The Host Unknown Podcast - Episode 61 - Hey Everybody Andy is Famous!
Episode Date: June 25, 2021This week in InfosecWith content liberated from the “today in infosec” Twitter account19th June 1987: The first Summercon hacker conference was held in St. Louis, Missouri and was run by the hacke...r zine Phrack. It's still going strong - the 33rd edition took place virtually last year with in-person attendance returning to NYC next month.https://www.summercon.org/https://hackstory.net/Summerconhttps://twitter.com/todayininfosec/status/127406578028854886420th June 2011: The earliest attack of Operation AntiSec was performed by LulzSec against the UK's Serious Organised Crime Agency.https://twitter.com/todayininfosec/status/1274498724786397184 Rant of the WeekEthics in Cybersecurity Marketing – Principles of Value ContributionEC-Council was recently discovered to be publishing blogs that were, in the opinion of a lawyer I spoke to, plagiarized from security and technology experts. One such work was my blog, “What is a Business Information Security Officer (BISO)”. What follows is a description of the events and what I believe needs to be done to correct this horrific trend.Alyssa Miller Duchess of Hackington @AlyssaM_InfoSecSo I really want @ECCouncil to understand the damage they've done (a thread):EC-Council Deflects After Calls of Most Recent Plagiarism Billy Big Balls of the WeekThree things that have vanished: $3.6bn in Bitcoin, a crypto investment biz, and the two brothers who ran it“We got hacked and we'll be right back”, duo said ... two months ago.South African Brothers Vanish, and So Does $3.6 Billion in BitcoinA Cape Town law firm hired by investors says they can’t locate the brothers and has reported the matter to the Hawks, an elite unit of the national police force. It’s also told crypto exchanges across the globe should any attempt be made to convert the digital coins.Two South African brothers have vanished with $3.6 billion of bitcoin in what could be the biggest crypto heist in historyIn the time the story first hit, to the time Forbes published it, the value of the haul had dropped significantly in line with the volatility we expect :)South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin Industry NewsNovel Phishing Attack Abuses Google Drive and DocsGoogle Spices Up Supply Chain Security with SLSA FrameworkNuclear Research Institute Breached by Suspected North Korean HackersFinger Scanning Costs Six Flags $36mSEC Probes SolarWinds Breach Disclosure FailuresNIST Publishes Ransomware GuidanceNuisance Call Company Fined £130,000 After Eight-Month BlitzAnti-virus Pioneer John McAfee Found Dead in Spanish Prison CellGoogle Pushes Back Cookie Removal Plans to 2023 The John McAfee storyWhen Javvad met John McAfeeHow to uninstall McAfee anti-virus in his own words Tweet of the Weekhttps://twitter.com/ShootyDoody/status/1407684922786127873 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So, Andy, I heard you went through quite a traumatic experience the other day,
basically watching your parents arguing.
It actually made me glad I'm an orphan.
It's nothing like the happiness that comes across.
The final article, right?
When you look behind the magician's curtain, there is no going back.
There isn't.
It's really eye-opening.
It's a bit like Siegfried and Roy.
They hate each other.
And if one of them turns their back, they're going to get mauled by the lion, right?
Yeah.
Were you the lion in this analogy?
I'm not sure.
You're listening to the Host Unknown Podcast.
Hello, hello, hello, good morning, good afternoon, good evening, and welcome to the Host Unknown Podcast, episode 61.
the Host Unknown podcast, episode 61. Yes, it has been quite a week for one of us within the group here today. Andy, how are you and how was your experience on the podcast that
we very rarely talk about, the Smashing Security podcast?
The second best InfoSec podcast available to download.
It was a good fun.
Yeah, sorry, I'm too famous now.
You can't speak to me anymore.
I've got people calling me on my phone and everything.
Yeah, well, that's because you actually gave your phone number out.
It was, and no one believed it was my real number.
So everyone is messaging saying, is this really your number?
So everyone is messaging saying, is this really your number?
So you've had responses on the number that you gave out on a wildly popular and sponsored podcast.
Amazing.
But, yeah, I mean, they've hit over six million downloads on their show.
Apparently so.
Every month.
That triggered the clause in my contract to have me on as a guest.
Right.
But, you know, I hereby retire from other people's podcasts you know what the plot twist is um and this is quite genius and he's now selling all
the people who contacting him like the is this really your number he's selling their details
onto his marketing department and now they're like hey do you have time to schedule a quick zoom call i can sell you a product qualified infosec uh qualified leads of people
interested in infosec yeah or qualified leads of people who listen to the second most popular
security podcast just to be very very specific yes did you reply to them and say hey download
the host Unknown podcast
and you can listen to me every week?
Do you know what?
I didn't actually do any self-promotion.
And I'll give a shout out to the first person to message,
James, who is a SOC analyst somewhere.
He just said, look, curiosity got the better of me.
Is this really your number?
Did he then give you his linkedin or
something how do you know he's a sock analyst oh he mentioned he's a sock analyst oh right right
you didn't do like a reverse lookup equivalent uh well not yet no so i've not checked my yet
well i said i've not checked linkedin yet so i you know unlike all of my social media is
completely disconnected from my emails or the
emails that I check.
So it's why I do stuff in blocks.
