Malicious Life

Cybereason

Malicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.

All Episodes

In March, 2016, Microsoft had something exciting to tell the world: the tech giant unveiled an AI chatbot with the personality of a teenager. Microsoft Tay - as it was nicknamed - could tweet, answer questions and even make its own memes. But within mere hours of going live, Tay began outputting racist, anti-Semitic and misogynist tweets.

Nov 30

28 min 47 sec

The Wild West Hackin’ Fest is a unique security conference. Not only because it's held in South Dakota and not only because of the Wild West visual vibe - but also because of the emphasis it puts on diversity and lowering the entry barriers for people who wish to join the world of information security. Eliad Kimhy talks to John Stand, one of the conference's founders.

Nov 23

36 min 14 sec

To capture Alexey Ivanov and his business partner and bring them to justice, the FBI created an elaborate ruse: a fake company named 'Invita', complete with a fake website and a fake office building. Ray Pompon, a security professional, was brought in as an 'evil security consultant", to convince Alexey to demonstrate his hacking skills on a pre-arranged honeypot...Alexey came up with a 'brilliant' idea: hacking American corporations, and then blackmailing them - forcing them to hire his services as a 'security consultant.'

Nov 15

27 min 15 sec

by China Telecom and routed through China. In 2017, traffic from Sweden and Norway to a large American news organization in Japan was hijacked - also to China - for about 6 weeks. What is IP Hijacking (a.k.a. BGP Hijacking), and what are its security implications? Nate Nelson talks to Dr. Yuval Shavitt, from from Tel Aviv University‘s Cyber Research Center.

Nov 9

36 min 16 sec

Alexey Ivanov was exactly the kind of person to benefit from the early-2000's dot-com boom: He was bright, talented, and knew his stuff. His only problem was the fact that he was born in Chelyabinsk, a sleepy Russian town in the middle of nowhere…when he sent his resume to American companies, nobody was willing to bet on him. Alexey came up with a 'brilliant' idea: hacking American corporations, and then blackmailing them - forcing them to hire his services as a 'security consultant.'

Nov 1

27 min 39 sec

The NSA is one of the world's most formidable and powerful intelligence agencies. Some people fear that the National Security Agency’s advanced capabilities would one day be directed inwards, instead of outwards. Are those fears justified? Is the NSA more dangerous than it is useful? Nate Nelson spoke with Ira Winkler, who started his career at the NSA.

Oct 26

35 min 19 sec

In May 2017, Marcus Hutchins - AKA MalwareTech - became a hero for stopping WannaCry, a particularly nasty ransomware that spread quickly all over the world. Yet his fame also brought to light his troubled past as the teenage Black Hat hacker who created KRONOS, a dangerous rootkit. Should a criminal-turned-hero be punished for his past crimes?…

Oct 18

33 min 57 sec

In July, 2021, Nocturnus - Cybereason’s Threat Research and Intelligence team - was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies, mainly in the Middle East. Their investigation resulted in the discovery of a new threat actor that has been operating since at least 2018, and new and sophisticated malware that abuses Dropbox. Nate Nelson, Our Sr. producer, spoke with Assaf Dahan - senior Director and Head of Threat Research at Nocturnus - about the investigation. Find the full report about "Operation GhostShell" at: www.cybereason.com/ghostshell

Oct 11

22 min 42 sec

Smart Homes are slowly but surely becoming a part of our everyday lives, and so far it seems that Smart TVs - equipped with microphones, cameras, and an internet connection - are the weakest link. What are the current and potential threats against smart TVs - and is a person's smart home, still his castle?...

Oct 4

34 min 10 sec

In some ways, cyber security is like Art - and that’s not a good thing… MITRE’s ATT&CK framework tries to make sense of the collective knowledge of the security community, and share that knowledge so that cyber defence become less an art form, and more about using the correct tools and technique. Nate Nelson, our Sr. producer, talks with Israel Barak - Cybereaon’s CISO and a regular guest of our podcast - about MITRE ATT&CK, and how it can help your organization stay safe.

