The Host Unknown Podcast - Episode 141 - You know why this is late
Episode Date: February 25, 2023This week in Infosec20th February 2003: Alan Giang Tran, former network admin for 2 companies, was arrested after allegedly destroying data on the companies' networks. Two months later he pleaded guil...ty to a federal charge of intentionally causing damage to a protected computer.Man arrested for allegedly shutting down employers' computershttps://twitter.com/todayininfosec/status/162774885785659393118th February 2008: 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets.Burger King Twitter Account Hackedhttps://twitter.com/todayininfosec/status/1627115690577608707 Rant of the WeekAccidental WhatsApp account takeovers? It's a thingA stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.Your humble vulture heard this bizarre tale of inadvertent WhatsApp account hijacking from a reader, Eric, who told us this happened to his son, Ugo."This is a massive privacy violation," Eric said. "My son had long-lasting access to that person's private messages as well as group messages, both personal and work related."The security hole stems from wireless carriers' practice of recycling former customers' phone numbers and giving them to new customers.WhatsApp acknowledges that this can happen, but says it's extremely rare. Billy Big BallsGoDaddy: Hackers stole source code, installed malware in multi-year breachWeb hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign. Industry NewsNorway Seizes Millions in North Korean CryptoFBI "Contains" Cyber-Incident on its NetworkGoDaddy Announces Source Code Stolen and Malware Installed in BreachRansomware Gang Seeks to Exploit Victims' Insurance CoverageCity Fund Managers Jailed for $8m FraudHydrochasma Group Targets Asian Medical and Shipping SectorsPhishing Sites and Apps Use ChatGPT as LureICO Calls on Accountants to Improve SME Data ProtectionHackers Use S1deload Stealer to Target Facebook, YouTube Users Tweet of the Week https://twitter.com/unusual_whales/status/1628898963087851521?s=20 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
why is it i never understand a thing you two talk about half the time
because you are an uncultured swine
well that's bloody charming isn't it yes yes i have to say i'm going to make a note
not to talk about your age anymore tom i will find more creative ways to insult you because
because i realize your mother your mother told me that you do realize
the older you make tom sound the older it makes me so clearly tom's not her biological son that's
the i was gonna say basically you got told off by my mum no, your mother is the absolute, the witty, charming Langford. I am friends
with the wrong Langford in the family. That's all I can say about that.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening, from wherever you're joining us.
Welcome to episode 141.
145!
Of the Host Unknown podcast. Hang on, we've added an extra one there.
It should be 44, shouldn't it? I don't know.
No, it was 144 last week.
Oh, was it? Well, I know that we're on episode 141, I really do. I was trying to explain this to my mum the other day, actually.
But yeah, welcome. Welcome. Welcome, dear listener. Thank you for joining us for your
hour-long weekly pleasuring by the three of us. We are looking forward to doing more of the same.
Gentlemen, how are we? Jav, how have you been?
I've been good. I've been good,
thanks. You know, last week I was in Berlin, then I flew back this week, back to the grind.
As opposed to the deeply pleasurable state of Berlin.
Wow. So I spent the weekend... You were there for for good oh oh you did have some time off okay
i did have some time off so uh there's a college friend of mine who was my best friend for many
years and i haven't seen him for like 12 13 years yeah right and he recently moved to germany so i
was like dude i'm coming to berlin why don't you he only lives like an hour hour and a half outside
of berlin and so he came down and then we spent the weekend together.
And like, you know how it is with old friends.
You just pick up where you left off and we're both 17 again.
Yeah.
It was just the best weekend.
Are you picking up like you left off in the same way that Andy's
picking up his cereal where he left off?
Can you hear me?
Sorry.
From just before
we hit record.
I didn't actually realise you were
recording when you
came back.
I'm still looking
for a tweet of the week.
Oh no, I've added that in already.
Oh right, okay.
Get with the programme.
I was too busy, I was getting cereal
So it was a good weekend
And much fun and frivolity was had
It was indeed
It was indeed
Good, Andy what about you?
Mixed
Mixed week I think
In an ongoing saga
I got back It was my mother-in-law's birthday
last weekend so um we're away and uh i got back to see my uh neighbor uh my neighbor's ladder
up against the tree at the back of my garden right he has cut uh the top of the tree um as well as some branches that were over on his
side but the top was not on his side and he had to lean over my side to get to it and so i was
like hang on a second like you know i'm not happy about that yeah that that's not right And, yeah, so I took out my phone
Because I was going to give him a call
And I opened up WhatsApp
Because that's the only way I've ever spoken to him
And he removed me from the neighbourhood watch group
It actually says, like, you know
What?
Number 39 Piltop has removed you from this group
What?
