65 avsnitt • Längd: 60 min • Månadsvis
Former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity.
The podcast Hacker And The Fed is created by Chris Tarbell & Hector Monsegur. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss Yahoo’s controversial decision to lay off its red team, the rise of North Korean IT workers infiltrating U.S. companies, and the ethical dilemmas around hacking. They also reflects on the desensitization to data breaches, debate the significance of protecting medical history, and share candid moments about their personal lives and experiences in the industry.
Send HATF your questions at [email protected].
This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss the largest U.S. telecom hack in history attributed to Chinese state-sponsored attackers, the FBI’s surprising push for encrypted communications, and the takedown of an encrypted messaging service used by criminals. They also tackle the bankruptcy of vodka giant Stoli following a devastating ransomware attack and share actionable advice for cybersecurity resilience.
Send HATF your questions at [email protected].
This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss their obsession with the DB Cooper case and the latest potential break in the decades-old mystery. Hector shares stories about his early days as a hacker and the challenges of trust in loosely connected cybercriminal groups. They also tackle corporate espionage and the ethics of hackers-for-hire in light of ExxonMobil’s alleged involvement in a hacking scandal. Wrapping up, they address listener questions about second chances, with Hector reflecting on his journey of redemption, and weigh in on the contentious debate around Ross Ulbricht's potential pardon.
This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss key cybersecurity challenges, from the effectiveness of phishing training to the ethical dilemmas of vulnerability disclosure. They explore how technical controls and employee education can work together to defend against increasingly sophisticated attacks, including SMS and social media phishing. They also dive into career advice for transitioning from Blue Team to Red Team roles and the complexities of the cybersecurity job market. And to close out, a heartfelt Thanksgiving message.
This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur dive into a massive hacking scandal targeting Italian political elites, revealing insider threats and international intrigue. They break down NSA mobile device security best practices and share their own successes (and failures) in following them. Plus, updates on their personal lives, community work, and how ethical hacking can prevent breaches like this.
Send HATF your questions at [email protected].
Hacker And The Fed is back. Finally rebooting after a temporary hiatus. Former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity.
Send HATF your questions at [email protected].
On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked.
Links from the episode:
https://www.ice.gov/about-ice/homeland-security-investigations
https://www.ice.gov/partnerships-centers/cyber-crimes-center
https://www.usajobs.gov/Search/?k=homeland%20security%20investigator
Colonial Pipeline Hack - May 2021
https://www.justice.gov/media/1159701/dl
From Loyal Employees to Cybercriminals
https://thesun.my/opinion_news/from-loyal-employees-to-cybercriminals-AC12012406
Mother of All Breaches Reveals 26 Billion Records: What We Know So Far
https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
SECGov X Account
https://www.sec.gov/secgov-x-account
Support our sponsors:
NAXO is a premier cybersecurity and investigations firm, including blockchain forensics, whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.
This week on Hacker And The Fed we interview Greg Van Houten of Haynes Boone and policyholderplaybook.com, a seasoned civil litigator who focuses on insurance recovery. We talk to Greg about the SEC's new cybersecurity disclosure rules, which went into effect this month. We also discuss a massive hack that went unreported, a train hack due to a vendor’s geofencing feature, indictments in an 80-million-dollar pig butchering scheme, and a MongoDB security breach.
Links from the episode:
Greg Van Houten of Haynes Boone
SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers. Authored by Greg Van Houten (Haynes Boone), David Franzel (NAXO), and Chris Tarbell (NAXO)
https://www.cybersecuritydive.com/news/secs-cyber-disclosure-rules-tips/700550/
The Biggest Hack Over the Last Few Years Has Gone Unreported
https://twitter.com/mattjay/status/1735046508242780575
Train Hack Due to Vendor Geofencing Feature
https://social.hackerspace.pl/@q3k/111528165627522619
Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them
Four Men Indicted in $80 million ‘Pig Butchering’ Scheme
https://www.cnbc.com/2023/12/14/pig-butchering-scam-results-in-four-indictments-two-arrests-doj.html
MongoDB Suffers Security Breach, Exposing Customer Data
https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html
Support our sponsors:
NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.
This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult.
Links from the episode:
FBI Shares Tactics of Notorious Scattered Spider Hacker Collective
Dolly.com Pays Ransom, Attackers Release Data Anyway
https://cybernews.com/security/dolly-data-breach-ransomware-attack/#google_vignette
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html
Lance Taubin | Technology and Privacy Attorney | Alston & Bird
Support our sponsors:
NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.
This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management.
Links from the episode:
Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program, FBI Says
Hackers Target Company That Vets Police Data Requests for Tech Giants
https://www.404media.co/hackers-target-kodex-accounts-edrs/
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Go to Cloudsolvers.com and tell them "Hacker and the Fed sent you" for a free assessment of your current environment
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles.
