Ep 19: Operation Aurora

en-usAugust 01, 2018

Podcast Summary

Operation Aurora: How Well-Crafted Phishing Emails Led to Cyber Attacks on Top Tech Companies: Cybersecurity is crucial, and even the best security measures may not be enough to prevent cyber attacks. Companies must remain vigilant and take necessary steps to mitigate the risks posed by cybercriminals.
Companies like Google, Adobe, Yahoo, and Microsoft were victims of Operation Aurora, a sophisticated cyber attack that involved hackers sending well-crafted phishing emails to employees. The hackers got through by creating emails that looked like they had come from a coworker and containing links that led to malware-infected websites. Although the browser patch prevented it from being effective, it was just a cover for the real hack where the malware gave the hackers full access to the system. This incident shows that even with the best security measures in place, it's still not impossible for cybercriminals to infiltrate a company's network. Cybersecurity is crucial, and companies must remain vigilant to mitigate the risks posed by cybercriminals.
Cybersecurity Threats and Advanced Techniques Used in Google Attack: The Google attack during the holidays utilized sophisticated methods to bypass antivirus software, control victims' computers, and target court-ordered Gmail accounts. This raises concerns about government espionage and highlights the evolving threat landscape for businesses.
Hackers used highly sophisticated and rare techniques to attack Google during the Christmas and New Year holidays, targeting Chinese human rights activists' Gmail accounts. The attack included a newly created Trojan that bypassed all antivirus software and enabled hackers to control the victim's computer. Additionally, the hackers were after court-ordered Gmail accounts, which is baffling and has led to many theories about whether it was some form of government espionage or a way to check how much government can see into Gmail accounts. This cybersecurity threat changed the threat landscape for commercial companies, and its advanced methods and techniques have been seen previously in attacks on banking industries and utility companies by governments.
Ensuring Source Code Security with Configuration Management Systems: Companies should rely on reliable and secure software configuration management systems to safeguard their source code as cyber attacks are increasingly hard to trace due to anonymity on the internet. It is crucial to maintain security measures to prevent vulnerabilities in such systems.
Companies need to keep their source code in secure locations using software configuration management systems such as Perforce, Concurrent Versions Systems, Microsoft Visual SourceSafe or IBM Rational. However, Perforce was found to have many vulnerabilities such as anyone can create their own user account and the passwords are unencrypted. The Aurora exploit that targeted many companies might have been conducted by a team of dozens of people. The attack might have been done to gather information for a bigger attack later or to simply let the exploit become known. The attackers were traced back to two schools in China, the Shanghai Jiao Tong University and Lanxiang Vocational School. Cyber-attacks can be difficult to trace because of the anonymity on the internet.
China's Cyber Attack on Google: Espionage or Act of War?: The cyber attack on Google in 2010, believed to be orchestrated by China, highlighted the increasing importance of internet security and censorship issues in the international arena. It also raises questions about the blurred lines between espionage and acts of war in the digital age.
China was likely behind the sophisticated cyber attacks on Google in 2010, as they were trying to prevent Google from allowing Chinese citizens to access information that was censored in China. Google had complied with censorship requirements to enter the Chinese market, but the government continued to demand broader censorship even after the 2008 Olympics. The attack involved malware that was only used in China and originated from two schools in China, indicating that a well-funded group with advanced capabilities was responsible. While some news outlets called it an act of war, it was seen by others as espionage because it involved theft of information. The incident highlighted the importance of internet security and censorship issues in the international sphere.
Google's Conscience vs. Chinese Censorship Laws: Google's decision to shut down its Chinese website due to censorship laws shows that sometimes doing what is right is more important than pursuing profit and that protecting one's network from cyber attacks is critical.
Google shut down its google.cn website and closed most of their offices in China after they realized that by complying with Chinese censorship laws, they were being evil and helping the country conduct their oppression. This was a huge decision for Google, as China has the most population of any country in the world, and Google is the most popular website in the world. Even though leaving such a large market impacted Google's revenue and traffic, they quit their fight over Chinese censorship laws. Baidu is now the major search engine in China, and since Operation Aurora attack, Google and other companies had to step up their defenses to protect their networks from sophisticated attacks.
The Elderwood Group: A Masterful and Mysterious Hacking Group: Elderwood Group is a skilled and secretive hacking group that uses zero-day exploits to target high-profile companies. They focus on gaining access to defense companies and cover their tracks exceptionally well.
The Elderwood hacking group is a highly skilled and elusive group that has been involved in numerous hacking campaigns targeting big companies like Google, Microsoft and Adobe. They are known for their use of zero-day exploits, which are not that common in the hacker scene. The group seems to be interested primarily in gaining access to defense companies and their supply chains in order to obtain valuable information on military technology, and they are incredibly good at covering their tracks. Even though they are difficult to pin down, researchers are constantly monitoring for connections between new breaches and the Elderwood group, and their tactics and objectives continue to evolve over time.
The Advanced Chinese Hacking Group Behind Targeted Attacks in the West: The Elderwood Group, suspected to be a large, well-funded, and highly organized hacking group, uses zero-day exploits to gain access to bigger companies through smaller third-party contractors. Cyber-attack diplomacy is necessary to combat such growing cyber threats.
The Elderwood Group, a highly trained and advanced hacking group from China, has been targeting defense contractors, human rights organizations and other companies in the West for years. The group uses zero-day exploits to infect the websites of third-party contractors and non-profit organizations to gain access to their systems, implant malware into software and eventually make its way into bigger companies. The Elderwood Group is suspected to have hundreds, if not thousands, of members working in different teams with different tasks. They are well-funded and highly organized. Researchers believe that the group has broken up into smaller groups to avoid being connected and continue their hacking activity. Cyber-attack diplomacy is needed to stop these growing cyber threats.
US-China Cyber Agreement: A Hollow Victory?: While governments pledge to cease theft of intellectual property, commercial hacking remains the norm. Companies must remain vigilant, particularly those supplying contractors in the defense sector.
The US and Chinese government have reached a common understanding to not engage in cyber-enabled theft of intellectual property for commercial gain. However, this agreement may not hold much value as both countries continue to gather details from each other through hacking commercial companies. This makes it difficult to understand governments as they keep zero-day exploits just for themselves. Governments hacking into other governments or companies in other countries is now the new normal. This is the current battlefront that is secret and hidden from all of us until something goes wrong or gets sloppy or until someone wants us to see something. Companies, especially those that supply to defense contractors, should take this as a cautionary tale to be more vigilant.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

