Logo
    Search

    Ep 25: Alberto

    en-usNovember 01, 2018

    Podcast Summary

    • The case of Alberto Hill, an experienced security consultant who was imprisoned for a crime he claims he didn't commit.A background in security and knowledge about cryptocurrency doesn't always protect from false accusations. Investigations should be thorough before jumping to conclusions.

      Alberto Hill, a Uruguayan security consultant with a background in Interpol, was arrested and sentenced to prison for hacking into a medical facility and conducting extortion. He claims that he didn't do it. He had been working for the government for four years securing systems, investigating malware, and conducting security audits. He has an impressive educational background and is very knowledgeable about cryptocurrency. Before his arrest, Alberto gave talks about Bitcoin and security. The police felt like they hit the jackpot when they raided Alberto's apartment and confiscated lots of electronic devices, including hardware Bitcoin wallets, credit card cloning devices, and other hacking tools. However, there may be more to this case than meets the eye.

    • How Curiosity and Knowledge Can Help Prevent Cyber AttacksBeing knowledgeable about hacker tools and reporting vulnerabilities to CERTs can help prevent damage to companies and individuals and protect against potential cyberattack repercussions.

      Being endlessly curious and knowledgeable about the tools used by hackers, like a certified ethical hacker, can be an asset for those working in security. Vulnerabilities like using default login credentials, such as admin/admin, can pose a serious risk to organizations and should be reported to Computer Emergency Readiness Teams (CERTs) for prompt attention. Alberto's curiosity and expertise led him to discover a critical vulnerability in a medical provider's website which he reported to CERT. CERTs are government-run teams that help protect nations and critical systems from cybersecurity threats. Identifying severe vulnerabilities like these can help prevent damage to companies and individuals and protect against potential cyberattack repercussions.

    • The Risks of Reporting Vulnerabilities and Engagement in HackingReporting a vulnerability does not always ensure protection from suspicion or prosecution. One must be careful and aware of the potential consequences, including arrest and suspicion, particularly when using electronic equipment or engaging in activities that could be interpreted as hacking.

      Reporting vulnerabilities doesn't guarantee protection from suspicion in future hacking incidents. Alberto's reporting of a vulnerability in a medical provider's website led to his arrest and suspicion on hacking into their website two years later when a hacker demanded ransom in exchange for not releasing patient data. His extensive collection of electronics and computers, including equipment used for hacking, caused further suspicion. It's important to be cautious and aware of potential consequences when reporting vulnerabilities and engaging in any activities that could be interpreted as hacking.

    • Understanding the use of hacker tools for protectionSecurity professionals need to know and understand hacker tools to protect themselves from cyber-attacks. Owning equipment and items related to hacking for learning purposes is common, but it is important to avoid raising suspicions by keeping an unusually high amount of cash at home or owning items that may seem questionable to others.

      Security professionals may have a lab with various equipment, tools, and devices, like thumb drives, hacking tools, multiple computers, and hardware Bitcoin wallets. However, it is necessary to know and understand hacker tools to protect oneself from cyber-attacks. It's not uncommon to have such equipment for learning purposes, like testing security with credit card chips. However, keeping an unusually high amount of cash at home may raise suspicion. In Alberto's case, they were from transactions with Bitcoins. Additionally, owning items related to hacking like Anonymous masks, t-shirts, etc., might be a habit some security professionals have, but it might seem questionable to others.

    • Innocent Man Confesses to Cybercrime Due to Lack of Legal and Technical KnowledgeLack of legal and technical knowledge can lead to wrongful accusations and legal troubles in cybercrime cases. It is important to understand the law and technicalities of such crimes to avoid unjust outcomes.

      Alberto confessed to writing the ransom email when the police threatened to raid his mother's house. He did it to save his mother and girlfriend from being questioned and searched. Despite being innocent, Alberto faced a long and frustrating period of irrelevant questioning in court due to lack of knowledge about computers in the judge and prosecutor. His USB Killer device, which could destroy any device plugged into its USB port, was also taken by the police but he warned them about its danger. Alberto's girlfriend was also arrested and interrogated, causing a major psychological toll on her. This incident shows how legal and technical knowledge are crucial in handling cybercrime cases.

    • The consequences of hacking and cyber crimes.Being responsible and ethical in information security is of utmost importance, as hacking and cyber crimes can have severe legal consequences, including loss of personal freedom and unwanted attention.

      Hacking and cyber crimes may have serious consequences for individuals, even leading to prison time and loss of personal freedom. It is important to understand the gravity of these actions and to take full responsibility for them, rather than trying to hide them or save face. The media and law enforcement tend to make a big deal out of such crimes, and they can bring unwanted attention and notoriety to the offender, even among fellow inmates in prison. It is crucial for professionals working in the information security domain to follow ethical and legal standards at all times while executing their duties and to avoid any activities that may land them in legal trouble.

    • The Risks of Overmedicating on Anxiety Medication: A Cautionary TaleOver-medication of anxiety medication can lead to severe consequences and it is important to seek help from medical professionals and address the underlying cause of anxiety to manage it effectively.

      Over-medication on anxiety medication can have serious consequences, as seen in the case of Alberto who overdosed on Xanax due to his anxiety and fear of being blamed for hacking into a bank. While medication can be helpful for managing anxiety and other mental health issues, it's important to always take it as prescribed and under the guidance of a medical professional. It's also crucial to recognize and address the underlying cause of anxiety and not resort to self-medication or other harmful coping mechanisms. Seeking help and support from trusted individuals or mental health professionals can make a significant difference in managing anxiety and preventing incidents like Alberto's overdose.