You know,
so if I,
if I get LinkedIn requests,
you know,
I tend to sort of deal with them once a week or,
you know,
once a month,
maybe if I do get to them,
I'm not big on social media these days.
Let's be honest.
No.
For someone who introduced themselves to me as I am at Sir Jester on Twitter,
you might have heard of me.
Well, no.
See, I know you love telling that story,
but it's literally we'd had an interaction on Twitter,
which you'd clearly forgotten because, you know, you were drunk.
Yeah, that's fair.
And so I was trying to remind you of the kind of –
I'm sure I said, I'm going to come and speak to you
at this time
and you were like yeah okay
the best was
we went up to Abertay
for their conference
and Tom had had a few and he was a bit
he was a bit into that happy place
where the confusion cloud starts to come over
a bit and
Dr Jess Barker and uh freaky clown
were there so tom goes up say hi i'm tom and he and uh he goes yes i'm freaky clown and uh tom
goes okay it's a bit like it reminds me of the spider-man bit aha so we're using made-up names
so what do i call you then and he said you can call me freaky clown and tom just looked at him
for a while and he was processing processing okay then nice to meet you and and he said you can call me freaky clown and Tom just looked at him for a while and
it was processing processing okay then nice to meet you and then he moved on yeah that's right
I remember that I remember that I I failed to compute that he did not want his real name known
that was yes you know there's another time we went, like, the three of us went out for dinner.
And, I mean, this was like, I don't know, we'd met a few times after this.
And I was going through LinkedIn, and I sent Tom a LinkedIn request.
And I joked in the message, said, hey, Tom, it's Andy.
I'm a friend of Jav's.
You know, yeah, just joking.
And Tom actually replied, oh, any friend of Jav's is a friend of mine and it was like Tom it's me it's
actually we've had
dinner
like zero idea who
I was
yeah if you just said
Sir Jester I would have known you know
you might
yeah another white guy called andy i mean red yeah great we had dinner yeah i
know right okay i was very drunk days i went out with a lot of people for dinner but those who
don't know i mean tom we've molded him and shaped him into a far better person when we met him he was like I'd say the only
person I can think of is Captain Raymond Holt from Brooklyn Nine-Nine who's got no
idea of sarcasm or jokes or or anything like that everything's very literal everything's very
very on the on the nose so I'm glad he's not like that anymore.
Anyway, Geoff, how are you?
How's your week been?
I'm great.
Now you've got me thinking about memory lane.
I'm going to be coming up with these little Tom stories all through the episode.
Oh, dear me.
No, I'm great.
I'm glad to be back in where I rightfully belong as the King of Bel-Air on the Host Unknown podcast.
Last week I was off and then I downloaded and listened to the episode and I thought Carole done a really good job.
She was actually a bit too good. She brought a bit too much intellectual thought to the podcast.
You were kind of like messaging to try and remind us who you
were weren't you you got a bit needy on there after the podcast you had out you got a bit
needy on that yeah i mean i'd like to say we missed you
listening to the podcast without being a participant on it i actually enjoyed it a lot more yes because
otherwise when you listen to it when you're on it yourself you're always very critical of yourself
or the transitions about oh this didn't match that i should have said this but when you sit
down and listen to it as an audience member um you know you i i really enjoyed it so now i know
what all of our listeners um get out fit you You're welcome. When you listen to it after the editing magic has been sprinkled over it.
Yes.
There's very little editing that goes on in this show.
Well, there is normally.
Last week was a hell of a beast because we had a few technical problems
that for once were not my fault.
But, yeah, we had a few technical problems.
And, well, I sent you guys a picture of the editing, you know,
the garage band that I edited in.
And it was, God, it looked like it had been hacked with a knife.
Yeah, the one that was stretched across two ultra-wide screen monitors.
That's right.
It's me trying to put to put you know stitch it together
multiple timelines is that you know as we're trying to take out andy's sort of delay and
stuff like that oh speaking of multiple timelines have you guys been watching loki
if you haven't you start watching it is so good i've yet to watch this week's one because i want
to watch it with my boy because he comes out of isolation on Saturday
night, so we'll be watching it
Sunday or Monday. So basically, what happens
Tom?
It's alright, you can
tell me because I'll just take it out in the edit.
Okay, cool.
How was your week anyway, Tom?
Yes, very good. My
isolation ended on Wednesday
and I celebrated by going shopping. So that very good. My isolation ended on Wednesday and I celebrated by going shopping.
So that was good. I actually ended up buying my daughter some shoes.
So, you know, shopping nonetheless. So, yeah, it was very good.
It was very good. I don't think there has been much of a highlight, really.
But apart from not having to stay inside this very small flat
and considering walking to the bins a day out.
Good times.
Yeah, yeah, absolutely.
So what have we got coming up for you today?
Well, this week in InfoSec takes us back to simpler times
when hacking groups had monocles, of all things. Rant of the Week looks
at shithousery of the magnitude we've come to expect from EC Council. Billy Big Bulls is a
story of two brothers who said, we got hacked and we'll be right back, two months ago. Industry News
brings you the latest and greatest InfoSec news from around the globe and tweet of the week will not be taking questions.
All right, then let's move swiftly on to.
This week in InfoSec.
So I love that tune.
And I noticed that on the Smashing Security podcast,
they actually added that music in at the start of their show.
