accounts, including email, social, password managers, productivity tools, developer tools, and more.

For more information on how UbiKeys secure applications, services, and accounts for both individuals and businesses, visit ubiquo.com/slash 404media and for a limited time, get $10 off your order of exactly two keys from the YubiKey 5 series or security key series using the code 404 Media10 at checkout.

YubiKeys are manufactured by YubiCo, a company with headquarters and manufacturing centers in Sweden and the United States.

Hello and welcome to the 404 Media Podcast, where we bring you unparalleled access to hidden worlds, both online and IRL.

404 Media is a journalist-founded company and needs your support.

To subscribe, go to 404media.co.

As well as bonus content every single week, subscribers also get access to additional episodes where we respond to their best comments.

Gain access to that content at 404media.co.

I'm your host, Joseph, and with me are the 404 Media co-founders, Sam Cole,

Emmanuel Mayberg, hello, and Jason Kebler.

It's sad to do this virtually.

Yes, because of course, last week we had our second anniversary party in New York where we, well, drank

and then also recorded a live podcast.

I can't even remember what we spoke about.

I think it was mostly QA.

But yeah, it is

way easier to do it in person than it is virtually because there's ever so slightly a delay whenever you do it like this.

Jason, what did we talk about in New York?

It was questions, mostly.

We answered questions.

It was, we put questions in a jar or people wrote questions in a jar and we pulled them out and we read them and it was really fun.

Went really well.

It will be out on the feed in two days.

So you can listen to it if you weren't there.

Yeah, sounds good.

Sam, what did you make of the party as the person who, thank God, organized the vast, vast majority of it?

I had a blast.

Yeah, I think listen to the podcast when it comes out on the feed.

If you were not able to get into the room, because the room itself was so full that people got pushed out of it entirely.

But yeah, it was a really good time.

It was great to see everybody.

So cool to hear so many people listen to the podcast.

I always am really excited to hear that.

So thank you.

And hello again.

First ever tech blog podcast, Mosh Pit.

True.

Jason crowdsurfed a little bit.

Yeah, it was good.

All I can remember is the question about what statue you would be or something.

And I'm not going to spoil the answer, but that's the only one I can remember because I answered it.

And then Sam immediately took the piss out of my answer.

You and Emmanuel both.

I want to change my answer, though, to the Carlos Atticus laptop statue that just got revealed.

He's holding a laptop as a saint.

It's a statue that's dedicated to him.

Beautiful.

So that's my new answer.

All right.

Well,

you'll see the episode on your feeds soon, and you can listen to the whole, uh, the whole podcast and the whole event then.

As for this week,

Emmanuel, do you want to introduce this first story?

Yeah,

I'm taking over.

The first story is from Joe.

The headline is, Inside the Underground Trade of Flipper Zero Tech to Break Into Cars.

A lot going on there.

Let's get into it.

The story starts.

with a description of a video you saw.

Tell me about this

Yeah.

So it's first person perspective, as in clearly this person is holding a mobile phone, I believe in their left hand, and then this small white and orange gadget in their right.

And it has a little screen.

It has a few buttons, like a D-pad and I think some other stuff on the side.

It has some sort of

short antenna.

sticking off as well.

And this person walks up to a nearby car.

just looks like some sort of normal sedan vehicle, tries to open the door, and it's locked.

They then push some buttons on this little gadget, try to open the car door again, and lo and behold, it now opens.

Of course, this is a demonstration of the tech that we're talking about here.

And you may think, well, we've seen car unlocking tech before.

What's new about that?

And that's totally right.

And we will get into that.

But it's really about the specific attack involved here, the gadget itself, which we'll definitely talk about, and sort of the proliferation or distribution of this tool, which is, if it falls into the wrong hands, it really is threatening to sort of supercharge car thefts.

around the US, which I don't like to do a prediction.

And like, I really tried not to.

It was more the people I spoke to who were predicting predicting that would happen.

Um, but the writing's on the wall, yeah.

So, let's talk about the gadget.

What is he holding in his hand?

What is this Flipper Zero?

So, the Flipper Zero is a pretty well-known or maybe infamous piece of hacking gear now.

It came out a few years ago, started on Kickstarter, raised about 5 million, something like that.

And the attraction was that it's basically a Swiss army knife for hackers.

So, you can imagine physical penetration testers.

