The Host Unknown Podcast - Episode 165 - The Don't Screw It Up Episode
Episode Date: September 1, 2023This week in InfoSec (10:17)With content liberated from the “today in infosec” twitter account and further afield29th August 1990: The British Computer Misuse Act Goes into Effect One of the ea...rliest laws anywhere designed to address computer fraud, the Act resulted from a long debate in the 1980s over failed prosecutions of hackers -- in one well-publicised case, two men hacked into a British Telecom computer leaving messages in the Duke of Edinburgh's private mailbox.Archive of historic BT 'email' hack preserved24th August 1993: Perhaps the most famous lawsuit in technology history is decided for Microsoft. Apple claimed that Microsoft’s Windows violated their copyrights on the “visual displays” of the Macintosh. The judge in the case ruled that most of the claims were covered by a 1985 licensing agreement. Other claims were not violations of copyright due to the “merger doctrine”, which basically states that ideas can not be copyrighted. This paved the way for Microsoft to develop Windows 95, which imitated the Macintosh even more so than previous versions of Windows.Today in Apple history: Tide turns against Apple in war with Microsoft Rant of the Week (16:57)X wants permission to start collecting your biometric data and employment historyX, the platform previously known as Twitter, is expanding the amount of data it collects on users. The social network has updated its privacy policy to include carveouts for “biometric information” and “employment history,” as spotted by Bloomberg.“Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes,” the privacy policy reads. It doesn’t include any details on what kind of biometric information this includes — or how X plans to collect it — but it typically involves fingerprints, iris patterns, or facial features.X Corp. was named in a proposed class action lawsuit in July over claims that its data collection violates the Illinois Biometric Information Privacy Act. The lawsuit alleges that X “has not adequately informed individuals” that it “collects and/or stores their biometric identifiers in every photograph containing a face” that’s uploaded to the platform. Billy Big Balls of the Week (27:28)Classiscam fraud-as-a-service expands, now targets banks and 251 brandsThe "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before.Like a ransomware-as-a-service operation, this Telegram-based operation recruits affiliates who use the service's phishing kits to create fake ads and pages to steal money, credit card information, and, more recently, banking credentials.Group-IB has published new information on the operation today, reporting that Classiscam has made $64.5 million in combined earnings from scamming users of classifieds sites and stealing their money and payment card details.The number of targeted brands has also grown from 169 brands last year to 251 this year, and there are now 393 criminal gangs targeting users in 79 countries, coordinating in one of the operation's 1,366 Telegram channels.[This is better than most public companies annual report calls]: Industry News (33:57) Report Reveals Growing Disparity in Cyber Insurance LandscapePrivacy Regulator Warns of Surge in “Text Pest” CasesNCSC Issues Cyber Warning Over AI ChatbotsOpenAI Promises Enterprise-Grade Security with ChatGPT for BusinessFBI-Led Operation Duck Hunt Shuts Down QakBot MalwareChinese Hackers Target US, Other Govts With Barracuda FlawClassiscam Spreads: $64.5M Scheme Targets 79 CountriesFacebook Accounts Targeted by Vietnamese Threat GroupsNew Research Exposes Airbnb as Breeding Ground For Cybercrime Tweet of the Week (43:17)https://twitter.com/HedgehogCycling/status/1696568821505552666?s=20 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So, you know, I heard that Disney were anticipating increased profits this year or this quarter.
Yeah, isn't that because they heard that Andy was going to Disneyland Paris and that he's, you know, normally he raids those sweet shops, something rotten, right?
He does. He does. But boy, they're going to be in for a surprise.
Oh, my God. Skinny Andy is going to be a massive disappointment for them.
Tight, lovely sex tape.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening
from wherever you are joining us and welcome, welcome one and all to episode 165
I'll agree with that
It doesn't quite have the same ring to it
of the Host Unknown podcast, welcome dear dear listener welcome one and all uh we
come with you slightly slimmed down this week uh we are we are down one andrew agnes but in true
agnes style uh the man the myth the legend he gave us show notes fair play to him he gave us show
notes he did he did so i i feel bad about saying anything disparaging towards
him uh well i guess you could say he didn't give us a tweet of the week he didn't yeah so he failed
like andy yeah one job yeah yeah one job andy and you didn't fulfill it you know it's it's it's like
planning the the most amazing wedding ever and just turning up in
your jeans it it was just not quite there not quite there anyway so yes andy is away at disney
um with his family so i don't know who what whose benefit he's going for probably more his i would
say uh no i i asked him is it the first time you've been he goes no i've been four
times before with the kid so um whoa it's like an annual outing i know i know and i know people
they go once and they're like i do not how know how i'm going to financially recover from this
and i need surgery on my legs yeah that 14 hour walk exactly actually like there's so many
alternative places that people prefer to go so like you know you'd go Alton Towers and or what
have you and you're going to get lots of good rides if you're into the rides but there's also
like in Europe and someone was telling me that apparently um during the summer holidays
they looked at i think haven or butlins or one of those kinds of things in the uk yeah and for
their family and it was like x thousand pounds but they figured out if they drove took a ferry
over to holland and drove to their haven at butlin's whatever stayed there for a week
it would work at 700 pounds cheaper all in
and to the kids it feels like a bigger holiday because they've left the country and you know
you know people are speaking foreign languages and yeah you know and and so i thought you know
it's just such a rip off like certain brands and certain
Centre Parcs is
known for that isn't it?
