David Moulton (12:36)

Foreign.

Dave Bittner (12:41)

Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And now a word from our sponsor, Threat Locker. Keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com on this week's Threat Vector segment, host David Moulton speaks with Arjun Bhatnagar, CEO of Cloaked. They're speaking about why protecting your digital privacy is more urgent than ever.

Arjun Bhatnagar (14:54)

Hi, I'm David Moulton, host of the Threat Vector podcast, where we explore the evolving cybersecurity landscape and bring you insider insights into the threats and opportunities shaping the future of digital security. In our next episode, I sat down with Arjun Banagar, CEO and co founder of Cloaked and someone who's been hacking and building since he was 12 years old, to talk about something that we all take for granted, our privacy. Arjun shares how building an AI to track his own health data during the pandemic led to a much bigger discovery. Your phone number might be all someone needs to find your Social Security number, your home address, and your most personal details. That one data point could be the key to your entire digital identity. If you've ever wondered what a hacker sees when they look at your digital life, this is the episode that you can't afford to miss. Check it out wherever you get your podcasts. Arjun, you've been developing and hacking since you were, what, 10 years old? And then it was like the pandemic where your interest in or your journey to privacy really took off thanks to this, like, AI data box that you built for your own health. Can you take me back to that moment and walk us through how that experience sparked the idea for Cloaked?

David Moulton (16:21)

Absolutely, and I'm excited to talk about it. It's been an interesting journey for me learning about privacy. I've always been privacy centric, but that moment really clarified for me what I really wanted to do. So back in 2020, I was really interested in my own data. What does my data look like? Where does it live? What's going on with it? Because I wanted to see if there's a way to correlate different things about me to make me feel better, understand what can I do better to ultimately be happier or minimize issues or kind of keep track of things around health that I should pay attention to. So I ended up getting a Mac Mini, putting in my apartment and I wrote integrations into everything about myself. Basic stuff like Google Calendar, my Facebook data, I hacked iMessage, my Google calendar, my health data, my eating data, my banking data, my GPS data, movement data. Everything about me I put in this box. And in that box as it's pulling everything, I started writing some crude models to start analyzing this data and telling me what's going on, what can I do about it and can you help me take some actions? And without me even realizing it very quickly, it started doing things. It said, hey, I noticed you missed your workout yesterday. Do15 push between these two meetings based on my spending habits. It said let's cut back on the alcohol and the Chinese food. But it hit me in the face one day when I was at lunch with somebody and I put my phone down end of lunch. I picked up my phone, realized my really crude AI had a full conversation with that then girlfriend. It told her I love you, it sent her memes and it did the entire conversation while I was eating. And I picked up my phone, realized holy cow, this is crazy. But I realized in that moment that I didn't own any of my own data and two that we're headed into some AI future. It's going to be important to figure out what data ownership my privacy means because if I can do this in my backyard type of thinking, well, when AI and big tech gets into AI and my personal data, it's going to be crazy.

Arjun Bhatnagar (18:23)

Well, it wouldn't be a safe summer type of podcast if we didn't talk about passwords and the headache of passwords. We know we need them, but I know a lot of people struggle to manage them. I've used a password manager for years. I've tried to insist on that within the the area where I'm the the resident geek and as far out as I can. But just creating strong passwords isn't enough. You know, we need unique ones, we need different ones for different accounts. Can you talk about why it's worth the hassle to have unique passwords and why a password manager may be the right choice for a lot of folks who have maybe resisted it.

David Moulton (19:07)

