The Host Unknown Podcast - Episode 48 - The Biggest Loser
Episode Date: March 26, 2021The Biggest Loser, Week 0Andy is running a book if you are interested in a little flutter on who will be the healthiest in the next six months.Jav issues an apology to our listeners for misinformation... and to Andy for correcting him when he stated the opposite had occurred: https://mashable.com/article/joe-biden-green-screen-conspiracy-debunked/?europe=trueEvil Knievel:https://twitter.com/little_birdy__/status/1373722427126116352?s=21Andy *Bathes in the glory of a heartfelt apology from Jav* Jav spoke at Infosecurity Conference and Thom spoke at The SASIGhttps://www.infosecurity-magazine.com/news/imos21-overcoming-defenders-dilemma/Thom mentions the Nextdoor supplemental episode released midweek and how we could have saved many more people from the Royal Mail text scam had we not run out of time: https://www.standard.co.uk/business/royal-mail-text-scam-victim-banking-security-checks-b925810.html This week in Infosec(Liberated from the “today in infosec” twitter account):25th March 2010: Albert Gonzalez was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.https://www.independent.co.uk/life-style/gadgets-and-tech/news/albert-gonzalez-200-million-damage-hacker-sentenced-1928313.htmlhttps://twitter.com/todayininfosec/status/124304097074195661021st March 2021: Announcement from Attrition that on March 20, 2021, an argument was made to open their mirror back up to everyone.“While we had provided access to the mirror for a couple dozen people over the last ten years, we think it may be beneficial to be public. Some defacers from back then want a trip down nostalgia lane. We still have reporters doing in-depth research on various topics that request access to dig up historical citations. It stands to reason more might be interested in revisiting the 'good old days' and the content that would lead us to over one million hits a few days. With that, the doors are open again. We hope you enjoy”.https://attrition.org/news/content/21-03-21.001.html Rant of the WeekDaniel Kelley, Associate Director, Center for Technology and Society at Anti-Defamation LeagueToday we're releasing our annual nationally representative survey of hate and harassment on social media.In a year where tech companies made bold statements about their efforts to address hate on their platforms, Americans' experience of harassment remained constant.41% of Americans experienced harassment online according to this year's survey, with 27% experiencing severe harassment, which includes stalking, sustained harassment, physical threats, sexual harassment, doxing and swatting.Overwhelmingly, the platform where Americans experience harassment was Facebook- 75% of Americans who were harassed reported being harassed on Facebook with the next highest being Twitter at 24%https://www.adl.org/online-hate-2021https://www.linkedin.com/posts/activity-6780520538549882880-ZmYD/ Billy Big Balls of the WeekStory of Helen Bevan, Chief Transformation Officer at the NHS, had her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales.She now has the accounts back but has received dozens of messages from people who fell for the scam.Ms Bevan also paid money to someone who said they could help - but they turned out to be a scammer too.She said she wanted to highlight the importance of extra security measures.NHS Horizons chief transformation officer Ms Bevan mistakenly thought she had activated two-factor authentication (2FA), which requires account-holders to use two methods to log in, the second often involving a code sent by text or email.https://www.bbc.co.uk/news/technology-56456002https://twitter.com/HelenBevanTweet/status/1372955366212898816 She’s got an easy out if she doesn’t want to upset this guy: Industry NewsRussian Man Pleads Guilty in Tesla Extortion PlotUK Govt Department Loses 306 Mobiles and Laptops in Two YearsDelhi Police Bust Call Center ScammersFired IT Contractor Jailed for Retaliatory Cyber-AttackUK Govt Department Loses 306 Mobiles and Laptops in Two YearsFirms Urged to Patch as Attackers Exploit Critical F5 BugsDrug Maker to Pay $50m for Destroying DataFatFace Faces Customer Anger After Controversial Breach ResponseHalf of UK Firms Suffer Cyber-Skills Gaps Javvad’s Weekly StoriesJav interviewed by PureVPN Tweet of the Weekhttps://twitter.com/ParikPatelCFA/status/1375096656933306369https://www.wired.co.uk/article/suez-canal-ship-stuck-ever-given Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
excuse me do you know the uh quickest way to get to pearly
well are you walking or you're driving i'm driving yeah that's the quickest way
i love it anyway i've been feeling really bad about myself lately and uh and and it just boils
down to the flu which is is not the flu flu,
not like the man flu,
but I meant as in FLU,
which is I'm just fat, lazy
and unmotivated to do anything at all.
And so...
Oh my God, I've got that as well.
And we know Andy's got it.
Can't relate.
Can't relate.
You're listening to the host unknown podcast
hello hello hello good morning good afternoon good evening from wherever you are joining us
welcome welcome one and all to episode 48 of the Host Unknown podcast.
48, 52, it doesn't matter.
The one that I'm looking at in front of me.
48.
Maybe we should go through and renumber these.
I don't know.
Well, unless we're actually going to post them,
there's no point because it would still be off.
Well, yeah, exactly.
Or maybe we just add like you know three or four
empty episodes yeah see if anyone downloads them something like that something like that yeah
exactly exactly well not unlike the um our bloody supplemental episode we did this week
oh that was interesting yeah yeah bonus content folks and not only that it was free you don't
you don't have to get through
some Patreon or something.
Exactly. What do you think we are? Digital
beggars or something sitting there with
a pot in front of us?
Hand handling. We'll mention
your name.
So tacky.
I'm a Patreon subscriber.
That was actually the first time we had overrun so much we had to cut,
you know, from the original.
It was 10 whole minutes we had to cut,
and it was quite a difficult edit actually as well,
especially as I had to also then try and cut out any references we made to it
in the subsequent 50 minutes.
But, yeah, it just goes to show it's all about quantity,
not quality with us.
Yeah, talking of which, fat, lazy, and what was the other one?
Unmotivated.
Unmotivated, Jav.
So I can absolutely relate to that at the moment.
Absolutely relate to that.
So I've got a suggestion.
Go on.
We all know that Andy's the biggest loser out of the three of us.
So why don't we join him in this biggest loser thing
and actually publicly on this podcast chart our weight loss
and healthy lifestyle.