Yeah, yeah, yeah, probably
Centre Parcs, something like that
but it's just ridiculous
how much money
I heard that story of the two
friends, one in Newcastle and one in
Devon or something like that
and it was cheaper for them to meet in Alicante,
I think, than it was to meet in Manchester or something,
you know, or Birmingham in the middle.
Yeah.
You know, rail travel compared to flights.
That's just absurd.
It is.
It is.
So, oh, so next week I've got to go.
Reminds me, next week I'm going up to Leeds
because our company's opening a new office up there.
In Leeds?
In Leeds, yeah.
So currently our office is in York.
Right.
And, you know, York is a lovely place,
but it's a bit, bit out in the sticks, but this way it's, it's,
it's still close for most of the, the staff,
the current staff, but also it's a closer to the train station.
It's easier to get to Leeds is,
and you can hire from a bigger pool of people, whatever. Yeah.
And so I was looking at, at train tickets.
350 quid return from London.
Not too far off, not too far off, is it?
It's like, you know, the cheapest I could get was something like 180,
I think I was looking at for the days I was looking to travel to.
And literally I'm looking at it and I'm thinking like,
let's go and Ryanair and let's see how much it is to fly to somewhere in Europe
and, you know, come back.
And it's cheaper to do that than it is just to take a plane up to Leeds.
Yeah.
Yeah, absolutely.
Well, I'm going up to Liverpool in just over a month's time,
October 6th, for a horror film festival oh uh it's three and a half
hours away and i'm thinking well it's going to be far cheaper to drive than it is to get two tickets
on the train right yeah yeah because it's like again it was literally something like like that
it was about 180 200 quid return, as opposed to one tank of diesel.
Yeah, yeah.
It just doesn't make any sense.
Listeners, welcome to the Hosts On On podcast.
Come for the security, stay for the financial advice.
Stay for the old men complaining about the cost of travel.
It's called financial advice.
That's right.
Anyway, Jack, what have you been up to this week anyway uh you know like we said before we went on air i cannot believe it's friday already i know right
it's um you know what life feels like you know when when you put a coin into one of those charity
things and it spins round yeah and as it gets close to the end it just spins faster and faster and faster i think that's a really good metaphor
for life i know the days and weeks just get faster and faster it's like it's like it's
september already i mean it feels like august was only yesterday yeah Oh, my God.
How's your week been, Tom?
Do you know what? It's been good.
I have been a cameraman twice.
And also I've been basically bathing in the reflected glory of my children,
which is a nice feeling, I have to say.
But bloody, my children, they definitely don't get their intelligence looks
or, you know, capabilities from me.
There's no question about that.
So I had to record an interview with my son
because for the Tokyo Horror Film Festival.
So his short film is going to be shown there.
I'm going up to Liverpool because his short film is going to be shown
at the horror festival there.
We then recorded a film on Wednesday night with my daughter
and her friend, and Charlie was director and bossing me around.
It was a bit odd, actually.
You know, pan up, pan up, pan up.
I don't know how to use this camera. I don't know what I'm doing.
I take still shots, not moving ones. Um, so that was good. And, and my,
and my daughter, the reason we're doing that film anyway, so a more cinematic version of the TikTok she does, is because at the time of recording,
and I'm just looking at my phone and refreshing the page, at the time of recording,
her TikTok stats are going through the absolute bloody roof.
So a week ago, she had something like 100,000 views on one of her TikToks.
It's now at 994,000.
Wow.
And when we first started talking about half an hour ago,
when we first got online, that was at 991,000.
Yeah.
It's incredible.
She's going to hit a million in the next hour or so, almost certainly.