Links from the episode:
MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool
https://therecord.media/progress-new-file-transfer-vulnerability
MGM Resorts Hack Update
https://x.com/brettforrest89/status/1711885567695433765
US State Dept has No Idea if its IT Security Actually Works, Say Auditors
https://www.theregister.com/2023/10/02/us_state_security_gao/
https://endoflife.date/windows
The Senate’s Email System Melted Down in the Face of Security Test
https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/
Cisco Can't Stop Using Static Passwords
https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html
Support our sponsors:
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules.
Links from the episode:
Microsoft Releases Its Yearly Digital Defense Report
https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
Are Paying Ransoms Illegal in the U.S.?
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
Zero-days for Hacking WhatsApp are Now Worth Millions of Dollars
https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/
Lazarus Impersonated Meta Recruiter to Breach Spanish Aerospace Firm
https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/
Kettering logistics firm enters administration with 730 jobs lost
https://www.bbc.com/news/uk-england-northamptonshire-66927965
FDA Cyber Mandates for Medical Devices Goes into Effect
https://cyberscoop.com/fda-cybersecurity-medical-devices/
City of Dallas Suffers a Ransomware Attack
International Committee of the Red Cross Published Rules of Engagement for Civilian Hackers Involved in Conflicts
https://www.bbc.co.uk/news/technology-66998064
https://www.theregister.com/2023/10/04/red_cross_hacktivist_rules/
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed the end of privacy with AI being used to dox people in viral videos, billions of usernames and passwords are exposed, nationstate hackers are hiding in router firmware updates, we answer listener questions about working with the FBI, setting up a cyber security business, and safely using data sent to you be others. Finally, we announce Hacker And The Fed's first contest for cyber security awareness month.
Links from the episode:
The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech
Darkbeam Leaks Billions of Email and Password Combinations
https://securityaffairs.com/151566/security/darkbeam-data-leak.html
FBI Hacker Dropped Stolen Airbus Data on 9/11
https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
https://media.defense.gov/2023/Sep/27/2003309107/-1/-1/0/CSA_BLACKTECH_HIDE_IN_ROUTERS_TLP-CLEAR.PDF
Russian Exploit Marketplace offering $20M for a Full Chain Mobile Exploit
https://twitter.com/opzero_en/status/1706762507631677760
McDonalds Point of Sale System Hacked
https://twitter.com/vxunderground/status/1706508703745151211
Support our sponsors:
Go to HelloFresh.com/50hatf and use the code 50hatf for 50% off plus free shipping
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed we break down how Equifax was breached, is Google Authenticator MFA Cloud Sync feature responsible for a hack into 27 crypto companies? Google’s Threat Analysis Group announces an in-the-wild 0-day exploit chain for iPhones, the year of the insider threat continues with the arrest of a Department of State IT Contractor on espionage charges.
Links from the episode:
How Equifax Was Breached in 2017
https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/
https://twitter.com/vxunderground/status/1700335482440204521
Retool Blames Breach on Google Authenticator MFA Cloud Sync feature
0-days Exploited by Commercial Surveillance Vendor in Egypt
Department of State IT Contractor Arrested on Espionage Charges
https://fedscoop.com/department-of-state-it-contractor-arrested-on-espionage-charges/
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed we answer listener questions about finding out our relative is a hacker, applying for a cyber security job as a chemical engineer, preparing you for a technical interview, the FBI being a great place to work, is MFA once every 24 hours too much, and much more.
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government.
Links from the episode:
Insurer Fined $3M for Exposing Data of 650k Clients for Two Years
If You’ve Got a New Car, It’s a Data Privacy Nightmare
https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416
https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-mozilla-foundation-says/
Microsoft Finally Explains Cause of Azure Breach: An Engineer’s Account Was Hacked
https://twitter.com/0xdabbad00/status/1699596048392736812
Hacker Group Disguised as Marketing Company to Attack Enterprise Targets
https://gbhackers.com/hacker-group-disguised-as-marketing/
Active North Korean Campaign Targeting Security Researchers
Russian Infosec Boss Gets Nine Years for $100M Insider-Trading Caper Using Stolen Data
https://www.theregister.com/AMP/2023/09/08/russian_insider_training_prison/
United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang
https://home.treasury.gov/news/press-releases/jy1714
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed the FBI's Operation "Duck Hunt" takes down a ransomware botnet, we disclose the secret weapon hackers use for doxing, the New York City subway system allows its users to be tracked online, and we answer listener questions about leaving the FBI, getting jobs in cyber security, and Hector's detailed description of a red teamer.