Are you guys going to get like Instagram accounts where you post motivational stuff every day?
No, Reddit. Reddit has brilliant stuff on that.
No, I'm going to do one of those time lapses.
I took a photo every day for a year and then I'll play it in reverse.
It looks like
i've been losing weight i was gonna say i didn't know your photoshop skills were up to that much
but you could uh you could do that but uh yeah we'll post jav and i if and i'm pretty sure jav's
up for this because he hasn't um cried foul yet we're gonna we're gonna post little snapshots of
our weight loss on
the show notes. We might even make a reference to it occasionally. Um, we are holding ourselves
accountable through you, all three of our listeners. Yeah. So, so, you know, I, I weighed
myself yesterday and I've, I've been really unhealthy lately and really fat, lazy and
unmotivated as, flu suggests. But I'm the
heaviest I've ever been in my life. And I think there's only two ways this can go, which is quite
good. I could either lose weight and then I'll feel good about myself. Or I think if I put on
like three to four more kilos, I'll be on track to apply for a green card and move to the u.s
where i'll fit right in and feel slim again florida man
i can't find that particular sweeper at the moment but uh just imagine i played it
yeah well i was gonna say it's only one of two ways to go. It's death or glory, right? Sounds like something like,
um,
evil can evil would say,
but yes,
evil can evil seventies references folks.
Did,
did,
did either of you had the evil can evil like track or is the motorcycle bike,
which goes on the,
on the track and it does a big jump and it will never landed or anything.
With the rip cords,
the plastic.
Yes.
Yeah.
I never did
all my friends had one and i was insanely jealous you know i never did either and all my friends
did there was that and the big track that all my friends was awesome no the advert was awesome
i knew one kid that had it and it just did not work. Oh, I knew somebody who had it and it was great.
We used to program it to go all over the place.
Yeah, yeah.
The batteries didn't last very long.
That's just 70s batteries for you.
Elon Musk hadn't been born then.
I was going to say, the polonium's still strong though, right?
So I thought you were going to reference,
there was a video earlier this week which i got sent
where some guy actually has one of those evil knievel toys and it sort of bounces like he set
up like an obstacle obstacle course for it to bounce down and that's what i thought you were
going to uh segue into no i've not seen that it just randomly popped into my head evil knievel
i'll dig it out and send it round.
Yeah, do.
Stick it in the show notes. Do.
Pop it in the show notes
and we can share the love
with all three of our listeners
who happen to be under the age of 30.
Yes.
So, Jav, how are you?
I believe, I believe
you have an apology to make.
Yeah, apology is a really strong word, you know.
Yeah, and why are you making me do this up front?
I subscribe to the Daily Mail form of retractions
where post-credit, five minutes after some dead sound,
I'll say, I made a mistake last week.
That was my suggestion.
But given that part of the apology is to Andy and because Andy does the show notes, they're right at the front.
So yesterday, last week, when I spoke about the Joe Biden green screen conspiracy theory I just got
it round the wrong way I said that he uh QAnon are pushing it as a as a real thing and it wasn't
whereas it's the other way around it was a real one and they were saying it was a conspiracy and
Andy did try to correct me at that time but I was in full flow and I said no no no it's the other
way and then Andy was like oh yeah maybe you are no no it's the other way and then andy
was like oh yeah maybe you are right dad and then he was quiet and that's it it's so so okay
all i can say is apology accepted i was gonna say world's best apology jab
oh so so it's proof regardless of what all the fans say,
I am human, I can make mistakes.
I'm just as shocked as all of you are.
I thought you were going to do, you know,
I thought I made a mistake once.
But I was wrong.
Andy, how are you, sir? Not too bad. Can't complain. I'm not sure I'm buying this
whole biggest loser thing. I am what I would refer to as kidnap resistant. And when the borders open
up again and I'm back out in the depths you know the depths of dangerous countries um you know I'm not sure being a skinny guy is the way to go you're gonna be a god in most
countries I am a god in yeah certainly in in some of the Asian countries um yeah absolutely in Japan
they refer to me as a short fat bald guy who smiles a lot. Yeah, and what's the, you know, a very respected,
well, it's a sign of wealth, you know, in many areas.
Many people think I'm a good catch.
Yes, I can afford McDonald's.
But like other, I guess you guys have actually had a busy week,
which I completely missed out on,
other than just whilst researching some notes,
I saw that Jav spoke, obviously, at the InfoSec conference
that we knew about anyway, as he plugged a few weeks back.
But you were speaking at something called the sausage.
The sausage, yes.
The big sausage, actually, was what it was called.
The big sassig.
I can't remember what sassig stands for.
Security Awareness Something Insights Group or something.
Special interest.
Special interest, yeah.
Something Insights Group.
No, we are proud sponsors of sassig.
They've been excellent.
They actually do something
every single day of the week
and they have done pretty much
since the first lockdown.
So, who's we?
Who's we?
You said we sponsor it, and it's not Host Unknown.
Oh, no, no, no.
I'm sorry.
Yes.
Sentinel One are one of the sponsors of SASEG, yes.
And so I did my first talk on ransomware,
which you provided some very helpful notes, Jeff.
Thank you very much for that.
And, yeah, it went really well.
I had a really good time.
But that was my third or that was one of three
or four speaking sorts I did this week.
So they're making me earn my money at the moment, definitely.
Yeah, yeah.
I've done about four webinars this week as well.
So I'm completely drained at the moment.
I know, I know.
Talk about first world problems, right? I had to talk the moment I know I know talk about first world problems right
oh I had to talk about something I knew loads and loads about just on autopilot in front of a camera
for 30 minutes at a time did that four times oh it's just been such a terrible woe to me
yeah exactly I feel guilty sometimes about how tired I feel, but then I realise it's because I've got the flu.
Yes.
Oh, dear.
So what have we got up for you this week?
Obviously, we've got this week in InfoSec.
Tweet of the Week, Billy Big Balls, Rant of the Week,
Industry News,
You Can Measure Height But you can't measure heart.
Okay?
There are no little people, apparently.
And will we have a sticky pickle of the week?
So before we move on.
Yes.
Just one thing.
