Ep 49: Elliot

en-usOctober 15, 2019

Podcast Summary

A Reverse-Engineering Expert Finds Vulnerabilities in a Pro-Trump Dating App: Robert Baptiste, aka Elliot Alderson, discovered that the pro-Trump dating app, Donald Daters, had security vulnerabilities, highlighting the importance of properly securing user data.
Robert Baptiste, who is also known as Elliot Alderson on Twitter, is a reverse-engineering expert and a security specialist based in Paris. He spends most of his time finding vulnerabilities in Android applications and testing them to make sure they don't do anything they shouldn't be doing. Robert likes to follow Fox News account on Twitter and found out about a new Android app called Donald Daters, which is a dating app designed for people who enjoy Donald Trump. He decompiled the app, found out that Firebase was used as the online database, and was able to extract the URL and keys used to access it. Firebase doesn't need a key or password to read or write to the database, but has a set of permit-and-allow rules on the Google side.
Lack of Security Measures Causes Data Breach in Donald Daters App.: Prioritize security measures to prevent data breaches and protect users’ personal information. A lack of security can result in reputation damage and loss of trust from customers.
A hacker was able to access the entire Donald Daters database within five minutes due to the lack of security measures. Elliot, the hacker, downloaded all profile pictures and personal messages of the users, and even posted them on Twitter as a warning to users not to use the app. The database was not secure and anyone could have accessed it with a single URL. The breach was quickly reported by tech journalists and the company's reputation was damaged. Despite Elliot's actions, he believes that he was helping the company by revealing the vulnerabilities, not using them for malicious intent. Companies should prioritize security measures to protect users' data and prevent breaches that could negatively impact their reputation.
The Importance of Ethical Hacking in Cybersecurity and Privacy: Elliot Alderson's work showcases that ethical hacking is essential in raising awareness about security vulnerabilities and protecting user data. It also highlights the potential dangers of government programs that link personal information.
Elliot Alderson found security vulnerabilities in various companies, including Donald Daters, and publicly exposed them to protect user data. He believed that it is possible to both criticize a company while also protecting user data, and that intention matters when it comes to ethical hacking. Elliot also identified security issues with Aadhaar, a government program in India that links citizens' personal information, and raised concerns about the potential dangers of such programs. He emphasized that this issue is not limited to India and that similar programs may be implemented in other countries. As an ethical hacker, Elliot's work sheds light on important issues related to cybersecurity and privacy.
Weak Security of India's Aadhaar System Puts Personal Data at Risk: Protect personal data like Aadhaar and treat it like identity cards or social security numbers. Weak security systems can lead to identity theft, making it crucial to implement strong data protection measures. Stay vigilant and teach citizens to be cautious.
The Indian government's Aadhaar system is vulnerable to identity theft and personal data exposure due to weak underlying security. Thousands of Aadhaar numbers were found publically online, which can have horrible consequences if misused. Elliot, an internet vigilante, exposed these vulnerabilities and encouraged the government to improve the security and privacy of Aadhaar. It is essential for the European countries to stay vigilant and teach their citizens to be careful with personal data. Personal data such as Aadhaar should not be shared publically and considered like identity cards or social security numbers. Weak security systems can result in serious consequences like identity theft, thereby emphasizing the significance of strong data protection measures.
Elliot Alderson's Hack on the Aadhaar Identification System in India.: Elliot's hack emphasizes the vulnerabilities of online identification systems and the need for increased security. It also highlights the dangers of sharing personal information online, cautioning against harmful practices like doxing.
Elliot Alderson, a hacker, was able to successfully hack into the Prime Minister of India's website and tweets about it, receiving a friendly response from the office of Narendra Modi. Despite the illegal nature of hacking, Elliot remains open about his actions and his following online continues to grow. Aadhaar, an identification system in India, has received mixed reactions and was the target of Elliot's hack, revealing the personal information of a government official. The hack exposed Aadhaar's vulnerabilities and the lack of security, yet the government official remained unapologetic. Elliot highlights the need for increased security and caution when sharing personal information online and warns against the harmful practice of doxing. The online world remains a potentially dangerous place with the potential for devastating consequences.
Elliot's Actions Prove the Importance of Prioritizing Data Security: Companies must prioritize security to protect users' data and individuals should be cautious of poorly-built websites and applications that compromise data security.
Elliot discovered a major breach in an Indian company that exposed 6.7 million Aadhaar numbers without authentication. He shared this information with a journalist to raise awareness about the vulnerability. He also found a vulnerability in an Android app called 63red that was built like a website, making it easy for him to access the database URL and API keys without any authentication process. Elliot's actions show the need for companies to take security seriously and prioritize the protection of user data. He serves as an example for individuals to be vigilant of the risks of poorly-built websites and applications that compromise data security.
The Importance of Appreciating Security Researchers: Companies should acknowledge the efforts of security researchers, who work to protect their businesses against cyber threats. Threatening them is not acceptable, and their political affiliations should not be a factor in their work.
Security researchers are not bad guys and they are here to help companies. Companies should appreciate their work and thank them for finding vulnerabilities in order to save their business before someone with bad intentions exploits them. Threatening a security researcher is not a good signal to the community and companies should understand that they are doing this work as a job. Elliot found vulnerabilities in pro-Trump apps but he does not care about the political side of the owner. He believes that his work is way bigger than this and he is willing to find vulnerabilities in other applications of both sides. Elliot is a public person and he is doing good things publicly and this is the reason why he is not a bad guy.
Elliot Alderson: The Hacker Who Helps Companies Improve Their Security: Elliot Alderson's non-malicious hacking to find vulnerabilities in apps and offer improvements helps companies improve security, benefiting everyone involved.
Elliot Alderson, a grey hat hacker, finds vulnerabilities in apps and reports them to the companies to help improve their security. He does not have malicious intent and does not earn money from his findings. While his actions may not be explicitly legal, he believes that in Europe there are exceptions when it comes to finding security issues. Elliot's goal is to communicate about security and help companies improve. Although his actions may seem odd, they are ultimately beneficial for everyone involved. This kind of work should be done by the companies themselves, but since they don't, Elliot takes it upon himself to help improve app security.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

