The magic trick

A

From Recorded Future News and prx, this is Click here. Hey, there, it's Dena. A quick note before we start. Twice a month, we team up with WAMU and NPR's One, a news magazine, for something we call Cyber Monday. And in a recent show, we talked about the latest cyber threats. For a long time, cybersecurity was about spotting the threat. The suspicious email, the bad link, the attachment you knew not to open. But today's attacks are different. They're designed to blend in, to feel normal, to arrive through the same apps, meetings, and conversations we use every day. Which means the most vulnerable part of the system may not be the technology at all. It may be us. The first voice you'll hear is one, a host, Jen White.

B

Dina, it's great to have you back.

A

Thanks so much.

B

So, Dina, let's just start with where we are right now in this moment. How well are traditional cyber defense practices standing up against hacking schemes?

C

Well, I think cybercrime has really evolved. A decade ago, a lot of the attacks just depended on scale. You'd blast out millions of phishing emails, hope a few people clicked. Now you're seeing something much more tailored, more behavioral, more patient. And hackers are spending more time studying how you work or how people work and then how they trust things that are online, and then they exploit that.

B

So walk us through what these new hacking strategies look like in practice.

C

Well, in practice, it means that attackers are increasingly designing these interactions that feel legitimate enough to bypass whatever our internal alarm systems were. You remember the old phishing emails, There were spelling mistakes, and the English was poor, and that sort of was a big red flag. But what they understand now is that most people no longer experience the Internet as a place that's separate from real life. The Internet is our work now. It's our banking, it's our relationships. It's partly our identity. We can thank Covid for that. So if someone can convincingly insert themselves into these workflows of your life, they can get amazing access really quickly.

B

We've talked before about social engineering and how hackers are using it to gain access to computers, to digital systems. But what I hear you describing sounds a little different. How are these strategies and operations evolving in their sophistication?

C

Well, they're much more sophisticated, partly because attackers now have a lot more raw material to work with. Think about how much of ourselves we publish online, right? Our jobs, our routines, our colleagues, our friends, even the way we speak. And at the same time, remote work has normalized a kind of accelerated trust. You're constantly meeting people you've never met before in person.

B

Right.

C

You're jumping onto calls, you're sharing screens, you're collaborating instantly, even though you don't know know them very well. And while that does create a kind of efficiency, it also creates amazing opportunities for manipulation.

B

So, I mean, just remind us what social engineering means, especially in this context.

C

Well, I think it's based on trust, right? So you see something, it looks okay to you, and so you click on it, assuming it's somebody you know. And that's what they're working with. They're looking at your trust and how they can exploit it. And social engineering, it sounds very fancy, but all it is, you know, bait and switch.

B

It seems to me, Dena, that in many ways, the systems that make modern work possible, and again, it's changed dramatically since COVID are also creating opportunities for people who want to take advantage of those systems. How do we keep those vulnerabilities to a minimum?

C

Well, there's a whole nother layer to this, which is a lot of platforms that we've folded into our lives are optimized for ease of use, not suspicion. So they want our interactions to feel frictionless. Right. The way you stop an attacker is by adding friction, not by taking it away. And so cybersecurity depends on that friction. A little moment where you stop and think, wait, what are they asking me for? The caller was exactly right. You should start from a position of suspicion as opposed to a suspicion of trust when it comes to something like a zoom call with someone that you don't know. And the problem is, the smoother the experience becomes, the easier it is or it can be to move someone past that moment of hesitation to where they, you know, in the words of a podcast you've heard of, click here, and then you have a problem.

B

You know, as with everything we discuss these days, we have to talk about the artificial intelligence of it all. I imagine AI is playing a role in making this harder to detect. How is AI fitting in?

C

Well, the. The thing about AI now is that it allows attackers to mimic professionalism at scale. The spelling errors we were talking about before, they can generate polished emails. Now, even if they don't speak the language, they can create convincing websites. They can have fake Personas, even realistic conversations, all because AI is helping them mask whatever it is that they can't do, whether it's speaking English or actually setting up a website. And so the old clues that people relied on, bad grammar, awkward phrasing, those are just disappearing now. And honestly, what Worries some researchers is that we're moving towards attacks that feel increasingly human, not robotic, not obviously criminal, and are just socially persuasive. So we click.

A

Hmm.

B

How quickly are companies adapting to this new world?