Until we practice this.
We cut out the 10 minutes from last week's episode where we spoke about uh you know next door and and we
importantly we spoke about a royal mail scam and then that was cut out yes and as a result many
many people fell for that scam because we did not issue it last friday yeah in a timely manner. So, Tom, I believe you owe the listeners an apology and a full refund.
Yes, absolutely.
If you send me in your receipts for payment for this podcast,
I will refund every single penny.
But, yes, we could have stopped this in its tracks
if we'd released those extra 10 minutes on Friday.
Okay, Andy, I believe it's over to you now for...
This Week in InfoSec.
Okay, so welcome to the part of the show where we take a stroll down memory lane with content inspired by the Today in InfoSec Twitter account and embellished by us.
I'm not sure, is that sticking yet? I'm still not sure about it.
It's pretty sticky.
Okay, we'll see.
Alright, so I'm going to swap around the planned order of these two stories
because the first one I'm glad to report is a result of those fantastic guys
and friends of the show, Attrition, listening to our podcast a couple of weeks back
and having some sort of buried memories stirred inside them.
So this day is going to be set in history going forward. So I'm going to raise it here first, and then every year we can come
back to it and remember how it started. So 21st of March 2021, barely a week ago,
there was an announcement from a trition march 20th 2021 uh you know a mere
day before uh an argument was made to reopen their mirror uh which they hosted on their site
and fantastic yeah so they stated uh in their statement uh while we had provided access to
the mirror for a couple of dozen people over the last 10 years we think it may be beneficial
to be public some defaces from back then want to trip down nostalgia lane we still have reporters
doing in-depth research on various topics that request access to dig up historical citations
it stands to reason that more might be interested in revisiting the good old days and the content
that would lead us to over 1 million hits a day.
With that, the doors are open again, and we hope you enjoy.
So although they didn't actually mention us by name, I am just saying that, you know,
Jericho, Noel, Munch, they're obviously catching up with their podcasts, you know, a couple
of days before that announcement was made.
And if you, you know, follow the link in that announcement was made um and if you you know
follow the the link in the show notes for this one uh it basically explains the origins of the mirror
uh you know how they got started back in january 1999 um you know within six months they had over
1300 defacements uh mirrored um they then started doing breakouts to highlight specific groups that
were doing it whether they were were high profile or prolific.
And then obviously, as all good hackers do back then,
they were tracking the operating systems of the host, generating statistics,
which servers were most commonly targeted and compromised.
Just really useful information that was free to all.
They began searching countries, top-level domains,
continuing to do the operating systems and all of that.
All this sort of trending analysis just became a huge chore for them to manage.
And in this announcement, and again, I'll say the links in the show notes,
they actually provide insight of how they did it um you
know using a script which they wrote called a get which was you know attrition get is what it stood
for um and uh the functionality of that literally by the end of it was just like a thousand lines
of code um you know so as more attention was given to these defacements more people were offering
commentary um they would analyze the attrition data sometimes just a quick view and then serving up their expert opinion uh obviously
something we're very good at doing you know i haven't read the story but let me tell you what
i think of the headline um and so yeah despite going on to present commentary of their defacement
of black cat and they actually shut it down in may 2001 uh so it's just over just two years two and a half years it ran for
yeah and you know it sticks in my head certainly as the source to go to um but yeah in that two
and a half years they cataloged just over 15 000 defacements um they left it running for a while
before eventually closing off in 2010 and they're saying it was due to abuse because uh other sites were linking to
them and um you know using their bandwidth um oh heaven forbid man the site links to you on the
internet well you know what it was like back then when uh it was their sites that prevented hot
linking or something you know if you you posted it somewhere else and it says this image is
attempting to be hot linked from another site you know site but yeah so and then you know lo and behold at uh you know beginning of march 2021 11 years after
closing a uh surge of traffic uh you know it's coming from as far out as uganda arrived at the
attrition site obviously via google search and i think that the search terms were like you know
attrition site mentioned on host unknown podcast.
I was going to say, because we have listeners in Uganda, right?
Exactly, yeah.
Exactly that.
And so, yeah, when the attrition crew caught up with episode 45,
Wills was set in motion to bring nostalgia back to the masses.
Fair play to them for getting it, you know,
turned around in less than two weeks.
Yeah.
No, absolutely.
I'm glad that, you know, they listen to the people because, you know, we represent, you know, at least some people.
We are the people's podcast.
We are the people's.
We will not charge it.
Yeah.
We will not charge it.
Well, I mean, we've never, you know, never done anything to do with little people, obviously.
No.
Because that would be insulting.
But we're definitely just, you know know the regular people's podcast exactly so anyway yeah so great work thank you
attrition we're glad to have you back and we're glad that we uh we helped you come back uh so the
second story i'm going to talk about is uh this one generally is content liberated from the Today InfoSec Twitter account.
And so this is going 11 years ago this week. So 25th of March 2010, Albert Gonzalez was sentenced to 20 years in prison for stealing credit card data from TJX and other companies.
And he is still currently serving his sentence
in a kentucky facility um and he's due out in uh 2025 i know it says 20 years in prison but
he's actually due out in um april 2025 i i read on his site so anyway who is albert gonzalez and
why is he important in the history of infosec um and it's you know i know i'm
not going to do this justice so i do recommend you you do uh your own reading on this guy but
you know if you had a venn diagram of uh sort of major infosec bingo bullshit cards i think you
know albert gonzalez would cross many of these uh you know so he was a curious child he hacked nasa at the age of 14 um college
dropout uh recruited by the secret service as an informer uh operator of a darknet carding site
um he double crossed the secret service um he was certainly in the old days you know mentioned in
many awareness training videos of why wet is a weak protocol to use for wireless
encryption. Pretty much the main use case in all PCI awareness training, you know, sessions that
went around back when they were still on version two, you know, a case for what goes wrong when
you're not PCI compliant. You know, payment systems expert is uh he shares the same surname as the fastest mouse in
all of mexico um just now we're dating the listeners right so his uh lifestyle well i mean
you know he did loads of stuff as a kid but you know where the the where his downfall started was
um he was caught withdrawing cash with fake cards uh you know one night it's crazy story like he was caught withdrawing cash with fake cards one night. It's a crazy story.
