Tales of cybersecurity. The wildest hacks you can ever imagine, told by people who were actually there. Hosted by cybersecurity expert and book author, Ran Levi, this is not your average talk-show. These are fascinating, unknown tales, slowly unraveled, deeply researched. Think Hardcore History meets Hackable- and come dig into a history you never knew existed.
The podcast Malicious Life is created by Malicious Life. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Much like Aaron Swartz did, Andrew "weev" Auernheimer fought against the Computer Fraud and Abuse Act, a law both men belived to be dangerous and unjust. But unlike Swartz, the internet's own boy, weev is an unapologetic troll who spread bile and chaos wherever he goes, a man who seemed to take pleasure in making others miserable. His fight raises a thorny question: when a bad person fights for a good cause, how should we feel about it?
APT-10 is a Chinese nation-state threat actor that in recent years has been targeting Japanese IT & Instrastructure organizations using a sophisticated backdoor malware known as LODEINFO. Recently, Jin Ito & Loic Castel, researchers from Cybereason's IR Team, uncovered a new tool used by the group: NOOPDOOR, which incorporates highly sophisticated persistence mechanisms, allowing APT-10 to evade detection and remain inside enterprise networks for two or even three years.
Aaron Barr was en-signals intelligence officer specializing in analytics. As part of HBGary Federal, he came up with a plan to unmask the key leaders of Anonymous, the infamous hacker collective. People who worked with Aaron warned him that his data was sub-par, but the determined vet claimed he had a strong "gut feeling" that he was on the right track.
On 17 and 18 of September 2024, thousands of pagers and hand held radio devices used by Hezbollah, exploded simultaneously across Lebanon and Syria, killing at least 42 terrorists and wounding more than 3,000.
Devon Ackerman, Cybereason’s Global Head of Digital Forensic and Incident response and a former Special Agent at the FBI's Operational Technology Division, discusses the lessons organizations can learn from this ultra-sophisticated supply chain attack. How such traumatic events impact the mindset of hacked organizations, what kind of threat actors are capable of pulling off long-term attacks like these, and the three most important steps organizations can take to minimize the chance of a supply chain attack.
Could thousands of people keep a secret? Common sense says no—secrets spread, and people talk. But for over a decade, from 2006 to 2017, a website managed to stay under law enforcement’s radar, despite the fact that its many users were participating in illegal activities. The website’s users managed to keep it a secret for such a long time, because they shared one thing in common: they were creeps who traded nude photos. Until one user, driven by simple greed, brought it all crashing down.
Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end.
In 1963, the FDA raided the headquaters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history
On Dec. 5, 2016, two senior Russian Intelligence officers and two civilians were arrested and accused of treason. A few weeks later, when Western journalists were finally able to speak with the men’s lawyers, they learned that the case was based on events that were, oddly enough, already widely known. This made the arrests even more peculiar.
As more details emerged over time, the picture became clearer, offering Westerners a rare glimpse into the typically secretive world of Russian intelligence.
SNAP - better known as food stamps - goes back to the Great Depression. ,The physical stamps were replaced with EBT cards in the 1990s, but since these cards are without the secure EMV chip techonolgy, enterprising crimilas found ways to drain funds meant for low-income families.
Nicole Kotsianas, an investigator with K2 Intelligence, made it her personal mission to hunt down the Hollywood Con Queen, who crulley tormented her victioms and shattered their dreams. Nicole's efforts bore unexpected fruits, when she discovered that the Con Queen was actually... a man.
In 2015, two aspiring script writers flew to Indonesia to meet with executives of a large Chinese film corporation. It was a trap: the Hollywood Con Queen not only coned them out of tens of thousands of dollars, she also cruelly ruined their friendship. Two years later, a corporate investigator working for a big shot Hollywood producer, made a discovery that put her on the trail of this master of deciet.
In the pre-internet era, encryption was a matter of life and death, and the motives behind these ciphers were varied and complex. Discover how George Lasry, a modern codebreaker, uncovered the secrets of Mary, Queen of Scots, hidden in the French National Library for over 400 years. This episode delves into the painstaking process and the historical impact of decoding these ancient messages, revealing the hidden motives and desperate actions of a doomed queen.
Why did people write malware in the pre-internet days? Back then, there was no way to make money by writing malware. So why write them in the first place? The lack of a financial motivation meant that virus authors had a plethora of other motives - and this diverse mix of motives had, as we shall hear, an interesting effect on the design and style of viruses created at that period.
Section 230 is the pivotal law that has enabled the rise of social media -while sparking heated debates over its implications. In this episode, we're charting the history of Section 230, from early landmark legal battles, to modern controversies, and exploring its complexities and the proposed changes that could redefine online speech and platform responsibility.
In 2016, Joe Sullivan, former CISO of Facebook, was at the peak of his career. As Uber's new CISO, he and his team had just successfully prevented data from a recent breach from leaking to the internet. But less than a year later, Sullivan was unexpectedly fired from Uber, and three years later, the US Department of Justice announced criminal charges against him.
So, what happened at Uber?
In this episode of ML, we're exploring the history of the well-known Nigerian Prince scam, also known as 419 or advanced fee scam, from its roots in a Parisian prison during the French Revolution, to the economic and social reason why this particular scam became so popular with African youth. Also, will AI make such scams more dangerous - or, counter intuitively, go against the interests of scammers?