C

Well, the problem is not always. I think we know that pretty clearly. If you just look at the headlines, you see how many companies get hacked into or have ransomware attacks. Part of the problem is that many organizations still think about cybersecurity primarily as an infrastructure problem. You know, there are firewalls, endpoint detection, software updates, and all those things are super important. But human attention is now part of that infrastructure, too, in a way it wasn't before. Fatigue is part of the infrastructure. Distraction is now part of the infrastructure. And attackers are getting really good at exploiting moments when people are overloaded or moving too quickly and they click on the wrong thing. I'm sure you've had that happen where you click and you go, oops, oh, no, oops. Oftentimes it's not a big deal, but just every once in a while it actually could be.

B

What about the big tech companies? Are they working on providing tools that help us as individuals or smaller business, you know, create better defenses in our own infrastructure?

C

I think they're quite focused on their own infrastructure now and cybersecurity when they do it, I think they do it less for their clients or their customers than they do for themselves, because the laws have changed. Right now, if you are a critical company and you got hacked, there are potentially legal consequences for not having the right sort of defenses. So I feel a lot of the sort of regular people who might be open to this are kind of left behind while these companies try to protect themselves.

B

Well, that makes me wonder when we use this phrase, fall for a scam, Somebody fell for a scam, or I fell for a scam. What do you think we miss when we use that framing?

C

I think it's actually a not accurate framing for what we are now experiencing, because these operations are really, really sophisticated. They can involve weeks of preparation, impersonation, credibility building. It's not just a simple click anymore. It's a whole sort of campaign. And the victims are often people who are quite security conscious. One reason, say, for example, like the crypto world has become such an interesting testing ground for all this stuff, is because crypto is so security conscious. If you can get into the cryptocurrency world, then that means you've figured out ways to get into other parts of the online world as well.

B

Well, people may hear you use the term cryptocurrency and go, oh, this isn't, this isn't a me thing. I don't have to worry about this. This isn't relevant for me. But even if you don't have crypto, if you don't move in that space, is this something we should pay attention to?

C

It absolutely should be. I think that we focused a story that's coming up in the B segment on a guy who was a cryptocurrency trader, because at least in my mind, when I think of a crypto bro or a crypto guy, it's somebody who kind of gets the whole digital world in a way that maybe I don't completely and is someone who, because so many assets are in crypto for them, have to be crazy security conscious in a way that maybe regular people wouldn't be. So the fact that this guy, this crypto guy who was so famous and so out there and telling everybody where to invest, actually gets hacked and falls prey to a scam, that means it

A

can happen to anybody.

B

So without giving too much away and we're going to hear the story you're describing, beyond his technical proficiency, what else is it about this story that you think is important to share with listeners? Or why did you even start going down this rabbit hole in the first place?

C

I think there was an overall sense that hacking in general had become much more sophisticated than it had in the past. And then over layer on that or layer on that, that AI is now sort of coming into its own. And those are two very powerful forces that the average person needs to know about. And if it was just sort of, you know, oh, somebody fell prey to a romance scam. While that's sad, I could see people saying, couldn't happen to me. I would never, you know, send a guy I just met online money or a woman I just met online money. But the fact that it can happen to somebody like this means that you have to be extra vigilant because it's out there for anybody.

B

Coming up, the Click Here team walks us through a story about someone who thought he understood digital risk until an ordinary zoom call turned into something much more dangerous. That's just ahead.

A

Support for Click Here comes from Servil. Every company says AI will make employees more productive, but most employees are still stuck waiting on it, waiting for app access and password resets, waiting for someone to fix a laptop issue so they can get back to work. That operational drag adds up fast, and IT teams are overwhelmed trying to keep up. Servil was built to automate that work. You Describe what you want in plain English and Servl builds it for you. No complicated workflow, no consultants, just faster support and fewer tickets slowing everyone down. The platform is designed to eliminate repetitive tickets so it can focus on strategic work instead of constant firefighting. The company guarantees customers can automate 50% of it tickets. Learn more or start a free four week pilot at serval.com clickhere that's S E-R-V-A-L.com clickhere servil.com

D

this show is supported by Blueland. We hear a lot about microplastics in oceans and food, but they can also come from products we use every day at home, including cleaning products. Blueland is on a mission to make it easy for everyone to make sustainable choices. Blueland believes that hardworking clean products can be the norm, not the exception, so that you can do better for your family and the planet at the same time. From cleaning sprays and toilet bowl cleaner to dishwasher and laundry detergent tablets, Blueland's products are independently tested to perform alongside major brands and the formulas are free from dyes, parabens and harsh chemicals. You'll love not having to choose between the safe option and what actually gets your house clean. Blueland is a certified B Corp and Leaping Bunny Cruelty Free certified. Their formulas are EPA Safe for Choice certified and many products have also earned Cradle to Cradle's Gold Material Health Certificate. If you're looking to make a small change in your routine, you can get 15% off your first order at blueland.com prx get 15% off your first order by going to blueland.com prx blueland.com prx.

