- Publisher |
- Cybereason
- Media Type |
- audio
- Podknife tags |
- Cybersecurity,
- History,
- Technology,
- True Crime
- Categories Via RSS |
- Technology
5.0
- 5 Star1
- 4 Star0
- 3 Star0
- 2 Star0
- 1 Star0
Right now, a man named Aleksandr Zhukov is sitting in jail for one of the most financially ruinous schemes ever invented for the internet. Zhukov is guilty. He was caught and convicted under a mountain of evidence against him.
Except the deeper you look into it, the deeper the well goes. In this episode, we’ll learn how Aleksandr Zhukov defrauded some of the biggest American corporations for millions of dollars. And we’ll ask the question that hardly anyone else is willing to acknowledge: Was this clever, successful, guilty cybercriminal merely a fall guy for everybody else playing his twisted game?
The numbers can’t be any clearer: a DDoS attack costs less than a hundred dollars, while the price tag for mitigating it might reach tens if not hundreds of thousands of dollars. A single well crafted phishing email can easily circumvent cyber defenses which cost millions of dollars to set up. How can we change the extreame cost asymmetry between attackers and defenders in cyberspace?
We’ve all experienced the creepiness of modern data trafficking, but that kind of daily annoyance is the surface of a much bigger issue: Big Tech companies such as Amazon & Microsoft are lobbying policymakers to veto laws that harm their business, and often hide their lobbying behind industry coalitions or organizations with names that are vague and seemingly harmless. Will current and future privacy laws actually protect your information, or will they protect the companies collecting your information?
Disruptions to the world’s internet cables happen more often than you think: Whether it be ship anchors or animals or saboteurs, cut a few wires in the right places and at nearly the speed of light you can disrupt or shut off the internet for broad populations of people at a time. It is an immense power that runs through these lines — a power that can be sabotaged or, in the right hands, weaponized.
In the midst of 35,000 exhilarated spectators eagerly chanting the time-honored countdown to kick off the 2018 Pyeongchang Winter Olympics, a sinister malware crept through the games’ network, threatening to disrupt the highly-anticipated event. The obvious question in everyone’s minds was – who was responsible for the attack? Who was vile enough to launch such a potentially destructive attack against an event which, more than anything, symbolizes peace and global cooperation?
Oמ May 23rd, 1989, Karl Koch – a 23 years old West German hacker who worked for the KGB – took a drive, from which he would never return: Nine days later his charred remains were found by the police in a remote forest. Was Koch assasinated by the US or the Sovient Union, or is there another, more ‘mystical’ explanation for his death?
Four decades ago, three quarters would’ve gone a lot further than they do today. With that kind of loose change you could’ve picked up some milk from the grocery store, or over half a gallon of gas, or a bus ticket. But that doesn’t explain why, on one fateful day in 1986, a systems administrator at the Lawrence Berkeley National Laboratory in California made such an issue over 75 missing cents.
In the early 1970’s, US intelligance pointed at the possibility that the Russians have laid an underwater communication cable between two important naval bases in the Far East. The dangerous mission of installing a listening device on that cable was given to the navy most secretive and unusual submarine.
What happens when an NFT marketplace goes under, and disappears? You would imagine that the users’ NFTs are perfectly safe: after all, the blockchain itself is still there, right? But that’s not how things work in the real world.
Jason Bailey is the co-founder and CEO of ClubNFT, a company building the next generation of tools to discover, protect, and share NFTs. Jason is an early collector and proponent of CryptoArt, and he spoke with Nate Nelson, our Sr. producer, about the risks facing sellers and buyers who are unfamiliar with this new technology.
Physical artworks in museums are usually well-guarded – but digital artworks are something else entirely: in 2021 alone, scammers successfully stole 100 million dollars worth of non-fungible tokens, or NFTs. Yet blockchain technology, where most NFTs live – is one of the most secure technologies in history. Why, then, are NFT collectors keep getting hacked?
If SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM swaps also take a psychological toll. Getting cut off from the grid all of a sudden, not knowing why, not being able to call for help. Even when it’s over, you never know if your attackers — whoever they are — will come back again.