Dive into the world of open-source intelligence (OSINT) in this episode, where we uncover how ordinary citizens use publicly available data to unravel some of the most complex global mysteries. From tracking conflicts in real-time to exposing the truth behind high-profile incidents like the downing of Malaysia Airlines flight MH17, discover how OSINT is revolutionizing the field of investigative journalism and transforming how we perceive and verify information.
A few weeks ago we had a listener’s meetup in New York, and as part of that meetup, I gave a talk in which I discussed how Malicious Life came to be - a story that goes back to my days as a ship's captain in the Israeli Navy - and then about how me and Nate craft the stories that you hear every other week. That last part, I hope, might also be beneficial to those of you, our listeners, who find themselves giving talks about technically complex ideas, cyber-related or not. The storytelling ideas and techniques I laid out in the talk are universal, and you’ll find them in blockbuster movies as well as podcast episodes.
In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer's life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat.
In the 1950s and 60s - even leading into the 1990s - the cost of storage was so high, that using a 2-digit field for dates in a software instead of 4-digits could save an organization between $1.2-$2 Million dollars per GB of data. From this perspective, programming computers in the 1950s to record four-digit years would’ve been outright malpractice. But 40 years later, this shortcut became a ticking time bomb which one man, computer scientist Bob Bemer, was trying to diffuse before it was too late.
The 2008 Russo-Georgian War marked a turning point: the first time cyberattacks were used alongside traditional warfare. But what happens when the attackers aren't soldiers, but ordinary citizens? This episode delves into the ethical and legal implications of civilian participation in cyberwarfare, examining real-world examples from Ukraine and beyond.
In 1991, Kevin Mitnick was bouncing back from what was probably the lowest point of his life. He began to rebuild his life: he started working out and lost a hundred pounds, and most importantly - he was finally on the path towards ditching his self-destructive obsession of hacking.
But just as he was in the process of turning his life around, his brother introduced him to a hacker named Eric Heinz, who told him about a mysterious piece of equipment he came across while breaking into Pacific Bell: SAS, a testing system that allowed its user to listen in on all the calls going through the telephone network. SAS proved to be too great of a temptation for Mitnick, who desperately wanted to wield the power that the testing system could afford him.
For Kevin Mitnick - perhaps the greatest social engineer who ever lived - hacking was an obsession: even though it ruined his marriage, landed him in scary correction facilities and almost cost him his sanity in solitary confinement, Mitnick wasn't able to shake the disease that compelled him to keep breaking into more and more communication systems.
Right now, hundreds of thousands of people in the southern African country of Namibia are faced with a choice. At the end of next month, their phone service is going to be shut off permanently: to prevent that from happening, they’ll have to give up their data privacy. As a result, nearly two million Namibian citizens are facing a data privacy problem which may haunt them for years to come - and hundreds of thousands more are set to join them, or else they’ll lose their phone service for good. All of which raises the question: was making everybody register their SIM cards a good idea in the first place?
In 2008, The 12 million PCs strong Mariposa Botnet infected almost half of Furture 100 companey - but the three men who ran it were basiclly script kiddies who didn't even knew how to code.
Valdimir Levin is often presented as "the first online bank robber," and appeares on many lists of the "Top 10 Greatest Hackers." But a few veteran Russian hackers cliam that Levin's infamous hack had been mangled by the journlists who wrote about it. What's the truth behind the 1994 $10.7 million Citibank hack?...
About a year ago, six academics from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security set out to survey engineers and developers on the subject of satellite cybersecurity. But most of these engineers were very reluctant to share any details about their satellites and their security aspects. Why were satellite engineers so reticent to talk about cybersecurity? What was so secretive, so wrong with it, that they didn’t feel they could answer even general questions, anonymously? Because let’s be clear: if there’s something wrong with the security of satellites, that’d be a serious problem.
When investigators discovered in 1996 that US military networks were being extensively hacked, they didn't realize they were witnessing the birth of what would become Russia's formidable Turla APT espionage group. We uncover the 20-year metamorphosis of this original group of hackers into one of the most sophisticated and dangerous state-sponsored threats that's still active today.
In August 2021, a port in Houston, Texas, was attacked. Over the following months, a series of attacks occurred in various locations, reminiscent of a serial killer's pattern. Targets included telecommunications companies, government agencies, power plants, and water treatment facilities. How did Volt Typhoon manage to evade authorities and analysts for such an extended period?
By the time Forbidden Stories published its “Pegasus Project” in 2021, NSO was already knee deep in what was probably the worst PR disaster ever suffered by a cybersecurity company - and then, in November 2021, came the fateful blow: the US Dept. of Commerce added NSO to its “Entity List.” Is NSO to blame for its troubles? Could the company have acted differently to prevent its downfall?
NSO Group, creator of the infamous Pegasus spyware, is widely regarded as a vile, immoral company: a sort of 21st century soldier of fortune, a mercenary in the service of corrupt and evil regimes. Yet among its many clients are many liberal democracies, including the US, Germany, the Netherlands and Spain, to name but a few. So, is NSO really as evil as many think it is?