These are people who, well, we need to check the physical security of a data center, let's say.

So, we have to keep people out and make sure they can't put USB keys in here and plant malware in the data center, whatever.

Or corporations as well, banks,

all sorts of stuff

require physical security and digital security at the same time.

A lot of that involves cloning keycards like RFID keycards or playing around with NFC, that protocol as well.

And what you used to have to do was buy all of these different hacking tools.

Like I've had ones which can clone keycards, that sort of thing.

But the Flipper Zero was bringing all of those into this one thing you could just carry in your pockets.

You could do those sorts of attacks.

You could also do Wi-Fi

de-authentication attacks, which, if anyone has been to, especially DEF CON or maybe CCC in Germany, you've probably seen this where you keep getting kicked off the Wi-Fi or you can't connect to the Wi-Fi because some person is messing around and performing a Wi-Fi attack.

This gadget can do that as well.

So it can do basically, well, not everything, but a lot of the things a legitimate security researcher or penetration tester would want to do if they're on a deployment.

So it launched it on Kickstarter, raised all this money.

And now, I mean, it is in mass production.

You can go to the FlipperZero website website and you order one of these gadgets.

I think for a couple of hundred bucks, you get it in the mail.

And it's also been demonized over the past few years because it does crop up into the news every so often, sometimes legitimately, sometimes in a way that, well, it didn't really deserve to be pulled into it, into whatever story.

But here,

this story really is about the FlipperZero because it is so accessible.

It is demonized, but can we just spend like a second talking about

FlipperZero's own branding and image?

Like, it is fairly like a feel-good, positive.

Uh, I don't know if you would call it white hat.

We covered it a lot because I think it launched when we were in Motherboard and would come up in like these kind of fun blogs that people were doing like fairly innocent, cool things with it.

Is it fair to say that like their own image that they put out there is fairly, I don't know, pausey?

Yeah, absolutely.

And I think they're very, very smart to do that.

The mascot is like this cute dolphin, right?

Yeah, I'm looking at it right now.

And on the, because on the device itself, it has this little screen and you can see the dolphin and it almost talks to you.

It looks like a Tamagotchi, like a pretty high-res Tamagotchi in a way.

The marketing is cutesy, it's fun.

It's experimental.

It's playful.

And that all makes sense because the Flipper Zero and the community around it can be all of those things, often is all of those things, often is playful, it is about experimenting, and that is the hacker ethos at the end of the day, right, for a hell of a lot of people.

It's that, hey, we just want to figure out how stuff works, we want to have fun, but we also want to keep stuff secure, and that's why it's a legitimate security tool.

They

probably, it would probably be a very bad idea if they had dark,

grisly,

hacker hoodie marketing, which ironically, some of the custom software we'll talk about in a bit actually does have that marketing as well.

But yeah, it's a legitimate security tool, but a dual-use security tool.

So what's different about this implementation of Flipper Zero?

It's the software, right?

Yeah, the software and the firmware as well.

Firmware just being, you know, basically a piece of software that acts

a little bit lower down in the stack of applications, operating system, blah, blah, blah, all of all of that sort of thing.

So the Flipper Zero is powerful,

as I laid out.

It can do all of these sorts of attacks.

But some people want it to be able to do more.

They want to really screw around with people.

So some have made their own custom firmware for the Flipper Zero.

And one I looked at it in particular was called Unleashed.

And this just allows, you know, like more.

types of attacks and RFID attacks and all of that sort of thing.

So people,

because you can basically fully customize the Flipper Zero, and that is part of the appeal, people have made their more,

much more powerful firmware.

And then you can get more patches on top of that as well to do very specific things, I'd say.

So how does this specific attack work?

And how does it compare to some of the other high-tech

carjacking or not carjacking, car stealing methods that we've seen in the past couple of years?

Yeah, so as well as the custom firmware, people are making these.

I mean, I call them patches in the article.

I guess you could call it software, you could call it tweaks, you know,

scripts.

It doesn't super matter.

But when you have this custom firmware, you then

make and install and use these custom patches.

And what I was shown is that there are a bunch of them going around which are specifically to unlock

and interact with particular vehicles.

So, you know, I was sent one for the Kia, I was sent one for the Suzuki.

And to step back a little bit,

car theft is obviously a problem.

