Hacking. Hackers. Disinformation campaigns. Encryption. The Cyber. This stuff gets complicated really fast, but Motherboard spends its time embedded in the infosec world so you don't have to. Host Ben Makuch talks every week to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox about the stories they're breaking and to the industry's most famous hackers and researchers about the biggest news in cybersecurity.
At the end of August, researchers at Google dropped a bombshell: they had discovered malicious websites that they said were indiscriminately spreading iPhone malware for years. At certain points the websites were even using zero day exploits; attacks that take advantage of vulnerabilities that Apple is not aware of.
Apple subsequently confirmed what various media reports found: that the malicious sites were particularly geared towards hacking Uighur muslims, many of whom live in Western China under intense surveillance from the government. Apple disputed some details from Google, such as the length of the campaign, but this is still likely the biggest iPhone hack we know about so far.
On this week's episode of CYBER, we talk to Motherboard Senior Staff Writer Joseph Cox about Google's research, and what it means for how governments deploy iPhone malware: it turns out, on a much larger scale than we previously thought. For information regarding your data privacy, visit acast.com/privacy
By most accounts, the war in Yemen is a brutal and lethal tragedy of the modern world that has claimed the lives of thousands of people.
With the backing of western military industrial power, the Saudi-led coalition has undertaken a relentless bombing campaign against the Iran-backed Houthi rebels that ousted President Abdrabbuh Mansour Hadi and his regime from the capital Sanaa in 2015.
Human rights watchers have accused the Saudis and its allies of war-crimes and a string of attacks against civilians. Just this last weekend the International Red Cross said the Saudis had killed over 100 people in a single strike on a detention center.
And as the kinetic war rolls out IRL, the Yemeni people have also been casualty to a silent war: one that’s online.
On this week’s episode we sit down with Winnona DeSombre, a threat intelligence researcher at RecordedFuture to talk about how cyberwarfare and espionage has been a serious feature in the war in Yemen. For information regarding your data privacy, visit acast.com/privacy
We’ve all heard of high profile hacks, like Stuxnet which basically took out the Iranian nuclear program, or that time when Seth Rogen’s stoner comedy made North Korea really, really pissed off and they hacked Sony.
And the key to all of these hacks is malware, or software specifically and intentionally designed to damage computer systems.
But one thing some people often ask themselves is: what is malware, exactly? Well, ultimately just some lines of code. On this week’s CYBER we have someone who researches it for a living: malware analyst Tarik Salah of Domain Tools. For information regarding your data privacy, visit acast.com/privacy
Imagine a world where one of our most critical instruments of democracy, voting systems, are connected to the internet where they are potentially vulnerable to hacking.
Well, thanks to the work of Motherboard contributor Kim Zetter, we now know that’s the reality we live in after she broke the story that researchers had found voting systems online, including systems in Wisconsin, Michigan, and Florida—all well known for being key swing states in presidential elections.
But for years election officials have said our voting systems, used for closely fought Presidential election of 2016 and in 2012 when it was Romney versus Obama, weren’t even on the internet and thus, they said, unhackable.
CYBER recently caught up with Kim to discuss her massive scoop and how Russian troll armies might not be the thing threatening American democracy or scaring the intelligence community tasked with protecting it come 2020. For information regarding your data privacy, visit acast.com/privacy
For over 25 years, hackers, spies, cops, Silicon Valley bros, technologists and even politicians descend upon Las Vegas, Nevada for what’s become the pre-eminent hacker conference in the entire world: Def Con. For information regarding your data privacy, visit acast.com/privacy
Two years ago, Marcus Hutchins, better known by his hacker name ‘MalwareTech,’ was at the Las Vegas International Airport awaiting his flight back home to the United Kingdom (UK). He was hungover and coming back from Def Con, the biggest hacker conference in the world.
And that’s when the feds came in and nabbed him.
But earlier that same year the 23-year-old security researcher was hailed as a global hero for stopping the spread of the WannaCry ransomware worm, which disabled companies and even paralyzing computer systems in hospitals in the UK. But instead of accolades from the state, he found himself facing an FBI indictment.
The U.S. government accused Hutchins of creating and conspiring to distribute a banking malware called Kronos in 2014, when he was 19. His arrest enthralled the cybersecurity community and set off a legal fight that finally ended just last week. Hutchins, who was potentially facing years in prison, was free and sentenced to time served.