Hang on a second.
What is going on here?
So not only has he chopped your tree,
he's also increased your opportunity for being targeted for casual theft
by removing you from the neighbourhood watch club.
Oh, exactly.
Do you know what?
Absolutely.
And that's what the legal filing is going to say as well.
Yeah.
They can't kick you out of the NWA.
I mean, it's...
The NWA?
You know, the Neighbourhood Watch Association.
I'm sensing there's an undertone to what the NWA is,
but I have no idea.
Oh, dude.
Being a curmudgeonly young thing that I am.
Forget the police is what they are.
Exactly, exactly.
How's your week anyway, Tom?
Although, even though I partially know, because I did see you yesterday.
Yes, we caught up yesterday at the Thais conference, which was good fun.
But yeah, mixed bag, mixed bag.
I've been up in London, Thais conference was good.
But unfortunately, as you both know,
my mother, the Duchess of Ladywell,
is in. So it's, you know, I've been spending
my evenings, well, late afternoons and
evenings with her. It's all good.
It's all good, dear listener. I know
everybody's now clamouring
for news, but it's
all good. It's all precautionary
and all that sort of stuff. And in fact, she's more
bored than anything. So bored in fact that uh she was even replying to jav's emails uh to her hassling my mother while
she's in her hospital bed i hasten to add jav as if she hasn't got better things to do
entertained and uh it was great fun so so the first email was she sent it to me with the subject hospital visitor.
And it was a picture of Tom on the chair next to a bed, fast asleep.
And I was like, who's the patient here?
Those hospital wards are warm.
I'm telling you, they're really warm.
You go in there, you immediately feel sleepy, I have to say.
I can just imagine Tom walking in.
Mum, oh, thank God I came as quickly as I could.
You look like you're well.
I'm just going to lay down here for a second.
Pressing the call button for the nurse to bring an extra pillow.
And a nice cup of tea oh wow oh dear yeah so it's been a bit of a like you say it's all good we'll see what happens hopefully she'll be out in the next day or so but uh yeah but yeah you know
you get a phone call from the person who never phones you to say your mother's in hospital it's like okay my mind's racing now so but no it's all good it's all good so yeah a little bit of a
little bit of a mixed bag but uh but yeah speaking of mixed bags shall we see what we've got coming
up for you today this week an episode reminisces about some old school cyber vandalism rant of the
week discusses the potential
to be accidentally added to a group chat.
Billy Big Balls laughs at the average
207 daytime to detection.
Industry News brings us the latest
and greatest security news stories
from around the world.
And Tweets of the Week is more distressing news
of layoffs.
So, let's move on to our favorite parts of the show
part of the show that we like to call this week in infosec
it is that part of the show where we take a stroll down InfoSec memory lane with content liberated from the today in InfoSec Twitter account.
And our first story takes us back a mere 20 years when Alan Jiang Tran, former network admin for two companies, was arrested after allegedly destroying data on the company's networks.
And then two months later, he actually pleaded guilty to a federal charge of intentionally causing damage to a protected computer.
And so what happened? The company's computer system was attacked.
Passwords on the system were changed and specialized applications were deleted.
And then once the federal investigators executed a search warrant at his home,
they found several computers and the all incriminating file folder on his machine
marked retaliation and information regarding the company's computer systems.
Now, if he'd named that folder homework, nobody would have gone in there.
Because that's always worked for me.
Exactly.
folder homework nobody had gone in there because that's that's always exactly you know yeah so it's a two-week period that you spend just going in just modifying things and deleting files
and so other employees weren't able to use their computers and the actual companies airline coach
service and sky limousines were unable to dispatch drivers to pick up clients and so yeah i think the
company lost thousands of dollars in business.
You've got to be pretty pissed off to do something like that, haven't you?
I mean, you've got to wonder what they did to him.
Yeah, but, you know, I used to have the folders on my machine,
you know, sort of labelled blackmail material, stolen files,
like just in case, like, you in case anyone saw my machine,
hopefully that would trigger some canaries
when they went into the folders out of curiosity.
Yeah, I've got some folders like that.
So I've got an old employer's name,
and it's a name salary info.
Oh, that's too obvious.
No, executive salary info.
That's right.
Now I've got a Canary token in there just waiting for somebody to have it.
That's far too obvious, though.
That's like proper work-related stuff.
Well, yeah.
I should have just called it homework, right?
So I can just imagine, like, Tom setting this up,
this Canary token on this file, like, thinking he's like,
this is the moment I've been preparing for all my life.
And then you get the notification on your phone,
you're like, what do I do now?
It's like, forget what it is.
It's worse than that.
It's worse than that.
