Logo

    108: Marq

    en-usJanuary 11, 2022
    1
    Darknet Diaries

    150 Episodes

    What prompted Omar to misuse the Web Tech Plus system?
    How can cybersecurity prevent unauthorized access to systems?
    What role does insider knowledge play in data breaches?
    Why is user education on cybersecurity important?
    How can individuals protect their online accounts from breaches?

    • The Danger of Misusing Remote Kill Switches for CarsCybersecurity measures must be taken seriously to prevent unauthorized access to powerful technologies, because when used maliciously they can cause chaos and harm innocent people.

      The misuse of powerful technology can cause chaos and harm to innocent people. In a darknet diary episode, Jack Rhysider narrates the story of Omar, a twenty-year-old who sought revenge on a car dealership that fired him. Omar used a login of another employee to access the Web Tech Plus system, which allowed car dealerships to remotely disable cars from starting. He started disabling cars and honking them, causing grief to the customers. This incident demonstrated how a remote kill switch for a car could be a potent technology that, when abused, could cause havoc. It highlights the importance of cybersecurity to prevent unauthorized access and ensure the safety of individuals and businesses.

    • From Lurker to Systems Administrator: Marq's Journey in the Tech IndustryConsistent learning and building skills can lead to career advancement in the tech industry.

      Marq started exploring the dark web while in high school, but remained a mere lurker in chat rooms and hacker forums without participating. However, with job experience from companies like Oracle, Microsoft, and an MSP, he gained valuable IT skills and experience that helped him level up. With each job, he learned something new and expanded his knowledge until he became a systems administrator at a Managed Service Provider in Atlanta. Through consistent learning and building his skills, Marq was able to progress in the tech industry and move cities to explore more job opportunities.

    • A Former System Administrator's Curiosity about Dark Web and Hacking ForumsCuriosity about the dark web and hacking forums can coexist with a fulfilling career but can also lead to termination even if it's unrelated to the person's interest.

      Marq, a former MSP system administrator, had access to everything, including servers, which is normal for his job. He became fascinated with the dark web, frequented hacker forums and saw more and more people selling databases of credit cards, hacked users' information, passwords, and email addresses. He never participated in any of it but watched for curiosity. Marq liked his job as a system administrator, but a disagreement with a knowledgeable coworker over shortcuts and a PowerShell script for a client led to his sudden termination from the company. This situation was unrelated to his fascination with the dark web and visiting hacking forums.

    • Importance of Proper Access Control and Cybersecurity Training in Preventing Data BreachesDisable logins for former employees and create separate logins for everyone who needs access to prevent unauthorized access. Strong ethics and cybersecurity training are essential for preventing data breaches caused by employee misuse.

      Former employers should disable logins for former employees while changing shared passwords for clients. MSPs should consider creating a separate login for everyone who needs access to avoid such situations, to prevent unauthorized access to sensitive data. Even though Marq had access to important data, he realized it was wrong and did not misuse it. However, accessing the dark web made him believe he could do things he shouldn't. It's crucial to have strong ethics, and cybersecurity awareness training to ensure employees do not use their access maliciously and end up harming the company.

    • The Threat of Insider Knowledge to Data Security and Importance of Cybersecurity AwarenessFormer employees with access to company systems can pose a threat to data security. Companies should implement strong security measures, educate employees on cybersecurity, and regularly monitor network activity to prevent breaches.

      Former employees with insider knowledge of a company's systems and security protocols can be a major threat to data security. In this case, Marq, with his knowledge of the company's network and security measures, was able to easily breach their system and steal valuable customer data. He then posted it on the dark web for sale, highlighting the importance of companies implementing strong security measures to safeguard their customer information. This incident also emphasizes the need for employees to be educated on the importance of cybersecurity to prevent accidental data breaches caused by human error. Companies must also regularly monitor their network activity and limit access privileges to prevent data breaches from former employees or unauthorized users.