A

Jake Gallon used to work behind the velvet ropes in Las Vegas. Among other things, he worked the cabanas at Planet Hollywood, and for a while he thought that life sparkled. But it got a little old.

E

Once you get into that lifestyle, after about a year or two, you're like, man, this kind of sucks.

A

It wasn't just that he was awake

C

when the rest of his friends were

A

asleep, or that he missed all kinds of milestones in other people's lives. It was just kind of lonely. And he worried that he'd never find something as exciting where he'd be making that kind of money. Until one day he was on a Reddit forum and found Ethereum the cryptocurrency

E

so I found Ethereum in 2016 on a Reddit forum called WallStreetBets to Jake

A

trading Ethereum, the second largest cryptocurrency after Bitcoin Felt like opening a secret door into a whole new world. One that was intoxicating, unpredictable, and full of promise. And then he stumbled into the world of NFTs. That's short for non Fungible Tokens. They're blockchain based collectibles. Think Beanie Babies, but with code. And before long, he'd carved out a reputation in one of the strangest corners of the NFT universe. A niche known as historical NFTs. Think of them as relics. Pixelated artifacts from crypto's adolescence.

E

So it was one of the largest Moon Cat collectors at the time.

A

Mooncats. Primitive, quirky little pixelated pictures of cats. And among the very first NFTs ever minted. They were valuable, a kind of Mickey Mantle rookie card of the blockchain. And in the middle of all this, he made an unusual decision. In the crypto world, everyone hides. They use avatars or fake names. VPNs on top of VPNs. That's the culture. Anonymous, encrypted and untouchable. But not Jake Gallen. He, in essence doxxed himself.

E

Since I started in 2017, you know, being a doxx person was. Was unheard of. That was like a very rare thing to do.

A

He used his real name, told people what he owned, where he worked, what he bought into. He thought the transparency would help him earn trust. So he leaned into it.

E

You know, obviously it makes you a target, but it also makes you a little bit more respectable. And it leads, in my opinion, to more opportunities.

A

Jake Gallen had always known that deciding to use his real name publicly and talking so openly about his life would be a risk. So he made sure his security was airtight.

E

I generally consider myself to be very careful. I mean, I have maybe five to ten different hardware wallets with different assets on top of it. Multiple computers which hold different types of wallets.

A

So anytime he got an interview request, he would vet them thoroughly. And that's exactly what he did in April 2025 when he got an interview request from a YouTube show he'd never heard of, something called Tactical Investing. Did they have mutual followers? Check history of posts with original content. Check, check. A show that appears to be a real show.

F

Hey guys, what is up?

E

It is Alexander here back with Tactical Investing. And in today's video, I want to do a step by step staking. The YouTube channel had close to 100,000 subscribers. Had like six years of posting history. I had interviews with people that I'm familiar with in the industry.

A

So we said yes. And he was excited by this. Point. He was CEO of a crypto company, and they had a new product he wanted to demo. So the day of the interview, he logged on. And it started like so many interviews before it. But the host had his camera off.

E

And he says, do you mind that I'm going to keep my screen off?

A

Why wouldn't he want his camera on? He was a YouTuber after all. That alone set off a flicker of doubt in Jake's mind, but just a flicker.

E

This industry is, you know, it's full of pseudonymous and anonymous people. But what was weird is that he's a YouTuber.

A

But then the guy kept talking. He sounded confident, casual. And Jake, he let the flicker fade.

E

I'd actually watched a handful of his interviews. You kind of understand who this person is or, like, what their interview style is like. It sounds just like him. Literally just like him.

A

And pretty quickly, he wasn't just feeling relaxed, he was feeling kind of impressed. The questions were smart, technical. So Jake did what any founder would do when somebody really gets it. He let his guard down.

E

And so after about 30 or 40 minutes into the interview, the gentleman says, okay, I would love for you to demo Agent Hustle.