On the lower end of the spectrum, you have people like the Kia boys, which maybe we'll go into more detail later, but there's this phenomenon.

It's on TikTok.

People steal cars.

They drive them around Milwaukee, I think, primarily, just that's where the phenomenon started.

And they will smash a window go in steal the vehicle because there's very poor security inside the vehicle itself okay halfway in between maybe over halfway you have people using techie gadgets to break into cars and then in the same sort of area or a little bit further i think you have people starting to use these flipper zeros so usually if you're a tech focused car thief, you'll do something called a relay attack, which is, let's say you want to steal a very nice looking car that sat on a driveway, but the key fob and the owner is in their house.

Well,

you use a couple of devices to basically extend the range of that key fob that sat in a fruit bowl on their kitchen counter or something, which usually can't reach the car.

But now you're using these couple of devices to relay that signal over to the car.

You activate it.

You can get in the car and drive away.

And this has been a huge problem in the UK.

UK police will upload photos of this happening,

caught on ring cameras or CCTV.

In the US, it's done as well.

I imagine Europe, but I can't remember off the top of my head if I've seen a case from Europe.

But that's what usually happens.

And in response, or perhaps in parallel, a lot of car manufacturers introduced something else called rolling codes, which is, well, even if someone gets the signal and tries to use it to open the car or whatever, We're going to change the code every single time.

So they can't just, you know, relay the signal, they get into the car or whatever.

It's supposed to be a protection for that.

This is very similar to how tickets work now.

Like when we're talking about

barcodes to get into concerts, it used to be that there was just one barcode, and then both Ticketmaster and AXS went into something where the barcode refreshes every 10 seconds.

Right.

And I feel like it's a very similar technology, possibly.

We don't need to get into it, but it's very similar because like people figured out how to crack that.

And then basically they were like, oh, we need to like change this constantly.

Yes.

So yes, because you bring that up that they did crack it because that's exactly what's happened with cars as well.

In that the people I spoke to, a couple of hackers, they say they've been able to essentially reverse engineer.

how those rolling codes work by a lot of development, a lot of reverse engineering, and apparently buying source code related to particular vehicles as well.

And what the Flipper Zero custom patches are able to do is basically figure out what the next code is going to be.

So they push that and it's like, oh, even though the code has changed, this device knows what it is in advance.

And that's sort of what makes this different to previous attacks, Emmanuel, to finally answer your question after several minutes of me going down that rabbit hole.

Yeah, I don't know if you know, but shouldn't the rolling code problem you just described be solved by now?

Like, isn't there like common forms of encryption and like randomly generating numbers that should

not allow them to like reverse engineer what the next code is?

Like, are they using really old software to do this?

You would think that.

And I often think that sort of car manufacturer security is similar almost to like industrial control systems or airplanes sometimes, where they just use these very antiquated ways of going about things.

And the actual patches I was sent, again, the Kia and the Suzuki, which are not luxury vehicles, obviously.

I've spoken to people who've sold tech to break into luxury vehicles specifically.

But if you go through those scripts and other screenshots

I was sent, it actually shows there was no encryption on those.

So, of course, it varies from car model to car brand to

manufacture or whatever.

But the hackers who go by Daniel and Darrow, they have this PDF, which is a couple of pages, but it has like 200 different models of vehicle and maybe

a dozen or so brands overall.

You know, not just the Kia's and the Suzuki, but I think there's Ford on there, Fiat as well.

I'm bringing up now Skoda, Citroen, Peugeot, Mitsubishi, Honda is in development.

So

whereas the Kia Boys, we're obviously targeting Kia's, and I think Hyundai is as well, because the security was crap, this seems to be a potentially bigger issue because it's unlocking all of these other cars,

which have presumably better security.

One of your sources mentioned the Kia Boys as well.

Why is that?

So

My

source, one of the people I spoke to who's sort of in this community, and they were the one that was actually reverse engineering some of these patches.

They mentioned the Kia Boys because they think that eventually they will become Flipper Boys.

Again, Kia Boys, they break into Kiers and Hyundai's, Rero, low-tech.

For a long time, you've been able to get phone unlock, sorry, not phone unlocking, car unlocking.

technology, but it's been pretty expensive.

You try to go buy one of these online.

And if you don't get scammed, which I think could be a big thing, it's going to cost you potentially thousands of Euros or dollars to buy a device like this, like a code grabber or a relay attack tool or something like that.

