Hacker And The Fed

The Crypto Hacks Funding North Korea

Thu, 30 Apr 2026 09:00:00 -0000

Chris and Hector break down a wild mix of cyber stories, including a U.S. soldier charged for betting on a classified military operation, ongoing North Korean crypto theft campaigns, and major security failures across APIs and SaaS platforms. They explore how insider threats, poor security practices, and repeated mistakes continue to drive massive breaches and real world consequences.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Europe Is Quietly Preparing for a Tech War

Thu, 23 Apr 2026 09:00:00 -0000

Chris and Hector break down a week of cybersecurity stories, from Europe’s push to move away from U.S. tech to supply chain attacks, insider threats, and SaaS compromises. They dig into why modern security tools still fail, how attackers exploit trust in third party systems, and why some breaches matter far less than headlines suggest.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Origin Story

Thu, 16 Apr 2026 09:00:00 -0000

In this episode, Chris and Hector revisit their origin story, from the investigation that led to Sabu’s identity to the night the FBI showed up at his door. They walk through the arrest, the decision to cooperate, and the months spent working side by side to dismantle major hacking operations. It is a firsthand account of how one of the most infamous hackers became an informant and how that unlikely partnership shaped both of their lives.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

How One Developer Took Down the Supply Chain

Thu, 09 Apr 2026 09:00:00 -0000

Chris and Hector break down a highly effective North Korean supply chain attack that started with a fake Microsoft Teams update and escalated into full developer compromise. They explore how modern attackers combine social engineering, open source manipulation, and long term access to infiltrate software pipelines. The episode also covers GitHub based attacks, compromised routers at scale, and why simple human pressure remains one of the most powerful tools in cybercrime.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

What CISOs Actually Worry About

Thu, 02 Apr 2026 09:00:00 -0000

Chris and Hector are joined again by an anonymous CISO for a candid follow up conversation on the realities of modern cybersecurity. They explore why compliance often turns into security theater, how geopolitical conflict is shaping defensive strategy, and what actually keeps security leaders up at night. The discussion cuts through dashboards and certifications to focus on risk, trends, and the uncomfortable truth that many organizations look secure on paper while remaining deeply vulnerable in practice.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Biggest Cybersecurity Grift in Years

Thu, 26 Mar 2026 09:00:00 -0000

Chris and Hector break down a major compliance scandal where a startup allegedly sold fake SOC 2 certifications using templated reports and questionable auditing practices. They explore how the breach exposed sensitive internal documents, why companies may have knowingly gone along with it, and what it says about trust in the cybersecurity industry. The episode also covers a massive GPU smuggling case tied to China, the collapse of a major cybercrime forum, and a real-world prompt injection attack that compromised thousands of developer environments.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

A Petabyte of Data Stolen and Nobody Noticed

Thu, 19 Mar 2026 09:00:00 -0000

Chris and Hector break down a massive breach involving claims of a petabyte of stolen data and question how something that large could go unnoticed. They also dive into a critical vulnerability in McKinsey’s internal AI platform that exposed millions of records through basic API and SQL flaws, along with ongoing credential theft campaigns targeting VPN users

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

iPhone Zero Days Are Now Fueling Crypto Crime

Thu, 12 Mar 2026 09:00:00 -0000

Chris and Hector break down a new US cyber strategy calling for a more aggressive posture against hackers, then dive into a bizarre case where a sophisticated iPhone exploit kit meant for espionage ended up powering crypto theft. They also revisit the arrest of a contractor’s son accused of stealing $46 million in seized cryptocurrency and discuss how bragging on Discord brought the whole scheme crashing down.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

When AI Makes Hacking Easier Than Ever

Thu, 05 Mar 2026 10:00:00 -0000

Chris and Hector discuss an AI assisted hacking campaign that compromised more than 600 Fortinet firewalls and what it reveals about persistent security failures. They also cover cyber operations tied to geopolitical conflict, leadership turmoil at CISA, and new research showing how AI can expose supposedly anonymous online identities

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The FBI Drug Market Rumor, Blue Checkmarks, and Government Backdoors

Thu, 26 Feb 2026 10:00:00 -0000

Chris and Hector break down a headline that made it sound like the FBI was running a dark web drug market and separate rumor from reality. They revisit how confidential sources actually work, the fallout from past undercover operations, and why media framing matters. The conversation then shifts to zero click exploits sold to foreign actors, the risks behind LinkedIn identity verification, and a security researcher who found a simple but devastating vulnerability only to be threatened by lawyers.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

What CISOs Won’t Say in Public

Thu, 19 Feb 2026 10:00:00 -0000

Chris and Hector sit down with an anonymous CISO who pulls back the curtain on how cybersecurity actually works inside large organizations. From security theater and boardroom politics to AI risk, bug bounties, and why CISOs are often the fall guy during major incidents, the conversation gets candid fast.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

One Stolen Password Can Take Down a Nation

Thu, 12 Feb 2026 10:00:00 -0000

Chris and Hector break down how familiar security failures continue to fuel major cyber incidents. They explore a large scale cloud worm campaign, a ransomware attack that disrupted a national oil pipeline operator, and a payment processor outage that impacted businesses across the United States.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Moment AI Stopped Waiting for Humans

Thu, 05 Feb 2026 10:00:00 -0000

Chris and Hector dive into the sudden rise of AI-only social networks where autonomous agents communicate, collaborate, and sometimes spiral into unexpected behavior. They explore MoltBook, the appearance of AI-driven black markets, and the real world risks of giving autonomous systems access to personal devices and data.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

From Doorbell Cameras to Seized Crypto

Thu, 29 Jan 2026 10:00:00 -0000

Chris and Hector take on the uneasy space where privacy, technology, and law enforcement overlap. They break down how encrypted data was accessed through BitLocker recovery keys, how doorbell cameras are quietly becoming part of policing and immigration enforcement, and how an alleged insider siphoned millions in seized cryptocurrency from government controlled wallets.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Inside China’s Leaking Cyber Machine

Thu, 22 Jan 2026 10:00:00 -0000

Chris and Hector unpack new signs of internal strain inside China’s cyber ecosystem. From leaked intelligence and exposed tools to China cutting off Western security technology, they explore what happens when a tightly controlled cyber machine starts showing cracks.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Cyber Attacks Without a Declaration of War

Thu, 15 Jan 2026 10:00:00 -0000

In this episode, Chris and Hector dig into how cyber operations are no longer a background activity but a core part of modern conflict. They break down reported US cyber actions tied to operations in Venezuela, Chinese state sponsored email intrusions targeting congressional staff, and the global scam economy built on human trafficking and crypto fraud.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Everyone Has Your Data and Nobody Is Accountable

Thu, 08 Jan 2026 10:00:00 -0000

In the first days of 2026, the line between reality and fiction is already collapsing. From massive data thefts and cloud misconfigurations to deepfakes, AI hype, and executives openly calling for limits on free speech, the guys break down how cybersecurity, media, and power are colliding.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

We Gave AI the Keys and It Learned to Steal

Thu, 01 Jan 2026 10:00:00 -0000

Chris and Hector look back at a year where AI quietly reshaped the threat landscape and look ahead to what 2026 may bring. From zero click AI browser attacks and runaway automation to insider threats, mass breaches, and the growing tension between security and convenience, they break down how small design decisions are creating big risks.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Supply Chain Attack Nobody Checked For

Thu, 25 Dec 2025 10:00:00 -0000

Chris and Hector break down a string of stories that show how fragile modern cyber defenses really are. From a malicious open source package quietly stealing WhatsApp messages, to a senior government official failing a counterintelligence polygraph, to nationwide ATM jackpotting tied to organized crime, the conversation moves fast and gets blunt.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Copy Pasting Commands Is the New Phishing

Thu, 18 Dec 2025 10:00:00 -0000

Chris and Hector break down how trust itself has become the attack vector. From AI powered SEO poisoning that tricks users into infecting their own machines, to a leaked GitHub token that exposed Home Depot systems for nearly a year, they unpack the latest breaches, indictments, and regulatory failures shaping the cyber landscape. They talk community, accountability, and why copying random terminal commands might be the most dangerous habit in tech right now.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

When Your Smart Fridge Joins a Botnet

Thu, 11 Dec 2025 10:00:00 -0000

Chris and Hector break down North Korea’s covert push to infiltrate Western companies through fake IT recruiting, the leaked Predator spyware network targeting journalists and activists, and a record shattering DDoS attack driven by millions of compromised IoT devices. Along the way they unpack lazy opsec, hardware backdoors, and why everyday consumer tech keeps ending up in global cyber warfare.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

China’s Leaked Cyber Warfare Playbook

Thu, 04 Dec 2025 10:00:00 -0000

This week on Hacker and the Fed, Chris and Hector break down a violent $11 million crypto heist tied to a fake delivery, dissect leaked documents exposing China’s internal cyber warfare training program, and examine how sloppy developer habits are feeding credential-stuffing attacks worldwide. Plus, updates on GrapheneOS, a look at rising physical threats around digital assets, and details on the first live Hacker and the Fed event.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Microsoft Admits Everything’s Broken, What Now?