The FBI explicitly advises companies against paying ransomware attackers - but itself payed 4.4 million dollars worth of Bitcoin after the Colonial Pipeline attack. So, should you listen to what the experts say, or follow what they occasionally do? It’s complicated, but we can model this problem.
In the vast landscape of STEM, women constitute a mere 28% of the workforce. Yet, when we zoom into the realm of cybersecurity, the number dwindles even further to a startling 20 to 24 percent. What are the underlying reasons behind this disparity?
In 1981, during the G7 Summit in Quebec, French president Francois Mitterand handen President Raegan a top secret collection of documents, called "Farewell Dossier." The information found in the dossier allowed the US to devise a cunning plan - the very first supply chain attack, if you will - to bring a firey end to one of largest industrial espionage campaigns in history.
Much of the cybersecurity software in use today utilizes AI, especially things like spam filters and network traffic monitors. But will all those tools be enough to stop the proliferation of malware that will come from generative AI-driven cyber attacks? The potential of AI to disrupt cyberspace is far greater than any solutions we’ve come up with thus far, which is why some researchers are looking beyond the traditional answers, towards more aggressive measures.
Every so often, the entire landscape of cybersecurity shifts, all at once: The latest seismic shift in the field occurred just last year. So in this episode of Malicious Life we’re going to take a look into the future of cybersecurity: at how generative AI like ChatGPT will change cyberspace, through the eyes of five research teams breaking ground in the field. We’ll start off simple, and gradually build to increasingly more complex, more futuristic examples of how this technology might well turn against us, forcing us to solve problems we’d never considered before.
On the face of it, there's an obvious economic incentive for both vendors and security researchers to collaborate on disclosing vulnerabilities safely and privately. Yet bug bounty programs have gained prominence only in the past decade or so, and even today only a relatively small portion of vendors have such programs at place. Why is that?
The constant battle between those who wish to encrypt data and those who wish to break these ciphers has made modern encryption schemes extremely powerful. Subsequently, the tools and methods to break them became equivalently sophisticated. Yet, could it be that someone in the 15th century created a cipher that even today’s most brilliant codebreakers and most sophisticated and advanced tools - cannot break?...
In 2019, Roman Seleznev, a 34 years-old Russian national, was sentenced to 27 years in prison: A sentence that’d make any criminal quiver. Seleznev's deeds had a horrendous effect on the 2.9 million individuals whose credit cards he stole and sold to cyber criminals for identity theft and financial crimes. On one hand, it’s hard to imagine any nonviolent computer crime worth 27 years in prison. But then what is an appropriate sentence for such a man as Seleznev?
"We made a mistake and Sony paid a terrible price.” A terrible price indeed: an arrogant and ill-advised decision to include a rootkit in its music CDs cost Sony BMG a lot of money - and painted it as a self-centered, self-serving company that cares more about its bottom line than its customers. Why did Sony BMG make such a poor decision?
In the last episode of our show, we heard the story of Methbot: an army of hundreds of thousands of bots, programmatically viewing thousands of advertisements on thousands of made-up websites in order to siphon away millions of dollars worth of ad revenue. But even the giant Methbot scam was just a drop in the ocean that is ad fraud. Putting Zhukov in jail made hardly any difference at all, because of how many other people just like him are still out there today.
What makes ad fraud so successful, and so prevalent, and why can’t we stop it? The answer isn’t technical at all. It’s not hard to understand. But it’s a harsh reality that many people are simply not willing to face.
Right now, a man named Aleksandr Zhukov is sitting in jail for one of the most financially ruinous schemes ever invented for the internet. Zhukov is guilty. He was caught and convicted under a mountain of evidence against him.
Except the deeper you look into it, the deeper the well goes. In this episode, we’ll learn how Aleksandr Zhukov defrauded some of the biggest American corporations for millions of dollars. And we’ll ask the question that hardly anyone else is willing to acknowledge: Was this clever, successful, guilty cybercriminal merely a fall guy for everybody else playing his twisted game?
The numbers can’t be any clearer: a DDoS attack costs less than a hundred dollars, while the price tag for mitigating it might reach tens if not hundreds of thousands of dollars. A single well crafted phishing email can easily circumvent cyber defenses which cost millions of dollars to set up. How can we change the extreame cost asymmetry between attackers and defenders in cyberspace?
We’ve all experienced the creepiness of modern data trafficking, but that kind of daily annoyance is the surface of a much bigger issue: Big Tech companies such as Amazon & Microsoft are lobbying policymakers to veto laws that harm their business, and often hide their lobbying behind industry coalitions or organizations with names that are vague and seemingly harmless. Will current and future privacy laws actually protect your information, or will they protect the companies collecting your information?
Disruptions to the world’s internet cables happen more often than you think: Whether it be ship anchors or animals or saboteurs, cut a few wires in the right places and at nearly the speed of light you can disrupt or shut off the internet for broad populations of people at a time. It is an immense power that runs through these lines -- a power that can be sabotaged or, in the right hands, weaponized.