Links from the episode:
How the FBI Took Down the Notorious Qakbot Botnet
https://techcrunch.com/2023/09/01/fbi-qakbot-takedown-operation-duck-hunt/
The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15
I Tracked an NYC Subway Rider's Movements with an MTA ‘Feature’
https://www.404media.co/i-tracked-nyc-subway-rider-home-omny-mta/
Paramount Discloses Data Breach Following Security Incident
Hacking Campaign Bruteforces Cisco VPNs to Breach Networks
Big Ass Data Broker Opt Out List
https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
Support Our Sponsors
HelloFresh! Go to hellofresh.com/50hatf use code 50hatf for 50% off plus 15% off the next 2 months!
Get your Hacker and the Fed merchandise at hackerandthefed.com
Send HATF your questions at [email protected]
This week on Hacker And The Fed a Danish cloud provider loses all of their customer's data, a hacker in custody continues hacking through a fire stick, there are two great write ups about a zero day vulnerability and HTML smuggling, cyber security entry jobs should be just that, entry into the industry, and we answer listener questions that include an ongoing dialogue with an active hacker about becoming a white hat.
Links from the episode:
Criminals Go Full Viking on CloudNordic, Wipe All Servers and Customer Data
https://www.theregister.com/AMP/2023/08/23/ransomware_wipes_cloudnordic/
GTA 6 Hacker Found to be Teen with Amazon Fire Stick in Small Town Hotel Room
Traders' Dollars in Danger: Zero-Day Vulnerability in WinRAR Exploited by Cybercriminals to Target Traders
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
HTML Smuggling Leads to Domain Wide Ransomware
https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
Cybersecurity Hiring Gap: Time to Rethink Who Can Contribute
https://twitter.com/CyberWarship/status/1692239445188120950
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed we have Andrew Morris, CEO and founder of GreyNoise on the show. GreyNoise is a cybersecurity company that collects and analyzes mass internet data to remove pointless security alerts, find compromised devices, or identify emerging threats. We talk internet honeypots, how to get into the cyber security industry and much more.
Links from the episode:
Andrew Morris, CEO & Founder of GreyNoise
https://twitter.com/Andrew___Morris
https://twitter.com/GreyNoiseIO
Support our sponsor:
Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed Zoom wanted to use your calls to train artificial intelligence, the NSA and DARPA are presenting challenges to the cyber security community, and we answer listener questions from a US military chaplain about justice, a former black hat about a career in cyber security, and even a hacker who used a compromised email account to ask us how to stop hacking.
Links from the episode:
Zoom walks back controversial privacy policy
https://www.thestreet.com/technology/zooms-latest-move-may-make-you-reconsider-using-the-service
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html
Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces
https://aicyberchallenge.com/rules/
NSA: Codebreaker Challenge Helps Drive Cybersecurity Education
Lil Tay Meta Helped Get Account Back from Hacker
https://www.tmz.com/2023/08/12/lil-tay-dead-dies-hacker-meta-instagram-hacked-account-hoax/
CISCO Launches a FREE 120-Hour Ethical Hacking Training
https://cursin.net/en/cisco-launches-a-free-120-hour-ethical-hacking-training/
Support our sponsor:
Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed the US hunts Chinese malware that could disrupt American Military operations, a year in review of zero-day exploits, a study finds no evidence that ransomware victims with cyber insurance pay up more often, there's fighting words between Tenable CEO and Microsoft, and we answer listener questions from a listener in Greece, Holland, and a new minted NSA hacker.
Links from the episode:
U.S. Hunts Chinese Malware That Could Disrupt American Military Operations
The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
No evidence ransomware victims with cyber insurance pay up more often
https://therecord.media/ransomware-cyber-insurance-payments-uk-report
Tenable CEO accuses Microsoft of negligence in addressing security flaw
https://cyberscoop.com/tenable-microsoft-negligence-security-flaw/
https://twitter.com/MalwareJake/status/1686869818912202755
https://www.wired.com/2002/01/bill-gates-trustworthy-computing/
SMS Traffic Pumping Fraud
https://support.twilio.com/hc/en-us/articles/8360406023067-SMS-Traffic-Pumping-Fraud
New acoustic attack steals data from keystrokes with 95% accuracy
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed what authentication attacks might look like in a phishing resistant future, the SEC now requires companies to disclose cyber attacks, there are many more US government domains in the .com world than you might think, and other news stories from this week in cyber security.
Links from the episode:
What might authentication attacks look like in a phishing-resistant future?
