The leak

A

From recorded future news and prx, this is click here. If computer attacks feel different these days, more constant, more relentless, that's not your imagination. Something strange has happened in the world of hacking. You might think of a hacker as a dude in his basement chugging Mountain Dew. But hackers have gone corporate, legal departments, middle managers, even hr. From Recorded Future News and prx, this is Click Here, a show about the people making and breaking our digital world. I'm Dina Templewasten. Hacking used to look more criminal, but it's reorganized and now it feels a lot like an ordinary workplace.

B

So one of the first things I saw with employees of Conti requesting days off.

A

Now we're going inside the system that made that efficiency possible. Karen Duffin has the story. That's after the break. Stay with us. Support for Click Here comes from Decagon Growth sounds like a good problem to have until it's 2am Customers are waiting for answers and your support team is stretched thin. A lot of companies turn to AI for help and then discover that most AI tools aren't really solving the problem, they're just creating a different one. Decagon was built for that moment. It helps companies create personalized concierge style customer experiences with AI agents across chat, email, voice and SMS. They're available 24, 7, feel natural to talk to, and can resolve customer requests on their own so businesses can keep up with requests without losing their personal touch. Workflows can be updated using natural language so the teams can make changes themselves without long engineering cycles. Decagon gives your team full visibility into why agents make decisions and what's happening across every conversation. It's helping power millions of conversations every day for brands you know and love like Avis, Affirm, fanatics and Aura, ready to transform your customer support. Go to Decagon AI Clickhere to get a personalized demo and see what Decagon can do for your team. Check out Decagon at Decagon AI clickhere. That's Decagon AI clickhere. Support for Click Here comes from NPR's Planet Money podcast. Curious about the economic forces shaping your daily life? The Planet Money podcast makes the economy make sense by telling stories about the people inside it. Take the wnba. Most people heard the league landed a big new collective bargaining agreement. But Planet Money went deeper inside the negotiations themselves. They found a Nobel Prize winning economist helping players make their case with something surprisingly simple. A pie chart. Because the real fight wasn't just about bigger salaries. It was about revenue share and whether players would finally get a bigger piece of a rapidly growing business. Planet Money explained why that matters and why this deal could reshape women's sports for years to come. That's what Planet Money does. It takes ideas that sound abstract. Collective bargaining, sanctions, labor markets, and turns them into stories that feel immediate and human. Other episodes have explored why Pokemon cards are outperforming some investments, or how Russia's economy adapted after years of sanctions. And what a 750 pound restaurant robot says about the future of work. Planet Money is economics told through curiosity, surprise and great storytelling. Follow NPR's Planet Money podcast and understand how money shapes the world.

C

I'm Karen Duffin and you're listening to click here. In the depths of the pandemic, you will remember these days. Lockdowns, packed hospitals. The whole world felt like it was on shaky ground. Deep in the midst of that, this happened. We are learning about a credible scene cyber threat targeting healthcare systems all around. Now we have Russian criminal hackers from Moscow and St. Petersburg freezing the computer

D

systems at our hospitals to demand millions

E

of dollars in ransom payments.

C

Dozens of hospitals hit by ransomware and other cyber attacks. Systems went offline. Hospitals had to divert patients. Critical care was delayed. And most of these attacks were done by a single group, a Russian speaking cyber gang called Conti. Over the next couple of years, Conti would become one of the most prolific cyber gangs in the world, attacking more US Institutions, collecting more ransom money. Multiple cyber attacks from Russia targeting the nation's financial sector, power grids and water systems.

A

The largest regulated wastewater facility in the US Was the victim of a cyber attack, taking over a local hospital system, putting the records and sensitive information of millions of at risk.

C

And in the aftermath, people started to ask, how could one group pull off something this coordinated? It felt like a question nearly impossible to answer because, you know, these are people whose entire livelihood depends on staying in the shadows. And they probably would have stayed hidden except that they poked the bear and got outed. And gave us an incredibly rare look at how these kinds of cyber gangs work. Two years after those hospital attacks, an entirely different kind of attack took place. Breaking news right now. Russia has attacked Ukraine, marking the start

A

of a new war in Eastern Europe.

