The Host Unknown Podcast - Episode 94 - Lost Sole Founder Reward If Found
Episode Date: February 25, 2022This Week in InfoSec (11:37)With content liberated from the “today in infosec” twitter account and further afield23rd February 2005: The discovery of the first mobile phone virus, Cabir, is accoun...ced. Specifically, Cabir is a worm which infects phones running the Symbian OS. Whenever an infected phone is activated, the message “Caribe” is displayed. Infected phones also attempts to spread the virus through Bluetooth signals. Billy Big Balls (21:51)https://nypost.com/2022/02/24/ukrainian-women-say-russian-troops-are-flirting-with-them-on-tinder/From Russia with lust.Russian soldiers poised to invade Ukraine have bombarded women on the other side of the border with Tinder messages Tuesday, according to the Sun.Dasha Synelnikova’s app lit up with matches from soldiers named Andrei, Alexander, Gregory, Michail and “Black” some 20 miles away, the report said.“I actually live in Kyiv but changed my location settings to Kharkiv after a friend told me there were Russian troops all over Tinder,” Synelnikova, a 33-year-old video producer, told the outlet.Many would-be paramours reportedly flirted with treachery as they gave away their military positions while forces assembled north of Kharkiv prepared for what appeared to be an imminent attack, according to Ukrainian military intelligence officials.“One muscular guy posed up trying to look sexy in bed posing with his pistol. Another was in full Russian combat gear and others just showed off in tight stripy vests,” Synelnikova told the British paper. Rant of the Week (28:57)A War in Europe Is Being Documented One Social Media Post at a TimeThe rest of the world watches Russia's invasion into Ukraine through the lens of Twitter and Tiktok. Industry News (35:28)Banking World Rocked After Leak Exposes 18,000 Credit Suisse AccountsTeen Framed for Cybercrime Files LawsuitUS Receives Ransomware WarningEU Deploys Cyber Response Unit to UkraineOfcom Set to Crack Down on Phone FraudVishing Makes Phishing Campaigns Three-Times More SuccessfulNonprofits Form Cyber CoalitionWMATA Twitter Account HackedUkraine Attacked with ‘Wiper’ Malware Tweet of the Week (44:10)https://twitter.com/dcuthbert/status/1496935547171835911 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Who have you got playing the part of Jav this week?
The Jav AI.
It's going to be a quiet show then, isn't it?
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening
from wherever you are joining us
and welcome to episode 94-ish of the Host Unknown podcast.
98 already.
Welcome one and all.
Indeed, we are just a mere month and a half away from our centenary.
A mere two weeks away.
Exactly.
Do you know what?
I keep meaning, every week we record,
I keep meaning to go back and count every single episode
and go back and make sure.
I just almost...
Lose the will to do it, right?
The moment I hit publish, I'm like, done.
I am counting the unpublished episodes
which we have awaiting you know sort of major life events uh yeah there's only one though
there's only one uh oh yeah you don't know the one about your death do you
or the one about your death. Damn.
So we're like episode 99 then.
Yeah, it's right.
It's right.
We would be at 100, but we just couldn't be bothered to do one for Jav.
Oh, dear.
He's been dead to us for months anyway.
Anyway, how have you been, Andy?
Not too bad, actually.
Well, I'll say not too bad.
It's been a crazy week, right? Not just here, around the world.
Obviously waking up to the, you know, one day we're joking about World War III
and the next day it started.
It's World War III, yeah.
Yeah, and, you know, those memes about laughing at memes about World War III
until midnight, then suddenly the sun comes up.
Yeah.
It's actually not as funny as it was uh you
know a week or so ago no no exactly but but you do get a good suntan uh indeed for that for those
brief three seconds you're still alive yeah exactly exactly yeah yeah wow it has been a weird week
isn't it yeah well i'm surprised you even know about what's going on because you've been working so much.
Well, I have that, but we have a lot of clients.
So I'm going to tell you about something.
So third party management, right?
Supply chain management, vendor management from a security angle, right?
You know, not about the procurement contract type thing, but, you know, from the security control space.
right you know not about the procurement contracts type thing but you know from the security controls piece so i deal a lot with those queries from um you know clients big strategic clients the big
sort of banks and um you know governments and things like that and i've seen a huge maturity
in their processes over the years and certainly in recent times the level of information they are asking for is now just ridiculous.
Yeah.
And I think there's one I mentioned to you about a particular financial institution in the US who is wanting to know which patches we have applied.