It has been a two year journey for Hutchins and on this week’s CYBER, Marcy Wheeler, an acclaimed journalist who covers national security, will tell us all about his ordeal and what his case has done to stoke the fears of the FBI within the infosec community. For information regarding your data privacy, visit acast.com/privacy
Did you know you could make money watching Netflix trailers on your phone? Did you know that people have earned close to $2,000 a month programming hundreds of phones to watch Netflix trailers, video game trailers, celebrity gossip shows, and sports?
But the trick is, no one is really watching.
This is what’s called phone farming. Just imagine rows upon rows of phones, with fans cooling them that simulate the engagement of a real human. On this week’s episode of CYBER, Motherboard’s Joseph Cox dove into this world by making his own mini phone farm, talking to the real farmers who made the cash creating them to give us the inside story on how this bizarre phenomenon actually works. For information regarding your data privacy, visit acast.com/privacy
The last time Phineas Fisher agreed to an interview with Motherboard, they made us recreate the whole thing with a puppet.
This time around, Phineas Fisher—one of the world’s most wanted hackers—wanted to make a statement on CYBER to deny he’s an agent of the Kremlin.
Phineas Fisher is the hacker’s hacker that nobody knows. In fact, nobody even knows if they are just one person, or several people. All we know is Phineas Fisher has hacked, embarrassed, and exposed some of the world’s most powerful spyware companies that have connections to the FBI, the DEA, and dozens of other law enforcement and spy agencies all around the world.
And Phineas Fisher has completely gotten away with it.
Throughout these exploits, Motherboard'sLorenzo Francheschi-Bicchierai has been one of the few reporters to make contact with the hacker several times. Recently, Phineas Fisher got in touch with him again, but this time to deny a recent allegation that he’s Russian intelligence operation made in Joseph Menn’s new book on hacktivism.
On this week’s CYBER, Lorenzo sits down with host Ben Makuch to take you through the murky history of Phineas Fisher’s hacks, then the infamous hacktivist speaks. For information regarding your data privacy, visit acast.com/privacy
A Silicon Valley company with a history of CIA funding, a suite of highly sought after intelligence software tools, and a gallivanting billionaire founder with connections to the Trump Administration is set to become one of the biggest IPOs in recent memory.
Yet many outside of the infosec world don’t even know its name or that it even exists—a sharp difference Palantir doesn’t share with other similar-sized startups based out of the Silicon Valley.
But Palantir’s surveillance software, which essentially siphons up monumental amounts of data on the public using state, police, and federal databases can map interpersonal relationships between people and provide that info to the fingertips of police and spies in a matter of seconds.
Among the list of past and current Palantir clients are the NSA, CIA, Department of Homeland Security and Immigrations and Customs Enforcement—which directly uses its technology to fuel its controversial raids on undocument workers.
Motherboard reporter Caroline Haskins obtained a copy of one of the company’s top-secret police manuals describing how to use its software. The revelation gave privacy-concerned onlookers a rare insight into just how invasive Palantir technology can be.
On this week’s CYBER, Caroline sits down with host Ben Makuch to map out what Palantir is and how this company influences the very technological landscape of the modern world. For information regarding your data privacy, visit acast.com/privacy
In the span of six seconds and 20 gunshots and three dead bodies hit the ground of a Nissan dealership in Texas. And somebody was tracking one of their cell phones remotely. For information regarding your data privacy, visit acast.com/privacy
For years, Google’s internet freedom moonshot Jigsaw has gotten glowing attention for its ambitious projects. But current and former employees, along with leaked documents and internal messages, reveal a grim reality behind the scenes. Motherboard's Lorenzo Franceschi-Bicchierai tells us about his months-long investigation into Jigsaw and its "toxic" workplace culture. For information regarding your data privacy, visit acast.com/privacy
For decades, experts have known that a simple alphanumeric password isn't enough to secure our identities online, but nothing has changed. In this episode, we’re talking to Wendy Nather, a veteran of the infosec world who knows a thing or two about identity and authentication. For information regarding your data privacy, visit acast.com/privacy
Last week a video of Mark Zuckerberg emerged online. The video showed Facebook's CEO speaking to the camera in his office, but what he was saying didn’t seem right. This deepfake of Mark Zuckerberg was perhaps the biggest troll of Facebook in recent memory, but will it change anything? For information regarding your data privacy, visit acast.com/privacy
On this week’s episode of CYBER, Joseph Cox and Motherboard EIC Jason Koebler discuss the breach of a Customs and Border Protection contractor that exposed pictures of drivers in Pennsylvania, and the implications for the future of data retention. This story comes on the cusp of groundbreaking attempts by the CBP to use facial recognition software along the border and collecting visitors social media information. For information regarding your data privacy, visit acast.com/privacy
On this week’s CYBER host Ben Makuch sat down with Dutch politician Marietje Schaake to discuss the future of cyberweapons, how governmental regulation on spyware should mirror the conventional arms industry, and how Brexit might make Britain a haven for commercial surveillance companies. For information regarding your data privacy, visit acast.com/privacy
Ben Makuch sits down with one of InfoSec’s only true celebrities: The Grugq (who recently added the name ‘Thaddeus’ to his Twitter account, which has over 100,000 followers.)