    • Dangers of Dark Web Transactions and Data Breaches.If you engage in illegal activities on the dark web, using personal wallets for transactions can put you at risk of prosecution. Protect your online accounts and report any data breaches or leaks to authorities and companies promptly. Companies must take responsibility for securing customer privacy.

      Using personal wallets for transactions on the dark web can connect individuals to illegal activities and put them at risk of prosecution. Exchanges are required to collect personal information, making it easier for authorities to trace transactions. Financial need and personal circumstances can also drive individuals to engage in illegal activities. Data breaches and leaks can have real-world consequences and individuals must take steps to protect their online accounts, especially those linked to security cameras. Reporting such breaches to authorities and companies can prevent harm and protect users. Companies must take responsibility for securing their customers' privacy and respond promptly to reports of breaches or leaks.

    • The dangers of the dark web: selling customer information and network accessSelling customer information or backdoor access on the dark web can lead to serious legal consequences. Seeking legal counsel is crucial to avoid severe penalties associated with cybercrime.

      The sale of customer information on the dark web is a lucrative business. Law enforcement and security companies actively monitor these forums, often purchasing data to investigate and turn over to authorities. Selling backdoor access to a company's network is also a common occurrence, but can have serious legal consequences. Marq found himself in trouble with the FBI after attempting to sell access to a company's servers, and learned the importance of seeking legal counsel in a situation like this. The consequences of cybercrime can be severe, and individuals should think twice before engaging in any illegal activity on the dark web.

    • The consequences of hacking and prevention against insider threatsHacking for personal gain can lead to devastating consequences, including legal trouble and difficulty finding employment. Companies can prevent insider threats by revoking old credentials, valuing employees, and providing training. Ethical behavior should be prioritized to positively impact society.

      Marq's story highlights the consequences of hacking into others' systems for personal gain, even if it seems harmless. The severity of the crime can be devastating, as Marq lost a friend, spent time in jail, and faces long-term consequences such as difficulty finding employment. Lisa's insight shows that companies need to take threat prevention seriously - revoking old credentials, ensuring employees feel valued, and providing training can help to deter insider threats. Aspiring engineers like Marq should prioritize ethical behavior and seek to use their skills to positively impact society, rather than harm it.

    • Understanding Insider Threats and Their MotivationsInsider threats can come from various factors such as dissatisfaction, pressure, and a sense of ownership, and it is important to monitor key employees during crucial periods. Even the leader of an organization can become an insider threat, so it is crucial to always be vigilant and take proactive measures against it.

      Insider threats are not necessarily bad people, but rather a product of circumstances, timing, and personality. The most common types of attacks are fraud, sabotage, and theft, with theft being complex and motivated by various factors such as dissatisfaction, pressure, and a sense of ownership. To combat this, it is important to monitor key employees in certain departments during crucial periods, such as when they are leaving employment. Even the leader of an organization can become an insider threat, as seen in the case of General David Petraeus. Thus, it is crucial to always be vigilant and take proactive measures against insider threats.

    Was this summary helpful?

    Recent Episodes from Darknet Diaries

    150: mobman 2

    150: mobman 2
    Re-examining Episode 20 of Darknet Diaries, exploring doubts about Greg aka 'mobman' claiming to create sub7 malware.
    Darknet Diaries
    en-usOctober 01, 2024

    148: Dubsnatch

    148: Dubsnatch
    Story of daring teens pursuing unreleased dubstep music, revealing their audacious tactics to sneak a peek before others.
    Darknet Diaries
    en-usAugust 06, 2024

    147: Tornado

    147: Tornado
    In this podcast, Geoff White discusses the digital heist of Axie Infinity and Tornado Cash, revealing how cryptocurrencies were manipulated for money laundering, details from his book 'Rinsed'.
    Darknet Diaries
    en-usJuly 02, 2024

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Ep. 239 - Security Awareness Series - Protecting Against the Perfect Storm with Marc Ashworth

    Ep. 239 - Security Awareness Series - Protecting Against the Perfect Storm with Marc Ashworth

    Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank’s information security, fraud, physical security, and the network services departments. [Dec 18, 2023]

     