The Messaging Layer Security (MLS) Protocol
https://datatracker.ietf.org/doc/html/rfc9420
List of public government managed domains that exist outside of the top-level .gov and .mil domains
https://github.com/GSA/govt-urls/blob/main/1_govt_urls_full.csv
Top level domain operator wants out of the business
https://domainnamewire.com/2023/07/26/top-level-domain-operator-wants-out-of-the-business/
Network giants unite to fight security risks
https://www.networkworld.com/article/3703233/network-giants-unite-to-fight-security-risks.html
Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches
https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html
Norwegian government IT systems hacked using zero-day flaw
https://www.dss.dep.no/aktuelle-saker/departementer-utsatt-for-dataangrep/
Satellites Are Rife With Basic Security Flaws
https://www.wired.com/story/satellites-basic-security-flaws/
Support our sponsors:
Go to hellofresh.com/50hatf code 50hatf for 50% off plus free shipping
Get your Hacker and the Fed merchandise at hackerandthefed.com
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed new cyber security labels proposed by the US government could help us buy our new devices, an employee exposes thousands of intelligence and defense employees, Google may be restricting internet access to some employees to reduce their cyber attack risk, a hacker infects his own computer, and Google says an Apple employee found a zero-day but didn't report it, and we answer listener questions about our phones getting searched and email encryption.
Links from the episode:
White House teams with Amazon, Google and Qualcomm on cybersecurity labels for gadgets
Google exposes intelligence and defense employee names in VirusTotal leak
https://therecord.media/virustotal-user-email-addresses-leaked-google-military-intelligence
Google restricting internet access to some employees to reduce cyberattack risk
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware
IT Security Analyst Jailed for Impersonating as a Hacker in Own Company
https://cybersecuritynews.com/it-security-analyst-jailed/
Google says Apple employee found a zero-day but did not report it
https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/
https://news.ycombinator.com/item?id=36803537
Microsoft Cybersecurity Analyst Professional Certificate
https://www.coursera.org/professional-certificates/microsoft-cybersecurity-analyst
Cybersecurity Expert Kevin David Mitnick died
https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668
Listener Questions:
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology.
Links from the episode:
Airline Fake Contact Number on Google Maps
https://twitter.com/Shmuli/status/1680669938468499458
https://twitter.com/SwiftOnSecurity/status/1680926780599812098
JumpCloud discloses breach by state-backed APT hacking group
JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs
Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml'
https://twitter.com/mikko/status/1680947795862200325
Watch out for this new malicious ransomware disguised as Windows updates
https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates
Listener Questions
https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees
Get your Hacker and the Fed merchandise at hackerandthefed.com
This week on Hacker And The Fed your lightbulbs may be giving away the location of your house, could Microsoft end ransomware right now? Also, voice authentication may be broken, the latest ransomware attack shows us the important of logistics security, convenience has once again jeopardized Google authenticator security, and a listener shares a wild car theft story.
Links from the episode:
Your lightbulbs may be giving out your exact location
twitter.com/haxrob/status/1676416949499338752
Microsoft Can Fix Ransomware Tomorrow
darkreading.com/vulnerabilities-threats/microsoft-can-fix-ransomware-tomorrow
Cybercriminals can break voice authentication with 99% success rate
helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/
INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime
thehackernews.com/2023/07/interpol-nabs-hacking-crew-opera1ers.html
Japan's biggest port, Nagoya, hit by suspected cyberattack
asia.nikkei.com/Business/Technology/Japan-s-biggest-port-Nagoya-hit-by-suspected-cyberattack
Raising concerns over Google Authenticator’s new features
techradar.com/pro/raising-concerns-over-google-authenticators-new-features
Trinidad and Tobago facing outages after cyberattack
therecord.media/trinidad-tobago-hit-with-cyberattack
Listener Questions
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees
This week on Hacker And The Fed your car may be collecting up to 25 GB per hour of data about you and a new malware payload vector is using DNS, what is “encryptionless ransomware”. We also answer listener questions about a variety of topics, including how to prepare for a cybersecurity career in the US government, banking security, and hack-backs.
Links from the episode:
How Your New Car Tracks You
https://www.wired.com/story/car-data-privacy-toyota-honda-ford/
DNS TXT Records Can Be Used by Hackers to Execute Malware
https://cybersecuritynews.com/dns-txt-records-to-execute-malware/?amp
Encryption-less ransomware: Warning issued over emerging attack method for threat actors
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees
This week on Hacker And The Fed a CEO did a hack back and was sentenced to prison, Reddit hackers demanded a price roll back, repo jacking and fake Github repositories, and we answer listener questions about Hector's old hacks and VPNs.
Links from the episode:
I Was Sentenced to 18 Months in Prison for Hacking Back - My Story
twitter.com/silascutler/status/1671144482769608705 -> https://hackernoon.com/i-was-sentenced-to-18-months-in-prison-for-hacking-back-my-story
Reddit hackers demand $4.5 million ransom and API pricing changes
theverge.com/2023/6/19/23765895/reddit-hack-phishing-leak-api-pricing-steve-huffman
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
Attackers Create Synthetic Security Researchers to Steal IP
darkreading.com/attacks-breaches/attackers-create-synthetic-security-researchers
Google announces $20 million investment for cyber clinics
cyberscoop.com/google-investment-cyber-clinics/
Listener Questions
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
This week on Hacker And The Fed a ransomware group hacked a widely used file transfer software and began leaking stolen data, Google claims it caught Chinese government hackers red-handed breaking into hundreds of networks, the Feds arrest a ransomware perpetrator in Arizona, and we nerd out on security researchers taking over various countries domains.
