Rachel Tobac
@RachelTobac
Followers
106,978
Following
8,182
Media
1,825
Statuses
23,449
Hacker & CEO @SocialProofSec security awareness/social engineering training, videos, talks | 3X @DEFCON 🥈 | Chair @WISPorg | @CISAgov Technical Advisory Council
San Francisco, CA
Joined March 2015
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
billie
• 370872 Tweets
Diddy
• 321624 Tweets
Alito
• 317969 Tweets
Cassie
• 205635 Tweets
Flamengo
• 155439 Tweets
Gabigol
• 151827 Tweets
#النصر_الهلال
• 125844 Tweets
Scottie Scheffler
• 115784 Tweets
Corinthians
• 109180 Tweets
سلمان
• 82857 Tweets
कन्हैया कुमार
• 69830 Tweets
Fury
• 69632 Tweets
Barron
• 61017 Tweets
Shani Louk
• 44968 Tweets
رونالدو
• 28440 Tweets
Usyk
• 26102 Tweets
Sean Combs
• 24249 Tweets
للهلال
• 21562 Tweets
Kim Porter
• 19702 Tweets
ناصر
• 18501 Tweets
Paul Pelosi
• 12077 Tweets
كريستيانو
• 11142 Tweets
Pinned Tweet
*ANNOUNCEMENT*
Presenting: the trailer for our new 🎶MUSICAL🎶 & spoken Security Awareness Videos! After the infosec sea shanty, dozens of teams DM’d me saying "The song worked! MFA usage up, reporting way up, pls make more songs!" So we got to work & you all it's finally here!🤖
141
343
2K
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping
@yashar
on Twitter w/ PayPal and he did in fact get my address I tipped him.
507
20K
24K
Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over her passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name with a spoofing tool.
The hack took 5 minutes total for me to steal the info.
60 Minutes hired an ethical hacker to show how easy it is to be scammed. She conned our unsuspecting colleague using artificial intelligence.
161
2K
5K
243
6K
19K
2 years ago on stage I was asked “when will Deepfake video/audio impact trust & be believable in social engineering?” My response then was that we were 2 years away from undetectable Deepfakes. I wish my prediction then was wrong. We need synthetic media detection + labels ASAP.
414
4K
14K
To reach the ~youth~ we're going to have to make infosec sea shanties, aren't we? Guess so!
Behold the tale of kid who reuses their passwords & ends up pwn'd, then learns how to stay safe. We're on a mission to encourage unique passwords stored in a password manager with MFA on.
322
4K
9K
Here’s an example of getting around 2FA with social engineering. 😬🤖 Dang.
Thanks
@alanchavezv
for sharing this.
124
4K
5K
Lol if it turns out the HBO Max email goof is a stunt for a new show called Integration Test Email then congrats to the marketing team
70
334
5K
@deepfates
I heard there was a secret cord
That David used so
He met the Lord
But you don’t really care for OSHA,
do ya?
23
254
5K
Above you can see the receipt
@yashar
sent me when I did this test with him. Be careful using PayPal Twitter Tip Jar — this is a hallmark of PayPal rather than Twitter of course but it impacts Twitter users who may not know that their address is leaked by PayPal to tip receivers.
29
861
4K
Hitting F12 in a browser is not hacking. If your code leaks personal data via public development tools that any person can see by simply pressing F12 on a keyboard then you have a huge data leak issue, not a hacking situation, on your hands. Fix your website.
Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.
We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate.
5K
335
1K
82
804
4K
This is EXACTLY what I was concerned to test when Twitter announced Tip Jar. PayPal needs to make it crystal clear which data is given to money receivers and stop sharing that data, & Twitter needs to educate users who don’t realize what info tip receivers get when using PayPal.
Questions I’m interested to learn more about:
- how will payment account details be shown to twitter tippers
- will tippers be able to see payment tool details like Venmo username
- when tipping via PayPal, will PayPal disclose personal tip receiver’s email in receipt to tipper
5
29
205
15
826
4K
🚨ATTENTION🚨
Apple found two 0-days actively in use that could effectively give attackers full access to device.