Thu, 27 Nov 2025 10:00:00 -0000

Chris and Hector cover the surge in insider-driven cyber incidents, the escalating aggression of Scattered Spiders, a CrowdStrike employee caught leaking internal data, and a retaliatory attack that shut down thousands of accounts. The conversation moves through Microsoft’s admission that core Windows 11 features are failing, the FCC’s rollback of telecom security requirements, and the collapse of federal cybersecurity capacity after recent government shakeups.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The First Bitcoin Cold War

Thu, 20 Nov 2025 10:00:00 -0000

Chris and Hector break down Operation Endgame’s newest takedown of ransomware infrastructure, the surge of splinter ransomware groups, and why victim payments are dropping even as damage rises. They unpack China’s accusation that the United States stole 127,000 bitcoins, explore the emerging “Bitcoin Cold War,” and examine claims of the first AI-driven espionage campaign.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Typo That Destroyed a Cybercrime Empire

Thu, 13 Nov 2025 10:00:00 -0000

Chris and Hector dive into the latest cybersecurity chaos, from China’s questionable routers and remotely accessible buses to ransomware groups falling apart due to sloppy mistakes. They break down new extortion tactics, government crackdowns, cybersecurity myths, and a typo that exposed an entire cybercrime crew.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

How Residential Proxies Became the Dark Web’s Secret Weapon

Thu, 06 Nov 2025 17:11:00 -0000

Chris and Hector dive into one of the most shocking cybersecurity stories of the year, two U.S. security professionals charged with running ransomware attacks on American companies. The duo break down how trusted insiders became cybercriminals, why Russia is suddenly arresting its own hackers, and what new threats are emerging from massive botnets and compromised smart devices. They also discuss the NSA’s ban on Amazon’s Eero Wi-Fi over national security concerns and growing hacktivist activity targeting infrastructure in Canada.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

YouTube Tutorials or Malware Traps? Don’t Click That Link”

Thu, 30 Oct 2025 08:00:00 -0000

This week, Chris and Hector dive into a wild mix of cyber chaos — from 3,000 malware-laced YouTube videos to a former L3 Harris exec accused of selling U.S. cyber weapons to Russia for crypto. They break down the “YouTube Ghost Network,” insider espionage, and why agentic AI browsers might be your next biggest threat.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Night the Internet Broke: AWS, China, and the Quantum Hack

Thu, 23 Oct 2025 08:00:00 -0000

Chris and Hector break down the massive AWS outage that took half the internet offline, dive into China’s claim that the NSA hacked its national time servers, and explore how quantum-resistant encryption and zero-click exploits are changing cyber warfare. Plus, a wild SIM farm takedown and some Puerto Rico stories.

Insiders for Sale: The Hackers Recruiting Your Employees

Thu, 16 Oct 2025 08:00:00 -0000

A $4.6 million fine, a whistleblower payday, and a fake water plant hacked by mistake — this week, Chris and Hector dive into the DOJ’s first major cyber enforcement case against a defense contractor that lied about its security, the rise of insider recruitment by ransomware crews, and how Russian hacktivists got trolled by a honeypot. Plus, travel chaos, flu season, and the return of Puerto Rico challenge coins.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Click, Jack, and Roll: The Rise of AI-Powered Cybercrime

Thu, 09 Oct 2025 08:00:00 -0000

Chris and Hector kick off Cybersecurity Awareness Month with stories of phishing gone wrong, data privacy disasters, and a new wave of AI-powered attacks. From “comment jacking” and vanishing government backups to China’s one-hour breach rule and a Florida kid flagged by ChatGPT, the guys break down what’s real, what’s ridiculous, and what it means for your security.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Phantom Extension: Backdooring Your Browser

Thu, 02 Oct 2025 08:00:00 -0000

Chris and Hector kick off Cybersecurity Awareness Month with big news—Hector announces the launch of his new company, SafeHill. The guys dig into continuous threat exposure management, the dangers of malicious Chrome extensions, why ransomware claims are dropping, and how free tools from CISA can strengthen defenses.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Bitcoin, Vegas, and the Feds

Thu, 25 Sep 2025 08:00:00 -0000

Chris and Hector break down the coming CMMC crackdown and what it means for 220,000+ contractors, 60 days to comply or lose your government work. They debate the government's plan to cut cyber hiring timelines from 70 to 25 days, talk about the sloppy opsec that got a teen ransomware hacker arrested, and dig into the surge of supply chain attacks hammering developers worldwide.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Microsoft’s $20B Cybersecurity Scam

Thu, 18 Sep 2025 08:00:00 -0000

Chris and Hector call out Microsoft for “gross cybersecurity negligence,” explain Kerberoasting in plain English, and discuss CISA’s CVE overhaul. Plus, hackers on the battlefield, and how U.S. tech helped build China’s surveillance state.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Your WhatsApp Data Wasn’t Private After All

Thu, 11 Sep 2025 08:00:00 -0000

Chris and Hector break down the WhatsApp whistleblower lawsuit claiming 1,500 engineers had unchecked access to user data. They also cover hackers extorting Google after the Salesforce breach, OpenAI scanning ChatGPT conversations for police referrals, and a police bodycam app secretly sending data to China, and why 2.5 billion Gmail users need a password reset.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The $1 Billion Scam on Seniors

Thu, 04 Sep 2025 08:00:00 -0000

Chris and Hector recap their first live show and dig into Google’s new Cybersecurity Disruption Unit, South Korea’s $97M fine, FEMA’s IT firings, a WhatsApp zero-day, a $1B senior scam, China’s Salt Typhoon campaign, and AI tools fueling cybercrime.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

AI Agents Gone Rogue: The Next Breach Waiting to Happen

Thu, 28 Aug 2025 08:00:00 -0000

Chris and Hector break down a new bill proposing U.S. “cyber privateers,” the DOJ’s takedown of the RapperBot botnet, and a zero-day flaw hitting millions of password manager users. They debate hackback authority, AI agents gone rogue, and why hoarding vulnerabilities always backfires.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Your Nudes Aren’t Private: The Meta AI Leak

Thu, 21 Aug 2025 08:00:00 -0000

Meta reportedly offered Apple’s head of AI $1.25 billion to jump ship. Chris and Hector explore the AI talent war, resource shortages, and what happens when private industry outpaces government.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Zero-Days, Cookies, and the Death of Dial-Up

Thu, 14 Aug 2025 08:00:00 -0000

Chris and Hector break down a Russian-linked zero-day exploit targeting WinRAR users, why stolen browser cookies bypass MFA, the economic motives behind security features (or lack thereof), and Hector’s nostalgic farewell to AOL dial-up.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

$48 Billion and No 2FA, What Could Go Wrong?

Thu, 07 Aug 2025 08:00:00 -0000

Chris and Hector break down the ransomware attack on Ingram Micro, exposing how a missing MFA on a VPN led to a massive breach. They also dig into the Department of Defense’s new CMMC rules and sound off on Microsoft’s $30 charge for Windows 10 security updates.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Your Favorite Game Just Stole Your Crypto

Thu, 31 Jul 2025 08:00:00 -0000

Chris and Hector unpack a big week, they dive into the info-stealing malware hidden inside Steam games, break down how it works, who it targets, and why you should care. Also on the docket, the Pentagon’s rush to secure IT supply chains, and a California broadband subsidy clash that sparks a classic Hector rant.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Zero Trust, Many Fails: Government Cybersecurity Exposed

Thu, 24 Jul 2025 08:00:00 -0000

Chris and Hector dive into alarming cyber incidents shaking the U.S. government and military. They break down the massive National Guard network compromise by Chinese-linked group Salt Typhoon and the shocking revelation that Microsoft allowed Chinese engineers indirect access to Defense Department systems. Plus, they preview their upcoming Patreon series on the top 10 hacks of all time.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

McDonald’s Has Been Compromised

Thu, 17 Jul 2025 08:00:00 -0000

Chris and Hector then discuss the McDonald’s AI hiring bot breach caused by a weak password, the risks of AI in HR, and why cybersecurity basics still matter. They also touch on hacker penalties in the UK, a hack targeting a security researcher, and answer a listener’s email about a dam breach in Norway.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Are We Losing the Cyber War?

Thu, 10 Jul 2025 08:00:00 -0000

Chris and Hector break down the massive Qantas Airlines data breach, expose the growing threat of ransomware negotiation scams, and discuss a dam hack in Norway that had potentially disastrous consequences. They get into real-world advice on 2FA bypass scams, the importance of network segmentation, and a candid look at why critical infrastructure hacks are so dangerous.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Arrests, Airline Breaches, and the Human Side of Hacking

Thu, 03 Jul 2025 08:00:00 -0000

Chris and Hector dive deep into the latest waves of cybercrime, from the FBI’s battle with the Scattered Spider group targeting airlines, to takedowns of notorious data breach forums. The duo break down government responses, the real risks for average people, and share honest, hard-won advice for young hackers.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Burning Millions and Breaking MFA

Thu, 26 Jun 2025 08:00:00 -0000

Chris and Hector break down major cyber attacks, from SIM swaps to insider breaches. They expose weak MFA, vendor failures, and the real cost of outdated systems. They also highlight how even small actions (like a single employee recognizing a phishing attempt) can prevent disaster.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Your AI Assistant Just Betrayed You

Thu, 19 Jun 2025 08:00:00 -0000

Chris and Hector dive into Europe's move to take back digital control with DNS4EU, questions the integrity of Telegram amid Russian FSB connections, and reflect on turning points in their own journeys.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

We Fixed Cybersecurity (You're Welcome)

Thu, 12 Jun 2025 08:00:00 -0000

Chris and Hector unpack Trump’s new cybersecurity order, contractor reliance in government, and the looming risks of quantum computing — with some shoutouts and listener questions along the way.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The $400 Million Mistake, Router Invasions, and Crypto Chaos

Thu, 05 Jun 2025 08:00:00 -0000

This week, Chris and Hector tackle a massive breach at Coinbase, insider threats in India, and a shady delay in reporting. They also explore how state actors are silently hijacking home routers, and why LexisNexis is the latest data broker to drop the ball.

Join our new Patreon!

⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Backdoors, Breaches, and Bitcoin

Thu, 29 May 2025 08:00:00 -0000

Chris and Hector break down a wild crypto kidnapping, supply chain sabotage in U.S. infrastructure, and the growing cyber risks of imported tech. Plus, shoutouts and real talk from the front lines of cybersecurity.

Join our new Patreon!

⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠questions@hackerandthefed.com

SIM Swaps, Insider Threats & the Rise of 'Zishing'

Thu, 22 May 2025 08:00:00 -0000

Chris and Hector break down recent crypto security breaches, including Coinbase’s insider-driven data leak and the SEC’s SIM swap hack. They explore the rise of “Zishing” (Zoom phishing), deepfake scams, and the real-world dangers facing crypto holders.

Join our new Patreon!

⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠questions@hackerandthefed.com

LulzSec, LockBit & the Price of Weak Security

Thu, 15 May 2025 08:00:00 -0000

Chris and Hector dive into the recent breach of the LockBit ransomware gang and what it reveals about operational security failures—even among hackers. They discuss the fallout from the Pegasus spyware scandal, with NSO Group ordered to pay $168 million, and explore the troubling reliance on vulnerable federal contractors. Plus, Hector delivers one of his signature rants—this time on who’s really watching the watchers.

