A

But then guess who gets fucked? The American worker. The guys work at the data centers. Those guys get fucked now. So either or there's you know what? The American people get fucked. That's the fucking problem. Hector Monseager was responsible for some of

B

the most notorious hacks ever committed.

A

Special Agent Chris Tarbell and FBI informants participated in some of the world's most

B

infamous hacks that caused up to $50 million in damages.

A

A life in the shadows Cyber attacks on the rise.

B

Welcome to Hacker in the Fed. I'm Chris Tarbell, former FBI special agent working my entire career in cybersecurity and I'm joined, as always, for free. Episode number 128 by Hector Monsegor.

A

Hi.

B

Hi Hector. Hector is a friend and podcast co host, but also he's a former black hat hacker bad boy who once faced 125 years in prison for his many years of hacking under the name codename Sabu. Our stories collided in June 2011 when I arrested him and then convinced him to work with me with the FBI. Hector is now a Red Teamer, researcher, cybersecurity expert, one hell of a guy. Oh, and co founder over at Safehill.

A

Hey, that's what I'm talking about.

B

That's what the fuck you're talking about. I love it.

A

That's what I'm talking about.

B

Oh, Jonathan's upset. Too much energy. Too much energy. Sorry, Jonathan.

A

Yeah, too much energy. You gotta slow it down, you know? How you doing, buddy?

B

I'm doing all right. Today would have been my father's 81st birthday. Happy birthday, dad.

A

Happy birthday.

B

Yeah, he's no longer with us, but that he's still, you know, you still think about him on days like that.

A

Yeah, man, he's still here, he's still hanging out with us, you know, it's some memories that count, you know. One thing that I always loved, you know, I'm not big on like sayings and people like, hey, you know, think about the bright side and all that nonsense, but it's one thing I did take away when my grandmother passed, which was like one of the most devastating things that ever happened to me. You know, somebody told me, hey, listen, hey. Well, they call me Boo. Hey, Boo, listen, you know, I understand how you're feeling right now, and I know it's not a great feeling. But you know what? You should celebrate those good times you had with her. Those memories, those memories you're always gonna keep. You know what I mean? And so that's what I do, man. So I hope you do the same. I hope you think about your dad and all the fun memories, the good memories you had. Cause that's something you're always gonna keep with, you know? You meet the great equalizer. You know what I mean?

B

We may not end up in the same place, though. You never know.

A

Yeah, that's a good point.

B

So you never can tell. Never can tell these days. But it's funny when you're saying, I don't like sayings and all that. You know what saying I didn't figure out until, like, a few years ago which one. It's always. It'll be in the last place you look.

A

Okay.

B

I never understood it. Of course it is. You stop looking for it once you find it.

A

That is. That's. That is a good freaking point. Yeah.

B

Yeah, you stop looking. So of course it's the last place you look. You'll find it. It's. It. It's done. I didn't get it. And then all of a sudden, I said. Somebody said something to me. It's kind of like I remember exactly where I was when I was a kid. When I figured out why they call 6969, I was like, whoa.

A

Oh, yeah.

B

Oh, yeah.

A

It's funny.

B

It's funny being a kid like that. Like, the things of the world, as you become more of an adult and you figure things out and you're like, whoa, wait a second. What's going on here?

A

Oh, yeah, no, I. I remember. I remember being in high school and then getting a. A copy of the Kama Sutra book, you know?

B

Yeah.

A

And it was so fascinating to me. Cause I'm over here thinking, like, it's gonna be like a sex book and all that. And in a way, it is, but it's like, instead of, like, talking about women, and it's like the references were like, like animals, right?

B

Oh, really?

A

Yeah, you gotta read it. It's really interesting. Cause now. Now you look at it, you're like, whoa, okay, that makes sense.

B

Read it. I picture it as a picture book.

A

Yeah, that's what I thought. That's what it was too. You know, as a kid, you're like, oh, my God, it's a sex book. But no, it's. It's like a philosophy to it. It's fantastic stuff. But, yeah, man, listen, today. Let me tell you something. Today's a good day, is a beautiful day. We got to celebrate. We got to enjoy ourselves with all the craziness happening in the world. We got to make the best of it.

B

It's a beautiful Day that you're back on the podcast. Welcome back. After being sick last week.

A

I know. I heard. You did a great job last week.

B

Oh, on the Patreon. Yes.

A

Yeah, I heard, I heard. You know, there's some good stuff in there.

B

Yeah. Will. Will wants to kick you off the Patreon. It's just gonna be me all the time.

A

Hey, that's fine. You know. No, no, I'm cool with that. You could do that.

B

You know, the people want both of us.

A

You know, it's. It's a fun time. You know, we can sit down with a friend and just chop it up and bs, you know? I love that.

B

Oh, yeah, it's beautiful. And you. You just got done teaching a class. Tell me about that. What? How old? Kids. What did you teach?

A

Yeah, yeah, it was like, you know, college level.

B

Okay.

A

You know, I started off by legal.

B

Legal is what you're telling me. I hear you.

A

Yeah.

B

No, it was Epstein shits behind you. No longer on that.

A

So there's no. There's no Epstein. This is you pushing it? No, it's not a thing. But no, it was. It was really cool. They asked some really good questions. Students were intrigued about cyber security from, you know, the defensive and offensive perspective. And I just, you know, share some insights. You know, I was over here quoting freaking, you know, philosophers and, you know, gave a little history lesson at the end. So, yeah, it was fun. I think. I think. I hope they have some good takeaways.

