Cyber Casts

This week, CYBER speaks to Oxblood Ruffin, a long-time member of the legendary hacking group Cult of The Dead Cow, or cDc. Ruffin told us about the cDc, its historical importance, and why it's a big deal that a US presidential candidate was once part of the group. See acast.com/privacy for privacy and opt-out information.

In the lead up to the 2016 US presidential elections, the Russian government allegedly used internet trolls, fake Facebook accounts, and hackers in a coordinated disinformation campaign. What did we learn from it? And how is the world preparing to deal with this new kind of information operations that straddle between the online and real world? We spoke to Roel Schouwenberg, the director of intelligence and research at Celsus Advisory Group, a consulting firm based in the US that helps clients deal with disinformation operations. See acast.com/privacy for privacy and opt-out information.

Very few people have heard of them, but "dev-fused" iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world. Lorenzo Franceschi-Bicchierai talks about his blockbuster investigation, and host Ben Makuch talks to someone who sells these prototype phones. See acast.com/privacy for privacy and opt-out information.

Last year, investors poured $5 billion in cybersecurity startups. The whole industry will be worth $170 billion in three years, according to a recent estimate. There’s so many infosec companies it's hard to keep track of them. And yet, are we all really secure? Is the infosec industry really keeping us safe? Is it even focusing on the right problems?Next week, tens of thousands of people will meet in San Francisco for the year’s biggest information security gathering focused on business: the RSA Conference.Kelly Shortridge is the vice president of product strategy at Capsule8, a New York City-based security startup. Kelly has a background in economics, investment banking, and has studied the infosec market. She’s here today to help us understand why the infosec industry is so big, and what’s wrong with it. See acast.com/privacy for privacy and opt-out information.

In spring, 2017, a teenager walked up behind a woman leaving the Metro in Northeast Washington DC and put her in a chokehold: "Be quiet," he said. And "delete your iCloud." He grabbed her iPhone 6S and ran away.The iCloud security feature has cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.Motherboard Editor-in-Chief Jason Koebler and senior staff writer Joseph Cox spent the last few months diving into the notably complicated world of “iCloud Unlocks” and the ways in which it involves not only physical and cybercrime, but also the otherwise legitimate independent iPhone repair industry. See acast.com/privacy for privacy and opt-out information.

Tracking hacking groups has become a booming business. Dozens of so-called “threat intelligence” companies keep tabs on them and sell subscriptions to feeds where they provide customers with up to date information on what the most advanced cyber criminals and government hackers are up to. Lots of these are small companies, but one of the best in the biz you've definitely heard of: It's Google. The internet giant has more than 1.5 billion active users on Gmail, more than 1 billion people who use Chrome, and more than 2 billion of their Android phones floating around in the world.This week, Ben Makuch talks to Shane Huntley, the Director of Google's Threat Analysis Group (TAG). TAG is essentially Google’s hacker hunting team: they’re the ones tasked with monitoring Google networks for criminal and government hacking groups. See acast.com/privacy for privacy and opt-out information.

Citizen Lab, a human rights watchdog, tracks governments who do bad things online, and learned that slain journalist Jamal Khashoggi's phone was bugged. Soon after that revelation, Citizen Lab's researchers began getting weird requests to meet in person from companies that didn't exist. They surmised that they were being spied on, and so they decided to turn the tables—and an Associated Press reporter was along for the ride. See acast.com/privacy for privacy and opt-out information.

This week, we talk to Jek, a physical penetration tester whose job is to infiltrate offices, data centers, store stockrooms, and other supposedly "secure" locations and either steal information or install a tool so that other hackers can exfiltrate data. She relies on the most reliable vulnerability of all: human weakness. Jek tells host Ben Makuch how she does it, some of her most memorable operations, and why other hackers think that what she does is "witchcraft." See acast.com/privacy for privacy and opt-out information.

Earlier this month, Motherboard sent $300 to a bounty hunter. Within moments, he sent us a Google Maps screenshot with the real-time location data of a phone that we'd asked him to track. Motherboard editor-in-chief Jason Koebler and senior staff writer Joseph Cox go deep on the shady—but legal—market of data aggregators and brokers who sell smartphone location data to bounty hunters, bail bondsmen, landlords, used car salesmen, and anyone who can afford it.We learn how bounty hunters go right up to the edge of what the law allows and use "neurolinguistic mind manipulation" to get people to give them information. CYBER host Ben Makuch also talks to Oregon Senator Ron Wyden, who has legislation pending that would ban these practices and would help protect Americans' privacy. See acast.com/privacy for privacy and opt-out information.

This week, CYBER presents an episode from Malicious Life, one of our favorite hacking podcasts. In this episode, host Ran Levi takes a deep dive into how Ashley Madison, "the dating site for people who want to have an affair," got hacked. More importantly, the episode looks into the fallout of that hack. You can subscribe to Malicious Life on whichever podcast app you're using now. CYBER will be back with another new episode next week. See acast.com/privacy for privacy and opt-out information.