So I'll break this into a few different points around the password headaches. I totally get it and I'm a little contrarian here where their security professionals will just say you need complex individualized passwords to every service, full stop. But the problem is when you make that statement, it's a big leap from where people are today. So what I'd say is that how do you progressively get better link your passwords? I'd say people have heard of password managers and it's definitely a great tool. I'll get to that in a second. The real part is how do you think about passwords? One, we want to create the distinct nature and I'll explain why that's important when you have a password. If someone wants to compromise an individual and hack into their account, etc they're not going to necessarily try to hack into your bank account, your JP Morgan account, et cetera, because that account party probably is pretty secure. They have a lot of incidents. However, when you do use the same password, I'm going to go compromise the gene shop you bought gene from recently because their security might be weak and they're not investing in a massive security team to make sure your information is safe. But somebody might go find a compromise there or they might have been already compromised. And if you use the same password, well, somebody's just going to use that to then get into your bank account. And this is where password reuse is a big problem because I'm just going to find the weakest website that has not the best security, find that compromise, and then use that to work my way to your Gmail or use your bank account, primarily your Gmail or your Verizon or phone bill company, because I can use those to compromise other accounts and become the chain of attacks. So that's why password use is bad. But then what do you do about it? I'd say coming back to habits, having a habit around about passwords is really important. So what I would say is first off, thinking about the different types of passwords you want to have, that's the first way of approaching this. So for example, my computer password is unique to my computer and I do not use that anywhere else. So fundamentally and I do not use it anywhere online because it's offline my computer. And if you get into my computer, you basically have gotten the keys to the kingdom there. So that one is unique. I do then say for my bank account, my Gmail, my Apple, like these things have distinct passwords. And I, I'll tell you about kind of ways think about passwords in a second. But that that information of like these are very sensitive things that can compromise me. I make those distinct and then for asking into other accounts, I just create password habits to make them, to make them useful. Now I use password manager cloaked as my password manager. But I'd say that what I've always done is just following these rules coming into making a password. When people realize that it's a famous comic, that your password is teaching you 12 characters, a symbol and all that stuff, that's not the best password. A long password is actually much safer than a short one with a bunch of random symbols in it. You adding an extra dollar sign. Your password is not making it that much harder for someone to crack it. It's really the length of it is what makes it really hard. So in front of me, like I'm looking at things like I've got a napkin, a remote marker, and a cable. Napkin, remote marker, cable, one exclamation point. Great password. It's easy to remember and it's going to fit all the criteria and very hard to crack. And it should be. You make it easy to remember, but then also harder to compromise. That's how I do my passwords is to kind of have a pass phrase or system. Things that you can remember, but they're really hard to compromise.

Arjun Bhatnagar (23:02)

At south by in Austin, you gave a demonstration where you asked the crowd to call a phone number that's part of Cloaked. And I have to say it was the best demonstration of software I'd seen because I lost count of the number of gasps from the crowd as people were listening to the message that came up. And they were hearing their name, they were hearing most of the Social Security number. They were hearing information about themselves. And I think it was really back to our opening conversation about how being able to see your data can change your behavior. In this case, you can hear what data is publicly available about you just from your phone number. I believe people left that demonstration with a different mindset about what they're going to give away and what they wanted to do to feel comfortable to operate in the modern world where data is just flowing out and if they wanted to control their privacy. So if you're out there and you're thinking, I got to see what this Dynamo is that RGB and gave or Dave's talking about that's on the website. And I gotta say, I recommend going and giving it a try. It was jaw dropping, man.

David Moulton (24:14)

Well, I think this is. I'm glad you appreciated it. The demo is really focusing on the point that we know our data's out there, but we don't really understand the extent of how much that is. And we don't have any of this data they and all these companies are aggregating, selling, but it's so easy to find it. And I don't know if you want, I can share on this or we can point@cloak.com but it's such a powerful tool because it's visceral. And we made the phone number because, like, hey, just call it. No information needed. You know, to type anything. You feel it right then and there.

Arjun Bhatnagar (24:58)

The episode is called A Hacker's Insights on youn Privacy. And it dropped June 5th. Catch it in your Threat Vector feed and find out what your phone number is really saying about you.

Dave Bittner (25:15)

And of course, do check out the entire episode of Threat Vector right here on the N2K CyberWire network or wherever you get your favorite podcasts.

David Moulton (25:28)

Foreign.

Dave Bittner (25:39)

Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com cyber and finally, the FBI's Cyber Division is welcoming a new leader. Brett Leatherman, a longtime FBI veteran with deep cyber expertise, will step in as Assistant director following Brian Vorndren's retirement. Leatherman brings more than 20 years of experience from field offices to leading cyber operations, and recently served as Deputy Assistant Director for Cyber operations. In a LinkedIn post, he expressed gratitude for the opportunity to lead pledging to disrupt cyber threats and support victims. Known for his collaborative, forward looking approach, Leatherman aims to build on the FBI's mission to make cybercrime unsustainable. He steps into big shoes Vorndrin helped modernize the FBI's cyber strategy, taking bold steps to disrupt hacking groups and boost victim support. The cyber community will be watching closely as Leatherman carries the torch forward with fidelity, bravery and integrity. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August this year. There's a link in the show Notes. Please take a moment and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing. To neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberworld and see what attackers already know. That's spycloud.com cyberwire.