Presenting: Click Here "Lapsus$"

Podcast Summary

• A law enforcement agency carried out an unexpected hack on Okta: Organizations must stay vigilant and adaptable to respond to evolving cyber threats, even from unconventional sources like law enforcement agencies.

  The cyber threat landscape is constantly evolving, and organizations must be prepared for new and unexpected challenges. In this episode, we heard about a unique hacking incident involving Okta, an identity management platform used by thousands of organizations. The hackers were not a sophisticated nation-state group or a ransomware gang, but an unpredictable and impulsive law enforcement agency. This presented a new kind of challenge for security teams, as there isn't a standard playbook for responding to such incidents. Okta's Regional Chief Security Officer, Brett Winterford, had to act quickly to assess the technical impact and communicate with customers. This incident serves as a reminder that organizations must stay vigilant and adaptable in the face of evolving cyber threats. Vanta, a sponsor of this podcast, offers a centralized platform to help organizations manage and scale their security programs and streamline compliance. As a bonus for Darknet Diaries listeners, Vanta is offering a 20% discount. Visit vanta.com/darknet20 to claim your discount.

• Lapsus Hacking Group: Teenagers with Reckless Hacking Tactics: Teen hackers, known as Lapsus, have been causing chaos by stealing company data and threatening to leak it unless a ransom is paid. Their tactics include various methods to gain access and disinformation campaigns, making it crucial for organizations to stay informed and adapt their security strategies.

  The hacking group Lapsus, responsible for numerous high-profile cyberattacks, is made up of teenagers exhibiting an adolescent strategy of reckless hacking for notoriety. This group, which gained notoriety in December 2021, has been stealing company data and threatening to leak it unless a ransom in Bitcoin is paid. They have targeted various industries, including healthcare and technology, and have been particularly interested in obtaining source code. The Okta breach, which was initially reported to be more severe than it actually was, involved the compromise of two Okta accounts, but no significant damage was done. The group's tactics, which include trying various methods to gain access and causing disinformation campaigns, present a significant challenge for companies looking to protect themselves. It is essential for organizations to stay informed about emerging threats and adapt their security strategies accordingly.

• Hackers Target Company Reputation: A new hacking group, Lapsus, targets company reputation by observing technical support sessions and publishing screenshots, while Mint Mobile offers a solution to high wireless bills with affordable online plans

  Hackers not only target data and source code but also aim for a company's reputation. A group called Lapsus, led by a 17-year-old from the UK, has demonstrated this by observing thin client sessions of technical support engineers at Microsoft and publishing screenshots on their Telegram channel. This type of attack is harder to prepare for in tabletop exercises. Meanwhile, Mint Mobile offers a solution to high wireless bills, with plans starting at $15 a month, by selling wireless service online and cutting out retail store costs. The leader of Lapsus, despite being a minor, has significant experience in the criminal underground, as evidenced by his digital trail and historical posts. He is known for using social engineering instead of coding skills to hack into systems. Lapsus stands out from other hacking crews due to their lack of use of malware. While it may seem odd for a detective to be chasing teenagers, the digital evidence speaks for itself.

• Old-school tactics by Lapsus$ result in high-value targets and significant financial losses: Lapsus$ uses SIM swapping and social engineering to bypass modern security measures and gain access to high-profile targets, resulting in millions of dollars in financial losses

  The hacking group Lapsus$ is using old-school tactics, such as SIM swapping and social engineering, to gain access to high-profile targets, often resulting in significant financial losses. These methods, which exploit human vulnerabilities rather than relying on sophisticated malware, have allowed Lapsus$ to bypass modern security measures and appear as formidable hackers. The group's low volume of attacks but high-value targets, like Microsoft, have netted them millions of dollars. Their actions can be explained by the increased dopamine levels in the adolescent brain, which can lead to risk-taking behavior. However, their careless actions, such as revealing their members' identities in public forums, can undermine their operations. This serves as a reminder that companies must be vigilant against not only advanced cyber threats but also the human element, and that the actions of young people, driven by their developing brains, can have far-reaching consequences.

• Young Hackers: A Growing Threat: Stay vigilant against cyber threats, as the next attack could come from an unexpected source. Manage monthly subscriptions with Rocket Money to save money.