Well, give us a recap when we're in the next hour or so almost certainly well give us a
recap when we're in the post credits yeah yeah exactly so so basically yeah this week has not
been about me at all it's uh yeah i'm glad to see you know you're you're finally stepping into the
shadows letting your children into the limelight and uh you know you feel as a parent it's probably
one of the most fulfilling things isn't it it is it is and you know i a parent it's probably one of the most fulfilling things isn't it
it is, it is, and you know I watched
Barbie last night with a friend for the third time
because it's a good film
and there's a quote in there, I'm going to misquote it
but basically parents stand
still so that their children
can keep moving and look
behind and see how far they've gone
that just sounds like lazy parents to me.
That's very true. That is very true.
Anyway, talking of laziness and lazy programming,
let's see what we've got coming up for you today.
This week in InfoSec talks about one of the earliest anti-hacker laws.
Rant of the week is an X-rated use of biometric data.
Billy Big Balls is from Group IB reporting numbers
which would please any investors.
Industry News brings you the latest and greatest security news stories
from around the world.
And Tweets of the Week shows compliance and regulations really do work.
So let's move swiftly on to our favourite part of the show.
The part of the show that won't be quite the same without Andy,
but nonetheless will struggle on, eh?
It's time for...
This Week in InfoSec.
Yes, it is This Week in InfoSec, with you this is like you know when you see people on shows
like who wants to be a millionaire and they're always like it's so easy when i'm at home shouting at the tv screen and
when you're here exactly exactly oh okay so uh 33 years ago uh one of the earliest laws anywhere
designed to address computer fraud the act uh the british computer misuse Act went into effect.
It resulted...
Why don't you just read what's there?
Let's just go with that.
Let's make it easy.
No, no, no.
It's just, I don't know if you heard it,
my Alexa got triggered by something i said
there okay one of the earliest laws anywhere designed to address computer fraud the act
resulted from a long debate in the 1980s over failed prosecutions of hackers. In a well-publicized case, two men hacked into a British telecom
computer, leaving messages in the Duke of Edinburgh's private mailbox. I think this is
the one I might have been, I might have mentioned a few episodes ago, where because there was no law to prosecute these two people who who uh
left messages in the duke of edinburgh's private mailbox the only way they could get them was
through theft of electricity that's right yeah you mentioned this at a previous show yeah
they argued that because the message was there and the Duke of Edinburgh, when he went to look at his inbox, it spun up more cycles than it should have, thus consuming more.
I don't know how the palace financially recovered from that.
Maybe that's why they opened up tours for fee-paying members of the public.
Exactly. But, yeah, it was put into place because they wanted to...
Basically, they were tired of those pesky kids
getting away with all their hacking.
So they said, let's put in place a British Computer Misuse Act.
And who had a mailbox in 1990?
I know, exactly.
Who exactly was the Duke of Edinburgh emailing?
Maybe the White House.
It's like their version of the red bat phone to Commissioner Gordon.
The red bat phone to Commissioner Putin.
Yeah, exactly.
That was that.
Over to you.
All right, I'll take the next one.
Going back a mere 30 years.
Come on, it wasn't that difficult.
To the 24th of August, 1993.
Perhaps the most famous lawsuit in technology history
is decided in favour of Microsoft.
Apple claimed that Microsoft Windows had actually violated their copyright
on the visual displays of the Macintosh,
which is interesting because
didn't Apple rip off Xerox PARC's user interface
for their OS...
What was it called?
It wasn't OSX, was it?
It was the OS...
Oh, OS3 or 1 or whatever number it was.
Anyway, the judge in a case ruled that most of the claims
were covered by a 1985 licensing agreement.
Other claims were not violations of copyright
due to the merger doctrine.
I have no idea what that means.
Which basically states that ideas cannot be copyrighted.
I thought that was the whole point of, you know,
things like the patent office and stuff like that.
Maybe ideas can be patented but not copyrighted.
Maybe that's what it is.
Who knows?
This paved the way for Microsoft to develop Windows 95,
which imitated the Macintosh even more so than previous versions of Windows.
So do you remember the Windows 95 release?
Yes.
I do as well.
I was in Majorca at the time and was watching Spanish TV
and people rushing into computer shops in Spain to get Windows 95.
It was quite surreal actually.
But, yeah, I on the the beta for
it as well so i was i'd been using it for a few months before but yeah it was it's easy to forget
it was it was well i wouldn't say groundbreaking but it was so different to what everything else
that came before it yeah definitely was this the one where like gates and everyone were dancing on stage
uh yes yes that's right dancing like middle-aged white men can only dance i know but come on you
gotta you gotta admire like gates looked like so uncomfortable he was like he's like i wish i could
be anywhere but here he looked like theres Theresa May walking onto stage at the Conservative Party conference.