What the Flipper Zero

potentially could do here is that, well, it's just 200 bucks.

So somebody

with not as much money to spend, but who still wants to mess around with cars, like the Kia Boys, could potentially get a Flipper Zero and mess around with it that way.

And I should just say that

Straight Arrow News covered this particular attack before.

They tested it out and they verified it worked on a vehicle, which is very interesting.

And that made my job a little bit easier with this article.

But this was focused much more on the trade, which is that you go to Daniel or Derrow, the two hackers who are selling this tech, one for Flipper Zero, one for a Raspberry Pi, and you have to pay them

between $600 and $1,000.

So still an investment, you know.

People I spoke to, that software is leaking out.

They're reverse engineering it so you don't have to pay the money anymore.

And there's this looming threat.

Well, maybe it's going to leak.

And it was sent to me.

So, clearly, it is leaking.

I'm not going to post it online so then everybody can just unlock cars.

That would be an insane thing for a journalist to do.

But I wouldn't be surprised if this trickles out very, very soon.

And that

is why it could apply to communities like the Kearboys, for example.

Because they might get hold of it eventually.

Yeah, it's like,

in case it wasn't clear, at the moment, this software is fairly exclusive, both in the price and just like who has access to it.

But it's software, it is not hard to imagine that it leaks and becomes more widespread.

Finally, you mentioned that Flipper Zero, for good reason, I think,

is, let's say,

aggressive in

explaining what its technology does and defending its brand.

So I'm not super surprised about their reaction to the article, but I thought the article was very clear and very fair about what the FlipperZero's role in it is.

And yet they had like a pretty wild response to the article.

You want to talk about that?

Yeah.

So initially, when I'm reporting and writing the article, I asked FlipperZero for comment.

I actually explained to them in my email saying, because I wanted to make it clear to them, I'm not a random journalist covering this, I've been covering hacking and cybersecurity for like 10 years.

And I said, I understand that this tool, this is not what the FlipperZero is designed for.

It's for legitimate security researchers.

I already know all of that context.

So basically, as a wink-wink to them, you don't need to patronize me by telling me that sort of thing.

They then gave a very, very thoughtful statement, which reiterated, yes, it's a dual-use technology.

It's used by security researchers.

But they very rightfully said that this is much more about the car manufacturers and their poor security.

And I totally agree with that.

We publish a story, a few outlets aggregate it, you know, Gizmodo and that sort of thing, the sort of other sort of technology websites that would cover a sort of car hacking thing.

And then FlippaZero comes out

with a pretty,

well, I mean, you said as expected, I guess I'll say unusual blog post.

And they

have the headline, can FlipperZero really steal your car?

Spoiler, no, it can't.

And then they do like a mocking tweet.

The media is talking about how FlipperZero is on the dark web can break into your, like really sarcastic.

And over the years, there's an image of their, you know, mascot dolphin pulling a hacker and a guy fox mask out of the garbage.

And I was like, is that Joe?

Is that Joe in the

supposed to be in an image?

But no, no, I guess it's like the hacker.

And there's people in cars around it looking angry.

Yeah.

But then, yeah, so there's the sarcasm and like the defensiveness, which is okay.

I don't know.

I thought the article was pretty fair.

I thought your statement was great.

And then they go through some technical stuff, which

they say it relates to certain vulnerabilities, but my understanding is that it relates to actually to a different with it relates to the rolling codes, and they don't seem to fully understand it relates to rolling codes, essentially, without getting too technical.

So I don't know.

It seems very defensive about it.

And I can, again, I kind of get why, like, the Canadian government tried to ban the Flipper Zeros before.

Like, they've had to deal with some ray-road crazy stuff.

But hey, this is a legitimate concern now because criminal hackers are making this for the Flipper Zero.

And I'm afraid that's just a fact.

Yeah, I wanted to talk about this because I don't know.

I just think about this stuff a lot.

Like, I really, really think about how our work is perceived and also like how we are in this mess, this mess being like a total collapse of trust in the media and that sort of thing.

And it's stuff like this.

It's like, this is a really bad blog post by them.

It's very damaging

because

they're a very popular product, as we've just discussed.

And there are a lot of people who have no idea how journalism works.

They have no idea how like the information ecosystem works, et cetera.

