Mic Drop: The ego exploit - Click Here

Summary6 min read

Podcast Summary: Click Here – "Mic Drop: The Ego Exploit"

Introduction

In the June 13, 2025 episode of Click Here, titled "Mic Drop: The Ego Exploit," host Dina Temple-Raston delves into the intricate world of cyber threats, focusing on a sophisticated hacking campaign orchestrated by the elusive hacker group Elusive Comet. This episode unpacks the methods these hackers employ, particularly their innovative use of social engineering and common software vulnerabilities, to exploit high-profile targets in the digital realm.

The Target: Dan Guido’s Encounter with Elusive Comet

The episode centers around Dan Guido, a seasoned cybersecurity expert who runs a reputable company trusted by organizations like DARPA and Facebook. Despite his expertise and robust security measures, Guido became a target of Elusive Comet, challenging the notion that high-profile individuals are immune to cyberattacks.

Dan Guido (01:46):
"Yeah, to any hackers out there listening, not a strategy I would recommend."

The Deceptive Approach

Elusive Comet's approach was both cunning and personalized. Guido received a seemingly legitimate request for an interview from someone claiming to represent Bloomberg Crypto, a credible unit of Bloomberg News focused on digital currencies and blockchain technology. Initially flattered by the attention, Guido soon detected red flags indicating the invitation was a prelude to a cyberattack.

Dan Guido (05:20):
"The fact that a Bloomberg News person, like, wouldn't talk over text, wouldn't talk over signal, wouldn't talk over email. They really insisted on Twitter, DMs or Telegram. They said, oh, yeah, or we'll do Telegram, which is like a huge, huge red flag. And then the email confirmation from a Gmail address, like, I don't think so."

Intrigued yet cautious, Guido agreed to the Zoom meeting, opting to use an old Chromebook he believed to be secure. However, the hackers never appeared, prompting Guido to investigate the breach, which led him to uncover Elusive Comet's involvement.

Exploiting Zoom’s Vulnerabilities

Elusive Comet capitalized on a lesser-known feature within Zoom—the IT remote support functionality—which allows users to grant others control over their screens, keyboards, and mice. This feature, intended for legitimate support purposes, became a gateway for the hackers.

Dina Temple-Raster (06:02):
"At the heart of their methods is this a feature built into Zoom that most users never think twice about."

Dan Guido (06:09):
"Zoom is a great product. It enables connectivity and interaction with people the world over and during COVID It definitely added a ton of value to people's lives, but it has so many features in it that I don't think everyone knows what it can do."

The exploit involved social engineering tactics, where the attackers used flattery and a sense of urgency to manipulate the target into granting remote access. This method only required two deceptive clicks, masquerading as routine Zoom prompts, making it deceptively simple for even the vigilant to fall victim.

Dan Guido (07:32):
"And they're adding this time pressure of like, hey, we need to go to recording next."

Dan Guido (07:38):
"Ego. They're saying you're so important to talk to. We know all the great work that you've done and like this is going to be great exposure for you. It's Bloomberg, you know, it's huge. And they just lean into it and lay it on pretty thick. Right away you feel really good about yourself, like, ah, somebody finally noticed me."

The Shift in Hacker Strategies: From Smart Contracts to Private Keys

Initially, Elusive Comet focused on exploiting vulnerabilities in crypto wallets' smart contracts—self-executing programs on the blockchain. These smart contracts were akin to financial automata, executing predefined actions without human intervention.

Dan Guido (11:58):
"I think about them as, like little finance bots. They follow their instructions and they can't do anything else. So, you know, you could have smart contracts that provide loans, right? Anything you could imagine a piece of software doing, they'll do it."

However, as smart contracts became more secure and complex, hackers pivoted to a more lucrative and less technically demanding method: stealing private keys directly from individuals’ devices. This shift leveraged human susceptibility to deception rather than technological weaknesses.

Dan Guido (13:13):
"It's become so much harder to hack a smart contract that hackers have had to innovate with things like this zoom hack. And in a lot of ways, it's easier to just go after someone's laptop and steal their private keys than to try to hack a contract. And humans are a lot easier to fool."