They sent a list of vulnerabilities in the correlated CVs and they want us to confirm whether or not they're patched.
It's like, you know, one, who are you?
What are you going to do with this information?
Yeah.
You know, the fact it's signed by a URI or, you know,
this is, please send information back to myself and Vlad.
To compromise. Yeah, fsb.ru
yeah it's uh i mean cover like if you guys manage these type of uh processes just be realistic about
what you're asking for and why we should trust you with that information. You're outsourcing these services for a reason
or you're buying these services for a reason.
It harkens back to that story we covered a little while back
about people who maintain APIs and little black box pieces of code
in their own time, out of their own free will.
And now being hit with these,
you must supply us with this information on the security of your product.
No, you're not even paying me for this, let alone anything else.
And I love it.
I think the bigger the institution, they're like,
please provide this information within the next 48 hours at the latest
yeah it's like um you realize we're a multinational you know yeah multi-billion dollar
company right i don't even know what service you take from us yeah let me look at a catalog of
17 000 services it's gonna take me 48 hours to even know who you are yeah what you do you know
salesforce just isn't that good you know much as people think it is it's there's a lot of
information around that needs looking at yeah but yeah i digress so this is this is why i know what
you know what's been going on yeah and also we do have a very good threat intelligence team so i
will give kudos to them you know what's going on it's something to do with russia right exactly as i understand ukraine are um getting aggressive
with russia they've invaded uh something like that to take some land back which belongs to putin
and filled with nazis as well yeah putin was trying to uh be a peacemaker for as long as possible
um i think they pushed him too far.
He actually said the denazification of
Ukraine. Did he really use that
language? Yeah, he did.
I say he did.
I read a quote on social
media about
him saying that. So it must
be true.
I noticed the UK
government is pushing for Russia
to be kicked off the SWIFT payment system.
Yeah.
How are they going to get their funds?
Yeah.
This is the thing.
When you start unravelling it,
who's actually going to suffer more from this, right?
All these oligarchs and multi-billionaires in the UK
and the US that are funding companies.
Is he going to be puting with his gold reserves and his 10-year plan that he's had in place for a long time?
You know, or Johnson and his monthly stipends just suddenly drying up.
Yeah, Carrie's not going to be happy with the latest renovations.
No. Someone else is going to have happy with the latest renovations. No.
Yeah, someone else is going to have to pay for them.
No, exactly.
It's going to be very austere is all I can say.
Well, Les, how's your week going?
Yeah, not bad.
Not bad.
Been applying for plenty of jobs.
Earlier this week, I'd been troubleshooting a Synology NAS,
of all things,
for a photographer friend of mine.
And Synology support are dreadful.
Absolutely dreadful.
So, yeah, I'm surprised.
I'm surprised.
So, yeah, it's been a challenging week
from that perspective.
So, yeah, it's Synology Drive NAS that basically drops the network connection
every time you look at this particular – well, not particular file,
any folder that's got large individual files in the thousands,
which is kind of like what a NAS does, right?
Right.
You know, these files, they're images.
They're between 30 and 50 meg each because they're raw images.
I think one folder's got 10,000, another folder's got, you know,
8,000, et cetera.
Worked perfectly and then suddenly doesn't.
And it's kind of like, well, the response was,
maybe you're asking too much from your NAS.
What, to save files
and deliver them back to me on request isn't you know the dictionary definition of a nas right
oh dear so yeah they've got a solution or is it um no not yet not yet he's asked me the same
question three times and i've said three times have you tried rebooting it oh geez three times, and I've said three times. Have you tried rebooting it? Oh, jeez.
Three times, so I say, no, that's not what I've done.
That's not what I've done.
I've done this.
Okay, but what about the device that you connected directly to?
No, I haven't connected a device directly to the NAS.
Okay, understood.
Well, they need to do more troubleshooting.
But what about the device that you connected directly to the NAS?
Oh, Jesus Christ.
Brilliant.
So, yeah, it's been frustrating.
Been frustrating.
But, you know, who knows?
Tech support could be coming from Ukraine.
I don't know.
Well, I bet their support team's like,
God, I hope Tom just gets another job right now because we can't keep dealing with this guy.
When he's got spare time, he's a nightmare.
Oh, yeah, yeah.
And that's just applying for goddamn jobs. That's yeah. Yeah. And that's just
applying for goddamn
jobs.
That's painful as well.