And this blog post is very much like in the vein of fake news this has nothing to do with us this is totally wrong uh and that like you multiply that across like the entire

like every politician's been doing this for many years lots of um

lots of companies have been doing this for years like anytime that there's any sort of like negative coverage of anything

there the sort of gut reaction is like

this isn't our fault This is like journalists sensationalizing something.

And it's like, this was a very thoughtful article that was very clear about the issue.

It's a very serious issue.

And it's like, I think Flipper Zero is very cool.

Like, I have long thought that this is a very cool company.

I've long thought that this is like a very cool device that's being used for like really interesting security research.

I still believe that, but it is like really disappointing to see a response like this because

the response is one that is like,

it's just not in good faith.

It's like not, it's not a good response.

And it's very disappointing.

Like, I think it's fucked up.

And I don't know, like, maybe I'll see Flipper Zero representative at some hacking conference at some point.

And they'll be like, why did you say something mean on the podcast?

But it's like, this is super damaging.

Like, it's really damaging to trust in journalism, to trust in

this sort of thing.

And I understand that there are politicians who like blow stuff out of proportion and that are trying to ban them and that like they really want to make sure that their product is seen as

something that is like a force of good and a force of research and a force of like STEM tools and teaching kids about stuff like this.

And it's like, yes, these car manufacturers

used bad security for their their key fobs like a long time ago.

But this is like a a factual article that describes something that is happening.

You can't just like stick your fingers in your ears and close your eyes and be like, blah, la, la, this is old.

This is not happening because it is happening.

It's a really disappointing response.

Yeah, I agree.

Especially, as you say, they are a legitimate actor in this space and they do really good stuff.

Then to have a response that isn't as good faith kind of just undermines it all.

Before we move on,

to tease it somewhat, our next story is about nostalgia.

And when I think about the Flipper Zero, I always think about this Casio watch that I just posted in Slack.

Did you guys

have this?

Did you have a naughty kid at school that ever used one of these?

The calculator watch?

The calculator watch?

No, not the calculator.

It's like it can copy the whatever, the RF signal of a remote.

Oh, it's the TV remote watch.

Yeah.

So there was always a kid in class who could like turn off the TV if we were watching something or like turn off the air conditioner.

I always, it's kind of like always reminds me of the Flipper Zero.

It's a Proto Flipper Zero.

Yeah, definitely the same sort of vibe.

We should all get these and just wear them.

They're cool.

Well, since you teased the article, Emmanuel, I'll just take you to the next one.

When we do come back, it is about nostalgia, specifically the 80s, and of course, AI Slop.

We'll be right back after this.

how many SaaS applications are being used at your company right now?

If you can't keep count, you're not alone.

Treleka by OnePassword helps you discover and secure access to all your SaaS apps, even unmanaged shadow IT.

I've been using OnePassword products for years and have been thrilled with how easy they've brought better security into my life.

Treleka by OnePassword inventories every app in use at your company.

Then, pre-populated app profiles assess SaaS risks, letting you manage access, optimize spend, and enforce security best practices across every app your employees use.

Manage shadow IT, securely onboard and off-board employees, and meet compliance goals.

TreleCa by OnePassword provides a complete solution for SaaS access governance, and it's just one of the ways that extended access management helps teams strengthen compliance and security.

I switched to OnePassword about a a year ago, which I've been putting off for a while because I thought migrating would be a pain.

I couldn't believe how easy it was to switch and how quickly I become used to using OnePassword in all my browsers, apps, and devices.

It's made my life so much easier.

OnePassword's award-winning password manager is trusted by millions of users and over 150,000 businesses, from IBM to Slack.

And now they're securing more than just passwords with OnePassword extended access management.

Plus, OnePassword is ISO 27001 certified with regular third-party audits and the industry's largest bug bounty.

OnePassword exceeds the standards set by various authorities and is a leader in security.

Take the first step to better security for your team by securing credentials and protecting every application, even unmanaged shadow IT.

Learn more at one password.com/slash 404.

That's one password.com/slash 404, all lowercase.

In cybersecurity, speed is everything.

Breaches often start with a single exposure, an open cloud bucket, a forgotten subdomain, an API spun up without your knowledge.

And the real question is, who finds it first?

You or an attacker?

