144: Rachel

en-usApril 02, 2024

Podcast Summary

A man's stock price predictions were a sophisticated scam: Be skeptical and do thorough research before trusting someone with your money or personal information. Understand the mechanics of scams to avoid falling victim.
Not everything is as it seems on the surface. The man in the story seemed to have a foolproof algorithm for predicting stock prices, but it was actually a sophisticated scam. He would make random predictions to a large pool of people, then call back those he was "right" with and make more specific predictions to them. By doing this repeatedly, he would create a small group of people who believed in his abilities, which he then used to lure them into investing in risky ventures. This is a reminder that it's important to be skeptical and do thorough research before trusting someone with your money or personal information. Additionally, the story highlights the importance of understanding the mechanics of scams and how they operate.
Addressing Data Exposure Risks and Challenging Stereotypes: Automate least privilege access and implement robust endpoint protection to secure data and infrastructure, while challenging stereotypes and pursuing unconventional paths can lead to unexpected opportunities in the infosec field.
Excessive permissions in organizations can lead to major security incidents, making it essential to implement solutions like Veronus' Least Privilege Automation and ThreatLocker's endpoint protection platform to secure data and infrastructure. Rachel Tobac's story highlights the importance of challenging stereotypes and pursuing interests, even if they don't follow a traditional path. Despite not having a background in coding, she found her way into the infosec world through neuroscience, improv, and determination. It's crucial for organizations to address data exposure risks continuously and maintain a zero-trust security posture to mitigate cyber attacks. By automating least privilege access and implementing robust endpoint protection, businesses can significantly reduce their risk and focus on their core operations.
Witnessing the Intensity of Social Engineering Competition at DEF CON: Rachel, a hesitant community manager, was drawn into the world of social engineering after attending DEF CON and witnessing the intense competition to gather security data through phone calls using pretexts.
Social engineering, the art of manipulating individuals to reveal confidential information, can be a high-stakes and intense competition. Rachel, a community manager, initially hesitated to attend DEF CON, a hacker conference, after her husband encouraged her to experience the social engineering village. However, after witnessing the contest firsthand, she became intrigued and decided to compete. The contestants were given the task to gather as much security data as possible from a target company through phone calls, requiring them to provide a pretext and avoid raising suspicion. The competition was intense, with only 14 contestants selected from hundreds of applicants, and the audience watched live as contestants tried to outwit each other. Rachel, with her determination and creativity, managed to secure a spot and even created a twin peaks-style video to convince the organizers. Social engineering is a valuable skill in understanding human behavior and can be used ethically for information security testing.
From observer to entrepreneur in social engineering: Unexpected careers can result from attending events and embracing new challenges, as shown in this woman's journey from spectator to successful social engineer and business owner.
Attending events like DEF CON and participating in competitions, even with no prior experience or interest in hacking, can lead to unexpected careers. The story illustrates how a woman went from being an unsuspecting observer to a successful social engineer and entrepreneur. She spent months researching target companies, competed in social engineering contests, and eventually founded Social Proof Security, a company specializing in social engineering services for businesses. Her experiences showcased the importance of adaptability, confidence, and continuous learning. This anecdote highlights how opportunities can arise from stepping out of one's comfort zone and embracing new challenges.
Testing bank security with fake accounts: Penetration testers create fake accounts to test security, but phone spoofing remains a vulnerability due to outdated protocols
During a penetration test, ethical hackers create fake accounts to test a company's security without harming real people. In this specific case, a penetration tester attempted to take over a customer's bank account by posing as a distressed customer through chat support. The tester tried to convince the support team to change the email address on the account, but they followed protocol and refused. Frustrated, the tester switched to phone calls, which left less of a paper trail and allowed for phone number spoofing. Spoofing phone numbers is still possible due to outdated protocols, making it an unpatched vulnerability. The tester explained that while email spoofing was largely eliminated through the use of SPF records, phone spoofing remains a challenge due to the lack of industry-wide consensus on implementing solutions. Overall, this discussion highlights the importance of implementing strong security protocols and staying updated on potential vulnerabilities.
Telephone companies should secure caller ID against spoofing: Telephone companies should take responsibility for securing their caller ID systems or disable it, while organizations should adopt multi-factor authentication for better security.
Telephone companies need to take more responsibility in securing their caller ID system against spoofing. Despite the availability of tools and methods to spoof phone numbers, telephone companies have historically argued that phone numbers were never meant to be identifiers. However, with the advent of caller ID and its widespread use, it's understandable why people have come to rely on it as a means of identification. Rachel's experience of spoofing a phone number to gain access to a customer's account highlights the vulnerability of this system. Telephone companies should either disable caller ID or patch it to prevent spoofing. Additionally, banks and other organizations should move away from knowledge-based authentication and adopt multi-factor authentication for better security. As an attacker, spoofing a phone number and bypassing email-based multi-factor authentication can be challenging, but not impossible. Organizations should be aware of these threats and take steps to mitigate them.
Woman uses persuasive tone to bypass bank security: Social engineering attacks can bypass security measures, exploiting human vulnerabilities. Companies can prevent this by implementing callbacks, email/SMS verification, and security training for support teams.
Human interaction and persuasion can bypass even the strongest security measures. In this discussion, a woman described how she used a kind and persuasive tone over the phone to gain access to bank accounts by providing fake documents. She emphasized that customer support agents are often vulnerable to such exploitation due to their eagerness to assist, especially after dealing with difficult callers. The woman also suggested ways for companies to prevent such attacks in the future, such as implementing callbacks, email or SMS verification, and involving managers in internal support tickets. The episode underscores the importance of being vigilant against social engineering attacks and the need for organizations to prioritize identity verification and security training for their customer support teams.
Investigating insider threats: A tale of social engineering: Social engineering tactics, like posing as a journalist or applying for a role, can reveal sensitive business information. LinkedIn, a valuable resource for social engineers, poses a significant security risk for companies, emphasizing the importance of awareness and protective measures.