He was spotted out one night withdrawing cash,
but he was dressed as a woman,
and it looked suspicious to a police officer,
and it was before midnight because he knew that banks
would reset their daily limits at midnight.
So he'd have a whole load of fake cards that he'd populated
with stolen data, withdraw the maximum limit,
and then after midnight with
you know double dip like withdraw again and um so after this you know he actually gave his real
name to the police uh you know at this stage and you know he was later like he explained how he did
things and you know he wanted to talk and sort of share how he understood stuff um so he was later
recruited by the secret service and was their inside man on the Shadow Crew forum that he was a moderator at.
And so during something called Operation Firewall, this was like a big, you know, a multi-year event that was run by the Secret Service and, you know, using him as the inside man.
Shadow Crew was described as,
how was the federal prosecutor put it?
Shadow Crew was an eBay, Monster.com,
and MySpace all in one for cyber crime,
which, you know, probably a good description back then.
So a typical sort of cyber bazaar that, you know, came up in the early 2000s.
You could buy stolen card accounts, you know,
mag strip encoders
card embosses you know and it's like a form how you can create effective scams and you know get
tips on how to do things so he was you know as part of his um you know deal he was the inside
man he would help the secret service um so he'ded for Secret Service agents to come into the site. And
it was just brilliant. Over the period of this couple of years, they actually just embedded more
and more Secret Service agents in this site. And when people were getting suspicious, they were
saying, right, we need to talk via VPN, like install this VPN client, make sure all our
chats are encrypted. And the Secret Service had the wiretap for all those VPN connections.
So, you know, they could read everything.
So Albert Gonzalez worked his way up through the ranks,
you know, persuaded everyone to use this VPN.
So it was all, you know, secure.
And in the meantime, all of the data that, you know,
the Secret Service and FBI needed was being captured on this site.
And it resulted in massive takedown of loads and loads of people,
all these hackers across multiple countries as well.
And so while all this was going on, he and some of his other crew
were actually still out and about, basically breaking wet, you know, sitting outside retail stores, sitting in the car park of, you know, all these stores like TJ Maxx and stuff like that, and just capturing all of the credit card numbers that were going through the transactions as people were, you know, paying for their goods. And it's estimated that he and his crew gained access to about 180
million payment card details, you know, from customer databases, you know, from multiple
corporations across America, you know, some of the biggest ones, you know, Target, Barnes and
Nobles, JCPenney, even the 7-Eleven bank machine network um and in the words of the chief prosecutor
the sheer extent of the human victimization caused by gonzalez and his organization is
unparalleled um so quite a i would i would call a main character you know if there was a story of
infosec uh you know i'd say this is definitely a main character. You know, if there was a story of InfoSec,
I'd say this is definitely a main character with an origin story well worth investigating.
So Albert Gonzalez is another one of this week's names.
So he played both sides, even after he was picked up by the Secret Service.
Yeah, double agent.
He was a double agent.
And he got two consecutive 20-year sentences for all of his efforts.
Consecutive?
Yes.
So he should have had 40 years.
Yeah.
And so they actually dug up like a million dollars in cash that he'd buried in his parents' garden.
You know, he'd just withdrawn so much money, he didn't know what to do with it.
Do you know, and if he'd withdrawn so much money, he didn't know what to do with it do you know and if he'd withdrawn so much money to know what to do it i bet you that was his sacrificial cash yes so if i put this here
they'll stop looking because i think that's enough well that's like the uh you know when
the guy kids get stopped and they've got um like a an ounce of weed or something in the um you know
pocket and they're like oh yeah i've just got the
just got this one spliff off so there it is you know it's in that pocket and then you know they've
got like you know two kilos stuffed in their pants or something they think if they give up i have no
idea what you're talking about he's talking about the audit box the audit box yeah info sector you
give them something exactly yeah no actually um there's also a really good account of some of this
in Jeff White's book, Crime.com.
I keep meaning to buy that, yeah.
Yeah, it's actually so well written.
But that was a fantastic summary, Andy.
I really appreciate it.
I can't believe this was like over 11 years ago.
When I hear of TK Maxx, I'm like, oh, that was surely like three, four years ago. i heard here of tk maxx i i'm like oh that was surely like three
four years ago it's still a reference today you know when you talk about pci and stuff like that
this is still wheeled out as an example i think the thing that gets me though is that the u.s
press on this always called uh tk maxx by the wrong name. They kept on saying TJX. What the hell?
It's TK Maxx.
Come on.
So it's TK Maxx in the UK?
Yes.
Yeah.
Oh, really?
It's just like the old Snickers and Marathon thing, right?
Yeah.
Raiders and Twix.
Raiders, yeah.
Raiders, really?
Yeah.
Well, not anymore.
It's Twix now.
Yeah.
No, no, for real.
So we got Snickers and they got Twix.
Yeah.
So that seems like a fair trade.
Was it done at a bridge in the middle of the night?
Yes.
Show me your Twix, only if you show me your Snickers first.
Okay.
Anyway, thank you.
That was...
This Week in InfoSoul.
Blimey, that was like a little history lesson.
It always is, isn't it?
Oh, well, yeah.
This is education.
Education for the masses.
Let's fight.
Who's up next?
Oh, it's me, isn't it?
And it's this time...
Listen up! Rant of the Week. It's time next? Oh, it's me, isn't it? And it's this time. Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
Now, I love this story because it gives me a chance to talk about a certain company.
So, Daniel Kelly, who is the Associate Director for the Centre for Technology and Society
at Anti-Defamation League.
There's a title and a half.
I'm not too confused with the EDL, right?
This is the ADL.
Yeah, that's right.
So he posted something this week saying,
today we're releasing our annual nationally representative survey
of hate and harassment on social media. In a year where tech
companies made bold statements about their efforts to address hate on their platforms,
Americans' experience of harassment remained constant. So bear in mind, folks, this is aimed
at, or rather this research was from America, not worldwide. But I think it's probably,
you know, you could hold a mirror up to the rest of the world with it.
So some of the findings.
