#954 - Joe Tidy - Chasing The Most Hated Hacker In History - Modern Wisdom

Summary

Modern Wisdom Episode #954: Joe Tidy - Chasing The Most Hated Hacker In History

Release Date: June 14, 2025

In this gripping episode of Modern Wisdom, host Chris Williamson engages in a deep and insightful conversation with cybersecurity expert Joe Tidy. They explore the murky world of modern cybercrime, focusing on the notorious group Scattered Spider and the infamous hacker Julius Kivamaki. The discussion delves into the evolution of hacker motivations, the techniques employed in cyberattacks, and the broader implications for global security.

1. Introduction to Scattered Spider and Recent Cyber Attacks

[00:04] Joe Tidy introduces Scattered Spider, a loosely coordinated collective of hackers responsible for significant cyberattacks targeting major UK and US retailers. Recent incidents include:

Marks & Spencer (M&S) Cyber Attack: Caused disruptions such as inability to take online orders and empty store shelves around Easter time.

"If you're not in the UK, there's a really big chain of supermarkets called M&S... logistics problems, empty shelves in some stores." — Joe Tidy [00:04]
Co-op Cyber Attack: Similar disruptions in another prominent UK supermarket chain.

"We saw disruption at stores, empty shelves, real chaos behind the scenes." — Joe Tidy [00:04]
Harrods Attack: Targeting the luxury retailer in London.

"Attacks on US retailers as well." — Joe Tidy [07:52]

These attacks have been attributed to Scattered Spider, a name coined by cybersecurity firm CrowdStrike to describe this decentralized group.

2. Nature and Organization of Modern Cybercrime Gangs

Joe elucidates that Scattered Spider differs from traditional cybercrime gangs. Unlike highly organized syndicates, they operate on platforms like Discord and Telegram, loosely akin to the hacktivist group Anonymous but driven more by financial gain and notoriety.

"They're not a normal cybercrime gang... more out for cybercrime and money and infamy than sort of hacktivism." — Joe Tidy [01:46]

CrowdStrike's nomenclature underscores the fragmented nature of these groups, emphasizing their lack of centralized structure.

3. Influence of Social Media on Hacker Motivations

[03:01] Chris Williamson probes the shift in hacker motivations, particularly the role of social media platforms like Twitter.

"Do you think social media platforms like Twitter have sort of changed what hackers motivations are from just exploration or exploitation to now fame, clout chasing, stuff like that?" — Chris Williamson [03:01]

[03:15] Joe confirms this transformation, attributing the rise of social influence and cryptocurrencies to the change.

"There are two kind of factors which I think have turned teenage hackers from largely benevolent groups... to... cybercrime gangs." — Joe Tidy [03:15]

He highlights how Twitter introduced the concept of followers and clout, encouraging hackers to seek recognition and financial rewards.

4. Techniques in Cyber Attacks: Social Engineering and Ransomware

Joe details the common methods employed by hackers, emphasizing the combination of social engineering and technical exploitation.

"I think the initial entry is usually through social engineering... pretending to be a member of staff." — Joe Tidy [08:15]

Key techniques discussed include:

Phishing Emails: Trick individuals into downloading malicious attachments.
Impersonation: Call IT help desks to gain unauthorized access.
Ransomware Deployment: Infect systems to encrypt data, demanding ransom for decryption keys.

Ransomware is identified as the leading cyber threat, crippling organizations by rendering their data inaccessible.

"Ransomware completely cripples an organization. It's like going back to medieval times." — Joe Tidy [09:33]

5. Cybersecurity in Autonomous Vehicles

The conversation shifts to the vulnerabilities in autonomous driving systems.

"If these ransomware attacks, you need. As the level of kinetic importance to people's lives increases, the level of security around those systems needs to increase in kind." — Chris Williamson [12:22]

Joe concurs, acknowledging the inevitability of cyber threats targeting autonomous vehicles and the need for robust security measures.