A

Agent hustle. Not a 1970s crime show, but an AI tool for tracing blockchain activity. And Jake was really proud of it. So when the interviewer said he'd give Jake access to share his screen, he just clicked shared his screen and walked the interviewer through the tool. When the call ended, Jake thought it had gone pretty well.

E

I tell him, hey, it was a great interview. He asked the right questions, and he says, it'll be up in a few days. And then that's it. Everything is fine.

C

But everything was not fine.

A

It started the next day. Jake got a notification that a mooncat nft that he'd bought for $100,000 was suddenly sold at the bargain basement price of $1,000.

E

And then I see another sale happen. I get another notification from OpenSea saying that another sale's happened. Very low ball.

A

And his heart started to race.

E

I know there's a hack that's happening. I don't know how or what or why.

A

He scrambled, changed passwords, reached for every

E

security switch he knew, just minimizing the blast radius of what was going on, trying to figure out what was happening.

A

And then came the moment everyone dreads. He was logged out of his email, his social media. And every time he tried to regain control, the hacker just kicked him right back out. It was like whack a mole with his life. He tried to Revoke permissions on Revoke Cash. No luck.

E

I could see more Mooncats being listed, and then I see other collections being listed.

A

And then a chilling realization.

E

This is like a full on. Like somebody has my seed phrase.

A

Seed phrase? Like a master key to all of his wallets and NFTs, which is crazy,

E

because I've never written that seed phrase down anywhere, nowhere digitally. It's written down on a piece of paper inside of a safe.

A

That's when it clicked. Breaking into his computer was as good as breaking into his safe. How much did you lose?

E

It's about between 150 to 200,000, depending on how you value the assets themselves.

A

Jake was gutted and pretty confused who would do this and how. His gut told him that this had to be connected to that interview. But what kind of hacker launches a YouTube channel and runs it for six years just so they can scam someone? None of it made sense. So he called 911. Actually, seal 911.

G

The official name is Open Security alliance, but everybody just says seal.

A

They're a team of white hat hackers who respond to crypto attacks.

G

We do everything from people who got phished for $1,000 to kidnappings to big North Korean heists. There's all sorts of crazy things. Whatever people need, we'll figure out a way to do it.

A

Nick Bax is an incident responder at seal, and they've worked on thousands of crypto hacking cases like Jake's.

G

We're always on call. Some days are a lot worse than others. Yesterday, I woke up, and it felt like every single threat actor we were looking at had decided to do something at the exact same time.

A

Nick didn't waste any time trying to get to the bottom of what happened.

G

First thing we do in triage is give them a set of instructions to follow.

E

Apparently, the first thing you're supposed to do, actually, is unplug your computer from the Internet.

G

Disconnect your computer from the Internet.

E

I wish I would have known that. Probably would have saved myself a lot of money.

A

Then came the forensic work, retracing every click. And as they dug, Nick's Spidey sense started tingling. He'd seen something like this before.

G

Yeah, you know, as soon as we heard he suspected a zoom call, we immediately start to think it's dprk.

A

Dprk, North Korea. The most prolific crypto thieves on the planet. And they've been using Zoom to trick traders and even crypto companies with fake job interviews and investor calls.

G

They play a video of a person that might be the person you're supposed to be meeting with. And they look bored and they're not talking, but it's actually a loop of a video. And then they tell you over text that there's trouble with the audio. And then they write, oh, we've seen this problem before. Just go to this link.

A

A link to malware. But Jake didn't click on anything like that. There was no fake video. He just had a conversation, one he thought was a pretty good one.

G

The fake interview was new. We hadn't seen this vector before. We realized it probably wasn't North Korea.

A

So the team went back to the drawing board.

C

They went over everything again.

A

And that's when they caught it.

G

They kept trying to get him to screen share.

A

The screen share that Jake used to demo Agent Hustle. And while there are lots of things you can do to protect yourself from a hack, you know antivirus software, avoid spammy leaks. There's one thing that's as hard to see coming as it is easy to fall. Social engineering. Hackers exploiting somebody's humanity, their ego, their enthusiasm, their fears. When it came time to demo his project, Jake was enthusiastic.

C

They'd just launched this new AI tool

A

and he wanted everyone to know about it. So he wasn't quite as focused as he went through the screen share process.

G

They had a Zoom account where the name on the account was Zoom. And then they requested remote control. And a notification pops up on Zoom that says something like, zoom is requesting permission to remotely control your device.

A

In that moment, it didn't look like a red flag. It just looked like part of the process.

