Logo

80: The Whistleblower

en-us

December 08, 2020

TLDR: A social engineer shares a story about getting people to do things they don't want to do for profit. They also discuss security threats with sponsors including SentinelOne and Thinkst Canary.

1Ask AI
  • The power of psychological tricks in social engineeringSocial engineers use psychological tricks to influence people to make decisions they wouldn't normally make. Awareness of these tricks can help individuals protect themselves from being manipulated.

    Psychological tricks used by social engineers can persuade people to do things they don't want to do. People are more persuadable than they think and small gifts at the right time can have quite an impact on their decisions, even without their conscious awareness. A story of a social engineer called Paint Parrot, who persuaded someone to turn against their company causing major financial loss, is an example of how effective social engineering can be. While Paint Parrot was in the British Army's drone unit, his job was to gather intelligence, but after leaving the military, he became an instructor and eventually a social engineer who used psychological tricks to achieve his goals.

  • The Role of Whistleblowers and Contractors in Exposing Corporate MisconductWhistleblowers play a crucial role in holding companies accountable for illegal actions, and the DOJ and private intelligence contractors rely on their evidence to enforce the law. Whistleblowers are rewarded with a percentage of the fine imposed by the SEC.

    Whistleblowers are individuals who expose a company's misconduct and provide enough evidence to the Department of Justice (DOJ) to result in a successful enforcement action against the company. The DOJ contracts out work to companies like the DOJ contractor that Paint Parrot met to handle whistleblowing cases. Whistleblowers are rewarded with a percentage of the fine that is imposed by the SEC. In one case, Paint Parrot worked on, a large company was bribing government officials to gain a competitive edge and manufacturing fake shipping manifests. This case demonstrates the importance of whistleblowers in holding companies accountable for illegal actions and highlights the role of private intelligence companies in assisting the DOJ with gathering evidence.

  • The Importance of Whistleblowers in Exposing Corporate CrimesWhistleblowers have a crucial role in bringing to light illegal activities of large corporations that operate anonymously and off the books, paving the way for justice to be served.

    A multinational corporation was engaged in illegal activities by anonymously shipping oil, money, and falsifying shipment records to move funds off the books. This was discovered by a whistleblower who was introduced to a UK intelligence firm. However, the situation became complicated when the whistleblower disappeared threatening his family, and Paint Parrot was tasked with securing his family and finding the whistleblower. The whistleblower was convinced by the UK intelligence firm to come forward with evidence of the illegal activities to the DOJ. The key takeaway from the story is that even the largest companies engage in illegal activities anonymously or off the books, making it difficult to detect. Whistleblowers play a crucial role in exposing these activities and seeking justice.

  • Social engineering and internet search for tracking down a targetBe mindful of the information you share on social media and utilize privacy settings to avoid compromising personal information. Social engineering tactics require vigilance to safeguard against malicious intent.

    Paint Parrot uses social engineering and internet search to gather information to track down a person. He identifies locations and starts calling hotels to find the target's room number. He finally locates the right hotel and room number by pretending to be a laundry service. He confirms the person's identity by nonchalantly waiting in the corridor till he spots the person. The process required a lot of secrecy to avoid harm to the target and his family. Paint Parrot used social media metadata to locate the person and figured out his daily routine and favorite places. The process also shows how social media privacy measures have improved with automatic deletion of metadata from photos.

  • UK intelligence firm's failed attempt to bring back whistleblowerLoyalty cannot be bought and sensitive information must be handled with utmost care, as even one betrayal can jeopardize many organizations. Always consider the potential consequences before taking any action.

    The UK intelligence firm painted a soft approach in trying to bring back the whistleblower onboard to use him against the company. However, the whistleblower lost trust and revealed sensitive information that endangered not just the company but also DOJ and FBI names and emails. So when the whistleblower was no longer deemed useful, Paint Parrot packaged the information and passed it along to London law enforcement who then had enough evidence to bring him in for questioning. Towards resolving the situation, the conversation shifted to finding a new witness or two for the same investigation. This UK intelligence firm was motivated not just by justice but money as the whistleblowers got a cut of fines collected by SEC after their reporting and investigation.