I've actually gone into that folder, like, you know,
three years later.
What the hell is this?
Opened it up, opened the file, found a blank file and gone,
what the hell was that?
And then I got a notification.
I go, oh, yeah, I set that up, didn't I?
Oh, dear.
So, alas, our second story shall take us back just a mere 15 years ago,
just literally yesterday,
when Burger King's twitter account was compromised and it had its name changed to mcdonald's and then shared offensive
tweets as you can imagine so the cyber tricksters you know changed the avatar to a mcdonald's logo
and then sent a mcflurry of questionable and offensive tweets.
Oh, I see what you did there.
Yeah.
But yeah, they basically said they'd been acquired by McDonald's and they sort of did shout outs to their friends and then, you know, mixed tapes that you could tell the
age of the people that took over this account.
Right.
Yeah.
But it actually worked out OK for Burger King because they got 5,000 new followers
in the 30 minutes the account was over.
Oh, that's brilliant.
And all of that would have been avoided
if they'd switched on two-factor authentication,
but I guess they probably couldn't have afforded it.
You don't have a blue tick, right?
Well, actually...
Actually, actually...
Actually... Without a blue tick, right? Well, exactly. Actually, actually, if you have a blue tick,
without the blue tick, you can turn on any 2FA,
but not the SMS one, not the weak-ass SMS one.
You can use an authenticator.
Details, details.
But you mean the one that was there originally by default
that everybody's got enabled because they've all done what they're told?
It is the only thing I have.
Yeah, and now they're being told they have're told. It's the only thing I have. Yeah.
And now they're being told they have to pay for that or move to a different one.
It's like that.
Or move to a more secure one.
This is the genius.
Confusing your user base.
This is the genius of Musk.
He's.
Oh, my God.
You're defending Musk.
He's got rich people with too much money and not enough sense who pay for the blue
ticking ha ha i've got something that's really valuable uh sms 2fa which it isn't and everyone
else they like begrudgingly moved on to a far more secure system so you know this is like security
through deception this is brilliant i think there's a future here. So how's your SMS authentication working out for you, Jack?
Oh, it's brilliant.
It's a blue tick.
It's perfect.
It's perfect.
So I'm actually screwed.
I don't know my password for Twitter,
hence the reason I can only use it on one phone and one laptop
where it's saved and I don't need to authenticate.
So going to a new device is actually
going to screw me because i don't even know i can't access the account so where is it where
is the password saved i don't so it's however i logged on to it originally it's been saved since
then but even if i look at my icloud you know like it comes up with the default that's not the password it says this password is
incorrect i've got no idea how to you know so if i get booted from twitter i doubt i'll be able to
log in again so andy's got an iphone 5c running in the background because that's the only thing
that's logged on to all of his critical social media accounts you joke i actually have my old iphone what was it xr
purely because i've not migrated any of my authenticator
i've got a whole load of sites with authenticator on which i have to power up that phone and use
if i need to make a change so now you're carrying around like three phones And next year when you get a new phone
It'll be four phones
Yeah, that's pretty normal though, right?
Okay, okay
Okay, so when you reach a certain age
You're going to have to start wearing cargo pants
Just to carry your phones
Well, I think just be wearing
Carrying those phones
Because by that point
Phones will be built into
Directly into your
neural pathways.
This is true, but having your
iPhone XR implanted
up your butt just so you don't have to
authenticate something, probably going to
be a bit of a challenge. Anyway,
thank you for that and
for this week's
This Week
in InfoServe.
This is the award-winning Host Unknown podcast.
Guaranteed to be a solid five out of ten at least once a month.
Or twice your money back.
And you can take that to the bank.
Okay, so I'm a bit nervous moving on to this.
It's been a bit of a...
I was running a bit late this morning, so I haven't really looked at this story, but I'm a bit nervous moving on to this. It's been a bit of a... I was running a bit late this morning,
so I haven't really looked at this story, but I'm sure it'll be fine.
Listen up!
Rant of the week.
It's time to murder...rage!
So, this is about WhatsApp and therefore Meta and Facebook,
so I'm automatically riled up straight away.
therefore Meta and Facebook, so I'm automatically riled up straight away. But it's basically saying that the accidental WhatsApp takeovers, account takeovers, are a thing, apparently. And strangers
may be receiving your private WhatsApp messages, which is a little concerning, to be honest with
you, because if you have changed your phone number
and didn't delete the whatsapp account to it it's it's still going to be sending messages to your
old phone number now honestly i was talking about this the other day any i know people who change
their phone numbers every time they change their phone because they move to a different company and
get a better deal etc and they don't bother with the portable appliance code, the PAC,
or as everybody calls it, the PAC code, which is the portable appliance code.
