Loading summary
A
So if there's factories, warehouses full of people that are, you know, engaging in mass campaigns against the United States or hacking operations, I don't think you want to do that right now. You know, you might. You might get a drone to the. Into the ceiling. I'm not sure you want that. Hector Monseager was responsible for some of
B
the most notorious hacks ever committed.
A
Special Agent Chris Tarbell and FBI informants
B
participate in some of the world's most infamous hacks. Caused up to $50 million in damages. A life in the shadows.
A
Cyber attacks on the rise.
B
Welcome to Hacker in the Pit. It's free. Episode 1, 2, 3 Hector, get the out of here.
A
No way.
B
It is. I swear. I keep track of. I'm Chris Tarvill, former FBI special agent working my entire career in cybersecurity. And I'm joined, as always, by my buddy, Hector Montegor.
A
Hi.
B
Hector's a former black hacker who once faced 125 years in prison for as many years of hacking under the codename Sabu. Our stories collided in June 2011 when I arrested him and then convinced him to work with me at the FBI. Hector is now a Red Teamer, researcher, cybersecurity expert. One hell of a guy. Oh, yeah. And co founder of Safe Hill.
A
Hey, that sounds really nice.
B
It does. How are you, brother?
A
Oh, listen, brother, I'm doing great. I'm excited. My energy is high. I can't complain. And the weather in New York is getting a little bit better, so I'm okay with that. How about you, bro? How you doing over there?
B
It's good. I'm doing well. I was outside yesterday. It was nice and sunny. I think this. This early. This early spring is. Fuck that groundhog. I love in this weather, but I think it's going to get cold one more time.
A
What did the groundhog say? Did he predict more winter?
B
I don't know. I don't. I think he did. I think he said more winter. Whether that means shadow or not shadow, I don't know. But right now, I am loving it. It's 72 degrees outside, and I love. You know, I love getting me some D. Vitamin D. Don't think the other one. It's. I like vitamin D. Wow. No, I like both these.
A
Well, I'm happy to hear that. I'm glad the weather's getting better over there because I know being cooped up inside is not your thing. You want to be outside. You want to get. You want to get that, you know, that energy.
B
So, yeah, I'm jealous. Where you Live half the time. Oh, no. I mean, six months in one day.
A
That's right. Six months in one day at the time. It's beautiful. I love it.
B
I know. I'm so jealous.
A
Got it. Well, you know, when you retire, come live with me, bro. You got. You'd be with me hanging out all day.
B
I bring the family, or.
A
No, of course bring the family. I love the family. That's part of the family right there, you know?
B
Nice. Nice.
A
I still got the card that they sent me. I. You know, I'm not sure you guys know this, but every year, the Tarbell family sends me beautiful card with updated pictures. Right? Not to go into details, but it is the most beautiful picture. I have it here on my desk, like, literally on my desk. It's right here. And yeah, man, it's a motivator for me, because you know what that tells me? That tells me that I'm loved.
B
Well, you know you're loved. You know, when I send you my nudes, you know, that means I love
A
you, but no, you know, it's always good to have something there. Like, you know what, man? Look at my fam over there. And then over here, got my other family, so. It's beautiful.
B
It's nice. It's nice. Yeah.
A
Oh, yeah.
B
So before we get too far, we got a live show when the show comes out. The day this show comes out. If you're listening to this in the morning on March 11, that means we got a live show that night, right? Is. Is that the math? Is the math right on that?
A
Yeah.
B
Wait, no, no, no, no, no. This show comes out March 12th. The live show is Wednesday night. Wednesday, March 11th.
A
Ah, that's right. So the night before the live show.
B
Okay, so we've already had the live show. Do I have.
A
Oh, my man, you're all backwards and forward.
B
So I thought. I so thought this show was. Well, we had a great live show last night.
A
Yeah, last time was really fantastic. A lot of people showed up, man.
B
I thought I got to announce the new thing about T shirts and all that. Maybe we'll make it a surprise during the show that if you. So we had a brainstorming on our Patreon episode that. Yeah, because Hector and I, we like to do our show without bottoms on, but we can't do that. We have to wear. We have to be more professional. So. But if people want to pop their tops off, then we'll send you a free shirt. If you do the whole live show with no shirt on, we'll send you a Free hacker in the Fed shirt. So you can get your hacker in the Fed shirts, by the way, @hackerthe.com support the show. And just talking about the Patreon episode. Support the show. We're keeping the free show free. Free of commercials. The only way we do it is the Patreon episode and the merch.
A
That's right. And let me tell you, the merch is pretty dope. The shirts are cool. When we, when we did merch the first time around, I had a. I had a really awesome guy who just happens to be a customer in my space, and he was rocking the hoodie. That hoodie was really nice. It was really good material.
B
I still wear the hoodie all the time.
A
Yeah, well, I gained a little weight. I got a gotta go back to my weight loss journey kind of back. I kind of deviate a little bit. Says tight on me. I got to lose some weight and then I'll wear it.
