The Danger of Misusing Remote Kill Switches for Cars: Cybersecurity measures must be taken seriously to prevent unauthorized access to powerful technologies, because when used maliciously they can cause chaos and harm innocent people.
The misuse of powerful technology can cause chaos and harm to innocent people. In a darknet diary episode, Jack Rhysider narrates the story of Omar, a twenty-year-old who sought revenge on a car dealership that fired him. Omar used a login of another employee to access the Web Tech Plus system, which allowed car dealerships to remotely disable cars from starting. He started disabling cars and honking them, causing grief to the customers. This incident demonstrated how a remote kill switch for a car could be a potent technology that, when abused, could cause havoc. It highlights the importance of cybersecurity to prevent unauthorized access and ensure the safety of individuals and businesses.
From Lurker to Systems Administrator: Marq's Journey in the Tech Industry: Consistent learning and building skills can lead to career advancement in the tech industry.
Marq started exploring the dark web while in high school, but remained a mere lurker in chat rooms and hacker forums without participating. However, with job experience from companies like Oracle, Microsoft, and an MSP, he gained valuable IT skills and experience that helped him level up. With each job, he learned something new and expanded his knowledge until he became a systems administrator at a Managed Service Provider in Atlanta. Through consistent learning and building his skills, Marq was able to progress in the tech industry and move cities to explore more job opportunities.
A Former System Administrator's Curiosity about Dark Web and Hacking Forums: Curiosity about the dark web and hacking forums can coexist with a fulfilling career but can also lead to termination even if it's unrelated to the person's interest.
Marq, a former MSP system administrator, had access to everything, including servers, which is normal for his job. He became fascinated with the dark web, frequented hacker forums and saw more and more people selling databases of credit cards, hacked users' information, passwords, and email addresses. He never participated in any of it but watched for curiosity. Marq liked his job as a system administrator, but a disagreement with a knowledgeable coworker over shortcuts and a PowerShell script for a client led to his sudden termination from the company. This situation was unrelated to his fascination with the dark web and visiting hacking forums.
Importance of Proper Access Control and Cybersecurity Training in Preventing Data Breaches: Disable logins for former employees and create separate logins for everyone who needs access to prevent unauthorized access. Strong ethics and cybersecurity training are essential for preventing data breaches caused by employee misuse.
Former employers should disable logins for former employees while changing shared passwords for clients. MSPs should consider creating a separate login for everyone who needs access to avoid such situations, to prevent unauthorized access to sensitive data. Even though Marq had access to important data, he realized it was wrong and did not misuse it. However, accessing the dark web made him believe he could do things he shouldn't. It's crucial to have strong ethics, and cybersecurity awareness training to ensure employees do not use their access maliciously and end up harming the company.
The Threat of Insider Knowledge to Data Security and Importance of Cybersecurity Awareness: Former employees with access to company systems can pose a threat to data security. Companies should implement strong security measures, educate employees on cybersecurity, and regularly monitor network activity to prevent breaches.
Former employees with insider knowledge of a company's systems and security protocols can be a major threat to data security. In this case, Marq, with his knowledge of the company's network and security measures, was able to easily breach their system and steal valuable customer data. He then posted it on the dark web for sale, highlighting the importance of companies implementing strong security measures to safeguard their customer information. This incident also emphasizes the need for employees to be educated on the importance of cybersecurity to prevent accidental data breaches caused by human error. Companies must also regularly monitor their network activity and limit access privileges to prevent data breaches from former employees or unauthorized users.
Dangers of Dark Web Transactions and Data Breaches.: If you engage in illegal activities on the dark web, using personal wallets for transactions can put you at risk of prosecution. Protect your online accounts and report any data breaches or leaks to authorities and companies promptly. Companies must take responsibility for securing customer privacy.
Using personal wallets for transactions on the dark web can connect individuals to illegal activities and put them at risk of prosecution. Exchanges are required to collect personal information, making it easier for authorities to trace transactions. Financial need and personal circumstances can also drive individuals to engage in illegal activities. Data breaches and leaks can have real-world consequences and individuals must take steps to protect their online accounts, especially those linked to security cameras. Reporting such breaches to authorities and companies can prevent harm and protect users. Companies must take responsibility for securing their customers' privacy and respond promptly to reports of breaches or leaks.
The dangers of the dark web: selling customer information and network access: Selling customer information or backdoor access on the dark web can lead to serious legal consequences. Seeking legal counsel is crucial to avoid severe penalties associated with cybercrime.