Enter Intruder, the exposure management platform built to keep lean engineering and security teams ahead of breaches and a fast-moving threat landscape.

By unifying vulnerability management, attack surface discovery, and cloud security.

Intruder protects your entire infrastructure, from endpoints and edge networks to web apps and APIs, finding exposures beyond CVEs, including over a thousand attack surface issues other platforms miss.

And it's always on, so you don't have to lose sleep wondering if you're exposed.

When a new critical vulnerability drops, Intruder checks your systems within hours.

It also keeps constant watch on your network so you know the instant a port opens or a new service goes online.

The platform also runs daily scans to catch misconfigurations in cloud accounts before they become a problem.

Intruder puts an end to alert fatigue.

It prioritizes what's most urgent using exploit likelihood and real-world threat intelligence with easy-to-follow remediation advice for fixing issues fast.

Your embedded AI security analyst, Greg, saves you time at all stages of your security workflows, whether you need instant remediation help or to validate false positives.

Stop breaches before they start with Intruder.

Plans start at just $99 per month.

Start your free trial and get get 20% off your first three months at intruder.io/slash 404 media.

That's intruder.io/slash 404 media.

All right, and we are back.

This is one that Jason wrote, and I believe with Matthew Golt as well.

Yes, I opened the link to check that.

The headline is 80s nostalgia AI slop is boomifying the masses for a past that never existed.

So

Jason, Stranger Things ass videos, AI videos.

Right.

What is the latest AI slop then?

What is this meta that we're seeing now?

It's interesting because these are not new.

Like people have been making these for a few years.

It's just that they've caught on recently because, I don't know,

they've hit the algo in a certain way.

But basically it's like, imagine you're watching Stranger Things or The Goonies or something like this.

It's like very

prototypical like 80s TV show slash movie, like teen, teen

after school special vibes.

And so they start basically with like, have you heard what's going on in 2025?

Like they have, they're always scrolling through their phones and they have this thing called Instagram and it makes people upset and they're like wouldn't you love to go back to 1985 you know where we drink Coca-Cola and have a nice time out of glass bottles and

I don't know it's just like it's nostalgia porn it's like you can imagine it maybe we'll play a little clip here you made it back how's 2025 I heard no one talks face-to-face anymore and everything's lived through something called social media.

I heard people don't even know their neighbors anymore.

They don't knock on doors.

They just talk through something called Instagram.

What the hell is Instagram?

Heard in the future.

No one even goes outside anymore.

Everyone just stares at screens all day.

But these are going wildly viral.

And

they're just like really annoying and really upsetting.

And

they're a type of AI slot that is super just like...

It seems innocuous on its face, but

it is something where it like imagines this false past that didn't actually exist.

I was born in the 80s, but I don't remember them because I was born at the end of the 80s.

But as I understand, like the 80s sucked ass.

It's like mortgage rates were like 1 million percent.

Unemployment was like 25%.

You know,

there was various, it was not like a good time.

There's all sorts of like, it was also,

as many periods in American history are was like not the most progressive of eras for like cultural things

it was the era of reagan it just like was not like a good time but like these ai slob videos sanitize all of that and they just remind you like don't you want to live in a in the goonies and back to the future and things like that and

They're not like hiding that they're AI in any way, shape, or form.

So these are not like, I don't think that they're tricking people.

I think that people understand that this is

well, you know, I think that people understand, like, oh, this is like a fantasy type vibe.

But it's like, I think I describe it as like astral projecting to just like a shitty

past that never existed.

And it's, it's kind of like emblematic of the type of AI slot that we're starting to see go viral, where it's like not intended to trick people, but it's just like allowing people to live in a fantasy world that lets them kind of like ignore the all of the decisions that have led to

the

current situation that we're in.

And then also it's like

we laugh, we laugh and we laugh and we laugh and we laugh at Mark Zuckerberg's shitty Horizon Worlds metaverse that no one uses and that no one goes into and where people don't really have good legs and where they spent billions and billions of dollars.

And it's like, yes, like, let's laugh at that.

It's very stupid.

But like, what we're seeing is that

you don't need the headset and you don't need the metaverse to allow people to transport themselves into this like nostalgia reality that's very similar to the stupid, not very good book, Ready Player One, even worse film, I feel.

That's just like full of references.

It's just like, here's, here's like a reference to a bunch of old shit.