In November, 50,000 printers started suddenly printing a message urging recipients to subscribe to PewDiePie—YouTube’s most popular star ever, with 80 million subscribers. It came with a warning, too: That the printers were hacked because they were dangerously exposed to the internet.A month later, the same hacker, known as HackerGiraffe, struck again, this time hacking smart TVs and Chromecast devices to autoplay a video promoting PewDiePie and urging them to fix their exposed devices.Things only got crazier from there. See acast.com/privacy for privacy and opt-out information.

A few hours before midnight on New Year’s Eve, the mysterious hacking group the Dark Overlord tweeted a link to an encrypted file: “We'll be providing many answers about 9/11 conspiracies through our 18,000 secret documents leak.”This is just the latest in a string of high profile hacks by the Dark Overlord, who have popped celebrity plastic surgeons, schools, family businesses and Netflix studios. Their motivation is simple: they want money, and they’re not afraid to extort people for it. CYBER talks to reporter Joseph Cox about the hacking crew and the motivation behind their latest hack. See acast.com/privacy for privacy and opt-out information.

CYBER host Ben Makuch and reporter Mack Lamoureux recently spent months embedded on in a secretive social network called “The Base," which is used by American neo-Nazis to organize real-life meetups. See acast.com/privacy for privacy and opt-out information.

Fancy Bear, APT10, Lazarus Group, Charming Kitten. These are all the names given to government hacker groups.And if you pay any attention to cybersecurity news you heard about Russian hackers, Chinese hackers, and groups that are usually called APTs—government-sponsored hackers. This week we’re talking with Eva Galperin, the director of cybersecurity with the Electronic Frontier Foundation. Eva has been researching APTs for years, investigating these state hackers from all over every corner of the globe. Because countries everywhere are growing their cyber armies and there’s no signs of that slowing down. See acast.com/privacy for privacy and opt-out information.

In the coming weeks, millions of people will get new phones, computers, Amazon Echos, Google Homes, Smart Coffee Makers, and other internet of things devices. All of these things come with their own privacy, surveillance, and hacking risks, but there are steps you can take to minimize your exposure. So we thought it’d be a good time to talk about the Motherboard Guide to Not Getting Hacked, our comprehensive advice on digital security.We’ve released a new version of it every year for the last three years, adding and changing things as hacking threats and security best practices evolve. This week, Harlo Holmes, director of Newsroom Digital Security at Freedom of the Press Foundation, and Lorenzo Franceschi-Bicchierai, a senior staff writer at Motherboard join editor-in-chief Jason Koebler to talk about the guide. See acast.com/privacy for privacy and opt-out information.

Pirates recently dumped Super Smash Bros. Ultimate around two weeks before it was scheduled to hit stores. Motherboard senior staff writer Joseph Cox takes us inside the messy world of Nintendo Switch hacking and piracy. The Switch piracy community—much of which operates on the gamer-focused chat app Discord—is full of ingenuity, technical breakthroughs, and evolving cat-and-mouse games between the multi-billion dollar Nintendo and the passionate hackers who love the company but nonetheless illegally steal its games. Pirates deploy malware to steal each other’s files so they can download more games themselves. Groups deliberately plant code into others' Switches so they no longer work. And some people in the scene have been doxed. See acast.com/privacy for privacy and opt-out information.

When you say “election hacking” it means something different than the Kremlin's disinformation campaigns. On this episode of CYBER, we talk about what real election hacking is with Motherboard contributor Kim Zetter, who just wrote a piece for New York Times Magazine called “The Crisis of Election Security.” Kim says the real vulnerability in our system is something of our own making: the outdated voting machines we use to carry out our key civic duties. See acast.com/privacy for privacy and opt-out information.

Imagine if your phone suddenly stopped working. And then you couldn’t login to Facebook, Instagram, your email, or bank account. Your phone switches back on, and you get a call. On the other end of the line is a guy telling you he’s stolen your phone number, and is about to take all your money. This is a new type of hack called SIM hijacking, and there’s almost nothing you can do to stop it. In this first episode of CYBER, we hear audio from a real-life ransom attempt, and host Ben Makuch speaks to Motherboard reporter Lorenzo Franceschi-Bicchierai about how it all works.This episode was produced and edited by Sophie Kazis. See acast.com/privacy for privacy and opt-out information.

Hacking. Hackers. Disinformation campaigns. Encryption. The Cyber. This stuff gets complicated really fast, but Motherboard spends its time embedded in the infosec world so you don't have to. CYBER is coming next week, and will help you understand what's going on in infosec. See acast.com/privacy for privacy and opt-out information.