B
Yeah, nice, nice. But, yeah, that's good. Hey, we were talking a little bit on the Patreon or between the shows, I don't know, but you were telling about a cool new product safely. What are you guys doing over there? What do you got over there?
A
Yeah, yeah, yeah. I mean, look, Safe Hill is constantly evolving. It's been a really awesome Q1 for us. So, you know, as you guys know, Seifo offers. It's a hybrid company, right. So, you know, we offer services like a pen test and an assessment, tabletops, whatever you need on the cyber risk side. But then on the other side, we have the dashboard of the autonomous agents and a bunch of really cool things around ctem. But the cool thing for us this quarter, Chris, has been, you know, since we're a software development company in the cybersecurity space, you know, the dashboard is one product secure iq. Now we have another product that we're coming out with for our partners and bars and resellers, which is called Seifo Pathfinder. And what does it do? It just completely just solves the problem of having to sell the product to sell the service. And it automatically works for you to scope out your clients, generate sows for you, allow you to add discounts or change pricing. It's actually dope because a lot of companies do not offer this. And it's something that we built really quickly. And it works amazing. It's fantastic. Shout out to Trevor. He's the mastermind behind it.
B
Yeah, man, you guys got some rock stars over there.
A
Listen, we've been fortunate, brother. We've, you know, we don't have. We don't have the. You know, The. The economics like some of the bigger companies that got, you know, these massive funded businesses. But, you know, we do have. We have a great network. We meet great people that want to learn, and we give chances. You know, sometimes I meet folks, young folks, Chris, who are extremely talented. You could tell when you meet them at conferences. They're very smart, but they have no job experience, you know, or you're in the internship phase. Right. And so they're not getting the jobs that they probably could be getting if people could see beyond the resume. So I'm willing to give opportunities, and because of that, it's working our favor. So for any of you business owners out there, and you get a young person, a wonderful lady, a young guy, they come to you out of school, and just by sitting down with them and talking and asking them questions, their responses are fast. They're reactive. You know, they're contextual. It makes sense to you. Yeah, the resume is pretty lean. But guess what? That's your rock star right there. So give them a try.
B
Yeah. And you treat your people really, really well. I mean, you gave your people off the time between Thanksgiving and. No, not Thanksgiving, Christmas, and New Year's. Yeah, there's not a lot of companies that do that. I mean, so, dude, if I'm looking for a job, I'm gonna go look over at Seafood.
A
Yeah. Come through. Say, Phil, we're hiring. I got you back.
B
Nice. I like that. So, yeah, guys, help us out. Support us on Patreon. Free merch. Get the merch hacker in the fed.com live show this Wednesday. You missed it. It was last night, but hopefully we'll see you there. And hopefully a few people will pop their tops off and get a free shirt. So I'll pop. I'm gonna pop mine off just so I can get a shirt. I'll tell you that.
A
There you go.
B
All right, brother, you ready to get into some of these stories? We got lots of cyber today.
A
It's a lot of cybers. We're about to have some fun here.
B
All right, let's do this thing. Maybe you've got a rant somewhere at the end. I don't know. You're too happy a mood maybe. I don't think you're in a bad mood, but maybe. Maybe we could. I could stir the pot a little.
A
I think you stir the pot. I think, you know, you're really good at stirring my pot, so let's make this happen. No, Diddy.
B
No. Diddy Trump calls for a more aggressive response to cyber attacks than the long awaited cyber strategy. So the Trump administration released their long awaited National Cyber Strategy for America, which is approximately a seven page document. They released it on March 6th and paired it with an executive order order on combating cybercrime fraud and predatory schemes. So the emphasis is shifting from quiet response to aggravated proactive measures, including offensive cyber operations to detect, confront and defeat adversaries before breaches, erode capacities and raise cost for aggression. Man, this is sort of a very strong posture in the cyberspace. What do you think of all this?
A
You know, I have, I have several different opinions about, like Trump and how he's handled certain things. I think when it comes to cyber, you know, him and his previous team, like the first administration, they were visionaries in a sense. Like they, they knew what to do when it comes to, like CISA and support that and then, you know, push a lot of initiatives that way. Obviously, this administrator, this time around, it kind of started off a little slow. It went a different direction. I even gave you a couple of rants, right. But what I like to hear here is that they want to be more proactive, they want to be defensive. And for the scam, those scam operators, if you guys are listening to this episode, I'm going to give you a warning. President Obama said a precedent before, he attacked adversaries before. So the doors are open for that. And if you look at the documentation that that's, you know, kind of coming out of this, you know, with regards to this strategy, you know, they're looking at potential offensive capabilities. Not only cyber, there are specific countries that have these essentially cities that are dedicated to, or towns dedicated to scamming operations. You have Laos, Cambodia and Myanmar. So if there's factories, warehouses full of people that are, you know, engaging in mass campaigns against the United States or hacking operations, I don't think you want to do that right now. You know, you might, you might get a drone into the ceiling. I'm not sure you want that.