  • Using Social Engineering to Uncover Corporate CrimeUsing Social Engineering to Uncover Corporate Crime  Companies can receive a substantial reward for reporting corporate crimes, but it requires building a relationship of trust with employees through social engineering techniques. This ethical dilemma is worth considering in the interest of uncovering illicit activity.

    Companies can receive up to 30% of the fines collected by the SEC by bringing evidence of a crime forward. An intel firm sought Paint Parrot's services to approach employees of a company and find a whistleblower willing to report the crimes to receive the reward. Paint Parrot had to use social engineering to build rapport with the employees, find someone with access to the right evidence, and convince them to become a whistleblower. This required building a relationship based on common interests and gaining their trust. This business model raises moral questions, but it is a means to uncover crimes committed by large corporations that would otherwise go unpunished.

  • Techniques to Identify and Convince a Potential WhistleblowerTo convince someone to become a whistleblower, it is necessary to identify an individual with strong morals, build trust, and make them feel comfortable to share information by using open-source intelligence techniques.

    To convince someone to be a whistleblower, you need to find a person with strong morals and ethics who is willing to do the right thing and work with the SEC. Paint Parrot and his team used open-source intelligence techniques to gather information about the person they identified as a potential whistleblower through social media, voter registration databases, and real estate listings. They also researched the person's family and built a pattern of life on the target. Paint Parrot created a fake identity online and became friends with the target to plant the idea of whistleblowing, making the person feel like it was their own idea. Persuasion requires gaining trust and making the person feel comfortable sharing information.

  • The importance of authenticity and trust in undercover operations.Successful undercover operations rely on careful planning, patience, and attention to detail. Building trust with the target through authenticity is crucial in gaining access to accurate information and achieving the mission's objectives.

    It's important to use your real name while making first contact with your target in undercover operations because using fake names might create complications and can jeopardize the mission. In addition, gaining the target's trust is a long game and requires patience. Paint Parrot's approach was to become friends with the target slowly and gain his trust before convincing him to be a whistleblower. The importance of having accurate information about the target is crucial in this type of operation, as seen in Paint Parrot's actions, and can help in creating a believable story that can intrigue the target. Overall, undercover operations need careful planning, patience, and an attention to detail in order to succeed.

  • Social Engineering: The Art of Initiating ConversationBuild a rapport with your target by letting them initiate conversation and casually discovering interests in common. Use this connection to gather information and achieve your objective.

    When approaching a target for social engineering, it's important to let them initiate conversation. By talking about something unique and tied into their lives, they will feel obligated to start conversation, instantly making them feel at ease. Once conversation has begun, capitalize on the opportunity to cement a friendship by using researched information to casually bring up similar interests and show that you are into the same things as they are. By doing this, you will be seen as the perfect friend they never knew existed, making it easier to gather information and accomplish your objective.

  • Using Patience and Manipulation to Build TrustBuilding trust takes time and strategic thinking, but manipulating vulnerable individuals for personal gain raises ethical concerns.

    Building trust with someone can enable you to influence and manipulate them successfully. Paint Parrot successfully built a friendly relationship over drinks and social events before bringing up the sensitive topic of whistleblowing. By mentioning the ongoing investigation in front of the target's wife, he planted seeds of fear and deep concern in him. This worrying slowly led him to agree to Paint Parrot's offer to consult with a lawyer. This example highlights the importance of patience, persistence, and strategic manipulation in achieving success in the long game. However, it also raises ethical concerns about the use of deceitful tactics to influence and manipulate vulnerable individuals for personal gain.

  • The Dodd-Frank Act's Bounty Program for Corporate WhistleblowersThe Dodd-Frank Act offers financial incentives and legal protection for whistleblowers reporting financial fraud and wrongdoings in their organization, promoting transparency and accountability in the corporate world.