And it's like 1 million views.

Like, you know, it's not cool.

I don't like it.

So so let me read out this quote and then sam let me throw to you because i feel like you were one of the first ones out of us to to see these but the the quote is uh from the article that jason and and matthew wrote these videos like a lot of ai slop do not try to hide that they are ai generated and show that there is unfortunately a market for people endlessly scrolling social media looking to astral project themselves into a hallucinatory past that never existed.

This is Mark Zuckerberg's fucked up metaverse, living here, and now on Mark Zuckerberg's AI slop app.

I know you touched on that.

I think you just put it very, very well.

Sam, how did you first see these?

And what was your reaction to them?

I mean, I think I saw them like everybody else did, which was like in my algorithm.

And I didn't really think much of it when I first saw it.

I was like, oh, that's more

bait, basically.

It's just like engagement bait from AI slop creators, which Jason has covered quite a bit of.

There's like a bunch of other versions too.

There's like a 90s one that I've seen.

There's several versions of the 80s ones.

There's, wasn't there like a 2003 one, which I think is super funny?

Cause like I do recall 2003

and it wasn't that cute.

But were they showing?

They were like the game, we're playing Game Boy sitting in the living room and the movies are on in the background of the TV.

It's just

playing a Game Boy in 2020.

Dude, they're starting to do them.

They're starting to make them for the pandemic.

They're making, they're like, remember 2020 when you logged on with your boys to Warzone and it's like, hell yeah.

Animal crossing time.

And like, Joe's.

Remember yesterday?

Yeah.

Yeah.

Remember yesterday when things were so simple?

Yes, actually.

Yeah.

I mean, yeah, let alone the 80s being like, the height of the A's epidemic.

Let's ignore that, I guess.

And also like Challenger and Chernobyl happened.

Like, the 80s were, uh, I don't know.

I know what my parents were up to in the 80s, and it wasn't like sipping soda pop at the sock hop.

Like,

it was not wholesome.

Um, have any of you seen heavy metal parking lot?

No, I have.

That's what I thought when I saw the videos.

Like, that is the genre that it's trying to AI generate.

What is that?

Heavy metal parking lot is, I believe they're outside of a Pantera show, possibly, at uh, RFK, or no,

I think it's RFK Stadium, or it's like the Capitol Center in Maryland.

And literally, it's just a documentary.

It's basically like they're making TikToks, but in 1980.

There's that one.

There was like high school in the 90s, and there's like

7-Eleven in the 80s.

They're all the same genre.

Yeah.

They're just talking to drunk people in a parking lot before a metal show.

And everyone's like, has mullets and is wearing like jean jackets and going like, woo,

like a lot.

It's very good watch, but that's it's this.

Uh, that as Emmanuel just said, it's this is it.

This is it.

I'm gonna, I'm gonna attempt to

give a voice to Matthew Galt, who co-wrote this piece because I talk to him about this all the time.

And

I feel like this is his perspective, and it's one that I agree with.

And that is that

part of what is alarming about the virality of these is that

they are not clearly

right-wing coded, but nostalgia is inherently a

regressive

desire that we express because it is literally about looking to the past and saying

things used to be better rather than looking forward and accepting change and trying to make that change better right it's like

and again i don't think this is embedded clearly in the videos but like make america great again is a nostalgic movement and statement and i think that is always what is kind of toxic about this looking back and romanticizing the past well at the same time that these are going viral or rather these are going viral now on tick tock or whatever these ai generated ones.

Uh, I don't know, over the last couple months, if you care to log on to Twitter/slash X, you'll have some right-wing grifter account post a video being like, Remember what they took away from you.

They being, I don't know, the left or black people or something.

I'm not entirely sure who they're rating.

Immigrants, there's a lot, there's a lot of that now, like straight up, straight up, where they're like, look at the, here's a chart of like immigration and here's a chart of like something else and like crime or something.

And they'll be like, look, look at this.

So they have that.

And then they've been making videos like this, which

I can't remember if they're AI generated or not, but it will just be a white blonde woman sat on a car drinking some soda or something like that.

And there's obviously a connection between.

those coming from right-wing grifters and then people making this AI slop which is going viral, which just brings me to another question, Jason.

Do we know who's making this AI slop?

Because you've looked a lot into who makes this and often it's,

you know, young men in India who are doing it to make money in game metas platforms.