Join our new Patreon!

⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠

Send HATF your questions at ⁠⁠⁠questions@hackerandthefed.com

Joe Rogan, Ross Ulbricht, and the $1 Billion Disney Hack

Thu, 08 May 2025 08:00:00 -0000

Chris and Hector react to Joe Rogan’s take on the Ross Ulbricht case, break down the $1B Disney Slack data breach, and explain why passkeys are the next big thing in cybersecurity.

Join our new Patreon!

⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠

Send HATF your questions at ⁠⁠questions@hackerandthefed.com

Credential Theft, InfoStealers, and the Rise of Cyber Snake Oil

Thu, 01 May 2025 08:00:00 -0000

Chris and Hector break down the 2025 Mandiant threat report, expose rising cyberattack trends, rant about bad CISOs, and discuss a wild case of a cybersecurity CEO caught installing malware in a hospital.

Join our new Patreon!

⁠https://www.patreon.com/c/hackerandthefed⁠

Send HATF your questions at ⁠questions@hackerandthefed.com

DOGE Drama, Digital Grit, and CVE Chaos

Thu, 24 Apr 2025 14:56:00 -0000

Chris Tarbell and Hector Monsegur dive into the near-shutdown of the CVE system, a whistleblower’s wild claims about the Doge agency and Russian logins, and why the future of cybersecurity depends on more entrepreneurs stepping up. Sharp takes, tech insights, and signature banter throughout.

Join our new Patreon!

https://www.patreon.com/c/hackerandthefed

Send HATF your questions at questions@hackerandthefed.com

Starlink Bugs, Bank Regulator Breach, and the LastPass Fallout

Thu, 17 Apr 2025 08:00:00 -0000

Hector’s back from Miami, rubber ducky giveaways in tow, and diving deep into a wild week of cyber news—from Elon Musk’s Starlink bug bounty to a stealthy year-long breach of U.S. bank regulators. The guys unpack major incidents including a Stuxnet-style espionage campaign in Ukraine, AI-powered spear phishing, and yet another haunting update in the LastPass hack saga. But the real fireworks come in Hector’s rant, where he slams the cybersecurity industry's political silence and calls out its leaders for cowardice.

Join our new Patreon!

https://www.patreon.com/c/hackerandthefed

Oracle Breach, MGM Hacker Busted, North Korean IT Scams

Thu, 10 Apr 2025 08:00:00 -0000

This week on Hacker in the Fed, Chris and Hector dive into the chaos of the last few weeks in cybersecurity. From Oracle’s alleged breach cover-up and legal trouble to the ongoing threat of North Korean IT infiltration, the guys break down the biggest stories making waves. They also reveal new details behind the infamous Caesars and MGM ransomware attacks — including how one hacker was caught — and share updates on changes coming to the podcast, including a new Patreon!

Telecom Hacks, AI Fears, and the Quantum Threat – Plus, Hector Rants!

Thu, 20 Mar 2025 08:00:00 -0000

This week on Hacker in the Fed, Hector shares his recent travels, including a trip to Chicago, while Chris discusses his AI presentation and the evolving concerns around artificial intelligence. They break down the security risks in telecom networks, the dangers of unsecured cloud storage, and the legal gray areas of independent security research. Plus, a special listener shoutout, a discussion on quantum computing’s impact on cybersecurity, and Hector’s weekly rant on the confusing jargon in the cybersecurity industry.

Send HATF your questions at questions@hackerandthefed.com.

Hacks, Heists, and the Rise of Digital Deception

Thu, 13 Mar 2025 08:00:00 -0000

In this episode of Hacker in the Fed, Chris Tarbell and Hector Monsegur discuss their recent travels, major cybersecurity threats, and the dangers of disinformation. Topics include a Bluetooth backdoor affecting a billion devices, a $150M crypto heist linked to the LastPass hack, and malware spreading via GitHub. Plus, Hector’s take on propaganda and narrative warfare.

Send HATF your questions at questions@hackerandthefed.com.

Smart Bed Backdoor, Crypto Heists, Router Hacks, and U.S. Cyber Command’s Stand Down

Thu, 06 Mar 2025 09:00:00 -0000

In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss GrayNoise’s 2025 Mass Internet Exploitation Report, revealing how attackers are exploiting vulnerabilities faster than ever, particularly targeting home routers. The two also cover a shocking backdoor discovery in the Eight Sleep smart mattress, the rising trend of violent crypto-related attacks, and the recent Bybit hack. Hector wraps up with a deep dive into the U.S. Cyber Command's recent decision to halt cyber operations against Russia and what it means for national security.

Send HATF your questions at questions@hackerandthefed.com.

Inside a Ransomware Gang, Leaked Logs, a $1.4B Crypto Heist & Signal Under Attack

Thu, 27 Feb 2025 09:00:00 -0000

In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss the leaked Black Basta ransomware logs, a $1.4 billion crypto heist, and new threats targeting Signal Messenger. They also share insights from their latest speaking events, the role of AI in cybersecurity, and the pros and cons of IT centralization in government.

Send HATF your questions at questions@hackerandthefed.com.

School Cyberattacks, Swatting as a Service, and Hector Rants on the Broken Cybersecurity Job Market

Thu, 20 Feb 2025 09:00:00 -0000

In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss alarming trends in school cyberattacks and the lack of transparency in reporting breaches, a disturbing case of "swatting as a service," and the ongoing challenges in the cybersecurity job market. Hector delivers a passionate rant on hiring issues in the industry, highlighting unrealistic job requirements and outsourcing concerns.

Send HATF your questions at questions@hackerandthefed.com.

SSH Backdoors, the Decline of Ransomware Payments, and Hector Rants on a MASSIVE Insider Threat

Thu, 13 Feb 2025 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discussdiscuss a newly discovered SSH backdoor used by Chinese cyber spies, the alarming rise of insider threats in critical U.S. infrastructure, and the significant drop in ransomware payments in 2024. Hector also delivers a passionate rant about government security oversight and the risks posed by unvetted personnel in federal systems. Plus, the duo shares insights on bypassing corporate security with SSH tunneling, the evolution of cybercrime tactics, and why cybersecurity resilience is more crucial than ever.

Send HATF your questions at questions@hackerandthefed.com.

Hacked Healthcare, Hacked Cars & The Hidden Risks of Modern Tech

Thu, 06 Feb 2025 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss a shocking backdoor found in healthcare patient monitors linked to China, a major vulnerability in Subaru's Starlink system allowing remote vehicle control, and the ongoing concerns over modern cars collecting unnecessary user data. They also discuss cybersecurity career paths—Blue Team vs. Red Team—and how to build a well-rounded skillset. Plus, plenty of laughs, from muscle car nostalgia to an unexpected debate about pole vs. stripper dancing.

Send HATF your questions at questions@hackerandthefed.com.

ROSS ULBRICHT PARDONED, Plus Insider Threats, Corporate Security Risks, and A High-Profile Crypto Kidnapping

Sat, 01 Feb 2025 11:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur talk hector’s much-needed vacation in the rainforest, and onto the major cybersecurity stories they missed while away. They discuss the recent pardon of Ross Ulbricht, second chances in life, and the complexities of law enforcement and the justice system. The conversation covers everything from insider threats, corporate security risks, personal attack surface reduction and even a recent high-profile crypto kidnapping.

Send HATF your questions at questions@hackerandthefed.com.

Holiday Reflections: Cybersecurity, Careers, and Christmas Cheer

Thu, 26 Dec 2024 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur celebrate the holidays with heartfelt reflections alongside their standard cybersecurity insights. Hector shares a touching story about family, gratitude, and his journey to providing new opportunities for others. The duo answers listener questions on topics like DDoS attacks, Windows migrations, and breaking into the cybersecurity field, offering practical advice for newcomers and seasoned professionals alike.

Send HATF your questions at questions@hackerandthefed.com.

Yahoo Red Team Layoffs, North Korea Infiltrating U.S. Companies, Data Breaches, and Protecting your Medical History

Thu, 19 Dec 2024 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss Yahoo’s controversial decision to lay off its red team, the rise of North Korean IT workers infiltrating U.S. companies, and the ethical dilemmas around hacking. They also reflects on the desensitization to data breaches, debate the significance of protecting medical history, and share candid moments about their personal lives and experiences in the industry.

Send HATF your questions at questions@hackerandthefed.com.

Telecom Hacks, Ransomware Fallout, Encrypted Chats, and a Diss Track Challenge

Thu, 12 Dec 2024 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss the largest U.S. telecom hack in history attributed to Chinese state-sponsored attackers, the FBI’s surprising push for encrypted communications, and the takedown of an encrypted messaging service used by criminals. They also tackle the bankruptcy of vodka giant Stoli following a devastating ransomware attack and share actionable advice for cybersecurity resilience.

Send HATF your questions at questions@hackerandthefed.com.

DB Cooper, ExxonMobil & Corporate Espionage, and Ross Ulbricht's Potential Pardon

Thu, 05 Dec 2024 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss their obsession with the DB Cooper case and the latest potential break in the decades-old mystery. Hector shares stories about his early days as a hacker and the challenges of trust in loosely connected cybercriminal groups. They also tackle corporate espionage and the ethics of hackers-for-hire in light of ExxonMobil’s alleged involvement in a hacking scandal. Wrapping up, they address listener questions about second chances, with Hector reflecting on his journey of redemption, and weigh in on the contentious debate around Ross Ulbricht's potential pardon.

A THANKSGIVING SPECIAL: Phishing Failures, Red Team Career Advice, and Cybersecurity Ethics

Thu, 28 Nov 2024 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss key cybersecurity challenges, from the effectiveness of phishing training to the ethical dilemmas of vulnerability disclosure. They explore how technical controls and employee education can work together to defend against increasingly sophisticated attacks, including SMS and social media phishing. They also dive into career advice for transitioning from Blue Team to Red Team roles and the complexities of the cybersecurity job market. And to close out, a heartfelt Thanksgiving message.

Italian Hacking Scandal, NSA Best Practices, Insider Threats & a Former Anonymous Hacker?