Yes, yes, yes.
But, yeah, it was a good time.
And let's face it, it led to Windows XP, which is the goat of operating systems.
It is. Everything's been downhill since then.
It has.
It has.
XP had it all.
Had it all.
Greenfields, blue skies, everything.
Everything.
Anyway, that was this week's...
This week in InfoZone.
Go!
Recording from the UK. right let's move on shall we to this week's
listen up rent of the week it sounds a mother rage well just before we went live we were looking for a tweet of the
week and or x of the week or or something like that whatever it is now tweet x i don't do you
do you when you hit publish do you feel like you've just x'd or tweeted i don't you just it
just doesn't work elon anyway uh we were talking about how actually content,
security content in Twitter is just going through the floor.
There's virtually nothing there.
But so X is going to expand the sort of data it's going to collect
so that we can presumably expect more richer, more interesting data.
But the headline reads, X wants permission to start
collecting your biometric data and employment history. You've got to start to wonder what the
hell's going on. So X, previously known as Twitter, as we know, is expanding the amount of data it
collects on users. Social network has updated its privacy policy quite quietly, I would suggest, because I certainly haven't received an email or anything or a notice when you log into into the site to include carve outs for biometric information and employment history, as spotted by Bloomberg.
So based on your consent, it says we may collect and use your biometric information for safety, security and identification purposes.
Now, the phrase based on your consent, I'm going to be really interested to see what this what this means.
Is this based on my consent to opt out rather than the ability to opt in.
It doesn't include any details on what kind of biometric information this includes
or how X plans to collect it, but it typically involves fingerprints, iris patterns,
facial features, that sort of thing.
It was also recently named in a proposed class action lawsuit
in July over claims that
its data collection violates
the Illinois Biometric Information
Privacy Act. A bit specific,
I would have suggested.
The lawsuit alleges that X has not
adequately informed individuals
shocked Pikachu face that it collects and or stores
their biometric identifiers in every photograph containing a face
that's uploaded to their platform.
So this seems to me to be the inexorable slide of X
into Facebook territory of let's just collect everything.
We'll tell everybody we're doing it with your consent
and we'll only use it for required purposes
and then sell it everywhere.
So, again, I think the rather specific
Illinois Biometric Information Privacy Act
stating about not adequately informing individuals rings very true.
You know, as I said, I've certainly seen no information about this privacy policy being updated.
Twitter, so Twitter X, this is going to be a hard habit to break.
X has recently gone through a lot of changes with Musk,
a lot of things happening with no notice,
including being told you haven't got a job there anymore, apparently.
So this is really quite concerning.
This seems to be like a real pivot into data gathering,
which obviously Twitter did before, but on a far lesser scale.
But this seems to be a real pivot into data gathering. And given the financial troubles of
X, I would imagine into the monetization of that data as well. So, you know, this, again,
I can only say this is this has got to be some bad news coming
down the down the wire here and i think is going to just add to the um to the uh uh uh um inevitable
demise of twitter in the next two weeks as we've been saying or as I've been saying for the last six to 12 months.
So, yeah, X is going to be, whilst X will always survive,
it's going to be a very, very different place to what it was.
I guess it's a bit like, you know, some international investors taking over one's country club.
And it's just, it's the same bricks and mortar, but it's just not the same feel. It's just, you club and it's just it's the same bricks and mortar but it's just
it's just not the same feel it's just you know it's just wrong
come on prove me wrong your sounds awful like a lot like your rant when you were voting for brexit
but um yeah how very dare you very dare you i for it. I just want to say on record,
just because I don't want to get cancelled more than anything else,
I did not vote for Brexit.
We all make mistakes.
You can always say you've learned from your mistakes
and you wouldn't vote for it again.
I'm learning from the mistake of being friends with you.
If the shoe fits, what can i say no if the shit fits wear it um you know i i think you're right this is just going into facebook territory and and that i think
is the most concerning thing because people have been so conditioned by the likes of facebook and
what have you that they're going to be like yeah so what if another platform collects some of my
data um you know twitter like that's all right that's the concerning part right yeah yeah it's
like people say privacy is dead it's it's it's not dead we we willingly took it around the back and shot it in the back
after oh sorry before uh before which we told it to dig a hole in the ground right exactly exactly
this is what we're gonna do and you're gonna be you're gonna go along with it so yeah yeah yeah
it's not good it's not good so um yeah not good. So, yeah, I have to say.
And and this is this is a great irony. Threads is starting to look more attractive as a platform.