In the midst of 35,000 exhilarated spectators eagerly chanting the time-honored countdown to kick off the 2018 Pyeongchang Winter Olympics, a sinister malware crept through the games' network, threatening to disrupt the highly-anticipated event. The obvious question in everyone’s minds was - who was responsible for the attack? Who was vile enough to launch such a potentially destructive attack against an event which, more than anything, symbolizes peace and global cooperation?
Oמ May 23rd, 1989, Karl Koch - a 23 years old West German hacker who worked for the KGB - took a drive, from which he would never return: Nine days later his charred remains were found by the police in a remote forest. Was Koch assasinated by the US or the Sovient Union, or is there another, more 'mystical' explanation for his death?
Four decades ago, three quarters would’ve gone a lot further than they do today. With that kind of loose change you could’ve picked up some milk from the grocery store, or over half a gallon of gas, or a bus ticket. But that doesn’t explain why, on one fateful day in 1986, a systems administrator at the Lawrence Berkeley National Laboratory in California made such an issue over 75 missing cents.
You may have heard of the cyber operations performed by Russia. You definitely heard about the missiles being fired by Russia at Ukraine - but how about the propaganda being distributed through the different media platforms?
In this B-Side episode, our Senior Producer Nate Nelson interviewed Dr. Bilyana Lilly - CISSP, a leader in cybersecurity and information warfare with over fifteen years of managerial, technical, and research experience, and author of "Russian Information Warfare" - about the Russian use of instant messaging and social media platforms such as Telegram and Twitter in their war efforts. Dr. Lilly discusses who they are targeting and the real-world impact their propaganda has on various populations.
In the early 1970's, US intelligance pointed at the possibility that the Russians have laid an underwater communication cable between two important naval bases in the Far East. The dangerous mission of installing a listening device on that cable was given to the navy most secretive and unusual submarine.
What happens when an NFT marketplace goes under, and disappears? You would imagine that the users’ NFTs are perfectly safe: after all, the blockchain itself is still there, right? But that’s not how things work in the real world.
Jason Bailey is the co-founder and CEO of ClubNFT, a company building the next generation of tools to discover, protect, and share NFTs. Jason is an early collector and proponent of CryptoArt, and he spoke with Nate Nelson, our Sr. producer, about the risks facing sellers and buyers who are unfamiliar with this new technology.
Physical artworks in museums are usually well-guarded - but digital artworks are something else entirely: in 2021 alone, scammers successfully stole 100 million dollars worth of non-fungible tokens, or NFTs. Yet blockchain technology, where most NFTs live - is one of the most secure technologies in history. Why, then, are NFT collectors keep getting hacked?
Fred Cohen: The Godfather of Computer Viruses [ML B-Side]
Thamar Gindin is an Israeli scholar whose research focuses on the Persian language. For the past seven years (at least) Thamar has been a target for an endless stream of spear-phishing attempts by the Iranian regime, trying to take over her email account and lure her away from her country's borders. Her family, friends, and colleagues have also suffered numerous attacks. So, how does it feel to live for years with a virtual target mark on your back?…
Norse Corp.: How To NOT build a cybersecurity startup
What can Chess grandmasters teach us about Cyber? [ML BSide]
The US government says that Kim Schmitz, better know as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as a an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA?
Multi-Factor Authentication (MFA) is usually considered a better solution for authentication than just using passwords. But Roger Grimes, a veteran security professional, and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provides us - is false.
Language models are everywhere today: they run in the background of Google Translate and other translation tools; they help operate voice assistants like Alexa or Siri; and most interestingly, they are available via several experiential projects trying to emulate natural conversations, such as OpenAI’s GPT-3 and Google’s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data?
Criminals, particularly cyber criminals, aren’t “good” people; in most cases, they do have their own personal boundaries. Every once in a while, you encounter a criminal who’s different. Someone who seems not to have limits at all. A ruthless person, for whom the goal truly justifies the means. Leo Kuvayev is that kind of a person - and that made him so successful as a cyber-criminal. But even a genius criminal can go just one step too far.
"A CISO's Nightmare": Israel Baron on Railway Secuirty
“Designed by criminals, for criminals”: Operation Trojan Shield
Andrew Ginter: A 40-Years-Old Backdoor [ML-BSide]
Kurtis Minder: Ransomware Negotiations [ML BSide]
Jacob Goldstein: The Future of BitCoin [ML BSide]
The “Cypherpunks” Who Invented Private Digital Money
Malicious LIVE: Celebrating 5 Years of Malicious Life
What The LinkedIn Hack Taught Us About Storing Passwords
DIE - A New Paragidm for Cyber Security [ML B-Side]
Crypto AG - The Greatest Espionage Operation Ever, Part 1
Why aren't SMBs investing in Cyber Security? [ML B-Side]
The Bloody Origins of Israel's Cyber Security Industry
Ransomware Attackers Don’t Take Holidays [ML B-Side]
Should The U.S. Ban Chinese and Russian Technology?
RSA Breach FollowUp: Are We Doing Security Right? [ML B-Side]
Colonial Pipeline & DarkSide: Assaf Dahan [B-Side]
Creating a Grassroots Security Conference: Jack Daniel [ML B-Side]
Shutting Down The Internet in 30 Minutes: Chris Wysopal (WeldPond) [ML B-Side]
When the NotPetya pandemic hit, Cyber Analyst Amit Serper was sitting in his parents' living room, getting ready to go out with a few friends. He didn't have most of his tools with him, but he nonetheless took a swipe at the malware. An hour later, he held the precious vaccine.