For the uninformed, the Grugq is a South African hacker, security research, OPSEC expert and highly entertaining Twitter follow with a history of being an exploit broker that has a rolodex of government contacts (he once claimed in Forbes to be taking in over $1 million in a single year skimming a fee off of exploit sales as a middle-man to intelligence agencies).
In this episode, the hacking and spy expert cuts through the media tailspinning around disinfo campaigns to tell us what 2020 election meddling might just look like. For information regarding your data privacy, visit acast.com/privacy
In this week's CYBER podcast, we spoke to VICE News reporter William Turnton, who just spent a week in China as part of a bizzarre Huawei junket. For information regarding your data privacy, visit acast.com/privacy
On this week's episode of CYBER, we spoke to Robert Lee, a former NSA analyst and infrastructure hacking expert, about the state of critical infrastructure, the threats it faces, and why there's still no need to panic. For information regarding your data privacy, visit acast.com/privacy
Elizabeth Roper, the chief of the cybercrime and identity theft bureau in the Manhattan District Attorney’s office explains how one of the country’s most important prosecutors goes after cybercriminals. For information regarding your data privacy, visit acast.com/privacy
In this week's CYBER podcast, we sat down with Edward Snowden to talk about his life in Russia, WikiLeaks, Julian Assange, and press freedom in the United States and beyond. For information regarding your data privacy, visit acast.com/privacy
This week, CYBER speaks to Freddy Martinez, one of the members of Unicorn Riot, an activist and media collective that’s been tracking and exposing nazis, racists, and other far-right people on the internet. For information regarding your data privacy, visit acast.com/privacy
This week, CYBER speaks to Runa Sandvik, the senior director of information security at The New York Times about how she helps the Times journalists stay safe online and help them protect sources. For information regarding your data privacy, visit acast.com/privacy
On this week’s episode of CYBER, we sat down with Kim Zetter, the legendary cybersecurity reporter and the author of the original news story on the ASUS hack. Zetter walked us through this specific hack, and also told us about previous supply chain attacks, and why they’re so scary. For information regarding your data privacy, visit acast.com/privacy
This week, CYBER speaks to Oxblood Ruffin, a long-time member of the legendary hacking group Cult of The Dead Cow, or cDc. Ruffin told us about the cDc, its historical importance, and why it's a big deal that a US presidential candidate was once part of the group. For information regarding your data privacy, visit acast.com/privacy
In the lead up to the 2016 US presidential elections, the Russian government allegedly used internet trolls, fake Facebook accounts, and hackers in a coordinated disinformation campaign. What did we learn from it? And how is the world preparing to deal with this new kind of information operations that straddle between the online and real world? We spoke to Roel Schouwenberg, the director of intelligence and research at Celsus Advisory Group, a consulting firm based in the US that helps clients deal with disinformation operations. For information regarding your data privacy, visit acast.com/privacy
Very few people have heard of them, but "dev-fused" iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world. Lorenzo Franceschi-Bicchierai talks about his blockbuster investigation, and host Ben Makuch talks to someone who sells these prototype phones. For information regarding your data privacy, visit acast.com/privacy
Last year, investors poured $5 billion in cybersecurity startups. The whole industry will be worth $170 billion in three years, according to a recent estimate. There’s so many infosec companies it's hard to keep track of them. And yet, are we all really secure? Is the infosec industry really keeping us safe? Is it even focusing on the right problems?