    00:00 - Intro

    00:22 - Ryan Intro

    00:53 - Intro Links:

    -          Social-Engineer.com - http://www.social-engineer.com/

    -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

    -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

    -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

    -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

    -          CLUTCH - http://www.pro-rock.com/

    -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

    04:16 - Marc Ashworth Intro

    05:51 - Recap

    08:26 - Speaking the Same Language

    09:36 - The Threats Get Better

    11:45 - Clash of the Robots

    13:42 - AI for Bad

    17:46 - AI for Good

    19:32 - Decepticons

    22:39 - Regulations: Money Talks

    26:48 - The Perfect Storm

    30:16 - Insider Threat Safety Tips

    33:00 – Mentors

    -          Bala Nibhanupudi

    -          Shelley Seifert

    -          Tom Bakewell

    35:17 - Book Recommendations

    36:37 - Find Mark Ashworth Online

    -          LinkedIn: linkedin.com/in/marcashworth/

    38:06 - Wrap Up & Outro

    -           www.social-engineer.com

    -          www.innocentlivesfoundation.org

    Ep. 219 - Security Awareness Series - Involve Me and Ill Understand with Ganesh Krishnan

    Ep. 219 - Security Awareness Series - Involve Me and Ill Understand with Ganesh Krishnan

    Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and Chris are joined by Ganesh Krishnan, a cybersecurity superhero with over 25 years of experience protecting the digital world from cyber threats. As a two-time founder with a track record of success at some of the world’s top tech companies, he's earned a reputation as a thought leader at the forefront of cybersecurity. Now at the helm of Anzenna, his latest security startup, he's out to revolutionize the industry by making cybersecurity accessible to every employee, not just the security team. [July 17, 2023]

     

    00:00 - Intro

    01:01 - Intro Links:

    -          Social-Engineer.com - http://www.social-engineer.com/

    -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

    -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

    -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

    -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

    -          CLUTCH - http://www.pro-rock.com/

    -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                               

    04:13 - Ganesh Krishnan Intro

    05:34 - Starting on the Path Towards History

    10:57 - The Importance of Trust

    14:17 - Breaking into an Establishment

    17:37 - Make It Personal

    18:58 - Changing Minds

    22:05 - Getting the Top on Board

    25:03 - Omnidirectional Communication

    27:38 - Be Visible

    29:48 - Mentors

    -          Wife

    31:17 - Book Recommendations

    -          Think Like a Rocket Scientist - Ozan Varol

    32:03 - Find Ganesh Krishnan online

    -          LinkedIn: linkedin.com/in/ganeshkrishnanlinkedin/

    -          Twitter: twitter.com/gkparanoid

    -          Website: https://www.anzenna.ai/

    32:32 - Explaining Anzenna

    35:35 - Wrap Up & Outro

    -          www.social-engineer.com

    -          www.innocentlivesfoundation.org

    103: Cloud Hopper

    103: Cloud Hopper
    Fabio Viggiani is an incident responder. In this episode he talks about the story when one of his clients were breached. Sponsors Support for this show, and for stretched security teams, comes from SOC.OS. Too many security alerts means alert fatigue for under-resourced SecOps teams. Traditional tools aren’t solving the problem. SOC.OS is the lightweight, cost-effective, and low-maintenance solution for your team. Centralise, enrich, and correlate your security alerts into manageable, prioritised clusters. Get started with an extended 3-month free trial at https://socos.io/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Sources  https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper  https://www.reuters.com/article/us-china-cyber-cloudhopper-companies-exc-idUSKCN1TR1D4  https://www.fbi.gov/wanted/cyber/apt-10-group  https://www.youtube.com/watch?v=277A09ON7mY  https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061  https://www.technologyreview.com/2018/12/20/239760/chinese-hackers-allegedly-stole-data-of-more-than-100000-us-navy-personnel/ Learn more about your ad choices. Visit podcastchoices.com/adchoices
    Logo

    © 2024 Podcastworld. All rights reserved

    Company

    Pricing

    Stay up to date

    For any inquiries, please email us at hello@podcastworld.io