Links from the episode:
MOVEit Cyber Attack: Personal Data Of Millions Stolen From Oregon, Louisiana, U.S. Agency
US govt offers $10 million bounty for info on Clop ransomware
bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/amp/
Google claims it caught China government hackers redhanded breaking into hundreds of networks around the world
fortune.com/2023/06/15/china-hacking-networks-cybersecurity-google-mandiant/amp/
20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html
Can I speak to your manager? hacking root EPP servers to take control of zones
hackcompute.com/hacking-epp-servers/
Darknet Parliament is now a thing
cybernews.com/security/darknet-parliament-killnet-hackers/
--
Support our sponsor:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
--
For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss the latest development in the Tik Tok controversy, how to detect and mitigate a new phishing and email takeover campaign, Google's new top-level domain, and some interesting statistics in the new Verizon breach investigation report.
Links from the episode:
Former exec at TikTok's parent company says Communist Party members had a 'god credential' that let them access Americans' data
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
America’s Most Cybersecure Companies
forbes.com/lists/most-cybersecure-companies
Hackers claim to have crippled Russia’s banking system
cybernews.com/cyber-war/infotel-hack-impacts-russian-banks/
Verizon 2023 Data Breach Investigations Report
verizon.com/business/resources/reports/dbir/
--
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
--
For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss another zero-click exploit attacking iPhones via the iMessage app, millions of PC motherboards may be downloading malware, the FTC slams another company for violations, security researchers find a vulnerability in Gmail's checkmark system that is already being abused. And the Dutch government now mandates an easy way to contact website administrators.
Links from the episode:
Operation Triangulation: iOS devices targeted with previously unknown malware
securelist.com/operation-triangulation/109842/
thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html
Millions of PC motherboards were sold with a firmware backdoor
arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/
FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring
thehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.html
Bug in Gmail
twitter.com/chrisplummer/status/1664075886545575941
twitter.com/ChristopheDary/status/1664907465924681728
Security.txt now mandatory for Dutch government websites
netherlands.postsen.com/trends/198695/Securitytxt-now-mandatory-for-Dutch-government-websites.html
--
Support our sponsors:
Go to HelloFresh.com/hatf16 and use code hatf16 for 16 free meals plus free shipping!
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
--
For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.
Follow Hector @hxmonsegur
This week on Hacker And The Fed we dive into the world of ransomware. An insider exploits a ransomware attack for personal gain and a CISO's biggest lessons from quarterbacking a ransomware attack. We discuss AI generated photos and what happened to the stock market. And then we answer listener questions about geopolitics, Hector's hack on the Indonesian government and victims keeping their hacks a secret.
Links from the episode:
IT employee impersonates ransomware gang to extort employer
bleepingcomputer.com/news/security/it-employee-impersonates-ransomware-gang-to-extort-employer/
AI Generated Photos
twitter.com/jsrailton/status/1660679743266607105
Suspicion stalks Genesis Market’s competitors following FBI takedown
therecord.media/genesis-market-russian-market-2easy-shop-cybercrime-fraud
FBI releases warning about fake crypto job advertisements
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
darkreading.com/ics-ot/bridgestone-ciso-lessons-ransomware-attack-acting-thinking
This week on Hacker And The Fed we speak with Erin West, a Santa Clara County Deputy District Attorney, Founder of the “Crypto Coalition”, an over 800-member group of active law enforcement partners sharing cryptocurrency crime-fighting techniques, and the very tip of the spear for Pig Butchering – the latest online romance scam. We learn about the incredible work Erin is doing via Operation Shamrock and how we can protect ourselves and our loved ones from being victimized.
Links from the episode:
SCARS: Society of Citizens Against Relationship Scams
Advocating Against Romance Scammers
This podcast is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.
--
For more information on Chris and his current work visit naxo.com and follow him on LinkedIn at inkedin.com/in/chris-tarbell-20b129278/.
Follow Hector @hxmonsegur
This week on Hacker And The Fed, up to 10 years of your location data may have been exposed if you’ve driven vehicles from a certain manufacturer, stolen private keys may lead to insecure boot ups of your computer, Congress gets another notification of a US government breach, and we answer more listener questions about failed hacks and intentional exploits. And we talk about D. B. Cooper!