Next week, tens of thousands of people will meet in San Francisco for the year’s biggest information security gathering focused on business: the RSA Conference.
Kelly Shortridge is the vice president of product strategy at Capsule8, a New York City-based security startup. Kelly has a background in economics, investment banking, and has studied the infosec market. She’s here today to help us understand why the infosec industry is so big, and what’s wrong with it. For information regarding your data privacy, visit acast.com/privacy
In spring, 2017, a teenager walked up behind a woman leaving the Metro in Northeast Washington DC and put her in a chokehold: "Be quiet," he said. And "delete your iCloud." He grabbed her iPhone 6S and ran away.
The iCloud security feature has cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.
Motherboard Editor-in-Chief Jason Koebler and senior staff writer Joseph Cox spent the last few months diving into the notably complicated world of “iCloud Unlocks” and the ways in which it involves not only physical and cybercrime, but also the otherwise legitimate independent iPhone repair industry. For information regarding your data privacy, visit acast.com/privacy
Tracking hacking groups has become a booming business. Dozens of so-called “threat intelligence” companies keep tabs on them and sell subscriptions to feeds where they provide customers with up to date information on what the most advanced cyber criminals and government hackers are up to. Lots of these are small companies, but one of the best in the biz you've definitely heard of: It's Google. The internet giant has more than 1.5 billion active users on Gmail, more than 1 billion people who use Chrome, and more than 2 billion of their Android phones floating around in the world.
This week, Ben Makuch talks to Shane Huntley, the Director of Google's Threat Analysis Group (TAG). TAG is essentially Google’s hacker hunting team: they’re the ones tasked with monitoring Google networks for criminal and government hacking groups. For information regarding your data privacy, visit acast.com/privacy
Citizen Lab, a human rights watchdog, tracks governments who do bad things online, and learned that slain journalist Jamal Khashoggi's phone was bugged. Soon after that revelation, Citizen Lab's researchers began getting weird requests to meet in person from companies that didn't exist. They surmised that they were being spied on, and so they decided to turn the tables—and an Associated Press reporter was along for the ride. For information regarding your data privacy, visit acast.com/privacy
This week, we talk to Jek, a physical penetration tester whose job is to infiltrate offices, data centers, store stockrooms, and other supposedly "secure" locations and either steal information or install a tool so that other hackers can exfiltrate data. She relies on the most reliable vulnerability of all: human weakness. Jek tells host Ben Makuch how she does it, some of her most memorable operations, and why other hackers think that what she does is "witchcraft." For information regarding your data privacy, visit acast.com/privacy
Earlier this month, Motherboard sent $300 to a bounty hunter. Within moments, he sent us a Google Maps screenshot with the real-time location data of a phone that we'd asked him to track. Motherboard editor-in-chief Jason Koebler and senior staff writer Joseph Cox go deep on the shady—but legal—market of data aggregators and brokers who sell smartphone location data to bounty hunters, bail bondsmen, landlords, used car salesmen, and anyone who can afford it.
We learn how bounty hunters go right up to the edge of what the law allows and use "neurolinguistic mind manipulation" to get people to give them information. CYBER host Ben Makuch also talks to Oregon Senator Ron Wyden, who has legislation pending that would ban these practices and would help protect Americans' privacy. For information regarding your data privacy, visit acast.com/privacy
This week, CYBER presents an episode from Malicious Life, one of our favorite hacking podcasts. In this episode, host Ran Levi takes a deep dive into how Ashley Madison, "the dating site for people who want to have an affair," got hacked. More importantly, the episode looks into the fallout of that hack. You can subscribe to Malicious Life on whichever podcast app you're using now. CYBER will be back with another new episode next week. For information regarding your data privacy, visit acast.com/privacy
In November, 50,000 printers started suddenly printing a message urging recipients to subscribe to PewDiePie—YouTube’s most popular star ever, with 80 million subscribers. It came with a warning, too: That the printers were hacked because they were dangerously exposed to the internet.
A month later, the same hacker, known as HackerGiraffe, struck again, this time hacking smart TVs and Chromecast devices to autoplay a video promoting PewDiePie and urging them to fix their exposed devices.