Obviously, you don't hear it on the show, but they added it in post-edit,
which was nice to hear.
I think it's sort of like a little nod to the Host Unknown podcast.
Do you know what?
I'm looking forward to when they get sort of more technically capable
that they can just do stuff live.
Yeah, fantastic.
Rather than just you
know editing completely in post so it's that part of the show where we take a stroll down infosec
memory lane with content liberated from the today in 19th of june 1987 and the first summer con hacker
conference was held in saint louis missouri um run by the hackerzine frack now this is still going
strong now the 33rd um event took place virtually last last year with in-person attendance returning to New York
next month. Do you know what the attendance figures were for that or even are for that?
I've never heard of this. No. Well, so this is the funny thing. This is why
I raised it because I've included links in the show notes, SummerCon and, you know, a backstory from Hackerstory.net.
But certainly the early events, I think it was around about the 90s.
They say they got big in the early 90s when they sort of hit 200 odd attendees.
But it's obviously grown since then.
But, you know, for perspective, DEF CON started in 1993.
So it's six years younger than Summer CON.
But as you say, I had never heard of this conference.
And I consider myself someone that's been around, you know,
in the early days.
I was on social media a lot.
I certainly followed a lot of the industry events
but somehow missed this one altogether um yeah dumbo con is considered by some as the
seminal event which all other conferences are modeled on um certainly in the us
um but it was founded at a time when obviously interactions between hackers took place on bbs's
um you know shout outs and tech files or greets,
uh,
telco voice bridges and,
you know,
commentary between crack and 2600.
Um,
and this event was put together to change all of that and have this sort of
real in-person meetup.
Um,
so obviously informal gatherings of hackers was nothing new in the eighties.
It was already happening across the country.
Um, and certainly the European scene was far more organized um and i mean you guys know what
separates us from the animals right yeah the atlantic ocean the atlantic ocean exactly that
yeah so back then obviously the groups like chaos computer club um they had started their annual
congress i think it was 1984 they're berlin
weren't they chaos compute they were yeah so i mean there's various theories about why europe
was far more organized um you know than america back then and it's quite a deep you know sort of
backstory so i've actually put a link in the show notes if you want to follow that but it's far too
much to cover here um so anyway you know these sort of large-scale meetings complete with technical demonstrations such as you know the ccc oh actually it's hamburg back then uh in 1984 yes hamburg the first one
um and although you know the american scene was active during that period they didn't do the
physical meetings um you know for whatever reason but something obviously happened in the summer of 87 um because of june of that year 2600 did their first
meet up in new york city um and then it was two weeks later in saint louis that you know this
group of people got together um you know all arranged by their sort of bbs boards and you
know through their frac profiles and they met at one of the international best westerns um you know in this manner to sort of advance the way
that hackers got got together um and thus the first summer con was was born and it set the stage for
you know all the subsequent hacker conferences that came in its wake um you know including the
likes of pump con hoho con uh def con and uh hope um you know which still sticks to that sort of
same formula um and the organizer
you know their main mission they said they obviously wanted to foster that sort of physical
interaction of hackers but mostly uh you know if the reports from the early editions of fracker
to be believed um the main agenda was just to have a good time um so it was always about forging
friendships um because you know they said that's how, you know, real dialogue and information exchange happens.
And so there's obviously a lot of technical talks, you know, that first summer con, lots of technical discussions.
You know, it's kind of informal, ad hoc agenda, freeform.
And if you take a look back at the sort of keynote speaks you know the big events at the time
bbs's fiber optics uh methods for blowing 2600 hertz um you know what the what the sort of big
attractions of that day um and as you can imagine with all sort of uh you know stereotypical
conferences with you know sort of hardcore techie people um apparently they did have a hard time
getting started because obviously the social interaction was a bit awkward um but i mean
obviously understatement though right but you know because everyone had that sort of technical
background um you know these technical discussions got people talking which led to drinking which led
to partying and then ultimately um you, everyone sort of built friendships, which just, you know, lasted.
And that's kind of how a lot of cons have worked since.
But, I mean, yeah, there's actually a huge history to this conference.
You know, number, SummerCon 88, you know, the following year,
more technical discussions, you know, more attendees.
But it turns out that there there there's an attendee
called dale drew who went by the hand of the dictator um he was actually an informant working
with the secret service um and so he helped the government uh sort of videotape proceedings through
his uh like hotel a two-way mirror in his hotel room um and that evidence was actually used to
indict the conference organizer a guy who went by the
name of night lightning um the frack founder himself craig needoff um so i mean wow yeah i
mean it's i did not realize how this sort of all came together in the pack but obviously the the
whole fed thing you know became a big thing at conference um summercon actually called it hunt the fed um probably more commonly known by defcon spot the fed contest yeah yeah exactly and then they
they sort of they became sort of nomads you know they sort of went up and down the country moving
locations trying to avoid you know all the negativity that came with their group uh you
know and trying to avoid attention coming to themselves. But as they moved around, it got more and more famous. So by 95 held in Atlanta,
Eric Bloodaxe and the LOD turned up more people are arrested.
96,
they moved to Washington,
which made it easy for the East Coast,
East Coast hacker community to attend.