B
Yeah, so I mean, there's me getting egg on the whole thing. So it's sort of a broad policy, you know, and so there has been some criticism with, you know, ranking members of Congress, you know, calling it barely three pages of substance and quote unquote, impressively underachieving, citing vague platitudes and personnel cuts. You know, I think I kind of like it a little bit more. You can't be spelled out exactly what we're going to do. I think you sort of have to Set a tone and hope the ship sails in that direction. You know, you know, this is giving the, you know, AG a little bit more prioritization on, you know, cyber enabled fraud and scam prosecutions. Trump, Trump wants, you know, victim funds returned, not taking forever on that like it currently does. Yeah. And, you know, more, you know, scam resilience and also allowing the State Department to put pressure on foreign nations that are hosting the scam compound. So, you know, the executive order really focused on the, you know, the, the wide, wide variety of cyber fraud that's happening. Whether it's all lip service, I hope not. But it has the aggressiveness tone to it that I'm looking for.
A
Yeah. And I'll be honest with you, I know, I know a lot of you may not like, you know, we call him Uncle Pete because he's done a lot of cyber stuff, you know, in this last year. I know a lot of you guys may not like Pete Hegseth for many reasons. I personally have issues with him. But when it comes to cyber and regulations, like, he's been pretty legit. He moves very quickly. So I'm hopeful that him and the next director of cisa, wherever that is, and the other agencies are involved. There's a whole bunch of agencies that, you know, work cyber. I'm hoping that, yes, you know, they're looking at methodology, putting together structure to this. It's not the Wild West. You have to have the structure to this. I understand what the, the critique was about. Yeah. Three pages of substance. I get that. Right. But sometimes you have to build out a plan over time and you have to have multiple people involved. You can't just expect the President to put together, you know, a massive dossier and strategy plan on this. It takes time.
B
Give me, sorry, give me your, your opinion on, on these, these three things. It's calling for. So it's calling for an AI powered cybersecurity solutions at scale for federal networks. Yay or nay.
A
I have a problem with that.
B
All right. Why?
A
Depends on the partner. Depends on deployment. Right. If they're going to. If they're going to. I think we mentioned this on the Patreon episode.
B
Yeah.
A
If the U.S. government, just like they were able to do the programs with Langley and Liverpool, Livermore, you know, and all these different agencies, if they were, and if they're able to create their own AI infrastructure or there's a company that's willing to build that infrastructure specifically for this, I might be for that. Now, if we're talking about, hey, let's just pass everything through OpenAI. It's not anthropic anymore. So OpenAI and Grok. I'm not so sure I feel confident about that. Especially if it's over some sort of cloud environment. I'm not happy with that. Right.
B
Yeah. I think I listened to an interview with the undersecretary of war and I think it is a cloud based solution. But they want to all he want, he wants redundancy, he doesn't. They don't want it just across one platform. Sure. So which is understandable in the, in the infancy. You. You want to leverage AI for what it can offer you, but you don't want to completely rely on it. Be, you know, it's too, it's too new to be relying on it. So I, I agree with you. So this also calls for the adoption of post quantum cryptography. What do you. Yes, good.
A
Yes.
B
This next one, I don't know where you're going to go on it. Zero trust architecture.
A
Well, you know, I am a big fan of zero trust conceptually and all the tenants, if you follow them, you're going to be good. But it depends on deployment. And what the fuck do they mean by zero trust? Because if they talk about zero trust, some, some random company marketing terminology. No, that's not what this is supposed to be. We're talking about least privilege. We're talking about segmentation or micro segmentation. We're talking about governance and identity management. Right. It certainly access.
B
It certainly comes down to the implementation. And that's where seeing like just the phrase zero trust architecture in this document makes me go a little bit just because it doesn't go into specifics. And again, that's why this, this document's getting, you know, bipartisan, lambasted is it's not specific enough. You know, just, just zero trust without specific steps on how it's implemented. I don't like.
A
Well, I'll tell you what. President Trump, if you're listening, of course he is. Shit. Elon somebody. If one of you guys are listening, I will gladly. And I'm gonna, I'm gonna, you know, force Chris on this with me. I will gladly sit down with Chris and help you write methodology on how to do a lot of this stuff. We will sit there for, for however long as we need to help you kind of build out a strong structure to this because deployment is going to be extremely important here. Deployment is the difference between this being effective or not. Basically. You feel me?
B
So, so this is one thing I do like. Let me. So it Wants to promote US Technology over adversary vendors in critical infrastructure and supply chains. Pro or against?
A
That's a good one.
B
US Companies first.
