DiscoverThe State Sponsored Podcast
The State Sponsored Podcast
Claim Ownership

The State Sponsored Podcast

Author: Javvad Malik, Scott Terban

Subscribed: 6Played: 70
Share

Description

Information Security, Threat Intelligence, and all the Cybers - With Javvad Malik and Scot Terban.@J4vv4D@krypt3ia
24 Episodes
Reverse
The good doctors are back to discuss the most pressing issues. Stories in this episode (in addition to the usual banter)Has Biden actually won the election? Or was it stolen? Who will drag Trump out kicking and screaming and what damage will he do in the meantime? How did the million MAGA march go? https://www.npr.org/2020/11/15/935181031/a-march-without-millions-is-still-a-worrying-sign-of-a-nation-dividedFake news is here to stayAnd the networks that protect them https://www.reuters.com/article/idUSKBN27S35P Muslim pro, ain’t very pro muslimhttps://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-xThe U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.
Tikity Tok

Tikity Tok

2020-06-3042:39

We discuss Tik Tok, China, other social medias.And Scot depresses us all. 
Everything is burning

Everything is burning

2020-06-0349:46

In a more-depressing-than-usual episode, we try to talk about APT's (well, they're password spraying so there's nothing advanced about it).Chat a bit about the VDBIR.Inevitably we go down the dark dark hole where everything is burning. 
Season 2 | Lockdown

Season 2 | Lockdown

2020-04-1652:19

We return after a seasonal break to a very different world which has thrown us off balance. So, there is a lot of pontification. Talk about COVID19, phishing scams, what organisations can do in this time to beef up their security, what organised criminals are doing, and of course, the most important issue of all... Tiger King! 
CYBER!: Iran’s Military Response May Be ‘Concluded,’ but Cyberwarfare Threat GrowsCybersecurity experts are seeing malicious activity from pro-Iranian forces, and warning that Iran has the capacity to do real damage to American computer systems.https://www.nytimes.com/2020/01/08/us/politics/iran-attack-cyber.html CYBER CYBER CYBERRRR!: DISINFORMATION: The Middle East Was Already a Powder Keg of Misinformation. Trump Just Lit the Match.Thousands of shady social media accounts have been pumping out a crossfire of propaganda and misinformation across the Middle East.https://www.vice.com/en_us/article/dygvv7/the-middle-east-was-already-a-powder-keg-of-misinformation-trump-just-lit-the-match The Weaponization of Nostalgia: How Afghan Miniskirts Became the Latest Salvo in the War on Terrorhttps://ajammc.com/2017/09/06/weaponization-nostalgia-afghan-miniskirts/ In the 1979 – at the end of Afghanistan’s “Golden Age“ – only 18% of Afghans were literate – and average life expectancy was only just above 40, meaning that half of Afghans died before that age.The average Afghan was certainly not wearing miniskirts and attending Kabul University, nor were they taking fashionably-dressed vacations to the mountains in imported cars. This was a very small urban elite and middle-class segment of society shown in the pictures of Kabul in the 1970s, and one that did not reflect the conditions of the majority of Afghans.CYBERING INTENSIFIES!: How Iran Can Still Use Cyber and Drone Technology to Attack the U.S.What are precision-guided weapons such as ballistic missiles and drones capable of?https://www.scientificamerican.com/article/how-iran-can-still-use-cyber-and-drone-technology-to-attack-the-u-s1/ *breathe*CYBERRRRRR!: Texas Says Attempted Cyber Infiltration Surges: Iran UpdateTexas Reports Surge in Cyber Interference (10:18 p.m.) ERMEGERD A PING SWEEEEP!https://finance.yahoo.com/news/texas-says-attempted-cyber-infiltration-031847377.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAACKWXIJtKof0WjZKGhMaOg_3oRzRAfSrvWFBPeQViWuWU4ul75MtLQR_AyFpncATIjAMd2AYTHfesLmjYq0uzksOH5u6De41McHCAUaLQb0g8HXis0UcDPu74_Y_v2evbNLEImPZjXVVZNf1tegNyJwZp44fsQEMfN8drzHq34Hb Zomg cyber graffiti! A government website was ‘defaced’ with pro-Iran messaging and an image of a bloodied Trump. Hackers claimed responsibility.Blood runs in rivulets down President Trump’s chin as a fist punches his left cheek. Two golden missiles, each emblazoned with the Iranian flag, shoot across the bottom of the illustration.“This is message from Islamic Republic Of Iran,” reads text in English.https://www.washingtonpost.com/nation/2020/01/06/american-government-website-defaced-iran-hackers-bloodied-trump/ A happy hotel with a sad endinghttps://blog.knowbe4.com/happy-hotel-with-a-sad-ending Related Now you can send pictures of your GENITALS to get a doctor's advice on embarrassing lumps and bumps for £160 https://www.dailymail.co.uk/health/article-7861521/Now-send-PICTURES-genitals-doctors-advice-embarrassing-symptoms.html 
The Anniversary