G

People just think it's requesting permission to share my screen, but it's actually requesting permission to remotely control your desktop.

A

Jake barely remembers clicking, which is exactly how the best hacks work.

G

When you do get hacked, it's like a magic trick, like an illusion.

A

And with that, the hackers had remote access. Files, passwords, wallets.

G

Once you get remote code execution on someone's computer, you can do a lot. You can look for all of the high value targets, private keys, SSH keys, access tokens, whatever. Then they'll get your password manager, they'll try and take over your Twitter account and your Telegram account.

A

The SEAL team had a hunch. Maybe this wasn't North Korea, maybe this was someone borrowing from their playbook.

G

It was actually a group of Western people, US or Europe or North America based hackers, who had a clever method,

A

a method that appeared to be piggybacking on North Korea's MO we have seen

G

people try to imitate North Korean tactics. And I think what happened is they heard about this video chat, Zoom Call Vector, and thought, oh, that sounds like a good idea. We can modify that to fit to our strengths.

A

Maybe they even thought that looking like they were North Korean hackers would help them get away with it, Whatever it was, Seal wrote about the group, and in their report, they called them Elusive Comet.

G

I don't know if they think we'll just give up because we know that they're beyond the reach of law enforcement or what, but it's actually the exact opposite of what you should do, because there are a lot of federal resources that focus completely on North Korea. So you really. It's not in your interest if you're a hacker, to have them think you're North Korea. Despite what some people might think, Jake

A

says the FBI contacted him not long after he reported the attack, and they gave him more detail.

E

This is a very large scammering that's going on that could total, potentially, you know, eight or maybe nine figures in lost value. And they're all using Zoom, apparently, for all of this.

A

But the FBI wasn't the only one who reached out.

E

Hey, Jake, it's Alex. Otherwise known as Tactical Investing. My account was compromised Wednesday of last week.

A

Tactical Investing is a real YouTube channel run by a real person. Alex Bannister. He's in the Air Force. And to prove who he was, he sent Jake a video of himself in uniform.

E

You know, for proof I'm in the military. Here's my uniform, Air Force. And then my last name is Bannister.

F

And check it out. Here.

E

It's on my uniform.

A

So the hackers hadn't just fooled Jake. They'd hijacked someone else's identity to trick him. Jake lost a lot that day. Time, money, trust. But what bothers him most is Zoom, that remote access button that Jake was tricked into pressing. It's not some obscure setting. It's enabled by default for all personal Zoom accounts. If you use Zoom, it's probably enabled on your computer right now.

E

Basically, the whole scam is that if you're a host of a Zoom interview, you can request remote access to the guest. This is like a default feature that's on. Like, if you turn that default feature off, this whole thing goes away. It's literally that simple.

A

We reached out to Zoom, and they told us they take security seriously and that users must give explicit consent before allowing anyone to take control of their screen, which is technically true. But cybersecurity experts say that's not the point. While no one would be hurt if Zoom just turned it off from a default setting, it could save unsuspecting victims a lot of time, money and hassle. If they just did, they could easily

E

fix this by just making remote access default off. Like that's literally all they have to do to fix it. But they don't seem to be interested in wanting to make that change.

A

So Jake's doing the only thing he can, the only thing he's been doing since he first stumbled into the crypto spotlight. He's talking about his life and telling people what happened to him. Journalists, crypto traders, Twitter followers, anyone who

E

will listen to yeah, it is embarrassing, but I felt like there's. It's much more important to keep people protected, to ensure that this doesn't happen again and again and again. You know, do I want to be the face of this? No, not really. But do I want people to be aware of what's going on? Yeah, absolutely.

B

Up next, who's working to fight back against hacks like these? I'm Jen White. We'll be right back.