Thu, 21 Nov 2024 09:00:00 -0000

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur dive into a massive hacking scandal targeting Italian political elites, revealing insider threats and international intrigue. They break down NSA mobile device security best practices and share their own successes (and failures) in following them. Plus, updates on their personal lives, community work, and how ethical hacking can prevent breaches like this.

Send HATF your questions at questions@hackerandthefed.com.

We're Back!

Thu, 14 Nov 2024 09:00:00 -0000

Hacker And The Fed is back. Finally rebooting after a temporary hiatus. Former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity.

Send HATF your questions at questions@hackerandthefed.com.

The Colonial Pipeline Hack, the SEC's X Account, and Special Agent Aron Mann on Homeland Security and Cyber

Wed, 31 Jan 2024 17:39:00 -0000

On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked.

Links from the episode:

https://www.ice.gov/about-ice/homeland-security-investigations

https://www.ice.gov/partnerships-centers/cyber-crimes-center

https://www.usajobs.gov/

https://www.usajobs.gov/Search/?k=homeland%20security%20investigator

Colonial Pipeline Hack - May 2021

https://www.justice.gov/opa/speech/dag-monaco-delivers-remarks-press-conference-darkside-attack-colonial-pipeline

https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

https://www.justice.gov/media/1159701/dl

From Loyal Employees to Cybercriminals

https://thesun.my/opinion_news/from-loyal-employees-to-cybercriminals-AC12012406

Mother of All Breaches Reveals 26 Billion Records: What We Know So Far

https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

SECGov X Account

https://www.sec.gov/secgov-x-account

Support our sponsors:

NAXO is a premier cybersecurity and investigations firm, including blockchain forensics, whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.

Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

A Train Hack, $80M Pig Butchering Scheme, and Greg Van Houten of Haynes Boone on the SEC's New Cybersecurity Disclosure Rules

Thu, 21 Dec 2023 09:00:00 -0000

This week on Hacker And The Fed we interview Greg Van Houten of Haynes Boone and policyholderplaybook.com, a seasoned civil litigator who focuses on insurance recovery. We talk to Greg about the SEC's new cybersecurity disclosure rules, which went into effect this month. We also discuss a massive hack that went unreported, a train hack due to a vendor’s geofencing feature, indictments in an 80-million-dollar pig butchering scheme, and a MongoDB security breach.

Links from the episode:

Greg Van Houten of Haynes Boone

policyholderplaybook.com

SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers. Authored by Greg Van Houten (Haynes Boone), David Franzel (NAXO), and Chris Tarbell (NAXO)

https://www.cybersecuritydive.com/news/secs-cyber-disclosure-rules-tips/700550/

The Biggest Hack Over the Last Few Years Has Gone Unreported

https://twitter.com/mattjay/status/1735046508242780575

Train Hack Due to Vendor Geofencing Feature

https://social.hackerspace.pl/@q3k/111528165627522619

Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them

https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/

Four Men Indicted in $80 million ‘Pig Butchering’ Scheme

https://www.cnbc.com/2023/12/14/pig-butchering-scam-results-in-four-indictments-two-arrests-doj.html

MongoDB Suffers Security Breach, Exposing Customer Data

https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

Support our sponsors:

NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.

Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

The FBI Shares Tactics of a Ransomware Gang, a Ransom Payment Fail, and Cyber Law with Lance Taubin

Thu, 30 Nov 2023 09:00:00 -0000

This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult.

Links from the episode:

FBI Shares Tactics of Notorious Scattered Spider Hacker Collective

https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/

Dolly.com Pays Ransom, Attackers Release Data Anyway

https://cybernews.com/security/dolly-data-breach-ransomware-attack/#google_vignette

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/

FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html

Lance Taubin | Technology and Privacy Attorney | Alston & Bird

Support our sponsors:

NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.

Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

The SolarWinds hack, North Korea IT Workers, Hackers Targeting a Data Company, and Listener Questions

Thu, 26 Oct 2023 08:00:00 -0000

This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management.

Links from the episode:

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover

Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program, FBI Says

https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b?taid=6531b8b29c11a80001ef2a28

Hackers Target Company That Vets Police Data Requests for Tech Giants

https://www.404media.co/hackers-target-kodex-accounts-edrs/

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Go to Cloudsolvers.com and tell them "Hacker and the Fed sent you" for a free assessment of your current environment

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

MOVEit and MGM Resorts Hacks, U.S. Senate's Email System Melts Down, Cisco Can't Stop Using Static Passwords, and Listener Questions

Thu, 19 Oct 2023 08:00:00 -0000

This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles.

Links from the episode:

MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool

https://therecord.media/progress-new-file-transfer-vulnerability

MGM Resorts Hack Update

https://x.com/brettforrest89/status/1711885567695433765

US State Dept has No Idea if its IT Security Actually Works, Say Auditors

https://www.theregister.com/2023/10/02/us_state_security_gao/

https://endoflife.date/windows

The Senate’s Email System Melted Down in the Face of Security Test

https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/

Cisco Can't Stop Using Static Passwords

https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html

Support our sponsors:

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

Are Paying Ransoms Illegal? Ransomware Shuts Down a 158 Year Old Company, Fido2 Security Keys, and Hacktivist Rules

Thu, 12 Oct 2023 08:00:00 -0000

This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules.

Links from the episode:

Microsoft Releases Its Yearly Digital Defense Report

https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023

Are Paying Ransoms Illegal in the U.S.?

https://www.huntonprivacyblog.com/2022/07/26/florida-enacts-law-prohibiting-state-agencies-from-paying-cyber-ransoms/

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a

Zero-days for Hacking WhatsApp are Now Worth Millions of Dollars

https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/

Lazarus Impersonated Meta Recruiter to Breach Spanish Aerospace Firm

https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/

Kettering logistics firm enters administration with 730 jobs lost

https://www.bbc.com/news/uk-england-northamptonshire-66927965

FDA Cyber Mandates for Medical Devices Goes into Effect

https://cyberscoop.com/fda-cybersecurity-medical-devices/

City of Dallas Suffers a Ransomware Attack

https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf

International Committee of the Red Cross Published Rules of Engagement for Civilian Hackers Involved in Conflicts

https://www.bbc.co.uk/news/technology-66998064

https://www.theregister.com/2023/10/04/red_cross_hacktivist_rules/

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

Artificial Intelligence Doxxing in Viral Videos, Billions of Usernames and Passwords Exposed, and a HATF Contest

Thu, 05 Oct 2023 08:00:00 -0000

This week on Hacker And The Fed the end of privacy with AI being used to dox people in viral videos, billions of usernames and passwords are exposed, nationstate hackers are hiding in router firmware updates, we answer listener questions about working with the FBI, setting up a cyber security business, and safely using data sent to you be others. Finally, we announce Hacker And The Fed's first contest for cyber security awareness month.

Links from the episode:

The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech

https://www.404media.co/the-end-of-privacy-is-a-taylor-swift-fan-tiktok-account-armed-with-facial-recognition-tech/

Darkbeam Leaks Billions of Email and Password Combinations

https://securityaffairs.com/151566/security/darkbeam-data-leak.html

FBI Hacker Dropped Stolen Airbus Data on 9/11

https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/

People's Republic of China-Linked Cyber Actors Hide in Router Firmware

https://media.defense.gov/2023/Sep/27/2003309107/-1/-1/0/CSA_BLACKTECH_HIDE_IN_ROUTERS_TLP-CLEAR.PDF

Russian Exploit Marketplace offering $20M for a Full Chain Mobile Exploit

https://twitter.com/opzero_en/status/1706762507631677760

McDonalds Point of Sale System Hacked

https://twitter.com/vxunderground/status/1706508703745151211

Support our sponsors:

Go to HelloFresh.com/50hatf and use the code 50hatf for 50% off plus free shipping

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

Equifax Breach, a Hack of 27 Crypto Companies, and the Arrest of a Department of State IT Contractor

Thu, 28 Sep 2023 07:01:00 -0000

This week on Hacker And The Fed we break down how Equifax was breached, is Google Authenticator MFA Cloud Sync feature responsible for a hack into 27 crypto companies? Google’s Threat Analysis Group announces an in-the-wild 0-day exploit chain for iPhones, the year of the insider threat continues with the arrest of a Department of State IT Contractor on espionage charges.

Links from the episode:

How Equifax Was Breached in 2017

https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/

https://twitter.com/vxunderground/status/1700335482440204521

Retool Blames Breach on Google Authenticator MFA Cloud Sync feature

https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/

0-days Exploited by Commercial Surveillance Vendor in Egypt

https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/

Department of State IT Contractor Arrested on Espionage Charges

https://fedscoop.com/department-of-state-it-contractor-arrested-on-espionage-charges/

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

Finding out our Relative is a Hacker, Working for the FBI, Prepping for a Technical Interview, and More Listener Questions

Thu, 21 Sep 2023 07:01:00 -0000

This week on Hacker And The Fed we answer listener questions about finding out our relative is a hacker, applying for a cyber security job as a chemical engineer, preparing you for a technical interview, the FBI being a great place to work, is MFA once every 24 hours too much, and much more.

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

Your Car and Your Sex Life, US Departments of State and Commerce Compromised, Iran and North Korea Hacking Crews, and Victories Over Russian Hackers

Thu, 14 Sep 2023 07:01:00 -0000

This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government.

Links from the episode:

Insurer Fined $3M for Exposing Data of 650k Clients for Two Years

https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/

If You’ve Got a New Car, It’s a Data Privacy Nightmare

https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416

https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-mozilla-foundation-says/

Microsoft Finally Explains Cause of Azure Breach: An Engineer’s Account Was Hacked

https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/

https://twitter.com/0xdabbad00/status/1699596048392736812

Hacker Group Disguised as Marketing Company to Attack Enterprise Targets

https://gbhackers.com/hacker-group-disguised-as-marketing/

Active North Korean Campaign Targeting Security Researchers

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/

Russian Infosec Boss Gets Nine Years for $100M Insider-Trading Caper Using Stolen Data

https://www.theregister.com/AMP/2023/09/08/russian_insider_training_prison/

United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang

https://home.treasury.gov/news/press-releases/jy1714

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

The FBI's Operation "Duck Hunt" Takes Down a Botnet, NYC Subway Allows Users to be Tracked Online, and Why Chris Left the FBI

Thu, 07 Sep 2023 07:00:00 -0000

This week on Hacker And The Fed the FBI's Operation "Duck Hunt" takes down a ransomware botnet, we disclose the secret weapon hackers use for doxing, the New York City subway system allows its users to be tracked online, and we answer listener questions about leaving the FBI, getting jobs in cyber security, and Hector's detailed description of a red teamer.