So loft came in from Boston,
you know,
guys from Pittsburgh,
New York scene was well represented
um and it just it continued right you know more and more raids started occurring and you know it
got bigger reputation um they tried moving to atlanta they actually took it to amsterdam for a
while um but then all the americans were confused why hotels cost so much money in Europe.
And then, you know, they went back to Pittsburgh, back to Atlanta.
They seem to be relatively settled in New York now, also with the exception last year that was virtual.
But otherwise, they will be celebrating their 34th event next month.
And so what did bowl from this sort of small gathering is now this massive structured conference.
But they say that they never lost sight of their mission,
which was to bring the brightest minds in InfoSec together for the best party of the year.
So there you have it.
Nobody's ever heard of it.
Yeah, the longest running hacker conference
that you've probably never heard of.
I wonder what it was that around about the sort of late 80s, early 90s,
that these things started to kick off.
If there are sort of like external forces,
like the cost of renting hotel conference rooms went down dramatically
or, I don't know, the feds artificially reduced the cost of transport
to allow the hackers to get there or i don't know
the maybe deodorant prices went down massively no i think it's a lot simpler i think it's just
down to the uh the bulletin boards and i ask it all up just communication became a lot easier so
to organize or coordinate these things just became a lot easier and so you had people turn you know be able to say
oh let's get together here and 50 people all can turn up there and like hi i'm sir jester you must
know me from twitter i'm a big big thing so yeah the social awkwardness definitely there yeah
absolutely so yeah i mean it's obviously uh you know in that era is um you know the sort of uh anti-establishment
and sort of punk era um yeah you know going on as well so it kind of you know encourage people
to sort of get together and share beliefs um but yeah an interesting one i can't believe i've never
heard of that one how many people go to it now do you did do you have you got those figures uh i don't but i will uh have a look and
uh come back uh on that one um so the second story i was going to talk about actually isn't that old
at all it seems just like yesterday it was practically was basically it was 10 years ago
on the 20th of june 2011 the can i just say when when you reach a certain age is when you say that 10 years ago was just yesterday, really.
I'm just saying, Andy.
Since I hit my 30s, this is how I feel.
So the earliest attack of Operation Antisec was performed by LULSEC against the UK's Serious Organised Crime Agency.
So Operation Antisec, also referred to as operation anti-security
or just anti-sec uh it was basically a series of hacking attacks performed by members of the
hacking group lolsec um and anonymous um and as mentioned you know the the earliest one of this
particular project was against soccer um and then soon after they released information taken from
servers from the arizona department of public safety uh more and more information was released but i think rather
than going into it detail now over the coming weeks we'll be able to tie it back because this
is a story that um did it was it was like a nice flurry of activity it dominated media for a couple
of weeks um so i always thought of lolsec as the like the teenage
child of anonymous but they had the uh monocle right and you know their logo had the well
exactly so they were pretentious yes and and they they had slightly fewer morals and they were like
just you know they used to be a little bit more reactionary and stuff like that.
Well, yeah, I don't know.
Maybe that's oversimplification.
But I think there was, you know, obviously their founder did, you know,
he folded like jab getting a legal takedown request or something.
There's a lot more to this story.
We should have a new saying, folded like a jab of cards.
Javad the deck chair Malik.
Yeah.
Oh, he's gone quiet now.
You said you want Carole back.
Quiet.
No, we can't afford Carole.
She does actual work for this thing.
Well, I'm looking forward to hearing that because yeah there was a lot of activity um around about this time wasn't there with lol set etc so it was i'm sure there's going to be
quite literally a story a week from now on it was great i remember working at a banker i was
doing a contract at a banker that time and there were so many people they just they only installed twitter on their phone so they could follow the long sick twitter
account because they would be really boasting about oh we're going to go after this or that
the other and that was their basic threat intel feed for like oh my god they've taken down so
and so or they've ddos this this bank now we could be next. And so what do we do?
And it's like one of those ship movies or something.
It's just you see a massive tidal wave and all you can do is just brace for impact.
That was the extent of the anti-Lulz security controls.
Yeah, yeah.
Or just don't piss them off you know yes ignore us
50 billion a year bank over here we're just a small small bunch of people trying to make
an honest living just a mum and pop shop as they call it oh excellent thank you andy for for this week in InfoServe.
Nice!
So, I think
now is the time for us to say
this.
You're listening to the award-winning
Host Unknown podcast.
Officially more entertaining
than Smashing Security.
In your face!
In your face.
So, yeah, I'm looking forward to hearing what they've got to say about this.
Oh, anyway, let's move on, shall we?
I think this one's me, and it's this week's...
Listen up!
Rant of the Week.
It's time for Motherf***ing Rage!
It's time for Mother F***ing Rage! known as the Duchess of Hackington, not to be confused with the Duchess of Ladywell,
two very different people, or at Alyssa M underscore InfoSec. So some time ago, Alyssa wrote a blog post entitled,
What is a Business Information Security Officer, BISO?
Quite well received, well written, etc.
However, she recently discovered that the EC Council was publishing blogs
that were, in the opinion of a lawyer that Alyssa spoke to,
plagiarized from other security and technology experts,
including Alyssa and her blog, What is a Business Information Security Officer?
The link's in the show notes, obviously,
but of which there is a description of the events that unfolded,
allowing Alyssa to sort of track what happened
and how it happened, et cetera.