Sep 27

24 min 12 sec

Every year, seemingly, there’s a new story of some software - like 'Tik Tok' or 'FaceApp' - from a hostile country that may or may not be a security threat to us in the west. So what should be done in cases like this? What if the U.S. just banned all technology from Russia and China? Is it a good idea? Is it even possible?

Sep 20

35 min 24 sec

Darknet Diaries, Jack Rhysider's show, is the most popular cyber security podcast - and one of the most successful tech podcasts in the US in general. Eliad Kimhy spoke with Jack about the origins of Darknet Diaries, his heroes and role models, and the effect the show’s success has had on his personal life - which, you might be surprised to discover, wasn’t always 100% positive.

Sep 13

32 min 44 sec

It's every company's nightmare: a mysterious stranger approached an employee of Tesla's Gigafactory in Nevada, and offered him 1 million dollars to do a very simple job - insert a malware-laden USB flash drive into a computer in the company, and keep it running for 8 hours.

Sep 6

31 min 8 sec

Lt. Colonel (Ret.) Bill Hagestad talks to Nate Nelson about how China's culture and troubled history of western colonialization influence its goverment views and actions regarding the global internet, and its interactions with western technology companies such as Google and Nortel.

Aug 30

19 min 7 sec

What do you get when you take a hypersexual, drug enthusiast gun-toting paranoid - and add some serious amounts of money to the mix? You get a life so bizarre, so unbelievably extreme, that people will tell its story even after you’re long gone. Murder, rape, drugs, lies and a possible Dead Man's Switch... it's all part of John McAfee's story.

Aug 23

47 min 38 sec

Nate Nelson talks to Art Coviello, Former CEO of RSA Security, and Malcolm Harkins, Vice President & Chief Security Officer at Intel, about the current cyber security landscape - 10 years after the RSA Breach.

Aug 16

45 min 9 sec

Nate Nelson talks to Assaf Dahan, Sr. Director and Head of Threat Research at Cybereason’s Nocturnus team about a recent attack they uncovered, on multiple major Telecommunication companies.

Aug 10

38 min 11 sec

The Jester is a patriotic, pro-American Hacktivist that since 2010 has waged a personal cyberwar against an array of targets he considers to be “the bad guys.” But detractors have insinuated that some of the Jester's operations were little more than internet sleight-of-hand. So, who is The Jester and what can we make of his reported exploits?

Aug 3

35 min 54 sec

In 2005, when Albert Gonzalez was hacking his way into the networks of many retail chains in the US, credit cards were still very insecure: magnetic stripes and signed receipts did little to stop smart hackers such as Gonzalez and his crew. Sherri Davidoff talks to Nate Nelson about the past and present state of credit card security.

Jul 26

22 min 56 sec

In early 2007, a Secret Service agent operating out of San Diego takes a flight halfway across the world. He’s going to meet with Europe’s most prolific stolen card salesman. It is this meeting that will be the beginning of the end for Albert Gonzalez and his 'All Star' crew of hackers, international businessmen and mules.

Jul 20

31 min 14 sec

DerbyCon was all about making the community - a family. Dave Kennedy, one of the founders of DerbyCon, talks about the unique vibe of the conference, his fear of clowns, and why he'll never - NEVER - listen to a Busta Rhymes album again.

Jul 13

36 min 57 sec

Working with the Secret Service, Albert Gonzalez was outstanding. He was such a good employee, in fact, that they had him do seminars, and speak at government conferences. At one point he met personally with the then Director of the Secret Service. Albert gave a presentation, and got to shake the man’s hand. It’s a remarkable redemption story, you’d have to say. There was just one caveat. You see, Albert Gonzalez went from stealing millions of credit cards to quarterbacking the largest cyber crime bust in U.S history. And then? He went back to the Dark Side.

Jul 7

37 min 25 sec

Jeff Moss, founder of the DEF CON Hacker convention (and also the BlackHat convention), talks to Eliad about the origins of DEF CON, its "interesting" relationship with law enforcement agencies, and some of the notable shenanigans the conference attendees pulled off over the years...