I knew that would get
you started.
Oh, my God.
Oh, my God.
Enough of the
application forms,
you know, finished
off with and now
upload your CV
and give us your
LinkedIn, you
know, address.
It's like, seriously, I'm filling in all of this.
I'm copying and pasting from my CV into here,
and now you want my CV.
Why?
What does it do?
I don't understand what these workday
or whatever these applications are for job applicants.
Why do I need to individually put in, you know, role of job one,
dates of job one, details of job one, role of job two, dates of job one?
Why do I need to do that?
What does the application give them that a CV doesn't?
I don't get it.
These are just packaged solutions which they've got in-house, aren't they?
And it's like these fields are the most commonly asked for fields
deployed out the box.
Yep, exactly.
I actually gave up on one job.
I just thought it wasn't worth it.
It wasn't worth it.
It was so painful.
And then there's others that are just like easy apply, dunk,
upload everything from LinkedIn and attach your CV if you want.
Why am I not doing, why is people not doing this?
Yeah.
You know?
Explain the reasons why you want to work with this company.
So I can feed my children joined up meat under a roof.
You know?
Anyway, that was this week's Rant of the Week.
Rant of the Week.
Exactly.
Shall we see what we've got coming up for you this week?
So this week in InfoSec mentions the word symbion,
which will evoke different thoughts depending on your age.
I'm interested in this one.
Billy Big Balls is a Billy Blue Balls
from Russia with lust.
Rant of the Week is the documentation
of World War III
in only the way that tweenagers can.
Industry News brings us
the latest and greatest security news stories
from around the world.
And Tweet of the Week tells us it's time to update those LinkedIn endorsements.
OK, so now let's go on to our favourite part of the show, the part of the show that we like to call...
This Week in InfoSec.
In InfoSec.
And I will just clarify, this is our favourite part of the show because of that jingle, right?
It's nothing to do with the content.
We all love that royalty-free music.
Oh, yeah.
It is that part of the show where we take a stroll down InfoSec memory lane
with content liberated from other people's artifacts, archives.
What was I going to say? Archives.
And so our story this week, and you know, I should clarify because you said it's, I initially, when I wrote that show and show notes about the Symbian,
I thought, oh, that's a funny name because it's also the name of a sex toy.
What?
Is that when you put your phone on vibrate?
Is that what you mean?
It's not.
I got it confused.
With the Symbian.
Like that big saddle, yeah.
Yeah.
Sorry, no, I have no idea what you're talking about.
Yeah.
So he's pushing his further under the desk with his feet.
So that's what I was getting confused.
And I've always thought that that was the same name.
And I always thought, oh, that's funny that it's the same name.
But alas, I digress.
But alas, I digress.
Our first story takes us back a mere 17 years to the 23rd of February 2005 to the discovery of the first mobile phone virus, Kabir,
when that was announced.
I have no recollection of this.
So specifically, Kabir was a worm infected phones running the symbian os
and then whenever an act uh an infected phone is activated the message carib is displayed
yeah carib and then the infected phone also attempts to spread the virus through bluetooth
signals um god if if a virus could get Bluetooth to connect to, you know,
give it to 2005, if a virus could get a phone to connect to another phone via Bluetooth, then well done virus,
it deserves to propagate.
So I will clarify, okay, so this virus was not in the wild.
It was actually sent directly to all antivirus makers
by the person that uh created it
um just to show that it can be done uh and then they'll see that that spawned a whole
load of uh av software for mobile phones right that's proper responsible disclosure there isn't
it it was yeah and i don't know the purpose of it or why they did that um and i can't even give
the credit to who did it um because i kind of got hung up on the whole Symbian company.
Your research stopped as soon as you entered Symbian
into your search browser.
Yeah, I forgot the M.
But it's only because – so Symbian really sticks my mind
because it was described as one of the most successful failures
in tech history because it dominated the mobile phone world,
you know, mid to late 2000s.
Was it the Nokia one, Symbian?
It was, yeah.
So it's basically on hundreds of millions of handsets from Nokia.
It's when Nokia went colour, basically, wasn't it?
I don't know if that was it, but yeah, it was around that time.
But to put it in perspective, like in mid-2007,
which is when the iPhone was first launched,
Symbian was the leading mobile operating system on 65% of the mobile market.
Holy moly.
And at the same time, one in every two phones sold worldwide
had the Nokia logo on it.
How the mighty have fallen.
I know.