But what's more important, I think, and what is very interesting here is
Alyssa then goes on to discuss what they believe needs to be done
to correct this trend, this stuff that's going on.
Because as we know, EC Council has not been, how can I put it?
Moral fluid, I think.
Yeah, morally flexible, exactly.
Or has not enjoyed the greatest of reputations when it comes
to the content it uses, including the use of plagiarized material
for their training courses, you know, unattributed work, et cetera, et cetera.
Allegedly, my lawyers are telling me in my ear.
And so they've even been inducted into the attrition.org's Hall of Fame for,
what is it, Andy?
Errata.
Errata, yes, thank you.
Was it charlatans?
They are, yeah.
Yeah, charlatans. Now, as someone, I remember discussing the work that Attrition did on Errata
with someone who knows him well.
I've not met him, but he tells me that he offers every opportunity
for anybody who gets listed on that, and we'll put a link in the show notes
to Attrition's site here.
But everybody who gets
listed in there as a charlatan or a whatever has many many opportunities to um to defend themselves
and if you're on that list it's because you've either ignored or not been able to defend your
actions effectively so it's a big deal it's a big deal. It's a big deal. But reading the thread, going back to
the points, reading the thread from Alyssa, Alyssa makes some very, very good points.
So Alyssa calls out a series of things and a series of impacts that this has. So for instance,
anybody who's already skeptical of certification vendors
are now using this situation with the EC Council as further proof that these vendors cannot be
trusted. So any vendor out there, and we all have opinions about vendors that offer certification, et cetera, be it IC2, ISACA, whomever else, it doesn't really
matter. This is just grist to the mill for those kinds of arguments that certifications are a bad
thing. So EC Council are basically muddy in the waters for everybody else as a result.
There are even people, for instance,
who have achieved certifications with EC Council and are now disavowing them and not renewing those certifications.
It does remind me a little bit of when, you know,
a few people were burning their CISP certificates on their...
One person.
Was it one person? I'm sure there was more than one person
It's the same picture retweeted
Oh the irony
The irony given what we're talking about
Here
So yeah
People are renouncing
Because they don't want to be
Associated with this
Organization
There's other Organizations and because they don't want to be associated with this organization.
There's other, you know, organizations and universities who've built educational programs.
They're now being forced to put additional effort into fully reviewing
and changing their courses because they can't count on the integrity
of EC Council's contributions to it,
or even they're having to do this extra work just to be absolutely clear that they're not
in this same camp. People withdrawing support for conferences that are being either organized or even sponsored and supported by EC Council.
I mean, it's just having a horrible effect all round.
And I think we talked about this a little bit when we mentioned Crest and the reports that was done into,
or the investigation that was done into the, was it NCC having insider information on how to pass
Crest exams, et cetera.
Cheat sheets and stuff.
And Crest carried out an investigation and said,
oh, but we can't make it public, which just kills all public confidence
into that organisation in the first place.
And, well, if nothing else, it gives us something to talk about.
But it's a similar kind of thing.
well if nothing else gives us something to talk about but it's a similar kind of thing so you know i would you know ec council is really run you know on on thin ice here at the moment i would say
it's a fascinating story like trainers as well you know that make their job yeah
sort of reselling this material uh or you know teaching this material like people that genuinely
believe in the um you know not
necessarily the content but you know the idea behind what they're learning and sort of just
teaching that skill set um yeah it doesn't necessarily say that the content is wrong or bad
but it's not their content yeah yeah no that's right that's right and you know what it's
they've had such a long history of of screw-ups on on attrition site
the earliest um case of plagiarism recorded against them was in back in 2011 so it's been
over 10 years yeah that you know and the the thing that really gets me it's just like the recent
accusation when they screwed up and they were they they
launched that really sexist why can't women work in security because they deserve belong in the
kitchen that kind of thing i'm paraphrasing but you know this just shows a company that's so out
of touch it it's it's just only interested being a paper mill certification. That's all they're worried about.
And they plagiarize.
They lie.
They steal.
They have no morals and ethics.
They're pieces of shit.
That is what it boils down to.
You can go on their website and there's a code of ethics.
Oh, my God.
There's a code of ethics.
And number two says, protect the intellectual property of others by relying on your own
innovations and efforts, thus ensuring that all benefits vest with the originator.
You know, you're just talking out of both sides of your mouth, EC Council.
You have no morals.
You have no integrity.
Shame on you.
And the problem is that whilst some people will look at these things
and want to disavow or distance themselves from it the the unfortunate fact is that they're so
big now with their ceh and what have you um there's so many people they're just gonna stick
with it or stay with it or think they have no alternative or they've studied hard and they've
got that certification and you know they they don want just, they're not in the position to just throw it away and say, hey, just hire me on my merit.
Yeah.
I mean, this is a leadership issue.
Let's not beat around the bush here.
Leadership has to absolutely, you know,
show that they can investigate this fully and properly
and get rid of this reputation that they've got you know and that may take they're
not going to do if you read these statements by jay bell sunny or whoever the ceo even in the
previous uh most recent incident even this one it's so wordy it's so slopey shoulders he should
be just renamed teflon because written by lawyers basically yeah exactly it's just all like oh it's someone else it's this we're having a look internally if anyone
was offended you know it's all that kind of stuff it's just pure hypocrisy
i should breathe yep well i think he did a better rant of that than i did so uh yeah anyway that
that was uh this week better rant of that than I did. So, yeah, anyway, that was this week's...