Threads by Meta and Facebook. Threads that doesn't pass the GDPR regulation requirements. like you know requirements for i know i know and this is the thing it's sometimes it's not
what's happening but it's the perception of what's happening that is more powerful
and and thread letter's doing a really good job at doing the pr and saying look at threads it's
very clean it's very nice and what have you but you know the same questions aren't being asked
because oh that's just the way it's always been done on facebook and better the devil you know the same questions aren't being asked because oh that's just the way it's always
been done on facebook then better the devil you know and but but also i think it's it's almost
like well it's a price worth paying because the experience and what i do on threads and
the people i interact with are the people that i want to interact with and this is the environment
i want to be in whereas the price is not worth
paying for x because i you know as i was saying before you know the the amount of security
information for instance on there for us is diminished really quite dramatically yeah why
why would i be willingly hand over my information for an environment that gives me no benefit whatsoever you know so that that's the other side of it too but yeah i think i think you know like i say
been predicting it's it's um you know it's rasping death for for many many months now i don't think
it's going to be you know it'll ever die but it's going to be it's going to be a reanimated corpse
zombie of a of a platform to what it was before yeah and i think what it is when we say it's die
it it's pretty much dead from a security practitioner yeah like the as it was a source
of a one source of like you could follow pretty much every everyone in security who's contributing something
so from researchers to following like talks and conferences and all these kinds of things you
could find it all on twitter you could like follow live tweets of events and what have you
and now it's just like quite fragmented and that's i think the challenge is like some people are on
threads some people are on a mastodon some people are just quit altogether or go to instagram or tiktok or yeah or whatever
yeah I mean I've seen people use linkedin more and more like the the micro post like a lot more
people are posting just generally their thoughts on linkedin now and what have you so so I think
that's the one thing I it's not that i was
you know i don't think anyone's got any real affinity to the platform per se but they liked
the fact that at one point twitter was just a central hub where you could get most people there
and now it's like okay now i'm gonna have to go and find my tribe again and i think that that's
where where it comes in like okay i'm willing to pay the price for whatever to go and find my tribe again. And I think that that's where it comes in.
Like, okay, I'm willing to pay the price for whatever
if I can find my tribe again.
Preach it, brother.
Rant of the Week.
In 2021, you voted us the most entertaining
cybersecurity content amongst our peers.
In 2022, you crowned us the best cybersecurity podcast in Europe.
You are listening to the double award winning Host Unknown podcast.
How do you like them apples?
We could have had the triple.
We could have had the triple.
I know.
We were contenders one of those days.
Anyway, let's move on, shall we?
Let's have...
Well, it's your turn.
And, you know, I'm going to struggle,
but I may have to agree with you as well on this one.
You know, just out of politeness sake,
you know, quid pro quo on that last one.
But, Jav, it's Andy.
It's time for...
If you do end up agreeing with me on this one,
then we can conclusively say that Andy is the cause of the rift between us.
OK, so there's a classy scam uh fraud as a service is a scam as a service operation
and uh it's broadened its reach worldwide now it targets many more brands countries and industries
so if you are a budding scammer and you don't have any technical skills, you can just
like sign up to Classicam and let them do all the hard work. It's like going and signing up for any
SaaS product. So like a ransomware as a service operation, this Telegram based operation recruits
affiliates who use the service's phishing kits to create fake ads and pages to steal money, credit card information, and more recently, e-banking credentials.
today reporting that ClassyScam made, ready for this, $64.5 million in combined earnings from scamming users of classified sites and stealing their money and payment card details.
The number of targeted brands has also grown. They were doing about 170 brands last year, and now they're doing over 250.
And there are now 393 criminal gangs targeting users in 79 countries,
coordinating one of the operations, 1,366 Telegram channels.
And, you know, when you look at it, the Group IB, they've've published it there's an infographic we'll post in the show notes but uh the the numbers look better than most public
companies annual report calls i think if if you took away the fact that this was a criminal
enterprise and you just presented the numbers you would have silicon
valley fighting over each other to say i want to invest in this i want a piece of this it is uh
it is just quite quite uh quite amazing that the figures here and uh it's grown exponentially like
i'm looking at the at the bar charts like you know targeted brands
and and like targeted countries and it just goes up steeply and i'm looking at this thinking wow
if if there was if this was a startup and they're saying like you know quarter over quarter this is
our growth you'd be like this is a unicorn this is like you know yeah exactly it's uh and i you're Yeah, exactly.
You're going to say I'm praising the criminals.
I'm not praising the criminals, but there's some business acumen there.
There's identifying a gap in the market.
There's fulfilling the market. If you take away the criminal element, it's a very good organization.
Remember, kids, crime does pay.
Yes.