    The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 incentivizes corporate whistleblowers by offering them a bounty of 10-30% of fines exceeding a million dollars. This law aims to encourage more people to come forward and report wrongdoings in their organizations to the government. Whistleblowers are also protected by the law to prevent retaliation from their employers. Such a bounty can be in millions of dollars, depending on the extent of wrongdoing and the amount of fine levied. Paint Parrot played a crucial role in blowing the whistle on a corrupt company and helping the DOJ to impose hefty fines on it and received a bounty for his role. The law also ensures that whistleblowers' identities are kept confidential and their contact with the organization is severed.

  • The secretive and potentially lucrative industry of cultivating whistleblowers.Whistleblowers have the potential to earn significant rewards, but the process is not without risks. Professional whistleblower-chasers may convince individuals to come forward, but the chances of receiving a payout are low and the ethical implications are complex.

    Whistleblowers have the potential to earn life-changing money, with the SEC paying out over $700 million to different whistleblowers. Intelligence companies that bring whistleblowers forward have a chance to receive a portion of the bounty, making it a viable business model. However, the whistleblowers themselves are not guaranteed to receive a payout, with only roughly 20% of cases resulting in a reward. The business of cultivating whistleblowers is a secretive and strange industry, with professional whistleblower-chasers gathering information on people and convincing them to upend their lives without promising rewards. Paint Parrot, an ex-intelligence worker, now focuses on surveillance and red teaming, leaving behind the potentially lucrative but morally ambiguous business of creating whistleblowers.

Was this summary helpful?

Recent Episodes

83: NSA Cryptologists

83: NSA Cryptologists

Darknet Diaries

NSA Cryptologists Marcus Carey and Jeff Man share their experiences at the NSA. Meanwhile, Jeff is a regular co-host on Paul's Security Weekly podcast, and Marcus has written several security-themed books.

January 19, 2021

82: Master of Pwn

82: Master of Pwn

Darknet Diaries

The Zero Day Initiative runs a hacker contest called Pwn2Own, where the best hackers demonstrate hacking into secure software like browsers and cars. Vendors must fix found vulnerabilities, with the winner crowned Master of Pwn. Dustin Childs and Brian Gorenc from ZDI discuss the contest, while Radek and Pedro share their experiences as Masters of Pwn.

January 05, 2021

81: The Vendor

81: The Vendor

Darknet Diaries

The hosts interview V, a darknet marketplace vendor, about his experiences transitioning from buyer to seller, and warn listeners of explicit content regarding drugs.

December 22, 2020

79: Dark Basin

79: Dark Basin

Darknet Diaries

Adam Hulcoop and John Scott-Railton of Citizen Lab discuss assisting targets of massive hacking campaigns with research and bringing hackers to justice, while Shadowfall's Matthew Earl is also interviewed.

November 24, 2020

Related Episodes

107: Alethe

107: Alethe

Darknet Diaries

Alethe, a social engineer, discusses her journey to becoming an expert at tricking people into giving up their passwords and access. She shares her experiences on Twitter as @AletheDenis.

December 21, 2021

144: Rachel

144: Rachel

Darknet Diaries

Rachel Tobac shares her journey as a social engineer and stories of hacking using voice and charm, with Daniel Miessler talking about AI in the background.

April 02, 2024

Ep 47: Project Raven

Ep 47: Project Raven

Darknet Diaries

An ex-NSA agent worked for a secret hacking group in the UAE, utilizing their skills and resources to enhance their operations and cover their tracks.

September 17, 2019

56: Jordan

56: Jordan

Darknet Diaries

Jordan Harbinger shares his story of being a misfit teenager who caught the FBI's attention. He recommends listeners check out The Jordan Harbinger Show and explore sponsors Thinkst Canary and Blinkist.

January 07, 2020

AI

Ask this episodeAI Anything

Darknet Diaries

Hi! You're chatting with Darknet Diaries AI.

I can answer your questions from this episode and play episode clips relevant to your question.

You can ask a direct question or get started with below questions -

Sign In to save message history