Protective Measures: Safeguarding Against Human Frailty

In light of these evolving threats, Guido emphasizes the importance of operational security and personal vigilance. He advises crypto enthusiasts to segregate their crypto wallets from their everyday devices, recommending the use of single-purpose devices like inexpensive Chromebooks strictly for managing significant cryptocurrency holdings.

Dan Guido (13:52):
"The number one piece of advice that I always give is just separate your crypto wallet from the device you use every day. I think a single purpose device, you know, some cheap Chromebook that you use to access your giant holdings of cryptocurrency, is the most appropriate strategy. You shouldn't have $2 million or whatever it is at risk every time you talk to some guy on discord."

Furthermore, while initiatives like Recorded Future News’ Cyber Daily and Trail of Bits’ training sessions highlight the growing interest in cybersecurity within the crypto community, Guido cautions that awareness alone is insufficient. Persistent efforts are necessary to counteract the relentless nature of cyber threats.

Dan Guido (14:29):
"The effectiveness of these techniques don't really go down. There are always people out there that haven't seen and internalized this information. And, you know, case in point, the Twitter accounts that contacted me, they're still up. They're seemingly still active. They are Twitter accounts you could talk to right now. And I would bet that there have been additional victims from those same two Twitter accounts since Trailerbits published our blog on it. So I don't see a good reason for them to stop unless somebody actually tracks down who they are and literally arrests the people behind it."

Law Enforcement and the Path to Accountability

The FBI is actively investigating Elusive Comet, with strong indications that the hackers may be operating within Western borders, possibly even the United States. Guido remains optimistic about the prospects of apprehending the perpetrators, noting the inherent traceability of blockchain transactions and common operational security mistakes made by attackers that can expose their identities.

Dan Guido (15:26):
"I think the privacy protections on blockchains are notoriously porous that in a lot of cases where somebody really applies all the effort available to figure out who did what transaction, you can generally track it down. There's also all kinds of operational security mistakes that happen from an attacker perspective too. If you have a single transaction or a single interaction with some company that you're trying to hack that exposes your identity, that information usually just lives out there forever. You can't take it back. So a likelihood over the long term that these guys get caught is probably pretty high in my mind. So enjoy your stolen cryptocurrency while you can, because I don't assume that this is going to last forever."

Key Takeaways: Balancing Technology and Human Vigilance

The episode underscores a critical lesson in cybersecurity: technological defenses alone are insufficient. Human factors such as ego, urgency, and susceptibility to flattery can undermine even the most robust security systems. Guido’s experience illustrates that maintaining a healthy skepticism and awareness of social engineering tactics is indispensable for safeguarding digital assets.

Dina Temple-Raster (16:17):
"So what do we take away from Dan's experience? Maybe it's this. Security threats aren't just about code. They're about human frailty, ego, urgency, a momentary lapse in skepticism. So install all the cybersecurity you want, but also keep your skeptics and that ego of yours in check."

Conclusion

"Mic Drop: The Ego Exploit" offers a compelling exploration of modern cyber threats, highlighting the intricate dance between technological advancements and human psychology. Through Dan Guido’s firsthand account, listeners gain invaluable insights into the evolving tactics of hacker groups like Elusive Comet and the indispensable role of human vigilance in the cybersecurity landscape.

Additional Resources

For those interested in staying updated on cybersecurity news and policies, Click Here recommends subscribing to the Cyber Daily newsletter from Recorded Future News, which aggregates the most significant cyber stories from around the globe.