B

Yeah.

A

You know, I hope they're like, man, this guy is a nerd. You know?

B

What was the best question they asked you?

A

I think the question. A question that we get all the time, but it's still a good question because it sparks some really good takeaways, which is how has defense changed over the last X amount of years? And so you remember the 90s at best, you had a firewall. Late 90s, 2000s, at best, you had an antivirus with a firewall. Neither one works well. Right. At some point, you know, we had a. We had a genius create us SYN cookies, you know, and. And NATS network address translation, which allowed us to really get off the external facing Internet and put a whole bunch of computers behind one IP address shout out to. To the team that built that. But then you, you know, now you move to 2026. What do you have? You had NDRs, XDRs, EDRs. You have all these really cool tools and. But the problem persists. What's the problem? These companies are not properly configuring or deploying them. And so even though the tools are better now, these are the takeaways. Even though the tools are better now, the results are kind of still the same, right? For the most part, it's not one to one, but for the most part, we're seeing the same acts, same ransomware, same extortions. So that was kind of my answer.

B

Man, I thought your best question was going to be, heck, with summer coming back around, aren't you worried about Chris getting cancer on his balls?

A

Well, I could. I could have.

B

Do you worry about my balls as much as I. I think you do?

A

Well, you know, now. Now you bring it up. I do worry about it, because, you know, being out there in the sun, spread eagle like a. Like a cheerleader. Like, I'm not so certain that's a good idea. Like, I hope you're using some sunscreen or something.

B

It is. Did I tell you last week on the Patreon, when I did it by myself, I, like, so went off. I started talking about colonoscopies and that sort of thing and how I'm concerned about people.

A

No, I haven't even listened to the episode.

B

Oh, you haven't gotten there. All right.

A

No, you got. You got to give me, like, a quick tldr, bro, because I have no idea. All I know is that Dingbat, our boy dingbat out of down under, he wrote us an email, like, hey, Chris killed it. But he didn't say anything else. He didn't give me no hints as to what you talked about.

B

Yeah, no. My friend, one of the mean girls, she got a colonoscopy, and so it was fresh on my mind, so I figured I'd talk about her butthole on the podcast.

A

Nice.

B

And then we went over and talking about colonoscopy, how it's so easy, such an easy cancer to prevent, but one of the most painful to die from.

A

Oof. Yeah, I can imagine.

B

So, no, but good on her clean butthole. So we're good to go.

A

Did she send you pictures?

B

Of course she brought them in. She brought him in, showed us.

A

Oh, my God, I gotta meet these mean girls. They're hilarious.

B

Yeah, you'll meet me sometimes. Oh, if you come to that party, they'll be there.

A

Okay.

B

One of her doctors. Again, I don't mean to bring the patreon over under the free show, but one of her doctors was Dr. Shartz. Can you imagine having your last name Shartz?

A

No, no, no. Come on, man. Well, it kind of makes sense. They're in that profession, brother. Like Come on.

B

She said she's sitting there, bare ass sticking out and all that, and that he introduces himself and she just loses it like a 12 year old boy.

A

Hey, I'm Dr. Sharks. Let me take a look at your asshole. Yeah, that's tough.

B

That is real.

A

It's a tough one.

B

All right, guys, thanks so much for the support on Patreon. We really do appreciate it and the support on the merch store. HackerTheFed.com um, again, Hector and I are getting hit up left and right and the pressure's getting huff. Keep this show commercial free. But we're trying. We're trying. We keep it off the free show. We've even thought about putting up another show just to put commercials on that one. So who knows what we're gonna do. But we really do appreciate the help.

A

That's a hell of a concept. It's a podcast with just adverts. That's it, right?

B

Yeah.

A

And you know what's crazy? There's some sick motherfuckers out there that would actually like subscribe and listen to that shit.

B

Oh, sure they would. Just to. Just to see if we put little nuggets in there left and right, you know, Because I do, I listen to this one guy and like he does a live show like on Fridays and it's pretty much just for him to get super chats on YouTube.

A

Okay.

B

That's all it is. Him collect money. But you listen in case he drops the tiniest of nuggets within there because it's not on the regular show. So, yeah, people get involved in the stories and hearing things move along, you know, so that's so funny. If Will didn't handcuff us on banter, we could do a whole show on banter.

A

Listen, I'm a banter guy. We could banter for days, you know. Yeah, I'm totally for that.

B

The problem is we. So we banter on the, on the Patreon episode, but then it just gets into politics and cybers creep over there sometimes. You never know what's going to happen with us.

A

It always ends up with politics, man.

B

I mean, not every time, but. But it's what, it's what's fresh. Because. Because I think I enjoy hearing your perspective and I think you enjoy hearing my pushback on your. Your dumb perspective.

A

Yeah, it's dumb.

B

It's always dumb.

A

Yeah, you know, it's fun. It's fun to kind of go over some of that stuff. I have, as you know, I have a couple friends I talk politics with and it's always the craziest conversations because it's like there's that initial claim and then a retort and then some research and some googling a PDF and then the conversation just stops. Hey, by the way, check this meme out. Here's a picture of, you know, this dude break dancing with no legs. And you're like, what the hell? What the hell? How the hell did we end up here?

B

I believe it's pronounced Maymay.