Secure Digital Life #3 - What Data Should You Submit on the Internet?

Everything you share online is shared with the entire world. It’s like the world’s biggest subway platform. Doug and Russ talk about what to share and what not to share in this giant, greasy mess!

Secure Digital Life (Audio)

enMarch 08, 2017

Don't underestimate how much trouble Facebook is in right now

Facebook's management doesn't seem to understand why daily use on the site is continually falling. It may be because of all of the false promises Facebook has made about fixing problems like fake news and conspiracy videos. Facebook would do well to remember the fall of Myspace and what happened to Nokia and Blackberry.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Kim Komando Daily Tech Update

enMarch 20, 2018

Secure Digital Life #4 - What Is the Internet of Things?

Are you surrounded by gadgets? You probably are. Doug and Russ talk about the Internet of Things (IoT) and how it affects and changes your life!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Secure_Digital_Life_Episode04_March_02,_2017

Twitter: @SecureDigLife

Secure Digital Life (Audio)

enMarch 08, 2017

Trading Tech Talk 2: Hackers and Rogue Algos

Trading Tech Talk 2: Hackers and Rogue Algos

Hot Topics in Tech: Security of Financial Platforms

Should we expect more attacks in the future? Is this the new norm going forward? What sort of realistic uptime expectations should institutional clients, end users of exchanges and vendors have in this environment? Are we approaching a point where retail clients should maintain multiple brokerage account to ensure access at all times?

While the recent OPRA problem was limited to NASDAQ OMX, it highlights the issue of the entire industry fixating around a single point of failure. What risks does that pose to the marketplace? How do we address that as an industry? Rogue algos are not just the domain of equities and options anymore; futures are now under attack as well.

The Inbox: We’re taking your questions

Question from Amac: Is there a way for small traders to see or get access to big options shows via IM? Seems like I am missing much of the picture.
Question from T. Norvin: What exactly is a sweep order? Can a sweep be used to lift liquidity without moving markets? I.e. Buy 10 on all vs. 100 on one exchange?

The Lightning Round: A minute to win it

Should customer open multiple brokerage accounts to avoid security risks?
The industry will have a backup/alternate to OPRA in place by the end of 2014 - Yea or Nay?
Will every major derivatives exchange experience some sort of systems outage/glitch in 2014?
Will microwave transmission gain a foothold in the U.S. financial markets in 2014?

enFebruary 13, 2014

Flaw in Apache, Wikileaks Unveils Project Protego, and Linux 4.13 - Paul's Security Weekly #529

The nightmare that is patching IoT devices, essential bug bounty programs, controlling voice assistants, flaws in Apache Struts2, and more security news!

Full Show Notes: https://wiki.securityweekly.com/Episode529

Security Weekly Podcast Network (Video)

enSeptember 12, 2017