From arts & crafts to cybersecurity: Andrew Peterson on how Etsy inspired his startup

Andrew Peterson, founder of Signal Sciences, on why he left Google for Africa, his ‘Founder’s Dilemma’ book club and why LA is better than the Bay Area to build your startup.

enAugust 30, 2018

The Real Story of Cybersecurity - Special Guest: Peter Schawacker

Peter Schawacker has been involved in cybersecurity long before data breaches commonly made the headlines. In fact, he’s been helping businesses secure their data long before it was even called cybersecurity. Currently, he is heading the IT Security Team for Axiom Technology Group. In his career, he has been working with some of the biggest names in the business to protect their data and that of their customers.

The demand for the kinds of services that Peter provides has gone up a lot in recent years, particularly amongst private equity (PE) firms. In the past, such businesses didn’t concern themselves much with cybersecurity, leaving it up to the portfolio managers and others to deal with. However, the sheer number of security breaches and the resulting scrutiny that brings has forced them to rethink their priorities and take responsibility for their own security. Many of these PE firms are also small to mid-size, which is partly why they haven’t been able to keep up with the latest developments. They just don’t have the scale and resources needed to handle security on their own. That also makes these firms tempting targets. They have enough data and money to make it worth attacking but not so much that the companies or the government will spend a lot of resources to go after the hackers. Fortunately, Axiom is there to pick up the slack.

