Larry Hosken. Technical writer. Puzzlehunt enthusiast.
52 stories

San Francisco Rail System Hacker Hacked

1 Comment and 4 Shares

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.

A copy of the ransom message left behind by the "Mamba" ransomware.

A copy of the ransom message left behind by the “Mamba” ransomware.

On Friday, The San Francisco Examiner reported that riders of SFMTA’s Municipal Rail or “Muni” system were greeted with handmade “Out of Service” and “Metro Free” signs on station ticket machines. The computer terminals at all Muni locations carried the “hacked” message: “Contact for key (,” the message read.

The hacker in control of that email account said he had compromised thousands of computers at the SFMTA, scrambling the files on those systems with strong encryption. The files encrypted by his ransomware, he said, could only be decrypted with a special digital key, and that key would cost 100 Bitcoins, or approximately USD $73,000.

On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for shows that it was tied to a backup email address,, which also was protected by the same secret question and answer.

Copies of messages shared with this author from those inboxes indicate that on Friday evening, Nov. 25, the attacker sent a message to SFMTA infrastructure manager Sean Cunningham with the following demand (the entirety of which has been trimmed for space reasons), signed with the pseudonym “Andy Saolis.”

“if You are Responsible in MUNI-RAILWAY !

All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit!

We have 2000 Decryption Key !

Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!!”

One hundred Bitcoins may seem like a lot, but it’s apparently not far from a usual payday for this attacker. On Nov. 20, hacked emails show that he successfully extorted 63 bitcoins (~$45,000) from a U.S.-based manufacturing firm.

The attacker appears to be in the habit of switching Bitcoin wallets randomly every few days or weeks. “For security reasons” he explained to some victims who took several days to decide whether to pay the ransom they’d been demanded. A review of more than a dozen Bitcoin wallets this criminal has used since August indicates that he has successfully extorted at least $140,000 in Bitcoin from victim organizations.

That is almost certainly a conservative estimate of his overall earnings these past few months: My source said he was unable to hack another Yandex inbox used by this attacker between August and October 2016, “,” and that this email address is tied to many search results for tech help forum postings from people victimized by a strain of ransomware known as Mamba.

Copies of messages shared with this author answer many questions raised by news media coverage of this attack, such as whether the SFMTA was targeted. In short: No. Here’s why.

Messages sent to the attacker’s account show a financial relationship with at least two different hosting providers. The credentials needed to manage one of those servers were also included in the attacker’s inbox in plain text, and my source shared multiple files from that server.

KrebsOnSecurity sought assistance from several security experts in making sense of the data shared by my source. Alex Holden, chief information security officer at Hold Security Inc, said the attack server appears to have been used as a staging ground to compromise new systems, and was equipped with several open-source tools to help find and infect new victims.

“It appears our attacker has been using a number of tools which enabled the scanning of large portions of the Internet and several specific targets for vulnerabilities,” Holden said. “The most common vulnerability used ‘weblogic unserialize exploit’ and especially targeted Oracle Corp. server products, including Primavera project portfolio management software.”

According to a review of email messages from the Cryptom27 accounts shared by my source, the attacker routinely offered to help victims secure their systems from other hackers for a small number of extra Bitcoins. In one case, a victim that had just forked over a 20 Bitcoin ransom seemed all too eager to pay more for tips on how to plug the security holes that got him hacked. In return, the hacker pasted a link to a Web server, and urged the victim to install a critical security patch for the company’s Java applications.

“Read this and install patch before you connect your server to internet again,” the attacker wrote, linking to this advisory that Oracle issued for a security hole that it plugged in November 2015.

In many cases, the extortionist told victims their data would be gone forever if they didn’t pay the ransom in 48 hours or less. In other instances, he threatens to increase the ransom demand with each passing day.


The server used to launch the Oracle vulnerability scans offers tantalizing clues about the geographic location of the attacker. That server kept detailed logs about the date, time and Internet address of each login. A review of the more than 300 Internet addresses used to administer the server revealed that it has been controlled almost exclusively from Internet addresses in Iran. Another hosting account tied to this attacker says his contact number is +78234512271, which maps back to a mobile phone provider based in Russia.