Should Law Enforcement Use Facial Recognition? Pt. 1
The Great Firewall of China, Pt. 2: Cisco's Trial
SegWit2x, or - The Year Bitcoiners Will Never Forget
Maintaining Secure Business Continuity With A Remote Workforce - With Sam Curry
ToTok, Part 1: How to Convince Someone to Download Spyware
Triton, Part 2: The World’s Most Dangerous Malware
Deep Fakes are set to revolutionize content creation, but alongside this technology's benefits, it also has the potential two sow havoc, fear, and distrust via Social Networks. Just this week, Facebook disclosed a network of fake users it found, whose profile images were all deep faked. So, how can we identify deep fakes - even before they go online?
Over the past two years, the internet has been inundated with celebrity Deep Fake videos of all kinds: Obama, Putin, and Trump deliver speeches they never gave, Gal Gadot "stars” in a porn video, and professional comedians such as Bill Hader eerily turn into the people they impersonate, like Tom Cruise and Arnold Schwarzenegger.
What all of these videos have in common is that they were mostly created by amateur developers or small startups with tight budgets - but their quality is surprisingly good, and in some cases as good as what the biggest movie studios were able to produce with huge budgets just a few years ago.
So what happened in the last five years, that turned special effects from being the exclusive domain of industry experts - into something a 14-year-old can create more or less at the touch of a button? Like the top end of a floating glacier, Deep Fakes are by and large only the visible product of a fascinating - and much deeper - technological revolution in the field of artificial intelligence. As we shall soon see, this revolution has the potential to put some very powerful tools in the hands of both attackers and defenders in the world of cyber-security.
Thousands of companies are losing millions of dollars to cyber attacks. An insurance seems an ideal solution to their woes - yet this kind of insurance is much less common today, than it should be. What's the problem with Cyber insurance?
Nate Nelson speaks with Amit Serper & Sam Curry, notable veteran in Cyber Security, about Malware-As-A-Service, bullet-proof hosting, avoiding the lure of the 'dark side' and more.
In 2010, Nikita Kuzmin returned to the malware scene with Gozi 2.0, an improved version of the successful banking Trojan. How did Gozi 2.0 fair against Zeus & the new generation of Trojans, and what can we learn from Nikita's story about how one becomes a malicious hacker in the first place?
Roughly 600,000 laptops are lost every year in US airports alone: some reports say a laptop is stolen every minute. How hard is it to hack into a stolen laptop? "Hackable?", McAfee's Cyber Security podcast, investigates. Check out their website: https://hackablepodcast.com/.
In this out-of-band episode, we're bringing you the full interview with Lodrina Cherne, a Digital Forensics Expert, on Spyware : what is it, how it works, who sells it, and how you can avoid it yourself.
Nikita Kuzmin could have been a whiz programmer or a CEO of a successful startup. But as a teen in Moscow, he fell in with the wrong crowd, and his entrepreneurial skills found a different path: Gozi, the oddest and most brilliant malware operation ever conceived to that point in time.
Today's Cyber Stalkers have free access to almost government-grade spyware software with which they can terrorize their victims. Who's enabling the commercial spyware market?
Ran and Eliad Kimhy, one of the show's top producers, discuss the recent Listener's Survey results: what do like and dislike about the show, ideas you gave us for future improvements - and what do our listeners think about Ran's accent?...
Google, it turned out, was only one of 35 major US corporations hit in Aurora. Was is an espionage campaign, or could it be that it all began with one top ranking Chinese official who googled his own name - and wasn't happy with the search results?...
In January 2010, Google revealed in its blog that it was hacked. This attack, since known as Operation Aurora, is attributed to China. In this series of episodes, we'll expose the complicated and often turbulent relationship between the world's largest internet company, and the world's most populated nation.
Should governments responde to cyber attack with deadly force? Senior researcher Mikko Hypponen and Prof. Itzik Ben Israel (Ret. General, IDF R&D) discuss this sensative question.
Ad Blockers, such as AdBlock Plus, provide an important service to users who find web ads annoying, creepy and sometimes even dangerous. In recent years, how ever, the business models adopted by some blockers present us with a moral dilemma.
Can a malware be *too* successful? This is the story of Conficker, one of the most advanced worms in history - and how its success led to its ultimate failure.
A rare, inside look, at how Cybereason's researchers were able to uncover one of the largest Cyber Espionage campaigns ever discovered, against multiple Telecommunications companies around the world.
The YIPL phreaking magazine was the spiritual predecessor to the better-known '2600' zine, and it was founded by a ideological party determined to bring down the largest monopoly in US history: Bell Telephone.
After the Challenger Disaster of 1986, NASA had a hard time convincing the public that the Galileo spacecraft, fueled by radioactive Plutonium, is safe to launch. The WANK worm, it turns out, was a message aim at NASA - from the two most powerful hackers in the world.
The post The U.S vs. Gary McKinnon appeared first on Malicious Life.
After the Challenger Disaster of 1986, NASA had a hard time convincing the public that the Galileo spacecraft, fueled by radioactive Plutonium, is safe to launch. The WANK worm, it turns out, was a message aim at NASA - from the two most powerful hackers in the world.