For most folks: update software by end of day
If threat model is elevated (journalist, activist, targeted by nation states, etc): update now
112
2K
4K
We just hacked a billionaire!
Got consent 1st then got to work hacking Jeffrey Katzenberg.
@Evantobac
& I stole his pics, emails, and contacts then turned on his mic (without an indicator light) & listened to his phone calls.
Here's the video on how we hacked a billionaire:
124
1K
4K
*New takedown tool*
It’s easy to hack into accounts bc we can find most email/phone online, plug those into data breaches, then find passwords & login as you.
🔒Google launched a new tool for sensitive detail takedown requests🔒Here’s how to remove your contact info for free:
46
1K
4K
This Twitter 2FA change is nerve-racking because:
1. Only ~2.6% of Twitter users have 2FA on at all (it’s essential for preventing easy account takeover)
Of those 2.6%, 74% use text message based 2FA ()
If they don’t pay for Blue they auto lose 2FA on 3/20.
Effective March 20, 2023, only Twitter Blue subscribers will be able to use text messages as their two-factor authentication method. Other accounts can use an authentication app or security key for 2FA. Learn more here:
9K
4K
8K
116
1K
3K
Deepfakes will impact public trust, provide cover & plausible deniability for criminals/abusers caught on video or audio, and will be (and are) used to manipulate, humiliate, & hurt people. If you’re building manipulated/synthetic media detection technology, get it moving.
35
412
3K
Here’s a fun social engineering / physical security quiz!
Based on this picture of a door lock, what do you think the passcode is for entry? Please include the order the characters are entered.
2K
376
3K
No identity verification, & 8 bucks for a verified account?
Get ready for the new cyber criminal playbook: use stolen credit card to buy verified Twitter account, impersonate real customer support channels, trick users into handing over account details in DM, account takeover.
We saw internal docs with more insight into the new Twitter Blue:
-Launch on Nov. 7 but only in current markets (US, CA, Aus, NZ)
-Check marks for subscribers, no current ID authentication
-Some features announced by Musk won't be ready
-Euro launch soon
242
553
1K
77
1K
3K
When people tell you “we tried that idea, it didn’t work”, try it your way.
59
522
2K
One of the easiest ways for me to hack is simply:
1. Look up who works at a org on LinkedIn
2. Call Help Desk (spoof phone number of person I’m impersonating)
3. Tell Help Desk I lost access to work account & help me get back in
I hope we learn more & get confirmation of methods
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.
A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
159
1K
5K
40
564
2K
We’ve got a case study of Twitter blue check imposters impacting an impersonated company’s stock price.
Remember the Eli Lilly fake verified account tweets yesterday? That impacted their stock quickly.
84
617
2K
If you are building a team to detect synthetic and manipulated media, it’s essential your team is diverse. This issue will impact everyone, but will disproportionally affect women, people of color, and marginalized groups.
57
276
2K
These hackers went out of their way to cinematically announce their intrusion to the security control room, baffling the prison’s abusers. They then leaked stolen footage of human rights atrocities committed by these abusers. Wow.
18
623
2K
Thank you
@yashar
for letting me test with you to ensure I can educate folks on how PayPal leaks address data to tip receivers and so we can keep people safe ❤️❤️
15
143
2K
How do we get Taylor Swift to talk about the risks of password reuse lmao
Travis Kelce jerseys saw a nearly 400% spike in sales after Taylor Swift attended his game, TMZ reports.
878
4K
81K
58
191
2K
With this announcement, bot farms everywhere are now preparing to legitimize accounts w/ new & improved pay-to-increase-verified-followers options.
Remember Goodhart's Law: when a metric becomes a goal, it ceases to be a good measure
(any metric based goal can & will be gamed)
43
375
2K
Wow, a 49 min master class on vishing (phone attacking) by
@navalny
himself to an FSB officer involved in his own attempted nerve agent murder. Excellent work by
@bellingcat
.
I’ll break down the pretext and exact stand out vishing moments in this thread.