It's what this is saying.
Do you know what?
I think Andy is the cause of the rift because he fed you this story
on purpose.
Here's a criminal gang doing really well.
Let's give it to Jav.
Yeah, yeah, yeah.
But these numbers are shocking i mean they they really
are it as you say it reads like a like a silicon valley uh success story and it's it's really quite
scary and actually i bet it's well i don't know but i wonder if if working at this at this criminal gang is as films depict
or as the enforcement agencies predict.
So as films predict, it's an exciting, dynamic kind of place
or is it just it's a sweatshop where, you know,
the Russian paymasters are walking around and flogging people
who aren't making their quotas of calls or whatever.
I can't work it out it
doesn't help by the fact that group ib here have done a you know a really nice like infographic and
you know nice colors and you spruced it up and it looks it if we didn't know any better it looked
like a brilliant place to work yep yep i i think the truth is somewhere in between like in in the depiction i think they
probably work exactly like how we work from home in in or from an office i think it's same thing
someone's got a room dedicated as their home office they tell their wife and kids or their
husband i'm off to work i'm off to work and like you know they get like oh there's some i've made
some lunch for you it's on the counter i'm off to my what my job as well and what have you and um they they rock up with all of the um
uh you know all of the enthusiasm of a of a school kid on day one of a new year at school right
it's like oh god i don't want to do this not because i i don't want to rip off old
ladies but because it's oh it's just dull i'm just bored what's my career path what's my progression
here do i still want to be scamming old ladies in like 10 years time yeah or do i want to be
spearfishing ceos oh yes that's going to be a career progression. Oh, man.
Do you know what?
It is a Billy Big Balls, but I hate it nonetheless.
Excellent.
Thank you, Jeff, for...
Billy Big Balls of the Week.
This is the podcast the king listens to,
although he won't admit it.
Right, we are rapidly running out of time here before our normal workday starts.
And talking of time, Jav, God, I nearly said Andy there.
Jav, what time is it?
It is that time of the show where we head over to our news sources
over at the InfoSec PA Newswire,
who have been very busy bringing us
the latest and greatest security news
from around the globe.
Industry News.
Report reveals growing disparity in cyber insurance landscape.
Industry News
Privacy regulator warns of surge in text pest cases.
Industry News
NCSC issues cyber warning over AI chatbots.
Industry News
OpenAI promises enterprise-grade security with ChatGPT for businesses.
Industry news.
FBI-led Operation Duck Hunt shuts down QuackBot.
Industry news.
Chinese hackers target US, other governments with Barracuda floor.
Industry news.
Classy scam spread.
$64.5 million scheme targets 79 countries.
Industry news.
Facebook accounts targeted by Vietnamese threat groups.
Industry news.
New research exposes Airbnb as breeding ground for cybercrime.
Industry News.
And that was this week's...
Industry News.
Wow.
Huge if true.
Huge.
Huge if true.
Many, many laughs in that.
I can't believe the first one that got me,
privacy regulator, oh oh no, sorry,
NCSC issues cyber warning over AI chatbots
and then open AI promises enterprise-grade security
with chat GPT for business.
It's kind of like, wow, two sides of the same coin right there.
And then Duck Hunt shuts down quackbot malware i mean come on come on yeah and i think like
airbnb breeds a lot more than just cybercrime yeah always take a black light with you to an
airbnb yeah yeah and what is it um a strong torch to check for cameras oh yeah yeah yeah yeah no it's uh there's there was something
here that i thought was um you know i thought it was a bit of a non-story the chinese hackers
targeting us and other governments with barracuda floor yes we spoke about the barracuda floor a few weeks ago where they just basically said um bin it yeah we we can't fix this shit yeah and um and this is just
like when there's a vulnerability you know governments are going to try and exploit that
vulnerability if it's used by other governments so yeah yeah exactly and of course they're going
to be what's chinese iranian or russian really right yeah exactly they're the only people that
do this kind so no one else ever does it no one else ever does it no one else government's never
done that the israeli government's never done that the uk government's never done that well
hey i mean our headlines alone support that right yes yes exactly uh so operation duck
hunt come on i mean who says the fbi don't have a sense of humor closing down quack bot with duck
hunt i i just think that's brilliant uh but yeah, they really got, they managed to shoot it with both barrels in this case.
The access to QuackBot's admin computers
macked out the server infrastructure.
They then seized 52 servers
that would permanently dismantle the botnet.
Have they not heard of backups?
Or resilient architecture?
I mean, surely that code is out there, right?
Someone can just spin up QuackBot somewhere else.
Yeah, exactly.
I don't understand that kind of viewpoint.
