Logo
    Search

    Podcast Summary

    • The Secretive World of the Grey Market for Exploits and Zero-Day BrokersVulnerabilities and exploits are sold on a legal but secretive grey market, with NDAs in place to keep them unknown. Attackers targeting journalists go to dangerous lengths to access their sources.

      The grey market for exploits is legal and secretive with NDAs behind each deal where the people who bought it want the exploit to remain as unknown as possible. People who find vulnerabilities and sell those exploits to governments or companies that will use it to attack people with are not interviewed for cybercrime shows. Zero-day brokers are knowledgeable in the secret world of zero-day vendors. The focus of attackers who attack journalists is looking through the reporters' computers and getting access to their sources. The lengths that nation states would go to try to get access to journalist sources is dangerous.

    • The New York Times Hack and the Shift in Online Attack ConversationThe New York Times hack was a turning point in acknowledging the severity of online attacks and the need for strong defenses despite treaties and agreements. Online security remains crucial in protecting sensitive information and sources.

      When The New York Times admitted that they were hacked by Chinese hackers, it changed the conversation around online attacks from victim-blaming to addressing a major problem that many companies were facing. It led to other news agencies admitting the same and highlighted the need for deterrents, penalties, and defense. Despite an agreement between the US and China to not hack into companies in the other nation, China ignored the rules by staging attacks. This incident made Nicole Perlroth highly cautious about protecting her sources and led her to write a book about it. However, she later became the target of online attacks herself, which highlights the ongoing need for online security measures.

    • The Dark World of Zero-Day ExploitsZero-day exploits allow hackers to exploit vulnerabilities in software unknown to its makers and sell them to governments and front companies for malicious activities. Argentine has become a hub for exploit development, as investigative work can be a dangerous profession.

      A zero-day exploit is a vulnerability in software that is still unknown to its makers. The vendor remains unaware of such vulnerabilities, giving room for hackers to develop and sell exploits to governments and front companies for their stockpiles of offensive cyber-espionage tools. These exploits can be used for malicious activities like cyber-attacks against individuals, businesses, or governments. Nicole, the investigative journalist, traveled around the world to research the zero-day market and found that Argentine had become the outsourcing hub for exploit development. However, her investigation was cut short when someone broke into her hotel room and opened her safe, which contained a burner laptop. She could not confirm whether they did anything with the laptop or just left the door open to scare her.

    • The Rise of Young Exploit Developers Selling to Governments and Front CompaniesYoung exploit developers are choosing to sell their skills to governments and front companies for personal gain, jeopardizing the fairness and balance of ethical hacking and vulnerability disclosure. This could lead to serious security threats worldwide.

      There is a growing group of young exploit developers who are selling their capabilities to governments or front companies for a high price instead of using them for ethical hacking or penetration testing. They can make tax-free money and live pretty large by exploiting vulnerabilities in enterprise applications, cars, or the latest apps to be sold on the underground grey market for zero-day exploits. However, it is hard to get them talking about it, and even the most experienced reporters can only get a glimpse of their world. These significant activities of those young hackers could affect the security of systems worldwide because they destroy the balance and fairness that ethical hacking and vulnerability disclosure create.

    • The Evolution of Cybersecurity: From Ignoring Hacker Warnings to Offering Bug BountiesCompanies must take proactive measures towards cybersecurity and prioritize it before their data is compromised. Offering bug bounties can help incentivize hackers to report vulnerabilities instead of exploiting them.

      The current world of secret exploits and their sale to secret entities under the table was not always like that. Initially, Microsoft was playing catch-up with Netscape and they missed the internet boom and security. Hackers found the errors and warned the companies, but they were ignored, thus hackers started dumping their findings on forums like Bugtraq to shame vendors. Microsoft took security seriously only after suffering major public failures, and Bill Gates wrote a memo called The Open Trustworthy Computing Memo in 2002, which made security a priority. Later, Google was hacked by China, and hence companies started improving their security and offering bug bounties to hackers.

    • The government's interest in buying exploits for offensive cyber-exploitation programsGovernments are willing to pay big bucks for exploits, which poses ethical concerns for security researchers and software makers, but the allure of government contracts can be challenging for companies trying to retain their employees.

      Governments, including the US, are interested in buying exploits to use for offensive cyber-exploitation programs. The US government's project called Gunman, approved by President Reagan in 1984, aimed to find bugs in the machinery inside the US embassy in Moscow. Ethically, bugs should be sold to software makers, but on the grey market, potential buyers could pay much more. Companies offering bug prices cannot match government prices, but they do not want to incentivize their security engineers from leaving the company and making more money outside. James Gosler, the godfather of American cyber-war, had spent a large chunk of his career at the NSA and the CIA and could talk about the operation called Project Gunman, but he was careful not to tell anything classified.