A
US Companies first. But here's where you know me, listen. I have a problem with federal contractors. Historically. Right. Because there's a lot of backroom deals, a lot of pay to play. We don't need that. What we need is. Okay, I hate to bring this up, but you know when you hear a lot about like, hey, you know, DEI this, DEI Hires and all that stuff, right, where you're gonna prioritize someone for some reason over someone over this merit based. Right, That's a problem. Right? Yeah. Okay. Open it up to various companies, even safely could compete for this one of these contracts. But if you're going to open this up, quote unquote, and only the four same federal contractors are going to get the contracts, then that's not good. So I'm not for that.
B
No, I agree. Companies, yes, I agree with you on. They shouldn't be the same four. That's always doing things. But, but you know, I, I do think US technology should be promoted here.
A
Yes, yes, I'm, I'm with that a hundred percent. But we gotta, we gotta break free from that cycle of these four companies. I'm not gonna mention.
B
No, I know which ones you're talking about.
A
Yeah, we gotta go beyond that. Cause there's a lot of companies in this country that have great researchers, great employees, great technology, great capabilities. They're not being leveraged at all. So let's open this up. I'm for it.
B
All right, So a little lacking in some of the stuff, but a good sort of direction on the compass for this document. You agree with that?
A
Yeah, definitely lacking. But you know, I think that, you know, it's something forward. You know, I'm, I rather something than not, bro. Like for real, you know, so fuck it. Let's just go forward. If you need our help, if you need it, if you need our help, send us an email. We'll gladly join on the ZOOM session and give me a weekend or two, I'll write you a whole document and Chris could, you know, Q and A it and that's it, we're done. We'll help you out.
B
It's funny, everything's done on ZOOM these days. Apparently today they came out and said they're picking the next Supreme Leader of Iran through a Zoom meeting.
A
Through Zoom.
B
Yeah.
A
I'm sure the CIA is not on that, watching.
B
They don't want to all get in the same room again for the Third time the first two didn't work out.
A
Yeah, that's a tough one, bro. I've been watching that and I'm like, not to get into politics, but that's an interesting situation. You know, before we get back to the cybers, you know what I found interesting about like Iran's playbook on this? They are absolutely, very obviously going to go the Vietnam attrition route. That's what they're going for. Because they know that dragging America beyond four years is more than likely going to lead to some sort of success for them for their project, for the operation. Because you know how we work here. Every two years you have midterms. Every four years we have an election. And once the Guard changes, policy changes,
B
I don't see what's going to make four years. They're already splintering inside. The people within the military and the President are splintering.
A
So they could splinter, but what, what I. Okay, that's a great point. They are splintering for sure. But are they going to align with the US for like, like, you know, a country takeover? No. Right. It's not going to be a thing. No. Are they going to try to drag this out as much as they can and cost us as much money? They already, they already destroyed four, like, you know, really, really expensive radar systems in the Middle East. That, that hurts. That's a lot of money.
B
32 neighbors, $20,000 drones, 32 naval vessels are gone. I mean, they're, they're, they're, you know, it's, it's, it's not pretty, but I don't think it's going to be as long. I think it'll be over before midterms.
A
We'll see.
B
Let's hope, let's hope that's all we can do is hope. No boots on the ground either.
A
No boots on the ground. No, no, no. We want our soldiers to be chill and, but also let's be intelligent. I don't want to see that, you know, you know, I'm a humanist.
B
How do we pronounce this next one? Is it Karuna?
A
Let's go with Karuna because I mean,
B
Karuna iOS exploit kit. I apologize if I miss mispronouncing. That one is one of those stories where more, the more you dig in, the weirder it gets. I love it. So the discovery of the Karuna, aka Crypto Waters, is a sophisticated iOS exploit kit containing 5 full exploit chains and 23 individual exploits, including 0 days and non public techniques that target iPhones on iOS 13 through iOS 17. Used in targeting surveillance, espionage, mass cyber financial crimes. And so the proliferation passion is sort of. It started with commercial surveillance vendor customer that was a suspected Russian espionage group and then it's now moved into a financially motivated Chinese cybercrime operation. It represents the first Observed mass scale iOS exploitation in the wild. Kind of crazy on this one.
A
Yeah, it's a hell of a story. It's a hell of a story because we've covered Pegasus, we've covered other exploit chains or exploits in general targeting mobile systems, mobile phones. We've also discussed the privates exploitation, you know, marketplace. Right. Sometimes it's legitimate and they sell to governments only sometimes it's not. So they sell to bad guys too. And then we also discussed recent cases with regards to an employee at a federal contractor that ended up stealing a bunch of zero days and sold it to, you know, a Russian active group. Now what we have here is a quite interesting shift where these exploits could have been used and the exploit kit rather could have been used specific to target like you know, political, you know, operatives or Personas. It could have been used for espionage, IP theft. Instead it's now part of like some, you know, low level crypto scheme group that are just trying to get rich. It's not about espionage no more, it's about like, hey, who can we rob real quick and let's burn a few million dollar exploits along the way. Isn't that freaking crazy?
