Malicious Life

Right now, a man named Aleksandr Zhukov is sitting in jail for one of the most financially ruinous schemes ever invented for the internet. Zhukov is guilty. He was caught and convicted under a mountain of evidence against him. Except the deeper you look into it, the deeper the well goes. In this episode, we?ll learn how Aleksandr Zhukov defrauded some of the biggest American corporations for millions of dollars. And we?ll ask the question that hardly anyone else is willing to acknowledge: Was this clever, successful, guilty cybercriminal merely a fall guy for everybody else playing his twisted game?

The numbers can?t be any clearer: a DDoS attack costs less than a hundred dollars, while the price tag for mitigating it might reach tens if not hundreds of thousands of dollars. A single well crafted phishing email can easily circumvent cyber defenses which cost millions of dollars to set up. How can we change the extreame cost asymmetry between attackers and defenders in cyberspace?

We?ve all experienced the creepiness of modern data trafficking, but that kind of daily annoyance is the surface of a much bigger issue: Big Tech companies such as Amazon & Microsoft are lobbying policymakers to veto laws that harm their business, and often hide their lobbying behind industry coalitions or organizations with names that are vague and seemingly harmless. Will current and future privacy laws actually protect your information, or will they protect the companies collecting your information?

Disruptions to the world?s internet cables happen more often than you think: Whether it be ship anchors or animals or saboteurs, cut a few wires in the right places and at nearly the speed of light you can disrupt or shut off the internet for broad populations of people at a time. It is an immense power that runs through these lines -- a power that can be sabotaged or, in the right hands, weaponized.

In the midst of 35,000 exhilarated spectators eagerly chanting the time-honored countdown to kick off the 2018 Pyeongchang Winter Olympics, a sinister malware crept through the games' network, threatening to disrupt the highly-anticipated event. The obvious question in everyone?s minds was - who was responsible for the attack? Who was vile enough to launch such a potentially destructive attack against an event which, more than anything, symbolizes peace and global cooperation?

O? May 23rd, 1989, Karl Koch - a 23 years old West German hacker who worked for the KGB - took a drive, from which he would never return: Nine days later his charred remains were found by the police in a remote forest. Was Koch assasinated by the US or the Sovient Union, or is there another, more 'mystical' explanation for his death?

Four decades ago, three quarters would?ve gone a lot further than they do today. With that kind of loose change you could?ve picked up some milk from the grocery store, or over half a gallon of gas, or a bus ticket. But that doesn?t explain why, on one fateful day in 1986, a systems administrator at the Lawrence Berkeley National Laboratory in California made such an issue over 75 missing cents.

You may have heard of the cyber operations performed by Russia. You definitely heard about the missiles being fired by Russia at Ukraine - but how about the propaganda being distributed through the different media platforms? In this B-Side episode, our Senior Producer Nate Nelson interviewed Dr. Bilyana Lilly - CISSP, a leader in cybersecurity and information warfare with over fifteen years of managerial, technical, and research experience, and author of "Russian Information Warfare" - about the Russian use of instant messaging and social media platforms such as Telegram and Twitter in their war efforts. Dr. Lilly discusses who they are targeting and the real-world impact their propaganda has on various populations. In this B-Side episode, our Senior Producer Nate Nelson interviewed Dr. Bilyana Lilly - CISSP, a leader on cybersecurity and information warfare with over fifteen years of managerial, technical and research experience, and author of "Russian Information Warfare" - about the Russian use of instant messaging and social media platforms such as Telegram and Twitter in their war efforts. Dr. Lilly discusses who they are targeting and the real-world impact their propaganda has on various populations. Dr. Bilyana Lilly, CISSP, is a leader on cybersecurity and information warfare with over fifteen years of managerial, technical and research experience. Dr. Lilly helps boards and senior executives to make strategic decisions while accounting for evolving cyber and geopolitical risk. She is a mentor and speaker at DefCon, CyCon, the Executive Women?s Forum and the Warsaw Security Forum. Dr. Lilly previously worked for the United Nations, Deloitte and the RAND Corporation. She has a PhD and three master?s degrees, including a degree from Oxford University (with distinction). Dr. Lilly has published two books and has been cited in the?Wall Street Journal,?Foreign Policy, RIA Novosti,,?and?ZDNet. Jason Bailey is the co-founder and CEO of ClubNFT, a company building the next generation of tools to discover, protect, and share NFTs. Jason is an early collector and proponent of CryptoArt, and he spoke with Nate Nelson, our Sr. producer, about the risks facing sellers and buyers who are unfamiliar with this new technology.