But which I find is really, really bizarre.
The particular journalist on this case said a chap called Eric told him
that it happened to his son ugo sound like made
up names if you ask me of course eric said this is a massive privacy violation and was probably
photographed looking sad in front of his house with his son holding his phone like all good
local newspapers do uh so his son had long-lasting access to that person's private messages, as well as group
messages, both personal and work related. Although in fairness, work related, that's probably more
down to the previous owner of that number. But what it is, the security hole comes from wireless
carriers practice of recycling former customers' phone numbers and giving them to new customers. Well, yeah, that's kind of how life works, right? So WhatsApp has acknowledged that this can happen,
but says it's extremely rare. It's so rare that even this podcast is talking about it.
And that they take many steps to prevent people receiving unwanted messages, including expiring
accounts after a period of sustained inactivity. So Andy, watch out on that, given you probably have lost access
to your Facebook account as well. A WhatsApp spokesperson told the register, if for some
reason you no longer want to use WhatsApp tied to a particular phone number, then the best thing to
do is transfer it to a new phone number or delete
the account within the app.
In all cases, we strongly encourage people to use two-step verification for added security,
which I think Facebook is looking to charge for as well soon, aren't they?
Didn't Zuckerberg say so?
They're looking to charge for verified accounts.
Oh, verified accounts.
Yeah, but he's going to jump straight onto the two-factor.
Yeah, of course, of course.
He's just hopping Musk's homework.
Well, I thought Facebook's MFA was literally built into Facebook.
So I had it where, you know, when I installed it on a new device,
it went to my old device,
but using the actual Facebook app on the old device saying you know did you log in here
i think that's part of it but they but facebook were also caught uh harvesting people's mobile
phone numbers for use with sms two-factor authentication only uh and then selling said
phone numbers and account details to third parties yeah Twitter was accused of that a few years back as well.
Were they? Bastards. Bastards. It's so wrong.
Long before the Musk era.
Yeah, that's right.
Yeah, Twitter bad, Musk even badder.
So, yes, this account, it strikes me that WhatsApp
could be doing a little bit more here,
especially when people are sort of moving accounts and things like that.
But also, why are people surprised that phone companies recycle phone numbers?
Of course, it's not like there's an infinite number of, what is it,
six, seven, eight, nine, ten, eleven digit numbers out there is it i mean there's
whatever eleven digit only 1.1 billion is that right i can't remember um
i'm kind of torn on this one because one i like the convenience so if i go to another country i
just pop out you know my personal sim put in a local sim yeah, I just pop out, you know, my personal SIM, put in a local SIM.
Yeah.
And I don't have to, you know, everything still stays the same, right?
And it just keeps working.
I don't have to add, it's like, hey, can you add me to this group again?
Or, you know, it just, I literally just pop out soon and it's good.
However, this actually, you know, the thing where someone else has, you're not messaging the right person.
This happened to me maybe last year when I messaged a friend in Spain who's part of the group chat.
And I sent him a separate message offline, you know, outside the group chat to say happy birthday.
And the person replied saying, I think you've got the wrong number.
And I was like, yes, very funny.
And they were like, I don't know who this is. And so one really weird thing was that their English was too good
for a Spanish number.
You know, it clearly wasn't a Spanish person.
It sounded like a native English speaker.
But two, genuinely, he had actually changed his number,
which I had not noticed in the group because he was still part of the group.
It does say, you know, this code has changed,
but no one ever pays attention to that.
But yeah, it wasn't him.
And, yeah, I sent a message to the group saying, with a screenshot,
and he was like, that's not me.
And I was like, okay.
So that does, again, push back against the says it's extremely rare thing.
So they know about it.
It's obviously fairly common then.
Well, it depends on rare.
Like if you've got like, say, a billion users
and this happens to 5,000 users a day,
it's still a rare occurrence in the big statistically.
In the grand scheme of things.
Yeah.
But I think this type of thing.
5,000 a day.
Whatever.
I think it comes down to the problem of using your phone number
as the main
identifier.
And yes.
And then like Andy said,
it's like the convenience is so good.
Like you can travel and still keep on using it.
But,
um,
you know,
it's a tough one because there's the,
when you architect everything around something as fickle as the phone number,
because people don't
keep it or or travel with it but then that's how it identifies who you are because you want to if
you want someone just to have your phone number and be able to whatsapp you instead of like saying
oh here's my whatsapp user id or something because then you're going back to the ICQ days. Yeah, but I think...
179209 in case you want to catch up with me.
But they know that people's numbers change.
