Logo

    77: Olympic Destroyer

    en-usOctober 27, 2020
    What technology has fencing judges integrated into competitions?
    How did the Soviet competitor cheat in the 1976 Olympics?
    What was the Sandworm attack's impact on the Olympics?
    Who is identified as responsible for the 2016 US election hacking?
    What are the consequences of accusing Russia for cyber-attacks?

    Podcast Summary

    • Technology in Fencing: The Unforeseen Vulnerability to HackingThe use of technology in sports brings forth unforeseen vulnerabilities to hacking. This calls for the need for cybersecurity measures to be implemented in every aspect of our lives in the modern digital era.

      Fencing judges have adopted technology to help score points by adding electronic components to the sword and protective gear. This means electronics and computers have become judges in fencing competitions. However, it has also made the sport vulnerable to hacking, as shown in the 1976 Olympics when a competitor from the Soviet Union rigged his sword by adding a button that completed the circuit whenever he wanted. He hacked the system and scored a hit even without touching his opponent. He was later disqualified and the British team that exposed him won a gold medal. This story shows how even seemingly simple technologies can be hacked and that cybersecurity is important in every aspect of our lives, even in sports.

    • Importance of Crisis Management Plan in Cyber-AttacksCyber-attacks are unpredictable and require organizations to have a solid crisis management plan in place. Regular drills and strict cyber-security measures can help prevent chaos and embarrassment.

      A destructive cyber-attack can happen anytime, regardless of how much preparation is done. In the event of a cyber-attack of this scale, it is important to have a crisis management plan in place. The pressure of the whole world watching can make the situation much worse. The IT team must work quickly to fix the problems caused by the attack to prevent chaos and embarrassment. In this situation, a workaround was created to get the official Olympic app working so that visitors could get in and out of the opening ceremony smoothly. The incident highlights the importance of cyber-security measures and drills, but also the unpredictability of cyber threats, and the urgency of having a solid crisis management plan in place.

    • Winter Olympics hit by cyber attack during opening ceremony.Despite facing a massive cyber attack, the IT team at the Winter Olympics managed to successfully eradicate the malware and rebuild all servers in time for the games to continue without further incidents.

      The IT staff at the Winter Olympics faced a massive cyber attack just as the opening ceremony began, causing widespread disruption and a new threat to the games. The malware wiped out the entire system and spread like a worm and was too hard to distinguish from the process it had the same name, winlogon.exe. The IT team battled all night to try to rebuild all the servers, and even their domain controllers were wiped repeatedly. They managed to eradicate the malware around 5:00 AM with the help of a security company but had to take the entire network offline. The IT heroics proved successful in getting the network back up in time for the games without further attacks.

    • Potential State-Sponsored Cyber Attacks at South Korea's Winter OlympicsThe Winter Olympics in South Korea experienced cyber threats, with Russia, China, and North Korea all suspected. Experts suggest that the attacks were state-sponsored, but it remains unclear if one nation or multiple countries were behind them.

      The Winter Olympics in South Korea was a prime target for cyber-attacks, with North Korea, Russia, and China all being suspected. Russia had a motive as they were banned from the Olympics for doping in previous years, and had already carried out a hacking campaign against the Worldwide Anti-Doping Agency. China was also a suspect due to the coding used in the malware being similar to previous Chinese attacks. The malware used, Olympic Destroyer, resembled NotPetya, a major cyber-attack on Ukraine, which could suggest that the attack was state-sponsored. It is difficult to pinpoint who was behind the attack as Russia denied responsibility, leaving it unclear whether one nation was solely responsible or if it was a collaborative effort.

    • The Challenge of Identifying Cyber AttackersCyber attackers often plant false flags and use sophisticated techniques to hide their tracks and make it difficult for researchers to identify them. A single clue is never enough to attribute an attack to a particular country or group.

      The Olympic Destroyer cyber attack didn't give any easy clues to solve the attribution problem. It had planted too many false flags making it almost impossible for researchers to identify the actual attacker. However, Kaspersky's Rich Header analysis found that there was a perfect match with North Korea's Lazarus hackers and one of their data-wiping malware. But, despite this match, it is hard to assume that the attackers were from North Korea alone. The attackers used sophisticated techniques, such as hiding tracks with distracting clues and false evidence, to make it difficult for researchers to find a real clue. Hence, a single clue is never enough to attribute an attack to a particular country or group.