41% of Americans experienced harassment online, according to this year's survey, with 27% experiencing severe harassment, which includes stalking, sustained harassment,
physical threats, sexual harassment, dox stalking, sustained harassment, physical threats,
sexual harassment, doxing, and swatting. 27%. Jeez, that's more than one in four. That's incredible. Overwhelmingly, the platform where Americans experience harassment was...
No prizes, Facebook.
Facebook.
was no prizes facebook facebook well you say that yeah and what i i took a look at this when you shared this a few days ago and i was looking at the methodology that they published and i
couldn't find out they weren't clear as to whether the sample sites were using Facebook
more than any other platform.
If you get one.
So the sample site was 2,251 people.
So it's okay.
But I don't know whether most of them,
maybe about 2,000 of them were using Facebook compared to Reddit or Discord or other ones.
Maybe not so much.
So I think unless that's clear, I don't deny for a second that Facebook is a horrible platform.
But I think also just because more people use it, it's also natural to expect more harassment to take place on the
platform and also it's it works on percentages so you don't know if that's a percentage of the users
of that platform or whether it's a percentage of the entire uh people that were questioned
yeah i mean there's no way you're going on 8chan and not getting abused you know exactly well
that's what i thought that's what i thought
actually you know um but yes 75 of americans who were harassed reported being harassed on facebook
with the next highest being twitter at 24 so yes very interesting stuff here uh so yeah facebook
75 uh twitter 24 instagram instagram 24 percent youtube 21 percent
you know all about that don't you jeff um 15 percent snapchat 11 whatsapp 9 tick tock so do
you know what i i i dislike about this is uh they've got a nice graph and i love it when you
know people include images and graphs and stuff like that but as jav sort of mentioned you know it doesn't break down you know percentage of users
because to me none of these make sense like it's 75 of people you know harassed by facebook 24
by twitter 220 uh 24 by instagram uh you know 21 we've already gone over 100 you know i think you can be harassed on multiple
platforms you can but then i don't think you're being you you know i'm sorry you can't harass me
on twitter you can no but what i'm saying is are we talking it's the same person harassed on facebook
and twitter and instagram or are these all different people because it could just be that
person's a dick.
Yeah, yeah, very true, very true.
That's an element of that.
There is an element of that.
Although, you know, I would hope that certainly within the methodology,
harassment isn't just, you know, stop being a fucking Nazi,
but rather, you know, something a little bit more, you know, don't post about, I don't know, cats on this channel, you ask.
This is a channel about dogs and now I'm going to kill you.
Oh, this is, I see LinkedIn's not mentioned on this graph.
Well, I see Apple is also not mentioned on there as well,
which just proves my point.
But you know with LinkedIn, when people say, why are you posting this on LinkedIn? This is
a professional network. Yeah. That's not harassment though, is it? Yeah. Yeah. And you know what? It's,
it's also when you dig into the report, I'm not convinced. I'm not convinced, I'm not entirely clear as to what constitutes harassment.
So, for example, online, one of their charts is like 49% of people believe they were harassed because of political views.
You know, people are always disagreeing about politics anyway, especially in America over the last couple of elections.
especially in America over the last couple of elections.
You know, if you were a Trump supporter,
then you were called all sorts of wild things under the sun.
And if you're a Biden supporter... And if you're a liberal snowflake, then you're also called...
Exactly, exactly.
So I think there's...
I think it's a really good question to ask.
I do believe this kind of research is absolutely essential.
Hopefully more will come from this.
Exactly.
We need to understand more about what actually hate and harassment is,
defining it properly as opposed to my feelings were hurt.
as opposed to my feelings were hurt.
And also then, you know, I think this is a problem that's platform agnostic.
Just because, you know, Facebook, if Facebook suddenly tightens everything up that you can't post anything hurtful or hateful at all,
these people will just move to Twitter or Instagram.
It's a human problem.
It's not a technology problem.
People will just move to Twitter or Instagram.
It's a human problem.
It's not a technology problem.
It's a human problem that is exacerbated by the platform upon which they're allowed to operate.
See, I think that, you know, one thing I believe, I don't think technology changes people.
It just exposes people for who they actually are.
But isn't that changing? You know, you expose people for who they actually are but isn't that changing you know you expose somebody for who they actually are that changing what you're doing is actually you're
changing their ability to express their unpleasantness normally under normal under
societal norms people who express grossly abhorrent views and who are, you know,
openly aggressive to other people will be, you know,
either marginalized or even taken out of society, et cetera.
Whereas with a technology-based platform,
you can do all that behind a veil of um anonymous anonymity yeah so so i don't think
that the technology's changed the person it's just bought out what's already within them it's
it's allowed them to change their behavior though uh well i think they always exhibit that behavior
it's just now more visible to other people but also i think and and this goes back to the previous point
I think just because someone doesn't agree with your political views or someone you know
criticizes your physical appearance it's not that it's not an extreme thing it's like sure being
um bigoted towards someone or or not hiring someone because of their race or or something
like that,
that that's completely different from, you know, well, I think you're an idiot because you voted
for Trump or voted for Biden. You know, there are there are so many different.
The spectrum is very broad on this. So that's where I think we need to be far more specific
on on what these I think we're violently agreeing on the same thing,
just from different ends here again.
No, no, no.
I just want to sound more intellectual than you.
But what I will say, though, Jav,
is that what you are doing is undermining our ability
as Host Unknown to say that we just read a headline
and give our opinion.
So I think that this chart needs to be updated
with 2% host unknown podcast harassment.
But actually, just before we close,
because I think this is, as you said,
great, useful research.
There's more questions need to be asked
and hopefully further writing will be done from this, you know,
and hopefully will make its way, you know, to the platforms themselves.
But one thing that did surprise me on here, taken at face value, you know,
let's not go into the real sort of details here.
But we work in InfoSec.
We want to tear stuff apart.
Yeah, exactly.
But if we look at Facebook at 75% and TikTok at 9%,
and so let's assume at face value there is more harassment on Facebook
than there is on TikTok, which company actually went
and did something about reducing harassment on their platform recently?
Yeah.
TikTok.