A year ago we told you the story of Kaseya: an IT solutions company that was breached on July 2021, and its servers were used to spread ransomware to an estimated 800 to 1500 small to medium-sized businesses. Nate Nelson, our Sr. producer, spoke with Rich Murray, who leads the FBI’s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with another attack by REvil – this time against the Texas government – and how they managed to figure out who was behind it.
Spamhaus’s decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed “The attack that almost broke the Internet.” The fallout from this attack led to Cyberbunker relocating to a bunker in Germany – but it was the involvement of an Irish drug lord known as ‘The Penguin’ that led to the bullet-proof hosting company’s downfall.
Sven Kamphuis and Herman Johan Xennt are quite dissimilar: one is young, the other is old, one is a Freedom Fighter, the other a businessman. In 1996, their unlikely partnership coalesced around a mutual deep hatred towards authority – and around a very unusual building: a Cold-War era nuclear bunker.
In his 1984 seminal paper – “Computer Viruses: Theory and Experiments” – Dr. Fred Cohen not only introduced the name ‘computer virus’, a term invented by his mentor, Leonard Adelman, but was also the first to analyze computer viruses in a rigorous mathematical way, proving that computer viruses were not only practical – but that they were in fact inevitable. Nate Nelson, our Sr. producer, spoke with Dr. Cohen about his early research into computer viruses, his work with the US army, the panicky response from the US government – and the parallels between computer viruses and mental viruses – i.e. memes.
Thamar Gindin is an Israeli scholar whose research focuses on the Persian language. For the past seven years (at least) Thamar has been a target for an endless stream of spear-phishing attempts by the Iranian regime, trying to take over her email account and lure her away from her country’s borders. Her family, friends, and colleagues have also suffered numerous attacks. So, how does it feel to live for years with a virtual target mark on your back?…
Nobody likes cheaters, especially in video games: we play games to have fun, and nothing hurts the joy of playing a good game more than losing to a cheater. That is why EA is not the only publisher to implement kernel-mode anti-cheat software in their games: League of Legends and Valorant, for example, use similar software. Yet some people warn that installing such kernel-level systems is extremely dangerous. So, what’s the problem with kernel-mode anti-cheat software?
When it was founded in 2011, Norse Corp. – which described itself as “the world’s largest dedicated threat intelligence network” – had everything a promising startup could wish for: a charismatic and experienced founder, a rare and valuable technology, and few tens of millons of dollars from investors. Less than six years later, it all came crashing down in the most horrible death a business can experience. What went wrong in Norse Corp.?
John Deere, an American agricultural machinery manufacturer, has recently enraged many farmers and digital rights activists due to the restrictive fixing policy of its tractors. Now, an Australian white hat hacker named Sick Codes has demonstrated not only how he was able to jailbreak the company’s tractors and run Doom on them (because why not) – but also hack into its global operations center, demonstrating how hackers can easily take over a huge number of farming machines all over the world.
In 2006 the Russian Business Network pivoted its business: the once legitimate ISP became a ‘bullet-proof’ hosting service, catering to the needs of cybercriminals. It quickly became the largest player in the Russian cybercrime landscape, with ~60% of all cybercrime activity related to Russia connected to it in some way. Following the Russian government’s years-old tradition of collaborating with organized crime, it’s no wonder that the Russian Business Network quickly became Putin’s informal cyber attack arm.
Sports is not something that you usually hear mentioned when people talk about cybersecurity – but Chris Cochran and Ron Eddings, co-founders of Hacker Valley Media, believe that cyber professionals can take inspiration from MMA wrestlers and chess Grandchampions to get to their own version of peak performance.
One day in 2008, Michael Daugherty – CEO and owner of LabMD, a cancer detection lab – got a call from an executive of TiVera, a cybersecurity company. The caller said that a file containing private medical data of some 9000 of LabMD’s patients has been discovered online. When Michael refused to pay for TiVersa’s hefty “consultation fee”, it reported the incident to the FTC. This was the beginning of a ten-year-long legal battle that ultimately destroyed LabMD – but cost the Federal Agency dearly.
Media companies probably get hacked no more than other, non-media oriented organizations such as hospitals, banks, etc. But these hacks are often more visible and more memorable because… well, media companies are more public facing by their very nature. How can these organizations be hacked, and why should we care about such attacks? Nate Nelson spoke with Joel Molinoff, former chief information risk officer for CBS Corporation, and Dan Vasile, former vice president of information security at Paramount.