Links from the episode:

How the FBI Took Down the Notorious Qakbot Botnet

https://techcrunch.com/2023/09/01/fbi-qakbot-takedown-operation-duck-hunt/

The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15

https://www.404media.co/the-secret-weapon-hackers-can-use-to-dox-nearly-anyone-in-america-for-15-tlo-usinfosearch-transunion/

I Tracked an NYC Subway Rider's Movements with an MTA ‘Feature’

https://www.404media.co/i-tracked-nyc-subway-rider-home-omny-mta/

Paramount Discloses Data Breach Following Security Incident

https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/

Hacking Campaign Bruteforces Cisco VPNs to Breach Networks

https://www.bleepingcomputer.com/news/security/hacking-campaign-bruteforces-cisco-vpns-to-breach-networks/

Big Ass Data Broker Opt Out List

https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

Support Our Sponsors

HelloFresh! Go to hellofresh.com/50hatf use code 50hatf for 50% off plus 15% off the next 2 months!

Get your Hacker and the Fed merchandise at hackerandthefed.com

Send HATF your questions at questions@hackerandthefed.com

Hacking Through a Fire Stick, a Danish Cloud Provider Loses all Their Customer Data, an Active Hacker Becoming a White Hat

Thu, 31 Aug 2023 07:01:00 -0000

This week on Hacker And The Fed a Danish cloud provider loses all of their customer's data, a hacker in custody continues hacking through a fire stick, there are two great write ups about a zero day vulnerability and HTML smuggling, cyber security entry jobs should be just that, entry into the industry, and we answer listener questions that include an ongoing dialogue with an active hacker about becoming a white hat.

Links from the episode:

Criminals Go Full Viking on CloudNordic, Wipe All Servers and Customer Data

https://www.theregister.com/AMP/2023/08/23/ransomware_wipes_cloudnordic/

GTA 6 Hacker Found to be Teen with Amazon Fire Stick in Small Town Hotel Room

https://hackaday.com/2023/08/26/gta-6-hacker-found-to-be-teen-with-amazon-fire-stick-in-small-town-hotel-room/

Traders' Dollars in Danger: Zero-Day Vulnerability in WinRAR Exploited by Cybercriminals to Target Traders

https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/

HTML Smuggling Leads to Domain Wide Ransomware

https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

Cybersecurity Hiring Gap: Time to Rethink Who Can Contribute

https://www.csoonline.com/article/649166/cybersecurity-hiring-gap-time-to-rethink-who-can-contribute.html

https://twitter.com/CyberWarship/status/1692239445188120950

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Get your Hacker and the Fed merchandise at hackerandthefed.com

Demystifying Internet Honeypots and Getting into Cyber Security with Andrew Morris, Founder and CEO of GreyNoise

Thu, 24 Aug 2023 07:01:00 -0000

This week on Hacker And The Fed we have Andrew Morris, CEO and founder of GreyNoise on the show. GreyNoise is a cybersecurity company that collects and analyzes mass internet data to remove pointless security alerts, find compromised devices, or identify emerging threats. We talk internet honeypots, how to get into the cyber security industry and much more.

Links from the episode:

Andrew Morris, CEO & Founder of GreyNoise

https://www.greynoise.io/

https://twitter.com/Andrew___Morris

https://twitter.com/GreyNoiseIO

Support our sponsor:

Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans

Get your Hacker and the Fed merchandise at hackerandthefed.com

Zoom and AI, the NSA and DARPA Presenting Challenges to the Cyber Security Community and Listener Questions

Thu, 17 Aug 2023 07:01:00 -0000

This week on Hacker And The Fed Zoom wanted to use your calls to train artificial intelligence, the NSA and DARPA are presenting challenges to the cyber security community, and we answer listener questions from a US military chaplain about justice, a former black hat about a career in cyber security, and even a hacker who used a compromised email account to ask us how to stop hacking.

Links from the episode:

Zoom walks back controversial privacy policy

https://www.thestreet.com/technology/zooms-latest-move-may-make-you-reconsider-using-the-service

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html

Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces

https://www.cnbc.com/2023/08/09/biden-admin-launches-hacking-challenge-to-use-ai-for-cybersecurity.html

https://aicyberchallenge.com/rules/

NSA: Codebreaker Challenge Helps Drive Cybersecurity Education

https://www.darkreading.com/attacks-breaches/nsa-talks-codebreaker-challenge-success-influence-on-education

Lil Tay Meta Helped Get Account Back from Hacker

https://www.tmz.com/2023/08/12/lil-tay-dead-dies-hacker-meta-instagram-hacked-account-hoax/

CISCO Launches a FREE 120-Hour Ethical Hacking Training

https://cursin.net/en/cisco-launches-a-free-120-hour-ethical-hacking-training/

Support our sponsor:

Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans

Get your Hacker and the Fed merchandise at hackerandthefed.com

Chinese Malware, a Year in Review of Zero-day Exploits, a Ransomware Study, and Listener Questions

Thu, 10 Aug 2023 07:01:00 -0000

This week on Hacker And The Fed the US hunts Chinese malware that could disrupt American Military operations, a year in review of zero-day exploits, a study finds no evidence that ransomware victims with cyber insurance pay up more often, there's fighting words between Tenable CEO and Microsoft, and we answer listener questions from a listener in Greece, Holland, and a new minted NSA hacker.

Links from the episode:

U.S. Hunts Chinese Malware That Could Disrupt American Military Operations

https://dnyuz.com/2023/07/29/u-s-hunts-chinese-malware-that-could-disrupt-american-military-operations/

The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022

https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

No evidence ransomware victims with cyber insurance pay up more often

https://therecord.media/ransomware-cyber-insurance-payments-uk-report

Tenable CEO accuses Microsoft of negligence in addressing security flaw

https://cyberscoop.com/tenable-microsoft-negligence-security-flaw/

https://twitter.com/MalwareJake/status/1686869818912202755

https://www.wired.com/2002/01/bill-gates-trustworthy-computing/

SMS Traffic Pumping Fraud

https://support.twilio.com/hc/en-us/articles/8360406023067-SMS-Traffic-Pumping-Fraud

New acoustic attack steals data from keystrokes with 95% accuracy

https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/

Get your Hacker and the Fed merchandise at hackerandthefed.com

Authentication Attacks, US Government Domains, and New Cyber Incident Disclosure Guidelines

Thu, 03 Aug 2023 07:01:00 -0000

This week on Hacker And The Fed what authentication attacks might look like in a phishing resistant future, the SEC now requires companies to disclose cyber attacks, there are many more US government domains in the .com world than you might think, and other news stories from this week in cyber security.

Links from the episode:

What might authentication attacks look like in a phishing-resistant future?

https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/

The Messaging Layer Security (MLS) Protocol

https://datatracker.ietf.org/doc/html/rfc9420

List of public government managed domains that exist outside of the top-level .gov and .mil domains

https://github.com/GSA/govt-urls/blob/main/1_govt_urls_full.csv

Top level domain operator wants out of the business

https://domainnamewire.com/2023/07/26/top-level-domain-operator-wants-out-of-the-business/

Network giants unite to fight security risks

https://www.networkworld.com/article/3703233/network-giants-unite-to-fight-security-risks.html

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

Norwegian government IT systems hacked using zero-day flaw

https://www.bleepingcomputer.com/news/security/norwegian-government-it-systems-hacked-using-zero-day-flaw/

https://www.dss.dep.no/aktuelle-saker/departementer-utsatt-for-dataangrep/

https://www.wsj.com/articles/critical-infrastructure-companies-warned-to-watch-for-ongoing-cyberattack-76508d83

Satellites Are Rife With Basic Security Flaws

https://www.wired.com/story/satellites-basic-security-flaws/

Support our sponsors:

Go to hellofresh.com/50hatf code 50hatf for 50% off plus free shipping

Get your Hacker and the Fed merchandise at hackerandthefed.com

Thousands of Intelligence and Defense Employees Exposed, a Hacker Infects His Own Computer, Google Accuses Apple Employee of Not Reporting a Zero-day

Thu, 27 Jul 2023 07:01:00 -0000

This week on Hacker And The Fed new cyber security labels proposed by the US government could help us buy our new devices, an employee exposes thousands of intelligence and defense employees, Google may be restricting internet access to some employees to reduce their cyber attack risk, a hacker infects his own computer, and Google says an Apple employee found a zero-day but didn't report it, and we answer listener questions about our phones getting searched and email encryption.

Links from the episode:

White House teams with Amazon, Google and Qualcomm on cybersecurity labels for gadgets

https://www.cnbc.com/2023/07/18/us-cyber-trust-labels-will-help-consumers-pick-safer-smart-devices.html

Google exposes intelligence and defense employee names in VirusTotal leak

https://therecord.media/virustotal-user-email-addresses-leaked-google-military-intelligence

Google restricting internet access to some employees to reduce cyberattack risk

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware

https://www.securityweek.com/black-hat-hacker-exposes-real-identity-after-infecting-own-computer-with-malware/

IT Security Analyst Jailed for Impersonating as a Hacker in Own Company

https://cybersecuritynews.com/it-security-analyst-jailed/

Google says Apple employee found a zero-day but did not report it

https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/

https://news.ycombinator.com/item?id=36803537

Microsoft Cybersecurity Analyst Professional Certificate

https://www.coursera.org/professional-certificates/microsoft-cybersecurity-analyst

Cybersecurity Expert Kevin David Mitnick died

https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668

Listener Questions:

https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

Get your Hacker and the Fed merchandise at hackerandthefed.com

The Dangers of Googling Phone Numbers, an Attack on a Security Platform, and Typo Squatting on US Military Domains

Thu, 20 Jul 2023 07:01:00 -0000

This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology.