But other details from the attack server indicate that the Russian phone number may be a red herring. For example, the attack server’s logs includes the Web link or Internet address of each victimized server, listing the hacked credentials and short notations apparently made next to each victim by the attacker. Google Translate had difficulty guessing which language was used in the notations, but a fair amount of searching indicates the notes are transliterated Farsi or Persian, the primary language spoken in Iran and several other parts of the Middle East.

User account names on the attack server hold other clues, with names like “Alireza,” “Mokhi.” Alireza may pertain to Ali Reza, the seventh descendant of the Islamic prophet Muhammad, or just to a very common name among Iranians, Arabs and Turks.

The targets successfully enumerated as vulnerable by the attacker’s scanning server include the username and password needed to remotely access the hacked servers, as well as the IP address (and in some cases domain name) of the victim organization. In many cases, victims appeared to use newly-registered email addresses to contact the extortionist, perhaps unaware that the intruder had already done enough reconnaissance on the victim organization to learn the identity of the company and the contact information for the victim’s IT department.

The list of victims from our extortionist shows that the SFMTA was something of an aberration. The vast majority of organizations victimized by this attacker were manufacturing and construction firms based in the United States, and most of those victims ended up paying the entire ransom demanded — generally one Bitcoin (currently USD $732) per encrypted server.

Emails from the attacker’s inbox indicate some victims managed to negotiate a lesser ransom. China Construction of America Inc., for example, paid 24 Bitcoins (~$17,500) on Sunday, Nov. 27 to decrypt some 60 servers infected with the same ransomware — after successfully haggling the attacker down from his original demand of 40 Bitcoins. Other construction firms apparently infected by ransomware attacks from this criminal include King of Prussia, Pa. based Irwin & LeightonCDM Smith Inc. in Boston; Indianapolis-based Skillman; and the Rudolph Libbe Group, a construction consulting firm based in Walbridge, Ohio. It’s unclear whether any of these companies paid a ransom to regain access to their files.


The data leaked from this one actor shows how successful and lucrative ransomware attacks can be, and how often victims pay up. For its part, the SFMTA said it never never considered paying the ransom.

“We have an information technology team in place that can restore our systems and that is what they are doing,” said SFMTA spokesman Paul Rose. “Existing backup systems allowed us to get most affected computers up and running this morning, and our information technology team anticipates having the remaining computers functional in the next two days.”

As the SFMTA’s experience illustrates, having proper and regular backups of your data can save you bundles. But unsecured backups can also be encrypted by ransomware, so it’s important to ensure that backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, however, that some instances of ransomware can lock cloud-based backups when systems are configured to continuously back up in real-time.

That last tip is among dozens offered by the Federal Bureau of Investigation, which has been warning businesses about the dangers of ransomware attacks for several years now. For more tips on how to avoid becoming the next ransomware victim, check out the FBI’s most recent advisory on ransomware.

Finally, as I hope this story shows, truthfully answering secret questions is a surefire way to get your online account hacked. Personally, I try to avoid using vital services that allow someone to reset my password if they can guess the answers to my secret questions. But in some cases — as with United Airlines’s atrocious new password system — answering secret questions is unavoidable. In cases where I’m allowed to type in the answer, I always choose a gibberish or completely unrelated answer that only I will know and that cannot be unearthed using social media or random guessing.

Read the whole story
5 days ago
Thank you for not paying the ransom, SFMTA.
San Francisco, USA
Share this story

Too early to get overly excited, but this is the only good news...

1 Comment

Too early to get overly excited, but this is the only good news I’ve heard all month:

“Ruminant animals are responsible for roughly 20 per cent of greenhouse gas emissions globally, so it’s not a small number,” said Kinley, an agricultural research scientist now working at the Commonwealth Scientific and Industrial Research Organisation in Queensland, Australia.

“We’re talking numbers equivalent to hundreds of millions of cars.”

Read the whole story
11 days ago
Spoiler: has the excellent line "Then researcher Rob Kinley caught wind of it."
San Francisco, USA
Share this story

They Live and the secret history of the Mozilla logo

4 Comments and 16 Shares
I'm going to draw a line through 1930s agitprop, Ronald Reagan, methane-breathing zombie space aliens, the Mozilla logo, Barack Obama and the International Commiunist Conspiracy. It's a long walk, so please stick with me.