Insider threats in businesses can often stem from innocent mistakes rather than malicious intent. In the discussed scenario, a technology company was experiencing leaks of Mergers and Acquisitions (M&A) information before official announcements. Rachel, a security professional, was hired to investigate and prevent these leaks. She used various tactics, including posing as a journalist and applying for a product manager role, to extract information. To carry out these tactics effectively, she needed to establish a presence online, which she referred to as a "SOC account." She used a real journalist's background and social media for her fake journalist pretext. LinkedIn, with its extensive company and employee information, was identified as a valuable resource for social engineers like Rachel to identify potential targets. However, it also poses a significant security risk for companies, making it crucial for them to be aware of the potential threats and take appropriate measures to protect their sensitive information.
Phantom Applicant Attack: A New Threat to Company Secrets: Employees should be cautious about what they share online, as hackers and data brokers can use this information to launch attacks and invade privacy. Companies should establish policies to mitigate these risks and protect sensitive information.
The information employees share publicly on platforms like LinkedIn can put their companies at risk. Hackers and data brokers can easily access this information, leading to potential breaches and privacy invasions. A case in point is a person attempting to gather information about upcoming mergers and acquisitions by posing as a job candidate and using the hiring process as an attack vector. This method, known as the phantom applicant attack, can reveal sensitive information about a company's plans and technology. Companies should encourage their employees to be mindful of what they share online and establish policies to mitigate the risks associated with public information. By taking privacy seriously, companies can help protect themselves and their employees from potential threats.
Preparing for a Product Manager Role: Spend at least three weeks researching, building a persona, and studying for interviews to increase chances of success. Stay calm and natural during interviews to avoid raising suspicion.
The process of applying for a Product Manager role involves extensive preparation, including researching the role, building a convincing online persona, and studying for interviews. This individual spent three weeks preparing, including watching YouTube videos, taking online courses, and creating a believable social media presence. They also emphasized the importance of staying calm and natural during interviews, even if it means playing the part of a nervous applicant to avoid raising suspicion. The hiring process can be challenging, with many applicants not getting callbacks, and it's important to be persistent and dedicated to securing the role. Ultimately, the key to success is to be well-prepared and authentic in your approach.
Job interviews revealing confidential info: Clear communication and strict protocols are crucial to prevent sensitive info leaks during job interviews. Be specific and explicit to avoid indirect discussions.
During the job interview process, interviewees were able to extract information about upcoming mergers and acquisitions within a company by deciphering vague hints and hand-waving responses from interviewers. This information leak could potentially pose a security risk, as it could be used by external entities to gain insider knowledge and potentially profit from it. The incident highlighted the importance of clear communication and strict protocols within organizations, particularly when it comes to sensitive information. The company in question recognized the issue and took steps to address it, emphasizing the need for employees to avoid discussing confidential information, even in vague or indirect ways, with anyone outside the organization. By being more specific and explicit in their communication, the company was able to prevent further leaks and protect its confidential information.
Exposing Dangers of AI in Criminal Activities: Ethical hacker Rachel Tobac highlights the importance of obtaining consent before engaging in any hacking activities, even when using AI for exposing potential dangers of criminal use.
Ethical hacker Rachel Tobac uses her expertise to expose the potential dangers of AI being used for criminal activities, such as voice cloning and identity spoofing. During an attempt to hack into 60 Minutes, she encountered challenges in obtaining necessary consents from the targeted individuals and their co-workers. Despite these challenges, she emphasizes the importance of obtaining consent before engaging in any hacking activities. The case illustrates the complexities of using AI for malicious purposes and the ethical considerations involved in ethical hacking.
Voice cloning used for social engineering attacks: Voice cloning technology can be used to impersonate individuals, leading to sophisticated social engineering attacks. Hackers can gather personal info and manipulate situations to trick targets into revealing sensitive info.
Voice cloning technology can be used to carry out sophisticated social engineering attacks. In this scenario, a hacker cloned the voice of a famous reporter, Sharon, and used it to trick Elizabeth into revealing sensitive information during a phone call. The hacker went to great lengths to ensure the hack went undetected during a live filming for 60 Minutes, even enlisting the help of the production crew to make it seem natural. The hacker used open-source intelligence to gather personal information about Elizabeth and manipulated the situation to make Elizabeth believe she was speaking with Sharon. The success of the attack relied on the hacker's ability to clone the voice convincingly and the unsuspecting nature of the target. This demonstrates the potential danger of voice cloning technology falling into the wrong hands and the importance of being aware of such advanced social engineering tactics.
Voice cloning used to deceive in professional setting: Voice cloning technology can create indistinguishable fake voices, leading to potential deception and ethical concerns.
Voice cloning technology can be used to deceive people, even in professional settings. The speaker in this story used a combination of voice cloning and phone number spoofing to trick someone into revealing sensitive information. The delay in the voice cloning tool and the strange audio vibe during the call made the situation even more tense. Despite the success of the hack, the speaker felt uneasy and wanted to ensure the person on the other end didn't feel horrible about it. After trying out the voice cloning tool himself, the speaker was amazed by how realistic the AI-generated voice sounded. Both clips of the speaker's voice, one generated by the tool and the other his real voice, were indistinguishable to the listener. This technology has the potential to revolutionize communication, but it also raises ethical concerns and the need for greater awareness and caution.
Deep Fakes in Business Communications: Staying Vigilant and Adapting to New Security Challenges: Implementing cryptographic keys for trust and identity verification in digital communications to combat deep fake threats in business.
As technology advances, distinguishing reality from fiction will become increasingly challenging. The use of deep fakes in business communications, as demonstrated in a recent incident where an executive was tricked into transferring funds to a fraudulent account through an AI-generated video call, highlights the need for new security measures. Daniel Miesler suggests the implementation of cryptographic keys to establish trust and verify identities in digital communications. This could involve using predetermined channels or solving captchas to ensure the authenticity of messages and calls. As we move towards a future where AI can mimic voices and video, it's essential to stay vigilant and adapt to new security challenges. The human race is experiencing an exponential era of technological advancements, and it's crucial to stay informed and prepared for what's to come. For more insights, check out Rachel Tobac's free ebook on social engineering and visit her website, Social Proof Security, for security awareness training and entertaining video productions.