They were literally the top-selling phone operating system
across the world until 2010.
And then two years later, they just disappeared off the face of the earth.
They moved into uh
network security products didn't they or network switching and stuff like that and um sort of uh
enterprise telco gear oh what's it i don't know what i kind of thought you know this is harsh
just the death of them was um you know it's kind of. If you think if you're an exec at Nokia or Symbian,
like back in those days, you know, you've gone from your Palm Pilot,
you know, they basically replaced Filofaxes initially
with their Palm Pilots and then going on.
And then all of a sudden they're just nowhere to be seen.
You know, some guy in a black turtleneck is telling the world.
It makes you wonder about Ericsson because they were similar,
but then they partnered with Sony,
and I wonder if that partnership with Sony is what saved them.
So I had a Sony Ericsson phone back then
because the cameras were superior to the Nokias at the time.
Yeah.
As a camera phone, you could get a whole...
Or they even just had a camera.
Yeah, by default yeah um
yeah no it's a long thing but yeah the the security angle i guess it is the 17 years since
a mobile phone virus uh was there but it's not i'm trying to think these days of mobile phone
viruses we see the odd exploit here and there, which causes the device to crash.
So I think iPhone obviously sandboxes everything.
I think Android is probably more susceptible to malware.
But even then, I don't think it's that widespread.
And you get the SMS messaging attacks.
Oh, yeah.
But not viruses as such.
They're just very, very specific and sort of discrete attacks
against certain vectors, right, rather than something
that just like blasts out.
But yeah, I mean, the telco industry generally
and the hardware manufacturers behind it, i.e. the Ericssons,
the Nokias, et cetera, the last 20-odd years has got to have seen more change
than virtually any other industry in a 20-year period, right?
Yeah.
And the sheer volume of change as well, you know,
number one going to literally the bottom of the list.
I think it's incredible, absolutely incredible.
And whatever you say about Apple and Jobs and iPhones
and all that sort of thing, it was the iPhone
that really changed everything.
Yeah, well, it took out everything like BlackBerry, Microsoft,
the Windows phone.
Yeah, because Windows phone was ostensibly doing the same thing,
a graphical interface.
You know, you could touch screen and all that sort of thing.
But iPhone or Apple took it and actually made it usable,
made it attractive, and put it in the hands of regular people.
Obviously, it was also the time when the cost of a phone went through the roof.
But people were willing to pay it and are now willing to pay it.
People will pay £1,000 for a phone over two years
without a second thought now.
Sadly.
It's, you know, unless you're in very specific circumstances,
it's almost the norm.
So, yeah, and to see such a change, such a change,
it's quite astounding.
Yeah, do you remember the first Nokia tri-band phone?
It was a
little silver thing that you sort of slid down and i remember freaking out the cost of that was um
it's about 290 pounds yeah but i really wanted it and i remember i was like god 290 pounds for
the phone this is crazy yeah but then but that was a time when you your phone um the cost of your phone was built into
your tariff whereas now they're kind of separate aren't they yeah but i remember um i was in india
for for three or four months and then traveling massively after that and so my mobile phone went
through the roof and it came to my uh renewal date and this is after roof and it came to my renewal date.
And this is after a year.
I came to my renewal date and I said, oh, what phone can I have?
Because that was what you said.
You know, what's the best phone I can get?
And the guy on the end said, you can have anything you want.
Okay, I'm going to have whatever it was, XDA, I think.
You know, the O2 XDAs.
Oh, yeah.
Yeah.
So, yeah.
But now, of course, it's completely separate.
Telcos create their own deals with the mobile phone makers.
Yeah.
Oh, man, what a trip down memory lane. Incredible. Yeah. So, oh man, what a trip down memory lane.
Incredible.
Excellent.
Thank you very much Andy for this week's
This Week
in InfoSoul.
This is the podcast
the Queen listens to.
Although she won't admit it.
Your Majesty.
Yes, indeed.
Get well soon, I say.
She's got COVID, doesn't she?
She does.
Yeah.
Yeah, COVID-19.
And Andrew, the Duke of York, has Chloe, 17.
Yes.
Allegedly.
Allegedly. Allegedly.
That was a joke.
I just want to make clear for all you lawyers out there, it was a joke.
And if it wasn't considered a joke, it was Andy that said it.
Just saying.
Now, with a slight change to our running order and schedule,
we are going to have this one first.
Billy Blue Balls of the Week.