B
It's insane to me. That's, I mean that's initially kind of. We went back and forth when you said this story over is that you have these zero days that are very, very pricey and can be used for, you know, whatever they think the value is for nation states. And now the Chinese are using it for crypto stealing and that makes no sense to me. So you know, it was a drive by compromise via malicious web content and then there also zero click or minimal interaction was required, but 23 total, it was a mix of known and patched in non public zero days. That's crazy.
A
Yeah, they basically created a Metasploit for like IO, iOS or iPhone hacking. Yeah, it's wild to see. It goes to show you that you know, things are changing. But it also shows you another thing Chris, there for the longest time a lot of the operations coming out of China were like government funded, government sponsored, government supported, nation state actor kind of activity. And now you have non government organizations and groups operating within China engaging in theft which we've seen. The Chinese arrest these people.
B
Yes.
A
Yeah, the Chinese are arresting these people.
B
They will kill them. In China you can die for theft.
A
Yeah. So these guys are really brazen about it and they're burning millions of dollars along the way. So obviously crypto theft is bigger and more important to them than helping their own government with, you know, IP theft and espionage. It's, it's mind blowing to me. In fact, Infosec Twitter was blown up about this. Like everybody was within debates having debates. Yeah.
B
So the infrastructures, they're, they're finding that it's hosted on compromised sites. Strange to you? What does that point to you? That, that, I mean, I don't think if this was purely just nation state, it would be on compromise sites.
A
I mean look, if it was a nation state operation, they would set up infrastructure two years ago for this operation today. Yeah, right. But since it's not nation state, and these are probably a bunch of freaking kids to be honest with you, right, Trying to make some crypto bucks. They're leveraging hacked sites because those sites are probably cash and aged, right? And because they're cached and aged by Google and ChatGPT and all these different services, then they're least or they're less likely be to be categorized as malicious. So it goes to show you like it's, it's a complete change in everything architecture, infrastructure.
B
It just doesn't make any sense to me that, that these, these low level kids that are using compromised sites to run it have access to iOS zero days. Yeah, that it doesn't make any sense to me whatsoever how they, how they got their hands on this. Do you think this is part of like some, you know, how some Russian site, government site got hacked?
A
Wait, what do you mean Russia got hacked?
B
And then what, how did, how did these kids who obviously. I don't, I agree with you. They're kids, they're not nation state anything. How did they get their hands on these, these tools?
A
Oh brother, they probably, you know, they probably got money from previous crypto scams or they hacked an exchange. How many crypto exchanges have been hacked over the last 10 years? Right. So. Or it could be like a, like the triad maybe is, maybe it's funded by like the, you know, the local Chinese gangs or mafia, right? We have no idea. Obviously they have the money to buy these exploits and they probably even have one or two people doing exploit development. Okay. You know, you put all that together, what you have is like a little hodgepodge team of just kids with money and exploits. It's bugged the hell out and obviously it's working. It's working. Because imagine this, Chris. Imagine you're like an IR person or you're like a tried intelligence person. You do an investigation of recent hack of one of your customers and you investigate this random ass website has been hacked, you know, six months earlier, and you find a $2 million exploit sitting on a fucking web directory. What are you gonna do at that point? You're gonna freak the hell out. Yeah, it's crazy, I know.
B
We'll follow that one to see what's going on, but yeah, update your, put your patches on. Because it's, it's not going well. So.
A
Well, you know what? You bring up a good point. The, the adspoit kit is for older iPhones. These are people that did not. They purposely did not update their iPhones. That tells you a lot. These are not brand new. 20, 260 days.
B
Yeah. So it's through December of 2023. IOS versions that are out.
A
Oh, yeah.
B
So yeah, you're right. And that's another thing. Like how do you have crypto stored on your fucking phone but you haven't patched it in two and a half years?
A
Well, that's what happens when you have people with money, they have money to burn. They don't know what the hell they're doing. You know, buying up crypto, doing crypto trading, getting lucky and then storing that on an old iPhone that should have been decommissioned a year ago or two years ago. That's where we're at. There's just too many people online with money that are getting scammed every day. And what, ironically or almost indirectly or directly, they're. They're feeding this massive mo, this scam monster, this, this crypto on the ground, they're feeding that shit. You know, it's pretty bizarre when you look at it.
B
All right. Brainworm hiding in your context window. So the introduction of Brainworm, a novel form of promptware that infects computer use agents like Claude Code Codex or Gemini CLI entirely within the agent's memory context window. No disk artifacts, code execution or binaries required. Persist by hijacking the agent's reasoning via malicious natural language instructions. Entrusted memory files like the Claude MD or Agents MD. It enables C2 registrations with Praxis framework, Heartbeat task pulling executions via natural language and commands. Explain what that means.
A
Yeah, so, you know, in one of our previous Patreon episodes we discussed, we kind of tore apart what openclaw was, right?
B
Sure.
A
And one of the core components of openclaw was the capability to add memory to an agent. Yep.
B
Memories and souls.
