59 episodes

NAXO co-founder and former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity.
Each month, Chris and Hector will sit down to discuss:

Recent cyber attacks and key takeaways

Regulatory developments that impact how companies and individuals guard their data

New attack vectors and capabilities, including breakdowns of how they can be protected against

Techniques to keep you, your family, and your company safe from cyber attacks


Subscribe to be the first to hear about new Hacker and the Fed episodes.
Contact us at hatf@naxo.com if you have a topic you’d like Chris and Hector to discuss on the podcast.
Find out more about NAXO: www.naxo.com
Follow us on LinkedIn: https://www.linkedin.com/company/81891840
Follow Chris on LinkedIn: https://www.linkedin.com/in/chris-tarbell-20b129278/
Follow Hector on LinkedIn: https://www.linkedin.com/in/hxmonsegur/
-----------------
By accessing this podcast, you acknowledge that the Hacker and the Fed podcasts and any information, opinions or recommendations contained therein are for general informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. NAXO has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material and any reliance upon the information provided in the Hacker and the Fed podcast is done at your own risk.
NAXO makes no warranty, guarantee or representation as to the accuracy, sufficiency, completeness, timeliness, suitability or validity of the information in this podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless specifically stated otherwise, NAXO does not endorse, approve, recommend or certify any information, product, process, service or organization presented or mentioned in this podcast, and information from this podcast should not be referenced in any way to imply such approval or endorsement. The views expressed by guests are their own and their appearance on this podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by NAXO employees are those of the employees and do not necessarily reflect the views of NAXO. The third-party materials or content of any third-party site referenced in this podcast do not necessarily reflect the opinions, standards or policies of NAXO. NAXO assumes no responsibility or liability for the accuracy or completeness of the content contained in third-party materials or on third-party sites referenced in this podcast or the compliance with applicable laws of such materials and/or links referenced herein. Moreover, NAXO makes no warranty that this podcast, or the server that makes it available, is free of viruses, worms or other elements or codes that manifest contaminating or destructive properties.
NAXO EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY OR RESPONSIBILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR OTHER DAMAGES ARISING OUT OF ANY INDIVIDUAL'S USE OF, REFERENCE TO, RELIANCE ON, OR INABILITY TO USE, THIS PODCAST OR THE INFORMATION PRESENTED IN THIS PODCAST.

Hacker And The Fed NAXO

    • Technology
    • 4.8 • 8 Ratings

NAXO co-founder and former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity.
Each month, Chris and Hector will sit down to discuss:

Recent cyber attacks and key takeaways

Regulatory developments that impact how companies and individuals guard their data

New attack vectors and capabilities, including breakdowns of how they can be protected against

Techniques to keep you, your family, and your company safe from cyber attacks


Subscribe to be the first to hear about new Hacker and the Fed episodes.
Contact us at hatf@naxo.com if you have a topic you’d like Chris and Hector to discuss on the podcast.
Find out more about NAXO: www.naxo.com
Follow us on LinkedIn: https://www.linkedin.com/company/81891840
Follow Chris on LinkedIn: https://www.linkedin.com/in/chris-tarbell-20b129278/
Follow Hector on LinkedIn: https://www.linkedin.com/in/hxmonsegur/
-----------------
By accessing this podcast, you acknowledge that the Hacker and the Fed podcasts and any information, opinions or recommendations contained therein are for general informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. NAXO has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material and any reliance upon the information provided in the Hacker and the Fed podcast is done at your own risk.
NAXO makes no warranty, guarantee or representation as to the accuracy, sufficiency, completeness, timeliness, suitability or validity of the information in this podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless specifically stated otherwise, NAXO does not endorse, approve, recommend or certify any information, product, process, service or organization presented or mentioned in this podcast, and information from this podcast should not be referenced in any way to imply such approval or endorsement. The views expressed by guests are their own and their appearance on this podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by NAXO employees are those of the employees and do not necessarily reflect the views of NAXO. The third-party materials or content of any third-party site referenced in this podcast do not necessarily reflect the opinions, standards or policies of NAXO. NAXO assumes no responsibility or liability for the accuracy or completeness of the content contained in third-party materials or on third-party sites referenced in this podcast or the compliance with applicable laws of such materials and/or links referenced herein. Moreover, NAXO makes no warranty that this podcast, or the server that makes it available, is free of viruses, worms or other elements or codes that manifest contaminating or destructive properties.
NAXO EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY OR RESPONSIBILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR OTHER DAMAGES ARISING OUT OF ANY INDIVIDUAL'S USE OF, REFERENCE TO, RELIANCE ON, OR INABILITY TO USE, THIS PODCAST OR THE INFORMATION PRESENTED IN THIS PODCAST.