The post The WANK Worm, Part 2 appeared first on Malicious Life.
On October 16th, 1989, NASA's scientists went into work preparing to launch a spacecraft that very day. But when they sat down to their computers, they were met with an unexpected greeting: “Your system has been officially WANKed. You talk of times of peace for all, and then prepare for war.”
The post The WANK Worm, Part 1 appeared first on Malicious Life.
After its momentous breach, Equifax's CEO Richard Smith said: “Equifax will not be defined by this incident, but rather by how we respond.”
Well, he was spot on, but not in a good way.
The post The Equifax Data Breach Pt. II: The Bits Hit The Fan appeared first on Malicious Life.
In their 120 year history, Equifax never sold anything, or provided any service to ordinary folks - except collect DATA. In 2017, that huge data repository, a 1000 times larger then the Library of Congress, got hacked.
The post The Equifax Data Breach Pt. I: A Big Data Bubble appeared first on Malicious Life.
Twenty years ago, a 15-years old Norwegian kid was put on trial for breaking the DVD Copy Prevention system. His case spawned a whole new "artistic" movement...
The post DeCSS: Hackers Vs Hollywood appeared first on Malicious Life.
Guglielmo Marconi--the beloved, hated, disputed inventor of radio--gets trolled by a mustached magician in the world’s first ever, wireless, grey hat hack.
The post Marconi & The Maskelyne Affair appeared first on Malicious Life.
In its prime, Mt. Gox was essentially the place where Bitcoin happened. But for two years, Mt. Gox was imploding from the inside - while soaring to unprecedented success on the outside.
The post The Fall Of Mt. Gox – Part 2 appeared first on Malicious Life.
CYBER is a new podcast from Motherboard, a very well known and respected technology blog and online magazine.
The episode you’ll hear shortly is about the shady market of data aggregators and brokers who sell smartphone location data to bounty hunters, bail bondsmen, landlords, used car salesmen, and anyone who can afford it. We learn how bounty hunters go right up to the edge of what the law allows and use "neuro linguistic mind manipulation" to get people to give them information.
The post The Location Data Brokers – A CYBER Podcast Special appeared first on Malicious Life.
In its prime, Mt. Gox was essentially the place where Bitcoin happened. But for two years, Mt. Gox was imploding from the inside - while soaring to unprecedented success on the outside.
The post The Fall Of Mt. Gox – Part 1 appeared first on Malicious Life.
This week we're doing an episode swap with the excellent podcast Darknet Diaries. A former NSA agent who has gone off to be a security consultant, tells a story about an assignment that he'll never forget...
The post Black Duck Eggs: Darknet Diaries appeared first on Malicious Life.
Today on Malicious Life, tens of thousands of people get robbed. Then a community gets together to ask: should we take our money back, or let the hacker walk with it?
The post Dave Kennedy: The Psychological Principles of Social Engineering appeared first on Malicious Life.
Today on Malicious Life, tens of thousands of people get robbed. Then a community gets together to ask: should we take our money back, or let the hacker walk with it?
The post The Ethereum DAO Hack appeared first on Malicious Life.
How did the Jerusalem virus trigger the birth of the entire Anti Virus industry in Israel? A high-stakes wager on Live TV, and more.
The post The Jerusalem Virus, Part 2 appeared first on Malicious Life.
Although scary, the Jerusalem virus, discovered in Israel in 1987, was in fact a rather simple virus. How, then, did the virus trigger the birth of an entire national industry?
The post The Jerusalem Virus, Part 1 appeared first on Malicious Life.
Eugene Spafford (aka Spaf), a professor of computer science at Purdue University, was the first researcher to publish a detailed analysis of the infamous Morris Worm. Gene talks to Ran about this incident, as well as how was security different in the 1980’s.
The post Gene Spafford on the Morris Worm & Cyber-security in the 1980’s appeared first on Malicious Life.
It’s a weapon that harnessed the strength of millions of computers at once: a cannon so powerful it could break through any wall, take down any website. It is “the Great Cannon”.
The post China Vs. Github appeared first on Malicious Life.
On the second installment of our Ashely Madison hack retelling, we look at the fallout of one of the hack, and the people who’ve suffered from it.
The post The Ashley Madison Hack, Part 2 appeared first on Malicious Life.
When Ashley Madison got hacked, it made international headlines. Why? Because it wasn’t just a major event. It demonstrated how there’s information even more sensitive, even more significant than your credit card, or your social security number: your secrets.
The post The Ashley Madison Hack, Part 1 appeared first on Malicious Life.
As we prepare to release an awesome 2-part story in two weeks, we decided to give you a chance to go back to some old favorites and check out some of the behind-the-scenes interviews of Malicious Life. Graham Cluley tells about his entry into the world of security. There are stories aplenty in this interview- Graham […]
The post Interview Special: Graham Cluley appeared first on Malicious Life.
If movies have taught me anything, it’s that if you want to rob a bank, you dress as the cleaning crew. The people behind the Target hack must have seen one action film too many, because when they decided to hack one of the biggest retailers in the world, they did so via the HVAC […]
The post The Target Hack appeared first on Malicious Life.