And so shouldn't there be more of a, you know,
when you log on to WhatsApp with your new number,
shouldn't it say, by the way,
you appear to have logged in with a new number or a new phone,
you need to do xyz
it should do yeah but but then it might be too late by then you might have already got rid of
your old number well yes i know so you got rid of your old number so therefore you need to
do something on your new phone which transfers your old number yeah but then you're gonna see
people nicking nicking everyone's number.
I'm going to log on to a new phone saying, hello, I'm Tom Langford.
This is my old number.
Please give me, you know, give all my messages here.
And as soon as I make a reference to WWE or F or whichever one it is,
part of the alphabet it is, you know it's not me.
But interestingly, Andy andy and i and uh quentin friends of the show quentin taylor we were talking about this yesterday
because apparently quentin's just deleted the messaging app wire because the only person that
was on there was andy and he didn't want to talk to andy anymore so he deleted it well yeah so this
came about because uh whilst Tom and Quentin
were on stage obviously I tried calling them to see whether they'd left their phones on
and I realized I don't actually have Quentin's number I only have his wire ID so I tried calling
him through that um yeah but then it asked for permission to access my microphone I was like
I don't want to do it I should have me. I would have given you Quentin's number.
Oh, no, he gave it to me afterwards.
Or actually after we discussed it.
Yeah.
We actually had no way of communicating with each other.
But what, apart from by sending each other
or trying to phone each other during conference presentations.
Well, apparently WIRE doesn't need a phone number,
which makes it a bit like Kik, which also doesn't need a phone number.
But the rest of them do, Signal, Telegram,
which we don't use, of course, and WhatsApp.
But, yeah, it's a problem with associating your primary ID
with something that is basically...
Something unique, like a number?
Well, no, temporary, potentially well, no temporary, potentially temporary.
Right. And, and is recycled. So yeah, very difficult. Well, an email address is
probably more unique, but I I'd love, you know, Hey, write in, if you're one of those people who
likes to do research and this sort of stuff writing but but bottom line is i
know why this was put in here because it's whatsapp and facebook and everybody knows that i get riled
up about whatsapp and facebook anyway so this is definitely wrong it's definitely whatsapp's fault
and we should you know and mark zuckerberg needs to deal with it you know put up or shut up
rant of the week this is the easy jet of security podcasts let's be honest your cheap ass couldn't
tell the difference between us and a premium security podcast anyway and speaking of cheap
asses it's time for jab and this week's
Okay, after that very underwhelming and disappointing rant,
let's go on to... Look, my mum's going to have words with you again
if you're not careful.
Oh, my God.
Again, again, with the,
my mum's going to come and tell you,
fight your own battles, Langford.
Well, it worked.
It reminds me, what was it?
When, didn't David Cameron say something like that
to Corbyn once in things like,
if my mum was here, she'd like,
do your tie up properly or something like that.
Very good. Clean yourself up, do your tie up properly or something like that very good clean yourself up do your tie up anyway um so um web hosting giant godaddy says it suffered a breach where
unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
So this is something that went on for a long time.
They discovered it in December 22 that their sites were being used to redirect to random domains
and the attackers had access to the company's network for multiple years.
to the company's network for multiple years. Previous breaches disclosed in November 21 and March 2020 are also linked to this multi-year campaign. I think this should have been your rant,
Tom. I mean, you like to shame companies that are victims, but how can you not join the dots?
Oh, we got breached. It's like, where do we get breached from? From the left perimeter wall. Okay, let's
reinforce the right side so that that will solve everything. So in November 21, the incident led to
1.2 million managed WordPress customers being affected. And, you know, this was because of a compromised password.
Should he use 2FA, MFA, whatever you want to call it.
They gained access to the email address of all impacted customers,
their WordPress admin passwords, SFTP, and database credentials,
and SSL private keys of a subset of active clients.
If this does not, you know, this is like well and truly thoroughly owned.
This is total ownage.
And for a big company like a hosting company that's been around for so long,
you know, probably more better known for their controversial adverts
than actually the security of their provision.
This is really terrible.
And after the March 2020 breach, GoDaddy alerted 28,000 companies
that an attacker had used their web hosting account credentials
in October 2019 to connect to their hosting account via SSH.
However, you'll be pleased to know that now GoDaddy is working
with an external cybersecurity forensic expert
and law enforcement agencies worldwide as part of their ongoing investigation
into the root cause of the breach that's very easy incompetence
i was gonna say um poor passwords poor authentication controls lack of mfa
social engineering maybe you know you don't need to be a an expert to figure this out
but i think what what really beggars belief is like how long it went undetected although this
isn't a rant i'm here to praise the criminals that took the patience and the time to go about
this for so long you're here to praise the criminals not the victims of criminal action
well you do the victim blaming, I do the praise
of the criminals, and that's how
this works. This is true.