A

Oh yeah, nice little maymays, man. Remember that stupid debate? The whole meme may shit, man, that pissed me off back.

B

Was it really a debate? I thought, I thought it was a joke. I call it a maybe because Bryce Harper called it a Maymay once on an interview. He's a baseball player for the Phillies. Yeah, that's the only reason I do it.

A

Nah, bro, some idiot convinced me it was mei made. I said it out loud. I was like, that's not a may May, bro.

B

I, I, I sort of did that. So my nephew, my dad had. What is that machine that pumps air into your face?

A

Fluffer?

B

No, no. You know, you know they were like guys with apnea have.

A

Oh yeah, yeah, yeah.

B

They put a mask on sleep whatever the sleep apnea. I convinced it was called a Pap smear machine. Now do you know what a Pap smear is?

A

Yeah, I don't know what a Pap smear is.

B

So for two and a half years I just kept calling it a Pap smear machine. Finally he said it like that's how long I laid the groundwork on this joke in public. He finally called it Bubba's Pap smear Machine. So I go the long term. I don't joke like that.

A

That was a long term campaign, bro.

B

It was, it was. I tortured that kid though. I, I used to like for Christmas I would, I, One year I wrapped up his own clothes as time I got a lady's underwear, man. That was no good. No good. I was. That's why I'm not going to go to the same place as my dad.

A

That's borderline like bullying, bro. What the hell you talking about?

B

I was like, Frank, I'm like 14 years older. I'm just his older uncle. It's like a kid brother.

A

Yeah.

B

So, yeah. All right, let's get into this show. We got a lot of show going. I'm sure will cut all that out because he hates our banter. Damn you, Will. Damn you.

A

He, he loves it.

B

So France to ditch Windows for Linux to reduce reliance on US tech. So I think You've been calling this for a long time that people are going to blowing out Windows, but I didn't think it's be for the same reasons. So France Digital affairs has announced that on April 8 that it will immediately exit Windows in favor of Lennox workstations as the first concrete step in the nation's push for digital sovereignty. To reduce extra. To reduce extra European tech dependency. The move affects government workstations across the ministry. Roughly 250 to 350 machines begins the switch while every ministry and public operator must submit a full mitigation plan by autumn of 2026 covering desktops, collaboration tools, antivirus, AV databases, virtualization and network gear. I see why they're doing it, but I think it's going to be difficult.

A

Yeah, it's going to be a tough one because Microsoft, just like any virus, they've been able to spread across as many surfaces as possible. So this is a great story. I'm looking at it from different angles, if you don't mind. Right, yeah.

B

I'd love to hear all your sides.

A

So angle number one, I am for the technology sovereignty. I'm totally down. If France wants to do their own thing and Europe wants to do their own thing in general, if Germany wants to come out with its own operating system, if China wants to do its own thing, I get it, I respect it, I'm for it. Okay. On the flip side, I think it's a shame. I think it's a shame that we have. It's a shame because we've reached a political state where in less than two years we have alienated so many of our allies, some of them being part of the five eyes, to the point that they're looking at us as a supply chain risk. That is disgraceful. It's shameful.

B

Do you think they actually believe that Microsoft's in bed with the U.S. government?

A

Absolutely. That's their language. You gotta look at the articles, you look at what they're saying. And it didn't start with this. It goes back to last year. What happened last year? Immediately last year. The CVE issue. Right. The whole situation with nist, Mitre and cisa. As soon as Doge, that scam that happened, DOGE came in to prevent fraud or find fraud. Instead they started eliminating government programs specific to cybersecurity. We saw a bunch of different groups, associations, councils being wiped out and then CISA almost got freaking killed off. But the CVE system, the numbering system, the tracking system for vulnerabilities, was immediately affected. And Europe had to Launch their own or push their own, which is great. Again, I'm good. I'm happy with. I'm happy for them with that sovereignty. Right? But it's a shame that we've reached that point where our own allies can't even trust us anymore. And Microsoft and any company, United States have proven that they will gladly jump in bed with the US government to satisfy its needs regardless of the legalities. Doesn't fucking matter. So shout out to France, shout out to Europe, shout out to our friends. It's a shame that we've got to this point. But let's the two angles of looking at it.

B

Let's take a step back. If you're running the joint, your workforce does not know Linux. It doesn't know. It's going to be a difficult switchover. Most kids these days, I mean they run Windows machines. Since they're given Windows machines in school now. I think it's getting a little bit better. I think kids can go do on a Mac. But there's a lot of crossover with a Mac now. You know, you can still use Word and all that stuff on a Mac. You know, the Linux machines, it's not as user crossover.

A

Maybe ten years ago you were right. But now I got to push back on you usually push back on me. I got to push back on you.

B

I ain't pushing back on you if that's what you're talking about.

A

Don't push back on me. I'm not getting excited.

B

No Diddy.

A

No Diddy. Mac is Unix.

B

Yeah, right.

A

If you're able to operate and leverage and use Mac and you're comfortable with it, if you're able to really enjoy your Android or your iPhone and you know how to use the operating system and file system, Linux is gonna be the same. It's the same shit. All you have to do is put a nice UI in front of it and that's it. That's all it is. That's what Mac did.

B

But I don't think, you know, it's like installing programs and it's not as easy as clicking on an executable. You got to do a little bit more.