Let's start with They Live.

I've talked to a number of people recently who haven't seen They Live, and that's a real tragedy, because even though it is technically a sci-fi / horror movie, it is also the best documentary about the Reagan Administration you're likely to see.

If you haven't seen it, it is a 1988 film by John Carpenter whose premise is this: an out-of-work construction worker finds a box of special sunglasses near his homeless encampment. These glasses let you see the world as it really is: the Earth has been invaded, and all of the "one percenters" and most of the cops are actually skinless space zombie free-enterprisers.

"Earth is being acclimatized. They are turning our atmosphere into their atmosphere. Deplete the planet. Move on to another. They want benign indifference. We could be pets. We could be food, But all we really are is livestock."

And most importantly for our story, the glasses also let you see that all advertisements are actually black text on a white background with simple exhortations such as "OBEY", "CONSUME", "MARRY AND REPRODUCE".

It is not necessarily a great movie: it is extremely low budget, and somewhat slow-paced. As a horror movie, perhaps it hasn't aged well. But as a political statement, it is still absolutely fantastic and relevant.

Though, a friend tells me that some of his friends in their 20s watched it recently and thought it was very dated: it was "too 2011". It was entirely too "Occupy Wall Street".

Last week I was bicycling through The Mission and absentmindedly beginning to compose this story in my head. I glanced to my left and said aloud, "You have got to be fucking kidding me," because this is what I saw on a building across the street:

Apparently our local muralists find it to be still relevant as well.

And speaking of graffiti...

There's an artist you may have heard of, Shepard Fairey. He did the Obama "Hope" poster in 2008. But long before that, in the early 90s he had this semi-anonymous graffiti campaign, "Andre the Giant Has a Posse". It was everywhere. Stickers, stencils, wheat-paste posters, I saw them in every city I ever visited. It was a global propaganda campaign whose goals and meaning, if any, were completely obscure. I loved the mindfuckery of it, a campaign with no purpose, for which he had somehow managed to mobilize a worldwide army of helpers, primarly by intentionally giving up control of it and allowing it to take on its own life.

In the mid 90s, his Andre the Giant has a Posse campaign morphed into OBEY GIANT. Andre glowers out at you from under his enormous brow in a style referencing the Big Brother posters from the 1956 film of 1984 as well as the Futurist propaganda art of the 1930s and 40s.

Since then, the OBEY brand has grown tremendously, nearly outstripping even Hot Topic in our suburban malls. It has become the go-to fashion statement for backwards-baseball-cap-wearing bros across the nation. But let us not forget! It is a direct reference to They Live.

So why am I telling you about this odd series of un-ad campaigns? Well.

I was one of the founders of this company called Netscape. You might not have heard of it, because it was a while ago. We built the world's first web browser that mattered. The first one that normal, everyday people could use. It was the browser that your parents used. We did a pretty excellent job of it, too, and our success ushered in the first "tech bubble".

I'm sorry about that part.

Well, in the fullness of time, 1998 to be precise, the company began its process of self-destruction. And through a long series of bizarre events, it turns out that some things I had written about free software led my bosses to decide that we should give away the source code to the web browser. This sort of thing was utterly unheard of at the time.

So we created

Though the world knew the web browser as, alternately, "Mosaic Netscape", "Netscape Navigator" or just "Netscape", we had always known it internally by the name "Mozilla". (These days, you know it as "Firefox".)

Mozilla had a cartoon dinosaur as a logo and mascot. In the early years of Netscape, this little guy was plastered all over our web site, in banners at the top of every page, and scattered throughout. The artist was Dave Titus, and he went for a very "cute" look with the art. But some time in 1994, before Dave's vision of Mozilla came to be, I threw together a version to hang on the wall above our cubicle farm, pictured to the right. It's about 4' tall. The original source was a 2" high picture of Godzilla from a newspaper ad for a local toy store. I blew this up on the company photocopier one late night, zooming and zooming and zooming. I spent a lot of late nights slaving over photocopier-based art projects back then, while waiting for things to compile. Every now and then we'd get email from facilities asking why we seemed to burn through so much toner.