So basically we're both equally bad
people. Awful people.
I don't think it's equally as bad,
but you're definitely far worse
than me.
So do you know what one of the ironies about this is is that uh godaddy is actually one of the
accounts i use authenticator for and so that's it's such an infrequent usage
you have to log in every two years to renew domains that i never used
what give us an example of a domain you've got that you've never used.
Lekm.com.
Why have you got akm.com?
No, lekm.com.
It's going to be like leekm.com.
Okay, but why have you got leekm.com?
It's a four-character domain.
It was, you know, I had ideas back in the day of what I was going to do with it.
That's a description of what it is, not why you've got it.
So for those not familiar, before Bitcoin was around,
so nowadays people are like, oh, let's buy this Bitcoin or this cryptocurrency,
and it's going to go from 0.1 cents per share to like 50 million and i'll become a
billionaire overnight before that was a thing domain squatting was a thing where people would
find three letter four letter domains and he's a squatter hang on a sec there's a difference between
domain squatting and you know accumulating domains, accumulating them in the hope that Apple will one day
release a product called Leakum and say,
Andy, we really need this domain.
This was going to be for me.
This was going to be for me.
And I've also got AGRC.
Obviously, that was my company.
Well, the only way I think you could sell Leakum
is if somebody started a new brand of, you know, men's incontinence pants or something like that.
No.
Well, Tom, I don't want to say, but me and Jab have been planning for your retirement.
Oh, that's so sweet.
We want you to be the face of our campaign.
Sorry, Jab, cat's out the bag now.
Oh, no.
If it means I can retire in comfort, I'll be the face of your campaign.
Not a problem.
I can do that freshly warm feeling in your pants look.
Yes.
No problems.
No.
There's two branches to it.
One was that and the other one was like the competitor,
have I been pawned?
It's just like Leakham.
So we just leak all the credentials on there.
Yeah.
We are the antithesis to it.
Yes.
We'll actually show you what data was stolen,
not just, yes, you're included in the breach.
Yeah, that's right.
We'll actually show you.
Exactly.
And then we're using the back end to say,
here are other accounts you might be interested in,
because it shows you.
And rather than spending all that money on Azure,
we'll just use a Google worksheet and leave it open.
Yeah, exactly.
Just easy.
People just add to it as they want.
Exactly.
People who stalk these accounts also stalk these.
Yes.
Watch out, Troy.
We're coming for your market share.
Oh, dear me me blimey so yeah this go daddy thing that's it is quite scary and i know we joke about um you know the victim blaming and you know uh slapping the criminals on the back but
this is this is two and a half years of being owned without realizing it.
And, well, in fact, even realizing it in some cases, right,
and not closing the door properly at all during that period.
It's really quite scary.
I mean, I've always heard that GoDaddy were not the greatest.
They just had a very good marketing campaign
and obviously spent all their Infoc uh budget on on marketing and tv adverts but this is this is really concerning
yeah but it's also like you don't want to you know slate them too much because this could happen to
anyone well yeah do you know what yeah yeah that's's right. When I used to do cyber diligence on companies for acquisition,
we came across a couple of companies that had been compromised
and had no idea that they were compromised.
And even all the tooling they had did not detect what was going on
on their own network.
It was only when we came in with a you know completely isolated um so you know
threat hunting remit that uh you know we discovered things like that i think the worst one was one of
the you know the network devices were mining cryptocurrency you know the process was being
used to mine currency um you know even though the rest of the network was clean all the servers were
good yeah you know Just little pockets.
And as you say, all of their other sensing capability
wasn't picking up on it.
So they're doing all the right things.
Yeah.
Just not necessarily in the right order, I guess.
Wow.
Good one.
Good one.
Thank you, Jav, for this week's...
Billy Big Balls of the Week
We don't research
the story but let us tell you what
we think based on the headline
You're listening to Insights
from the award winning Host Unknown
podcast
That pretty much sums up the last two
stories really doesn't it so talking of headlines
andy what time is it it is that time of the show where we head over to our news sources over at
the infosec pa newswire who have been very busy bringing us the latest and greatest security news
from around the globe industry news Industry News Norway seizes millions in North Korean crypto
Industry News
FBI contains cyber incident on its network
Industry News
GoDaddy announces source code stolen and malware installed in breach
Industry News announces source code stolen and malware installed in breach. Industry news.
Ransomware gang seeks to exploit victim's insurance coverage.
Industry news.
City fund managers jailed for $8 million fraud.
Industry news.
Hydrochasma group targets Asian medical and shipping sectors.
Industry news.
Phishing sites and apps use chat GPT as lure.