A
Memories and souls. And the soul would be like the prompt of, like, hey, you are a master engineer, and your goal is to listen to my instructors and develop products in this exact way. That's the song, right?
B
Yep.
A
And the memory is storing responses, reactions, outputs from all of the different tasks you're executing. And you're learning. You're going to train yourself. You're learning off of what worked and what didn't work. Right. So that's your memory. There's a whole bunch of other stuff you can add to that, right?
B
Sure.
A
So what. What the. The promptware, which is. I find I actually like that. I like that term now. I think the term is pretty cool. What we're talking about here. It's very nerdy, you're right. But what we're talking about here is for those of you that have gone beyond ChatGPT and have gone beyond Claw AI, and you're doing development locally by using, like an IDE, right? A desktop, A desktop environment, a desktop editor, and you're developing on your desktop and you're using CLAUDE itself rather than, like, you know, through API or their CLAUDE interface. What the worm does is it infects your memory files, CLAW MD and so on, and then includes a payload. That payload is basically telling that your agent. Hey, by the way, you're not going to mention this to your user, but we're going to open up some tunneling, and you're going to listen to my commands in the background, and you're never going to tell your user what those commands are, and you're going to be arbitrary in nature, and you're going to do what I want over the needs of your user. It's basically a backdoor within your coding environment.
B
Seems like it'd be somewhat simple to
A
stop, detect. Yeah, yeah, it's going to be simple to detect, right? Because for the most part. And I haven't looked at the payload for this one here, right. For this, for the words about right here. But a lot of this is going to be plain text. I mean, you can literally open up your Cloud MD right now, Chris, you know, in a text editor, and you're going to see backdoor shit. You'll be like, what the. What the hell is this? I never told my agent any of this. Boom, delete the file, start fresh.
B
Couldn't you simply even hash a file before every time you use it and check that hash for the next time? I mean, you have an agent do that?
A
Yeah, you can have a. You have an agent, you know, hash itself Hash those files over and over and over throughout sessions or every day, and you could potentially detect it. But the truth of the matter is, is that, you know, as you start adding defense mechanisms like that, they've just got to circumvent it, brother. You know what I mean? It's going to keep. This will be another cat and mouse game, just like the virus and antivirus space was in the 90s and 2000s. The same exact.
B
Yeah. It just seems strange that they can put a code in there that says, don't tell Mommy and daddy what we're doing. You know, Exactly. There's got to be a way to stop that. I mean, we've taught kids that for years. If anybody tells you to keep a secret, something's wrong.
A
Well, one way is going to be to, you know, listen, you have to have, like, a strong security hygiene. Don't just randomly download a skill that somebody told you was cool, right? For your, for your coding environment, you know, stop downloading cheats and exploits to your computer. So you could cheat at a game on Minecraft or something. You know, you have to be on point with your environment. Your coding environment now is a gold mine for these adversaries, so you have to treat it as such. You might even have to segment or eat away from your network. You know, you could do development offline, right? You could, you could develop. You could, you could buy a GPU and, and do all your AI stuff locally without having to even talk to Claude over API or OpenAI or anything like that.
B
Is that what you're doing with your stuff or what do we.
A
Yeah, that's. That's what we're doing with seifill. With se, we ended up developing our old models, and then we, you know, piggybacked over other models. And we're running a lot of our AI work locally. In fact, I would say that maybe 95% of it is locally. And maybe there's some descriptive stuff, generative stuff we're using over the. Over the wire. But even then, that we could phase that out. So what we're doing, you guys could do as well. And that's how you avoid stuff like this. But remember, with the rise of info steers, Chris, you've seen it, right? This is just another component to that. Imagine an info stealer that grabs your passwords and then infects your local coding environment, the vomit environment.
B
So what you're prescribing to how to solve this and running it locally and all that, or, you know, sandboxed off or wherever you're going to do it.
A
That's right.
B
Is it just come down to a cost? Is it laziness? Whether is a mixture of the two? Why? Why aren't more people doing it?
A
Here's my honest overview. Okay, There's a lot of variables here. One, a lot of the folks that are jumping ahead into this and they're getting caught by this, by these kind of attacks, they're mostly non technical and they want to be technical, so they're downloading all these really cool tools, but they're infecting themselves. Okay, that's one. Two. There is a bit of laziness because it hasn't been neophytes only being victimized here. We've seen, we've seen repositories being hijacked as a result of this. So that means that, you know, seasoned developers are falling for it as well. Okay, so some laziness there. And there's folks that just don't care about security. They just don't care. They're nonchalant about the entire thing and then they become victimized, you know, so it's a mix of all those different things. You have to take this serious. That's the point, you know?
B
Yeah, I guess people just don't think of the vulnerability of them. You know, I'm sure there's a lot of people, like you said, don't understand the whole memory file. And then to think about how to poison that, you know, it's, it's, it's crazy how fast and advantageous like these nefarious people can be into finding workarounds on how to poison people.