A

Support for Click Here comes from Quince Summer always makes me rethink what I'm reaching for every day. Lighter fabrics, better materials. Pieces that just feel good the moment you put them on and they look effortless. That's why I keep coming back to Quince. They focus on high quality essentials. Think breathable linen, soft, organic cotton, washable silk, but without the luxury markup. It's that rare balance where everything feels elevated but still easy. Quince has beautiful everyday pieces like 100% European linen pants, dresses and tops with styles starting at $32. Their denim is soft and easy to wear, and their organic cotton sweaters are perfect for layering on cool summer nights. Everything at quince is priced 50 to 80% less than similar brands. And Quince works directly with eth ethical factories and cuts out the middleman. So you're paying for quality, not brand markup. But it's not just clothing. Quint's has really become a destination for elevated essentials across home, kitchen, bedding and beyond, making it easy to bring a more premium feel into everyday life. I just got a Quince bathing suit that looks like one of those expensive European brands, but for a fraction of the price. Elevate your summer wardrobe. Go to quints.com clickhere and get free shipping on your order and 365 day returns now available in Canada too. That's Q-U-I-N-C-E.com clickhere for free shipping and 365 day returns. Quince.com clickhere support for click here comes from NPR's Planet Money podcast. Curious about the economic forces shaping your daily life? The Planet Money podcast makes the economy make sense by telling stories about the people inside it. Take the wnba. Most people heard the league landed a big new collective bargaining agreement, but Planet Money went deeper inside the negotiations themselves. They found a Nobel Prize winning economist helping players make their case with something surprisingly a pie chart. Because the real fight wasn't just about bigger salaries, it was about revenue share and whether players would finally get a bigger piece of a rapidly growing business. Planet Money explained why that matters and why this deal could reshape women's sports for years to come. That's what Planet Money does. It takes ideas that sound abstract. Collective bargaining, sanctions, labor markets and turns them into stories that feel immediate and human. Other episodes have explored why Pokemon cards are outperforming some investments, or how Russia's economy adapted after years of sanctions and what a 750 pound restaurant robot says about the future of work. Planet Money is economics told through curiosity, surprise and great storytelling. Follow NPR's Planet Money podcast and understand how money shapes the world.

H

How do we maintain a strong defense in a world that's rapidly changing? Join us on Strength in Numbers, a podcast from UVA's National Security Data and Policy Institute. I'm your host, Jennifer Strong. In each episode, we'll take a look at the materials powering today's most advanced technology, how it's being used on the battlefield, and ask how the United States can stay competitive against potential adversaries.

A

Voters should be concerned about all this.

I

We want America, America to be strong.

E

But we've got to be strong and smart.

H

That's all coming up this season of Strength in Numbers. Listen and follow wherever you get your podcasts.

A

Hey there, It's Dena again. Jake Gallen thought he was doing everything right. Strong passwords, hardware, wallets, multiple layers of security, and none of it mattered once he trusted the wrong person. Because increasingly, the hardest attacks to defend against aren't exploiting software, they're exploiting people. So how do you protect yourself when the attack looks like an ordinary conversation? You're listening to one of our regular Cyber Mondays with WAMU's Jen White. And we'll get back to the show. The next voice you'll hear is Jens.

B

Now back to today's installment of our Cyber Monday series. Joining us now to talk about fighting back against new crypto hacking strategies is Isaac Patk he's the certification initiative lead at the Security Alliance. That's a nonprofit offering incident response, threat intelligence and security coordination for the crypto industry. He's also the founder of the cybersecurity firm shield 3. Isaac, welcome to 1A.

F

Thank you. Thanks for having me.

B

Tell us a little bit about your role and the threats you're helping crypto organizations defend against.

F

Sure. So the Security alliance, as you said, is a nonprofit that exists to help coordinate a lot of different security vendors, security researchers, and all of the different organizations like crypto exchanges, wallets, more and more banking, and TradFi. We track whatever the latest threats are. I was listening along with the story that was just playing and I myself received an email this morning that was a fake link to sign. It was actually received to the Security alliance domain, one of our group emails. So they're even trying to go after us every single day. And so it's nobody's fault if you're targeted. Everybody is a target in this industry, whether it's crypto or traditional finance. And so what we try to do is whenever a large incident goes down or when an individual is even targeted, they can reach out to our hotline. And what we do with that information is we then help minimize the losses and help ideally the victim recover their funds.

B

How and why was the alliance founded?

F

So the alliance was founded back in 2022 by Sam Cz's son, who was at the time an independent security researcher working on just defending the crypto space. In the crypto space, there's a lot of people online that might be just a random anime picture as a profile account on the Internet. Sometimes they're a super trustworthy, well meaning person. Sometimes they're the person trying to scam you. But there's a lot of anonymity in this space. And so there's a lot of trust that has had to develop with regards to who are the people that we can work with to help coordinate. And a few years ago that really wasn't the case. There was a lot of individual researchers, there was individual firms, but a hack would happen and it would be kind of a mess figuring out what we can do to clean up from it and how to prevent it in the future. So Sam had a public profile, a very public profile at the time, had a network of folks that he trusted and basically put a bunch of people in a chat group and said, hey guys, how can we solve this? And so we started with a few initiatives. One was this 911 emergency hotline that anybody could call staffed by volunteers to say, hey, there's an incident, we need help. And from there it grew out to other initiatives like intelligence sharing, coordination with law enforcement, doing simulations of incidents before they happen to help people prepare. So it was really just a community grassroots effort that turned into an official, now four year old nonprofit that's achieved a good reputation in the space.