Rant of the Week.
I hope we don't get any lawyers' letters as a result of that.
Mind you, we'd assume that people from EC Council listen to this podcast.
So if you do EC Council and you want to sponsor us in an effort to clean your…
Do you want to white label our podcast?
Yeah.
Yeah, come and sponsor our podcast and, you know,
give you an opportunity to redress the balance whilst also spending thousands
and pounds of your money on the three of us.
Well, you know, a few years ago they were spamming bloggers' comments section
and promoting EC Council in that.
What?
They were doing that.
They paid.
No, they weren't doing it.
They paid a company that acted unethically.
Oh, plausible deniability.
Yeah, you know, whatever.
But there were so many comments that, you know, you would see that,
oh, this is a great article.
I learned so much by
doing the discourse from et council and what have you so um so leave a five-star review on itunes
for us and you you can happily put whatever you want but as long as it's a five-star review yeah
like and review like like and subscribe it doesn't matter if the judges were drinking
host unknown was still awarded europe's most
entertaining content status it's very true it's very true right let's move whiskey playing that
one after that last section i'll tell you
jav i think it's over to you yes so we we live in a technical world and it's a capitalist world so people are always worried about money going missing but i'm going to turn the focus on to
south africa and unfortunately two brothers who have their own startup um race and amir keiji who are 21 and 17
years old very young guys they've gone missing um so and while the media has been focusing a lot on
their business and the money and everything i genuinely hope that they get found safely
and are returned to their family
so here at hosts unknown where we are concerned for your safety race in amir try to get word out
your family's very worried the authorities are looking for you um if you're safe if you go to
host unknown.tv there's a donate section there so if you can't talk freely donate some money there and we'll know that you're safe
exactly exactly the higher the amount the more more rapid the response will be the safer we
know you'll be yes yes or download the the uh uber for military app the mercenary app that the u.s
army is and call in an airstrike yeah yeah so another way of looking at this
is these two brothers
they had this
startup
called AfriCrypt
which is a bitcoin
exchange
very clever
so young, so clever
and they sent a message to their They did the exchange. Yeah. You saw a very clever, very, you know, so young, so clever.
And they sent a message to their their their customers saying we got hacked and we'll be right back two months ago.
Right. But what they also they also said they're trying to recover the money and that if investors please don't contact the authorities and that as that will only delay efforts to recover the money
so basically give us a head start right yeah that's right that's right yeah yeah so you know
evidence is now being pieced together that strange things started happening at AfriCrypt back in November.
They started having investors.
Investors couldn't get their statements and strange transfers started to happen.
And so it was on April 13th that they sent a message to all their clients saying,
oh, our wallets and nodes have all been compromised and we're working on it.
And this is when they said, please don't contact authorities. It's just been a delay.
About the same time, the two brothers dropped out of communication
with their extended family.
And after that, you know, it just sort of they're damn kaiser sozies you know before that
they had a flashy extravagant lifestyle um one which maybe you'd think couldn't be funded by
humble startup but you know so could they have been living at large with money stolen from investors
or perhaps more likely they just invested in crypto
early on and they were just reaping the benefits which is what i like to believe um the family
doesn't know spin on this story there the family doesn't know we don't know maybe they got caught
up in some money laundering for criminals maybe someone got jealous of them and tried to kidnap
them you know and maybe they just genuinely got hacked and they're scared that the investors will come for them.
So being kids, they might have just gone to Dubai or something and hidden out on, you know, the penthouse in the Burj or one of those big towers.
But how much money are we talking about here?
So it depends on when
so i think at the time it might have been 3.6 billion dollars jesus it's probably 2.2 billion
dollars now and next week it'll go up to 5 billion dollars so it depends yeah and this is what i mean
money comes and goes it's only money but life isiceless. And for two such young people who've got such a long life ahead of them in jail.
I mean, they just got such a long life ahead of them.
So they basically have at least a billion dollars each. Right.
And yes, in Africa, that is some good money.
What makes you think they're still in Africa?
Well, I don't't anymore to be honest you know
i think they've clearly that kind of money can buy you a lot of plastic surgery a lot of false
passports and a lot of private jets that don't register their flight plans yeah yeah yeah they
will probably so you know you think like the usual suspects are like Dubai or China or something like that.
It's very easy to go there. They're probably going to turn up in Surbiton or somewhere.
Most likely, most likely. In two years time, you're going to see like two brothers who look familiar.
They're going to own a football club in London somewhere.
But, you know, this is the problem.
You know, I saw this and I thought, you know,
it's so easy to complain about all the regulation
that financial services have to go through
and it's just like box ticking and this, that, the other
and money laundering checks and, you know.
AYC and all that, yeah.
You know, all that kind of stuff.
But then you see something like this happen and you think,
you know what, that might not be a bad thing in entirety.
But this is, I mean, basically what's happened here
is that the head of the Ponzi scheme has done a runner, right?
Or the two heads of the Ponzi scheme have done a runner.
It's just a digital version.
I don't think they're too fussed at the moment.
I think when you look at your bank balance and it's got over a billion dollars in it,
your judgment's kind of different.