Financial markets make good targets for criminals: after all, that’s where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: Genuine finance industry professionals.
Authentication has come a long way since the 1980s or 90s, but when it comes to phone calls – we’re still in the Middle Ages. Vishing, or Voice Scams, are probably as old as the Telephone itself, yet it is still very easy to impersonate someone over the phone or spoof a phone call’s origin.
Rachel Tobac is a hacker and the CEO of SocialProof Security, where she helps people and companies keep their data safe by training and pen-testing them on social engineering risks. Rachel spoke with Nate Nelson, our Sr. producer, about Vishing: how common is it, where attackers get the information they need to impersonate someone from, and the many many psychological tricks they can employ to fool the person on the other side of the call.
In any trading market, at any time in history, no matter where you are, the most important thing you can possess isn’t actually money, or influence, or anything like that. Knowledge — in particular, knowing something before everybody else — is far more valuable. Some traders are willing to go to great lengths to get it before anyone else. In some cases, they’ll apply great ingenuity to the problem – but in others, they’ll use manipulation — hacking into these technologies to gain an unfair advantage, and make a fortune along the way.
The name Lulzsec is probably very familiar to listeners who were around in 2011, when this hacking group was at the peak of its nefarious activity. As their name implies, Lulzsec was known for trolling their victims: their childish behavior might have fooled some people into thinking that Lulzsec was mostly harmless – but as the story you’re about to hear will show, they were anything but.
The US government says that Kim Schmitz, better know as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA?
Multi-Factor Authentication (MFA) is usually considered a better solution for authentication than just using passwords. But Roger Grimes, a veteran security professional, and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provides us – is false.
Language models are everywhere today: they run in the background of Google Translate and other translation tools; they help operate voice assistants like Alexa or Siri; and most interestingly, they are available via several experiential projects trying to emulate natural conversations, such as OpenAI’s GPT-3 and Google’s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data?
In May 2021, Following the Solarwinds and the Colonial Pipeline attacks, the Biden administration published a presidential Executive Order mandating the use of SBOMs – Software Bill of Materials – in all government agencies. What are SBOMs and how useful are they in cybersecurity? Nate Nelson talks to two experts: Allan Friedman (CISA) and Chris Blask (Cybeats).
Criminals, particularly cyber criminals, aren’t “good” people; in most cases, they do have their own personal boundaries. Every once in a while, you encounter a criminal who’s different. Someone who seems not to have limits at all. A ruthless person, for whom the goal truly justifies the means. Leo Kuvayev is that kind of a person – and that made him so successful as a cyber-criminal. But even a genius criminal can go just one step too far.
Railway systems are a mess of old systems built on top of older systems, running ancient operating systems and exposing their most sensitive inner workings to commuters via WIFI. Why are railway systems so difficult to defend, and what are the most probable attack vectors against them? Nate Nelson, our senior producer, speaks with Israel Baron, Israel Railway’s first ever CISO.
The Anom was the holy grail of dark, illegal communication: a mobile phone that could send encrypted messages, and even included a secret Kill-Switch to foil attempts by law enforcement agents to get to its contents. Thousands of criminals used the Anom, certain that they were completely safe from the police… They were wrong.
Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack.
Silk Road’s success did more than bring the site more sellers and buyers, it also brought it more attention from law enforcement agencies as well as malicious hackers and other shady characters. Some of these shady characters, it turns out, were part of the task force aiming to shut down Silk Road…
Your organization was hit by ransomware, and it is now time to reach out to the hackers and negotiate the terms of a deal that will bring back your data, and (hopefully) won’t leave the company’s coffers empty. But before you sit down in front of your computer and fire off a message to the hackers – stop. Are you sure that you know what you’re doing? Are you certain that you won’t screw up the negotiations and do more harm than good?
Ross Ulbricht always had a thing with testing his limits. He was also an avid libertarian who wanted to change the world. And so, in 2010, he came up with the idea to build a truly free market: a website where anybody can buy and sell anything – including illegal drugs – anonymously: the ultimate experiment in individual freedom.
Will Bitcoin and the other cryptocurrencies be able to replace money as we know it today? Will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What’s Your Problem) talks to Nate Nelson about what the future holds for Bitcoin.
Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of “Crypto Anarchists” who aspired to change money, forever.
A recording of last week’s special Malicious Live Ask Us Anything event: How did Malicious Life come to be? How do we choose the stories we tell, who was Ran’s most memorable guest – and why does Nate keep inserting weird names into the scripts?…
In June 2011, a Con Edison truck was parked outside of Hector Monsegur’s New York apartment, every day for over a week. But Hector – better known as Sabu, the ringleader of the LulzSec hacking group -wasn’t fooled: he guessed, correctly, that the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to worried: Jeremy Hammond.
George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy – and a hacker. But in certain respects, they’re actually quite similar: in what lines are they willing to cross to get to their goal.
AbdelKader Curnelius, a German Threat Researcher and an expert on the cybercrime ecosystem in German-speaking countries – shares a story about how he helped the German police put a sophisticated local cybercriminal behind bars, by uncovering tiny mistakes that this hacker did in the past.
In June 2012, an anonymous hacker posted a list of 6.5 Million encrypted passwords belonging to LinkedIn users on a Russian hacker forum. It was soon discovered that these passwords were hashed using an outdated and vulnerable hashing algorithm – and were also unsalted. The lawsuits followed suit shortly… what are ‘hashing’ and ‘salting’, and can we trust big organizations to keep our secrets safe?
Assaf Dahan, Threat Research Lead at Cybereason’s Nocturnus team, describes a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by APT 41, AKA Winnti Group – a Chinese state-sponsored APT group known for its stealth and sophistication.
In 2007, Estonia – then already a technologically advanced country – suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and an adviser to several governments and conferences, talks with Nate Nelson about the lessons learned from that event, and how Estonia became what he calls ‘A Cloud Country’.”
In May 1990, officials from several law enforcement agencies gathered in Phoenix, Arizona, to announce a nationwide crackdown on illegal computer activity. This massive operation, carried out by hundreds of Secret Service and FBI agents, was focused on a new type of crime: Hacking. Yet as Isaac Newton said, for every action there is an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation.
The MITRE Attack Flow Project is essentially a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Israel Barak – Cybereason’s CISO, spoke with Nate Nelson about the benefits of the MITRE Attack Flow project to defenders and executives alike.
When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron’s crime justify such a harsh punishment?
Before it invaded Ukraine, Russia was considered – and rightfully so – a cyber superpower. But a month and a half into the war, the lights in Ukraine are still on, as well as cellular communications and other important infrastructure. Lior Div (Cybereason’s CEO), Yonatan Striem-Amit (CTO & Co-founder), and Sam Curry (CSO), talk about what we learned so far about the conflict – and what we might see in the future.
When Chris Roberts landed at Syracuse, NY – two FBI agents were waiting to escort him off the airplane. Apparently, this wasn’t the first time that the Gray Hat hacker was suspected of hacking into an aircraft’s control system – WHILE IN FLIGHT. Is risking the lives of hundreds of passengers a price worth paying for uncovering major vulnerabilities in an aircraft’s network?
It’s not every day that we have a guest who’s suggesting a new paradigm for cybersecurity. Sounil Yu, CISO and Head of Research at JupiterOne, talks about a new framework for designing secure systems, a framework he calls D.I.E: acronym for Distributed, Immutable and Ephemeral. Sounil asks us to treat our precious data less like Pets, and more like Cattle. Sounds confusing? New paradigms always are.
We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed, if at all. So, what is the psychological and emotional toll of cyberattacks? Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder?
What is the most critical of all critical infrastructure? Is it Electricity? Water Supply? According to Jeff Engle, CEO of Conquest Cyber, it’s our Banking and Finance systems. Jeff spoke with Nate Nelson, our Senior Producer, about the resilience of our financial system, worst-case scenarios, and will backups be able to save our butts if and when?
By the 1970s, Crypto AG was a large and thriving company, employing over 400 people. This final episode of the series is going to explore how a spying operation affecting over 100 countries, for 70 years, was kept secret the whole time — from governments, from militaries and intelligence services, and even the company’s own personnel.