    • Malware Implicating North Korea Was Proven False, While Evidence Pointed Towards RussiaThe malware used to disrupt the Olympics was not from North Korea, but instead was likely linked to Russia targeting Ukrainian groups. The investigation found clues in the delivery mechanism, phishing emails, and communication server.

      The metadata of the malware showed that someone had forged the Rich Header to implicate North Korea, but this false flag was provably false, indicating involvement of another party. When an analyst examined the delivery mechanism of the malware, he found that the hackers had been seeding out the malware months before the Olympics. The initial infection was through a phishing email, and the macros in the attachments were created with a tool called Malicious Macro Generator. The phishing emails targeted Ukrainian LGBT activist groups, companies, and government agencies, pointing towards Russia as the probable culprit. The final clue that closed the case was the domain account-loginserve.com, which was used by the malware to communicate with its command and control servers.

    • GRU Unit 74455: Russian Election Hackers and Saboteurs of 2018 Winter OlympicsRussian hackers, affiliated with GRU Unit 74455, used sophisticated tactics to penetrate the 2016 US election, sabotage the 2018 Winter Olympics, and access voter information of hundreds of thousands. The Russian government has not been held publicly accountable.

      Russian hackers went deep into the 2016 US election campaign, targeting 21 states or election-related systems. The same group, identified as GRU Unit 74455 or Sandworm, also hacked the US State Board of Elections in Arizona and Illinois, accessed voter rolls of hundreds of thousands of voters, and sabotaged the 2018 Winter Olympics in Pyeongchang, South Korea with Olympic Destroyer malware. The clues and fingerprints left by the hackers pointed towards Russia, implicating the Russian government in the cyber-attacks, including the extreme NotPetya attack on Ukraine that was linked to Sandworm. The lack of condemnation or public statement from any government about Russia's involvement in the Olympics cyberattack is vexing.

    • Russian Military Unit Behind Global Cyber-Attack for the Winter OlympicsState-sponsored cyber-attacks have real consequences and the US intelligence community has the ability to hold hackers accountable for their actions. The Russian military unit responsible for the attack on the power grid in Ukraine and NotPetya malware aimed to undermine the winter Olympics but were identified and indicted by the DOJ, proving that even skilled hackers are not invulnerable to justice.

      The cyber-attack that caused massive global impact was conducted by the Russian military unit 74455 of the GRU. They launched destructive malware against the power grid in Ukraine and then unleashed NotPetya malware. Their motive was to undermine the winter Olympics due to international penalties related to Russia's state-sponsored doping program. The DOJ identified the emotional immaturity of the hackers as petulant child-like behavior. The attack was strategically planned and took months of preparation and significant resources. This shows the extent of US intelligence collection and the ability to hack the hackers. The indictment listed the names and photos of the 6 people who carried out this attack. The outcome marks a significant step in creating accountability for state-sponsored cyber-attacks.

    • Sandworm Cyber-Attack on Olympics Leads to Accountability and UnpredictabilityThe Sandworm cyber-attack on the Olympics highlights the difficulty in determining the true culprit of future attacks, as well as the potential consequences of falsely accusing a nation, making the future unpredictable.

      The Sandworm cyber-attack on the Olympics is the first time any government has explicitly condemned Sandworm and held them accountable. Among the targets were timekeeping partners responsible for the actual sporting events, implying that Sandworm was trying to corrupt the results of the games. This highlights the evolution of Sandworm's deceptive capabilities, making it difficult to determine who is behind future cyber-attacks, which may be more innovative and use false flags. While the US cannot go into Russia and arrest these people, any attack on next year's Olympics will make Russia the first suspect. This indicates that the consequences of accusing a nation of doing something they didn't do could be severe, making the future unpredictable.

    Recent Episodes from Darknet Diaries

    149: Mini-Stories: Vol 3

    149: Mini-Stories: Vol 3

    In this episode we hear EvilMog (https://x.com/Evil_Mog) tell us a story about when he had to troubleshoot networks in Afghanistan. We also get Joe (http://x.com/gonzosec) to tell us a penetration test story.

    Sponsors
    Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

    Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

    Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

    Darknet Diaries
    en-usSeptember 03, 2024

    148: Dubsnatch

    148: Dubsnatch

    Ever wondered how far a fan would go to get a sneak peek of their favorite artist’s unreleased tracks? In this episode, we uncover the audacious story of some teens bent on getting their hands on the newest dubstep music before anyone else.

    Sponsors
    Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

    Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

    Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.


