Hacker And The Fed

This week on Hacker And The Fed we discuss private data leaking due to a misconfiguration, and no one is listening to the researchers. We are shown the mindset of hackers during a ransom negotiation, a cell phone provider is hacked for the 9th time in 6 years, there are 50 Chinese state hackers for every FBI cyber agent, and using AI to help hack. And finally, we answer listener questions about .xyz, pen testing tools, and possible Hacker And The Fed swag. Links from the episode: Many Public Salesforce Sites are Leaking Private Data krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/ Hackers Claim Vast Access to Western Digital Systems techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/ T-Mobile Discloses 2nd Data Breach of 2023, This One Leaking Account PINs and More arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/ Chinese Hackers Outnumber FBI Cyber Personnel 'By At Least 50 to 1,' Wray Testifies foxnews.com/politics/chinese-hackers-outnumber-fbi-cyber-personnel-wray-testifies Capturing the Flag with GPT-4 micahflee.com/2023/04/capturing-the-flag-with-gpt-4/ The Cyber Police Exposed an Attacker in the Sale of Databases with Personal Data of Citizens of Ukraine and the EU cyberpolice.gov.ua/news/kiberpolicziya-vykryla-zlovmysnyka-u-zbuti-baz-iz-personalnymy-danymy-gromadyan-ukrayiny-ta-yes-6598/ -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we sit down with Michele Chia, Head of Cyber Insurance at Zurich North America. We ask a number of questions including what is cyber insurance? Who needs it? And How much coverage is needed? Does cyber insurance cover an insider threat attack? What does a ransomware attack look like when you have cyber insurance? And finally, we find out how our guest cultivated such a successful career in cyber insurance. Link from the episode: zurichna.com/knowledge/experts/michelle-chia -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova. Links from the episode: Remote Code Execution Vulnerability in Google They Are Not Willing To Fix giraffesecurity.dev/posts/google-remote-code-execution/ 'GhostToken' Opens Google Accounts to Permanent Infection darkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infection Hacker Group Names Are Now Absurdly Out of Control wired.com/story/hacker-naming-schemes-spandex-tempest/amp How Long It Would Take A Hacker To Brute Force Your Password In 2023 hivesystems.io/blog/are-your-passwords-in-the-green Support this episode's sponsors: DeleteMe: Visit JoinDeleteMe.com/FED and use promo code FED20 BetterHelp: Visit BetterHelp.com/HATF and get 10% off your first month -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed internet videos may be able to silently hack your phone with a "Near Ultrasound Inaudible Trojan” (NUIT). Companies have more access to your data than you may know, including pictures of you. We also discuss how better access controls may have prevented the recent classified documents leak and share a story about a hacker getting hacked. Links from the episode: Hey Siri, use this ultrasound attack to disarm a smart-home system https://www.theregister.com/2023/04/04/siri_alexa_cortana_google_nuit/ Tesla workers shared sensitive images recorded by customer cars https://www.reuters.com/technology/tesla-workers-shared-sensitive-images-recorded-by-customer-cars-2023-04-06/ Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 2 https://informnapalm.org/en/hacked-russian-gru-officer/ Support this episode's sponsors: DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20 -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed a researcher gains access to millions of Office 365 accounts, cyber criminals are stealing and selling your internet bandwidth, and now hackers can remotely open your garage door and start your car in order to steal it. Links from the episode: Researcher gained access to millions of Office365 accounts: https://twitter.com/hillai/status/1641146508639600646 https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration Cybercriminals may be stealing and selling your Internet bandwidth: https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/ And now hackers can remotely open your garage and start your car in order to steal it: https://www.vice.com/en/article/pkadqy/hackers-can-remotely-open-smart-garage-doors-across-the-world-simpaltek https://kentindell.github.io/2023/04/03/can-injection/ Finally the FBI has taken down another hacking forum full of stolen credentials: https://finance.yahoo.com/news/fbi-seizes-genesis-market-notorious-123039527.html?guccounter=1 -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we speak with Kelly Moan, who serves as the Chief Information Security Officer (CISO) of New York City. We talk trends and cyber threats against the city. She also details the significant volume of attacks against the city on a weekly basis and gives us tips for getting into cyber security. Links from the episode: nyc.gov/content/oti/pages/meet-the-team/cyber-command nyc.gov/jobs More info on the JSOC + Cyber Command’s authorities via Executive Order 10: nyc.gov/office-of-the-mayor/news/088-22/mayor-adams-governor-hochul-joint-security-operations-center-combat-cybersecurity#/0 nyc.gov/office-of-the-mayor/news/010-002/executive-order-10 Support this episode's sponsor: HelloFresh: Visit HelloFresh.com/hatf50 and use code hatf50 for 50% off, plus your first box ships free! -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss what email security should look like over the next 12 months, who has the ability to read your emails, and law enforcement busting people using DDoS for hire. Links from the episode: Email Security Nightmare as 75% Of CISOs Expect a Severe Email-Borne Attack in the Next 12 Months cpomagazine.com/cyber-security/email-security-nightmare-as-75-of-cisos-expect-a-severe-email-borne-attack-in-the-next-12-months/ Who reads your email? twitter.com/jschauma/status/1634032554603945984 netmeister.org/blog/mx-diversity.html Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html Support this episode's sponsor: BetterHelp: Hacker and the Fed is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we catch up on some questions from our listeners: we discuss what a red teamer does, how the FBI works with other law enforcement agencies, how to upgrade your