Industry news.
ICO calls on accountants to improve SME data protection.
Industry news.
Hackers use S1D load stealer to target Facebook, YouTube users. Industry news. And that was this week's...
Huge, if true.
Huge, if true.
Absolutely huge.
What do accountants know about SME data protection?
Absolutely huge.
What do accountants know about SME data protection?
Well, I think that's why the privacy regulators tell them they need to ensure that they are better at understanding
data protection laws.
Well, they're saying they're calling accountants to play a key role
in ensuring the country's SMEs are compliant.
Wow, I did not realise that.
Yeah.
34% of smaller businesses trust their accountants for advice,
while 20% use these firms to keep abreast of developments
in data protection and GDPR.
I mean, that's fair in the sense that if you're going to, you know,
use a trusted source and, source, and many SMEs, their sole source of business information
is their accountant, I guess.
Yeah, but you don't go to your bookies for the advice
on the best cut of meats to buy at the butchers, do you?
No, but then again, it could be a good business for accountants
to diversify into you know so get your books especially if they don't train themselves
but if you know get your books done by us and you can get a discount on our
uh virtual it and cso services or or whatever um i guess i don't know Accountants providing virtual CISO
services
Well do you know what I could see my
accounting company doing it but I don't know about yours
Andy
My accountant
is bad enough as an accountant
probably turns out he's a CISO
So Andy why do you
keep coming to me to do your books I told you I'm a CISO.
And you need to transfer your authenticator accounts over.
You can't keep coming in here with all those phones
and charging them up on my laptop.
I'm actually stuck with him because I don't know my,
what's it called, the UTR.
You need tax reference code to share with anyone else. You don't know my, what's it called, the UTR. You need tax reference code to share with anyone else.
You don't know your UTR.
Oh, that's brilliant.
That sounds like an accountancy joke.
And he didn't even know his UTR.
Yeah.
City fund managers jailed for $8 million fraud.
So three fund managers were sentenced to 12 years and three months
following a seven-year investigation into their fraudulent handling
of the Libyan Sovereign Wealth Fund.
That sounds so made up, but they were just basically...
The NCA began this investigation after one of the trio,
Frederic Marino, walked out of a London meeting with auditors
and promptly fled to Norway.
That's always a red flag, isn't it?
But why Norway of all places?
I don't know.
I know.
None of the traditions.
It's like, you need to get out of here.
Yeah.
Is it not? Maybe it isn't. Is it-extradition. It's like, do you know what? You need to get out of... Yeah. Is it not...
Maybe it isn't.
Is it an extradition?
It's not part of the European Union.
I know it's part of the, you know,
EU and all that sort of thing.
But I don't know.
Is it an extradition thing?
Who knows?
Who knows?
Let us know.
But, you know, it's not...
When you look at it,
it was like $8 million over seven years.
It's about a million a year.
And divided by three, so it's about just over 300 grand each a year.
So it's not really 350 grand.
No, it's not a lot, is it?
It's not a lot.
No, say that right.
You get out on good behavior.
You serve half that time, so six years. So now we're talking about divided by three that's 2.6 million
over it's not not a lot of money i don't think it's you know i just think it just seems like
i don't know it's 433 000 a year but a fund manager, he'd probably make that amount anyway.
Yeah.
Yeah, that's true.
And not have a criminal record
and never be able to work in the industry again.
Yeah.
And he's not going to have that money anyway
because it's going to get taken off him.
They're probably going to come out and get a movie deal
with the three of them getting played by three big you know like
brad pitt and george clooney and some leonardo di caprio oceans 15 yeah yeah yeah exactly
have you talked about money and stuff you got a pay rise the other day didn't you tom you
like from your second company i did do you know what my my um the HR department of
TL2 security sent me an email saying congratulations thank you for all your hard work
please find attached a link to your your pay rise and letter uh or details of your pay rise
and a letter to say thank you and I thought wow the guy who runs tl2 security is not such a big asshole as i thought he was i did like the uh yes uh pay
rise.pdf.exe was yeah yeah which you know i downloaded on my mac and it wouldn't open
you know i mean the guy doesn't nothing about technology, so something went wrong.
SHR, wouldn't it?
Well, yeah, exactly.
So to answer a previous question, Norwegian nationals cannot be extradited
unless to Nordic states in accordance with a Nordic arrest warrant.
But he's not a Nordic national, is he?
Oh, okay.
So, yeah, he could be extradited.
You never know unless he's got some kind of...
Dual nationality or something.
Yeah, exactly.
The old Shamil Big.
If only we could be asked to look further.
If it's not there in front of us, we're not doing any digging.
No, forget that.
Who do you think we are?