In the early 1970's, US intelligance pointed at the possibility that the Russians have laid an underwater communication cable between two important naval bases in the Far East. The dangerous mission of installing a listening device on that cable was given to the navy most secretive and unusual submarine.

What happens when an NFT marketplace goes under, and disappears? You would imagine that the users? NFTs are perfectly safe: after all, the blockchain itself is still there, right? But that?s not how things work in the real world. Jason Bailey is the co-founder and CEO of ClubNFT, a company building the next generation of tools to discover, protect, and share NFTs. Jason is an early collector and proponent of CryptoArt, and he spoke with Nate Nelson, our Sr. producer, about the risks facing sellers and buyers who are unfamiliar with this new technology.

Physical artworks in museums are usually well-guarded - but digital artworks are something else entirely: in 2021 alone, scammers successfully stole 100 million dollars worth of non-fungible tokens, or NFTs. Yet blockchain technology, where most NFTs live - is one of the most secure technologies in history. Why, then, are NFT collectors keep getting hacked?

Today we?re bringing back Haseeb Awan, the founder of Efani Secure Mobile - a bespoke cybersecurity-focused phone service, protecting high-risk individuals against mobile hacks. Haseeb will delve into the technicalities of SIM swapping, explaining the various techniques that hackers use to carry out this fraudulent activity. He will also provide insights into what telecommunication companies can do to prevent SIM swapping and what steps individuals can take to protect themselves from falling victim to this crime. Nate Nelson, our Sr. producer, spoke with Rich Murray, who leads the FBI?s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with another attack by REvil - this time against the Texas government - and how they managed to figure out who was behind it.

If SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM swaps also take a psychological toll. Getting cut off from the grid all of a sudden, not knowing why, not being able to call for help. Even when it?s over, you never know if your attackers -- whoever they are -- will come back again.

A year ago we told you the story of Kaseya: an IT solutions company that was breached on July 2021, and its servers were used to spread ransomware to an estimated 800 to 1500 small to medium-sized businesses. Nate Nelson, our Sr. producer, spoke with Rich Murray, who leads the FBI?s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with another attack by REvil - this time against the Texas government - and how they managed to figure out who was behind it.

Spamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed ?The attack that almost broke the Internet.? The fallout from this attack led to Cyberbunker relocating to a bunker in Germany - but it was the involvement of an Irish drug lord known as 'The Penguin' that led to the bullet-proof hosting company's downfall.

Sven Kamphuis and Herman Johan Xennt are quite dissimilar: one is young, the other is old, one is a Freedom Fighter, the other a businessman. In 1996, their unlikely partnership coalesced around a mutual deep hatred towards authority - and around a very unusual building: a Cold-War era nuclear bunker.

2011 was a pivotal year for Netflix: the now hugely successful company was then in the midst of a formidable transformation, changing from a mail-based DVD rental service to the modern streaming service that it is today. It was at this crucial point in the company?s history that Jason Chan, our guest in this episode, was hired by Netflix to lay the foundations for its cloud security protocols. Nate Nelson, our Sr. Producer, spoke with Jason about the decade he spent at the company, what he learned during his tenure there, and the ideas that took shape at that time, such as Chaos Engineering.Nate Nelson, our Sr. producer, spoke with Dr. Cohen about his early research into computer viruses, his work with the US army, the panicky response from the US government - and the parallels between computer viruses and mental viruses - i.e. memes.

In his 1984 seminal paper - "Computer Viruses: Theory and Experiments" - Dr. Fred Cohen not only introduced the name ?computer virus?, a term invented by his mentor, Leonard Adelman, but was also the first to analyze computer viruses in a rigorous mathematical way, proving that computer viruses were not only practical - but that they were in fact inevitable. Nate Nelson, our Sr. producer, spoke with Dr. Cohen about his early research into computer viruses, his work with the US army, the panicky response from the US government - and the parallels between computer viruses and mental viruses - i.e. memes.

Thamar Gindin is an Israeli scholar whose research focuses on the Persian language. For the past seven years (at least) Thamar has been a target for an endless stream of spear-phishing attempts by the Iranian regime, trying to take over her email account and lure her away from her country's borders. Her family, friends, and colleagues have also suffered numerous attacks. So, how does it feel to live for years with a virtual target mark on your back?...