Loading summary

Transcript61 lines

[00:03]
Dina Temple-Raster
From Recorded Future News and prx, this is Click Here.
[00:20]
Benson
But before we do start a call, I just want to give you an introduction about myself and our team. So my name is Benson. I'm currently part of.
[00:28]
Dina Temple-Raster
That's the voice of an actual hacker, not a voiceover or recreation. And he's in mid scam and my.
[00:35]
Benson
Background is mixed up tech and crypto. And joining alongside me, co authoring this piece is Alex.
[00:40]
Dina Temple-Raster
We rarely get to hear something like this. No modulated voice, just a guy pretending to be a journalist looking to take over someone's computer. He's from a hacker group called Elusive Comet and they don't use zero days or ransomware. Their weapon of choice is charm and zoom. And in a world of remote work and screen shares, that can be pretty dangerous.
[01:03]
Dan Guido
It's hard to pay attention to all these hacks because there's just so many of them. So, like bringing up an individual like, oh, this person got hacked? Well, like, yeah, him and like 10,000 other people.
[01:19]
Dina Temple-Raster
From Recorded Future News and PRX, this is click here's Mic Drop. A longer listen to one of our favorite interviews of the week. I'm Dena Templerest and today we talk to one of the people who was targeted by Elusive Comet, Dan Guido. He's a cybersecurity expert, he runs red teams, he fights nation state hackers, and yet the Elusive Comet hackers took aim at him anyway.
[01:46]
Dan Guido
Yeah, to any hackers out there listening, not a strategy I would recommend.
[01:54]
Dina Temple-Raster
Stay with us. Click Here is brought to you by Progressive Insurance. Fiscally responsible financial geniuses, monetary magicians. These are things people say about drivers who switch their car insurance to Progressive and save hundreds. Visit progressive.com to see if you could save. Progressive Casualty Insurance Company has affiliates. Potential savings will vary. Not available in all states or situations. Support for Click Here comes from the Electronic Frontier Foundation. For 35 years, the EFF has been fighting to make sure that when you go online, your rights go with you. And they have a podcast, it's called how to Fix the Internet, and it's all about getting things right in our online world. Season 6 kicked off May 7 with an episode exploring the concept of digital autonomy. The fight for digital rights is bigger and more urgent than ever. EFF is at the forefront of that battle, and because its members supported. The more members they have, the more they can fight for our digital rights in statehouses, in courthouses and everywhere. Visit eff.org podcast to listen to how to Fix the Internet and join effort. I'm Dina Temple Roast and this is Click Here's Mic Drop. Dan Guido runs a cybersecurity company with a curious trail of bits.
[03:34]
Dan Guido
I like the name. There's a lot. There's a lot to like about it. There's a long story about that. It's like alternately ancient mind death Chant. It's like a punk rock band, fun little play on words to describe the trail of digital evidence that you leave behind on computers.
[04:00]
Dina Temple-Raster
It's a company trusted by the likes of darpa, Facebook, and a variety of crypto platforms. So you'd think that would put him off limit to hackers. It didn't. A few months ago, Dan Guido got a message on Twitter. Someone claiming to be a reporter from Bloomberg Crypto wanted to set up an interview over Zoom. Now, Bloomberg Crypto is a real thing, a unit of Bloomberg News focused on digital currencies, blockchain tech, and the billionaires who orbit them. In other words, a perfectly plausible place for someone like Dan to appear. So at first, he was flattered a journalist wanted to talk to him about crypto. Of course they did. And then the flattery wore off. Then the flags, the red ones, started to wave.
[04:55]
Dan Guido
The fact that a Bloomberg News person, like, wouldn't talk over text, wouldn't talk over signal, wouldn't talk over email. They really insisted on Twitter, DMs or Telegram. They said, oh, yeah, or we'll do Telegram, which is like a huge, huge red flag. And then the email confirmation from a Gmail address, like, I don't think so.
[05:21]
Dina Temple-Raster
He was pretty sure this guy asking for an interview wasn't on the up and up. But Dan was intrigued. So he agreed to talk to him over Zoom and pulled out an old Chromebook to to take the call.
[05:36]
Dan Guido
And I was ready to join a call and record it on a device that I thought would be impenetrable.
[05:43]
Dina Temple-Raster
But the hackers never showed. So Dan got to work figuring out who had targeted him. And he discovered that he'd been targeted in a hacking campaign launched by Elusive Comet.
[05:58]
Dan Guido
I did figure out what they were up to, which was sort of shocking to me.
[06:03]
Dina Temple-Raster
At the heart of their methods is this a feature built into Zoom that most users never think twice about.
[06:10]
Dan Guido
Zoom is a great product. It enables connectivity and interaction with people the world over and during COVID It definitely added a ton of value to people's lives, but it has so many features in it that I don't think everyone knows what it can do.
