98: Zero Day Brokers

en-usAugust 03, 2021

Podcast Summary

The Secretive World of the Grey Market for Exploits and Zero-Day Brokers: Vulnerabilities and exploits are sold on a legal but secretive grey market, with NDAs in place to keep them unknown. Attackers targeting journalists go to dangerous lengths to access their sources.
The grey market for exploits is legal and secretive with NDAs behind each deal where the people who bought it want the exploit to remain as unknown as possible. People who find vulnerabilities and sell those exploits to governments or companies that will use it to attack people with are not interviewed for cybercrime shows. Zero-day brokers are knowledgeable in the secret world of zero-day vendors. The focus of attackers who attack journalists is looking through the reporters' computers and getting access to their sources. The lengths that nation states would go to try to get access to journalist sources is dangerous.
The New York Times Hack and the Shift in Online Attack Conversation: The New York Times hack was a turning point in acknowledging the severity of online attacks and the need for strong defenses despite treaties and agreements. Online security remains crucial in protecting sensitive information and sources.
When The New York Times admitted that they were hacked by Chinese hackers, it changed the conversation around online attacks from victim-blaming to addressing a major problem that many companies were facing. It led to other news agencies admitting the same and highlighted the need for deterrents, penalties, and defense. Despite an agreement between the US and China to not hack into companies in the other nation, China ignored the rules by staging attacks. This incident made Nicole Perlroth highly cautious about protecting her sources and led her to write a book about it. However, she later became the target of online attacks herself, which highlights the ongoing need for online security measures.
The Dark World of Zero-Day Exploits: Zero-day exploits allow hackers to exploit vulnerabilities in software unknown to its makers and sell them to governments and front companies for malicious activities. Argentine has become a hub for exploit development, as investigative work can be a dangerous profession.
A zero-day exploit is a vulnerability in software that is still unknown to its makers. The vendor remains unaware of such vulnerabilities, giving room for hackers to develop and sell exploits to governments and front companies for their stockpiles of offensive cyber-espionage tools. These exploits can be used for malicious activities like cyber-attacks against individuals, businesses, or governments. Nicole, the investigative journalist, traveled around the world to research the zero-day market and found that Argentine had become the outsourcing hub for exploit development. However, her investigation was cut short when someone broke into her hotel room and opened her safe, which contained a burner laptop. She could not confirm whether they did anything with the laptop or just left the door open to scare her.
The Rise of Young Exploit Developers Selling to Governments and Front Companies: Young exploit developers are choosing to sell their skills to governments and front companies for personal gain, jeopardizing the fairness and balance of ethical hacking and vulnerability disclosure. This could lead to serious security threats worldwide.
There is a growing group of young exploit developers who are selling their capabilities to governments or front companies for a high price instead of using them for ethical hacking or penetration testing. They can make tax-free money and live pretty large by exploiting vulnerabilities in enterprise applications, cars, or the latest apps to be sold on the underground grey market for zero-day exploits. However, it is hard to get them talking about it, and even the most experienced reporters can only get a glimpse of their world. These significant activities of those young hackers could affect the security of systems worldwide because they destroy the balance and fairness that ethical hacking and vulnerability disclosure create.
The Evolution of Cybersecurity: From Ignoring Hacker Warnings to Offering Bug Bounties: Companies must take proactive measures towards cybersecurity and prioritize it before their data is compromised. Offering bug bounties can help incentivize hackers to report vulnerabilities instead of exploiting them.
The current world of secret exploits and their sale to secret entities under the table was not always like that. Initially, Microsoft was playing catch-up with Netscape and they missed the internet boom and security. Hackers found the errors and warned the companies, but they were ignored, thus hackers started dumping their findings on forums like Bugtraq to shame vendors. Microsoft took security seriously only after suffering major public failures, and Bill Gates wrote a memo called The Open Trustworthy Computing Memo in 2002, which made security a priority. Later, Google was hacked by China, and hence companies started improving their security and offering bug bounties to hackers.
The government's interest in buying exploits for offensive cyber-exploitation programs: Governments are willing to pay big bucks for exploits, which poses ethical concerns for security researchers and software makers, but the allure of government contracts can be challenging for companies trying to retain their employees.
Governments, including the US, are interested in buying exploits to use for offensive cyber-exploitation programs. The US government's project called Gunman, approved by President Reagan in 1984, aimed to find bugs in the machinery inside the US embassy in Moscow. Ethically, bugs should be sold to software makers, but on the grey market, potential buyers could pay much more. Companies offering bug prices cannot match government prices, but they do not want to incentivize their security engineers from leaving the company and making more money outside. James Gosler, the godfather of American cyber-war, had spent a large chunk of his career at the NSA and the CIA and could talk about the operation called Project Gunman, but he was careful not to tell anything classified.
The Evolution of US Government's Intel Collection Strategies: To maintain dominance in intelligence gathering, the US government had to enter the zero-day market and develop new exploitation capabilities. Other countries also seek this ability, making it an ongoing competition.
After the discovery of the Soviet bug by Project Gunman, the US government realized that they needed to find ways to embed themselves in communication devices to collect their intelligence. The NSA initially did not play in the zero-day market but later entered it because other agencies wanted to play the NSA's game but didn't have the same talent pool in-house. The US government had to find exploits in software and communication channels rather than backdoors as they are vulnerable. This capability is not unique to Russia and the US - many other countries in the world either have or want this ability. The evolving technology landscape compelled the NSA to develop new exploitation capabilities to stay ahead of other nations.
Insider Hackers Turn Into Contractors for Online Espionage Tools: Former NSA hackers turned independent contractors by selling zero-days exploits to their former employers and other agencies. This phenomenon is not exclusive to NSA, as bug hunters in the software industry can earn more by selling their skills on the outside.
Some of the best hackers within NSA turned into independent contractors, offering online espionage tools and exploiting zero-day vulnerabilities. They were able to buy zero-days from hackers in other countries, improving their arsenal and providing reliable click-and-shoot tools for their former employers and other agencies. The agencies had a catalogue for their arsenal but suffered the quality issues with their own zero-days' exploits. The top-secret location of the catalogue and the access to it are still questionable. This phenomenon is not only true for the NSA but also for the software industry. When companies start paying huge amounts for their bugs, internal bug hunters can quit to keep doing the same thing and make more money on the outside.
The fragile relationship between software companies and the government: transparency and trust.: In order to avoid compromising public trust and prevent dangerous security breaches, private industry and government entities must prioritize transparency and ethical considerations in their communication and technology development strategies.
The relationship between software companies like Microsoft and their own government can be fraught with difficulty, as shown by the use of exploits like Flame and the tension caused by the Snowden leaks. Microsoft's perceived complicity in government surveillance has damaged public trust, and the Shadowbrokers hack shows how dangerous it can be when such exploits fall into the wrong hands. This highlights the need for transparency and clear communication between private industry and government entities, as well as the importance of ethical considerations when developing and using technology for potentially sensitive purposes.
The Price of National Security: Vulnerability and Potential Catastrophic Digital Disasters: With advanced technology, governments conduct digital espionage, leaving individuals vulnerable. Personal responsibility and knowledge are crucial as asymmetrical access to resources is a significant threat to digital security.
Governments all over the world use computers and exploits to break into communication channels for espionage and cyber-attacks, but the trade-off for national security has left Americans, and the world, more vulnerable. As technology continues to advance and become more complex, it is crucial for leaders to understand its nuances and make informed decisions about cybersecurity. The US has set a precedent for conducting digital espionage, which other nations are following, leading to a lack of accountability and a potential for catastrophic digital disasters. It is important for individuals to take personal responsibility for protecting their digital life, such as making backups and storing them securely. Asymmetrical access to resources and knowledge is a significant threat to digital security.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