    • The Trauma of Wrongful Conviction.Negligence and lack of knowledge can have devastating effects on people's lives, and it is important to handle evidence properly in criminal cases to avoid wrongful convictions.

      Improper handling of evidence by the police during the investigation led to the conviction of the wrong person, resulting in the loss of 8 years of Alberto's life and traumatizing his girlfriend. The police were not knowledgeable enough to handle the case, and they left behind a lot of evidence that could have been useful. Alberto wonders if all this was just a cover-up for something bigger and shadier going on at the medical facility. This incident caused Alberto to lose his girlfriend, and he is still working with his lawyer to collect the evidence of what was taken from his apartment even after five months of being released from prison.

    • Embracing Hacker Culture to Fight CybercrimeCollaboration between security professionals and hackers is necessary to understand and combat cybercrime effectively. The same skills and curiosity that make someone a hacker can also make them an asset in securing systems. Clear-eyed analysis of evidence is crucial to avoid wrongful convictions.

      The line between illegal hackers and security professionals is thin and complicated, and embracing the hacker culture may be necessary to effectively combat cybercrime. Alberto, who was wrongfully convicted of a cybercrime, received job offers from a security company after his release and discovered security flaws in various systems. However, the justice system's preconceived notion of what a hacker looks like led to his wrongful conviction, emphasizing the importance of clear-eyed analysis of evidence. Playing on both sides of the fence may be necessary to effectively combat cybercrime, which requires a deep understanding of the tactics and skills employed by illegal hackers. Alberto's experience highlights the need for greater understanding and collaboration between security professionals and hackers, as ultimately, they share the same skills and curiosity.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Ashley Madison Sextortion, Iowa, 3D Brains - SWN #10

    Ashley Madison Sextortion, Iowa, 3D Brains - SWN #10

    Welcome to the Security Weekly News Wrap up for the Week of 2 - February - 2020. Ashley Madison, BADASSARMY, Security Through Obscurity in Iowa, all the show notes, and more on this episode of Security Weekly News Wrap Up.

    Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SWNEpisode10

    Microsoft Defender for Endpoint with Matt Soseman from Microsoft

    Microsoft Defender for Endpoint with Matt Soseman from Microsoft
    #7: In this podcast, we chat all about Microsoft Defender for Endpoint & Microsoft Defender Threat & Vulnerability Management with Matt Soseman, Microsoft Security Architect.

    Matt is an IT Pro and a Security Architect at Microsoft. He runs one of the top TechNet blogs at http://aka.ms/MattsBlog​ and his own blog at www.mattsoseman.com in addition to his channel at aka.ms/SosemanTV. His goal is to help other IT professionals thrive in their career!

    If you're looking for a CSP partner, we would love to chat!

    Our website: https://www.infusedinnovations.com/​
    Send us a contact form: https://bit.ly/2GKK3Ns​
    Contact email: info@infusedinnovations.com

    Episode 180: Zero to CEO: How to protect your business from cyber crime and security threats with Stephen Semmelroth

    Episode 180: Zero to CEO: How to protect your business from cyber crime and security threats with Stephen Semmelroth

    In this episode of Zero to CEO, we will discuss the growing trend of online business and the corresponding increase in criminal activity targeting these businesses. Join Cybersecurity Expert and US Army Veteran Stephen Semmelroth as he guides you through the steps to protect your business from cybercrime and security threats. With the current threat of Russian cyber attacks in the US, it’s more important than ever to ensure your business is protected. We’ll explore ways businesses can secure themselves, including tips for businesses and individuals to protect themselves, addressing the cybersecurity talent shortage, and understanding the critical lessons learned while building successful businesses. Don’t miss this valuable information as we discuss the importance of reviewing cybersecurity best practices in light of the Russia-Ukraine war.

    How to Protect You and Your Loved Ones from Cyber Crimes

    How to Protect You and Your Loved Ones from Cyber Crimes
    Every year millions become victims of identity theft and many other cyber-attacks, including ransomware, phishing, scams, and more.



    Hackers, scammers, and Cyber monsters should not be allowed to ruin our lives, to steal our information, our money, our precious time, and peace of mind. Unfortunately they do.



    Cyber Mindful with Sandra's podcast reveals a fresh, inspiring, and empowering way to relate to technology. In the first episode, Sandra shares her nightmare story and how in her journey of becoming a cybersecurity expert she learned the secret to protect your information and keep yourself, your family and business safe from online threats. Discover that cyber safety is literally at your fingertips.

    Sandra Estok is the founder of Way2Protect™, author of the international bestselling and award-winning Happily Ever Cyber!™ book, and the Cyber Literacy series for children. She is a Keynote Speaker and Corporate Trainer with over 20 years of experience in Cybersecurity, IT and Data Privacy. Her mission is to empower women to take charge of their cyber safety and have Peace of Mind Online.

    Include website link https://SandraEstok.com
    Social media handle: @Way2Protect

    To watch Sandra Estok’s TEDx talk “What an identity theft victim can teach about cybercrime" click here. Or copy this link directly into your browser: https://www.youtube.com/watch?v=v46TAoZl1XI
    Please share this powerful TEDx talk by Sandra.

    Episode 17: Microsoft Takes Action against Consent Grant Attacks

    Episode 17: Microsoft Takes Action against Consent Grant Attacks

    Learn how criminals are using illicit Consent Gran Attacks to gain access to your email and data and what to do to spot it.

    https://blogs.microsoft.com/on-the-issues/2020/07/07/digital-crimes-unit-covid-19-cybercrime/

    Connect with us:

    https://www.linkedin.com/company/envisionitllc

    marketing@envisionitllc.com