Or as I hinted at in the introduction, more like a Billy Blue Balls, right?
Am I right?
So let's see.
There's two different styles of reporting here, which I love.
It's obviously to do with Ukraine, because how can it not be at the moment?
So the New York Post, which is still, you know, a little bit of a trashy newspaper.
Their headline is Sleeping with the Enemy.
Russian troops try to pick up Ukrainian women on Tinder. actually, a newspaper. Their headline is, Sleeping with the Enemy.
Russian troops try to pick up Ukrainian women on Tinder.
I mean, you've got to say,
the balls behind doing that is quite impressive.
Hey, you recognise me?
I'm the one in green.
You miss 100% of the shots you don't take, though, right?
Yeah, and also dates you don't take as well.
But the best part of this, I think, is the Suns headline,
which obviously works with far more alliteration with rude army.
Randy Russian soldiers bombard Ukrainian girls with flirty Tinder requests
with a picture of a very disappointed looking,
presumably Ukrainian woman holding up her phone with lots of men in uniform.
with lots of men in uniform on it. But yeah, this is, and it's actually going to lead
into our next story, but this just goes to show
how intertwined our lives are with modern social media
and apps and things like that so obviously tinder and other dating
apps there are other dating apps available um they they're based around your location what your
physical location and you can sort of set it to anywhere from you know one mile 10 miles 50 miles
whatever outwards from you you know in a radius outwards from you.
So obviously with all these soldiers moving over rather close initially
to the Ukrainian border, that's going to hit a few Ukrainian towns
and cities, right?
So partly it's not surprising that their feeds might change.
What gets me is that they're actually responding.
I know.
Aren't you doing something about it?
Now, it would be fascinating to see after the fact
if Tinder were actually able to, based on this data alone,
accurately locate Russian forces on the border just from the data
that they were able to harvest from the app.
I think that would be a really fascinating piece of insight
because I tell you what, the type of OSINT you could get from this
or that the various armed forces could get about troop movements placed purely on Tinder's hit rate.
But yeah, I mean, Gen Z and millennials,
they take a different approach to working life.
You know, the generation changes.
Yeah, of course.
And these guys, they're out on the front line.
They're like, well, I'm not married to my job.
You know, I want a social life.
Yeah, exactly.
I'm in combat, but I still have downtime you know why not i need to go out and i know the specks naz soldier has his needs you know yeah exactly i don't don't they don't hate ukrainians
they've just been sent out there to enforce you know well well yes there is that of course you
know but but but the the other part of it is,
why have they got their mobile phones on them anyway?
Oh, come on, be fair.
You don't leave the house without your mobile phone, right?
I'm also not about to invade the house next door.
Do you know what I mean?
I mean, there are many questions raised by this.
Many, many questions.
Like, were there any hookups?
Well, I like the picture in the Sun article.
Actually, he has a picture of a guy.
His Tinder profile picture is him.
He's sort of naked, but he's got camo paint on in bed.
Yeah.
And he has a gun in his hand as well whilst he's sleeping
this is just i mean who's swiping right on that you know is that a left or a right swipe that's a
that's a tough one billy big balls of the Week.
It doesn't matter if the judges were drinking.
Host Unknown
was still awarded
Europe's most
entertaining content
status.
In your face.
Wrong one, but
I thought it was out, yeah.
You wish you were. I'm going to have to find that one because I've only got the jing yeah. You wish you were.
I'm going to have to find that one because I've only got the jingles
labelled 1 to 12.
I actually have no idea which one I'm playing at any given time.
If we did an analysis, you'll certainly get to see what are my favourite
numbers or favourite locations on the stream.
Oh, dear.
Right, so let's move on
to what would traditionally be
the second part of the show,
which is now the third part of the show.
Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
And I'm going to take this one as well,
and it's surprisingly not about
job application sites.
It is rather unsurprisingly about the ukraine there's a theme coming out we're gonna have to back off this you know that
we're gonna after this we're we're off that's it yeah no more no more exactly uh So there was a Vice article.
A war in Europe is being documented one social media post at a time.
Yeah, and I've seen it.
TikTok, Twitter, all over.
Yeah, TikTok, Twitter, LinkedIn.
I mean, LinkedIn is all about, oh, I remember when I was in Russia
doing business and all my friends out there.
You know, so each platform has its own flavor, I guess you could say.
But the thing here is, and why this is a rant, I think,
is it kind of trivializes what's going on to a certain extent.
is it kind of trivialises what's going on to a certain extent?