Quantum Computing is a fascinating and revolutionary technology that has been gaining significant ground in the past decade, with researchers from both academia and the commercial sector – such as Google and IBM – announcing major breakthroughs every few weeks. Mike Redding, CTO of Quantropi, a company specializing in Quantum Encryption – claims that this revolution is even closer than most of us think.
How did Boris Hagelin succeed in selling compromised cipher machines to half the world, for more than 50 years? Some have speculated that it was some kind of backdoor. But, no – it was more clever than that… but Bo Jr., Hagelin’s son, who became an important part of his father’s company, did not approve of the secret deal with the NSA…
Assaf Dahan, Head of Threat Research with the Cybereason Nocturnus Team, discusses new discoveries about Iranian APTs Moses Staff and Phosphorus that blur the line between state-sponsored attacks and criminal activity.
General McArthur, Egpyt’s Anwar Sadat, and Iran’s Ayatollah Khomeini: These are just a few of the dozens, likely hundreds of targets of arguably the biggest, most ambitious hacking operation ever. A secret mission that lasted nearly a century, and influenced the course of so many of the most important events of history. The history you thought you knew.
Attacks against Small-to-Medium size businesses currently represent roughly 40% to 50% of all data breaches. Josh Ablett, founder and CISO of Adelia Risk, speaks with Nate Nelsn about the kind of security he usually finds in SMBs when he’s called in to make an initial security assessment – spoiler: not a pretty picture – the impact of data breaches on SMBs, and what role do insurance companies play in improving the state of security in that often overlooked segment of the industry.
Israel is a small country – yet its cyber security industry is exceptionally successful. In this episode, we go back to the Yom Kippur War of 1973, to discover how a national trauma and an Intelligence failure paved the way for Israel to become a cyber security mini-empire.
Pete Hertzog is a security expert and an educator with a vision: he wants our kids to learn about cybersecurity, and not just about not talking to strangers online – he wants them to learn even more advanced stuff, such as security analysis and hacking. Pete spoke with Nate Nelson about his Hacker Highschool initiative, and the lessons he learned from it.
“Hello. We are looking for highly intelligent individuals. To find them, we have devised a test.” These words, found in a message posted on 4Chan in January 2012, started a global ‘treasure hunt’ – with thousands of puzzle-loving and curious individuals desperately competing with one another to be the first to crack the devilish puzzles created by the mysterious Cicada 3301. Who is Cicada, and what are their goals?
In the late ’80s to early 2000s, the NSA transitioned from being a hardware-first organization – that is, creating and operating physical spying devices – to software-first: excelling in hacking networks, tracking people online, etc. That transition was by no means easy: the NSA, by that point, was a huge organization – and big organizations are notorious for being very resistant to change. Jeff Man, our guest today, was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period.
When the FBI asked Apple, following the 2015 mass shooting in San Bernardino, to write code that would give the FBI access to a suspect’s iPhone – Apple refused, arguing that forcing it to write code goes against the First Amendment. Apple’s claim wasn’t the first time that this highly controversial claim was invoked in judicial proceedings…
A digital ‘vaccine’ was released to address Log4Shell, which has been called ‘the single biggest, most critical vulnerability ever.’ Nate Nelson talks to Yonatan Striem-Amit, CTO & Co-Founder of Cybereason (our sponsor) about the vulnerability, and about Cybereason’s unusual vaccine: software that uses the same vulnerability to close the breach.
In 2003, Shawn Carpenter – an employee of Sandia National Laboratory – was at a crossroads: should he ignore a Chinese attack against U.S. targets, as his superiors ordered him to do – or do what he thinks is right, and continue investigating the case on his own?
Last month, in November of 2021, Cybereason – our show’s sponsor – released a special report titled: “Organizations at Risk: Ransomware Attackers Don’t Take Holidays”, focusing on the threat of ransomware attacks during weekends and holidays. Nate Nelson, our Sr. producer, talked with Ken Westin, Cybereason’s Director of Security Strategy, about why attackers love holidays and weekends, and why ransomware attacks during these times are so effective and dangerous. The report’s URL: https://www.cybereason.com/blog/cybereason-research-finds-organizations-unprepared-for-ransomware-attacks-on-weekends-and-holidays
In March 2016, Microsoft had something exciting to tell the world: the tech giant unveiled an AI chatbot with the personality of a teenager. Microsoft Tay – as it was nicknamed – could tweet, answer questions and even make its own memes. But within mere hours of going live, Tay began outputting racist, anti-Semitic, and misogynist tweets.