Links from the episode:
Toyota: Car location data of 2 million customers exposed for ten years
Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security
securityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-security/
Data of 237,000 US government employees breached
reuters.com/world/us/data-237000-us-government-employees-breached-2023-05-12/
Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison
ustice.gov/opa/pr/uk-citizen-extradited-and-pleads-guilty-cyber-crime-offenses
T-Mobile Worker Joked About Adding Extra Phone Lines and Tablet to a Customer’s Account Without Them Knowing
Google Cybersecurity Certificate
grow.google/certificates/cybersecurity/#?modal_active=none
--
For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss private data leaking due to a misconfiguration, and no one is listening to the researchers. We are shown the mindset of hackers during a ransom negotiation, a cell phone provider is hacked for the 9th time in 6 years, there are 50 Chinese state hackers for every FBI cyber agent, and using AI to help hack. And finally, we answer listener questions about .xyz, pen testing tools, and possible Hacker And The Fed swag.
Links from the episode:
Many Public Salesforce Sites are Leaking Private Data
krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
Hackers Claim Vast Access to Western Digital Systems
techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/
T-Mobile Discloses 2nd Data Breach of 2023, This One Leaking Account PINs and More
Chinese Hackers Outnumber FBI Cyber Personnel 'By At Least 50 to 1,' Wray Testifies
foxnews.com/politics/chinese-hackers-outnumber-fbi-cyber-personnel-wray-testifies
Capturing the Flag with GPT-4
micahflee.com/2023/04/capturing-the-flag-with-gpt-4/
The Cyber Police Exposed an Attacker in the Sale of Databases with Personal Data of Citizens of Ukraine and the EU
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we sit down with Michele Chia, Head of Cyber Insurance at Zurich North America. We ask a number of questions including what is cyber insurance? Who needs it? And How much coverage is needed? Does cyber insurance cover an insider threat attack? What does a ransomware attack look like when you have cyber insurance? And finally, we find out how our guest cultivated such a successful career in cyber insurance.
Link from the episode:
zurichna.com/knowledge/experts/michelle-chia
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova.
Links from the episode:
Remote Code Execution Vulnerability in Google They Are Not Willing To Fix
giraffesecurity.dev/posts/google-remote-code-execution/
'GhostToken' Opens Google Accounts to Permanent Infection
darkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infection
Hacker Group Names Are Now Absurdly Out of Control
wired.com/story/hacker-naming-schemes-spandex-tempest/amp
How Long It Would Take A Hacker To Brute Force Your Password In 2023
hivesystems.io/blog/are-your-passwords-in-the-green
Support this episode's sponsors:
DeleteMe: Visit JoinDeleteMe.com/FED and use promo code FED20
BetterHelp: Visit BetterHelp.com/HATF and get 10% off your first month
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed internet videos may be able to silently hack your phone with a "Near Ultrasound Inaudible Trojan” (NUIT). Companies have more access to your data than you may know, including pictures of you. We also discuss how better access controls may have prevented the recent classified documents leak and share a story about a hacker getting hacked.
Links from the episode:
Hey Siri, use this ultrasound attack to disarm a smart-home system
https://www.theregister.com/2023/04/04/siri_alexa_cortana_google_nuit/
Tesla workers shared sensitive images recorded by customer cars
Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 2
https://informnapalm.org/en/hacked-russian-gru-officer/
Support this episode's sponsors:
DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed a researcher gains access to millions of Office 365 accounts, cyber criminals are stealing and selling your internet bandwidth, and now hackers can remotely open your garage door and start your car in order to steal it.
Links from the episode:
Researcher gained access to millions of Office365 accounts:
https://twitter.com/hillai/status/1641146508639600646
https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration
Cybercriminals may be stealing and selling your Internet bandwidth:
https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/
And now hackers can remotely open your garage and start your car in order to steal it:
https://kentindell.github.io/2023/04/03/can-injection/
Finally the FBI has taken down another hacking forum full of stolen credentials:
https://finance.yahoo.com/news/fbi-seizes-genesis-market-notorious-123039527.html?guccounter=1
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we speak with Kelly Moan, who serves as the Chief Information Security Officer (CISO) of New York City. We talk trends and cyber threats against the city. She also details the significant volume of attacks against the city on a weekly basis and gives us tips for getting into cyber security.
Links from the episode:
nyc.gov/content/oti/pages/meet-the-team/cyber-command
More info on the JSOC + Cyber Command’s authorities via Executive Order 10:
Support this episode's sponsor:
HelloFresh: Visit HelloFresh.com/hatf50 and use code hatf50 for 50% off, plus your first box ships free!
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss what email security should look like over the next 12 months, who has the ability to read your emails, and law enforcement busting people using DDoS for hire.