24
571
2K
Yikes, strongest hypothesis is that the attackers have owned Twitter’s employee admin panel which allows Twitter employees ability to change pw/disable MFA to allow an attacker to take over a prominent account and tweet on their behalf without dealing with their password or MFA.
49
642
2K
A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert and decode the code.
1K
30
137
21
370
2K
Please share this live hacking video with your loved ones so they can see just how easy it is to fake caller ID (and even clone a voice) to demand money or data over a scam phone call.
I’m hoping this demo helps even 1 person shut down a hacking attempt.
22
675
2K
Lmao he switched all the legacy verified accounts to make it look like we *may* have paid for Twitter Blue 😂
50
219
2K
Reminder for your friends/fam: many rely on Facebook for communication and FB, IG, and WhatsApp down may make folks susceptible to phishing attacks such as "Your FB has been deleted, click here to restore". They may be more likely to believe this bc Facebook isn't working, etc.
49
832
2K
Good to see was able to detect this deepfake. We need tools that can detect manipulated/synthetic media at upload integrated into social media platforms to detect/label immediately. Retracting later doesn’t work. We need integrated detection/labeling.
@laurenmwhite
One of these fake Tom Cruise deepfakes was uploaded to acouple of hours ago and our DeepFake Detector AI flagged it and notified our users.
14
167
792
18
276
2K
So cool to hear real world impact from this vid🤖🤘
"I got a call from someone saying they were from my healthcare provider & they were asking for sensitive info. I remembered that video you showed us so I hung up, checked, and sure enough, my provider was not trying to reach me"
We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened:
228
4K
9K
28
369
2K
Just as we hoped would happen, the prosecutor declined to file charges in the absurd F12 hacking case. It’s done. You may now resume use of your keyboard and all its keys.
14
330
2K
Whoa. I’m verified. Thanks for following all my hacking threads here through the years 🤖🤘❤️— now to go process this information in a corner somewhere 😭
77
34
1K
This year’s Halloween costume is again a bit too large to be a
@defcon
badge 😂 —
@StripOfMist
and I made a mobile photo BOOth! 🤖📸 Choose your prop, press the button, and you’ll get your picture from the thermal printer and
@adafruit
camera! All run on
@Raspberry_Pi
.
49
207
1K
How to stay safe?
1. Make sure your folks know that caller ID is easily faked. Voices can also now be impersonated.
2. If they receive a dire call from “you”, verify it’s really you w/ another method of communication (text, DM, FT, call, etc) before action (like sending money).
14
326
1K
Here’s an example of a common phone call scam hitting folks right now — the criminal uses AI to clone the voice of a loved one (often a child, nephew, grandson, etc) and call you. When you pick up they tell you they’re in trouble and need money for bail, etc.
Voice cloning only
Everyone needs to watch this video in its entirety, and then send it to your friends and family immediately
965
17K
45K
42
698
1K
Putin's OSINT team can determine Ukraine President Zelenskyy's location from things like table wood grain, chair leather, paint shade, wall scuff marks, etc. We must demand better from the 2 GOP senators who tweeted photos when told not to. This OPSEC breach cannot be normalized.
30
159
1K
Lol the people messaging me that they think I did the Twitter social engineering attack because I accurately predicted the attack vector and methodology — I would have kept my mouth shut if I did it 😂😈🤘
33
92
1K
Please don’t take consumer DNA tests. Please don’t give consumer DNA tests as gifts. You can’t control how the results will be used in the future and the results can affect the rest of your family.
58
926
1K
Just wrapped on such a fun corporate espionage pentest — one of my attack vectors was via the Interview channel. I had to interview for a role (outside my experience) then extract sensitive info during Q&A. Got the info. Also got recommended to move forward for the role 😂🤖🤘
33
108
1K
Google your name plus the words “phone number”, “email address”, or “address”. Do you see your sensitive personal info on data brokerage sites?
Google has a tool to request a takedown of that info from Google itself (but doesn’t remove it from the other sites).
Steps for Google
23
399
1K
Folks are sharing screenshots of their iOS 14 home screens — Please know the more info I have on which apps you use & love most, the easier it is to phish you. Prioritizing Snapchat? How about “the mobile number has been updated on your Snapchat account, click here for...” phish.