Hullaballoon

The balloon crisis is blown up. Politico’s Alex Ward deflates it for us. This episode was produced by Amanda Lewellyn, edited by Matt Collette, fact-checked by Miles Bryan, engineered by Paul Robert Mounsey and Patrick Boyd, and hosted by Sean Rameswaram. Transcript at vox.com/todayexplained Support Today, Explained by making a financial contribution to Vox! bit.ly/givepodcasts Learn more about your ad choices. Visit podcastchoices.com/adchoices

Today, Explained

enFebruary 06, 2023

cybersecurity

chinese spy balloon

intelligence gathering

us-china relations

geopolitical tensions

127: Maddie

Maddie Stone is a security researcher for Google’s Project Zero. In this episode we hear what it’s like battling zero day vulnerabilities. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Sources https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/yu-vb2013.pdf https://www.youtube.com/watch?v=s0Tqi7fuOSU https://www.vice.com/en/article/4x3n9b/sometimes-a-typo-means-you-need-to-blow-up-your-spacecraft Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 01, 2022

software engineering history

ISC StormCast for Friday, September 28th 2018

Enriching Radare2 and x64dbg malware analysis with statically decoded strings
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

en-usSeptember 28, 2018

The Cybertraps Podcast Trailer

Full episodes and interviews coming soon!!!

See Cybertraps.com for more information.

enDecember 20, 2020

059: Warum ist Cyber Security Chefsache, Nico Werner (All-in Digital & CloudCommand)?

In der heutigen Interview-Folge des Tech-Podcasts "Blue Screen" begrüßen wir Nico Werner als unseren Gast. Nico ist ein bekannter Podcaster und beschäftigt sich mit dem Thema "Cyber Security ist Chefsache". Da wir uns beide mit IT- und OT-Themen, insbesondere Industrie 4.0, beschäftigen, ist es eine spannende Gelegenheit, uns auszutauschen.

BlueScreen - Der Tech-Podcast!

deDecember 18, 2023

cybersecurity

wissen und handlung

schutz von ot-systemen

ot-branche

hersteller- und händlersoftware

produktionssicherheit

systemverfügbarkeit

nico werner

menschen informieren

cybersecurity auf managementebene