Yes, there's a certain level of important stuff being reported here. So there's quite a, well, it must be famous by now,
of an alleged Russian jet firing missiles at civilian housing blocks.
It's been shot from the inside of one of the blocks.
So, you know, absolutely appalling.
And, you know, this is part of our historical record now.
You know, in the past, historians, you know,
would have written this down or it would have been filmed
and put into something, you know, into some archive somewhere, whatever.
But this is real. It's now. And it's also, you know, as long as we have power and we don't sort
of descend into nuclear apocalypse, it will be around forever. Right. And then you've also got
sites, so Center for Information Resilience. And this is this is not picking them out
specifically,
but they're also saying a lot of footage is being posted online of Russian military movements
along the Ukrainian border.
We're working with the OSINT community to document, verify and map this information.
You can find our map of verified movements.
So actually, it's almost uh a resistance without actually openly resisting
you know all you're doing is you know taking a photo of a russian soldier somewhere in a shopping
mall or whatever i'm posting it and someone is correlating that with with um other information
so it's it's like a you know a massive sensor net for one to one.
So you've basically got two teams here playing battleships.
Yeah.
With scouts out on the ground.
That's right.
That's right.
Except, of course, Ukraine does have the advantage here
because it's home turf, right?
And there's more Ukrainians with phones than there are soldiers with guns.
For now.
Yes.
I think that's...
For now.
Yeah.
For now.
And there's reporting...
This is a changing situation.
By the time this show is published, it may be the other way around.
Yeah.
Oh, my goodness.
Especially given the amount of editing I'm going to have to do.
But there is some good stuff coming out here you know movements of
trucks on on highways and motorways and um you know all that sort of stuff uh people sending
messages back to their loved ones so you've got a ukrainian soldier you know basically sending a
message back to the loved one yeah basically we're under heavy bombardment. I mean, this is heartbreaking stuff.
The reason this is a rant of the week is twofold.
And this isn't a black and white issue, I have to say.
This is slightly more two or even three-dimensional than that.
But the reason I think this is a rant is, one, I think we end up watching,
this is a rant is one i think we end up watching uh was it all well said um the the fall of civilization is when you've got one half of of the world watching on tv the other half of the world
starve or something like that this is a very similar thing we're sat here just numbly looking
through our devices and seeing this stuff play out as if it's Call of Duty or Battlefield.
And it completely sort of trivializes what's actually going on and is also very much open to influence. So we know that Russia has a huge number of social media influencers on platforms like Twitter.
In every world. Yeah, every country.
Yeah, Facebook, etc. And so they will be influencing people by the rest of the world by posting their own stuff and very much mixing this thing up,
mixing up the messages that we should be getting.
So it's quite a dangerous thing to be obtaining all of your sources from.
But the other side is, and there has been a push about general OSINT people
using this information to track not just Russian but also Ukrainian forces.
misinformation to track not just Russian, but also Ukrainian forces.
Yeah.
And so, and that, you know, and this is painting very much a, you know,
good guy, bad guy scenario between Russia and Ukraine. But I think, I think it's fair to say that at this point, we're very much,
you know, Russia, Russia are the baddies in this particular game that we're playing.
So what that means is that all of Ukraine's efforts
in sort of repelling the attacks could be undermined
purely by some person in their basement sitting in there
for 48 hours tracking OSINT and saying,
oh, aren't I very, very clever here?
It's actually significantly undermining any kind of resistance efforts.
So, like I say, this isn't a black and white issue,
but it is quite a challenging one that we need to address
and actually come out and start to look at some more, perhaps,
trusted news sources.
Well, you can get the uh rt news uh russia today uh has always been it's always been a favorite of yours always been a favorite of mine uh very
clear with the message there there's uh you know no room for interpretation no no absolutely not
but yeah no it's a, it's a tricky one.
And like you say, I guess, you know, as a world,
we've become so accustomed to news and information just being available
to us at the end of our fingertips that, you know,
I've seen a lot of these comments on, you know, TikTok.
It's like, you know, I can't believe I'm watching World War III
on my phone.
Yes.
You know, it's the most unreal thing.