I mean, sure, they've taken a dent, right?
It's a pain in the backside because we all know the backups
are never quite as good as they are. And, we all know you know there's always that risk in
the risk ranges that says it's going to take longer than than anticipated to spin up a recovery site
but come on it's how can they close it down permanently that doesn't make sense
see and and and again i think unless you get like the whole exec team behind these criminal
organizations and bang them up yeah like 50 years apiece really put the fear of god into like
you know anyone affiliated with them you it's gonna be a continuous yeah cycle and and also
have the fbi not heard of pace bin that's where all the code is right yeah yeah
exactly code for running one of these maybe that's what andy's that ah andy's not in paris
he is spinning up another 52 servers i wish i wish he he was and then then we'd have at least one friend worth 50 million but exactly
yeah we could do with a bit of a loan i know
i was a bit disappointed i clicked on the story about facebook accounts target boot
targeted by vietnamese threat groups and i thought it's going to be like
you know the the vietnam war all over again like you know guerrilla warfare
and everything but no it's pretty basic like you know just a group apparently the base of vietnam
trying to take over business accounts and whatever you say yeah do you know a a friend of mine uh he
had his instagram account um uh hijacked the other day. And I follow him.
You know, he doesn't post much or anything like that.
Yeah.
And he was telling me, yeah, I just had it, you know, hijacked.
Can't get it back.
Instagram aren't helping, you know, all that sort of stuff.
But apparently, according to Instagram, he's made a fortune in Bitcoin and crypto.
Really?
Yeah.
So all his posts now about how successful he's been
in crypto and bitcoin ah so that's why people hijack accounts but the best part is he's got like
27 followers do you know what i mean it's like they didn't even get a uh you know they got some
particularly low hanging fruit you know especially he's only 5'4", anyway.
But they got some particularly low-hanging fruit,
which then didn't actually pay off much.
So it's quite an interesting...
They're obviously playing the numbers
if they get enough of these and enough coverage.
But, yeah, I always did wonder
why would somebody want my Instagram account
or something like that.
But now you know.
But now I know.
Now I know.
I just imagine like, you know, that scene in Tropic Thunder where it's like, this is Flaming Dragon.
We have your Instagram account.
Yeah, that's right.
Give us 50 million for the fair release.
And you got Les Grossman at the other end.
Yeah, yeah, yeah, yeah.
I'm not even going to say, I had to beep stuff out last week.
I'm not even going to say what he said.
I'm going to beep you in your beep face.
I know, but this is just, oh,
one of the best, funniest movies ever made.
It's so good.
And the fact that it actually took me a whole watching of the film to go,
that was Tom Cruise.
I know.
I know.
I saw it in the cinema with a friend.
And like at the end, when the credits came on and he's dancing in the end,
and I turned to my friend and said, you know,
he's got an uncanny resemblance to Tom Cruise. he goes it is Tom Cruise you idiot the thing is if you tell someone who do you think that is you can probably see it but if you go into it without any kind of
yeah you know knowledge at all you just accept it as a character but yeah you know all I can
see is Tom Cruise in Les Grossman now but yeah yeah but yeah if the
first viewing is is is a joy it is absolute joy because because the thing is the poster threw me
for a long time because on the credits it's got robert danny jr and i can't see robert danny jr
in the poster at all until because he's a dude pretending to be a dude playing a dude.
I know.
It's brilliant.
Oh, my God.
Absolutely genius.
Absolutely genius.
Which just goes to show we veered off track again.
I mean, Andy's obviously the business one amongst us because he would have kept us honest.
But that was this week's...
Industry News. Ask your doctor if the Host Unknown podcast is right for you.
Always read the label.
Never double dose on episodes.
Side effects may include nausea, eye rolling,
and involuntary swearing in anger.
Right, Jav, take us home now for this week's... Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
He's going to have to update that.
Chingle, yeah.
X of the Week.weet of the week. He's going to have to update that. Chinguier. X of the week.
X of the week.
Yeah.
Or actually just social media of your choice of the week.
Oh, yeah.
Oh, wow.
That's...
Yeah, snappy.
End of an era.
Yeah, it is.
It is.
So this week's tweet is brought to us by
at Hedgehog Cycling.
And it's got a picture and a clip of uh
it's got a picture of someone well it's compo face isn't it from from reddit compo face so
he's just looking angrily at the camera yes yes uh and there's a quote of a person there
and then they've summarized the quote and the interview at the top it's about someone who's
had to walk into work because his car's not compliant with you les and uh hedgehog cycling
have said i've actually walked here this morning because of you les opponent of the scheme
demonstrates exactly how it works and why it reduces pollution
yeah the full quote well not full quote but underneath you say i've actually walked here why it reduces pollution.