C

And after the invasion, Conti publicly pledged loyalty to Moscow. They vowed to retaliate against anyone who attacked Russia. This might sound innocuous to we who do not hack for hire, but it was actually a huge breach of hacker protocol. Hackers who are financially motivated, they mostly stay out of politics. It's just bad for business, especially in a situation like this because Conti was a Russian speaking gang and Russian is of course spoken in many countries, including Ukraine. So it was perhaps inevitable that shortly after that loyalty pledge, an X account whose bio we frankly cannot say on public radio, suffice it to say, they were not fans of Russia. That account posted this.

F

Greetings. Here is a friendly heads up. Zakantygen has lost its sh.

C

The post also included a link and then it closed with this promise.

F

We promise. It is very interesting and.

C

Well, it was very interesting. If you clicked on that link, you got access to more than a year's worth of Conti's internal chat logs. All of Conti's processes, people, work, culture, all of their secrets laid bare. This was essentially the nerd equivalent of getting all the behind the scenes footage of your favorite Real Housewives show. So all over the world, I can only imagine, rival hackers, researchers, academics, clicked on that link, settled in with some coffee and began scrolling through these logs. And one of those people was a hacker who goes by the name Discordian. He's loosely affiliated with the anonymous hacker collective.

F

Well, of course you're looking at the gold mine there, right? Because you have this ransomware group that, that does black hat stuff, like illegal hacking stuff for the purpose of stealing money from others. And now you see the internal operations

C

and the first thing people learned was kind of embarrassing for Conti.

F

The dumb part of this is the way they did it in an unencrypted manner.

C

Meaning Conti's chat logs were all unencrypted.

F

That's unthinkable, right? Because a lot of their identities will be revealed through these leaks. A lot of their, the way they do their operations is going to be exposed.

C

Over in Canada, Emilio Gonzalez concurred with Discordian's analysis. Not just the lack of encryption, but the code overall.

B

I have a computer science background, so I know how to program. And this is not, this is not like, how can I say it respectfully, world class code.

C

Emilio works in IT defending financial networks. And these leaked chats caused such a stir, Emilio turned scrolling them into a sort of hobby.

B

I have a day job, so I only do it on the. During lunch and the evening, but a lot of hours on that. And I'm not even close to done to having seen everything.

C

When we talk about ransomware, usually what we focus on is the damage data that gets lost, information exposed, people who get doxxed. But these logs shift the camera, they point inside the machine where the day to day concerns look surprisingly familiar. And the more Emilio scrolled, the more he noticed that these hackers who'd pulled off such nefarious heists were having surprisingly mundane internal problems. That's when we come back. Stay with us.

A

Support for Click Here comes from Servil. Every company says AI will make employees more productive, but most employees are still stuck waiting on it, waiting for app access and password resets, waiting for someone to fix a laptop issue so they can get back to work. That operational drag adds up fast, and IT teams are overwhelmed trying to keep up. Servl was built to automate that work. You describe what you want in plain English and Servl builds it for you. No complicated workflow, no consultants, just faster support and fewer tickets slowing everyone down. The platform is designed to eliminate repetitive tickets so it can focus on strategic work instead of constant firefighting. The company guarantees customers can automate 50% of it tickets. Learn more or start a free four week pilot at cervel.com clickhere that's S-E-R-V-A-L.com clickhere serval.com clickhere support for click Here comes from Quince Summer always makes me rethink what I'm reaching for every day. Lighter fabrics, better materials, pieces that just feel good the moment you put them on, and they look effortless. That's why I keep coming back to Quince. They focus on high quality essentials. Think breathable linen, soft, organic cotton, wood, washable silk, but without the luxury markup. It's that rare balance where everything feels elevated but still easy. Quince has beautiful everyday pieces like 100% European linen pants, dresses and tops with styles starting at $32. Their denim is soft and easy to wear, and their organic cotton sweaters are perfect for layering on cool summer nights. And everything at Quint's is priced 50 to 80% less than similar brands. And Quint's works directly with ethical factories and cuts out the middleman. So you're paying for quality, not brand markup. But it's not just clothing. Quint's has really become a destination for elevated essentials across home kitchen, bedding and beyond, making it easy to bring a more premium feel into everyday life. I just got a Quince bathing suit that looks like one of those expensive European brands but for a fraction of the price. Elevate your summer wardrobe. Go to quince.com clickhere and get free shipping on your order and 365 day returns now available in Canada too. That's Q-U-I-N-C-E.com clickhere for free shipping and 365 day returns. Quince.com clickhere if you're struggling to keep