Jun 28

36 min 40 sec

It was as a teenager that Albert Gonzalez--one of the few greatest cybercriminals in history--developed the obsession that would go on to ruin his life. Gonzalez and some of his friends would go on to pull off some of the most remarkable crimes in the history of computers - but they just didn’t know when to stop. If they did, they might have gotten away with it. They might not have ruined their lives.

Jun 21

27 min 1 sec

THOTCON is not your ordinary, run-of-the-mill security conference - and it's even obvious from the moment you browse their website. How did a local, small-scale event in Chicago, grow to become a major cybersecurity conference, and what is its connection to The Matrix movie? Producer Eliad Kimhy talks to Nick Percoco and Jonathan Tomek, two of THOTCON's founders.

Jun 15

30 min 42 sec

For more than a decade, China orchestrated a sophisticated espionage campaign against Nortel Networks, using Huawei, Chinese civilians working in Canada, and even organized crime gangs to steal important technical and operational information. When Nortel finally fell, the Chinese were there to reap the rewards of their death.

Jun 8

35 min 48 sec

On Friday, May 7th, 2021, Colonial Pipeline suffered a cyberattack that forced the company to shut down its operations. As a result, gasoline outages were reported in many East Coast states. The entity behind the attack is a criminal group known as DarkSide. Nate Nelson, our Sr. producer, spoke with Assaf Dahan - Head of Threat Research at Cybereason - about the Colonial Pipeline attack: how & why it happened, and its implications - both for the security of critical infrastructure in the US, and for the criminal underworld of Ransomware groups. That last one is particularly interesting, since it seems that the Colonial Pipeline attack has set off a somewhat unexpected trend on the dark web.

Jun 1

29 min 49 sec

In the wake of RSA's disclosure of the breach, the company cyber analysts chose not to boot the attackers of their network - but followed their activities closely, trying to figure out their identities and motives. For the first time since the actual breach, a decade ago, we'll get the (surprising) answers to those questions - and more.

May 24

29 min 32 sec

In the early 2000s, Nortel was consciously, intentionally, aggressively positioning itself as a partner and a friend of China. At the same time, it was China's number one target for corporate espionage - and an early victim of its new 'Unrestricted Warfare' doctrine.

May 20

25 min 16 sec

In the early 2000s, Nortel was consciously, intentionally, aggressively positioning itself as a partner and a friend of China. At the same time, it was China's number one target for corporate espionage - and an early victim of its new 'Unrestricted Warfare' doctrine.

May 11

28 min 41 sec

Security BSides - or just 'BSides', for short' - is the first grassroots, DIY, open security conference in the world - with more than 650 events in more than 50 countries. Jack Daniel, one of BSides' founders, recalls how the conference started, and what do such 'community-oriented' events contribute that other events often cannot.

May 4

30 min 24 sec

Back in the 1990s, Cyberwarfare was a word rarely used in the West - and definitely unheard of in China, which was just taking it's first steps in the Internet. Two Chinese military officers, veterans of the semi-conflict with Taiwan, helped shape the role of cyber in modern warfare in China and beyond.

Apr 27

33 min 57 sec

Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, speaks to Sr. Producer Nate Nelson about the cybersecurity of Nuclear facilities. How protected are modern nuclear power plants?

Apr 19

24 min 25 sec

Chris Wysopal, a cyber security pionneer and one of L0pht's founding members, talks about the group's 1998 testimony in the Senate, how they used shaming to force cooporations to fix their software, and the (not so fortunate) consequenses of the sale to @stake.

Apr 12

40 min 16 sec

In the early days, the L0pht guys tinkered with what they already had laying around, or could find dumpster diving. But things change, of course. By the end of the ‘90s many of the L0pht hackers had quit their day jobs, incorporating under the name “L0pht Heavy Industries”, and moving into a nicer space, the “new L0pht.” Seven days after Y2K, they merged with @stake, an internet security startup. It was a signal that hacking wasn’t just for the kids anymore.