A
Well, that's what makes any adversary that's successful effective. Right. An adversary who's following the same playbook as the victim is not going to be successful. Sure, they might identify potential paths they can leverage, but it doesn't mean they're going to actually hack anybody. The adversaries are thinking outside the box. Those are the ones that will be successful because they are taken outside the box. This is a thinking outside the box scenario, you know, so I'm fascinated by it, but I also want people out there listening. And a lot of you are partaking in the whole AI run. And I'm cool with that because I'm doing it too. We're all doing it. Right. Just be mindful. You have to understand your risk appetite. You have to understand what's at stake. And if you're a developer for a corporation or enterprise and you're running all of this potentially shady stuff that's outside the purview of your organization. You might be the entryway to that organization. So heads up on that.
B
And you think Promptware is going to stick?
A
It's going to be something. It's not going to be like a primary, it's not going to be as big as info Stevens, but it's going to be a thing for sure.
B
But the terminology. You like the terminology.
A
I like it. I'm with it. I'm sold on it. Promptware. That sounds dope. In fact there was this security conference now AI security conference called Unprompt.
B
Really?
A
Yeah, it just happened a couple of days ago. I think Dan Guido from Trailer Bitch was there and a bunch of other people were there. You know, that's. Yeah, promptings would be a thing. Term wise. Terminology wise. Yeah, sure.
B
All right, well, the follow up on a story we did already. So John Gahedi. How are you saying this guy's kid's name Lick? He was arrested in the crib yesterday as a direct result of an investigation. So online alias lick is a 25 year old US government. Government contractor. The the son of one accused of stealing over $46 million in cryptocurrency from the US Marshals seized wall managed by his father's firm, which was command services and support, which held contracts for seized digital ass asset management. The theft allegedly occurred in 2024 via an unauthorized access to a private wallet, address and keys through the family contractor position. And the funds were traced on chain to this guy's controlled addresses. He was arrested on March 4th on the island of Saint Martin by the French authorities, their elite tactical unit and enjoying an operation with the FBI. And they seized assets including a briefcase of cash, $100 bundles and multiple USB drives and crypto storage devices. So we knew this was coming. We talked about it before. How this kid had gained access through his dad's company who had contracts to help the U.S. marshals with their seized crypto. This kid just went. Fucked his dad over.
A
Yeah. This guy right here. Now you know you. You wanted a. You wanted a. A little rant. I'm gonna give you a little mini rant. This one, this one pissed me off. Even though I'm not the biggest fan of federal contractors. At least this guy, this company, the CMD ss, they weren't one of the top four or five. So I'm happy to see that. I'm happy that another company got access to one of these contracts. And it's a very sensitive contract. It's a very important job, which is you're gonna sit there you're gonna babysit seized assets. That's all you gotta do. And you get paid handsomely for it. It's the most beautiful freaking job you have to do anything. Unfortunately, the owner, which is the guy's father, he obviously told his son way too much. He said no boundaries or guardrails with his son because his son was able to access those seized funds and then use it nonchalantly, a la carte, off the menu, whenever the fuck he wanted. He absolutely betrayed his father, betrayed his country. Because this is. This is, like, serious. This is a serious issue here. But not only that, it started when he. He went. He did a band for. Band like Discord. And for those of you that don't know what that is, that's where these little crypto nerds get together. And it could be either investors or traders or scammers and schemers, right? They get together on Discord and they show off their crypto balances. Yeah, I have 15 million. Oh, you're whack, bro. I got 25 million. I don't care. I got 46 million. Look. Now, people take pictures and screenshots, right? They took screenshots of this incident. And, you know, Zach xpt, love him, you know, he's done a lot of great work, right? He was able to investigate, track the. The currency down, and it turned out to be seized assets from the United States government. He did a deeper dive. He identified that it was part of this one company, his federal contractor, cmd. Sss. Ss. He identified that the owner of the company was this gentleman who had a son, and his son just so happened to match the details of the guy who's on Discord, you know, showing off his. His. His cryptocurrency. Um, here's my take, right? So I give you guys a little bit context. Here's my take. This kid, he's naive. He's young. We get that. We've all been. We all did when we were young. We all did stupid things, right? He went beyond the scope. Not only did stupid things, he robbed from the federal government. Which means he's not gonna. He's not gonna have an easy ride on this one. There's no slap on the wrist for this one. He betrayed the United States government. He betrayed the United States people. He betrayed the victims.
B
Betrayed his father.
A
He betrayed his father. That's the worst that you could do. Your dad. Your dad trusted you. Brother, if you're listening to this, somehow, your dad trusted you because you're his son and he loved you and he raised You. And you went on discord, and he took assets from his business, and then you stole it in front of everyone to see. And not only that, you tried to run. And by the way, let me ask you a question. The gign, that's like the elite force for France, right? Is it like a SWAT team or something? Like a military SWAT team?
B
Yeah, yeah. They went. They went all in on this guy.