Recent Episodes from Darknet Diaries

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

137: Predator

A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usSeptember 05, 2023

human rights abuses

privacy and security

government surveillance

global security

illegal espionage

surveillance technology

Related Episodes

Ep. 242 - Human Element Series - The Greatest Salesman in the World - Is It AI? with Tony UV

Today we are joined by Tony UcedaVélez. Tony UV is the co-creator of the Process for Attack Simulation & Threat Analysis and the CEO of VerSprite. Tony has over 25 years of IT/InfoSec work across a vast range of industries. He is also the OWASP leader for Atlanta, GA. [Jan 8, 2024]

00:00 - Intro

00:19 - Intro Links

- Social-Engineer.com - http://www.social-engineer.com/

- Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

- Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

- Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

- Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

- CLUTCH - http://www.pro-rock.com/

- innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

03:00 Tony UV Intro

03:34 Good in Chaos

05:28 VerSprite

06:18 Future Focus

09:38 It's Like a Flea Market

13:19 Groomed by Marketing

14:46 The Age of Misinformation

17:14 How to Defend

21:34 Human Validation

23:49 Implicit Trust

26:01 Zero Trust in Humans

29:33 Mentors

- Parents

32:25 Book Recommendations

- The Alchemist - Paulo Coelho

- The Greatest Salesman in the World - Og Mandino

34:08 Find Tony UV online

- X/Twitter: @t0nyuv

- LinkedIn: linkedin.com/in/tonyuv/

34:53 - Guest Wrap Up & Outro

- www.social-engineer.com

- www.innocentlivesfoundation.org

The Social-Engineer Podcast

enJanuary 08, 2024

marketing

artificial intelligence

#01 Cyber-Sicherheit und Deep Fakes

Wie viele Menschen waren in den vergangenen 12 Monaten von Cyberkriminalität betroffen? Wie kann ich mich vor Phishing oder anderen Cyberangriffen schützen? Und was sind eigentlich Deep Fakes? Im neuen Podcast 'Update verfügbar' informiert das Bundesamt für Sicherheit in der Informationstechnik (BSI) regelmäßig über aktuelle IT-Sicherheitsvorfälle und gibt konkrete Tipps und Tricks, wie Bürgerinnen und Bürger sich, ihre Daten und Geräte schützen können. In der ersten Folge geben die Moderatoren Ute Lange und Michael Münz einen Überblick über die Gefahren, die im digitalen Alltag lauern, und zeigen anhand des Phänomens von Deep Fakes, dass Trickbetrug längst nicht mehr nur an der Haustür stattfindet.