A

It depends on the distribution. If you're installing. If you're putting Slackware on workstations. Yeah, right. Or Debian. Right. And even Debian has some decent package management systems. But for example, POPOs coming out of system 76, they've come out with the most beautiful UI. It looks like a modern system. I'm using it right now. Shout out to Popos and System 76. And yeah, it has its quirks but you know, with a little bit of effort, a little bit of money, a little bit of investment, you can make it look just like, look, just look and feel just like a MacBook, a Mac OS, same thing.

B

You want to switch Safe Hill all off of Windows. What are you going to do? What are you going to put them on? What are you going to make everybody switch over to?

A

We're not on Windows.

B

Nobody has a Windows machine. Alanis isn't running a Windows box.

A

She has a Mac.

B

Oh my goodness.

A

So we're mostly Linux and osx. We might have Windows for research, but not for like workstations.

B

Are you differentiating Apple's from Microsoft being able to get in bed with the US or you still have that problem?

A

Well, you just had Tim Pool step down. He had Donald Trump on Twitter.

B

Cook not Tim Pool's a hardcore.

A

I think I saw one of his videos recently. But yeah, Tim Cook just stepped down and Trump's message about him was, was crazy. You guys got to read it. You know, I think that, you know, any US company that wants to do business and make money, at the end of the day, ROI is important to US businesses and investors. So they're gonna, they're gonna, they're gonna get in bed with the US government regardless. We're not seeing any pushback. In fact, the whole tech bro scene, we've talked about this. You know, during Trump's inauguration, who was there?

B

All tech bros. Oh, and Joe Rogan.

A

Yeah. So you know that, that right there answers what you need to know.

B

I don't know, I, I again implementing it I think might be a little more difficult than they're expecting. I think finding certain tools to operate, you know, I know the medical field has had that, that problem. A lot of these, you know, small things are, you know, software applications are written specifically for Windows. So yeah, switching over, I mean that's, that's the reason why there's so much legacy in a hospital setting is these old ass tools that have worked and, but they didn't have any security, hence why they were the target of ransomware 7, 8 years ago.

A

Even right now, I mean it's, there's still a major target. But you know, you bring up a good point. So I've dealt with customers that are hospital networks or healthcare networks and they'll tell me like straight up, hey, heck, you know what, during your internal pen test, Red team, whatever it is you're doing, please ignore this IP range. Why? Well, because these computers are so old they're running very important X, Y and Z. Right, Software and, but they're running on like Windows 7, Windows XP and they'll crash and once they crash it's going to cost us untold amount of dollars. So yeah, that is a problem. But what we're talking about here is workstations. Let's see how France does it. France could do it really well. China's done it, China uses Microsoft. But for the most part in their government, a lot of them are using Linux or similar.

B

So what do enterprise EDR looks like on a Linux based network?

A

Not good. Not good.

B

There's not a solution. So there's a problem right there.

A

You have CrowdStrike, you have some other solutions, but with no disrespect to CrowdStrike, like their EDR for Linux is not where it needs to be. So there's definitely problems. You're 100% right. There are gaps that need to be addressed before a widespread adoption. At this point you kind of stuck with two evils. Are we going to continue to trust Microsoft, which we know, you and I both know, they don't give a fuck about your security and they'll get in bed with whoever's in charge, whether it's Biden or Trump, it doesn't matter who. Or are you going to, are you going to trust in what Steve Jobs left behind with Apple?

B

Why is there a giant hole? Is it because capitalism, we haven't had a need for it, there hasn't been enterprise deployments of Linux. So why, why invent something that we don't need?

A

I think that for the most part Linux and Unix, BSDS, FreeBSD for example, have served us really well for servers. I mean they power like 90% of the servers on the Internet, right? Mac obviously went the BSD route, the Unix route, and they did a great job at building what they have. Linux, on the other hand, you know, there's a lot of, we could get into a whole debate on that one, why Mac or Apple could have went with Linux as their underlying operating system. We know that Google did that with Android, right? And there's pros and cons to Android and osx, right? So you know, what's it going to take? This is what France and Germany and Britain and all these European countries, Australia over there and you know, Asia Pacific. What they all going to have to figure out is who's going to bite the bullet, right? Because somebody somewhere is going to spend a shitload of money to build a Microsoft Windows replacement. It's not going to Be cheap. It's not going to be easy and it's going to be detrimental for any economy to do like a one to one replacement.

B

So we'll see how it goes. We'll keep an eye on this situation, but let's stay over in Europe and kind of go on with this sovereignty type issue. So Europe has unveiled an anti kill switch technology stack as tension with the US Rise, Europe tech companies have unveiled a sovereign disaster recovery pack marketed as Europe's first anti kill Switch stack on April 15 as the European Data Summit in Berlin. To guarantee business continuity if a foreign, primarily the United States vendor remotely disables cloud services. What do we got going on here?

A

Heck, we are the adversary. That's what happened. They're looking at us.

B

Is it, is it all big orange man or is it something, something different than that?

A

It's not the, it's not only big orange man, right? It's, you know, listen, Trump, let's say tramp. Trump, President Trump, Trump, at least have respect. President Trump has some advisors that are not, they're not handling a lot of things well. They're very aggressive in the way they speak. He's adversarial. I, you and I have shouted out and gave props to Pete Exe for some of the things he's done in cybersecurity. Right? He's done some great things. He's aggressive. And so when you have that kind of tone, your own allies are going to be looking at you like, so what they're thinking is at this point the United States is adversarial and then we need to have backup plans. Because if, if, if, if one of the advisors, Stephen Miller decides, you know what, we're not going to sell Amazon services to Europe anymore. That's going to crash the entire world economy. Whether Steven Miller gives a fuck or not is one thing. The consequences could be very real. This is why Europe is like, okay, we're going sovereign here, we're going to split away from the US and we got to have backup plans in place. It's sad that we got to this point, but it's where we're at.