B

How often do you see these scams sort of limited to the crypto space, and how often do you see them start to bleed over into traditional financial spaces?

F

So very often. So in the years that we've been running this hotline, we've handled over I think 3,000 incidents. And so people are messaging our hotline every day. And the exact way that it's happening is oftentimes is the social engineering that we hear a lot about. Even whether it's like an individual at a company that maybe is the person sending out the invoices or signing the checks, or it's somebody that has a personal crypto holdings or, or it's a very large crypto protocol that's holding maybe hundreds of millions of dollars. Often the initial attack vector that's coming in is the same where you know, they're pretending to be someone they're not. They sometimes meet you at a conference and build a relationship over years. So we're seeing that it happens all the time, unfortunately.

B

So Isaac, in the grand scheme of potential cybersecurity threats, how common is social engineering compared to maybe a more brute force approach to hacking?

F

Yes, I'd say the vast majority of the time it is the social engineering. The brute force cases that we see sometimes are like, there can be a data dump of passwords or identities on the dark web that end up getting integrated, that people end up using to steal information or hack into your account. But the vast majority of the time, 90% plus, even with the larger ecosystem wide hacks nowadays are starting with social engineering where they're impersonating somebody or they're pretending to be an investor or a grant giver that's interested in your organization. That's particularly terrible because anybody in the space or anybody in any industry that just has somebody call up and say, hey, I'm really interested in your work, you have to be skeptical. Even when I got the email request saying, hey, would you like to come and do this interview? My first instinct is, okay, is this, you know, thankfully, I think that I'm 95, 99% sure that this interview is actually happening right now. But I can't be 100% sure, right? Like maybe at some point I get a screen share request or something and then this all goes downhill. So nobody should feel like embarrassed if it happens to them. Like, it's just unfortunately what's happening all the time.

B

Now you mentioned the Security Alliance's 24 hour crypto threat response hotline, or SIL911. When someone calls in to that number, who do they work with, what kind of support they expect?

F

So we have about, I'd say like 20 volunteers in different time zones around the world that are staffing this line. Oftentimes the folks that are doing that are volunteering their time to support, but they also do this as a full time job. They might work for a company that does tracing and recovery of funds. They might have a relationship with a crypto exchange where they can say, hey, these funds were sent here. Can we call up this exchange and tell them, hey, we really urgently need these funds to be frozen and sent back to our victims. Usually when they call in, they'll get connected to somebody who's online and available. The majority of times, unfortunately, the funds are gone.

E

Right.

F

But there are cases more and more often, as we kind of increase our ability to coordinate with law enforcement, coordinate with financial institutions, we're able to have more cases where we can do a successful freeze or recovery of these funds. So usually it's like they call in, we verify that what happened, how it happened, stop the bleeding, make sure that if there's malware on the system that they turn their system off and then immediately after that, try to see what we can do to find where those funds have gone and where we can recover them.

B

Now, Isaac, you mentioned you do work with law enforcement, but is there something in the law enforcement space that needs to be happening right now to better address these more complicated, sophisticated schemes?

F

I think there does. So I'll start just with an anecdote. Somebody that I've known for years sends me a message and they say, hey, we just lost half a million dollars. They were an investment fund. We just lost half a million dollars. We have no idea how this happened. How can we think we know how it happened, but what can we do now? And we wanted to immediately start coordinating with, okay, how can we possibly freeze these funds? They're still sitting there, they haven't moved yet. So first we had to say, we have to call up an FBI agent. Some of them, we have contact information. We can just send them a message and say, hey, like, this is, like this is something that just happened. What can we do? Unfortunately, like, what happens is first we have to figure out, is there a victim involved here that's based in the U.S. what jurisdiction do they live in? What's like the local FBI office that they call is the person that's going to pick up that phone. Very like familiar enough with crypto that they can immediately go out and do an investigation, get a case open, get a court order to try to freeze these funds. These things can happen in a matter of like, hours to days, but they need to happen faster. Oftentimes, I think the best case scenario is a few days later we can have a court order to try to freeze these funds. But the majority of the time it's just coordinating and intelligence sharing, or we share like, hey, we are very highly confident that these are stolen funds and they should be frozen, but their policy might be okay. Now we have to do our own investigation. And so I think that there can be a lot better, just public private partnerships between different agencies, whether it's local law enforcement or federal intelligence agencies or financial crimes investigators, plus all of us that are trying to do this in the private industry to figure out how we can build trust and share this information to have response times fall drastically.

