Hexbyte  Tech News  Wired Game of Thrones Marketing Is Out for Blood—Mine

Hexbyte Tech News Wired Game of Thrones Marketing Is Out for Blood—Mine

Hexbyte Tech News Wired

Hexbyte  Tech News  Wired

This year’s South By Southwest features a Game of Thrones-themed blood drive.

Ismael Quintanilla/Getty Images

On the first Friday of SXSW, a warm, sunny afternoon in Austin, I walked up to a large hangar across from a half-built luxury condo. A line snaked down the block, all hopeful visitors to one of the festival’s many “experientials.” This one was meant to gin up excitement for Game of Thrones final season premiere, on April 14.

As a devoted watcher of the show, I couldn’t resist the invitation to the “immersive activation.” Especially because it had a novel twist that felt like catnip for the press: At the event, put on by HBO and the American Red Cross, guests could donate blood and then “walk in the steps of the characters who bled and relive their sacrifices as part of the experience.”

I recently rewatched the series in anticipation of the show’s final season, and I was reminded just how graphic the show really is. Streaming seven seasons straight into my cerebrum, what with all the throat-slitting and gut-stabbing, seriously affected me. I began to actively fear disembowelment.

Which is why I was so curious what it meant to “walk in the steps of the characters who bled and relive their sacrifices.” Could this be a version of immersive therapy that might drive my increasingly paranoid thoughts out of my head?

When I walked into the event, I signed a quick waiver and ultimately demurred on donating blood. I hadn’t eaten much that day, and it felt particularly dicey given my increased activity level and decreased energy consumption.

The scene was dark. Literally. The lights inside were dim, but a well-placed beam cast its glow down upon the Iron Throne. Flanking the stately chair was a grand 24-person choral ensemble performing an original 27-minute composition. Kingsguard soldiers stood sentry. A constant mist of smoke sat at eye level. A “red witch” glided between pews. It was quite the tableau.

A set of stairs led outside, where guests were immediately greeted (confronted?) by three arakh-wiedling Dothraki soldiers and a horse. They gamely posed for photos, acting as genteel as a bloodrider ever could. Wildlings milled around, mixing with Westerosi and other townspeople.

A slightly intimidating woman noticed me scribbling in my notebook. “Are you a scribe?” she asked. I responded in the affirmative. She noted that I must be wise; while I felt briefly flattered, I assured her I was not. She asked me my name, and offered her own. A healer named Rian. Not in need of healing (just yet), I excused myself to watch a sparring session between two swordsman, a stage conveniently set up next to the blacksmith tent, where a few tradesmen talked idly. One was a very good Gendry lookalike. I continued through the grounds, where I was approached by a wildling doing a pretty spot-on impression of Ygritte.

“Do you fight?” she asked.

I wasn’t sure if it was a provocation or information gathering. She had no knife or arrows. I figured I was safe from imminent death, though I looked around for Rian, in case of emergency.

“No,” I admitted. “I’ll leave that to the professionals.”

“But how will you survive against the wights?” she asked.

I thought about it, realizing I had no good answer but the truth: “I guess I’ll just die.”

“Then I guess I’ll just have to kill you twice.”

For a moment, I was stunned by the profundity of her response. Until I remembered that wildlings aren’t particularly metaphorical, and she simply meant that once killed, I would be reanimated into the army of the dead and she’d have to stab me with dragonstone or Valyrian steel to put me down for good.

As I stood around, lamenting my inability to fight and stewing in the heavy thought that I would most assuredly last about 10 minutes after landing in Westeros, a different wildling began shouting and scrapping with an armor-clad Westerosi. “Are you prepared to fight for us?” the wildling growled. “Do you stand with the living?” Another Westerosi broke it up, as a bunch of slack-jawed spectators like myself looked on, wondering just how real the experience would get.

The organizers clearly spared little expenses. They employed more than 80 actors and musicians, who drew from more than 100 pages of script and character backstories. There were original costumes and authentic props from the show. The event even had free food from Shake Shack and fancy juices with names like Thornless Rose.

It would be easy to decry this as late capitalism at its finest, but given the many “activations” and “popups” happening all over SXSW, this one was, as the saying goes, for a good cause. The campaign was on track to collect more than 15,000 pints of blood that first day.

Did it eradicate my fear of disembowelment? Well, it’s a strange irony: I spent some time in “Westeros” without having spilled a drop of blood. I left feeling somewhat guilty—and Googling where I could later donate a pint.