It's almost like, remember that fast and furious movie tokyo drift where they're kind of they're doing the race and everyone's
streaming it on their mobile phone so they can see where it is and you know that was sort of like
cgi'd at the time because you know the technology just didn't do that um but now it does there's
live streams you know i've seen live streams of like shelling and stuff going yeah holy crap yeah this is but yeah no it's uh i don't know where to go on this one yeah
i'll tell you where we'll go rant of the week this is the host unknown podcast
the couch potato of infosec broadcasting so andy have we got the time?
We do. Let me check the time.
It is that time of the show where we head over to our news sources
over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news
from around the globe.
Industry news.
Industry News Banking world rocked after leak exposes 18,000 Credit Suisse accounts
Industry News
Teen framed for cybercrime files lawsuit
Industry News
US receives ransomware warning
Industry News EU deploys cyber response unit to Ukraine US receives ransomware warning.
EU deploys cyber response unit to Ukraine.
Ofcom set to crack down on phone fraud.
Vishin makes phishing campaigns three times more successful.
Non-profits form cyber coalition. Industry News. WMATA Twitter account hacked. Industry News. Ukraine attacked with wiper malware. Industry News. And that was this week's
Industry News.
Industry News.
Huge if true.
Huge if true.
Your first one I read as Teen Framed for Cybercrime Files Lawsuit.
As opposed to what?
Teen Framed for Cybercrime Files Lawsuit.
Right.
Okay.
Well, I guess this is where you know you get our interpretation of how we read these things based on the headline based on the headline you can't
believe he's filing a lawsuit and i can't believe he was framed for filing lawsuit yeah so i'm
actually looking at it and it's a story it's not here it's a she so you know don't assume genders tom um you know you know this the
family of a teenage girl from florida who was arrested and detained over cyber threats she
didn't make is suing her former school and meta aka facebook um so this is a 13 year old that was
arrested in november of last year for making a written threat to do bodily
harm or commit an act of
terrorism and she was
charged with a second degree felony
What?
How can a 13 year old be
charged with a felony?
So it looks like threatening messages
were sent to students and staff at her school
threats were reported
to the police.
School was placed on a code yellow alert.
I guess this isn't Americanism because, you know,
we generally don't have those type of alerts.
No.
A code yellow alert is when the urinal overflows in the school.
Exactly.
So the threat assessment team was immediately deployed to investigate the incident and ultimately identified
and arrested a 13-year-old female who was a former student at the school um so she spent 11 days in juvenile
detention she denied all the charges um and oh gee so following an extensive and thorough
investigation the original student arrested in this case was exonerated of these charges.
Whoa.
Yeah.
So they're saying that they had probable cause, but they uncovered new evidence while she was being arrested.
It implicated one of her supposed victims as the new suspect.
Who's probably been told, don't do that again well this is right so a 12 year old
was then found to have maliciously impersonated victim one by using her information to create an
email address and open multiple accounts instagram accounts uh she then sent herself and other
students multiple threatening messages and intentionally lied to law enforcement to frame victim one.
At 12?
What kind of screwed up do you have to be to do that?
Well, do you know what?
It's not.
I mean, this is it, right?
There's no checks done, right?
Identity check.
In fact, are you even allowed to open Instagram accounts if you're under 13?
No, I don't think you are.
I don't think you are.
Yeah, lots of questions on this one but
uh yeah so the victim is suing the seeking damages for thirty thousand dollars for mental
and emotional stress good i think yeah i think that's that's a small price to pay
yes i guess 11 days in juvenile detention though that is That is a lot. And I wonder if the 12-year-old was then arrested.
Yeah.
That's the thing.
That's the part that's quite concerning.
The first one I read, the banking world rocked after leak exposes
18,000 Credit Suisse accounts.
We're so used to millions and millions of accounts being leaked.
Yeah, it doesn't sound like a lot, does it?
18,000 doesn't sound like a lot until you realise
that probably Credit Suisse accounts are these secret Swiss bank accounts maybe.
Oh, high net worth individuals maybe.
Is it going to be like a Panorama Papers style thing
where we're going to see lots of dodgy payments leaked in there?
So that'll be really interesting to find out as well.
Ofcom's set to crack down on phone fraud.
Isn't that what they're supposed to do anyway?
I know.
Ofcom announced they're going to do their job.
Yeah.
Yeah, exactly.
Exactly.
The one I saw, I was interested,
the non-profits form cyber coalition.
And you kind of think, we've got enough coalitions, right?