The Anniversary

2019-12-0654:22

It's almost our anniversary episode, who is keeping count? We are back, episode number 17 where we discuss all things state sponsored in the cyber world. Alleged Russian Hacker Behind $100 Million Evil Corp Indictedhttps://www.wired.com/story/alleged-russian-hacker-evil-corp-indicted/Data center provider CyrusOne hit with REvil ransomware https://www.scmagazine.com/home/security-news/ransomware/data-center-provider-cyrusone-hit-with-revil-ransomware-report/ Facebook Sues Company For Hijacking Accounts to Run Bad Ads https://www.bleepingcomputer.com/news/security/facebook-sues-company-for-hijacking-accounts-to-run-bad-ads/  The AI film that took Scot to a dark dark place https://t.co/7JQrLgEoed?amp=1 
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System https://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/Weaponized Information: One Possible Vignettehttps://madsciblog.tradoc.army.mil/190-weaponized-information-one-possible-vignette/System bug gives Facebook access to iPhone camerashttps://www.scmagazine.com/home/security-news/vulnerabilities/system-bug-gives-facebook-access-to-iphone-cameras/ Scottish Widows in ‘data breach’ over wrong lettershttps://www.ftadviser.com/pensions/2019/11/14/scottish-widows-in-data-breach-over-wrong-letters/Twitter:@Krypt3ia@J4vv4D
FBI softens stance on ransomware: it's (sort of) okay to pay off crims to get your data backFBI warns about high-impact Ransomware attacks on U.S. OrganizationsUS hospitals turn away patients as ransomware strikesZendesk Security Breach May Impact Orgs Like Uber, Slack, and FCCContext categorises AVIVORE as a previously unknown and untracked nation-state level adversaryComodo Forums Breached, Data of Over 170,000 Users Up for Grabs20M Russians' Personal Tax Records Exposed in Data LeakElectronic Billboards in Detroit Played Porn for 30 Minutes After Being HackedGerman police seize “bulletproof” hosting data center in former NATO  bunkerCrowdStrike and the Impeachment Frenzy
We're all downstream

We're all downstream

2019-09-3058:18

Blood and destruction shall be so in useAnd dreadful objects so familiarThat mothers shall but smile when they beholdTheir infants quarter'd with the hands of war;All pity choked with custom of fell deeds:And Caesar's spirit, ranging for revenge,With Ate by his side come hot from hell,Shall in these confines with a monarch's voiceCry 'Havoc,' and let slip the dogs of war;That this foul deed shall smell above the earthWith carrion men, groaning for burial.~Julius Caeasar Act III Scene I The Saudi oil attacks could be a precursor to widespread cyberwarfare — with collateral damage for companies in the regionA recent attack against Saudi Aramco damaged the world’s largest oil producer and delayed oil production, roiling oil and gas markets. The Saudi government and U.S. intelligence officials have claimed the incident is the work of Iran, while Iran blamed Yemeni rebels.This is a real-world continuation of a long-simmering cyberwar between the two countries, which has spilled over into other global powers.In recent years, Iran has deployed destructive computer viruses against Saudi Arabia. The Kingdom and oil and gas industry have been slow to shore up their defenses, raising red flags about the possibility of longer term fal-out in the region, experts said. Investors should expect long-term cyber espionage and flare-ups of malicious activity, including the potential for destructive attacks that hurt companies in the region beyond Aramco.https://www.cnbc.com/2019/09/21/saudi-aramco-attacks-could-predict-cyber-warfare-from-iran.html  The Urgent Search for a Cyber Silver Bullet Against Iran PEW PEW PEW!President Trump is considering a range of options to punish Iran for this month’s attack on Saudi oil facilities, and has toughened sanctions on Iran and ordered the deployment of additional troops to the region. But a second cyberstrike — after one launched against Iran just three months ago — has emerged as the most appealing course of action for Mr. Trump, who is reluctant to widen the conflict in a region he has said the United States should leave, according to senior American officials.But even as the Pentagon considers specific targets — an attempt to shut down Iran’s oil fields and refineries has been one of the “proportionate responses” under review — a broader debate is taking place inside and outside the administration over whether a cyberattack alone will be enough to alter Iran’s calculations, and what kind of retaliation a particularly damaging cyberstrike might provoke.https://www.nytimes.com/2019/09/23/world/middleeast/iran-cyberattack-us.htmlPhishing Attack Targets The Guardian's Whistleblowing Site"Once the attackers gain access to a source's codename, they can thenlogin with it on The Guardian's real SecureDrop site and impersonate thesource and steal information and communications.Sh1ttyKids told BleepingComputer that soon after he tweeted about thephishing site it was taken offline. He did not know, though, whether thesite was taken offline by The Guardian's security team, who werenotified, or the attackers.BleepingComputer has reached out to The Guardian with questions relatedto the page being taken down.Even though the page is now down, unfortunately the harm may havealready been done as not only was this phishing site harvestingSecureDrop codenames, but was also pushing a malicious Android app thatcould allow the attackers to monitor anyone who installed it."https://www.bleepingcomputer.com/news/security/phishing-attack-targets-the-guardians-whistleblowing-site/ Tortoiseshell Group Targets IT Providers in Saudi Arabia"The targeting of IT providers points strongly to these attacks beingsupply chain attacks, with the likely end goal being to gain access tothe n
Scott has a stalker!