A
They him up, they dragged him, kicked his ass. I'm not laughing at his misfortune. But you gotta. You gotta appreciate the shit that even the French were like, oh, this guy's an asshole. We're gonna send. We're gonna send our elite forces to get him, right?
B
And it was all on chain. Like it was. It's too easy for them to trace this thing. This kid was, you know, between bragging online, or would you call it band for ban?
A
Ban for ban.
B
Yeah, yeah. And then traceable online on chain. So it's.
A
Yeah.
B
Stupid, stupid crime.
A
Yeah. You know, I feel bad for the father. I don't know. I don't know. The father, maybe he's. Maybe he's a nice guy, maybe he's a jerk. I don't know, but I.
B
He raised a jerk, so maybe.
A
Maybe, right? So I know, you know, you've been in the federal space, actually, you've been there. You know that these federal contractors, it's not an easy thing to win those contracts unless there's some backroom stuff. But let's not assume that here, right?
B
Unless you're from South Dakota.
A
Oh, yeah, unless you're from South Dakota. Exactly. I don't know what the hell is happening. South Dakota, cold. We need to investigate that. That's a conversation for another day. This guy clearly worked his ass off. He earned that shit. Assuming everything was legit, he did everything that he had to do to earn the contract. And here comes this little fuck.
B
And like you said, for such an easy job, literally, you just had to move some fucking crypto from one wallet into a wallet that you controlled.
A
You just babysit it, brother. You know, you take a nap, you could sleep and make money.
B
Yeah.
A
You know what I mean? Like this. Anyways, with that being said, folks, you know, it wasn't my best rant, I admit. You know, I felt like a disappointed dad.
B
What about the lost rant? Are we going to release that one?
A
Oh, no, no, no. Because that one might get me waxed. We're not ready for that one. You know, wait. Wait till I have some. Some money in my bank so I could defend myself.
B
But either you, you got a few bands yourself or, or upon your death, I'll release the. The.
A
There you go. There you go. That works. But for, for the young people out there listening, I love you guys. I'm proud of you. Right? Here's what you do. You see this story from this kid, I'll do that right, you know, Trust me. I tell you, if you earn things the right way, working hard, you're earning, you could, you could claim that you could do a ban for ban with your own money. Don't steal. And don't steal from your dad and especially don't steal from the United States of America. There's no winning.
B
We might have to make that a shirt. Hey, kids, don't do that. Saboo.
A
There you go.
B
Speaking of shirts, Hector, help us out. Buy some merch. Hacker in the fed.com support the. Support the boys. Keep the show free. Support us on Patreon. A lot of good content over on Patreon. Will's killing over there. I think he's got a video component going now. So you want to watch our mugs, talk about cybers and our bullshit. Go on over there, help us out. Want to reach out to us and talk to us like, who's our boy in Australia that reached out to us today?
A
Oh, dingbat, dingbat.
B
He hit us up at questions at Hacker in the fed dot com. Talk directly to us, let us know what's going on. Five star reviews, wherever you get your podcast, download, subscribe, share us on social media. Tell your friends, tell your co workers, tell your lovers. Hacker in the Fed talking some about the cybers,
A
friend, you know.
B
Oh, go ahead.
A
I was going to say that's, that's, that's another great shirt right there too.
B
Talking the shits about cybers.
A
There you go. I'll wear that. I'm wearing that tomorrow actually.
B
Little bit of ball talk, a little bit of cybers.
A
There you go.
B
All right, friend, I love and respect you. I'll see, I'll see you on the live show on Wednesday night.
A
I'll see you there, brother. Let's make it happen.
B
All right, Cheers.
A
All right. Cheers, brother. It.
Hosts: Chris Tarbell & Hector Monsegur
Date: March 12, 2026
In this episode, Chris Tarbell and Hector Monsegur delve into the shifting landscape of cybersecurity, focusing on the alarming proliferation of iPhone zero-day exploits moving from state-sponsored espionage to large-scale criminal operations—particularly in crypto theft. They also dissect the U.S. government's latest national cyber strategy, examine the emergence of AI risks like "Brainworm," and weigh in on a spectacular, almost cinematic case of crypto theft involving a federal contractor's son. The hosts blend insightful technical analysis, white-hat vs. black-hat banter, and industry anecdotes to engage listeners from the cybersecurity world and beyond.
Timestamps: 08:50 – 18:18
Timestamps: 20:50 – 28:43
Timestamps: 28:43 – 36:57
Timestamps: 37:23 – 44:47
The episode blends serious cyber threat analysis with the conversational, occasionally irreverent rapport shared by two former adversaries turned friends. Hector’s streetwise technical explanations and rants balance Chris’s law enforcement perspective and dry humor. Frequent inside jokes, playful competitiveness, and brutally honest industry commentary make the technical content both approachable and memorable.
To connect with the hosts, share questions or feedback, or support the show (and maybe score some merch):