B

But don't you think we should. They should be, Yeah. I mean they should have done this to begin with.

A

1,000%. 1,000%. But it should have happened naturally. It should have. It should have been something like, hey, we like the U.S. the U.S. are our boys. But what if the U.S. gets taken over by aliens? You know what? We need to have our own shit. Right? I'm for that. What I'm saying is the last year and a half has been so adversarial that our own allies are looking at us funny. That's what I got a problem with. I don't like that shit.

B

Well, I mean, from the US perspective, it's kind of tough to call them allies.

A

Why is that?

B

They're not. They're not supporting the US and some of their military actions, not even allowing them to use the bases that we already have there.

A

Come on, bro, that's some ignorant shit. That's some right winger bullshit.

B

No, it's not.

A

Yes, it is.

B

It's fact.

A

During Vietnam. During Vietnam, there was 300,000 South Korean soldiers that fought along. Outside Vietnam, that was. Hold on a second.

B

Where's it go?

A

That's just the beginning. That's just the beginning. You fast forward to Afghanistan. Forget Grenada, forget the Dominican Republic, forget Cuba, forget all the Caribbean and South American campaigns where we had British intelligence, we had Australian SAs, we had all these allies helping us along the entire path. You get to Afghanistan, 9, 11 happens, you get to Afghanistan. Every single ally we've had lost soldiers, they die for us. I respect that shit.

B

Hold on a second. It wasn't just us.

A

No, no, no.

B

We weren't the only one that ISIS was attacking.

A

No 1000%. But when we went and made the decision to go into Afghanistan, and we're not talking about isis, we're talking about Al Qaeda first. I'm going through a timeline. Magna 11 happens, we go into Afghanistan, we make the decision to do that. Our allies were there. Fuck, we even had an ally in Africa sending us cows. Right, like this is what I'm talking about. Iraq. Even though Iraq was an obvious blunder, everybody could agree our allies still supported us with men on the ground. You know, you had British snipers getting shot, you had Australians getting kidnapped, you had people dying on our behalf, knowing it was a blunder. Then you fast forward. Then you have to deal with isis. Yeah. ISIS affected everybody. They attacked the British, they attacked everybody still alongside our allies. We did what we had to do. Now you fast forward, okay? Spain didn't let us use their base. Spain doesn't agree with the situation in Iran. Guess what? Spain was right. It fucked everybody. Everybody's fought. You want some of our allies? I'll tell you about our allies in Australia. My good friends in Australia, their fucking gas is like US$11. Let me ask you a question. How many of these pussies down south in fucking South Carolina could afford $11 a gallon and not fucking commit some craziest Suicide. They'll go crazy.

B

They didn't know we're going back in history. They didn't owe us that.

A

Who didn't owe us what?

B

All our allies didn't owe us that. All these things you just said. Hitler didn't. Hitler didn't invade us. That go over and that shit.

A

Yeah, but we, we, we allow.

B

Listen, bro, we lost a lot of people over there.

A

That is very true. But we fucking also ignored that shit. And we even had a US Nazi party in the Master Square Garden do a massive presentation. We had an American Nazi party. You know that shit.

B

Sure there's a lot of fucked up people doing a lot of fucked up things, but that's not the majority of our society.

A

We ignored the Hitler problem until Japan hit Pearl Harbor. That's the reality. That's when we got involved. If Japan never attacked us, we probably were sitting here like isolationist assholes. Play with ourselves. That's the fucking reality.

B

All right, all right. We're going way off cyber here. Way off cyber. This is like a Patriot episode. You're going out there.

A

Here's the fucking reality. Our allies have supported us whether we were right or wrong. And us treating our allies like is the reason why they're looking at us like adversaries. We need to grow the fuck up.

B

I don't know. They can go get their own fucking toys, their own ball and they can play with their own ball. Get your own fucking cloud network.

A

Well, yeah, that's going to happen. We know it's the consequence of that, right?

B

What?

A

Amazon is going to hurt. Microsoft's going to hurt. Google's going to hurt because they're about to lose billions of dollars in customers to European counterparts. This was an economical disaster. Yes. You know how much money the Europeans are spending on Google Cloud, Amazon and fucking Azure? And now if France comes out with their one to one parity alternative, any dollar that.

B

Who's going to put that infrastructure.

A

Well, that's the fucking, that's the million dollar question. Who's going to bite the bullet to do that? Yeah, right. Google.

B

Google and Amazon and Azure, they're just going to spit up fucking European countries or European companies that are just. Yeah, their infrastructure is already over there. It's just going to spit it off. Just. All right, here you go. Here's your infrastructure anyways, it's just going to be them as the parent company.

A

That is true. But then you know what's the consequence of that is. Right, yeah. So Google still wins. You're right. Google and Amazon, they're Still going to win.

B

Billion dollar companies never lose.

