Malicious Life

APT-10 is a Chinese nation-state threat actor that in recent years has been targeting Japanese IT & Instrastructure organizations using a sophisticated backdoor malware known as LODEINFO. Recently, Jin Ito & Loic Castel, researchers from Cybereason’s IR Team, uncovered a new tool used by the group: NOOPDOOR, which incorporates highly sophisticated persistence mechanisms, allowing APT-10 to evade detection and remain inside enterprise networks for two or even three years. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Aaron Barr was en-signals intelligence officer specializing in analytics. As part of HBGary Federal, he came up with a plan to unmask the key leaders of Anonymous, the infamous hacker collective. People who worked with Aaron warned him that his data was sub-par, but the determined vet claimed he had a strong “gut feeling” that he was on the right track.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

On 17 and 18 of September 2024, thousands of pagers and hand held radio devices used by Hezbollah, exploded simultaneously across Lebanon and Syria, killing at least 42 terrorists and wounding more than 3,000. Devon Ackerman, Cybereason’s Global Head of Digital Forensic and Incident response and a former Special Agent at the FBI’s Operational Technology Division, discusses the lessons organizations can learn from this ultra-sophisticated supply chain attack. How such traumatic events impact the mindset of hacked organizations, what kind of threat actors are capable of pulling off long-term attacks like these, and the three most important steps organizations can take to minimize the chance of a supply chain attack.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Could thousands of people keep a secret? Common sense says no—secrets spread, and people talk. But for over a decade, from 2006 to 2017, a website managed to stay under law enforcement’s radar, despite the fact that its many users were participating in illegal activities. The website’s users managed to keep it a secret for such a long time, because they shared one thing in common: they were creeps who traded nude photos. Until one user, driven by simple greed, brought it all crashing down.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In 1963, the FDA raided the headquaters of a budding new and esoteric religion – The Church of Scientology. In response to this and similar incidents to come, the church’s founder – an eccentric science fiction author named L. Ron Hubbard – would go on to lead the single largest known government infiltration operation in United States historyOur Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

On Dec. 5, 2016, two senior Russian Intelligence officers and two civilians were arrested and accused of treason. A few weeks later, when Western journalists were finally able to speak with the men’s lawyers, they learned that the case was based on events that were, oddly enough, already widely known. This made the arrests even more peculiar. As more details emerged over time, the picture became clearer, offering Westerners a rare glimpse into the typically secretive world of Russian intelligence.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

SNAP – better known as food stamps – goes back to the Great Depression. ,The physical stamps were replaced with EBT cards in the 1990s, but since these cards are without the secure EMV chip techonolgy, enterprising crimilas found ways to drain funds meant for low-income families.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Nicole Kotsianas, an investigator with K2 Intelligence, made it her personal mission to hunt down the Hollywood Con Queen, who crulley tormented her victioms and shattered their dreams. Nicole’s efforts bore unexpected fruits, when she discovered that the Con Queen was actually… a man. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In 2015, two aspiring script writers flew to Indonesia to meet with executives of a large Chinese film corporation. It was a trap: the Hollywood Con Queen not only coned them out of tens of thousands of dollars, she also cruelly ruined their friendship. Two years later, a corporate investigator working for a big shot Hollywood producer, made a discovery that put her on the trail of this master of deciet. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In the pre-internet era, encryption was a matter of life and death, and the motives behind these ciphers were varied and complex. Discover how George Lasry, a modern codebreaker, uncovered the secrets of Mary, Queen of Scots, hidden in the French National Library for over 400 years. This episode delves into the painstaking process and the historical impact of decoding these ancient messages, revealing the hidden motives and desperate actions of a doomed queen.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Why did people write malware in the pre-internet days? Back then, there was no way to make money by writing malware. So why write them in the first place? The lack of a financial motivation meant that virus authors had a plethora of other motives – and this diverse mix of motives had, as we shall hear, an interesting effect on the design and style of viruses created at that period. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Section 230 is the pivotal law that has enabled the rise of social media -while sparking heated debates over its implications. In this episode, we’re charting the history of Section 230, from early landmark legal battles, to modern controversies, and exploring its complexities and the proposed changes that could redefine online speech and platform responsibility.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In 2016, Joe Sullivan, former CISO of Facebook, was at the peak of his career. As Uber’s new CISO, he and his team had just successfully prevented data from a recent breach from leaking to the internet. But less than a year later, Sullivan was unexpectedly fired from Uber, and three years later, the US Department of Justice announced criminal charges against him.So, what happened at Uber?Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In this episode of ML, we’re exploring the history of the well-known Nigerian Prince scam, also known as 419 or advanced fee scam, from its roots in a Parisian prison during the French Revolution, to the economic and social reason why this particular scam became so popular with African youth. Also, will AI make such scams more dangerous – or, counter intuitively, go against the interests of scammers? Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

Dive into the world of open-source intelligence (OSINT) in this episode, where we uncover how ordinary citizens use publicly available data to unravel some of the most complex global mysteries. From tracking conflicts in real-time to exposing the truth behind high-profile incidents like the downing of Malaysia Airlines flight MH17, discover how OSINT is revolutionizing the field of investigative journalism and transforming how we perceive and verify information.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

A few weeks ago we had a listener’s meetup in New York, and as part of that meetup, I gave a talk in which I discussed how Malicious Life came to be – a story that goes back to my days as a ship’s captain in the Israeli Navy – and then about how me and Nate craft the stories that you hear every other week. That last part, I hope, might also be beneficial to those of you, our listeners, who find themselves giving talks about technically complex ideas, cyber-related or not. The storytelling ideas and techniques I laid out in the talk are universal, and you’ll find them in blockbuster movies as well as podcast episodes. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer’s life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

In the 1950s and 60s – even leading into the 1990s – the cost of storage was so high, that using a 2-digit field for dates in a software instead of 4-digits could save an organization between $1.2-$2 Million dollars per GB of data. From this perspective, programming computers in the 1950s to record four-digit years would’ve been outright malpractice. But 40 years later, this shortcut became a ticking time bomb which one man, computer scientist Bob Bemer, was trying to diffuse before it was too late. Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands

The 2008 Russo-Georgian War marked a turning point: the first time cyberattacks were used alongside traditional warfare. But what happens when the attackers aren’t soldiers, but ordinary citizens? This episode delves into the ethical and legal implications of civilian participation in cyberwarfare, examining real-world examples from Ukraine and beyond.Our Sponsors:* Check out 1Password and use my code MALICIOUS for a great deal: 1password.comAdvertising Inquiries: https://redcircle.com/brands