The Wild West Hackin’ Fest is a unique security conference. Not only because it’s held in South Dakota and not only because of the Wild West visual vibe – but also because of the emphasis it puts on diversity and lowering the entry barriers for people who wish to join the world of information security. Eliad Kimhy talks to John Stand, one of the conference’s founders.
In 2016, for six straight months, communications between Canadian and Korean government networks were hijacked by China Telecom and routed through China. In 2017, traffic from Sweden and Norway to a large American news organization in Japan was hijacked – also to China – for about 6 weeks. What is IP Hijacking (a.k.a. BGP Hijacking), and what are its security implications? Nate Nelson talks to Dr. Yuval Shavitt, from from Tel Aviv University‘s Cyber Research Center.
Alexey Ivanov was exactly the kind of person to benefit from the early-2000’s dot-com boom: He was bright, talented, and knew his stuff. His only problem was the fact that he was born in Chelyabinsk, a sleepy Russian town in the middle of nowhere…when he sent his resume to American companies, nobody was willing to bet on him.Alexey came up with a ‘brilliant’ idea: hacking American corporations, and then blackmailing them – forcing them to hire his services as a ‘security consultant.’
The NSA is one of the world’s most formidable and powerful intelligence agencies. Some people fear that the National Security Agency’s advanced capabilities would one day be directed inwards, instead of outwards. Are those fears justified? Is the NSA more dangerous than it is useful?
Nate Nelson spoke with Ira Winkler, who started his career at the NSA.
In May 2017, Marcus Hutchins – AKA MalwareTech – became a hero for stopping WannaCry, a particularly nasty ransomware that spread quickly all over the world. Yet his fame also brought to light his troubled past as the teenage Black Hat hacker who created KRONOS, a dangerous rootkit. Should a criminal-turned-hero be punished for his past crimes?…
In July, 2021, Nocturnus – Cybereason’s Threat Research and Intelligence team – was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies, mainly in the Middle East. Their investigation resulted in the discovery of a new threat actor that has been operating since at least 2018, and new and sophisticated malware that abuses Dropbox. Nate Nelson, Our Sr. producer, spoke with Assaf Dahan – senior Director and Head of Threat Research at Nocturnus – about the investigation.
Find the full report about “Operation GhostShell” at: www.cybereason.com/ghostshell
Smart Homes are slowly but surely becoming a part of our everyday lives, and so far it seems that Smart TVs – equipped with microphones, cameras, and an internet connection – are the weakest link. What are the current and potential threats against smart TVs – and is a person’s smart home, still his castle?…
In some ways, cyber security is like Art – and that’s not a good thing… MITRE’s ATT&CK framework tries to make sense of the collective knowledge of the security community, and share that knowledge so that cyber defence become less an art form, and more about using the correct tools and technique. Nate Nelson, our Sr. producer, talks with Israel Barak – Cybereaon’s CISO and a regular guest of our podcast – about MITRE ATT&CK, and how it can help your organization stay safe.
Every year, seemingly, there’s a new story of some software – like ‘Tik Tok’ or ‘FaceApp’ – from a hostile country that may or may not be a security threat to us in the west. So what should be done in cases like this? What if the U.S. just banned all technology from Russia and China? Is it a good idea? Is it even possible?
Darknet Diaries, Jack Rhysider’s show, is the most popular cyber security podcast – and one of the most successful tech podcasts in the US in general. Eliad Kimhy spoke with Jack about the origins of Darknet Diaries, his heroes and role models, and the effect the show’s success has had on his personal life – which, you might be surprised to discover, wasn’t always 100% positive.
It’s every company’s nightmare: a mysterious stranger approached an employee of Tesla’s Gigafactory in Nevada, and offered him 1 million dollars to do a very simple job – insert a malware-laden USB flash drive into a computer in the company, and keep it running for 8 hours.
Lt. Colonel (Ret.) Bill Hagestad talks to Nate Nelson about how China’s culture and troubled history of western colonialization influence its goverment views and actions regarding the global internet, and its interactions with western technology companies such as Google and Nortel.