    Darknet Diaries
    en-usAugust 06, 2024

    147: Tornado

    147: Tornado

    In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

    This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

    Darknet Diaries
    en-usJuly 02, 2024

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Ep 48: Operation Socialist

    Ep 48: Operation Socialist
    This is the story about when a nation state hacks into a company within another nation. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25 to get 25% off. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code “DARKNET” to get 75% off when signing up for 3 years. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    World Economic Forum Top Global Economic Risks

    World Economic Forum Top Global Economic Risks

    There are a lot of different threats to the global economy out there. Civil unrest, wars, natural disasters, disease, and probably a few other things. One of the top threats recently identified by the World Economic Forum is cybersecurity, or rather the lack of it. That makes sense. We don’t say we live in the digital age for nothing. The whole world runs off of data and the various electronic devices that process, store, generate, and transmit it. If that data is not properly secured, it poses a threat to the very people generating it. There are certain companies and countries that are so entwined with the global economy, a successful cyberattack could cause a ripple effect that would affect people around the world across a variety of industries. Just imagine the damage that could be done if data centers used by Tyson or Oscar Meyer, or Monsanto were attacked. These companies affect a lot of the world’s food. Not to mention the militaries of the United States or China. If the computer networks for either country’s military were taken down, chaos would probably ensue. 

    If someone really wanted to cause economic chaos, they’d go after the stock exchanges. Over 80% of trades made these days are done by bots. A successful cyberattack could destroy the NYSE before people even knew what was happening. 

    On the individual level, your data is constantly getting sent out into the ether. Every app you download involves you giving up some kind of data that could be manipulated by nefarious actors, either for very particular ends or because they just enjoy messing with people’s lives. Just think about the facial recognition software on our phones. A company develops it, puts it on their phones, uses data from scanning your face to refine the algorithm and then goes and sells that algorithm to a foreign country or a company so they can use the new and improved facial recognition for their own ends, whatever they may be. 

    Cybersecurity has also been made a much bigger issue thanks to COVID. Now, many people are working from home instead of going to the office. That means individuals are doing potentially sensitive work and sharing it through their home networks, which are very likely not as secure as what they had at work. The potential for industrial espionage is massive. Files once centralized at work are now vulnerable to exploitation from malware the kids might accidentally download on their tablet, or to potentially lax security on the part of whatever cloud services are being used. 

    Fortunately, for many people, this is largely common sense. Lots of people now know at least at a surface level the kinds of dangers that exist online. Lots of people know about the dangers of malware, the need for a decent password (password is not a good password by the way) and even for a VPN to protect your IP address, making you much more difficult to track through the internet. 

    Many companies are fully aware of the dangers as well. If you want to really see someone serious about cybersecurity, take a look at the financial institutions. Their firewalls have firewalls.

    There is something that both individuals and corporations can do to keep their data secure. They can sign up with TARTLE. In doing so, they can sync their social media and other accounts with us, funneling your data through our VPN so it doesn’t just go to any number of third parties. We secure it and protect it. That means our users get full control over their data and who to share it with and when, giving all your data an extra layer of protection in the process.

    What’s your data worth? www.tartle.co

    VISA Security Alerts - What We Can Learn & What We Can Do - Ward Cobleigh - ESW #168

    VISA Security Alerts - What We Can Learn & What We Can Do - Ward Cobleigh - ESW #168

    This week on Enterprise Security Weekly, Paul Asadoorian and Matt Alderman interview Ward Cobleigh about the recent VISA security alerts highlighting the need for ongoing network monitoring and the ability to react quickly to specific indicators of compromise (IOCs). How flow and wire data can flag malicious behaviors and identify breach scope and impact. To find out more about VIAVI Solutions and to download their "Using Wire Data for Security Forensics" White Paper, visit https://securityweekly.com/VIAVI.

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://wiki.securityweekly.com/ESWEpisode168

    2023 Year in Review!

    2023 Year in Review!

    It's been another year and 2023 is coming to an end. Grab a drink as we sit down to discuss what has happened in the previous twelve months and what might be to come in 2024.

     

    Gather around as we review headlines, read listener emails, and have some cocktails as we prepare for the new year...

     

    Email the show at packetsandbolts@gmail.com

    Join us on Discord
    Follow us on Mastodon @PacketsAndBolts@ioc.exchange

     

    ...

     

    Packets and Bolts - Bringing AM radio to Podcasting since 2019...

    Logo

    © 2024 Podcastworld. All rights reserved

    Stay up to date

    For any inquiries, please email us at hello@podcastworld.io