Links from the episode:
Email Security Nightmare as 75% Of CISOs Expect a Severe Email-Borne Attack in the Next 12 Months
Who reads your email?
twitter.com/jschauma/status/1634032554603945984
netmeister.org/blog/mx-diversity.html
Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html
Support this episode's sponsor:
BetterHelp: Hacker and the Fed is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we catch up on some questions from our listeners: we discuss what a red teamer does, how the FBI works with other law enforcement agencies, how to upgrade your personal cyber security once you’ve got the basics down, and protecting children on the Internet.
Support this episode's sponsors:
Drata: Listeners of Hacker and the Fed can get 10% off Drata and waived implementation fees at drata.com/partner/hacker-fed
BetterHelp: Hacker and the Fed is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we sit down with Bill Gardner, professor and Chair Department of Cyber Forensics & Security at Marshall University. Bill offers insight into the professional and academic path into the industry and the future of cybersecurity.
Links from the episode:
Follow Bill Gardner:
Twitter: https://twitter.com/oncee
Linkedin: https://www.linkedin.com/in/304blogs/
Marshall University Prospective Students
Two papers written by Bill Gardner
“I Did What I Believe Is Right”: A Study of Neutralizations among Anonymous Operation Participants
Social Engineering in Non-Linear Warfare
Support this episode's sponsors:
Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed
DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we discuss fake Google advertisements, law firms under attack from cyber criminals, and the Whitehouse announcing a new national security strategy.
Support this episode's sponsors:
Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed
DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20
Links from the episode:
twitter.com/doctorow/status/1628948906657878016
thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html?m=1
twitter.com/dcuthbert/status/1631302488996364288/photo/1
whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
twitter.com/nol_tech/status/1629910222746578945
abc7news.com/atm-scam-tap-card-chase-bank-function/12905397/
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we discuss a leaked ransomware negotiation, how Twitter's new verification system may improve security, and the NSA releases its best practices for securing your home network.
Support this episode's sponsor, Drata. For 10% off and waived implementation fees visit drata.com/partner/hacker-fed.
Links from the episode:
pwndefend.com/2023/02/15/lockbit-3-0-and-royal-mail-chats-published/
dice.com/career-advice/cybercriminals-increase-recruiting-tech-and-it-pros-across-the-darknet
gizmodo.com/facebook-instagram-verified-elon-musk-was-right-twitter-1850139933
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we update a story from a few episodes ago about a woman driving with a suspicious eavesdropping device near the embassies in Paris, Credit Suisse suffers a insider threat attack, an old attack methodology is updated to steal cryptocurrency, a hacker utilizes screen-capturing malware to cherry-pick their victims, regulators propose a rule to have cyber educated board members, Hector receives a phishing email that turns out to be a much larger issue, and finally Hector pays off his losing Super Bowl bet.
Links from the episode:
efinancialcareers.com/news/2023/02/credit-suisse-employee-data-leak
blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
thehackernews.com/2023/02/hackers-targeting-us-and-german-firms.html
cfr.org/blog/walk-and-chew-gum-cisos-communicating-boards-have-speak-their-language
venturebeat.com/security/4-misconceptions-about-data-exfiltration/amp/
bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed Reddit suffers a phishing attack, the FBI offers "Ritz Carlton" level customer service, Texas bans TikTok on state owned devices, and a researcher documents the methodology of finding a major network flaw.
Links from the episode:
reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
govconwire.com/2022/10/bryan-vorndran-outlines-tenets-of-fbi-role-in-cyber-ecosystem/
gov.texas.gov/news/post/governor-abbott-announces-statewide-plan-banning-use-of-tiktok
eaton-works.com/2023/02/06/toyota-gspims-hack/
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss how Search Engine Ads are being used to spread malware through "malvertising". We also cover the impact of a breach involving data for over 20,000 individuals stolen from a firm that aggregates public records and sells background checks online.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we discuss the FBI's takedown of Hive, the Ransomware group with over 100 million in ransom payments. We also talk about the FBI's insider threat brochure, giving companies indicators on what to look for internally. And finally, Hector asks Chris some questions about the FBI.
Links from the episode:
justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant
fbi.gov/file-repository/insider_threat_brochure.pdf
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed Hector makes some predictions of the hacks we will see in 2023. We also discuss bug bounty hunters, how they're not getting paid what they deserve and why they may take their exploits to the dark web. We touch on another big API data leak and Hector tells a story of a hack he did on Super Bowl Sunday. And finally we help a listener with spoofed calls and text messages.