How does the outbreak of a “plague” inside a video game- a bug, essentially- affect real-life disease research?
The post WoW: Corrupted Blood appeared first on Malicious Life.
Stuxnet was a devastating weapon, but who wielded it? That is the question we try to answer with the final installment of our Stuxnet series. In this episode, we explore other, similar battles of the modern cyber war, and look further into the topic of Zero Day vulnerabilities. With special guests: Andrew Ginter, and Blake […]
The post The Stuxnet Virus Pt. 3 appeared first on Malicious Life.
Stuxnet was a weapon, a kind of a smart bomb- perhaps one of the smartest bombs ever created. A bomb that couldn’t rely on operators, cameras, and laser targeting, instead it had to “think” its way to its destination. An invisible commando unit, dropped deep behind enemy lines. And its payload- not explosives, but lines […]
The post The Stuxnet Virus Pt. 2 appeared first on Malicious Life.
Where armies once fought with bullets and bombs, they now engage in clandestine, invisible warfare. In 2010 a virus was discovered that would change the world’s perception of cyber warfare forever. Dubbed Stuxnet, this malicious piece of code has a single focus- to stop to development of Iran’s nuclear program. Part one of this three […]
The post The Stuxnet Virus Pt. 1 appeared first on Malicious Life.
The Shammon Virus. There is a single company, run by a royal family, which employs the majority of the Saudi working population. It’s worth more than Apple, Google, and Amazon…by a lot. The Saudi Aramco oil company is one of the most significant commercial entities in human history. It’s hard to imagine, then, what could […]
The post Shamoon – The Biggest Hack In History appeared first on Malicious Life.
Not all malware is created equal. Some malware will attempt to erase your files, demand ransom, or steal your information. Others will do no such thing- and still end up being worse. Don’t believe us? What if a virus made your computer send pornography to fifty of your closest friends and family? Yes, including your […]
The post The Melissa Virus appeared first on Malicious Life.
A young woman is arrested by the Chinese government while trying to cross the border to Tibet. Her interrogator, a Chinese spy, pulls out a dossier full of information regarding her activity online. It turns out she’s been visiting pro-Tibet websites, and for that, she’s sentenced to two months in jail. What is GhostNet? Find […]
The post GhostNet appeared first on Malicious Life.
In an attempt to halt the Morris worm’s path of destruction, a systems administrator at Harvard shut down the university router through which Andy Sudduth’s message would be sent to the internet. The post didn’t go through until after it was too late. In a tragic movie-twist, the fix that everybody needed was heard by […]
The post The Morris Worm Pt. 2 appeared first on Malicious Life.
We’ve introduced you to some of the seminal malware attacks that have shaped cybersecurity history. Perhaps no other incident in history, though, has had the effect on how we think about computer security today as the Morris worm.
The post The Morris Worm Pt. 1 appeared first on Malicious Life.
How far should a die-hard fan go, in order to bring closer to them the thing that they love? In one of the most interesting, yet relatively unknown cybersecurity stories, a young hacker attempts to steal his favorite game prior to its release and then attempts to blackmail his victims into hiring him. An evil […]
The post The Half Life 2 Hack appeared first on Malicious Life.
Catching a criminal is by no means easy, but there’s something we take for granted in any crime: that the criminal has a face and a name, that they used a specific weapon on a specific target, and that the crime had ended once it was complete. But what about a crime without a […]
The post The Legalities of the Cyber War appeared first on Malicious Life.
When representatives from the Democratic National Committee reached out to a silicon valley cybersecurity company, to investigate a potential breach in their computer system, it’s hard to imagine what they might have expected to come of it. It didn’t take long to discover that something was amiss. Red flags were popping up all over the […]
The post Fancy Bear, Cozy Bear appeared first on Malicious Life.
Those who have experienced a cybercrime know the feelings of frustration and helplessness that come along with it. A hacker could be halfway across the world when they attack you, and you might have no way of figuring out who it was or catching them even if you could. So frustrating. But is there really nothing we […]
The post Hack Back appeared first on Malicious Life.
What governments and powerful organizations regularly use, others will find ways to use as well. Cyber activity fits so incredibly well with terrorism. Actors can remain hidden, or reveal themselves to the world; Create propaganda campaign, or aim for real damage. Join us on this episode of Malicious Life, as we learn the story of […]
The post Cyber Terrorism appeared first on Malicious Life.
The NSA has many means at its disposal. But how does it use these means, and for what goals? Discover the (literally) secret history of the NSA’s cyber activity. Travel with us to Russia and back, learn the origins of FISA, and find out more about the government agency so secret it was once dubbed […]
The post Super Spies appeared first on Malicious Life.
The early 2000s were an interesting time in Information Security. This is roughly the period when malware transitioned from viruses written by teenagers for fun, to cybercrime tools in the hands of sophisticated criminals. This week’s story took place in that time frame – and was a precursor of that transition. It is also a cautionary […]
The post The Trojan Horse Affair appeared first on Malicious Life.
The largest hack in U.S military history may have been conducted by… The NSA. In 1997, a wargame conducted by the NSA showed just how unprepared we were for a potential cybernetic strike- in 4 days, NSA hackers were able to take down entire military networks. It revealed the dire consequences of a possible cyberattack, and even […]
The post Friend or Foe appeared first on Malicious Life.