Links from the episode:

Airline Fake Contact Number on Google Maps

https://twitter.com/Shmuli/status/1680669938468499458

https://twitter.com/SwiftOnSecurity/status/1680926780599812098

JumpCloud discloses breach by state-backed APT hacking group

https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/

JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs

Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml'

https://twitter.com/mikko/status/1680947795862200325

Watch out for this new malicious ransomware disguised as Windows updates

https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates

https://www.trendmicro.com/en_id/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html

Listener Questions

https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

Get your Hacker and the Fed merchandise at hackerandthefed.com

Are Your Lightbulbs a Security Risk? Voice Authentication May be Broken, and Logistics Security

Thu, 13 Jul 2023 07:01:00 -0000

This week on Hacker And The Fed your lightbulbs may be giving away the location of your house, could Microsoft end ransomware right now? Also, voice authentication may be broken, the latest ransomware attack shows us the important of logistics security, convenience has once again jeopardized Google authenticator security, and a listener shares a wild car theft story.

Links from the episode:

Your lightbulbs may be giving out your exact location

twitter.com/haxrob/status/1676416949499338752

Microsoft Can Fix Ransomware Tomorrow

darkreading.com/vulnerabilities-threats/microsoft-can-fix-ransomware-tomorrow

Cybercriminals can break voice authentication with 99% success rate

helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/

INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime

thehackernews.com/2023/07/interpol-nabs-hacking-crew-opera1ers.html

Japan's biggest port, Nagoya, hit by suspected cyberattack

asia.nikkei.com/Business/Technology/Japan-s-biggest-port-Nagoya-hit-by-suspected-cyberattack

Raising concerns over Google Authenticator’s new features

techradar.com/pro/raising-concerns-over-google-authenticators-new-features

Trinidad and Tobago facing outages after cyberattack

therecord.media/trinidad-tobago-hit-with-cyberattack

Listener Questions

ksltv.com/563455/police-release-images-of-suspect-who-broke-into-familys-car-at-airport-then-their-home/

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

Your Car’s Data Might Be For Sale, a New Malware Payload Vector Using DNS, and Listener Questions

Thu, 06 Jul 2023 07:01:00 -0000

This week on Hacker And The Fed your car may be collecting up to 25 GB per hour of data about you and a new malware payload vector is using DNS, what is “encryptionless ransomware”. We also answer listener questions about a variety of topics, including how to prepare for a cybersecurity career in the US government, banking security, and hack-backs.

Links from the episode:

How Your New Car Tracks You

https://www.wired.com/story/car-data-privacy-toyota-honda-ford/

DNS TXT Records Can Be Used by Hackers to Execute Malware

https://cybersecuritynews.com/dns-txt-records-to-execute-malware/?amp

Encryption-less ransomware: Warning issued over emerging attack method for threat actors

https://www.itpro.com/security/ransomware/encryption-less-ransomware-warning-issued-over-emerging-attack-method-for-threat-actors

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

A Hack-Back Lands a CEO in Prison, Repo Jacking, and When to Use a VPN

Fri, 30 Jun 2023 07:01:00 -0000

This week on Hacker And The Fed a CEO did a hack back and was sentenced to prison, Reddit hackers demanded a price roll back, repo jacking and fake Github repositories, and we answer listener questions about Hector's old hacks and VPNs.

Links from the episode:

I Was Sentenced to 18 Months in Prison for Hacking Back - My Story

twitter.com/silascutler/status/1671144482769608705 -> https://hackernoon.com/i-was-sentenced-to-18-months-in-prison-for-hacking-back-my-story

Reddit hackers demand $4.5 million ransom and API pricing changes

theverge.com/2023/6/19/23765895/reddit-hack-phishing-leak-api-pricing-steve-huffman

GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking

blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking

Attackers Create Synthetic Security Researchers to Steal IP

darkreading.com/attacks-breaches/attackers-create-synthetic-security-researchers

Google announces $20 million investment for cyber clinics

cyberscoop.com/google-investment-cyber-clinics/

Listener Questions

https://fidoalliance.org/

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

A Massive Ongoing Ransomware Attack, Google Claims to Catch Chinese Hackers, and the Feds Arrest a Russian Hacker in Arizona

Thu, 22 Jun 2023 07:01:00 -0000

This week on Hacker And The Fed a ransomware group hacked a widely used file transfer software and began leaking stolen data, Google claims it caught Chinese government hackers red-handed breaking into hundreds of networks, the Feds arrest a ransomware perpetrator in Arizona, and we nerd out on security researchers taking over various countries domains.

Links from the episode:

MOVEit Cyber Attack: Personal Data Of Millions Stolen From Oregon, Louisiana, U.S. Agency

forbes.com/sites/maryroeloffs/2023/06/16/moveit-cyber-attack-personal-data-of-millions-stolen-from-oregon-louisiana-us-agency/?sh=3cf2b1b46b05

US govt offers $10 million bounty for info on Clop ransomware

bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/amp/

Google claims it caught China government hackers redhanded breaking into hundreds of networks around the world

fortune.com/2023/06/15/china-hacking-networks-cybersecurity-google-mandiant/amp/

20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona

thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html

Can I speak to your manager? hacking root EPP servers to take control of zones

hackcompute.com/hacking-epp-servers/

Darknet Parliament is now a thing

cybernews.com/security/darknet-parliament-killnet-hackers/

Support our sponsor:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.

Follow Hector @hxmonsegur

China's Tik Tok "God Credential" Allegation, a New Phishing and Email Takeover Campaign, and Listener Questions

Thu, 15 Jun 2023 07:01:00 -0000

This week on Hacker And The Fed we discuss the latest development in the Tik Tok controversy, how to detect and mitigate a new phishing and email takeover campaign, Google's new top-level domain, and some interesting statistics in the new Verizon breach investigation report.

Links from the episode:

Former exec at TikTok's parent company says Communist Party members had a 'god credential' that let them access Americans' data

businessinsider.com/communist-party-god-credential-data-bytedance-tiktok-former-executive-alleges-2023-6

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/

America’s Most Cybersecure Companies

forbes.com/lists/most-cybersecure-companies

Hackers claim to have crippled Russia’s banking system

cybernews.com/cyber-war/infotel-hack-impacts-russian-banks/

Verizon 2023 Data Breach Investigations Report

verizon.com/business/resources/reports/dbir/

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.

Follow Hector @hxmonsegur

Zero-click Exploits Attacking iPhones, PC Motherboards Downloading Malware, and a New Dutch Mandate

Thu, 08 Jun 2023 07:01:00 -0000

This week on Hacker And The Fed we discuss another zero-click exploit attacking iPhones via the iMessage app, millions of PC motherboards may be downloading malware, the FTC slams another company for violations, security researchers find a vulnerability in Gmail's checkmark system that is already being abused. And the Dutch government now mandates an easy way to contact website administrators.

Links from the episode:

Operation Triangulation: iOS devices targeted with previously unknown malware

securelist.com/operation-triangulation/109842/

thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html

Millions of PC motherboards were sold with a firmware backdoor

arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring

thehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.html

Bug in Gmail

twitter.com/chrisplummer/status/1664075886545575941

twitter.com/ChristopheDary/status/1664907465924681728

linkedin.com/posts/christophe-dary-85330561_spf-dmarc-bimi-activity-7070510499196489728-pPTh?utm_source=share&utm_medium=member_desktop

Security.txt now mandatory for Dutch government websites

netherlands.postsen.com/trends/198695/Securitytxt-now-mandatory-for-Dutch-government-websites.html

securitytxt.org

Support our sponsors:

Go to HelloFresh.com/hatf16 and use code hatf16 for 16 free meals plus free shipping!

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.

Follow Hector @hxmonsegur

An Insider Exploits A Ransomware Attack, AI Photos, And Hector's Indonesian Hack

Thu, 01 Jun 2023 07:01:00 -0000

This week on Hacker And The Fed we dive into the world of ransomware. An insider exploits a ransomware attack for personal gain and a CISO's biggest lessons from quarterbacking a ransomware attack. We discuss AI generated photos and what happened to the stock market. And then we answer listener questions about geopolitics, Hector's hack on the Indonesian government and victims keeping their hacks a secret.

Links from the episode:

IT employee impersonates ransomware gang to extort employer

bleepingcomputer.com/news/security/it-employee-impersonates-ransomware-gang-to-extort-employer/

AI Generated Photos

twitter.com/jsrailton/status/1660679743266607105

Suspicion stalks Genesis Market’s competitors following FBI takedown

therecord.media/genesis-market-russian-market-2easy-shop-cybercrime-fraud

FBI releases warning about fake crypto job advertisements

ic3.gov/Media/Y2023/PSA230522

Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking

darkreading.com/ics-ot/bridgestone-ciso-lessons-ransomware-attack-acting-thinking

Pig Butchering And Crypto Crime-fighting With Erin West

Thu, 25 May 2023 07:01:00 -0000

This week on Hacker And The Fed we speak with Erin West, a Santa Clara County Deputy District Attorney, Founder of the “Crypto Coalition”, an over 800-member group of active law enforcement partners sharing cryptocurrency crime-fighting techniques, and the very tip of the spear for Pig Butchering – the latest online romance scam. We learn about the incredible work Erin is doing via Operation Shamrock and how we can protect ourselves and our loved ones from being victimized.

Links from the episode:

SCARS: Society of Citizens Against Relationship Scams

againstscams.org

Advocating Against Romance Scammers

advocatingforu.com

This podcast is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.

For more information on Chris and his current work visit naxo.com and follow him on LinkedIn at inkedin.com/in/chris-tarbell-20b129278/.

Follow Hector @hxmonsegur

Vehicle Location Data Leaked For Over 2 million Drivers, Another US Government Breach, And D.B. Cooper

Thu, 18 May 2023 07:01:00 -0000

This week on Hacker And The Fed, up to 10 years of your location data may have been exposed if you’ve driven vehicles from a certain manufacturer, stolen private keys may lead to insecure boot ups of your computer, Congress gets another notification of a US government breach, and we answer more listener questions about failed hacks and intentional exploits. And we talk about D. B. Cooper!