B

Well, it's interesting, in hearing you describe the work seal does, it sounds like you're filling a law enforcement gap. You're doing that initial investigation, you're locating where the funds are, and I know you're helping lawmakers write some legislation. What are you working on and what do you hope this legislation will do?

F

So one thing that we're just hoping that these initiatives will do is like, cut down on the coordination friction and the communication friction. The problem is in the crypto space is like the hacks are so immediate and so irreversible. In most cases, we just need them to be even faster. So my focus, number one would just be on some hub for information sharing and coordination between agencies, between public and private institutions. If we just did that, I think that would be a pretty large leap forward.

B

When you look at who's coordinating these more sophisticated hacks, it doesn't sound like the work of one person. Who and what are you tracking for

F

the actual attribution of the hacks? It's a variety of things. It can be nation states. There are countries out there that have full time staffed employees that are engineers, that their entire job, all day, every day, is to do these types of hacks, such as try to infiltrate companies such as North Korea. But oftentimes attribution is difficult because North Korea does a successful hack, and then other countries or Other criminal groups will copy it. But there are a lot of indications often of attributing who did what on the other side. On the social engineering side, unfortunately it's even more of a terrible sad story because a lot of the people that are doing this social engineering are victims themselves. They're people that are trafficked into these scam compounds that their job all day, every day, I mean their job, right, they're forced to do this all day, every day, is to try to social engineer people. So it's a variety of nation state groups. It can be criminal gangs that are trafficking people into doing these scams. It can also in some weirder cases be groups of bored teenagers that are just hanging out on a discord server trying saying, hey, isn't this fun? We can make some money this way. That maybe don't fully understand how bad those actions are. But I think that's longer tail the largest hacks, usually nation state and then the more like one by one individual people are often these like scam centers.

B

So really briefly, your advice for someone who thinks they've been the victim of a hack, maybe even before they call the Seal911 line, just be paranoid.

F

Be paranoid. And also just always feel free to reach out for help. Like don't ever feel like, hey, I'm so embarrassed that this happened to me. We're constantly under attack in this industry or even in the traditional financial industry. Like I worry about my parents and their retirement, retirement accounts and stuff like that. We just have to just raise the level of awareness around the stuff that this is always happening. Be paranoid. Anybody that reaches out to you with something that sounds too good to be true probably is, which is unfortunate because I like to also believe in the goodwill of people reaching out. But yeah, paranoia.

B

That's Isaac Patka. He's the certification initiative lead for the Security Alliance. Isaac, thank you for this very real conversation. We appreciate it. Today's producer was Chris Costano with help from Click Here's Megan Dietre. This program comes to you from wamu, part of American University in Washington, distributed by npr. I'm Jen White. This is one A.

A

That was part of our conversation with one A host Jen White about defending against modern day scams and cyber attacks. You can hear the full segment@wamu.org this is click Here. Click Here is a production of Recorded Future News and prx. Today's show was written and produced by Megan Dietrich, Sean Powers, Erica Gaeda, Zach Hirsch and Casey Georgie. It was edited by Karen Duffin and Sarah Covedo and Fact Checked by Darren Ancrum. Original music is by Ben Levington, with additional music from Blue Dot Sessions. Our staff writer is Lucas Riley, our illustrator is Megan Gough, and our sound designers and engineers are Jake Cook and Jesse Niswalmer. I'm Dena Temple Raston, and thanks for listening.

D

This show is supported by Odoo. When you buy business software from lots of vendors, the costs add up and it gets complicated and confusing. Odoo solves this. It's a single company that sells a suite of enterprise apps that handles everything from accounting to inventory to sales. Odoo is all connected on a single platform in a simple and affordable way. You can save money without missing out on the features you need. Check out Odoo at o d o o.com that's o d o o.com looking

I

for more of the cybersecurity and intelligence coverage you get on? Click Here. Then check out our sister publication the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kiev, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record Media.