The ones that had, on face value, less of a problem.
Yeah.
And to be fair, I mean, Reddit do have moderators as well.
For, you know, most, I see Reddit also coming at 9%.
Yeah, although Reddit has had a real thing.
Are we going to talk about that?
Are we going to mention that this week?
Well, suffice to say, Reddit hired a moderator and admin recently
who had a very checkered past, UK-based,
had been thrown out of two political parties,
two mainstream political parties,
has made some very poor decisions in their personal and professional lives.
And I'll leave it at that.
And they were put in charge of this particular subreddit.
That's right.
And then anybody who made mention of this person was immediately banned.
Anybody who made any kind of reference to this person
or their background was immediately banned.
Reddit tried to say it was a bot that did it.
And, of course, the whole thing just suffered from the Streisand effect,
which basically meant by trying to hide something,
it brought it out even more into the public eye.
And this person has subsequently
been let go of by reddit yeah but no it was because uh you know all the other for moderators
of forums that they set their channels to private so you couldn't search them that's right and so
it really that's that's when it starts impacting you know reddit's value, when there's no content for people to see.
Yeah, yeah.
And as I read, Reddit only backpedaled when the media got hold of the story as well.
Yeah.
So I'm surprised.
Well, actually, I'm not surprised that Reddit's quite low,
because actually, on the whole, I find Reddit to be an amazingly supportive platform
of everybody.
But what they dislike is being, what's the phrase, you know, not being allowed to talk openly about stuff.
Yeah.
I think there's a lot of self-regulation in Reddit.
And I think the moderators do need to be um uh held more accountable than they currently are
but anyway anyway so yes absolutely fascinating is that any any different or is that um that's
not nothing to do with the the other guy that returned to the fsf board or anything is it
what no this was a uh woman who's a UK politician as well. Amy Chaloner.
Yeah, with links to child pornography.
Oh, damn.
So, no, I'm thinking of Richard Stallman.
That's it.
Oh, no, no, no.
That was actually taken as an example of the sort of thing,
of sort of poor behaviour, et cetera, within this story as well.
So absolutely fascinating stuff. Anyway anyway that was this week's
rant of the week
god getting all serious aren't we i know i know so let me pose
no sorry strike a pose we'll put the cameras on right
recording from the uk Strike a pose, we'll put the cameras on, right?
Go!
Recording from the UK.
You're listening to the Host Unknown podcast.
Yes, you are.
Home also of...
So, let me pose a question to you two.
Hypothetical, hypothetical question.
Say you had Twitter account and about 140,000 followers, just for sake.
I can relate. Yeah.
And you're about to do a presentation the next day and, you know,
Twitter was going to be integrated into it you know
sending out tweets about your talk and slides during it make it interactive and what have you
and the day before you find out that your twitter account's been compromised some
no good script kiddies have gotten access to your twitter accounts and now they're peddling out
those playstation 5 scams or Bitcoin scams or something like that.
So you're faffing about, you're like, oh my God, I need this.
This is terrible.
My followers are going to be like really upset.
So you start searching for solutions and someone DMs you saying, hey, for a hundred quid,
I could get you your account back.
Would you pay?
No!
So, I mean, yeah, we pass judgment and say no,
because I think we're a bit more educated on the topic.
But come on, your Twitter account has been hacked,
and then in your Twitter account,
you get someone saying, I can help you out on this.
Well, I don't know if it was a Twitter account. I think it might have been someone that emails you or something,
because you've lost access to your Twitter account,
hypothetically speaking.
It's got all the classic hallmarks of sense of urgency,
something you need.
Yeah, you can see why people fall for it.
Yeah, yeah.
So, plot twist.
This is not a hypothetical scenario.
This is not a sticky pickle of the week no no this is exactly what happened to uh helen bevan who's the chief transformational officer at
the nhs she had her two twitter accounts with combined 140000 followers stolen by hackers and used to promote fake PlayStation 5 sales.
So she then got a message saying,
someone, hey, give us 100 quid, we'll get it back for you.
So she paid, and they sent her a little image
of some computers whirring and saying,
yeah, this is us working on trying to get your data back.
Brilliant. and saying, yeah, this is us working on trying to get your data back. And then they later said, oh, we've got your data back,
but there's some snag at Twitter,
and if you could give us just an extra 100 quid,
we can get you your files.
And at that point she thought, I'm being taken for a ride here.
And so then she um uh ended up contacting twitter and two days within in about
two days they done their searches wherever they recovered her account and handed it back to her
um yeah wouldn't you go to twitter in the first place well you know that that's the thing i think one of the things is it's like
like andy said it's a panic state uh secondly i mean how much faith do you have in a lot of
these big tech companies to be able to resolve something quickly for you and she probably needed
it quickly and uh efficiently so um well i i um i i trust twitter three times more than i trust facebook
so is this so is it so you've got this scam uh you know where i see they're promoting the fake
playstation fives uh in demand product lots of people want it you know some people just buying
it for the sake of it maybe overlooking that overlooking the scam element. And so did someone else see that this account was compromised
and then say, actually, I'm going to run a scam
whilst this other scam's in progress?
So is it entirely unrelated?
It's like an exception scenario.
It could very well be.
It could very well be.
That's brilliant.
And then someone else DM'd her and said,
I see you're being scammed by someone.
Yes.
I need £100 and I could get rid of this scammer
who's trying to help you from these scammers.
Yeah.
I can backtrace his IP and drop a Trojan on his firewall.
So in her defence, slightly slightly she said that she thought she'd acted to fa uh because she uh input
her phone number into twitter and everything but obviously didn't click it so something to be said
about the ui there um but now she she's actually i i think it's important we applaud her we recognize
her that she's come forward with the story and she's done because i think it's important we applaud her we recognize her that she's come
forward with the story and she's done because i think one of the big problems is that when
someone's scammed there's a stigma that i'm stupid oh my god i've been fooled yeah but this way
people are like well if it can happen to her i don't feel so bad if it happens to me and i can
you know go to twitter or whoever the authorities as opposed to trying to, you know,
hide it or pay someone off or pretend it didn't happen.
I mean, this is a common thing that happens in those romance scams.