[06:28]
Dina Temple-Raster
Things like remote access.
[06:30]
Dan Guido
There's actually this IT remote support feature that's built into Zoom that allows Somebody else to take control of your screen, your keyboard, your mouse, and basically just sort of look over your shoulder and work on your computer.
[06:44]
Dina Temple-Raster
We've talked about this in the past, in previous episodes.
[06:48]
Dan Guido
It was just sort of a shockingly easy trick to play that only requires social engineering. And it gets you code execution out the other end.
[06:58]
Dina Temple-Raster
It only takes two clicks and looks a lot like some of the day to day pop ups you get on Zoom.
[07:03]
Dan Guido
You have to go into your system settings in macOS and specifically allow the Zoom application to like interact with the computer, record your screen, whatever. But that's a process that I think a lot of people have been sensitized to and I don't think people know what that really means when they flip those settings.
[07:23]
Dina Temple-Raster
The hackers leverage people's general confusion about technology by adding some expert social engineering and their first step pressure.
[07:33]
Dan Guido
And they're adding this time pressure of like, hey, we need to go to recording next.
[07:37]
Dina Temple-Raster
Some ego stroking.
[07:38]
Dan Guido
Ego. They're saying you're so important to talk to. We know all the great work that you've done and like this is going to be great exposure for you. It's Bloomberg, you know, it's huge. And they just lean into it and lay it on pretty thick. Right away you feel really good about yourself, like, ah, somebody finally noticed me.
[07:55]
Dina Temple-Raster
And they use that to get inside your computer without you even knowing.
[08:02]
Dan Guido
And a lot of people I think are willing to take that step and just click these buttons because they don't know what they actually do once they click them.
[08:12]
Dina Temple-Raster
When we come back, we follow Dan into the blockchain trenches where hackers are hoping to trick their unsuspecting victims into handing over millions. We'll be right back.
[08:34]
Michael Colori
QuickBooks helped my design business find $6,000 in tax savings this year thanks to their business tax deduction features and access to live experts to help me when I need it. I can file my taxes stress free, no spreadsheets necessary. Together we maximize deductions like I maximize every inch of space. A little more to the left now a little bit to the right. Get 50% off QuickBooks Online Advanced and Payroll for three months. Terms and conditions apply.
[09:03]
Lauren Good
Hi, I'm Lauren Good. I'm a senior writer at Wired.
[09:06]
Michael Colori
I'm Michael Colori, Wired's Director of Consumer Tech and Culture.
[09:09]
Lauren Good
And I'm Zoe Schiffer, Director of Business and Industry. And we're the host of Wired's Uncanny Valley. It's a show about the people, power and influence of Silicon Valley.
[09:20]
Michael Colori
Every week we get together to talk about how technology and culture from the Valley are influencing our everyday lives.
[09:26]
Lauren Good
The Internet really was no longer about the early days. It was about minting money. He was swapping out the hoodie for.
[09:33]
Michael Colori
A suit, and it just became like the shorthand for, I'm the Silicon Valley hustle coder guy.
[09:38]
Lauren Good
Or we'll dive deep into the history of some of Silicon Valley's most important institutions and figures.
[09:45]
Michael Colori
So a lot of people point to parallels between Sam Altman and Steve Jobs.
[09:49]
Lauren Good
Very good for engagement, for meta, for its bottom, possibly or probably bad for humanity. I don't know if there's any single person that I would trust with this. Whether you're optimistic or absolutely terrified about what Silicon Valley will do next, this is the podcast for you.
[10:06]
Michael Colori
We'll be there to bring the analysis and reporting you can only get from Wired.
[10:10]
Lauren Good
Listen to and follow Wired's uncanny valley wherever you get your podcasts.
[10:33]
Dina Temple-Raster
Hackers like the ones that targeted Dan Guido are usually looking for something really specific. A crypto wallet. And the reason is simple. It potentially offers a way to make a lot of money really fast.
[10:46]
Dan Guido
The community of attackers out there have realized that if you socially engineer somebody or get malware on their computer, the path to getting a payout is instantaneous. You don't have to navigate through a big company to find the secret formula to Coke buried 10 levels deep in some active directory domain. Instead, you've just got a single person's computer that has a private key on it, and as soon as you read it, you can go grab $2 million.
[11:17]
Dina Temple-Raster
So in the beginning, hackers exploited what used to be a vulnerable corner of crypto wallet tech, something called smart contracts, which sounds like something dreamed up by a Silicon Valley marketing department after a few too many lattes. But really it's just bits of code, small self executing programs written onto the blockchain that essentially say, if X happens, then do Y. Imagine a vending machine, you put in your dollar, press B7, and you get your nacho cheese Doritos. No cashier, no small talk, no tip. That's a smart contract.