Yeah, the full quote, well, not full quote,
but underneath he said,
I've actually walked here this morning because I can't use my car, he said.
I don't agree with it being in outer London.
I know in central London,
you're going to get a lot of pollution,
but this is just a money grabbing scream.
There is no air pollution here.
We are surrounded by the green belt.
What?
Yeah, it's...
Yeah, his logic doesn't quite logic.
No.
But I...
You know what?
I do agree that it's fine in central London
where you've got really, really good accessible transport links.
For most people outside, as soon as you go past zone four it becomes a lot
more difficult to to get out and about without a car for for a lot of things and you know the
closer you get to the m25 you've maybe got one train station within a five mile ten mile radius
or something and then you've got to rely on buses and again it's it's it's okay when you're like
on your own
and you're fit and agile and what have you,
and during the summer months especially.
But imagine you're a woman with like twins in a double stroller
and you've now got to use the bus in the cold rain and what have you.
I'm not saying, you know,
I don't think stuff should be done about pollution and what have you,
but I just think that you need to provide infrastructure.
What you take away with one hand, you have to give back with another.
Exactly. Exactly.
I mean, I've got a tube station not too far from my house.
It's like five, 10 minute walk.
The problem is it's one of those old tube stations.
It doesn't have a lift and it doesn't have escalators.
The problem is it's one of those old tube stations.
It doesn't have a lift and it doesn't have escalators.
So if I have to take one of my kids on a wheelchair,
we have to drive to another station that does have a lift on it.
Drive to another station. Oh, the irony, right?
Yeah.
And then there's only a certain number of stations we can change
or get off at along the way because not all the stations have been upgraded
and what have you step free access and all that exactly exactly so you know it's i think there's
just so much that could have been done to to help nudge people towards that if i think if you create an architect the city to be accessible and easy yeah if you make
walking the easier choice people would actually choose that i don't think a lot of people
choose the car because like personally like you know if i could walk somewhere or cycle somewhere
i will i'm deadly scared to cycle on the roads though i ride a motorbike motorbike is
fine because you've got the speed and the bit of road presence but a bicycle i'm deadly scared to
go on the cycle i mean like there's a few places where there's like a few hundred yards of cycle
lane which is just like an afterthought at best and then it merges back onto the main roads and
car drivers i'm deadly scared to use a cycle on anything other than the parts.
Yeah.
So, yeah.
Yeah.
And if you've just joined us,
welcome to the Host Unknown City Planning Podcast.
And talking of which, what's the security angle on this?
Oh, yes.
So there was a security angle to this
no so so okay let's go back to the thing the man says i walked here because of hewlett's
opponents the scheme demonstrates exactly how it works and why it reduces pollution
which goes to show not all regulation and compliance is bad if you force regulation down people's throat
you make it mandatory they will like it and they will thank you for it in the end
well they will comply with it in most cases and give you your intended consequence yes maybe some
unintended ones like the fella who's been who down Ules cameras and storing them in his lockup.
But although I did hear the other day that his place was raided and they found something like 43 Ules cameras.
Does he have a GoFundMe? I would like to contribute. Not all heroes wear capes.
Yes. Unfortunately, in this case, the GoFundMe for this is our taxes
that go to pay for this.
Yes.
You know, so everything he's chopping down has to be paid for
by everybody else.
So, anyway, take from that what you will.
Excellent.
Thank you, Jav, for this week's Tweet of the Week.
Right.
We are at theweet of the Week. Right. We are
at the end of the show.
I don't think we missed Andy at all.
Do you?
No, not in the slightest.
Andy, who?
No.
Yeah, exactly.
Jav, thank you so much
for this week
and looking forward
to seeing you soon.
Yes.
I don't know when that might be.
I'm in London in a couple of weeks
so we definitely have to do something.
Okay, cool. Let me know.
Absolutely. But thank you very much.
You're welcome.
And I can't...
You're supposed to say something.
Oh, yeah. And thank you, Tom.
No. Stay...
Stay secure.
No, that is my line, but I normally let you
and Andy steal it for the purposes of this show.
No, I echo your line that Andy stole.
Ah, okay.
So, Tom, stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
That wasn't awkward at all.
No.
Has your daughter broken a million?
No, 995.3.
So it's gone up 3,000.
It's slowed down.
You need to pay the bots to do it.
It's cost me a fortune.
I know.
The things the parent will do to stand still
in order to see and let their kid know how far forward they've got.
How far they've walked, exactly.
Thank you.