Do we know who's making this yet or not?

Well, so that's what I was going to say.

It's like the people who are consuming it are not boomers.

They're like gen, like we make fun of boomers for like getting tricked by AI or whatever.

And it's like, this is Gen X, elder millennials.

And they're like, remember when we used to play outside and know our neighbors and stuff?

And it's like the people who are consuming this could easily get to know their neighbors.

They could become like a force for good in the community.

They could talk to each other and like have a nice time.

But instead, they're like many people are like posting on next door about how like the kids are being too loud and they're calling into their city council meetings and they're like making it harder for like.

people to play pickleball at the at the uh park or whatever.

So there's that.

But then there's the fact that the people who are making this are, one, we don't know everyone who's making it, but I found one account that had, I think, 800,000 followers on Instagram and it does only this.

And it is a guy, it is a digital nomad who's in his 20s who lives in Bali.

And his entire thing is, I'm trying to become a billionaire.

It's like, these people don't give a shit.

Of course they don't give a shit.

I'm on all of these Discords where this stuff is made and people are like, this is popular now.

Here's how you make it.

Here's how you script it.

Like, people are eating it up.

Let's make it and let's put it out there.

It's like, there's not even,

it's just so cynical.

It's so, it's without any sort of like political,

it has a political undertone to it, but like the people who are making it are making it because it performs and because they saw one thing that performed, and they're like, I'm going to make 40,000 of these now.

Um, well, for those, for those who may be new to the AI slot phenomenon, I'm sure people have seen it.

And we've obviously spoken about it on the pod before, but quite a long time ago at this point.

Just could you explain that dynamic a little bit more in that there's a meta, almost like a video game, where, oh, this is the thing that's really strong on the algorithm now.

What are just some other examples of what's been in the meta before?

I mean, while Jesus is always in there, like

religious content is a very reliable choice.

Another thing that's done that doesn't necessarily require AI, but that is like a strategy used is clipping like popular podcasters.

So just taking like Joe Rogan clips and posting them on your own account.

There has been

a lot of like Reddit ask me anything type things.

So they'll people will like

just take content from Reddit and put like video game footage behind it.

And then have an AI voice read it and it will be like, am I the asshole type content?

have seen a lot of just like really bizarre uh like horror stuff

like grotesque things

um

it grabs like monsters jump scares like things like that that are ai generated there's a lot of like you know spongebob content a lot of mickey mouse content a lot of uh like we we've talked about it before but a lot of like uh basketball players like lebron james steph curry ai generated and put in like weird situations And like this is just sort of the latest one.

And, you know,

a lot of times it's like

it's someone who has a lot of accounts and posts a lot of stuff and they see which performs and then they make more of it.

And then when other people in this space see that stuff performing well, they hop on that same bandwagon and then the platform gets flooded with just like tons and tons of either images or videos that are very similar.

And at some point, there's diminishing returns because something else becomes popular.

And so

they pivot off of it to the next thing.

So it's, you know, meta just basically means like this is the strategy of the moment, and we'll pivot off of it when things don't work.

And the way that they make money is if you go viral, you often get like a fraction of ad revenue if you're on YouTube.

or you get paid out through these like bonus programs on TikTok and on Instagram, where it's like, it's basically the same thing.

It is a portion of ad revenue, but they don't call it that.

But you basically get paid by view and by engagement, and it can add up to very real money.

Yeah.

I guess we're going to see what the next meta is going to be.

I'm not going to make any predictions.

Who knows at this point?

We'll leave that there.

But if you're listening to

the free version of the podcast, I'll now play us out.

But if you are a 404 media subscriber, a paying one that is, we're going to talk about how Citizen, the crime awareness app, is pushing alerts written by AI basically with no human oversight, which is not good.

You can subscribe and gain access to that content at 404media.co.

As a reminder, 404 Media is journalist-founded and supported by subscribers.

If you do wish to subscribe to 404 Media and directly support our work, please go to 404media.co.

You'll get unlimited access to our articles and an ad-free version of this podcast.

You'll also get to listen to the subscribers only section where we talk about a bonus story each week.

This podcast is made in partnership with Kaleidoscope.

Another way to support us is by leaving a five-star rating and review for the podcast.

That stuff really does help us out.

This has been 404 Media.

We'll see you again next week.