Apr 5

44 min 37 sec

'L0pht', or 'L0pht Heavy Indutries', was one of the most infuencial hacker collectives of the 90's: it's members were even invited to testify infront of the Congress on the current state of Internet security. In this episode, four L0pht's founding members - Count Zero, Weld Pond, Kingpin & Dildog - talk about the begining and influence of the L0pht on cyber security.

Mar 30

38 min 56 sec

Israel Barack, Cybereason's CISO and an expert on cyber-warfare, on the recent MS Exchange hack that hit thousands of organizations worldwide: what happened, what were the vulenrabilites expolited in the attack - and what can we do to defend against such attacks in the future.

Mar 22

24 min 16 sec

When the NotPetya pandemic hit, Cyber Analyst Amit Serper was sitting in his parents' living room, getting ready to go out with a few friends. He didn't have most of his tools with him, but he nonetheless took a swipe at the malware. An hour later, he held the precious vaccine.

Mar 15

26 min 17 sec

On June 28th, 2017, millions of Ukranians were celebrating 'Constitution Day.' Their national holiday turned into a nightmare, as tens of thousands of computers all over the country were infected by a mysterious malware. By that afternoon, the cyber-pandemic was already going global.

Mar 1

32 min 48 sec

It seems likely that legislation alone won't be able to regulate the widespread use of facial recognition. Andrew Maximov, who uses AI to fight Belarus's dictatorship, shows us another way facical recognition can be used - this time for us, instead of against us.

Feb 16

32 min 4 sec

There are plenty of reasons why Police should use AI for facial recognition: after all, Humans are notoriously bad eye witnesses. However, placing AI in the hands of law enforcement does have its dangers - due to the limitations of the technology itself, and the biases of the officers who use it.

Feb 3

48 min 47 sec

Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them - and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?

Jan 21

44 min 57 sec

FC, aka 'Freaky Clown', is an expert in "Physical assessments" - otherwise known as breaking into ultra-secure office buildings. FC shares some of his (incredible) adventures, as well as some tips and tricks on how to protect your organization's HQ from hackers such as himself.

Jan 7

35 min 8 sec

Ran talks to Israel Barak, Cybereason's CISO and a Cyber-defense and Warfare expert, about the recent SolarWinds hack that impacted upto 18,000(!) enterprise organizations in the US. What is a Supply Chain Attack, how can organizations defend against it - and what does all this have to do with Evolution and Natural Selection?...

Dec 2020

34 min 57 sec

For our 100th episode, we bring you three stories that tie in to previous episodes of the show: Shadow Inc. (Election Hacking), J&K (Max Headroom) and T-Shirt-Gate (Yahoo's Ugly Death). Enjoy :-)

Dec 2020

41 min 30 sec

In the mid-90's, a Dutch TV repairman claimed he invented a revolutionary data compression technology that could compress a full-length movie into just 8KB.

Dec 2020

54 min 39 sec

In 1983, the US got word that an ally's embassy - probably France's - was bugged by the Soviets. This reports triggered Operation GUNMAN: a complete removal & de-bugging of *all* electronic devices in the US embassy in the USSR. This secretive operation resulted in a surprising discovery - and made the NSA what it is today.

Nov 2020

41 min 53 sec

Georgia's elections infrastructure had been hacked multiple times since 2014 - both by Russian Intelligence and local White Hat hackers. The upcoming elections are plagued with uncertainty - and uncertainty and democracy go together like wet hands and electrical outlets.

Nov 2020

42 min 6 sec

Today we’re talking about just one state. One which, depending on which way it leans, might bring the entire electoral college with it. One which, as of this writing, is absolutely, positively, neck and neck. Dead heat. A few votes one way or the other could swing it. In other words: this is the kind of state that cannot afford to be hacked. But might be.

Oct 2020

36 min 38 sec

About a year ago, Cybereason's Managed Detection and Response team (aka MDR) stumbled upon a attack involving Russian cybercriminals, POS devices and an entire new family of previously undiscovered malware.

Oct 2020

24 min 59 sec