deSeptember 30, 2020

Tech-Infused Social Engineering - A conversation with Frank McKenna, Chief Fraud Strategist, PointPredictive

In episode 13 of Scam Rangers podcast, we chat with Frank McKenna, a fraud and scam fighter with 30 years of experience. We discuss the use of technology in combination with social engineering tactics to execute online scams, including bots, voice imitation, and deep fakes. Frank emphasizes the need for proactive measures to stop fraudulent transactions, and the importance of being passionate about fraud-fighting. The episode offers valuable insights and advice for both fraud fighters and non-fraud fighters, highlighting the importance of staying informed and vigilant to protect ourselves and our finances from scams.

Frank on Fraud: https://frankonfraud.com

ScamRanger: hrrps://scamranger.ai

This podcast is hosted by Ayelet Biger-Levin https://www.linkedin.com/in/ayelet-biger-levin/ who spent the last 15 years building technology to help financial institutions authenticate their customers and identify fraud. She believes that when it comes to scams, the story starts well before the transaction. She has created this podcast to talk about the human side of scams, and to learn from people who have decided to dedicate their lives to speaking up on behalf of scam victims and who take action to solve this problem. Be sure to follow her on LinkedIn and reach out to learn about her additional activities in this space.

enMarch 29, 2023

Jason Healey - Saving the Internet (for the Future)

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Healey/DEFCON-22-Jay-Healey-Saving-the-Internet-UPDATED.pdf

Saving the Internet (for the Future)
Jason Healey DIRECTOR, CYBER STATECRAFT INITIATIVE, ATLANTIC COUNCIL
Saving the Internet (for the Future): Last year, the Dark Tangent wrote in the DC XXI program that the "balance has swung radically in favor of the offense, and defense seems futile." It has always been easier to attack than to defend on the Internet, even back to 1979 when it was written that "few if any security controls can stop a dedicated" red team. We all accept this as true but the community rarely ever looks at the longer term implications of what happens to the internet if one side has a persistent advantage year after year, decade after decade. Is there a tipping point where the internet becomes no longer a Wild West but Somalia, a complete unstable chaos where the attackers don't just have an advantage but a long-term supremacy? This talk will look at trends and the role of hackers and security researchers.

Jason Healey is the Director of the Cyber Statecraft Initiative of the Atlantic Council, focusing on international cooperation, competition and conflict in cyberspace, and the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He has worked cyber issues since the 1990s as a policy director at the White House, executive director at Goldman Sachs in Hong Kong and New York, vice chairman of the FS-ISAC (the information sharing and security organization for the finance sector) and a US Air Force intelligence officer. He is a board member of Cyber Conflict Studies Association, lecturer in cyber policy at Georgetown University and author of dozens of published essays and papers. Just in 2013 presented or spoke in Brussels, Rome, Istanbul, Reykjavik, London, Tallinn, Stockholm, Munich, Seoul, Bali, New York, New Orleans, Las Vegas, San Francisco, and Washington, DC.

DEF CON 22 [Materials] Speeches from the Hacker Convention.

enDecember 13, 2014

Episode 112 - Data Privacy and Canada

Canada and the United States are each other’s major commercial partner. Many U.S. companies have Canadian customers and collect and process personal information about Canadians. They must therefore understand Canada’s and its provinces’ regulation of personal data privacy. The Canadian regulation of data privacy is very complex, with a maze of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial laws and regulations.

In this conversation with Lyndsay Wasser, a Toronto-based attorney at the Canadian law firm McMillan LLP, the Data Privacy Detective asks what cross-border businesses should know about privacy and data security in Canada, as well as looming changes on the U.S.’s northern horizon.

Time stamps:

01:05 - What is the general state of data privacy and security law and regulation within Canada?

02:33 - What does Quebec do differently?

03:18 - Do foreign companies need to consider individual provincial laws in addition to the federal laws?

05:27 - How is the Canadian privacy regime similar to the EU's GDPR? How is it different?

07:14 - What should a US company know if it collects data from Canadian users?

08:16 - How does Canada address data localization?

09:43 - What does the future look like for data privacy law in Canada?

13:06 - What advice would Lyndsay give on the type of guidance companies should seek regarding Canadian data privacy?

Data Privacy Detective

enFebruary 09, 2023

privacy