It’s the holidays and everyone’s on vacation – but the Internet never rests and neither do the bad guys in cybersecurity. So, for this holiday special, we figured we’ll air an interesting interview we did a few weeks back with Amit Serper, Principal Security Researcher at Cybereason, NotPetya vaccinator, and former cyber warrior for the […]
The post Amit Serper Interview- Holiday Special Episode appeared first on Malicious Life.
From the Bulgarian hacker scene of the 90’s, featured in episodes 1 and 2, we now move to the vibrant underground hacker scene of West and East Berlin. Working secretly for the KGB, a young Berliner hacker attempts to hack the U.S military network, only to be stopped by a curious, and inventive astronomer. A […]
The post Deception appeared first on Malicious Life.
The threat of fire and fury stands at the center of all modern conflicts- nuclear bombs that can eradicate life in seconds are the ultimate weapon of war, as they pose a huge threat to centers of population. But what of the cyber war? What threat could it possibly pose to life as we know […]
The post Weapons of Mass Disruption appeared first on Malicious Life.
Guerrilla warfare has been around for as long as conventional warfare has. The idea that a small force, through cunning and brazen action, could overtake a larger force is an old one. From pirates who would take merchant ships by surprise, to lengthy military campaigns against an enemy that is hiding in plain sight. The […]
The post The Soldiers of North Korea appeared first on Malicious Life.
Governments around the world have been making devious use of the internet as a platform to spread, not malware, but propaganda. As in all wars, propaganda is a huge part of the modern cyber war. Join us as we explore the roots, and the most creative uses of the internet to spread information and disinformation […]
The post The Propaganda appeared first on Malicious Life.
WikiLeaks has ushered in a new age in whistle blowing: Modern leakers such as Chelsea Manning – who’s story is the focus of our current episode – expose huge amounts of confidential information. But can these mega-leaks really influence the actions and policies of governments?
The post The Whistleblowers appeared first on Malicious Life.
Stuxnet was a devastating weapon, but who wielded it? That is the question we try to answer with the final installment of our Stuxnet series. In this episode, we explore other, similar battles of the modern cyber war, and look further into the topic of Zero Day vulnerabilities. With special guests: Andrew Ginter, and Blake […]
The post Stuxnet, part 3 appeared first on Malicious Life.
Stuxnet was a weapon, a kind of a smart bomb- perhaps one of the smartest bombs ever created. A bomb that couldn’t rely on operators, cameras, and laser targeting, instead it had to “think” its way to its destination. An invisible commando unit, dropped deep behind enemy lines. And its payload- not explosives, but lines […]
The post Stuxnet, part 2 appeared first on Malicious Life.
Where armies once fought with bullets and bombs, they now engage in clandestine, invisible warfare. In 2010 a virus was discovered that would change the world’s perception of cyber warfare forever. Dubbed Stuxnet, this malicious piece of code has a single focus- to stop to development of Iran’s nuclear program. Part one of this three […]
The post Stuxnet, part 1 appeared first on Malicious Life.
A global FBI manhunt for the world’s most wanted cyber criminal ends in the capture of a massive criminal network, but with the escape of the man himself. Security experts who operate within the gray areas of morality develop botnets that destroy personal devices infected with malicious botnets in what they call “the chemotherapy of […]
The post Hell to Pay appeared first on Malicious Life.
WannaCry’s widespread cyber attack on more than 200,000 computers all over the world made headlines – but only a few people remember a similar attack, named The AIDS Trojan, almost 30 years earlier… In this episode of Malicious Life, we go deep into the world of ransomware to examine its roots, the tools used and […]
The post The Roots of Evil appeared first on Malicious Life.
2016 is known throughout the circles of information security as “The Year of The DDoS Attacks”, and rightfully so: 5 large scale DDoS attacks – ‘Distributed Denial Of Service’ – shocked the technology world. In this episode of Malicious Life, we examine how the power of the internet itself can be harvested and deployed to […]
The post Big Cannons appeared first on Malicious Life.
In this episode of Malicious Life, we take a look at one of the oldest forms of criminal activity on the web- the spam empires of the 90’s and 2000’s. Find out how these multi-million dollar industries operated, how they served as a half step towards the organized online crime groups of the modern age, […]
The post Spam Empire appeared first on Malicious Life.
In 1989, a message was found in a virus: “Eddie Lives…Somewhere in Time!”. ‘Eddie’ was a particularly nasty virus, and its discovery led a young Bulgarian security researcher down a rabbit hole, on a hunt for the prolific creator of the Eddie virus: The Dark Avenger. With special guests: Vesselin Bontchev, Graham Cluley.
The post The Dark Avenger appeared first on Malicious Life.
Cybercrime is one of the most notable threats we face as computer users, nowadays. But it wasn’t always so. Those of us who’ve been in the field long enough may remember a time when computer viruses were much more innocent, and virus authors were usually just bored computer geeks- not members of a sophisticated, well-organized […]
The post Ghost In The Machine appeared first on Malicious Life.
En liten tjänst av I'm With Friends. Finns även på engelska.