Links from the episode:

Toyota: Car location data of 2 million customers exposed for ten years

bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

securityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-security/

Data of 237,000 US government employees breached

reuters.com/world/us/data-237000-us-government-employees-breached-2023-05-12/

Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison

ustice.gov/opa/pr/uk-citizen-extradited-and-pleads-guilty-cyber-crime-offenses

T-Mobile Worker Joked About Adding Extra Phone Lines and Tablet to a Customer’s Account Without Them Knowing

twistedsifter.com/2023/05/a-t-mobile-worker-joked-about-adding-2-extra-phone-lines-and-a-tablet-to-a-customers-account-without-them-knowing/

Google Cybersecurity Certificate

grow.google/certificates/cybersecurity/#?modal_active=none

For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.

Follow Hector @hxmonsegur

Chinese State Hackers, Ransom Negotiation, And Listener Questions

Thu, 11 May 2023 04:00:00 -0000

This week on Hacker And The Fed we discuss private data leaking due to a misconfiguration, and no one is listening to the researchers. We are shown the mindset of hackers during a ransom negotiation, a cell phone provider is hacked for the 9th time in 6 years, there are 50 Chinese state hackers for every FBI cyber agent, and using AI to help hack. And finally, we answer listener questions about .xyz, pen testing tools, and possible Hacker And The Fed swag.

Links from the episode:

Many Public Salesforce Sites are Leaking Private Data

krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

Hackers Claim Vast Access to Western Digital Systems

techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/

T-Mobile Discloses 2nd Data Breach of 2023, This One Leaking Account PINs and More

arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/

Chinese Hackers Outnumber FBI Cyber Personnel 'By At Least 50 to 1,' Wray Testifies

foxnews.com/politics/chinese-hackers-outnumber-fbi-cyber-personnel-wray-testifies

Capturing the Flag with GPT-4

micahflee.com/2023/04/capturing-the-flag-with-gpt-4/

The Cyber Police Exposed an Attacker in the Sale of Databases with Personal Data of Citizens of Ukraine and the EU

cyberpolice.gov.ua/news/kiberpolicziya-vykryla-zlovmysnyka-u-zbuti-baz-iz-personalnymy-danymy-gromadyan-ukrayiny-ta-yes-6598/

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Cyber Insurance With Michelle Chia, Head Of Cyber Insurance At Zurich North America

Thu, 04 May 2023 07:01:00 -0000

This week on Hacker And The Fed we sit down with Michele Chia, Head of Cyber Insurance at Zurich North America. We ask a number of questions including what is cyber insurance? Who needs it? And How much coverage is needed? Does cyber insurance cover an insider threat attack? What does a ransomware attack look like when you have cyber insurance? And finally, we find out how our guest cultivated such a successful career in cyber insurance.

Link from the episode:

zurichna.com/knowledge/experts/michelle-chia

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Search Engine Vulnerabilities, Ghost Tokens, Anna Kournikova

Thu, 27 Apr 2023 07:01:00 -0000

This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova.

Links from the episode:

Remote Code Execution Vulnerability in Google They Are Not Willing To Fix

giraffesecurity.dev/posts/google-remote-code-execution/

'GhostToken' Opens Google Accounts to Permanent Infection

darkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infection

Hacker Group Names Are Now Absurdly Out of Control

wired.com/story/hacker-naming-schemes-spandex-tempest/amp

How Long It Would Take A Hacker To Brute Force Your Password In 2023

hivesystems.io/blog/are-your-passwords-in-the-green

Support this episode's sponsors:

DeleteMe: Visit JoinDeleteMe.com/FED and use promo code FED20

BetterHelp: Visit BetterHelp.com/HATF and get 10% off your first month

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The Classified Document Leak, A Hacker Gets Hacked, And Can A Video Silently Hack Your Phone?

Thu, 20 Apr 2023 07:01:00 -0000

This week on Hacker And The Fed internet videos may be able to silently hack your phone with a "Near Ultrasound Inaudible Trojan” (NUIT). Companies have more access to your data than you may know, including pictures of you. We also discuss how better access controls may have prevented the recent classified documents leak and share a story about a hacker getting hacked.

Links from the episode:

Hey Siri, use this ultrasound attack to disarm a smart-home system

https://www.theregister.com/2023/04/04/siri_alexa_cortana_google_nuit/

Tesla workers shared sensitive images recorded by customer cars

https://www.reuters.com/technology/tesla-workers-shared-sensitive-images-recorded-by-customer-cars-2023-04-06/

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 2

https://informnapalm.org/en/hacked-russian-gru-officer/

Support this episode's sponsors:

DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Hackers Stealing Your Car And Internet Bandwidth, And A Massive Corporate Security Breach

Thu, 13 Apr 2023 07:01:00 -0000

This week on Hacker And The Fed a researcher gains access to millions of Office 365 accounts, cyber criminals are stealing and selling your internet bandwidth, and now hackers can remotely open your garage door and start your car in order to steal it.

Links from the episode:

Researcher gained access to millions of Office365 accounts:

https://twitter.com/hillai/status/1641146508639600646

https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration

Cybercriminals may be stealing and selling your Internet bandwidth:

https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/

And now hackers can remotely open your garage and start your car in order to steal it:

https://www.vice.com/en/article/pkadqy/hackers-can-remotely-open-smart-garage-doors-across-the-world-simpaltek

https://kentindell.github.io/2023/04/03/can-injection/

Finally the FBI has taken down another hacking forum full of stolen credentials:

https://finance.yahoo.com/news/fbi-seizes-genesis-market-notorious-123039527.html?guccounter=1

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

City Cyber Security with NYC CISO Kelly Moan

Thu, 06 Apr 2023 07:01:00 -0000

This week on Hacker And The Fed we speak with Kelly Moan, who serves as the Chief Information Security Officer (CISO) of New York City. We talk trends and cyber threats against the city. She also details the significant volume of attacks against the city on a weekly basis and gives us tips for getting into cyber security.

Links from the episode:

nyc.gov/content/oti/pages/meet-the-team/cyber-command

nyc.gov/jobs

More info on the JSOC + Cyber Command’s authorities via Executive Order 10:

Support this episode's sponsor:

HelloFresh: Visit HelloFresh.com/hatf50 and use code hatf50 for 50% off, plus your first box ships free!

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Who Can Read Your Emails, And Busting DDoS For Hire

Thu, 30 Mar 2023 07:01:00 -0000

This week on Hacker And The Fed we discuss what email security should look like over the next 12 months, who has the ability to read your emails, and law enforcement busting people using DDoS for hire.

Links from the episode:

Email Security Nightmare as 75% Of CISOs Expect a Severe Email-Borne Attack in the Next 12 Months

cpomagazine.com/cyber-security/email-security-nightmare-as-75-of-cisos-expect-a-severe-email-borne-attack-in-the-next-12-months/

Who reads your email?

twitter.com/jschauma/status/1634032554603945984

netmeister.org/blog/mx-diversity.html

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html

Support this episode's sponsor:

BetterHelp: Hacker and the Fed is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Listener Questions: How To Protect Your Kids Online, Advanced Personal Cybersecurity, And What A “Red Team” Is

Thu, 23 Mar 2023 07:01:00 -0000

This week on Hacker And The Fed we catch up on some questions from our listeners: we discuss what a red teamer does, how the FBI works with other law enforcement agencies, how to upgrade your personal cyber security once you’ve got the basics down, and protecting children on the Internet.

Support this episode's sponsors:

Drata: Listeners of Hacker and the Fed can get 10% off Drata and waived implementation fees at drata.com/partner/hacker-fed

BetterHelp: Hacker and the Fed is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Jobs, Academics, And The Future Of Cybersecurity With Professor Bill Gardner

Thu, 16 Mar 2023 07:01:00 -0000

This week on Hacker And The Fed we sit down with Bill Gardner, professor and Chair Department of Cyber Forensics & Security at Marshall University. Bill offers insight into the professional and academic path into the industry and the future of cybersecurity.

Links from the episode:

Follow Bill Gardner:

Twitter: https://twitter.com/oncee

Linkedin: https://www.linkedin.com/in/304blogs/

Marshall University Prospective Students

Two papers written by Bill Gardner

“I Did What I Believe Is Right”: A Study of Neutralizations among Anonymous Operation Participants

Social Engineering in Non-Linear Warfare

Support this episode's sponsors:

Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed

DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Fake Google Ads, Law Firms Under Attack, And The White House Announces New National Cybersecurity Strategy

Thu, 09 Mar 2023 08:01:00 -0000

This week on Hacker And Fed we discuss fake Google advertisements, law firms under attack from cyber criminals, and the Whitehouse announcing a new national security strategy.

Support this episode's sponsors:

Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed

DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20

Links from the episode:

twitter.com/doctorow/status/1628948906657878016

thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html?m=1

twitter.com/dcuthbert/status/1631302488996364288/photo/1

whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf

nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581

twitter.com/nol_tech/status/1629910222746578945

abc7news.com/atm-scam-tap-card-chase-bank-function/12905397/

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

A Leaked Ransomware Negotiation, Twitter Security, And NSA Best Practices For Securing Your Home Network

Thu, 02 Mar 2023 08:01:00 -0000

This week on Hacker And Fed we discuss a leaked ransomware negotiation, how Twitter's new verification system may improve security, and the NSA releases its best practices for securing your home network.

Support this episode's sponsor, Drata. For 10% off and waived implementation fees visit drata.com/partner/hacker-fed.

Links from the episode:

pwndefend.com/2023/02/15/lockbit-3-0-and-royal-mail-chats-published/

dice.com/career-advice/cybercriminals-increase-recruiting-tech-and-it-pros-across-the-darknet

gizmodo.com/facebook-instagram-verified-elon-musk-was-right-twitter-1850139933

media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Insider Threat Attacks, Malware Used To Steal Crypto, And Hector’s Embarrassing Story

Thu, 23 Feb 2023 16:07:34 -0000

This week on Hacker And Fed we update a story from a few episodes ago about a woman driving with a suspicious eavesdropping device near the embassies in Paris, Credit Suisse suffers a insider threat attack, an old attack methodology is updated to steal cryptocurrency, a hacker utilizes screen-capturing malware to cherry-pick their victims, regulators propose a rule to have cyber educated board members, Hector receives a phishing email that turns out to be a much larger issue, and finally Hector pays off his losing Super Bowl bet.