Nobody likes cheaters, especially in video games: we play games to have fun, and nothing hurts the joy of playing a good game more than losing to a cheater. That is why EA is not the only publisher to implement kernel-mode anti-cheat software in their games: League of Legends and Valorant, for example, use similar software. Yet some people warn that installing such kernel-level systems is extremely dangerous. So, what's the problem with kernel-mode anti-cheat software?

When it was founded in 2011, Norse Corp. - which described itself as "the world's largest dedicated threat intelligence network" - had everything a promising startup could wish for: a charismatic and experienced founder, a rare and valuable technology, and few tens of millons of dollars from investors. Less than six years later, it all came crashing down in the most horrible death a business can experience. What went wrong in Norse Corp.?

John Deere, an American agricultural machinery manufacturer, has recently enraged many farmers and digital rights activists due to the restrictive fixing policy of its tractors. Now, an Australian white hat hacker named Sick Codes has demonstrated not only how he was able to jailbreak the company?s tractors and run Doom on them (because why not) - but also hack into its global operations center, demonstrating how hackers can easily take over a huge number of farming machines all over the world.

In 2006 the Russian Business Network pivoted its business: the once legitimate ISP became a ?bullet-proof' hosting service, catering to the needs of cybercriminals. It quickly became the largest player in the Russian cybercrime landscape, with ~60% of all cybercrime activity related to Russia connected to it in some way. Following the Russian government?s years-old tradition of collaborating with organized crime, it's no wonder that the Russian Business Network quickly became Putin?s informal cyber attack arm.

Sports is not something that you usually hear mentioned when people talk about cybersecurity - but Chris Cochran and Ron Eddings, co-founders of Hacker Valley Media, believe that cyber professionals can take inspiration from MMA wrestlers and Chess Grandchampions to get to their own version of Peak Performance.

One day in 2008, Michael Daugherty - CEO and owner of LabMD, a cancer detection lab - got a call from an executive of TiVera, a cybersecurity company. The caller said that a file containing private medical data of some 9000 of LabMD's patients has been discovered online. When Michael refused to pay for TiVersa's hefty "consultation fee", it reported the incident to the FTC. This was the beginning of a ten-year-long legal battle that ultimately destroyed LabMD - but cost the Federal Agency dearly.

Media companies probably get hacked no more than other, non-media oriented organizations such as hospitals, banks, etc. But these hacks are often more visible and more memorable because? well, media companies are more public facing by their very nature. How can these organizations be hacked, and why should we care about such attacks? Nate Nelson spoke with Joel Molinoff, former chief information risk officer for CBS Corporation, and Dan Vasile, former vice president of information security at Paramount. 

Financial markets make good targets for criminals: after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: Genuine finance industry professionals.

Authentication has come a long way since the 1980s or 90s. But when it comes to phone calls - we?re still in the Middle Ages. Vishing, or Voice Scams, are probably as old as the Telephone itself, yet it is still very easy to impersonate someone over the phone or spoof a phone call?s origin. Rachel Tobac is a hacker and the CEO of SocialProof Security, where she helps people and companies keep their data safe by training and pen-testing them on social engineering risks. Rachel spoke with Nate Nelson, our Sr. producer, about Vishing: how common is it, where attackers get the information they need to impersonate someone from, and the many many psychological tricks they can employ to fool the person on the other side of the call.

In any trading market, at any time in history, no matter where you are, the most important thing you can possess isn?t actually money, or influence, or anything like that. Knowledge -- in particular, knowing something before everybody else -- is far more valuable. Some traders are willing to go to great lengths to get it before anyone else. In some cases, they?ll apply great ingenuity to the problem - but in others, they?ll use manipulation -- hacking into these technologies to gain an unfair advantage, and make a fortune along the way.

The name Lulzsec is probably very familiar to listeners who were around in 2011, when this hacking group was at the peak of its nefarious activity. As their name implies, Lulzsec was known for trolling their victims: their childish behavior might have fooled some people into thinking that Lulzsec was mostly harmless - but as the story you?re about to hear will show, they were anything but.

The US government says that Kim Schmitz, better know as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as a an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA?

Multi-Factor Authentication (MFA) is usually considered a better solution for authentication than just using passwords. But Roger Grimes, a veteran security professional, and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provides us - is false.