personal cyber security once you’ve got the basics down, and protecting children on the Internet. Support this episode's sponsors: Drata: Listeners of Hacker and the Fed can get 10% off Drata and waived implementation fees at drata.com/partner/hacker-fed BetterHelp: Hacker and the Fed is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we sit down with Bill Gardner, professor and Chair Department of Cyber Forensics & Security at Marshall University. Bill offers insight into the professional and academic path into the industry and the future of cybersecurity. Links from the episode: Follow Bill Gardner: Twitter: https://twitter.com/oncee Linkedin: https://www.linkedin.com/in/304blogs/ Marshall University Prospective Students Two papers written by Bill Gardner “I Did What I Believe Is Right”: A Study of Neutralizations among Anonymous Operation Participants Social Engineering in Non-Linear Warfare Support this episode's sponsors: Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20 -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we discuss fake Google advertisements, law firms under attack from cyber criminals, and the Whitehouse announcing a new national security strategy. Support this episode's sponsors: Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20 Links from the episode: twitter.com/doctorow/status/1628948906657878016 thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html?m=1 twitter.com/dcuthbert/status/1631302488996364288/photo/1 whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/ whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581 twitter.com/nol_tech/status/1629910222746578945 abc7news.com/atm-scam-tap-card-chase-bank-function/12905397/ -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we discuss a leaked ransomware negotiation, how Twitter's new verification system may improve security, and the NSA releases its best practices for securing your home network. Support this episode's sponsor, Drata. For 10% off and waived implementation fees visit drata.com/partner/hacker-fed. Links from the episode: pwndefend.com/2023/02/15/lockbit-3-0-and-royal-mail-chats-published/ dice.com/career-advice/cybercriminals-increase-recruiting-tech-and-it-pros-across-the-darknet gizmodo.com/facebook-instagram-verified-elon-musk-was-right-twitter-1850139933 media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we update a story from a few episodes ago about a woman driving with a suspicious eavesdropping device near the embassies in Paris, Credit Suisse suffers a insider threat attack, an old attack methodology is updated to steal cryptocurrency, a hacker utilizes screen-capturing malware to cherry-pick their victims, regulators propose a rule to have cyber educated board members, Hector receives a phishing email that turns out to be a much larger issue, and finally Hector pays off his losing Super Bowl bet. Links from the episode: francetvinfo.fr/faits-divers/escroquerie-aux-sms-de-l-assurance-maladie-les-suspects-volaient-les-numeros-de-telephone-depuis-leur-voiture_5665943.html efinancialcareers.com/news/2023/02/credit-suisse-employee-data-leak blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack thehackernews.com/2023/02/hackers-targeting-us-and-german-firms.html cfr.org/blog/walk-and-chew-gum-cisos-communicating-boards-have-speak-their-language venturebeat.com/security/4-misconceptions-about-data-exfiltration/amp/ bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/ -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed Reddit suffers a phishing attack, the FBI offers "Ritz Carlton" level customer service, Texas bans TikTok on state owned devices, and a researcher documents the methodology of finding a major network flaw. Links from the episode: reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/ govconwire.com/2022/10/bryan-vorndran-outlines-tenets-of-fbi-role-in-cyber-ecosystem/ beckershospitalreview.com/legal-regulatory-issues/fbi-aiming-to-protect-give-ritz-carlton-level-customer-service-to-companies-that-report-cyberattacks.html gov.texas.gov/news/post/governor-abbott-announces-statewide-plan-banning-use-of-tiktok eaton-works.com/2023/02/06/toyota-gspims-hack/ -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss how Search Engine Ads are being used to spread malware through "malvertising". We also cover the impact of a breach involving data for over 20,000 individuals stolen from a firm that aggregates public records and sells background checks online. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we discuss the FBI's takedown of Hive, the Ransomware group with over 100 million in ransom payments. We also talk about the FBI's insider threat brochure, giving companies indicators on what to look for internally. And finally, Hector asks Chris some questions about the FBI. Links from the episode: justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant fbi.gov/file-repository/insider_threat_brochure.pdf cisa.gov/insider-threat-cyber -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed Hector makes some predictions of the hacks we will see in 2023. We also discuss bug bounty hunters, how they're not getting paid what they deserve and why they may take their exploits to the dark web. We touch on another big API data leak and Hector tells a story of a hack he did on Super Bowl Sunday. And finally we help a listener with spoofed calls and text messages. T-Mobile Filed Form 8-K with the US SEC -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker and the Fed we discuss a variety of recent news stories, including a report of a messaging service selling access to user data, bootleg network devices being sold through certified vendors, Gmail offering end-to-end encryption, lessons learned from a not so secure encrypted messaging application, cell phone software that was stolen and made public, and a password problem at a major US executive department. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we discuss Twitter's data leak, explaining APIs and how to better protect ourselves. We also touch on the Russian hacking crew "Cold River" and answer some listener questions. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we tackle IMSI Catchers, or cell phone eavesdropping devices after one was found by French authorities in the back of a vehicle near the US embassy in Paris. We also cover Hector's PBS Hack, his thought process and attack vector. And finally we have a conversation about Botnets and some of the risks they present. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we tackle cyber warfare with special guest Jeff Carr. Jeff authored the book "Inside Cyber Warfare: Mapping the Cyber Underworld" and is an expert on how nation-states, groups, and individuals around the world wage digital war on one another. We cover a wide range of topics from how to define "cyber war" to the insider perspective on the war in Ukraine. Check out Jeff's book here! -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And Fed we select a number of audience questions specifically directed toward Hector, and he answers them from the perspective of his former self, Sabu. We cover questions like "what is a hack?" "What are the hardest security controls to beat?" "What do Hackers do with your stolen data?" And finally, Sabu reveals his coolest hack. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss the infamous Shadow Brokers, a group (or individual hacker) who compromised the NSA back in 2016. We explore and explain this hack from the perspective of a former FBI agent and a former black hat hacker. We also detail Apple's new security posture deploying end-to-end encryption. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss a recent paper published by CISA (The Cybersecurity and Infrastructure Security Agency) detailing how to help secure your small business online. We also answer a number of listener questions. You all have been sending us some great questions in the past week, today we answer a few of our favorites. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we have our first ever guest. Former Black Hat and former member of LulzSec, Cody Kretsinger. Hector and Cody go back nearly 20 years to the earliest days of online hacking when they spent years partnering to infiltrate major computer networks around the world. Despite that long history, they’ve never actually met in the flesh. We cover a lot as they speak together for the first time, from hacking origin stories to life after federal prison. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss Hector's decision to work with the FBI. To change the course of his life and begin the journey to where he is now. We explore his moral considerations as well as the very practical implications of such a decision. We also hear the story of Hector's first hack and answer a listener question on NSO group and high level hacking. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss the recent seizure related to Silk Road, the black market website Chris took down in 2013. Silk Road is back in the news as the IRS just recently caught a man who stole 50,000 bitcoin from the site. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss the recent DropBox hack that relied on a phishing attack to steal credentials as well as multi-factor authentication codes. We also discuss other tactics attackers use to work around multi-factor authentication as well as a technology that may replace the applications and codes you use today. And finally, we respond to a few user questions about the FBI. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss the NSO Group’s zero-click iPhone exploit, also known as Pegasus, a powerful tool that can be used to take full control of a target’s iPhone without their knowledge. We break down how it all works and how to think about this tool and others like it. We also answer a question from the audience about Hector’s experience using IRC, an old internet chat tool where Hector had “wars” with other hackers. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we answer audience questions. We discuss the future of cyber security and whether we will ever get ahead of the bad guys. We also detail what it's like to be arrested by the FBI as Hector recounts his experience following the knock on the door. And finally, we respond to a small business owner on how to secure her social media accounts and website from potential threats. -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss voice fishing, or "vishing," and the social engineering tactics behind this attack. You know those spam calls you get? Well sometimes those are actually social engineering attacks aimed at convincing you to send money to scammers. It's a relatively new twist on phishing and it employs many of the same basic tactics. We detail what these attacks look like, tell a few stories of our own experience with social engineering, and leave you with some key takeaways for how to keep yourself and loved ones safe and secure. -- Below are several terms Hector and Chris use in the show that some listeners may not be familiar with: Dox – publish private information about an individual online APT – advanced persistent threat, e.g. a nation state with sophisticated cyber capabilities EFNet – an internet chat relay network API – automated programming interface, a way for two or more computer programs to communicate with each other. WHOIS – information about an IP address or domain name (e.g. google.com) -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

On this first episode of Hacker And The Fed, Chris and Hector tell their origin story. Hector details the journey from his first time on the internet to becoming a globally infamous black hat hacker. And Chris tells of growing up in Virginia next to the chief of police to ultimately joining the FBI and dedicating his life to fighting cyber crime. The two outline their story from the moment Chris arrested Hector, ultimately leading to a long time collaboration and lifelong friendship. For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

Former FBI special agent Chris Tarbell and former Anonymous blackhat Hector Monsegur (aka Sabu) first faced-off as adversaries in cyberspace before becoming close friends and podcast co-hosts. Listen to Tarbell, co-founder of an elite cybersecurity firm NAXO, and Monsegur, a top network penetration tester and security engineer, break down the must-know cybersecurity news and topics of the day. You’ll walk away from each episode with unique perspectives on how to keep your family, your company, and your personal cyber footprint safe from attacks.