Malicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.
Subscribe to this podcastOpen in app
When it was founded in 2011, Norse Corp. - which described itself as "the world's largest dedicated threat intelligence network" - had everything a promising startup could wish for: a charismatic and experienced founder, a rare and valuable technology, and few tens of millons of dollars from investors. Less than six years later, it all came crashing down in the most horrible death a business can experience. What went wrong in Norse Corp.?
John Deere, an American agricultural machinery manufacturer, has recently enraged many farmers and digital rights activists due to the restrictive fixing policy of its tractors. Now, an Australian white hat hacker named Sick Codes has demonstrated not only how he was able to jailbreak the company’s tractors and run Doom on them (because why not) - but also hack into its global operations center, demonstrating how hackers can easily take over a huge number of farming machines all over the world.
In 2006 the Russian Business Network pivoted its business: the once legitimate ISP became a ‘bullet-proof' hosting service, catering to the needs of cybercriminals. It quickly became the largest player in the Russian cybercrime landscape, with ~60% of all cybercrime activity related to Russia connected to it in some way. Following the Russian government’s years-old tradition of collaborating with organized crime, it's no wonder that the Russian Business Network quickly became Putin’s informal cyber attack arm.
Sports is not something that you usually hear mentioned when people talk about cybersecurity - but Chris Cochran and Ron Eddings, co-founders of Hacker Valley Media, believe that cyber professionals can take inspiration from MMA wrestlers and Chess Grandchampions to get to their own version of Peak Performance.
One day in 2008, Michael Daugherty - CEO and owner of LabMD, a cancer detection lab - got a call from an executive of TiVera, a cybersecurity company. The caller said that a file containing private medical data of some 9000 of LabMD's patients has been discovered online. When Michael refused to pay for TiVersa's hefty "consultation fee", it reported the incident to the FTC. This was the beginning of a ten-year-long legal battle that ultimately destroyed LabMD - but cost the Federal Agency dearly.
Media companies probably get hacked no more than other, non-media oriented organizations such as hospitals, banks, etc. But these hacks are often more visible and more memorable because… well, media companies are more public facing by their very nature. How can these organizations be hacked, and why should we care about such attacks? Nate Nelson spoke with Joel Molinoff, former chief information risk officer for CBS Corporation, and Dan Vasile, former vice president of information security at Paramount.
Financial markets make good targets for criminals: after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: Genuine finance industry professionals.
Authentication has come a long way since the 1980s or 90s. But when it comes to phone calls - we’re still in the Middle Ages. Vishing, or Voice Scams, are probably as old as the Telephone itself, yet it is still very easy to impersonate someone over the phone or spoof a phone call’s origin. Rachel Tobac is a hacker and the CEO of SocialProof Security, where she helps people and companies keep their data safe by training and pen-testing them on social engineering risks. Rachel spoke with Nate Nelson, our Sr. producer, about Vishing: how common is it, where attackers get the information they need to impersonate someone from, and the many many psychological tricks they can employ to fool the person on the other side of the call.
In any trading market, at any time in history, no matter where you are, the most important thing you can possess isn’t actually money, or influence, or anything like that. Knowledge -- in particular, knowing something before everybody else -- is far more valuable. Some traders are willing to go to great lengths to get it before anyone else. In some cases, they’ll apply great ingenuity to the problem - but in others, they’ll use manipulation -- hacking into these technologies to gain an unfair advantage, and make a fortune along the way.
The name Lulzsec is probably very familiar to listeners who were around in 2011, when this hacking group was at the peak of its nefarious activity. As their name implies, Lulzsec was known for trolling their victims: their childish behavior might have fooled some people into thinking that Lulzsec was mostly harmless - but as the story you’re about to hear will show, they were anything but.
The US government says that Kim Schmitz, better know as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as a an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA?
Multi-Factor Authentication (MFA) is usually considered a better solution for authentication than just using passwords. But Roger Grimes, a veteran security professional, and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provides us - is false.
Language models are everywhere today: they run in the background of Google Translate and other translation tools; they help operate voice assistants like Alexa or Siri; and most interestingly, they are available via several experiential projects trying to emulate natural conversations, such as OpenAI’s GPT-3 and Google’s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data?
In May 2021, Following the Solarwinds and the Colonial Pipeline attacks, the Biden administration published a presidential Executive Order mandating the use of SBOMs - Software Bill of Materials - in all government agencies. What are SBOMs and how useful are they in cybersecurity? Nate Nelson talks to two experts: Allan Friedman (CISA) and Chris Blask (Cybeats).
Criminals, particularly cyber criminals, aren’t “good” people; in most cases, they do have their own personal boundaries. Every once in a while, you encounter a criminal who’s different. Someone who seems not to have limits at all. A ruthless person, for whom the goal truly justifies the means. Leo Kuvayev is that kind of a person - and that made him so successful as a cyber-criminal. But even a genius criminal can go just one step too far.