I wasn't able to find a contemporary photo of that protozilla, but fortunately, my strict data retention policy applies also to grainy black and white pieces of paper, so I was able to dig the original out of a very old cardboard box that I haven't opened since, I'm guessing, 1996.

When Dave started working on the mascot, I remember that one of the references I passed along as a suggestion was this manga called Gon, a dialogue-less story about a baby tyranosaur just trying to make his way in the world. I'm not sure if he used that as inspiration, but I hope so.

There were many illustrations of our little lizard in various thematic poses. That lasted until, of course, at some point the marketing department decided that for our (already fantastically successful, publically traded) company to appear to be "professional", any trace of fun or whimsy, no matter how harmless, must be scraped away. As they do. Because they are terrible people.

Also, at one point we were threatened with a trademark infringement lawsuit by Toho, the Japanese company who own the Gozilla franchise! They contested our trademark on "Mozilla". They were in the habit of attacking anyone with "zilla" in their name, but our legal staff reached a settlement with them when Toho realized that our t-shirt sales were literally beneath their notice.

For the purposes of this story, here's a glamour shot of Mozilla wearing sunglasses. You know, just the sort of sunglasses that allow one to pull the veil of lies from the face of the world:

With the launch of, I felt we needed to distance ourselves to some degree from Netscape itself, and that meant that, beloved though our little lizard was, we needed a new look. What we were trying to accomplish here was something of a radical idea, so I wanted artwork with a revolutionary feel...

So I called up Shepard.

I didn't know the guy, but I was a fan, so I figured I might as well give it a try.

I remember giving him a brief explanation of what "free software" was all about, how it was based on the principle that when people work on the things they personally care about, but share their work with others, then everyone benefits. That sharing is not inimical to competition and so on. He said, "That's interesting, because that's kind of how 'Andre the Giant Has a Posse' took off," and I said, "I know! I thought you'd get it, which is part of why I thought of you!"

He asked if I had seen his more recent work, and I said, "Yeah, in fact, right now I'm looking at a poster on my wall that you did for Crash Worship, Circus Maxiumus." He said, "Wait, what? How did you get that?" I said, "I bought it at the show." He said, "Oh, well you probably bought it from me, then, because I think I only printed like 50 of those!"

I like to think that the Crash Worship bonding sealed the deal.

So he designed our new mascot:

A much more imposing lizard, rising above the industry that spawned it.

So that was the time that I somehow convinced a multi-billion dollar corporation to give away the source code to their flagship product and re-brand it using propaganda art by the world's most notorious graffiti artist.

At the time that this was happening, the "free software" world had not yet been rebranded as "open source" -- in fact, I attended the meetings of the Secret Cabal where that decision was made, though it was a lot less Eyes Wide Shut than you might expect -- and so, much of the rest of the software industry didn't know what to make of what we were doing. Even though the internet had been built on free software, part of our job was convincing Capitalists, Libertarians and methane-breathing space zombies that giving away the source code to your products and allowing outsiders to participate in your development process actually made sense from an economic point of view, that it was compatible with unfettered free market capitalism, red in tooth and claw. We had to convince them that these "open source" people weren't just a bunch of hippies and Communists.

To that end, the branding strategy I chose for our project was based on propaganda-themed art in a Constructivist / Futurist style highly reminiscent of Soviet propaganda posters.

And then when people complained about that, I explained in detail that Futurism was a popular style of propaganda art on all sides of the early 20th century conflicts; it was not used only by the Soviets and the Chinese, but also by US in their own propaganda, particularly in recruitment posters and just about everything the WPA did, and even by the Red Cross. So if you looked at our branding and it made you think of Communism, well, I'm sorry, but that's just a deep misunderstanding of Modern Art history: this is merely what poster art looked like in the 1930s, regardless of ideology!

That was complete bullshit, of course. Yes, I absolutely branded the way for the subtext of "these free software people are all a bunch of commies." I was trolling.

I trolled them so hard.

I had to field these denials pretty regularly on the Mozilla discussion groups; there was one guy in particular who posted long screeds every couple of weeks accusing us of being Nazis because of the logo. I'm not sure he really understood World War II, but hey.