T-Mobile Filed Form 8-K with the US SEC
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker and the Fed we discuss a variety of recent news stories, including a report of a messaging service selling access to user data, bootleg network devices being sold through certified vendors, Gmail offering end-to-end encryption, lessons learned from a not so secure encrypted messaging application, cell phone software that was stolen and made public, and a password problem at a major US executive department.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we discuss Twitter's data leak, explaining APIs and how to better protect ourselves. We also touch on the Russian hacking crew "Cold River" and answer some listener questions.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we tackle IMSI Catchers, or cell phone eavesdropping devices after one was found by French authorities in the back of a vehicle near the US embassy in Paris. We also cover Hector's PBS Hack, his thought process and attack vector. And finally we have a conversation about Botnets and some of the risks they present.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we tackle cyber warfare with special guest Jeff Carr. Jeff authored the book "Inside Cyber Warfare: Mapping the Cyber Underworld" and is an expert on how nation-states, groups, and individuals around the world wage digital war on one another. We cover a wide range of topics from how to define "cyber war" to the insider perspective on the war in Ukraine.
Check out Jeff's book here!
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And Fed we select a number of audience questions specifically directed toward Hector, and he answers them from the perspective of his former self, Sabu. We cover questions like "what is a hack?" "What are the hardest security controls to beat?" "What do Hackers do with your stolen data?" And finally, Sabu reveals his coolest hack.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss the infamous Shadow Brokers, a group (or individual hacker) who compromised the NSA back in 2016. We explore and explain this hack from the perspective of a former FBI agent and a former black hat hacker. We also detail Apple's new security posture deploying end-to-end encryption.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss a recent paper published by CISA (The Cybersecurity and Infrastructure Security Agency) detailing how to help secure your small business online. We also answer a number of listener questions. You all have been sending us some great questions in the past week, today we answer a few of our favorites.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we have our first ever guest. Former Black Hat and former member of LulzSec, Cody Kretsinger. Hector and Cody go back nearly 20 years to the earliest days of online hacking when they spent years partnering to infiltrate major computer networks around the world. Despite that long history, they’ve never actually met in the flesh. We cover a lot as they speak together for the first time, from hacking origin stories to life after federal prison.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss Hector's decision to work with the FBI. To change the course of his life and begin the journey to where he is now. We explore his moral considerations as well as the very practical implications of such a decision. We also hear the story of Hector's first hack and answer a listener question on NSO group and high level hacking.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss the recent seizure related to Silk Road, the black market website Chris took down in 2013. Silk Road is back in the news as the IRS just recently caught a man who stole 50,000 bitcoin from the site.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss the recent DropBox hack that relied on a phishing attack to steal credentials as well as multi-factor authentication codes. We also discuss other tactics attackers use to work around multi-factor authentication as well as a technology that may replace the applications and codes you use today. And finally, we respond to a few user questions about the FBI.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss the NSO Group’s zero-click iPhone exploit, also known as Pegasus, a powerful tool that can be used to take full control of a target’s iPhone without their knowledge.
We break down how it all works and how to think about this tool and others like it.
We also answer a question from the audience about Hector’s experience using IRC, an old internet chat tool where Hector had “wars” with other hackers.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we answer audience questions. We discuss the future of cyber security and whether we will ever get ahead of the bad guys. We also detail what it's like to be arrested by the FBI as Hector recounts his experience following the knock on the door. And finally, we respond to a small business owner on how to secure her social media accounts and website from potential threats.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
This week on Hacker And The Fed we discuss voice fishing, or "vishing," and the social engineering tactics behind this attack.
You know those spam calls you get? Well sometimes those are actually social engineering attacks aimed at convincing you to send money to scammers. It's a relatively new twist on phishing and it employs many of the same basic tactics.
We detail what these attacks look like, tell a few stories of our own experience with social engineering, and leave you with some key takeaways for how to keep yourself and loved ones safe and secure.
--
Below are several terms Hector and Chris use in the show that some listeners may not be familiar with:
Dox – publish private information about an individual online
APT – advanced persistent threat, e.g. a nation state with sophisticated cyber capabilities
EFNet – an internet chat relay network
API – automated programming interface, a way for two or more computer programs to communicate with each other.
WHOIS – information about an IP address or domain name (e.g. google.com)
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
On this first episode of Hacker And The Fed, Chris and Hector tell their origin story. Hector details the journey from his first time on the internet to becoming a globally infamous black hat hacker. And Chris tells of growing up in Virginia next to the chief of police to ultimately joining the FBI and dedicating his life to fighting cyber crime.
The two outline their story from the moment Chris arrested Hector, ultimately leading to a long time collaboration and lifelong friendship.
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
Former FBI special agent Chris Tarbell and former Anonymous blackhat Hector Monsegur (aka Sabu) first faced-off as adversaries in cyberspace before becoming close friends and podcast co-hosts. Listen to Tarbell, co-founder of an elite cybersecurity firm NAXO, and Monsegur, a top network penetration tester and security engineer, break down the must-know cybersecurity news and topics of the day. You’ll walk away from each episode with unique perspectives on how to keep your family, your company, and your personal cyber footprint safe from attacks.
En liten tjänst av I'm With Friends. Finns även på engelska.