  The world of hacking is evolving, and young people are increasingly getting involved. The recent Lapsus $extit group, with members aged between 16 and 21, is a prime example. Their bragging and attempts to show off their dominance led to their arrest, but it also highlights the growing threat of script kiddies and SIM swapping methods. This trend is not new; even in the 1960s, teenagers managed to gain unauthorized access to IBM's most powerful computer. The moral of the story is that it's essential to stay vigilant against cyber threats, as the next big attack could come from an unexpected source. Additionally, Rocket Money, a personal finance app, can help manage your monthly subscriptions and save you money.

• Two young men nearly brought down IBM's Computer Center with a simple hack in 1964: A single vulnerability in a complex system can cause significant disruptions, and cybersecurity threats continue to evolve, requiring constant vigilance

  In the summer of 1964, two young men, Shamos and his friend, almost brought down the IBM Computer Center in Manhattan with a simple hack. They discovered that by altering a single hole in a long rectangular computer card, they could prevent the machine from rebooting. They made multiple copies of the altered card and randomly inserted them into the machine's card box. The machine malfunctioned, causing significant disruptions to IBM's operations, including the National Weather Service. The hackers watched as IBM engineers struggled to diagnose the problem, but they didn't reveal their involvement. The incident highlights the potential impact of a single vulnerability in a complex system and the challenges of identifying and addressing such issues. Fast forward to today, and cybersecurity threats continue to evolve. Last week, Google and Mandiant reported record-breaking numbers of zero-day vulnerabilities exploited in the wild, underscoring the importance of staying vigilant against emerging threats. Meanwhile, a cyberattack targeting an underwater cable linking Hawaii's telephone, Internet, and cell phone service was thwarted by Homeland Security Investigations, demonstrating the critical role of cybersecurity in protecting essential infrastructure.

• Understanding New Cyber Threats and Securing Critical Infrastructure: New cyber threats like Acid Rain and Whisper Gate require constant monitoring and understanding for early detection. Securing critical infrastructure, even when not internet-connected, is crucial to prevent real-world disruptions.

  Cyberattacks, like the ones targeting organizations and individuals discussed in this episode, can come from various sources, including known cybercriminal groups and state-sponsored hackers. The new malware variants, such as Acid Rain and Whisper Gate, can cause significant damage and understanding their capabilities is crucial for early detection. Meanwhile, in the real world, an Australian shire faced a different kind of challenge when its sewage system was hacked. The SCADA system controlling the pumps was not internet-connected, but the attackers still managed to cause widespread damage. This highlights the importance of securing such critical infrastructure and the challenges of troubleshooting intermittent issues. In the midst of these cyber threats and real-world disruptions, individuals like Dmitry Chery Panov are creating solutions to help people find each other during times of conflict. The MRPL life website is a testament to the resilience and creativity of people in the face of adversity.

• Ex-employee sabotages OT system, causing major sewage spill: Disgruntled employees with technical expertise pose a significant risk to operational technology systems, which require on-site access and can cause costly damages if compromised.

  Operational technology (OT) systems, like SCADA systems that control industrial equipment, require a different skill set than IT systems and cannot be accessed remotely without physical presence. However, in this case, an ex-employee, Vytek Boden, was able to sabotage a sewage plant's pumping station by manipulating its wireless controls, leading to a major sewage spill. Vytek, who had bad relations with his former employers, used his knowledge of the system to cause malfunctions and cover his tracks. This incident highlights the importance of securing OT systems against unauthorized access and the potential consequences of disgruntled employees with technical expertise.

• First known instance of a 'revenge sewage attack': Cyber attacks can lead to serious real-world consequences, like sewage spills and costly damages. Take cyber security seriously to prevent potential attacks.

  Cyber attacks can have serious real-world consequences. In early 2000, a man named Vitek remotely accessed Marucci Shire's sewage system over 40 times, ultimately causing it to fail and resulting in over 1000 gallons of sewage spilling everywhere. This was the first known instance of a "revenge sewage attack." In October 2001, Vitek was sentenced to 2 years in jail and fined over $13,000 for his actions. This case serves as a reminder that cyber attacks are not just virtual threats, but can have very real and damaging consequences. It's important for individuals and organizations to take cyber security seriously and take steps to protect themselves from potential attacks.