You look at life differently.
Different life value proposition.
Yeah.
Wow. different life value proposition yeah wow damn well i might be able to partially fund my apple um addiction with with that amount of money so the question is uh how long will it be before
they're found in a flea market in charger or are they going to go completely db cooper
only time will tell who Who's DB Cooper again?
The one that jumped out of the plane, wasn't he?
Yeah.
Oh, from Loki.
In America for the 70s or 80s, he hijacked a plane with money,
he jumped out.
That's right.
And he was in Loki, wasn't he?
Yes.
Because it was Loki.
They did play that, yeah.
I actually, my son had to explain that to me because
i'd never heard of db cooper before what yeah never heard of him never heard of it what kind
of university do you go to what's your education clearly not a polytechnic no no because graham's
far more intelligent than me i'll tell you what the first time i actually heard the name db cooper
that i can remember was in a Kid Rock song.
He mentioned him in his lyrics and I had to look him up as to who he was.
That's going back a bit.
Well, I have to say it's been a week of learning for me.
So there you go.
There you go.
Right.
Excellent.
Thank you, Jav, for this week's Billy Big Balls of the Week.
So Andy,
what time is it?
Because I think it's time for something, isn't it?
It is. It's that time of the show where we
head over to our news sources over at the InfoSec
PA Newswire who have been busy bringing
us the latest and greatest security news
from around the globe.
Industry News. Novel phishing attack abuses Google Drive and Docs. Industry News. Google spices up supply chain security with SLSA framework. Industry news. Nuclear Research Institute breached by suspected North Korean
hackers. Industry news. Finger scanning costs six flags, $36 million. Industry news. SEC probes
solar winds breach disclosure failures. Industry news. NIST publishes ransomware guidance.
Industry news.
Nuisance call company fined £130,000 after eight-month blitz.
Industry news.
Antivirus pioneer John McAfee found dead in Spanish prison cell.
Industry News.
Google pushes back cookie removal plans to 2023.
Industry News.
And that was this week's...
Industry News.
Huge.
If true.
Holy moly, John McAfee.
Huge if true.
That's a shock.
That's a big one.
It is.
They're saying it was suicide.
Everything he said that would never happen.
Everything he said that he would never do.
Yeah, he suicided himself with six shots to the back of his head, I heard.
Yeah?
Jeez.
I just find that, you know, for somebody who's such a bon vivant,
but such a larger-than-life character,
you find that really difficult to...
He was a controversial character,
for sure. Yeah, of course he was.
Of course he was, and I think he played up to it.
I think he played up to the
controversy more than he actually was,
although, yes, he was definitely controversial.
But I just...
I find it very hard to believe
that someone like that would end up taking
their own life in a Spanish prison cell.
Yeah.
Just before he was about to be extradited well that's the weird thing because if he's about to be extradited
then you know it's why why off him so was it suicide this is this oh god it's almost like
this is a real news story well i mean in uh was it october 5th uh oct October 15th, 2020, he actually tweeted,
I am content in here.
I have friends.
The food is good.
All is well.
Know that if I hang myself a la Epstein, it will be no fault of mine.
So was he in a Spanish prison then, in October?
He was, yeah.
He's been there for a while.
Has he?
I did not realise.
Since October, I think, he's been in the Spanish prison
awaiting, you know, judgement on whether he'll be extradited or not,
and that came through a few days ago.
God.
But, yeah.
I mean, you've actually met John McAfee, haven't you?
You did a video with him.
I know.
I looked at your timeline.
I noticed you didn't jump on the bandwagon, like, you know,
with a photo of you with him sort of promoting anything.
No, I said, I sent the video. Yeah, I sent that video link to a couple of friends internally.
But yeah, you know what? I don't like a speaking ill. I don't like speaking ill of the dead.
And secondly, you know, it's one of those times where everyone comes out the ward
work saying oh he's the best friend and here's me and and there's some genuine people in there who
have this stuff to say and it just felt like if i were to post a picture or a video link on
publicly to me and john mcafee then it would just seem like oh let's try to get some self-promotion
out of his death which i would do if one of you two died absolutely in a heartbeat but not not for john because not so many people would be worried about
that no no but uh but you know what i met him he was a really nice guy he was so so good to me and
i know a lot of people have bad things to say about him and the hatred is there and everything
and i'm sure that's justifiable but i can only go on what my interactions were and and like I said I don't like talking ill about the dead but he was
really good he he when when I done the interview with him I said to him look I don't really do
interviews properly I said like do you mind just having a bit of fun with it he goes yeah yeah I
said look let's start off and I'll introduce you and I'll pretend to forget your name. Yeah. And he goes, oh, he goes, oh, that's perfect.
And he seemed a bit high at the time.
He was like jumping and sniffing and spilling water all over the place.
But he was like, that's fine.
Let's go for it.
He let off a big laugh and he was like, yeah, let's do this.
Let's do that.
He didn't look like he had an ego, I have to say.
No, he was just a genuine person.
And then so afterwards, i was actually talking to
him about you know media perception and and personal brand and everything and he he was like
yeah he didn't go as far as to say yes what i do is a is an act or a character but he goes look
you you cannot underestimate the value of having a a face that you put out to the world and, you know,
market yourself and put things in.