The sale of customer information on the dark web is a lucrative business. Law enforcement and security companies actively monitor these forums, often purchasing data to investigate and turn over to authorities. Selling backdoor access to a company's network is also a common occurrence, but can have serious legal consequences. Marq found himself in trouble with the FBI after attempting to sell access to a company's servers, and learned the importance of seeking legal counsel in a situation like this. The consequences of cybercrime can be severe, and individuals should think twice before engaging in any illegal activity on the dark web.
The consequences of hacking and prevention against insider threats: Hacking for personal gain can lead to devastating consequences, including legal trouble and difficulty finding employment. Companies can prevent insider threats by revoking old credentials, valuing employees, and providing training. Ethical behavior should be prioritized to positively impact society.
Marq's story highlights the consequences of hacking into others' systems for personal gain, even if it seems harmless. The severity of the crime can be devastating, as Marq lost a friend, spent time in jail, and faces long-term consequences such as difficulty finding employment. Lisa's insight shows that companies need to take threat prevention seriously - revoking old credentials, ensuring employees feel valued, and providing training can help to deter insider threats. Aspiring engineers like Marq should prioritize ethical behavior and seek to use their skills to positively impact society, rather than harm it.
Understanding Insider Threats and Their Motivations: Insider threats can come from various factors such as dissatisfaction, pressure, and a sense of ownership, and it is important to monitor key employees during crucial periods. Even the leader of an organization can become an insider threat, so it is crucial to always be vigilant and take proactive measures against it.
Insider threats are not necessarily bad people, but rather a product of circumstances, timing, and personality. The most common types of attacks are fraud, sabotage, and theft, with theft being complex and motivated by various factors such as dissatisfaction, pressure, and a sense of ownership. To combat this, it is important to monitor key employees in certain departments during crucial periods, such as when they are leaving employment. Even the leader of an organization can become an insider threat, as seen in the case of General David Petraeus. Thus, it is crucial to always be vigilant and take proactive measures against insider threats.
108: Marq
Darknet Diaries
150 Episodes
Recent Episodes from Darknet Diaries
150: mobman 2
149: Mini-Stories: Vol 3
148: Dubsnatch
147: Tornado
146: ANOM
In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.
This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.
145: Shannen
144: Rachel
143: Jim Hates Scams
142: Axact
141: The Pig Butcher
Related Episodes
Ep. 239 - Security Awareness Series - Protecting Against the Perfect Storm with Marc Ashworth
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank’s information security, fraud, physical security, and the network services departments. [Dec 18, 2023]
00:00 - Intro
00:22 - Ryan Intro
00:53 - Intro Links:
- Social-Engineer.com - http://www.social-engineer.com/
- Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/
- Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/
- Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/
- Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb
- CLUTCH - http://www.pro-rock.com/
- innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/
04:16 - Marc Ashworth Intro
05:51 - Recap
08:26 - Speaking the Same Language
09:36 - The Threats Get Better
11:45 - Clash of the Robots
13:42 - AI for Bad
17:46 - AI for Good
19:32 - Decepticons
22:39 - Regulations: Money Talks
26:48 - The Perfect Storm
30:16 - Insider Threat Safety Tips
33:00 – Mentors
35:17 - Book Recommendations
36:37 - Find Mark Ashworth Online
- LinkedIn: linkedin.com/in/marcashworth/
38:06 - Wrap Up & Outro
Ep. 219 - Security Awareness Series - Involve Me and Ill Understand with Ganesh Krishnan
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and Chris are joined by Ganesh Krishnan, a cybersecurity superhero with over 25 years of experience protecting the digital world from cyber threats. As a two-time founder with a track record of success at some of the world’s top tech companies, he's earned a reputation as a thought leader at the forefront of cybersecurity. Now at the helm of Anzenna, his latest security startup, he's out to revolutionize the industry by making cybersecurity accessible to every employee, not just the security team. [July 17, 2023]
00:00 - Intro
01:01 - Intro Links:
- Social-Engineer.com - http://www.social-engineer.com/
- Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/
- Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/
- Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/
- Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb
- CLUTCH - http://www.pro-rock.com/
- innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/
04:13 - Ganesh Krishnan Intro
05:34 - Starting on the Path Towards History
10:57 - The Importance of Trust
14:17 - Breaking into an Establishment
17:37 - Make It Personal
18:58 - Changing Minds
22:05 - Getting the Top on Board
25:03 - Omnidirectional Communication
27:38 - Be Visible
29:48 - Mentors
- Wife
31:17 - Book Recommendations
- Think Like a Rocket Scientist - Ozan Varol
32:03 - Find Ganesh Krishnan online
- LinkedIn: linkedin.com/in/ganeshkrishnanlinkedin/
- Twitter: twitter.com/gkparanoid
- Website: https://www.anzenna.ai/
32:32 - Explaining Anzenna
35:35 - Wrap Up & Outro