More Great WIRED Stories

Read More

Hexbyte  Hacker News  Computers Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records

Hexbyte Hacker News Computers Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records

Hexbyte Hacker News Computers

You’ve probably never heard of the marketing and data aggregation firm Exactis. But it may well have heard of you. And now there’s also a good chance that whatever information the company has about you, it recently leaked onto the public internet, available to any hacker who simply knew where to look.

Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses. While the precise number of individuals included in the data isn’t clear—and the leak doesn’t seem to contain credit card information or Social Security numbers—it does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person’s children.

“It seems like this is a database with pretty much every US citizen in it,” says Troia, who is the founder of his own New York-based security company, Night Lion Security. Troia notes that almost every person he’s searched for in the database, he’s found. And when WIRED asked him to find records for a list of 10 specific people in the database, he very quickly found six of them. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen,” he says.

In the Open

While it’s far from clear if any criminal or malicious hackers have accessed the database, Troia says it would have been easy enough for them to find. Troia himself spotted the database while using the search tool Shodan, which allows researchers to scan for all manner of internet-connected devices. He says he’d been curious about the security of ElasticSearch, a popular type of database that’s designed to be easily queried over the internet using just the command line. So he simply used Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses. That returned about 7,000 results. As Troia combed through them, he quickly found the Exactis database, unprotected by any firewall.

“I’m not the first person to think of scraping ElasticSearch servers,” he says. “I’d be surprised if someone else didn’t already have this.”

Troia contacted both Exactis and the FBI about his discovery last week, and he says the company has since protected the data so that it’s no longer accessible. Exactis did not respond to multiple calls and emails from WIRED asking for comment on its data leak.

Aside from the sheer breadth of the Exactis leak, it may be even more remarkable for its depth: Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel. WIRED independently analyzed a sample of the data Troia shared and confirmed its authenticity, though in some cases the information is outdated or inaccurate.

“I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”

Vinny Troia, Night Lion Security

While the lack of financial information or Social Security numbers means the database isn’t a straightforward tool for identity theft, the depth of personal info nonetheless could help scammers with other forms of social engineering, says Marc Rotenberg, executive director of the nonprofit Electronic Privacy Information Center. “The likelihood of financial fraud is not that great, but the possibility of impersonation or profiling is certainly there,” Rotenberg says. He notes that while some of the data is available in public records, much of it appears to be the sort of nonpublic information that data brokers aggregate from sources like magazine subscriptions, credit card transaction data sold by banks, and credit reports. “A lot of this information is now routinely gathered on American consumers,” Rotenberg adds.

Without confirmation from Exactis, the precise number of people affected by the data leak remains tough to count. Troia found two versions of Exactis’ database, one of which appears to have been newly added during the period he was observing its server. Both contained roughly 340 million records, split into about 230 million records on consumers and 110 million on business contacts. On its website, Exactis boasts that it possesses data on 218 million individuals, including 110 million US households, as well a total of 3.5 billion “consumer, business, and digital records.”

“Data is the fuel that powers Exactis,” the site reads. “Layer on hundreds of selects including demographic, geographic, lifestyle, interests, and behavioral data to target highly specific audiences with laser-like precision.”

A Database Dilemma

Massive leaks of user databases that are accidentally left accessible on the public internet have nearly reached epidemic status, affecting everything from health information to password caches stored by software firms. One particularly prolific researcher, security firm UpGuard’s Chris Vickery, has discovered those database leaks again and again, from 93 million Mexican citizens’ voter registration records to a list of 2.2 million “high-risk” people suspected of crime or terrorism, known as the World Check Risk Screening database.

But if the Exactis leak does in fact include 230 million people’s information, that would make it one of the largest in years, bigger even than 2017’s Equifax breach of 145.5 million people’s data, though smaller than the Yahoo hack that affected 3 billion accounts, revealed last October. (It’s worth emphasizing in the case of the Exactis leak, unlike in those earlier data breaches, the data wasn’t necessarily stolen by malicious hackers, only publicly exposed on the internet.) But like the Equifax breach, the vast majority of people included in the Exactis leak likely have no idea they’re in the database.

EPIC’s Marc Rotenberg argues that the timing of the breach, just after the implementation of Europe’s General Data Protection Regulation, highlights the persistent lack of regulation around privacy and data collection in the US. A GDPR-like law in the US, he notes, might not have prevented Exactis from collecting the data it later leaked, but it might have required the company to at least disclose to individuals what sort of data it collects about them and allow them to limit how that data is stored or used.

“If you have a profile on someone, that person should be able to see their profile and limit its use,” Rotenberg says. “It’s one thing to subscribe to a magazine. It’s another for a single company to have such a detailed profile of your entire life.”

More Great WIRED Stories

Read More