C

up with all the latest innovations in tech and what they'll mean for your life, TED Tech has you covered. Get ahead of the curve with digestible downloads on some of the biggest ideas in technology, from AI and virtual reality to clean tech. Find TED Tech wherever you get your podcasts. Welcome back. I'm Karen Duffin and this is Click Here. IT worker Emilio Gonzalez heard about Conti's leaked chat logs and was so intrigued he started spending lunch breaks and evenings to scroll through them.

B

I have a message here. I'll try to find it.

C

He has the chat logs up on his computer screen.

B

So one of the first things I saw was employees of Conti requesting days off the job. So I have a message here. Hey, I asked for a day off on 23rd. I was allowed.

C

Apparently even notorious hackers gripe to HR. They also have the usual frustrations with co workers. These are from the internal chat logs. We had AI voice them for us.

F

The guys are asking how late we are going to be working. They want to know if they should order food. Omar is not responding.

C

They offer constructive criticism of things like

F

color schemes and change the color of the admin. We are a locker, not Tiffany's.

C

Locker is where they keep code and they even do small talk.

F

Hi there. How is it going?

B

Hi.

A

Work wise, everything is good. When you saw these things, Emilio, what went through your head?

B

Well, I guess I never thought about this, but one of the main reasons I love my job is the colleagues I have. They want to connect with people, even if they're what we consider bad guys.

C

But office politics are not the only thing Conti appears to have borrowed from corporate America. They also seem to have adopted, well, bureaucracy. There are reliable paychecks on the 15th and 30th of each month. There's sick days. They even have the equivalent of strategy memos, including one for, quote, data analysis and blackmailing.

F

I talked to Buza about a new system. When someone in the hacking division puts pressure on a company, we flag that for our analyst group and they can build a dossier on the company.

C

The group is structured like a business with lots of departments. There's HR testers, training, legal. Except their version of a legal department is people who destroy evidence when the police show up. And all of this corporate like structure is what kept people like John Fokker glued to these logs. He leads cyber investigations at a company called Trellix I called this like the.

D

The Panama Papers of ransomware because I think there's a. A case study to be done for many years.

C

And he's been intrigued by Conte for years. They're actually a favorite target of his.

D

They are in my top five. Yes.

C

And reading through these chats, what struck John was not just the internal organization, but what they were doing externally. Something that was previously off limits in ransomware.

D

We could see very interesting conversations that they talk about, nicknames that we've seen before in other ransomware groups.

C

He saw names of people from ransomware, rival ransomware gangs inside Conti's logs. In other words, Conti appeared to have built a network of ransomware gangs, brokered partnerships between them. Not isolated crews, but shared infrastructure, overlapping identities, and cooperation between groups that were supposed to be rivals. And this was stunning to John because ransomware groups used to do the entire operation themselves. But as things got professionalized, each group started to specialize and then partner.

D

So you see that there's partnerships being formed and that there will be adjacent services that are essential in that cybercrime kill chain in order to get the best or create the most victims.