    • The Evolution of US Government's Intel Collection StrategiesTo maintain dominance in intelligence gathering, the US government had to enter the zero-day market and develop new exploitation capabilities. Other countries also seek this ability, making it an ongoing competition.

      After the discovery of the Soviet bug by Project Gunman, the US government realized that they needed to find ways to embed themselves in communication devices to collect their intelligence. The NSA initially did not play in the zero-day market but later entered it because other agencies wanted to play the NSA's game but didn't have the same talent pool in-house. The US government had to find exploits in software and communication channels rather than backdoors as they are vulnerable. This capability is not unique to Russia and the US - many other countries in the world either have or want this ability. The evolving technology landscape compelled the NSA to develop new exploitation capabilities to stay ahead of other nations.

    • Insider Hackers Turn Into Contractors for Online Espionage ToolsFormer NSA hackers turned independent contractors by selling zero-days exploits to their former employers and other agencies. This phenomenon is not exclusive to NSA, as bug hunters in the software industry can earn more by selling their skills on the outside.

      Some of the best hackers within NSA turned into independent contractors, offering online espionage tools and exploiting zero-day vulnerabilities. They were able to buy zero-days from hackers in other countries, improving their arsenal and providing reliable click-and-shoot tools for their former employers and other agencies. The agencies had a catalogue for their arsenal but suffered the quality issues with their own zero-days' exploits. The top-secret location of the catalogue and the access to it are still questionable. This phenomenon is not only true for the NSA but also for the software industry. When companies start paying huge amounts for their bugs, internal bug hunters can quit to keep doing the same thing and make more money on the outside.

    • The fragile relationship between software companies and the government: transparency and trust.In order to avoid compromising public trust and prevent dangerous security breaches, private industry and government entities must prioritize transparency and ethical considerations in their communication and technology development strategies.

      The relationship between software companies like Microsoft and their own government can be fraught with difficulty, as shown by the use of exploits like Flame and the tension caused by the Snowden leaks. Microsoft's perceived complicity in government surveillance has damaged public trust, and the Shadowbrokers hack shows how dangerous it can be when such exploits fall into the wrong hands. This highlights the need for transparency and clear communication between private industry and government entities, as well as the importance of ethical considerations when developing and using technology for potentially sensitive purposes.

    • The Price of National Security: Vulnerability and Potential Catastrophic Digital DisastersWith advanced technology, governments conduct digital espionage, leaving individuals vulnerable. Personal responsibility and knowledge are crucial as asymmetrical access to resources is a significant threat to digital security.

      Governments all over the world use computers and exploits to break into communication channels for espionage and cyber-attacks, but the trade-off for national security has left Americans, and the world, more vulnerable. As technology continues to advance and become more complex, it is crucial for leaders to understand its nuances and make informed decisions about cybersecurity. The US has set a precedent for conducting digital espionage, which other nations are following, leading to a lack of accountability and a potential for catastrophic digital disasters. It is important for individuals to take personal responsibility for protecting their digital life, such as making backups and storing them securely. Asymmetrical access to resources and knowledge is a significant threat to digital security.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Hullaballoon

    Hullaballoon
    The balloon crisis is blown up. Politico’s Alex Ward deflates it for us. This episode was produced by Amanda Lewellyn, edited by Matt Collette, fact-checked by Miles Bryan, engineered by Paul Robert Mounsey and Patrick Boyd, and hosted by Sean Rameswaram. Transcript at vox.com/todayexplained Support Today, Explained by making a financial contribution to Vox! bit.ly/givepodcasts Learn more about your ad choices. Visit podcastchoices.com/adchoices

    127: Maddie

    127: Maddie
    Maddie Stone is a security researcher for Google’s Project Zero. In this episode we hear what it’s like battling zero day vulnerabilities. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Sources https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/yu-vb2013.pdf https://www.youtube.com/watch?v=s0Tqi7fuOSU https://www.vice.com/en/article/4x3n9b/sometimes-a-typo-means-you-need-to-blow-up-your-spacecraft Learn more about your ad choices. Visit podcastchoices.com/adchoices

    ISC StormCast for Friday, September 28th 2018

    059: Warum ist Cyber Security Chefsache, Nico Werner (All-in Digital & CloudCommand)?

    059: Warum ist Cyber Security Chefsache, Nico Werner (All-in Digital & CloudCommand)?
    In der heutigen Interview-Folge des Tech-Podcasts "Blue Screen" begrüßen wir Nico Werner als unseren Gast. Nico ist ein bekannter Podcaster und beschäftigt sich mit dem Thema "Cyber Security ist Chefsache". Da wir uns beide mit IT- und OT-Themen, insbesondere Industrie 4.0, beschäftigen, ist es eine spannende Gelegenheit, uns auszutauschen.