I was impressed you even did that.
I was just curious on that one.
Yeah.
So what happened with the FBI then?
Let's have a look.
What does Phil Moncastor say?
Do you know what?
I started, but there's just so many words in this article.
So many words.
It was a long one.
And it even starts that the FBI has released a brief statement.
And then I looked at it, I was like, this is not brief.
It must be like the entire statement in verbatim.
So, FBI confirmed that they had taken advantage of a misconfiguration of an IT system.
Ah.
It wasn't set up by that fella who had the retaliation
folder on his
it was actually set up by my accountant
who moonlights
as a
sales force
sales force
consultant
who is your
accountant is it Sol Goodman or something
yeah
actually a friend of a friend of a friend yeah Who is your account? Is it Saul Goodman or something?
Yeah.
Actually, a friend of a friend of a friend.
I know somebody who knows somebody.
Any friend of a friend of a friend is a friend of mine.
Yeah.
Exactly, yeah.
It's totally legit, though.
I mean, he's got a Gmail address and everything.
It's like, where is it?
It's like, you don't need a criminal lawyer.
You need a criminal lawyer. You need a criminal lawyer.
Lawyer. Yeah.
Talk about Gmail.
The number of people I see driving around in vans, you know,
with their own businesses and they've got a Gmail email address
and then like a Yahoo website address or something.
And it's, God, this is, and then like a Yahoo website address or something.
God, this is – surely people can set this stuff up by themselves now.
I find it really odd.
It's hard because, you know, so many people just acquire domains that they want.
Yeah, and hold on to them.
Yeah, it was a plumber and he was – I think he was called Leakham.
And obviously he could not get the domain.
I was chatting to him and he said, this bastard is just holding on to it and telling me I've got to pay him 10 grand.
The funny thing is, if anyone actually contacted me,
I've sold domains in the past that I've not used.
It's just that I have no idea how people would contact me
because, fortunately, you know, in the UK now,
the Whois data is not public anymore,
so you cannot find out people's contact details.
Well, make it public then.
Oh, no, I don't want to do that.
It's all kind of spam.
Well, Michael Leak, the plumber, would like a word.
Leak and his son, Ken.
Oh, dear. Right.
Well, that was this week's...
Industry News.
You're listening to the award-winning Host unknown podcast like a real security podcast but lighter
and talking of lightness andy why don't you take us home with this week's sweet of the week and we
always play that one twice sweet of the week and week. And this is a tweet from Unusual Wales on Twitter
and they have the headline,
the tech layoffs continue.
And they have pasted the headline
from the Insider news site
and it says,
even hackers are reportedly getting laid off
by organised crime groups.
Just to let you know how serious the economy is at the moment. even hackers are reportedly getting laid off by organised crime groups. Woo-hoo!
Just to let you know how serious the economy is at the moment.
Well, you know, if they don't meet their targets, then, you know, they're out.
It's a tough world, isn't it? It's a dog-eat-dog world, yeah.
I can just see the Russian media interviewing them as they're leaving their buildings with a box,
you know, and a potted plant out at the top of it.
Oh, I did not meet targets this month, so I've been let go.
They treated me very badly, very badly.
Do you think their sales teams are divided into traditional,
like your big enterprise, your healthcare, your SMB sector?
Yeah, and after the layoffs, they get combined.
So you're now utilities and retail.
Yes.
Not just...
These are your OKRs.
The only one that's doing well still is the pensioners department.
Yeah.
Oh, dear.
Well, it just goes to show
You know
Even crime
Doesn't pay
Unless you get
A good payoff
And a good
Redundancy package
But who knows
Excellent
That was
This week's
This week's
Of the week
And
That brings us
Squarely
Into the end of the show.
Very good.
Gentlemen, thank you so much for your time this week.
You're welcome.
Thank you.
Yeah, you're welcome.
And Andy, thank you, sir.
Stay secure, my friends.
Stay secure.
You've been listening to the Host Unknown podcast.
If you enjoyed what you heard comment and subscribe
if you hated it please leave your best insults on our reddit channel
worst episode ever r slash smashing security
andy you're good to uh edit the podcast for me this week is that right
i well you know you said you going to have to get either me
or Jav to do it, and I laughed at the suggestion
that there was a second option in that.
I've seen the quality of Jav's editing.
He's not touching it.
I will endeavour to get it out today.
Send it to me.
I will do it so quickly. I will get it sorted out for you today. Send it to me. I will do it so quickly.
I will get it sorted out for you guys.
Just to make a point.
Just to make a point.
Jeez, I feel like I just got played, isn't it?
You've just done the old ego trick.
If you bait him, he'll come in.
Screw you guys.