A

Yeah, but yeah, it's all priced in, right? Yeah, but then guess who gets fucked? The American worker. The guys working in the data centers. Those guys get fucked now. So like either or is. You know what? The American people get fucked. That's the fucking problem. That's the problem, Chris.

B

I think the Europeans are a little fucked themselves, but c' est la vie. Craziness. Heck. Crazy. So Rockstar hackers research stolen data reveal that Rockstar was the. Was right to not pay them anything for it. So Shiny Hunters, back in the fucking news. Shiny fucking Hunters hacking group comprise compromised Rockstar Games via third party breach of an AI business analyticals platform. They stole roughly 79 million business records from Rockstar's Snowflake data warehouse, demanding $200,000 in ransom with an April 14 deadline, and then publicly released the data on April 13 after Rockstar refused to play. The stolen data consisted of Internet sales revenue and player metrics for GTA Online and Red Dead Online. No source code, no gta, six assets and no high value intellectual property. So they weren't going to pay and so they put the data out there.

A

Well, this is why it's important for you to know what's out there, for you to have an understanding of your assets and, you know, do some proper threat modeling and risk management. Here's the reality. A lot of companies use. They use, what was that service?

B

Anodot.

A

Snowflake. Okay.

B

Oh, right, yeah.

A

So a lot of companies use Snowflake for like metrics, use that shit for like logging of metrics, like this player did this at this time and blah, blah, blah. Most of it is bullshit. It's Fugazi, right?

B

Fugazi.

A

It's Fugazi. So I know Rockstar was like, where the hell are we gonna pay for metrics? And yeah, there's some revenue stuff in there, but that's public shit anyway. We're a publicly traded company, you know, like, so who cares? They did the right thing. But guess what? If Rockstar wasn't aware of the assets that they had exposed within those sectors, they would have probably paid because ignorance is going to drive fear. But they knew exactly what was on it and like, nah, we're not paying for that. It was the right move. It's a great lesson for companies out there.

B

What exactly is the lesson? Just to know which assets are being breached.

A

No, no, no. You have to know your attack surface. You have to understand your threat exposure. If you're using Snowflake for metrics, Metrics that are not IP metrics. It's not going to hurt your business at all if it's leaked. If you know that and then someone tells you, hey, we just hacked your Snowflake account and we have all of your data. Give us a hundred million dollars. You know, risk wise, ROI wise. It doesn't make sense to pay for metrics because you're aware of that. There's some companies that don't even know that there are some companies and lawyers are like, oh, we have a breach, we're going to have to pay this out.

B

No, I guess. But it's still reputational harm. It's still the grab the headlines that, that Rockstar was hacked gaming company. You read into it, though, you read into it, it doesn't sound, yes, you and I understand what fucking happened, but people that just read headlines, clickbait and shit, they don't understand that it's just a fucking metrics that they walked out the door. I mean, you kind of gather that from the $200,000 asking price. I mean, Rockstar Games is a billion dollar company. I mean, it's true. I would ask for something a little higher.

A

Yeah, ask for like, you know, half a percent of something, but, you know, the 200,000 was a dead giveaway. The attackers knew that there was probably nothing in there. Right?

B

Dead giveaway.

A

Dead giveaway. But it also. Context, Context is everything. Rockstar, they make video games, they make most of the money with gta. Grand Theft Auto, right, that they're making. They're killing. I'm not sure you saw the numbers. They're making like $40 million a month for some craziness, Right? It's ridiculous numbers. Do you think their players give a hell? They give a crap that Rockstar got hacked.

B

No.

A

You know what they care about the gaming service online. So you can log in after school or after work and play some gta.

B

Stealing a car and shooting a cop in the face, that's what they do.

A

That's right. Or going to the strip club and throwing some, you know, digital bucks at somebody. Now if you. Let's change the story now. Let's say it was a massive law firm or a massive, like IP holder. Now the conversation changes because almost anything associated with that organization, whether they decide, decide to pay or not, whether the security team decides, hey, you know what? We don't have to pay these guys. Doesn't matter because if they're in the financial space, guess what? They're paying. The cyber insurance company's paying. Right. The lawyers are paying. And the conversation at that point is different. So because they're a rock star and this happened, it makes sense where they're like, middle finger up, keep it.

B

Have you seen anything of how this compromise happened? I wasn't able to find exactly how it happened.

A

So if this has to do with the Snowflake breach, then it's a third party SaaS provider, Anodot. You know, they were compromised. I don't know how they were compromised, but the adversaries, the groups then were able to. Shiny Hunters were then able to get like oauth keys tokens for authentication for Snowflake. And then they started extracting a bunch of stuff. Oh, listen. Same, same, different day. It smells. It smells worse than it did yesterday, but it's the same.

B

Yeah. Oh, yeah, you're right. Stolen off tokens. Yeah. From the SaaS platform. Yeah, yeah. All right. Someone bought 30 WordPress plugins and planted a backdoor in all of them.

A

Man, of course.

B

Can you imagine planting 30 backdoors? Jeez, that's a busy night. An unknown buyer legally purchased the entire essential plugins portfolio, 30 plus popular WordPress plugins on Flippa Market in early 2025 for six figures for inherited WordPress.org SVN commit access, and planted a sophisticated PHP deserialization backdoor in all the plugins, starting with version 2.67 for Countdown Timer ultimate on August 8, 2025. The backdoor remained dormant for eight months and then activated in April of 2026 with hidden injection SEO, spam redirects and fake pages via PHP modification on hundreds of thousands of active installations across 31 affected plugins. Diabolical or just some kid with us?