30
389
1K
Also important to mention that just because you feel you can personally tell the difference between synthetic & authentic media, it doesn’t mean we’re good to go. It matters what the general public believes. Altered media has real world safety, political etc impact for everyone.
25
161
1K
Yes, this is a PayPal issue (leaks address w/ PayPal payments off of Twitter too). Twitter integrated PayPal into their tip feature so it's now Twitter's responsibility to inform users about how using PayPal w/ Twitter Tip Jar impacts privacy as many Twitter users aren't aware.
16
226
1K
Last time I went through TSA I got randomly selected. The agent asked for my phone & I handed it to him locked,
@EFF
sticker up. He asked what the sticker means — I said “they help us defend our rights to privacy, sometimes in situations like this.” He handed my phone right back.
25
159
1K
As a hacker, I know how to get a reaction fast — emotional content. Here to say that today you’ll likely see election misinformation that feels emotional. This is bc the emotional part of our brain reacts faster than the rational part — manipulators want you to react too quickly.
18
383
1K
Thank you
@Twitter
@kayvz
for paying attention, welcoming security researcher’s feedback, and taking responsibility to take steps to warn and protect your users within an hour of me releasing these findings (even though you don’t control PayPal’s address leaking flow).
Thank you
@kayvz
for taking this issue seriously to protect your users. I hope 2 things happen:
1. Twitter warns users that using PayPal on Twitter Tip Jar to tip can reveal their address to the tip receiver
2. PayPal should stop sending address data to money receivers
7
122
385
7
165
1K
🚨Turn off new default Twitter audio and video calling feature to prevent unwanted interactions🚨
Just went to my direct message settings here and found audio and video calling enabled by default (new feature, rolling out over time).
Highly recommend disabling this to prevent
48
832
1K
A useful thing about using a password manager that I don’t always see folks talk about is that my pw manager won’t enter my username and password on malicious lookalike sites. Not the real airline website? Looks real but it’s actually a malicious URL? No credentials entered 👾🤘
26
207
1K
Many are wondering how it’s possible that these jokers stole 4.5 billion in cryptocurrency…it’s because…✨they didn’t✨.
They were the money launderers — they didn’t do the hack. And they stored the private keys online lol.
61
219
1K
Getting a lot of opsec / social engineering questions about pictures of unlocked computers during chaos at the Capitol yesterday.
Here is the takeaway 1st. Security should be fast & easy to understand, but most importantly: security needs to be *automatic*. Let's talk about it.
53
250
1K
We make rules for ourselves as we age. Some are healthy boundaries — others are born from fear. I’m working to learn the difference to avoid this “pen line prison”.
36
411
1K
Everyone's talking about the woman who put $50k in a shoebox and handed it to scammers and how they wouldn't fall for it. It would shock you how many everyday people have embarrassing scam stories.
I can't help once the scams over, but I can help you Spot The Scam upfront:
33
300
1K
Wow, Gmail SMS 2FA code with an ad tacked on -- Google didn't include the ad, the ad was injected by the carrier. Looks like a phish but isn't.
Mobile carriers injecting ads, especially for SMS 2FA, is awful. It erodes accessibility & trust while teaching folks to click a phish.
I just received a two factor authentication SMS from Google that included an ad. Google's own Messages SMS app flagged it as spam.
What a shameful money grab.
53
266
2K
22
442
1K
Password journals are a fun topic because it’s really all about threat modeling. For example, Great Aunt Ethel’s threat model: a handwritten password journal is better than her reusing her only short password for her Facebook, bank, Netflix, and doctor’s office. Let’s discuss...
62
230
1K
If Facebook, Instagram, and WhatsApp going down are a part of an elaborate ~Cybersecurity Awareness Month plot~ to bring security to the attention of everyone in the world then honestly congrats to the team on the operation's success.
26
200
1K
Away from keyboard in what feels like Tolkien’s Rivendell. This first picture does prove I need to buy some waterproof gear ⛈💨🐻
46
40
1K
This type of impersonation drives advertisers away. This post has been up for over an hour.