Scott has a stalker!

2019-09-0859:21

XKCD Forum Hacked – Over 562,000 Users’ Account Details Leaked"XKCD—one of the most popular webcomic platforms known for its geekytech humor and other science-laden comic strips on romance, sarcasm,math, and language—has suffered a data breach exposing data of its forumusers.https://thehackernews.com/2019/09/xkcd-forum-hacked.html A Chinese APT is now going after Pulse Secure and Fortinet VPN servershttps://www.zdnet.com/article/a-chinese-apt-is-now-going-after-pulse-secure-and-fortinet-vpn-servers/ Deepfakes being used in Vishinghttps://gizmodo.com/scammer-successfully-deepfaked-ceos-voice-to-fool-under-1837835066 Digital Crackdown: Large Scale Surveillance and Exploitation ofUyghurshttps://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/Nemty Ransomware Gets Distribution from RIG Exploit Kithttps://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attackshttps://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks US cyberattack temporarily paralyzed the ability of Iran totarget oil tankers in the Gulfhttps://securityaffairs.co/wordpress/90678/cyber-warfare-2/us-cyberattack-iran.htmlKey and Peele hat upmanshiphttps://youtu.be/5pKt4gaErvU How Hong Kong protesters are embracing ‘offline’ messaging appsto avoid being snooped onhttps://thenextweb.com/socialmedia/2019/09/03/how-hong-kong-protesters-are-embracing-offline-messaging-apps-to-avoid-being-snooped-on/Some of Russia's surveillance tech leaked data for more than a yearhttps://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/#ftag=RSSbaffb68Hackers Hit Twitter C.E.O. Jack Dorsey in a ‘SIM Swap.’ You’re at Risk, Toohttps://www.nytimes.com/2019/09/05/technology/sim-swap-jack-dorsey-hack.html?emc=rss&partner=rss Charlie Miller’s tweetshttps://twitter.com/0xcharlie/status/1169587298754686976?s=20 
Surviving Las Vegas