Language models are everywhere today: they run in the background of Google Translate and other translation tools; they help operate voice assistants like Alexa or Siri; and most interestingly, they are available via several experiential projects trying to emulate natural conversations, such as OpenAI?s GPT-3 and Google?s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data?

In May 2021, Following the Solarwinds and the Colonial Pipeline attacks, the Biden administration published a presidential Executive Order mandating the use of SBOMs - Software Bill of Materials - in all government agencies. What are SBOMs and how useful are they in cybersecurity? Nate Nelson talks to two experts: Allan Friedman (CISA) and Chris Blask (Cybeats).

Criminals, particularly cyber criminals, aren?t ?good? people; in most cases, they do have their own personal boundaries. Every once in a while, you encounter a criminal who?s different. Someone who seems not to have limits at all. A ruthless person, for whom the goal truly justifies the means. Leo Kuvayev is that kind of a person - and that made him so successful as a cyber-criminal. But even a genius criminal can go just one step too far.

Railway systems are a mess of old systems built on top of older systems, running ancient operating systems and exposing their most sensitive inner workings to commuters via WIFI. Why are railway systems so difficult to defend, and what are the most probable attack vectors against them? Nate Nelson, our senior producer, speaks with Israel Baron, Israel Railway's first ever CISO.

The Anom was the holy grail of dark, illegal communication: a mobile phone that could send encrypted messages, and even included a secret Kill-Switch to foil attempts by law enforcement agents to get to its contents. Thousands of criminals used the Anom, certain that they were completely safe from the police... They were wrong.

Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983, when he described a nifty hack that could allow an attacker to plant an almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the Solarwinds attack.

Silk Road?s success did more than bring the site more sellers and buyers, it also brought it more attention from law enforcement agencies as well as malicious hackers and other shady characters. Some of these shady characters, it turns out, were part of the task force aiming to shut down Silk Road...

Your organization was hit by ransomware, and it is now time to reach out to the hackers and negotiate the terms of a deal that will bring back your data, and (hopefully) won?t leave the company?s coffers empty. But before you sit down in front of your computer and fire off a message to the hackers - stop. Are you sure that you know what you?re doing? Are you certain that you won?t screw up the negotiations and do more harm than good? 

Ross Ulbricht always had a thing with testing his limits. He was also an avid libertarian who wanted to change the world. And so, in 2010, he came up with the idea to build a truly free market: a website where anybody can buy and sell anything - including illegal drugs - anonymously: the ultimate experiment in individual freedom.

Will BitCoin and the other cryptocurrencies be able to replace money as we know it today? will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What's Your Problem) talks to Nate Nelson about what the future holds for BitCoin.

Years before credit cards transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money, forever.

A recording of last week's special Malicious Live Ask Us Anything event: How did Malicious Life come to be? How do we choose the stories we tell, who was Ran's most memorable guest - and why does Nate keep inserting weird names into the scripts?...

In June 2011, a Con Edison truck was parked outside of Hector Monsegur's New York apartment, every day for over a week. But Hector - better known as Sabu, the ringleader of the LulzSec hacking group -wasn't fooled: he guessed, correctly, that the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to worried: Jeremy Hammond.

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy - and a hacker. But in certain respects, they?re actually quite similar: in what lines are they willing to cross to get to their goal.

AbdelKader Curnelius, a German Threat Researcher and an expert on the cybercrime ecosystem in German-speaking countries - shares a story about how he helped the German police put a sophisticated local cybercriminal behind bars, by uncovering tiny mistakes that this hacker did in the past.

In June 2012, an anonymous hacker posted a list of 6.5 Million encrypted passwords belonging to LinkedIn users on a Russian hacker forum. It was soon discovered that these passwords were hashed using an outdated and vulnerable hashing algorithm - and were also unsalted. The lawsuits followed suit shortly? what is 'hashing' and 'salting', and can we trust big organizations to keep our secrets safe?

Assaf Dahan, Threat Research Lead at Cybereason's Nocturnus team, describes a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by APT 41, AKA Winnti Group - a Chinese state-sponsored APT group known for its stealth and sophistication.

In 2007, Estonia - then already a technologically advanced country - suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and an adviser to several governments and conferences, talks with Nate Nelson about the lessons learned from that event, and how Estonia became what he calls 'A Cloud Country'."