C

Creating the most victims. That is why this insight matters. Partnering means they can victimize more people more easily and faster. The logs also revealed that Conti had one other thing going for them. For a long time, people suspected that the group had ties to the upper echelons in Russia. And these chats seemed to confirm it. They showed Conti doing hacking jobs, it appears, on behalf of the FSB or Russia's FBI. For example, they appeared to be digging for dirt on Putin's biggest rival, Alexei Navalny, before he was killed in 2024.

D

And what really stood out was the conversation that took place that they said, like, okay, this is very interesting information. We need to save this. And they literally said, okay, save this as look for stuff that's related to Navalny.

C

Alexei Navalny was Vladimir Putin's most prominent critic. He survived a poisoning in 2020, and after that, he investigated who tried to kill him. He got a member of the security service on the phone, someone who didn't know he was talking to Navalny. And the security guy actually confesses to the poisoning over the phone while Navalny was recording. And Navalny got help in his investigation from journalists at bellingcat. And then these chat logs show, just a few months later, Conti members are messaging about hacking bellingcat and grabbing anything related to Navalny. It was a striking coincidence.

D

They literally said, okay, save this as look for stuff that's related to Navalny and save it in a folder. Navalny, fsb.

C

This jumped out at John because inside Russia, you don't even mention the name Navalny because back then it could get you in serious trouble. It could get you arrested or even killed. So if hackers were actively talking about Navalny and even going after him, it was probably a directive from on high.

D

So this basically confirms a lot of what we always been suspecting. Obviously we don't know if they were actually guided by a state, but it could indicate like, okay, looking at this, there might have been a relationship. It could have been their get out of jail free card.

C

That relationship comes in really handy when your company's mission statement is not to say make great cars, but to commit great crimes. Helping out the top dogs in Russia, publicly pledging their loyalty. Conti's leadership likely did that for a reason. Call it business insurance.

D

Then we might have a safe harbor where we can still reside. And the chance that we're going to be arrested by, for instance, the US Government or any other Western government is going to be slim.

C

Conti shut down just a few months after the leaks. But its essence did not disappear. And in the corporate world, companies often don't really die. They spin off, they rebrand, they migrate. Talent. Turns out cybercrime seems to work the same way. All the people who got trained under this system just went elsewhere to do the same bad things, but probably with more skill and more connections. And maybe this is the answer to how Conti pulled off so many significant hacks and why we're seeing more coordinated and larger scale attacks. Overall, Conti was one of the most productive ransomware operations, not because it reinvented cybercrime, but because it industrialized it. Conti didn't represent the future of hacking as genius. It represented the future of hacking as management. Gather partnerships, build a bureaucracy, secure yourself some political ties. It works for the Fortune 500 and apparently it works for the equivalent of a Fortune 500 hacking group. I'm Karen Duffin and this is Click Here.

E

Capital One's tech team isn't just talking about multi agentic AI. They already deployed one. It's called Chat Concierge and it's simplifying car shopping using self reflection and layered reasoning with live API checks. It doesn't just help buyers find a car they love. It helps schedule a test drive, get pre approved for financing and estimate trade in value. Advanced, intuitive and deployed, that's how they stack. That's technology at Capital One. Looking for more of the cybersecurity and intelligence coverage you get on Click here. Then check out our sister publication the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record.

A

Here's what you need to know about the tech world this week. It's Tuesday, June 23rd.

F

The ferocity of these attacks is clear to see and very, very evident. The Moscow city skyline covered with black plumes of smoke.