When it’s eventually an impersonator pretending to be emergency services calling for an evacuation etc, I don’t think
@elonmusk
will be commenting laughing emojis after these posts.
31
211
996
Ask A Hacker: "Rachel, is it actually a big deal if I Google my name and my email address or phone number pop up. Why could that matter for someone like me?"
It can matter because many services you trust still use knowledge based authentication (KBA -- info like email
17
260
1K
This is the exact thing many of us in the security and privacy world have been scared of — how will this DNA data be used to harm and discriminate against people (further deny them healthcare, etc).
31
405
969
Update:
@GovParsonMO
continues his unhinged claim that a reporter notifying on a vuln (visible by hitting F12 on a keyboard) is a crime. This is like calling to inform a neighbor that they left keys in their door then they claim you’re breaking & entering.
33
234
983
AI text-to-video is here and we need to discuss the risks.
They mention in this thread that they’re considering the ways adversaries would leverage this content to harm thru red teaming but I’m still concerned.
My biggest concern is how this content could be used to trick,
Introducing Sora, our text-to-video model.
Sora can create videos of up to 60 seconds featuring highly detailed scenes, complex camera motion, and multiple characters with vibrant emotions.
Prompt: “Beautiful, snowy
10K
33K
141K
47
334
957
|-----------|
| OFFICIAL: |
| NO |
| MORE |
| PICS |
| OR |
| LINKS |
| ON |
| TWITTER, |
| ONLY |
| ASCII |
| SIGN |
| MEME |
| FROM |
| 2014 |
| ALLOWED |
| |
|-----------|
(\__/) ||
(•ㅅ•) ||
/
34
81
936
Thank you for taking action today Twitter. You didn’t create the PayPal address leak issue but you’re taking responsibility for your user’s privacy with your PayPal integration by warning them about how their personal info could be revealed when tipping w/ PayPal Twitter Tip Jar.
We’re updating our tipping prompt and Help Center to make it clearer that other apps may share info between people sending/receiving tips, per their terms.
891
233
968
14
147
898
I’ve seen an increase in the New Hire SMS Phish attack method recently:
- new hire starts at org, they or the org announce new role on LinkedIn
- attacker looks up new hire’s phone number on data brokerage sites
- sends SMS phish pretending to be Exec to new hire in first month
A company’s brand new employees are getting spearsmished (ha just coined that and I know some of y’all will hate it) with “I’m the CEO, I’m in a meeting but I need you to do something, let me know if you got my message”—any ideas on how their phone numbers would already be known?
65
29
289
36
384
922
By this definition, my cat walking across my keyboard and sitting on the F12 key is now a serious, punishable cyber crime.
A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert and decode the code.
1K
30
137
45
135
913
When the promoted tweet is actually something you want to buy.
14
115
905
🚨UPDATE APPLE DEVICES ASAP - PHONES, IPADS, COMPUTERS, WATCHES🚨
@citizenlab
found an Apple exploit used in the wild that can compromise to watch/see/hear/spy thru Apple devices.
Exploit doesn't require you to click, attacker just sends it via iMessage.
21
456
889
Hacked
@donie
again this year -- new video premieres tomorrow (right on the 3 year anniversary of the last vid!)
*How do you think I hacked Donie this time?*
Hint: it's different than last time by a lot
Throw your guess below, curious to see who guesses the hack method right lol
We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened:
228
4K
9K
47
125
883
My
@defcon
cyber punk party outfit for tonight, as seen through my surveillance detector 🤖💡😂
35
52
867
In our Infosec circle we hear people talk about multi-factor authentication as if it's obvious but the reality is very different. Twitter released their numbers -- only *2.3%* of Twitter users had any MFA method enabled during this reporting period.
51
303
858
Some say they feel nervous to use a password manager -- if that feeling is leading you to be less safe & reuse passwords (which btw is the easiest way for me to hack you bc that pw gets breached), then try this trick:
🧂Salt your password manager passwords🧂
Here's the trick:
Hackers aren't fooled when you change up your passwords with special characters.