One of the most important services that Axiom provides is a full survey of the weaknesses a given firm might have, delivering around 200 security assessments a year, with approximately a quarter of those experiencing some kind of cyberattack. Performing this task well and transparently has earned both Axiom and Peter solid reputations as transparent, honest, and interested in keeping the client’s interests foremost. This seems like it should be a no-brainer but as Peter points out, there are a lot of charlatans in the cyber world, less interested in helping their clients solve problems than they are in making as much money as possible from each client. This is just bad practice. It means not only that a given security company will lose the trust and business of their clients when they figure out that they are being taken for a ride, but it also harms the trust in the cybersecurity industry as a whole.

There is also the fact that most firms, PE and otherwise are looking to implement the least amount of security possible. This isn’t because they don’t care about their clients’ data, but because at the end of the day they need to make money, which in turn means any Axiom client is looking for the lowest cost services that will bring their risk of a data breach down to an acceptable level. Because the sad truth is that it is incredibly unlikely that data will ever be 100% protected. Someone will always leave a password out or share it when they shouldn’t and a hacker will use it to disrupt a firm’s systems, only letting them go when their ransom is paid.

When interacting with clients, it is important to keep all of this in mind so you don’t oversell them. It’s also worth keeping in mind that most people don’t know the details of cybersecurity and frankly, they don’t want to know. All they want to know is how you can help them and how much it is going to cost. If someone is ever trying to convince you how awesome security is, they are almost certainly trying to sell a bill of goods.

Another thing Peter goes into is who makes the best cybersecurity professionals. It isn’t who you might think. People who go through a specific IT program are usually farther behind the curve on the latest development and too rigid in their thinking. The best hires for him tend to be high school teachers and musicians. Both are capable of thinking critically and still improvising when needed.

What does Peter think is the most important thing to keep in mind when it comes to dealing with cybersecurity? Finding who you can trust. The person who knows his stuff, can deliver on time and isn’t trying to oversell you. That is the person who has your interest at heart, who wants to make your systems secure without taking you for a ride.

What’s your security worth? www.tartle.co

Tcast is brought to you by TARTLE. A global personal data marketplace that allows users to sell their personal information anonymously when they want to, while allowing buyers to access clean ready to analyze data sets on digital identities from all across the globe.

The show is hosted by Co-Founder and Source Data Pioneer Alexander McCaig and Head of Conscious Marketing Jason Rigby.

What's your data worth?

Find out at: https://tartle.co/

YouTube: https://www.youtube.com/c/TARTLE

Facebook: https://www.facebook.com/TARTLEofficial/

Instagram: https://www.instagram.com/tartle_official/

Twitter: https://twitter.com/TARTLEofficial

Spread the word!

enJuly 07, 2021

Ep 22: Mini-Stories: Vol 1

Three stories in one! In this episode we hear about a penetration test from Mubix that he'll never forget, a incident response from Robert M. Lee which completely stunned him, and a social engineering mission from Snow. Podcast recommendation: Moonshot. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usSeptember 15, 2018

technology

cyberattack

cybersecurity

73: WannaCry

It is recommend to listen to episodes 53 “Shadow Brokers”, 71 “FDFF”, and 72 “Bangladesh Bank Heist” before listening to this one. In May 2017 the world fell victim to a major ransomware attack known as WannaCry. One of the victims was UK’s national health service. Security researchers scrambled to try to figure out how to stop it and who was behind it. Thank you to John Hultquist from FireEye and thank you to Matt Suiche founder of Comae. Sponsors Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usSeptember 01, 2020

Ep 21: Black Duck Eggs

Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 company. A company so large that theft of intellictual property could result in billions of dollars of damage. Ira's consulting company: Secure Mentum. His books: Spies Among Us, Advanced Persistent Security, Through the Eyes of the Enemy. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usSeptember 01, 2018