A

Russia has spent years showing Ukrainians what modern war looks like. Last week, Ukrainians returned the favorite. Nearly 200 drones struck targets around Moscow in what appears to be the largest attack on the capital since the invasion began. An oil refinery was hit for the third time in a month. Four Moscow airports temporarily shut down. More than 500 flights were delayed or canceled. Russia says it intercepted nearly 1,000 drones and four cruise missiles across the country in just 24 hours. Moscow responded with another wave of attacks on Ukraine, launching more than 200 drones and multiple ballistic missiles. Ukrainian President Volodymyr Zelenskyy said the strike on Moscow was retaliation for a Russian attack on Kyiv that damaged a major religious landmark. He called it long range sanctions and warned that Russia is no longer the only country capable of bringing the war home. That said, Zelenskyy added that Ukraine still wants to play diplomacy because he said, Ukraine never wanted this war. A complete ban is a bit like authoritative and unnecessary. You might be like, oh, your parents should be the ones responsible for it. I just feel that, like it maybe shouldn't have been banned. Maybe it should be more restricted. For years, social media companies have argued that they can keep children safe online. Now the UK Is preparing to test a different idea. What if children weren't allowed in in the first place? Leaders there are backing a proposal that would ban anyone under 16 from platforms like TikTok, Instagram, Snapchat, YouTube, Facebook and X. The reasons are cyberbullying predators, algorithms designed to keep young users scrolling. But the proposal goes beyond social media. Lawmakers are also considering restrictions on AI chatbots, live streaming platforms and private messaging between children and strangers in online games. Supporters say the Internet has become too powerful to leave entirely up to parents. Critics say the plan raises difficult questions like how do you prove someone's age online? Will young people simply find ways around the rules? And when governments decide who gets access to digital spaces, where does that authority stop the proposal? The proposal is expected to reach Parliament later this year and if approved, it could take effect in 2027.

F

We cannot allow AI just to be used to benefit the very richest people in the world. It has got to be used to benefit all of us.

A

As artificial intelligence creates new fortunes, a political question is starting to emerge. Who should own the future? Senator Bernie Sanders has introduced legislation that would do something the US has never tried impose a one time 50% tax on the country's largest AI companies, paid not in cash but in stock. Those shares would be placed into a public investment fund that Sanders says could eventually be worth trillions of dollars. The idea is simple. If AI is built on public research, public infrastructure and public data, the public should share in their rewards. Supporters see it as a way to spread the wealth created by a handful of powerful companies. Critics say it would discourage innovation and be nearly impossible to implement. Either way, the proposal reflects a growing debate that goes beyond regulation. Not just how AI should be governed, but who should benefit from it.

C

Telegram is taking the Indian government to

A

court it comes after India banned the

C

messaging app over medical exam fraud.

A

Every year, more than 2 million students compete for a place in India's medical schools. For many families, a single exam can change the course of a life, which is why allegations of cheating have become such a big deal. Authorities say answers to this year's national medical entrance exam, known as neat, were leaked through Telegram channels before students took the test. The government responded by temporarily banning the messaging platform and canceling those exam results. The test had to be rescheduled. Officials say Telegram failed to remove channels openly advertising leaked exam papers. Telegram founder Pavel Duroff says the ban is a mistake. Civil liberties groups argue that shutting down a platform won't solve the underlying problem because online leaks have a to way way of moving. Remove one channel, shut down an app, and the information finds somewhere else to go. It's not the first time the NEAT exam has been caught up in allegations of fraud, and it probably won't be the last. Click Here is a production of recorded Future News and prx. Today's show was written and produced by Megan Dietrich, Sean Powers, Erica Guida, Zach Hirsch and Maya Fawaz. It was edited by Karen Duffin and Sarah Cavedo and fact checked by Darren Ancrum. Original music is by Ben Levingston, with additional music from Blue Dot Sessions. Our staff writer is Lucas Riley, our illustrator is Megan Goff, and our sound designers and engineers are Jake Cook and Jesse Niswonger. I'm Dena Tumble Rastan and thanks for listening.

C

Support for this program comes From Recorded Future in cybersecurity, the biggest risk isn't what can be seen, it's what gets missed. Recorded Future analyzes billions of signals to help organizations stay ahead of threats. Recorded Future Know what Matters?

E

Act first if you're looking for a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up the day's most interesting and important cyber stories from our sister publication the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to TheRecord Media and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.