SocialProof Security CEO
@RachelTobac
tells Nightcap's
@jonsarlin
how to keep your accounts safe. For more, watch the full Nightcap episode:
30
98
359
29
205
855
As a hacker that gets hired to think about this stuff, all my brain can focus on here is how I can more easily trick folks that use this “summarize email” feature.
If users pay even less attention to the email source using this feature and more attention to the summary this can
🚨 HUGE news in AI: Google just launched Generative AI across ALL of Google Workspace -- Gmail, Docs, Sheets, Slides, Images -- EVERYTHING.
They made a video showing off the new AI's capabilities. It's AWESOME.
347
3K
14K
20
178
859
Add “getting phished over the phone by an AI personal assistant” to your threat model if you haven’t yet.
Taking it to the next level.
Virtual personal assistant handling calls 🤯
63
151
1K
16
160
856
Whoa the FCC has recognized the risk of AI voice cloning in robocalls & scam calls! Video demo below.
- New FCC fines, more than $23,000 PER CALL
- Now gives call receiver right to take legal action and potentially recover up to $1,500 in damages per call
60 Minutes hired an ethical hacker to show how easy it is to be scammed. She conned our unsuspecting colleague using artificial intelligence.
161
2K
5K
16
270
849
Update on the Twitter hack - Twitter confirms a phone spear phishing attack (we also call this vishing). This is the most common attack I execute as a white hat hacker. Why? Because it works, and is quicker than some other attacking methods.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
72
389
756
19
310
833
When people ask me how OSINT works I usually give the example of finding a person’s preferred hotel chain thru a square of carpet fabric in the corner of an Instagram post.
Here’s another example: the person who leaked top secret US docs was nailed by his family’s countertop.
A breakthrough in our investigation came when the team identified a Steam profile in Airman Teixeira's name that led to an Instagram profile with photos of the exact location where leaked docs were photographed — a kitchen countertop in his childhood home.
256
1K
5K
15
202
835
Spotting the phishing link then forwarding it to everyone at the company so they know not to click it.
24
229
809
Fun fact! I turn down 90% of the requests to human hack a company/individual. Most orgs and folks don’t need a pentest the second they reach out to me — most need support to overhaul identity verification protocols, MFA and password manager, social media sharing, & more first!
25
86
802
While we protest for our rights & lives, protect yourself (source
@FreedomofPress
):
- encrypt your comms (signal etc)
- keep phone locked
- long passcode > Face ID
- banner notifications off
- delete sensitive apps
- back up phone
- MFA and pw manager
See you on the front lines
20
512
799
Turns out
@twitter
agrees with my hypothesis! Social engineering attack targeting employees with privileged access to internal tools that could make those account changes. This is exactly how I would have attacked and it’s cool to see I’m mimicking criminals in my pentests lol.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
598
6K
13K
26
148
798
This is a great opportunity for orgs to start a conversation on privacy implications of features they build & tools they integrate into their platform. When an org integrates a tool that could affect user's privacy & users might not understand privacy risk, orgs should educate.
5
94
786
This breach may allow a person to easily search up and find email addresses and phone numbers for 5.4 million Twitter users — so it’s important to be extra skeptical of emails and texts claiming to be “Twitter” requesting things like a password update, etc
27
580
786
This is a demonstration of the Twitter edit feature:
🐣Please retweet or like this if you love baby animals🐣
Once others have interacted with this, I will edit it to learn more about the feature and how easy it is for those who’ve engaged to notice the tweet has changed.
49
186
800
🔑How does a FIDO security key limit the hacks we're seeing in the news now?🔑
Beyond fun to work with
@Yubico
& partner with
@Twitter
to answer that question + demo how social engineering is used to steal passwords & siphon out MFA codes to gain admin access with
@EvanTobac
.
39
233
765
I have brand new stickers for
@defcon
this year! Let me know which ones you want 🤖🤘can’t wait to hand you them.
1. Don’t Reuse Passwords pop up
2. The
@socialproofsec
tamagotchi complete with hacking activities
3. Be Politely Paranoid floppy
4. Use MFA emergency TV broadcast
72
94
762