A

It's definitely diabolical. It's structured, it's planned out, it's coordinated. You know, it could have been a kid that got ransomware money and converted that to some sort of USDC and bought the plugins. And the developer was like, yeah, I'm not making any money no more. Here you go. Um, and yeah, Flippa's dope. You go to Flippa right now and buy, you know, developer accounts or, you know, projects. WordPress plugins. Yeah, yeah, Flippa.com has been doing that since, like 2012 or whatever. They've been doing it for a long time now. The problem with that is, especially with an old ecosystem like WordPress, those plugins go dormant left and right. Those plugins get bought out and sold and compromised. You have no idea what you're installing. It is a supply chain nightmare. It really is. I'm surprised this doesn't happen more often. Especially after all these ransomware kitties got access to money. Because that right there, that's the easiest way to compromise hundreds of thousands of websites simultaneously, instantaneously and perpetually.

B

But it seems like they fixed this pretty fast. So they're paying six figures for this, for one day of access. They, they fixed it on. They permanently closed the, the plugins on April 7 and then pushed an auto update. So this guy paid six figures for 24 hours of. But again, it's stolen money. Maybe it's just for the ls. A lot of people do things for the lulz.

A

Well, look what happened. I don't want to admonish any, any anybody, but remember what happened recently with this supply chain attacks. It ended up compromising Light LLM which affected hundreds of thousands of developers. The guys that were tpcp, you remember those guys? Sure, they, they went in bang, bang, bang, super quick, they stole a bunch of credentials, they started hacking immediately. 24 hours is enough time, Chris. Oh yeah, it's true, it's enough time. So

B

I don't know, we'll see. There's no one, no arrest been made, no attributions, no further leaks reported, but classic supply chain ownership takeover. I don't know. You think Flippa is going to have any sort of ramifications on this one?

A

Nah, just like Google Ads continues doing what it's doing, Flippa, you can use, you can still use Flippa to buy and sell plugins. It's going to continue to happen. It's going to continue to happen until a massive hack comes. As a result, you know, the next plugin could be used by, let's say, the Church of Latter Day Saints or something. And then all of a sudden it's like, you know, Lucifer in the front page because of a back door, you know what I mean? Like once that happens, it's a big story that flips like, oh, we can't sell plugins no more, unless you know, it's KYC and blah blah, blah. Right.

B

Interesting, interesting shift. So there's a Kraken security update. Kraken crypto exchange which is out in Wyoming, disclosed it's being extorted by a criminal group that obtained videos of internal client supported systems showing limited client data. Two separate insiders, incidents involving support team members who inappropriately access client records. No system breach, no client funds at risk, and Kraken will not pay or negotiate. Approximately 2000 client accounts, about 0.02% of total potentially viewed across both incidents. So now we got an insider threat here. People videotaping inside data, giving access, selling it, or. I don't, I don't know how they got the information, how they pushed it out.

A

Insider threat. Support staff probably got paid a couple bucks. Hey, open up your phone and record the support session. It's just, we've talked about this, We've predicted this for years. Long time ago, you know, Shit. When you and I was really talking about this heavy. It was around the time that all the T Mobile sim swaps were happening. T Mobile was hit really hard by it. Those guys were getting paid like 40 bucks to do a SIM swap. It ended up, you know, stealing $2 million. Uh, yeah, no, this is gonna continue to happen. You know, there was a point that I made a while back, I think last year when we covered the North Korean, North, North Carolina story. You're gonna have a lot of employees that just don't care. They're not get paid. They got, they're gonna, they're not getting paid enough. And they're doing it for the laws. And so you have to look at how to compartmentalize their access. But here's the thing. Support people need to access account information to be able to supply support. How do you deal with that? That's a problem.

B

Do you think it's, they're not being paid enough or you think there's not enough punishment?

A

There's no accountability? What, are you going to get fired? Those two guys probably got fired. Now what, you're gonna get high by T mobile and do the same shit?

B

You don't think they're gonna be held criminally liable?

A

No, come on, brother, that's, you know, you know, you know, you know better than anybody.

B

Yeah, it's hard to prove.

A

It's hard to prove. Right. You told me so many times when I would ask you about a case or something like, hey, why isn't this guy getting arrested? Or why, why isn't this guy. Dude, it's hard to prove. There's a whole process like you can't just, you can't just look at a video of a guy taking the shit aside. One quick, all right, I'm arrest this guy. Because then like his back is turned, you know, what if it's the same guy? What if he has a fucking doppelganger, right?

B

How do we prove it's him beyond a reasonable doubt? It's very difficult. It's the system that protects us, but also it protects those that are guilty.

A

Oh yeah. Oh yeah, 100%.

B

So it's a great system. I wouldn't go against the system, but, you know.

A

Yeah, I wish there was ways to improve it without compromising it, you know, but I know it's a tight rope walk.

B

Does this scare you as a business owner?

A

Yeah, it could happen to me. I could hire somebody where I think it's amazing and then they're going through something or they're broke or they need a couple bucks and they'll take an internal screenshot of one of our customers reports or something. I can't do nothing about that. The best I could do is have them work through a virtual workspace which like Amazon offers. Amazon offers like a, like a virtual desktop. You log in, you can control through that, you can see what they're doing. Right. But one, that's expensive. And two, like you still need a babysitter, you still need somebody to oversee that, you know, otherwise you're just collecting evidence. The problem is you want to try to catch it before it happens or in the middle of it. Because once that, once that leaks, like it's over. Like your brand reputation is terrible.