Links from the episode:

francetvinfo.fr/faits-divers/escroquerie-aux-sms-de-l-assurance-maladie-les-suspects-volaient-les-numeros-de-telephone-depuis-leur-voiture_5665943.html

efinancialcareers.com/news/2023/02/credit-suisse-employee-data-leak

blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack

thehackernews.com/2023/02/hackers-targeting-us-and-german-firms.html

cfr.org/blog/walk-and-chew-gum-cisos-communicating-boards-have-speak-their-language

venturebeat.com/security/4-misconceptions-about-data-exfiltration/amp/

bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

A Major Phishing Attack, TikTok In Texas, And FBI Customer Service

Thu, 16 Feb 2023 08:00:00 -0000

This week on Hacker And Fed Reddit suffers a phishing attack, the FBI offers "Ritz Carlton" level customer service, Texas bans TikTok on state owned devices, and a researcher documents the methodology of finding a major network flaw.

Links from the episode:

reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

govconwire.com/2022/10/bryan-vorndran-outlines-tenets-of-fbi-role-in-cyber-ecosystem/

beckershospitalreview.com/legal-regulatory-issues/fbi-aiming-to-protect-give-ritz-carlton-level-customer-service-to-companies-that-report-cyberattacks.html

gov.texas.gov/news/post/governor-abbott-announces-statewide-plan-banning-use-of-tiktok

eaton-works.com/2023/02/06/toyota-gspims-hack/

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

"Malvertising" and Stolen Background Check Data

Thu, 09 Feb 2023 08:00:00 -0000

This week on Hacker And The Fed we discuss how Search Engine Ads are being used to spread malware through "malvertising". We also cover the impact of a breach involving data for over 20,000 individuals stolen from a firm that aggregates public records and sells background checks online.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The FBI Take Down Of Hive Ransomware Network & Questions About The FBI

Thu, 02 Feb 2023 08:00:00 -0000

This week on Hacker And Fed we discuss the FBI's takedown of Hive, the Ransomware group with over 100 million in ransom payments. We also talk about the FBI's insider threat brochure, giving companies indicators on what to look for internally. And finally, Hector asks Chris some questions about the FBI.

Links from the episode:

justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant

fbi.gov/file-repository/insider_threat_brochure.pdf

cisa.gov/insider-threat-cyber

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

2023 Hacking Predictions, Bug Bounty Hunters, And The Super Bowl Sunday Hack

Thu, 26 Jan 2023 03:00:00 -0000

This week on Hacker And Fed Hector makes some predictions of the hacks we will see in 2023. We also discuss bug bounty hunters, how they're not getting paid what they deserve and why they may take their exploits to the dark web. We touch on another big API data leak and Hector tells a story of a hack he did on Super Bowl Sunday. And finally we help a listener with spoofed calls and text messages.

T-Mobile Filed Form 8-K with the US SEC

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Cyber In The News: Important Stories Slipping Under The Radar

Thu, 19 Jan 2023 08:00:00 -0000

This week on Hacker and the Fed we discuss a variety of recent news stories, including a report of a messaging service selling access to user data, bootleg network devices being sold through certified vendors, Gmail offering end-to-end encryption, lessons learned from a not so secure encrypted messaging application, cell phone software that was stolen and made public, and a password problem at a major US executive department.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Twitter's Data Leak, Russian Hacking Crew "Cold River", and Listener Questions

Thu, 12 Jan 2023 08:00:00 -0000

This week on Hacker And Fed we discuss Twitter's data leak, explaining APIs and how to better protect ourselves. We also touch on the Russian hacking crew "Cold River" and answer some listener questions.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Cell Phone Eavesdropping, Tupac and Biggie in New Zealand, and Botnets

Thu, 05 Jan 2023 08:00:00 -0000

This week on Hacker And Fed we tackle IMSI Catchers, or cell phone eavesdropping devices after one was found by French authorities in the back of a vehicle near the US embassy in Paris. We also cover Hector's PBS Hack, his thought process and attack vector. And finally we have a conversation about Botnets and some of the risks they present.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Cyber Warfare With Special Guest Jeffrey Carr

Thu, 29 Dec 2022 08:01:00 -0000

This week on Hacker And Fed we tackle cyber warfare with special guest Jeff Carr. Jeff authored the book "Inside Cyber Warfare: Mapping the Cyber Underworld" and is an expert on how nation-states, groups, and individuals around the world wage digital war on one another. We cover a wide range of topics from how to define "cyber war" to the insider perspective on the war in Ukraine.

Check out Jeff's book here!

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The Perspective Of A Hacker, Questions For Sabu

Thu, 22 Dec 2022 08:00:00 -0000

This week on Hacker And Fed we select a number of audience questions specifically directed toward Hector, and he answers them from the perspective of his former self, Sabu. We cover questions like "what is a hack?" "What are the hardest security controls to beat?" "What do Hackers do with your stolen data?" And finally, Sabu reveals his coolest hack.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The Infamous Shadow Brokers and Apple's New Security Posture

Mon, 19 Dec 2022 03:43:21 -0000

This week on Hacker And The Fed we discuss the infamous Shadow Brokers, a group (or individual hacker) who compromised the NSA back in 2016. We explore and explain this hack from the perspective of a former FBI agent and a former black hat hacker. We also detail Apple's new security posture deploying end-to-end encryption.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

CISA’s Small Business Security Guidance and Listener Questions

Thu, 08 Dec 2022 10:01:00 -0000

This week on Hacker And The Fed we discuss a recent paper published by CISA (The Cybersecurity and Infrastructure Security Agency) detailing how to help secure your small business online. We also answer a number of listener questions. You all have been sending us some great questions in the past week, today we answer a few of our favorites.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Sabu and Recursion Face to Face, Former Hackers Reunite Over War Stories

Thu, 01 Dec 2022 08:01:00 -0000

This week on Hacker And The Fed we have our first ever guest. Former Black Hat and former member of LulzSec, Cody Kretsinger. Hector and Cody go back nearly 20 years to the earliest days of online hacking when they spent years partnering to infiltrate major computer networks around the world. Despite that long history, they’ve never actually met in the flesh. We cover a lot as they speak together for the first time, from hacking origin stories to life after federal prison.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Hector's Decision To Work With The FBI

Thu, 24 Nov 2022 08:01:00 -0000

This week on Hacker And The Fed we discuss Hector's decision to work with the FBI. To change the course of his life and begin the journey to where he is now. We explore his moral considerations as well as the very practical implications of such a decision. We also hear the story of Hector's first hack and answer a listener question on NSO group and high level hacking.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The Silk Road Bitcoin Hack

Thu, 17 Nov 2022 08:01:00 -0000

This week on Hacker And The Fed we discuss the recent seizure related to Silk Road, the black market website Chris took down in 2013. Silk Road is back in the news as the IRS just recently caught a man who stole 50,000 bitcoin from the site.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The Dropbox Hack And Questions About The FBI

Thu, 10 Nov 2022 08:01:00 -0000

This week on Hacker And The Fed we discuss the recent DropBox hack that relied on a phishing attack to steal credentials as well as multi-factor authentication codes. We also discuss other tactics attackers use to work around multi-factor authentication as well as a technology that may replace the applications and codes you use today. And finally, we respond to a few user questions about the FBI.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

NSO Group’s Pegasus & IRC Wars

Thu, 03 Nov 2022 07:01:00 -0000

This week on Hacker And The Fed we discuss the NSO Group’s zero-click iPhone exploit, also known as Pegasus, a powerful tool that can be used to take full control of a target’s iPhone without their knowledge.

We break down how it all works and how to think about this tool and others like it.

We also answer a question from the audience about Hector’s experience using IRC, an old internet chat tool where Hector had “wars” with other hackers.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Cyber Security Whac-A-Mole, Getting Arrested By The FBI, And Protecting Your Small Business

Thu, 27 Oct 2022 07:01:00 -0000

This week on Hacker And The Fed we answer audience questions. We discuss the future of cyber security and whether we will ever get ahead of the bad guys. We also detail what it's like to be arrested by the FBI as Hector recounts his experience following the knock on the door. And finally, we respond to a small business owner on how to secure her social media accounts and website from potential threats.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Social Engineering & "Vishing"

Thu, 20 Oct 2022 07:01:00 -0000

This week on Hacker And The Fed we discuss voice fishing, or "vishing," and the social engineering tactics behind this attack.

You know those spam calls you get? Well sometimes those are actually social engineering attacks aimed at convincing you to send money to scammers. It's a relatively new twist on phishing and it employs many of the same basic tactics.

We detail what these attacks look like, tell a few stories of our own experience with social engineering, and leave you with some key takeaways for how to keep yourself and loved ones safe and secure.

Below are several terms Hector and Chris use in the show that some listeners may not be familiar with:

Dox – publish private information about an individual online

APT – advanced persistent threat, e.g. a nation state with sophisticated cyber capabilities

EFNet – an internet chat relay network

API – automated programming interface, a way for two or more computer programs to communicate with each other.

WHOIS – information about an IP address or domain name (e.g. google.com)

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

The Origin Story

Thu, 13 Oct 2022 07:01:00 -0000

On this first episode of Hacker And The Fed, Chris and Hector tell their origin story. Hector details the journey from his first time on the internet to becoming a globally infamous black hat hacker. And Chris tells of growing up in Virginia next to the chief of police to ultimately joining the FBI and dedicating his life to fighting cyber crime.

The two outline their story from the moment Chris arrested Hector, ultimately leading to a long time collaboration and lifelong friendship.

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur

Introducing Hacker And The Fed

Wed, 12 Oct 2022 13:22:11 -0000

Former FBI special agent Chris Tarbell and former Anonymous blackhat Hector Monsegur (aka Sabu) first faced-off as adversaries in cyberspace before becoming close friends and podcast co-hosts. Listen to Tarbell, co-founder of an elite cybersecurity firm NAXO, and Monsegur, a top network penetration tester and security engineer, break down the must-know cybersecurity news and topics of the day. You’ll walk away from each episode with unique perspectives on how to keep your family, your company, and your personal cyber footprint safe from attacks.