He goes, sometimes that's for the right, for the wrong reasons,
or what have you.
But, you know, I think he believed that, you know,
there's no such thing as bad publicity and you need to manage that image.
And I think that's, you know,
that's a valuable lesson in today's social media world.
Yeah.
Yeah. very true.
Very true.
You know, you sent a copy of that video to us
because you weren't concerned about showing off
about your friendship with us, obviously.
But he seemed to really enjoy that interview
and he came across really well in it, I thought.
He seemed like a genuinely
nice guy he was indeed i'll say this i don't know whether it's in bad taste a couple of the tweets
or not but there were a couple that um did uh raise a smile to my face i'm sure john mccaffey
would appreciate it you know i think he would appreciate them there's uh yeah one from the
dprk news service,
which said John McAfee had been placed into permanent quarantine pending deletion.
Little AV joke there.
And Graham Sutherland saying, well, that's one way to get out of eating your own dick.
Did he say that?
I'll eat my own dick if I get offed.
Yeah, I mean, timely.
It was harsh.
I'm sure it's certainly a character that we're going to miss.
There's a link in the show notes,
how to uninstall McAfee antivirus in his own words.
And I think, to your point, Jav,
about playing up to a character and all that sort of thing,
that's exactly what this is.
You know, and it's got him, you know, sniffing questionable white powders
and having lap dances and all that sort of thing.
And it's a little bit cheesy.
It's a little bit, you know, wooden.
But it's funny as hell because it's John McAfee.
It is.
So it's well worth a watch.
And I think the phrase to use is the world is a slightly less colourful place, you know,
without him in it.
Yeah.
Okay.
So that was this week's industry news.
I think we need cheering up again,
all three of us.
So let's listen to this one again and just remind ourselves.
You're listening to the award-winning host, unknown podcast,
officially more entertaining than smashing security.
And yes, we know we played that twice
so andy on to this week's sweet of the week and uh we always do play that one twice sweet of the
week so this is uh not well it could be security related i think um yeah everyone can can relate to this one so i only got into drinking coffee
um in 2020 i think it was uh lockdown was it 20 yeah it's just uh the start of lockdown is when i
first started drinking coffee um yeah just prior to it yes it was i was in um peru at the time and
i had a choice between tap water or coffee.
And so I bit the bullet.
I said, I'll have coffee.
And I never really looked back because that coffee was so good that I've just not been able to replicate it.
So I bought a coffee machine since, lots more coffee.
Anyway, this tweet is from someone who goes by the name Ricky Rasputin Fangold Tar.
And she simply says, if you take your coffee with milk and sweeteners, you don't like coffee.
You like hot milkshakes.
I will not be taking any questions.
And I totally agree with that.
Like, I drink my coffee black straight up.
And it is the only way to drink coffee as far as I'm concerned.
Yeah, I agree.
So what coffee machine have you got?
I can't remember the name of it.
I generally can't remember the name of it.
What method is it?
Do you grind the beans yourself?
No, it's the capsule one.
Okay, okay. Metal capsules?
They are. No, plastic. Sorry capsule one. Okay. Okay. Metal capsules? They are.
No, plastic.
Sorry.
Okay.
Okay.
I just bought myself a brand new coffee machine.
Right.
A Nespresso Virtuo, of all things.
It's really fancy.
Gotcha.
Yeah.
So it actually takes a Nescafe Dolce Gusto.
Oh, I know the ones, yeah, yeah.
So, yeah, lots of different flavours in that.
Like I say, not found the one I'm looking for, but...
What, still?
Still not.
No, I've even purchased Peruvian coffee, and it's just not the same.
And I'm starting to think it wasn't actually the coffee,
it was the sugar that I put in it.
Maybe it wasn't actually sugar.
You mean your hot black milkshake? Yeah it. Maybe it wasn't actually sugar.
You mean your hot black milkshake?
Yeah, and maybe it wasn't actually sugar.
But hey, I could not get enough of that stuff.
I went from drinking no coffee at all to about eight cups a day.
And you never looked back or forwards or left and right more often than before
yeah but i was so on it that week though you know while i had so much focus i was getting so much
done yes i say you were you on any of the mcafee john mcafee coffee yeah now that man knows how to make a good coffee, you know.
Yeah, he uses that powdered whitener, doesn't he?
Yeah.
Yeah.
That's right.
That's the one.
Oh, dear.
Well, I can tell your time on smashing security is rubbed off because your pick of the week this week was not a security story.
Yeah, and it was pretty weak, like the coffee you drink.
Excellent. Gentlemen, thank you very much for your time this week.
Good to be back.
Eventually, yeah. We've had our technical problems again, but we got there.
We got there in the end.
So, Jav, thank you very much um got anything
planned for the weekend no i forgot it's a weekend tomorrow actually even though we've been doing this
on friday for the last nine months i know as you were wrapping down i started looking at my calendar
and my mind started going to oh i've got a meeting in like 15 minutes and then I've got, you know, two deliverables today
and every so I was just like switching off from the podcast
and into work mode.
I did think there was a little bit of a delay,
but don't worry, folks, I'll edit that out.
Yes, good, thank you.
So, Jav, thank you very much for this week.
Thank you.
And Andy, thank you very much.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
r slash Smashing Security.