    The Colonial Pipeline Hack, the SEC's X Account, and Special Agent Aron Mann on Homeland Security and Cyber

    The Colonial Pipeline Hack, the SEC's X Account, and Special Agent Aron Mann on Homeland Security and Cyber

    On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked.
    Links from the episode: 
    https://www.ice.gov/about-ice/homeland-security-investigations
    https://www.ice.gov/partnerships-centers/cyber-crimes-center
    https://www.usajobs.gov/
    https://www.usajobs.gov/Search/?k=homeland%20security%20investigator
     
    Colonial Pipeline Hack - May 2021
    https://www.justice.gov/opa/speech/dag-monaco-delivers-remarks-press-conference-darkside-attack-colonial-pipeline
    https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
    https://www.justice.gov/media/1159701/dl

    From Loyal Employees to Cybercriminals
    https://thesun.my/opinion_news/from-loyal-employees-to-cybercriminals-AC12012406

    Mother of All Breaches Reveals 26 Billion Records: What We Know So Far
    https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

    SECGov X Account
    https://www.sec.gov/secgov-x-account

    Support our sponsors:
    NAXO is a premier cybersecurity and investigations firm, including blockchain forensics, whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
    Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

    • 1 hr 33 min
    A Train Hack, $80M Pig Butchering Scheme, and Greg Van Houten of Haynes Boone on the SEC's New Cybersecurity Disclosure Rules

    A Train Hack, $80M Pig Butchering Scheme, and Greg Van Houten of Haynes Boone on the SEC's New Cybersecurity Disclosure Rules

    This week on Hacker And The Fed we interview Greg Van Houten of Haynes Boone and policyholderplaybook.com, a seasoned civil litigator who focuses on insurance recovery. We talk to Greg about the SEC's new cybersecurity disclosure rules, which went into effect this month. We also discuss a massive hack that went unreported, a train hack due to a vendor’s geofencing feature, indictments in an 80-million-dollar pig butchering scheme, and a MongoDB security breach.
    Links from the episode: 

    Greg Van Houten of Haynes Boone
    policyholderplaybook.com
     
    SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers. Authored by Greg Van Houten (Haynes Boone), David Franzel (NAXO), and Chris Tarbell (NAXO)
    https://www.cybersecuritydive.com/news/secs-cyber-disclosure-rules-tips/700550/
     
    The Biggest Hack Over the Last Few Years Has Gone Unreported
    https://twitter.com/mattjay/status/1735046508242780575
     
    Train Hack Due to Vendor Geofencing Feature
    https://social.hackerspace.pl/@q3k/111528165627522619
     
    Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them
    https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/
     
    Four Men Indicted in $80 million ‘Pig Butchering’ Scheme
    https://www.cnbc.com/2023/12/14/pig-butchering-scam-results-in-four-indictments-two-arrests-doj.html
     
    MongoDB Suffers Security Breach, Exposing Customer Data
    https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

    Support our sponsors:
    NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
    Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

    • 1 hr 25 min
    The FBI Shares Tactics of a Ransomware Gang, a Ransom Payment Fail, and Cyber Law with Lance Taubin

    The FBI Shares Tactics of a Ransomware Gang, a Ransom Payment Fail, and Cyber Law with Lance Taubin

    This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult.
    Links from the episode: 
    FBI Shares Tactics of Notorious Scattered Spider Hacker Collective
    https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/
     