Things only got crazier from there. For information regarding your data privacy, visit acast.com/privacy
A few hours before midnight on New Year’s Eve, the mysterious hacking group the Dark Overlord tweeted a link to an encrypted file: “We'll be providing many answers about 9/11 conspiracies through our 18,000 secret documents leak.”
This is just the latest in a string of high profile hacks by the Dark Overlord, who have popped celebrity plastic surgeons, schools, family businesses and Netflix studios. Their motivation is simple: they want money, and they’re not afraid to extort people for it. CYBER talks to reporter Joseph Cox about the hacking crew and the motivation behind their latest hack. For information regarding your data privacy, visit acast.com/privacy
CYBER host Ben Makuch and reporter Mack Lamoureux recently spent months embedded on in a secretive social network called “The Base," which is used by American neo-Nazis to organize real-life meetups. For information regarding your data privacy, visit acast.com/privacy
Fancy Bear, APT10, Lazarus Group, Charming Kitten. These are all the names given to government hacker groups.
And if you pay any attention to cybersecurity news you heard about Russian hackers, Chinese hackers, and groups that are usually called APTs—government-sponsored hackers. This week we’re talking with Eva Galperin, the director of cybersecurity with the Electronic Frontier Foundation. Eva has been researching APTs for years, investigating these state hackers from all over every corner of the globe. Because countries everywhere are growing their cyber armies and there’s no signs of that slowing down. For information regarding your data privacy, visit acast.com/privacy
In the coming weeks, millions of people will get new phones, computers, Amazon Echos, Google Homes, Smart Coffee Makers, and other internet of things devices. All of these things come with their own privacy, surveillance, and hacking risks, but there are steps you can take to minimize your exposure. So we thought it’d be a good time to talk about the Motherboard Guide to Not Getting Hacked, our comprehensive advice on digital security.
We’ve released a new version of it every year for the last three years, adding and changing things as hacking threats and security best practices evolve. This week, Harlo Holmes, director of Newsroom Digital Security at Freedom of the Press Foundation, and Lorenzo Franceschi-Bicchierai, a senior staff writer at Motherboard join editor-in-chief Jason Koebler to talk about the guide. For information regarding your data privacy, visit acast.com/privacy
Pirates recently dumped Super Smash Bros. Ultimate around two weeks before it was scheduled to hit stores. Motherboard senior staff writer Joseph Cox takes us inside the messy world of Nintendo Switch hacking and piracy. The Switch piracy community—much of which operates on the gamer-focused chat app Discord—is full of ingenuity, technical breakthroughs, and evolving cat-and-mouse games between the multi-billion dollar Nintendo and the passionate hackers who love the company but nonetheless illegally steal its games. Pirates deploy malware to steal each other’s files so they can download more games themselves. Groups deliberately plant code into others' Switches so they no longer work. And some people in the scene have been doxed. For information regarding your data privacy, visit acast.com/privacy
When you say “election hacking” it means something different than the Kremlin's disinformation campaigns. On this episode of CYBER, we talk about what real election hacking is with Motherboard contributor Kim Zetter, who just wrote a piece for New York Times Magazine called “The Crisis of Election Security.” Kim says the real vulnerability in our system is something of our own making: the outdated voting machines we use to carry out our key civic duties. For information regarding your data privacy, visit acast.com/privacy
Imagine if your phone suddenly stopped working. And then you couldn’t login to Facebook, Instagram, your email, or bank account. Your phone switches back on, and you get a call. On the other end of the line is a guy telling you he’s stolen your phone number, and is about to take all your money. This is a new type of hack called SIM hijacking, and there’s almost nothing you can do to stop it. In this first episode of CYBER, we hear audio from a real-life ransom attempt, and host Ben Makuch speaks to Motherboard reporter Lorenzo Franceschi-Bicchierai about how it all works.
This episode was produced and edited by Sophie Kazis. For information regarding your data privacy, visit acast.com/privacy
Hacking. Hackers. Disinformation campaigns. Encryption. The Cyber. This stuff gets complicated really fast, but Motherboard spends its time embedded in the infosec world so you don't have to. CYBER is coming next week, and will help you understand what's going on in infosec. For information regarding your data privacy, visit acast.com/privacy