I'm not sure how much more explicit I could have made the gag than the t-shirts we gave away at our launch party that said PARTY MEMBER!

So that was all pretty fun, but back to They Live.

If you've ever been to DNA Lounge, at this point you might be thinking, "Oh, hey, there's all that weird shit on your ATMs. That's all just another reference to They Live, isn't it?"

Yes. Yes it is.

And finally, to wrap it all up, here's a photo of me in (one of) my Halloween costumes for 2016 (since we have three different parties at DNA Lounge this year!)

And as the rat's milk returns to the sewer, the cycle of life is complete.

The hat is, of course, a reference to Donald Trump's 2016 presidential campaign slogan. For truly, the monsters of the 1980s are still with us, perhaps now more than ever.

And do you see that poster over my shoulder there? That's a poster for Alamo Drafthouse's 2011 revival of They Live... this poster created by Shepard Fairey, specifically for that event. Shepard said at the time, "They Live was the basis for my use of the word 'obey,' The movie has a very strong message about the power of commercialism and the way that people are manipulated by advertising. [...] One of my main concepts with the Obey campaign as a whole was that obedience is the most valuable currency. People rarely consider how much power they sacrifice by blindly following a self-serving corporation's marketing agenda, and how their spending habits reflect the direction in which they choose to transfer power."

In this upcoming presidential election, please vote against the methane-breathing zombie space alien.

Because we're all out of bubblegum.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Read the whole story
36 days ago
37 days ago
San Francisco, USA
Share this story
4 public comments
34 days ago
Sharing for the bubblegum.
Long Island, NY
36 days ago
Still have my very early Mozilla head backpack around here somewhere... at least I hope I just didn't throw it out... surely I didn't... I hope...
Atlanta, GA
36 days ago
Need to watch code rush
Bend, Oregon
36 days ago
I loved Mozilla's early branding.

Surprisingly Little Evidence for the Accepted Wisdom About Teeth

1 Comment

The following originally appeared on The Upshot (copyright 2016, The New York Times Company).

I brush my teeth twice a day, but not for as long as my dentist would like. I’d like to say I floss regularly, but that would be stretching the truth. I don’t scrape my tongue, I don’t rinse with mouthwash and I don’t use an interdental brush or Waterpik. However, I have one filling in my mouth, and I got that only when I had braces as an adult 15 years ago.

My wife, on the other hand, cares for her teeth fastidiously. She does all the things you’re supposed to do, and then some. But she has more fillings than I can count. I remember once, years ago, when one of her teeth broke while she was eating scrambled eggs.

Clearly, the stuff we’re doing might not make as much of a difference as we think. A couple of weeks ago, many of you were shocked to learn that the evidence supporting flossing daily was as thin as, well, dental floss. That’s just the beginning.

As my colleague Austin Frakt pointed out recently, for adults without apparent dental problems, there’s little evidence to support the use of yearly dental X-rays. This still doesn’t prevent many dentists from recommending them for everyone.

With respect to flossing, this shouldn’t have been news either. A systematic review in 2011 concluded that, in adults, toothbrushing with flossing versus toothbrushing alone most likely reduced gingivitis, or inflammation of the gums. But there was really weak evidence that it reduced plaque in the short term. There was no evidence that it reduced cavities. That’s pretty much what we learned recently.

What about everything else? It turns out there’s a whole journal dedicated to the idea that we could use more rigor in dental recommendations.Evidence-Based Dentistry either publishes systematic reviews or summarizes reviews from other organizations, like the Cochrane Collaboration.

The good news is that brushing appears to work. But it’s important to know that it’s brushing with fluoride toothpaste that matters, not the brushing alone. Doing that doesn’t just prevent gingivitis and plaque formation; it also prevents cavities, which is the outcome that we care most about.

My dentist has always recommended a powered toothbrush. The evidence seems to agree that, as many randomized controlled trials confirm, powered toothbrushes reduce both plaque and gingivitis more than regular toothbrushes. An older Cochrane review concluded that the rotating powered toothbrushes were superior to side to side powered brushes. I use the latter, and this disappointed me. But the difference between the two types, while statistically significant, was really small.