    Dolly.com Pays Ransom, Attackers Release Data Anyway
    https://cybernews.com/security/dolly-data-breach-ransomware-attack/#google_vignette
     
    Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
    https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/
     
    FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
    https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html
     
    Lance Taubin | Technology and Privacy Attorney | Alston & Bird

    Support our sponsors:
    NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
    Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

    • 1 hr 24 min
    The SolarWinds hack, North Korea IT Workers, Hackers Targeting a Data Company, and Listener Questions

    The SolarWinds hack, North Korea IT Workers, Hackers Targeting a Data Company, and Listener Questions

    This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management.
    Links from the episode: 
    Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
    https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover
     
    Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program, FBI Says
    https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b?taid=6531b8b29c11a80001ef2a28
     
    Hackers Target Company That Vets Police Data Requests for Tech Giants
    https://www.404media.co/hackers-target-kodex-accounts-edrs/
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
    Go to Cloudsolvers.com and tell them "Hacker and the Fed sent you" for a free assessment of your current environment
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at questions@hackerandthefed.com

    • 1 hr 25 min
    MOVEit and MGM Resorts Hacks, U.S. Senate's Email System Melts Down, Cisco Can't Stop Using Static Passwords, and Listener Questions

    MOVEit and MGM Resorts Hacks, U.S. Senate's Email System Melts Down, Cisco Can't Stop Using Static Passwords, and Listener Questions

    This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles.
    Links from the episode:
    MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool
    https://therecord.media/progress-new-file-transfer-vulnerability
     
    MGM Resorts Hack Update
    https://x.com/brettforrest89/status/1711885567695433765
     
    US State Dept has No Idea if its IT Security Actually Works, Say Auditors
    https://www.theregister.com/2023/10/02/us_state_security_gao/
    https://endoflife.date/windows
     
    The Senate’s Email System Melted Down in the Face of Security Test
    https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/
     
    Cisco Can't Stop Using Static Passwords
    https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html

    Support our sponsors:
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at questions@hackerandthefed.com

    • 1 hr 24 min
    Are Paying Ransoms Illegal? Ransomware Shuts Down a 158 Year Old Company, Fido2 Security Keys, and Hacktivist Rules

    Are Paying Ransoms Illegal? Ransomware Shuts Down a 158 Year Old Company, Fido2 Security Keys, and Hacktivist Rules

    This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules.
    Links from the episode:
    Microsoft Releases Its Yearly Digital Defense Report
    https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
     
    Are Paying Ransoms Illegal in the U.S.?
    https://www.huntonprivacyblog.com/2022/07/26/florida-enacts-law-prohibiting-state-agencies-from-paying-cyber-ransoms/
     
    NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
    https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
     
    Zero-days for Hacking WhatsApp are Now Worth Millions of Dollars
    https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/
     
    Lazarus Impersonated Meta Recruiter to Breach Spanish Aerospace Firm
    https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/
     
    Kettering logistics firm enters administration with 730 jobs lost
    https://www.bbc.com/news/uk-england-northamptonshire-66927965
     
    FDA Cyber Mandates for Medical Devices Goes into Effect
    https://cyberscoop.com/fda-cybersecurity-medical-devices/
     
    City of Dallas Suffers a Ransomware Attack
    https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf
     
    International Committee of the Red Cross Published Rules of Engagement for Civilian Hackers Involved in Conflicts
    https://www.bbc.co.uk/news/technology-66998064
    https://www.theregister.com/2023/10/04/red_cross_hacktivist_rules/
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at questions@hackerandthefed.com

    • 1 hr 14 min

Customer Reviews

4.8 out of 5
8 Ratings

8 Ratings

satkveera ,

Good content but need improvements

I believe you are doing great however areas of improvement would be to include the sources of information like when you are referring to some reports etc. this will help people like me to learn more. Thanks!

Top Podcasts In Technology

BBC Radio 4
Cool Zone Media
Lex Fridman
Ben Gilbert and David Rosenthal
Jack Rhysider
The New York Times

You Might Also Like

Hacked
Malicious Life
N2K Networks
N2K Networks
Graham Cluley & Carole Theriault
Jack Rhysider