We've got coalitions coming out of our ears um but this is actually the 22 founding members of this non-profit are
some well-known people so like the owasp uh foundation um crest international the site
the cloud security alliance uh anti-phishing working group center for internet security so some quite the you
know the big guns of the uh industry and the fact that there's 22 of them i know i didn't realize
there's that many i mean what when it told i wonder how many how many other alliances are in
there building this alliance it's you know yeah well they're saying they're open to uh other members if you're a non-profit um
yeah welcome to i personally am definitely a non-profit at the moment i wonder if i could
uh yeah i've got one of those companies ata twitter account hacked is is that a wrestling
thing uh so do you know i i don't even know if it's pronounced, you know, Womata.
I don't know.
It's the Washington Metropolitan Area Transit Authority.
Oh, I thought some wrestlers were going to.
Yeah, no, so he hacked the, oh, I say he, assuming.
The hacker hacked the account and changed the account name from Metro
to Blueface Da Bus and then left a series of unfulfilled comments.
To Blueface Da Bus?
Yeah.
What the hell's that?
Yeah, posted.
One of the posts says, okay, serious question.
Are we a good bus station or are we ass?
And then saying, anyone here have boobs?
Lol.
And they're saying, anyone here have boobs?
Lol.
So I'm guessing we could guess the age of the hacker.
And probably the gender as well, let's face it.
This is a 14-year-old boy.
Come on.
Absolutely has. I'd put money on it being 14 years old and a boy yeah uh so what's uh the
okay this happened after another account was uh taken over by an unauthorized party metro rail
um it posted we ain't hacked i just hate being a social media manager for an effing bust Twitter.
I think someone else is being framed right there.
Oh, dear.
That's a ruin somebody's day.
Excellent.
Excellent. Thank you very much for this week's Industry News.
Industry News You're listening to the award-winning
Host Unknown podcast
Officially more entertaining
Than Smashing Security
In your face
There you go, just for you Andy
There we go
And we come crashing
Into the end of the show
Blimey.
So, Andy, this one's over to you for this week's...
Tweet of the Week.
We always play that one twice.
Tweet of the Week.
It is, and this week's tweet is from friend of the show,
Daniel Cuthbert.
This is, I think, quite topical.
We've tried to keep the Ukraineraine content light but uh it's always
going to come back to it right um so dan says linkedin is going to need to update their
endorsement tags after this episode and he's put some suggested tags he's got geopolitical
threat intelligence advanced covert cyber operations and planning, cyber weapons expert, cyber recce expert and underground state adversarial interactions.
You can you can imagine how many armchair experts are going to be adding these tags to their profiles.
day that said the the number of people who are going to going to move from being vaccine export experts to um you know geopolitical uh war experts overnight yeah exactly exactly they've
now got something else to focus on yeah there was uh i did like someone commented uh and said oh
cyber sabotage engineer like is suggesting another tag.
Cyber sabotage engineer.
He's responded and he says,
AKA push to prod at 3.55 on a Friday.
Oh, man.
Brilliant.
Brilliant.
Thank you.
That was this week's.
Blimey, that flashed past, didn't it?
It did, thankfully.
I mean, you know, it's tough to... Jav, you know, contributed as much as usual.
Well, yeah, exactly.
But he normally does have a few words in there
to sort of act as filler, let's face it.
Yeah, but alas, he'll be back next week,
so back to the more heavyweight show.
Yeah, quite literally.
He's flying back this weekend,
and he was worried about flying over Ukraine,
and I saw a flight radar 24.
Because of the scale and the size of the little icons for planes,
obviously it looks like you can't see the ground for planes, right?
But there is this massive hole around Ukraine at the moment.
Yeah, he's got nothing to worry about.
What he needs to worry about is what customs do to him
after we send that message.
This is true.
That little anonymous tip.
Absolutely, absolutely.
Seek him with his eight suitcases.
Yeah.
This is the anonymous tip where the security officer says to Jav,
this won't be just the tip.
Oh, dear.
Oh, dear.
Excellent.
Thank you very much, Andy.
I do hope you have a lovely and restful weekend.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
r slash Smashing Security.
We did all right.
We didn't mention Oksana.
We didn't mention, you know, Vladimir too much.
No, no.
Kept it.
But hey, I mean, what podcast is going to go live this week without talking about what's happening in Ukraine?
Exactly.
And let's face it, all Putin wants is peace, right?
Absolutely.
That's what I hear.
A little piece of Dubrovnik and a little piece of Kiev.
I hope we don't get sued for that.
Oh, hello, brother.
Oh, hello.