There appear to be no good randomized controlled trials on brushing frequency. The other studies that do exist, while flawed, seem to support twice-a-day brushing.

Surely the twice-a-year teeth cleanings matter? In 2005, Evidence-BasedDentistry highlighted a systematic review on the effects of routine scaling and polishing (you call it teeth cleaning). Researchers found eight randomized controlled trials that were on point, but they were all judged as having a high risk of bias. The results were all over the map. Their conclusions were that the evidence isn’t of sufficient quality to reach any conclusions as to the benefits or harms of scaling and polishing.

Regardless, I’ve been told by all the dentists I know to have it done every six months.

When filling cavities, some dentists advocate bonded amalgams over non-bonded amalgams. There’s pretty much no evidence to support that practice, though. The one randomized controlled trial didn’t seem to support their use, especially since they cost much more. Previous,nonrandomized controlled trials in children didn’t really show a difference either.

Has anyone ever told you to use an interdental brush to get at the plaque between your teeth? In 2015, Evidence-Based Dentistry summarized a Cochrane Review of seven randomized controlled trials looking at how interdental brushing in addition to tooth brushing compared with toothbrushing alone or toothbrushing with flossing. Almost no long-term benefits have been proven.

What about preventive dental visits themselves? In 2013, Bisakha Sen, Nir Menachemi and colleagues used data from the Alabama Children’s Health Insurance Program to follow more than 36,000 children to see how preventive dental visits affected dental care and spending over time. They found that preventive visits were associated with fewer visits for restorative dental care in the future, implying that there was an improvement in oral health. But they found that, for the most part, more than one annual preventive visit in children was not cost-effective.

No review of dental health would be complete without at least acknowledging water fluoridation. Much of the evidence is old because it’s getting hard to do studies. It would be somewhat unethical to withhold fluoridation at this point from some people, because the evidence in favor of the practice is so compelling.

In fact, fluoride is so important that the U.S. Preventive Services Task Force recommends that in areas where the water supply is deficient, providers prescribe oral fluoride supplementation to children. They recommend the use of fluoride varnish as well.

To recap, there’s good evidence that brushing twice a day with fluoride toothpaste is a good idea, especially with a powered toothbrush. For children, there’s good evidence that the use of fluoride varnish or sealants can be a powerful tool to prevent cavities. The rest? It’s debatable.

I should note that the lack of evidence doesn’t mean that many of these things don’t work. It just means that we don’t have good studies to back their use. In that case, we must weigh the potential harms against the unproven benefits. With flossing, which is cheap and easy, it still might be worth doing. With scaling and polishing, as well as preventive visits, which are expensive and can hurt, it’s more questionable.

We should also recognize that there are a lot of things outside of our control. Some are genetic. The strength of our enamel most likely determines how easily bacteria can break through defenses. Salivary flow and composition help determine how easily we can clear dangerous bugs. Tooth morphology can leave some teeth more susceptible to infection.

Other things have little to do with dentistry. What you eat can affect your dental health. More important may be mother-to-child transmission of bacteria. Children aren’t born with mouthfuls of germs. Studies show that cavity-causing bacteria get passed directly by parents (mostly mothers) to children, probably by sharing silverware or by other mouth-to-mouth transmission. There’s a reason that mothers with lots of cavities sometimes have children who suffer the same.

There are things we can do to prevent cavities and preserve our oral health. We should focus on those things. We should study the things we debate. But we should also be willing to admit that some of the things we do make no difference at all, and perhaps, should be reconsidered.


Read the whole story
95 days ago
"To recap, there’s good evidence that brushing twice a day with fluoride toothpaste is a good idea, especially with a powered toothbrush. For children, there’s good evidence that the use of fluoride varnish or sealants can be a powerful tool to prevent cavities. The rest? It’s debatable."
San Francisco, USA
Share this story

Semaphore Flags Message Maker

1 Comment
I put together a web app to send messages in semaphore, an archaic flag-based alphabet system.
Read the whole story
106 days ago
It's kind of adorable.
San Francisco, USA
Share this story

La Cucaracha: On the GO with that new smartphone game? (toon)

1 Share


Read the whole story
129 days ago
San Francisco, USA
Share this story
Next Page of Stories