You know, people, they actually don't go to authorities in a lot of cases
because they feel so stupid that they were duped by a picture online
and they thought they were talking to the love of their life
and they ended up scamming them.
However, on the flip side, and I will say this does ring a lot like,
you know, it's like a kid that looks at the sun through a telescope
and gets blinded and then goes around on tour to every school
in the country telling kids, don't look at the sun through a telescope because you might get blinded and then goes around on tour to every school in the country telling kids,
don't look at the sun through a telescope because you might get blinded.
You know, there's kind of that, you know, you could say that she's now a certified expert
in social media account recoveries.
Well, she actually says that.
No, no, she doesn't say that but she's she's going
around preaching that and and someone actually used a phrase which i stole and uh they they said
they they're referred to as false authority syndrome that just because you've been scammed
once you think now you're an expert on the topic which i thought it was an interesting phrase and
choice of words i'm not saying that there's i i don't know where that phrase originates from or uh what it's about but i i thought it's a it's an interesting use of the
phrase and uh the the sticky pickle she found herself in sticky pickle of the week yeah i mean
that's harsh because if you think lots of uh criminals that i say criminals that get caught
and then become experts and you think well they can't be that good because they got caught,
but they're the ones making the money.
Well, yeah, exactly.
Yeah.
But I think you're right.
And I know my reaction to this initially was incredulity.
Incredulity.
That's right.
But, you know, and why would she do, why would she do this? Why would
she, you know, go to the scammer who said they'd do it for a hundred quid and all that sort of
thing. But I think, I think you're right, Javin, highlighting the point that most importantly,
one, we shouldn't be victim shaming and two, the fact that she comes forwards and makes this very public will hopefully just be another warning story
at people and will chip away at the sort of general ignorance of the issues
that everybody needs to be aware of and avoid.
And I don't mean ignorance in a bad sense.
I mean purely because that's not the world that they move in.
Billy Big Balls of the Week.
Andy, what time is it?
So it's that time of the show where we head over to our sources
on probation at the Infosec pa news wire
who've been very busy bringing us the latest and greatest security news from around the globe
industry news
russian man pleads guilty in tesla extortion plot news. UK government department loses 306 mobiles and laptops in two years.
Industry news.
Delhi police bust call centre scammers.
Industry news.
Fired IT contractor jailed for retaliatory cyber attack.
Industry news.
And in case you didn't hear it the first time,
UK government department loses 306 mobiles and laptops in two years.
Firms urged to patch as attackers exploit critical F5 bugs.
Drugmaker to pay 50 million for destroying data.
Fat face faces customer anger after controversial
breach response.
Industry News.
Hall of Fame suffers. No.
Industry News. Half of UK
firms suffer cybersecurity skills
gap. Industry News.
You've got Hall of Fame on the brain, my man.
And that was this week's
Industry
News.
The story I really want to talk about is this Hall of Fame.
You know what?
You know what?
It's because last night on Twitter,
I saw this little video clip of The Undertaker telling Kane
he's about to be inducted into the WWE Hall of Fame.
And it was such a genuine moment because, like,
Kane was so overwhelmed with emotion
and he was almost like choking up.
I'll send you the link, Andy.
You'll appreciate it.
And if you'll just join us, welcome to the Host Unknown podcast,
home of theatrical violence for the masses.
Andy, was it a mistake or were you really trying to emphasise the fact
that the UK government department loses
306 mobiles and laptops in two years no so that was actually a genuine mistake and the story which
i should have had was uh cna suffers sophisticated cyber attack um industry news but what i've done
because i uh i don't just i mean i don't just you know pull from one source right you know i don't just pull from one source. I don't plagiarise.
I do research.
So I acquire it from multiple sources.
And I'd obviously copied and pasted the wrong link twice.
But that said, it's worth emphasising,
because that was a story I was going to come back to.
306 mobiles and laptops in two years.
I know.
I mean, how big is this government department?
If this department is like 100,000 people, that's probably not too bad.
If this department, as I suspect, is like 500 people or something like that,
that's appalling.
And also, it could be like iPhones come out,
like a new version of an iPhone comes out,
and if you lose it, they will replace it.
And so people tactically lose things.
That's actually a really good point.
That's a really good point.
But nonetheless, does it actually say how big the department was in the story?
It doesn't, no.
Because I'm only looking at the headline.
Actually, so it says the department for business
energy and industrial strategy is the um so we should be able to look that up but nonetheless
that is a huge number for a single government department again if that was across the entire
government fair enough but that seems to be very hard it's interesting the numbers actually halved
last year during the pandemic.
Funny that, because people aren't going around to the pubs
and getting pissed and leaving them at the bar.
Yeah, the parliamentary bar.
Not that I have any experience of doing that whatsoever.
No, that was an interesting one.
I actually received this fat face breach notification.
Oh, did you?
Yeah, no, without any jokes about me having a
fat face no no i know that's where you're probably going but no it did actually the
subject was you know private and strictly private and confidential
apparently not yeah well then it's like you know your date you know we take this very seriously. Yadda, yadda, yadda. Your data's safe. Included your name, address, and phone number.
And what else?
Yeah, and the last four digits of my card or something.
But fortunately, that card expired this month.
Well, and also, last four digits, big deal.
Yeah, I mean, it's just annoying the way they reacted to it.
They could have just been more upfront.
What was the controversial part?
The fact it's private and confidential, and they don't want you to talk to it. What was the controversial part? The fact it's private and confidential
and they don't want you to talk about it.
Oh, I see.
They're actually saying...
Yeah, so strictly private and confidential
notice of security incident.
Dear customer, we're contacting you
as one of our valued customers
to let you know about a recent security incident.
Yeah, whilst we're unaware of any attempted or actual misuse of information,
out of abundance of caution, we wanted to give you the information.
And so, yeah, they're saying 17th of January,
they identified some suspicious activity in its IT systems.
I mean, this is literally templated like breach response.
You already know what the stuff is.
They've just completed their review.
Hey, quickly, I want to make a breach response.
Yeah, exactly.
Insert company name here.
Mail merge.
You know, Fatface takes security of your information extremely seriously.