B

You know, there's no EDR solution that could come up with some sort of like a thing where this data was exposed. Like almost like an investigative type tool. Like this data, the exact data you're looking at was accessed by these two employees on this day. Those are your potential leaks. Investigative start points.

A

Yeah. So you have, you have really good or really crappy data loss prevention software, dlp. Some of them do what you just said and some of them just block you as soon as it identifies an anomaly, which is a problem because a lot of people are constantly opening up tabs, opening files, and they can't keep having to keep authorizing the freaking DLP box. So this is why DoP failed a lot of, a lot of companies and, and in some cases, you know, could have done some really good work in this space. Those supply, those support guys that did what they just did. DLP software could have called that 1,000%, you know, their odd anomalous behavior. Why are they scrolling to 2000 customer accounts? What is that? Right? But yeah, that's kind of where we're at.

B

I think it's going to get worse. I think the, you know, the insider recruitment type activity, I think it's just going to get worse. You know, more and more people, you know, putting their out on LinkedIn. I worked here. It's too easy to find people. It's too easy for these, the bad guys to reach out. Hey, it looks like you have access to this Take a screenshot, do this, do that.

A

Well, look, then you look at. Of course there's two factors in play, right? One is the, the economical situation here in the US There's a lot of people that are doing support. They're not getting paid. You know that. They're getting paid $15 an hour at most. They're making 32 to $40,000 a year. That's nothing for support system because it has access to everything.

B

It's not a revenue maker. It's a cost center. If you're running a business, you know, I got to keep my cost center down. You know, supporting clients isn't what's bringing money in the door. I've already got those clients in the door 1000%.

A

So that's one. Then the second one is all the ransomware victims have been paying all these years. All these little ransomware groups, they're sitting on piles and piles of bitcoin. So you take one of those guys, hey, Buddy, you want 10 Bitcoin? Take a screenshot of this customer's account. That's all it fucking takes.

B

Yeah, it's a good way to get rid of your, to wash your bitcoin too.

A

So true.

B

It's tough. All right, guys, reach out to us@questionsackeringthefed.com. my boy's voice is banged up. We gotta get back into rants. I think people are missing your fucking rants.

A

Well, I had a rant today. I had a good rant today.

B

Yeah, you did, you did. I had to calm you down. You called me a fucking right wing lunatic.

A

I didn't mean that, but I didn't say that. I implied that you were, you know, kind of pushing out right wing of talking points.

B

Jonathan, get this guy's ass in line. Enough of this.

A

He's trying.

B

Love that guy. I love that guy. One of our best listeners. Oh, yeah, Support Hacker the Fed on Patreon. Guys, we appreciate it. Safe Hill. Thank you for everything you guys do. We got another Safe Hill event coming up soon. I'm excited about that. I got a text.

A

May, right?

B

Yeah, it'd be nice. Help us out on the merch store. Hacker in the fed dot com. You guys want different shirts? We could do different types of shirts. Let us know if you want some sort of slogan or something. Or Alanis come up with some good ideas. You think? Alanis is listening 48 minutes into the show still.

A

She, she does. She does. I know she does.

B

I know.

A

She, she, she was. Listen, she was listening to your episode by herself last week. She's like, oh, my God, it was so good. It was so funny. I think, bro, she's, she's great. You know, we gotta slip in like, like some little, like some troll messages to her or something. Some indirects for sure.

B

Let's just have her on the show. Let's have her come on and let's do like a 20 minute interview with her.

A

All right, we could do that. That sounds fun.

B

Yeah, yeah. She'll have a good time. We'll get inappropriate with her. We. I will. You can't. You're. She's one of your employees. You have to be.

A

Stop that. Yeah. We don't have an HR department, but I don't want, you know, I don't

B

want to get to that point exactly. Five star review wherever you download or subscribe to your podcast. Guys, help us out. Blow up the show we're trying to blow up. And just talk about cyber. A couple telling you about all the cyber going on. Share us on social media. Tell your co workers, tell your friends, tell your lovers. Say, get up in there. Get all up in those guys. Those guys care about your colon health and your cybers. Eat some fiber once in a while. Clean that out. Colon blow.

A

I was about to say, would you do that? You know when you put the thing in your butt and then the colonic.

B

High colonic.

A

Yeah, yeah.

B

I want to go as a group of people. Me and the mean girls are going to go and do it together. No way, dude. Same hoes, same hose.

A

Same hoes. Or all the hoes. I'm kidding.

B

I'm kidding. We're not so. But no, I can see. I can see where it's nice. I could see where it was. I. You know, speaking of, like on these lines and things, dude, I would love to do like a fast. You know that the colonoscopy, how you have to like your brains out, you feel good afterwards, you feel clean.

A

Yeah, yeah. Fat. Awesome.

B

Yeah. I'd love to do it. If I wasn't hitting the gym so much and needed concerned about protein and all that, I would definitely do like a 72 hour fast.

A

Yeah. Wow.

B

Fun times.

A

Oh, brother. It's been a pleasure.

B

It has. I love you and respect you and I can't wait to talk to you again next week.

A

Of course. Let's do it. Let's make it happen. Cheers.

B

Cheers.