Surviving Las Vegas

2019-08-2201:02:42

Scott is back from Las Vegas, having survived Blackhat and Defcon... and boy, does he have some stories for us! 
Locusts, breaches, blue team village, and John McAfee's bath salts... what do these have in common with this episode? Well, Scott is off to Blackhat 2019, and we don't know if we'll see him back. 
We're back from the mid-season break and gently easing back into things.League of legends blockedhttps://www.bbc.co.uk/news/newsbeat-48750608  APT against telcos?https://www.computerweekly.com/news/252465671/APT-attack-on-telcos-highlights-need-for-comprehensive-defence https://www.forbes.com/sites/zakdoffman/2019/06/25/chinese-government-suspected-of-major-hack-on-10-global-phone-companies-reports/#d47d84032dab https://www.infosecurity-magazine.com/news/china-blamed-for-apt-attacks-on-1-1/ Kelly's 5 why'shttps://twitter.com/swagitda_/status/1143223035891265543  Electroboom's view of the USB killerhttps://youtu.be/y_bbX_Ch1Z8
Trunk Monkey advertshttps://youtu.be/XW8iAVwt_Yc Bitcoin phisher steals $365,000 and 10,000 passwords from dark web usershttps://thenextweb.com/hardfork/2019/04/10/bitcoin-phisher-steals-365000-and-10000-passwords-from-dark-web-users/   A UK hacker has been jailed for 6 years for extorting more than $915,000 from porn site users by using a sophisticated virus that tricked them into thinking they were being investigated by the FBIhttps://www.thisisinsider.com/zain-qaiser-hacker-jailed-6-years-blackmailing-porn-site-users-2019-4 DHS, FBI say election systems in 50 states were targeted in 2016https://arstechnica.com/information-technology/2019/04/dhs-fbi-say-election-systems-in-50-states-were-targeted-in-2016/ Darkode: The Most Notorious Hacking Forum On The Web Is Back Onlinehttps://www.forbes.com/sites/kateoflahertyuk/2019/04/10/darkode-the-most-notorious-hacking-forum-on-the-web-is-back-online/#143e79fc3fac Mysterious operative haunted Kaspersky critics https://apnews.com/a3144f4ef5ab4588af7aba789e9892ed Busting Ghost Firmshttps://medium.com/@rsatter/busting-ghost-firms-d0eaaf113910
5:25 | RSA Presentationshttps://www.rsaconference.com/events/us19/presentations23:00 | Shamir blocked from Entry into the country where his conference is being held https://forums.theregister.co.uk/forum/all/2019/03/05/rsa_cofounder_us_visa_row/ 25:30 | Ransomware as act if warfare, LockerGogahttps://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/ https://motherboard.vice.com/en_us/article/8xyj7g/ransomware-forces-two-chemical-companies-to-order-hundreds-of-new-computers 32:30 | Cyber insurancehttps://www.lawfareblog.com/moment-truth-cyber-insurance 40:00 | Scott to apologise For this post, https://krypt3ia.wordpress.com/2015/12/04/the-2015-full-spectrum-cyber-douchery-krampus-list/ 1:05:00 |  Rise of child pron phishhttps://blog.knowbe4.com/heads-up-this-evil-new-child-porn-phishing-attack-could-absolutely-ruin-your-life 1:18:00 | Kid hacked teacher and made hit listhttps://www.bleepingcomputer.com/news/security/13-year-old-allegedly-hacked-teacher-account-to-create-student-hit-list/ 
In this action-packed episode, our brave hosts discuss Defcon ChinaYes, China - and hacking... blows the mind https://www.youtube.com/watch?v=Ad-YqwhUsTE A story of a CISO that nearly killed himself. Drowning not wavingand finallyGoogle Sorry It Forgot to Mention Nest Security Systems Have Secret Microphones
Def Con 27 themehttps://www.defcon.org/html/defcon-27/dc-27-cfp.htmlTechnological Utopianismhttps://en.wikipedia.org/wiki/Technological_utopianismHypoerNormalisation Documentaryhttps://youtu.be/fh2cDKyFdyU Fear and Loathing in Las Vegas ending scenehttps://youtu.be/jrd-sfoAv9A
Episode 6 | Van Damme it!

Episode 6 | Van Damme it!

2019-01-2501:01:54

Video LAN https://twitter.com/videolan/status/1086672630994927616 SAY IT AIN’T SO! RUSSIANS ARE HACKING US ALL!?Colorado journalists left in the darkSniper Barbie's talk https://youtu.be/FwXLoyi-Ulc 
Episode 5 | Rage Quitting

Episode 5 | Rage Quitting

2019-01-1801:24:50

Pewdipie/Giraffe hackaderpium https://t.co/q7KhVUI1mVMichela Merz - troll or idiot?https://twitter.com/mischmerz/status/1083879412523847680 I would never hire any #infosec person that doesn't have a strong background in software engineering. Take those fancy infosec certificates and stuff 'em you know where :)https://twitter.com/mischmerz/status/1083891597534736384 I work for a company that has never had  any of it's client breached or compromised in any way. None of my clients in this and other companies has been breached or compromised, I am doing this since > 20 years. Questions?Derbycon shutting downhttps://www.cbronline.com/news/derbycon-shut-down 
Ep4 | Cyber Clark Kent

Ep4 | Cyber Clark Kent

2019-01-0401:46:54

Award-winning journalist Steve Ragan @SteveD3 joined us on our first show of 2019 where we covered a whole bunch of things relating to journalists, security, and covering security stories. United States added to list of most dangerous countries for journalists for first timePeople of the Year: embattled journalistsJournalist Group Says 94 Working In Media Killed In 2018, Topped By AfghanistanList of journalists killed in Russia8 security tools and tips for journalistsWhy Haven’t Reporters Mass-Adopted Secure Tools for Communicating With Sources?Off the record failed attempt Media training basics for hackers 
loading
Comments 
Download from Google Play
Download from App Store