As soon as we became aware of the incident, we launched an investigation.
Yada, yada, yada.
Third-party specialist working flat out over recent
weeks various preventative security measures were in place at time to protect your data
uh unfortunately like many organizations subject to a sophisticated cyber attack
um yeah reported ourselves yada yada yada data taken uh first name and surname email address
address details partial payment card information
by way of last four digits and expiry date you know i i love the phrase an abundance of caution
i'm going to use that and every time i cc anyone in an email i'm just cc'ing you out of an abundance
of caution just in case you need to know about this. They actually say it twice.
Yeah, so they say it up there.
For covering my arse.
Yeah, and then further down,
they say purely out of abundance of caution
and not because we consider your data to be at risk.
To help you monitor your personal information,
certain science potential activity,
we're offering you free access to credit monitoring services.
Yeah, so, yeah, it's not, and that was from the CEO. And obviously signed off,
you know, that the security of personal data is really a priority at Fatface. We assure you that
we've been doing and will continue to do everything we can to ensure the ongoing resilience of our
systems. So, you know, we spoke about how I've spoken at several industry leading conferences this week, including keynote in InfoSecurity.
But also, what I neglect to mention, which is a good place to put it here, is I was interviewed by the fine folk over at PureVPN, a leading provider of VPN services, allegedly.
I don't know.
You're interviewed by them.
You don't know if they're a bunch of scammers
or if they're real or not.
No, no.
I think as I run this program,
just a quick list,
potentially unwanted program, it's flagged as.
I'm kidding.
It's not really.
It's not really.
No, no. It's an actually unwanted program uh
so so the links in the show notes uh go and read it uh you know it's uh think of it like a written
version of what i talk about on this podcast so um it's that bad
no it's like what i say here, but copy edited.
Let's put it that way.
So very, very short.
Excellent.
Thank you, Jav.
Jav adds weekly stories.
We need to move straight on.
But while I work out what we're going on to next.
Sketchy presenters, weak analysis of content,
and consistently average delivery.
Like and subscribe now.
And it's straight over to you, Andy.
Tweet of the week.
And we do it again,
always and always.
Tweet of the week.
Excellent.
So this is,
unless you have been living under a rock,
you may have heard
that the Suez Canal,
which is referred to as humanity's greatest ever shortcut, currently has a 400 meter long cargo ship blocking it. corner um the part which connects the mediterranean and red seas uh which basically saves ships on the
asia europe route a 6 000 miles circumnavigation around africa uh which converts a 12-day voyage
into a 12-hour journey um and also it saves 500 000 in fuel costs in fuel costs by taking this passage.
So the Evergreen on Tuesday morning,
sorry, the Ever Given,
which is one of the biggest cargo ships in the world,
ran aground on its way from China to Rotterdam
as it went through the canal.
So it suffered a power failure,
drifted and literally just got wedged
at the part where the canal's at its narrowest
um you know just 205 meters wide um and so they're saying that at the day of recording so
like we're three days into it now there's approximately 10 billion dollars worth of fuel
and products um built up in a traffic jam on either side of this boat as you know it prevents anything else
from getting through um i just need to set up a contraflow well yeah you think uh so anyway the
tweet about this is a guy called dr parik patel um and unfortunately you know people don't realize
this is a parody account um but he's basically put a photo you know picture up and he's edited
on it and he says uh i've just
solved the suez canal crisis i don't know why this is so hard and he's got a picture of a boat at the
back pulling one way and a boat at the front with rope pulling the other way um you know it's just
like you know really what's so difficult about this um but i mean yeah you've got tugboats dredges
everything literally half the boat is in africa The other half's in Asia at the moment.
This is the classic example on your risk model of a low risk,
high impact event occurring.
Black Swan event as well.
Black Swan event, yeah.
It's obvious that this would happen at some point,
but only after it has happened.
Yeah.
So I mean, some of the other, you know,
InfoSec weigh-ins on this have called it a denial of service attack,
as in like a denial of Suez attack.
You know, example of a DDoS distributed denial of Suez attack.
Classic side channel attack,
Austin Powers meme of someone backing forward.
So lots of, you know, just, I mean, to me, this was just more meme worthy.
But yeah, definitely just, as you say, a black swan event.
And they're actually like $10 billion worth of trade currently backed up.
And they're saying that you know their best chance
is when the low tides arrive at the end of march to help dig this out so at the end of march
so uh yeah we watch with uh excitement in terms of you know someone knew that this was a risk but
they said yeah it's an acceptable risk i did wonder why my amazon delivery was being delayed
yeah well it's my alibaba stuff I'm worried about. Yeah, exactly.
So I found this beautiful tweet,
and I just dropped it in the show notes. It's by Katie at KR Fabian,
and it's a little two-verse ditty,
which goes like this.
My name is Boat, and when I'm tired,
but shipping work is still required,
then all I want is little snooze.
I turn to side, I block the soos.
Very good.
I love it.
I love it.
No, brilliant.
I like it.
Thank you very much, Andy, for this week's.
It's late of the week.
Excellent.
Folks, I think we come to the end.
We kind of already had our sticky pickle in the middle of it anyway with Jav's little scenario. Excellent. Folks, I think we've come to the end.
We kind of already had our sticky pickle in the middle of it anyway with Jav's little scenario.
Any last words, folks?
God, that sounds a bit ominous, doesn't it?
But anything to round the show off?
No, I'll just say I'll see you two losers next week.
Well, I'll be the biggest loser.
Yeah.
All right, fat face.
No, that's, yeah, we know who that is.
Jav, thank you very much as always for a great episode.
You're welcome.
And Andy, thank you very much.
Stay secure, my friends.
Stay secure.
You've been listening to the Host Unknown podcast.
If you enjoyed what you heard,
comment and subscribe.
If you hated it,
please leave your best insults
on our Reddit channel.
Worst episode ever.
R slash smashing security.
Andy, just out of curiosity,
how much do you weigh?
See, I don't label myself like that.
I'm more than a sum of my numbers.
You're like 100 kilos, but you identify as 20.
Exactly.
Yeah, I am a trans slender.
Oh!