[11:58]
Dan Guido
I think about them as, like little finance bots. They follow their instructions and they can't do anything else. So, you know, you could have smart contracts that provide loans, right? Anything you could imagine a piece of software doing, they'll do it.
[12:13]
Dina Temple-Raster
And a lot of smart contracts are wallets where people store crypto tokens so they can be targets, hack them, and.
[12:21]
Dan Guido
It'S like a financial pinata. And if you hit them hard enough and you find a way to exploit a vulnerability in them. You get all the cryptocurrencies stored inside.
[12:35]
Dina Temple-Raster
So hackers went after them as a sort of low hanging fruit. But these days, smart contracts are, well, smarter.
[12:43]
Dan Guido
They're no longer cardboard pinatas, now they're made out of steel. People are writing smart contracts that are pretty reasonably complex. They're like multiple thousands, sometimes tens of thousands of lines long. So now it is harder to hack a smart contract on a blockchain than it is to just go after people's laptops and steal their private keys. And that wasn't true for the last five or six years. That really only flipped, I'd say, a couple months ago.
[13:13]
Dina Temple-Raster
It's become so much harder to hack a smart contract that hackers have had to innovate with things like this zoom hack. And in a lot of ways, it's easier to just go after someone's laptop and steal their private keys than to try to hack a contract. Humans are a lot easier to fool.
[13:31]
Dan Guido
I mean, I feel like we've got enough evidence out there, enough people have been hacked where this seems to be pretty clear.
[13:47]
Dina Temple-Raster
So if you're into crypto, how do you protect yourself? Dan has some words to the wise.
[13:52]
Dan Guido
The number one piece of advice that I always give is just separate your crypto wallet from the device you use every day. I think a single purpose device, you know, some cheap Chromebook that you use to access your giant holdings of cryptocurrency, is the most appropriate strategy. You shouldn't have $2 million or whatever it is at risk every time you talk to some guy on discord.
[14:18]
Dina Temple-Raster
Trail of Bits has been getting more calls lately. People in crypto suddenly interested in training around operational security, which is good, but Dan Guido says that's not enough.
[14:29]
Dan Guido
The effectiveness of these techniques don't really go down. There are always people out there that haven't seen and internalized this information. And, you know, case in point, the Twitter accounts that contacted me, they're still up. They're seemingly still active. They are Twitter accounts you could talk to right now. And I would bet that there have been additional victims from those same two Twitter accounts since Trailerbits published our blog on it. So I don't see a good reason for them to stop unless somebody actually tracks down who they are and literally arrests the people behind it.
[15:08]
Dina Temple-Raster
And in the case of Elusive Comet, Dan thinks arrests may be coming. The FBI is investigating, and the hackers are believed to be based in the west, maybe even somewhere inside the United States. Because while crypto might be mostly anonymous. It isn't completely untraceable.
[15:26]
Dan Guido
I think the privacy protections on blockchains are notoriously porous that in a lot of cases where somebody really applies all the effort available to figure out who did what transaction, you can generally track it down. There's also all kinds of operational security mistakes that happen from an attacker perspective too. If you have a single transaction or a single interaction with some company that you're trying to hack that exposes your identity, that information usually just lives out there forever. You can't take it back. So a likelihood over the long term that these guys get caught is probably pretty high in my mind. So enjoy your stolen cryptocurrency while you can, because I don't assume that this is going to last forever.
[16:18]
Dina Temple-Raster
So what do we take away from Dan's experience? Maybe it's this. Security threats aren't just about code. They're about human frailty, ego, urgency, a momentary lapse in skepticism. So install all the cybersecurity you want, but also keep your skeptics and that ego of yours in check. For Recorded Future News, this has been Click Here's Mic Drop. It was written and produced by Zach Hirsch, Megan Dietrich, Sean Powers, Erica Guida, Lucas Riley and me, Dina Temple Raster. It was edited by Karen Duffin. We'll be back on Tuesday with an all new episode of Click Here. Thanks for listening and have a great weekend.
[17:23]
Zoe Schiffer
If you're looking for a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up today's most interesting and important cyber stories from our sister publication the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to the Record Media and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.