What do you get when you take a hypersexual, drug enthusiast gun-toting paranoid – and add some serious amounts of money to the mix? You get a life so bizarre, so unbelievably extreme, that people will tell its story even after you’re long gone. Murder, rape, drugs, lies and a possible Dead Man’s Switch… it’s all part of John McAfee’s story.
Nate Nelson talks to Art Coviello, Former CEO of RSA Security, and Malcolm Harkins, Vice President & Chief Security Officer at Intel, about the current cyber security landscape – 10 years after the RSA Breach.
Nate Nelson talks to Assaf Dahan, Sr. Director and Head of Threat Research at Cybereason’s Nocturnus team about a recent attack they uncovered, on multiple major Telecommunication companies.
The Jester is a patriotic, pro-American Hacktivist that since 2010 has waged a personal cyberwar against an array of targets he considers to be “the bad guys.” But detractors have insinuated that some of the Jester’s operations were little more than internet sleight-of-hand. So, who is The Jester and what can we make of his reported exploits?
In 2005, when Albert Gonzalez was hacking his way into the networks of many retail chains in the US, credit cards were still very insecure: magnetic stripes and signed receipts did little to stop smart hackers such as Gonzalez and his crew. Sherri Davidoff talks to Nate Nelson about the past and present state of credit card security.
In early 2007, a Secret Service agent operating out of San Diego takes a flight halfway across the world. He’s going to meet with Europe’s most prolific stolen card salesman. It is this meeting that will be the beginning of the end for Albert Gonzalez and his ‘All Star’ crew of hackers, international businessmen and mules.
DerbyCon was all about making the community – a family. Dave Kennedy, one of the founders of DerbyCon, talks about the unique vibe of the conference, his fear of clowns, and why he’ll never – NEVER – listen to a Busta Rhymes album again.
Working with the Secret Service, Albert Gonzalez was outstanding. He was such a good employee, in fact, that they had him do seminars, and speak at government conferences. At one point he met personally with the then Director of the Secret Service. Albert gave a presentation, and got to shake the man’s hand. It’s a remarkable redemption story, you’d have to say. There was just one caveat. You see, Albert Gonzalez went from stealing millions of credit cards to quarterbacking the largest cyber crime bust in U.S history. And then? He went back to the Dark Side.
Jeff Moss, founder of the DEF CON Hacker convention (and also the BlackHat convention), talks to Eliad about the origins of DEF CON, its “interesting” relationship with law enforcement agencies, and some of the notable shenanigans the conference attendees pulled off over the years…
It was as a teenager that Albert Gonzalez–one of the few greatest cybercriminals in history–developed the obsession that would go on to ruin his life. Gonzalez and some of his friends would go on to pull off some of the most remarkable crimes in the history of computers – but they just didn’t know when to stop. If they did, they might have gotten away with it. They might not have ruined their lives.
THOTCON is not your ordinary, run-of-the-mill security conference – and it’s even obvious from the moment you browse their website. How did a local, small-scale event in Chicago, grow to become a major cybersecurity conference, and what is its connection to The Matrix movie? Producer Eliad Kimhy talks to Nick Percoco and Jonathan Tomek, two of THOTCON’s founders.
For more than a decade, China orchestrated a sophisticated espionage campaign against Nortel Networks, using Huawei, Chinese civilians working in Canada, and even organized crime gangs to steal important technical and operational information. When Nortel finally fell, the Chinese were there to reap the rewards of their death.
On Friday, May 7th, 2021, Colonial Pipeline suffered a cyberattack that forced the company to shut down its operations. As a result, gasoline outages were reported in many East Coast states. The entity behind the attack is a criminal group known as DarkSide. Nate Nelson, our Sr. producer, spoke with Assaf Dahan – Head of Threat Research at Cybereason – about the Colonial Pipeline attack: how & why it happened, and its implications – both for the security of critical infrastructure in the US, and for the criminal underworld of Ransomware groups. That last one is particularly interesting, since it seems that the Colonial Pipeline attack has set off a somewhat unexpected trend on the dark web.
Very interesting show on the history of cybercrime and -war. While a light on the technical side all the episodes so far are told in a very entertaining way with fun anecdotes from the actual people involved. The presenters' voice and pacing make it also easy to listen to. Highly recommended for anyone even slightly interested in the topic!
