Darknet Diaries Darknet Diaries+

A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world.

In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/.

We also hear from Bill Marczak and John Scott-Railton from Citizen Lab.

If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games.

Sponsors
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer.
Learn more about your ad choices. Visit podcastchoices.com/adchoices

Team Xecuter was a group involved with making and selling modchips for video game systems. They often made mods that allowed the video game system to rip games or play pirated games. It was a crowd favorite in the modding scene. Until it all fell apart. The story of what happened to Team Xecuter must be heard to believe.

This episode features Gary Bowser. You can find more about Gary here:

https://twitter.com/Bowser_GaryOPA
https://garyopa.com/
https://www.gofundme.com/f/garyopa-restarting-his-life?utm_location=darknetdiaries

Sponsors
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.

Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthens you’re infrastructure from the ground up with a zero trust posture. ThreatLocker’s allow-listing give you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provices zero trust control at the kernel level. Learn more at www.threatlocker.com.

Sources
https://www.washingtonpost.com/archive/politics/1994/10/27/ringleader-pleads-guilty-in-phone-fraud/56e551bb-a727-43e8-a3ca-1c1f4cf6ef82/
https://www.justice.gov/sites/default/files/usao/legacy/2010/10/12/usab4304.pdf
https://www.eurogamer.net/nintendo-to-appeal-not-guilty-judgement-of-flash-cart-sellers-7
https://www.gamesindustry.biz/nintendo-pounces-on-global-piracy-outfit
https://www.justice.gov/opa/pr/two-members-notorious-videogame-piracy-group-team-xecuter-custody
https://medium.com/swlh/watch-paint-dry-how-i-got-a-game-on-the-steam-store-without-anyone-from-valve-ever-looking-at-it-2e476858c753#.z05q2nykc
https://www.lemonde.fr/police-justice/article/2022/05/27/voler-des-societes-qui-font-des-milliards-qu-est-ce-que-j-en-ai-a-faire-max-louarn-c-ur-de-hackeur_6127821_1653578.html
https://www.theverge.com/2020/11/20/21579392/nintendo-big-house-super-smash-bros-melee-tournament-slippi-cease-desist
https://www.youtube.com/watch?v=U7VwtOrwceo
https://www.youtube.com/watch?v=5sNIE5anpik
Learn more about your ad choices. Visit podcastchoices.com/adchoices

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.

Breakmaster Cylinder’s new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that.

Sponsors
Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more.

Sources
https://www.wired.com/story/costa-rica-ransomware-conti/
https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook
https://www.youtube.com/watch?v=QHYH0U66K5Q
https://www.youtube.com/live/prCr7Z94078
https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america
https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/
https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/

Attribution
Darknet Diaries is created by Jack Rhysider.
Assembled by Tristan Ledger.
Episode artwork by odibagas.
Mixing by Proximity Sound.
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
Learn more about your ad choices. Visit podcastchoices.com/adchoices

Deviant Ollam is a physical penetration specialist. That means he’s paid to break into buildings to see if the building is secure or not. He has done this for a long time and has a lot of tricks up his sleeve to get into buidings. In this episode we hear 3 stories of him breaking into buildings for a living.

You can find more about Deviant on the following sites:

https://twitter.com/deviantollam

https://www.instagram.com/deviantollam

https://youtube.com/deviantollam

https://defcon.social/@deviantollam

https://deviating.net/

Sponsors
Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthens you’re infrastructure from the ground up with a zero trust posture. ThreatLocker’s allow-listing give you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provices zero trust control at the kernel level. Learn more at www.threatlocker.com.

This show is sponsored by Packetlabs. They’ve created the Penetration Testing Buyer’s guide - a comprehensive resource that will help you plan, scope, and execute your Penetration Testing projects. Inside, you’ll find valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. https://guide.packetlabs.net/.

Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries.
Learn more about your ad choices. Visit podcastchoices.com/adchoices

One day Connor Tumbleson got an email saying his identity has been stolen. And this was one of the strangest days he’s ever had.

Sponsors
Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Qurotum Cyber at quorumcyber.com.

Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators can see what you’ve created. Try it out at https://skiff.com.

Support for this show comes from AttackIQ. AttackIQ’s security optimization platform emulates the adversary with realism to test your security program, generating real-time performance data to improve your security posture. They also offer free training. Head to attackiq.com to get a closer look at how AttackIQ can help you today.


Sources
https://connortumbleson.com/
https://krebsonsecurity.com/2022/10/glut-of-fake-linkedin-profiles-pits-hr-against-the-bots/
Snippet from Darknet Diaries ep 119 about North Korean’s getting tech jobs to steal bitcoin https://www.youtube.com/watch?v=v1ik6bAwELA


Attribution

Assembled by Tristan Ledger.
Sound design by Garrett Tiedemann.
Episode artwork by odibagas.
Mixing by Proximity Sound.
Theme music created by Breakmaster Cylinder.
Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sam Bent, a.k.a. DoingFedTime, brings us a story of what it was like being a darknet market vendor.

Learn more about Sam at https://www.doingfedtime.com/.

Sponsors
Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer.

Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.
Learn more about your ad choices. Visit podcastchoices.com/adchoices