"It seems almost inevitable that someone will find a way to cause havoc with autonomous driving." — Joe Tidy [13:31]

6. The Story of Julius Kivamaki and the Vestamo Hack

A central focus of the episode is Julius Kivamaki, labeled as the "most hated hacker in history." Joe recounts his journey tracking Kivamaki's cybercrimes, culminating in the high-profile Vestamo hack.

[43:46] The Vestamo Hack involved:

Data Breach: Infiltrated the database of psychotherapy notes affecting 33,000 individuals.
Extortion: Demanded Bitcoin ransoms to prevent data release.
Operational Security Failure: Kivamaki accidentally uploaded his entire server directory, exposing his identity.

"He did a scan of open servers with no passwords. He logged in, saw it all there, downloaded..." — Joe Tidy [57:21]

The botched extortion attempt led to his rapid identification and arrest, showcasing how operational lapses can lead to the downfall of even the most elusive hackers.

7. Cybercrime Hotbeds: Russia and North Korea

Joe discusses regions that are prolific sources of cybercriminal activity, particularly Russia and North Korea.

"The biggest gangs are organized and run, we think from Russia, Eastern Europe." — Joe Tidy [28:13]

Key points include:

Russia: Home to advanced cybercrime groups like Evil Corps, with a culture that tacitly allows extensive hacking as long as Russian infrastructure remains untouched.

"The golden rule if you're a Russian cybercriminal, which is you do not hack Russia or former Soviet states." — Joe Tidy [32:44]
North Korea: Engages in cyber espionage and cryptocurrency theft to fund the regime.

"They are the only country that, that we know of in the world, that... steal cryptocurrency." — Joe Tidy [32:30]

8. Operational Security Failures and Law Enforcement Tactics

Joe emphasizes the critical role of Operational Security (OpSec) and how its failures often lead to the capture of cybercriminals.

"These groups are terrible at it because they don't seem to care." — Joe Tidy [26:02]

He illustrates this with the case of Kivamaki, whose mistakes allowed authorities to track and convict him despite his sophisticated hacking activities.

"He sends out all these records and then accidentally uploads his entire home directory." — Joe Tidy [43:46]

Law enforcement agencies utilize strategies like following the money, tracing cryptocurrency transactions, and exploiting OpSec failures to apprehend criminals.

9. The Impact of Major Cyber Attacks: CrowdStrike Incident

The episode touches upon a significant incident involving cybersecurity firm CrowdStrike, highlighting the widespread consequences of major cyber disruptions.

"They sent through some really, like, tiny bits of information to keep the software up to date. It completely bricked the system." — Joe Tidy [79:24]

In July 2024, an innocuous update from CrowdStrike inadvertently caused the Blue Screen of Death on approximately 2.5 million computers globally, affecting critical infrastructure and leading to widespread chaos.

"Flights canceled, online services down, shops offline. Massive problems." — Joe Tidy [80:01]

This incident underscores the fragility of our interconnected systems and the far-reaching impact of cybersecurity failures.

10. Future Threats: Quantum Computing and Encryption

Looking ahead, Joe discusses the potential ramifications of quantum computing on encryption and cybersecurity.

"Quantum computing will be able to make all encryption totally obsolete because it can work out prime numbers in the split of a second." — Chris Williamson [85:10]

He explains the concept of "Q Day", a hypothetical future event when quantum computers can break current encryption standards, posing a significant threat to data security.

"The National Crime Agency recently put out advice... the deadline is 2030... post-quantum encryption safe." — Joe Tidy [86:53]

Closing Thoughts

Joe Tidy emphasizes the importance of basic cybersecurity practices to mitigate risks:

Use Password Managers: Prevents password reuse and enhances security.

"Get a password manager and use that." — Joe Tidy [10:22]
Enable Multifactor Authentication (MFA): Adds an extra layer of protection.
Keep Software Updated: Ensures vulnerabilities are patched promptly.

Despite the evolving landscape of cyber threats, Joe remains optimistic that adherence to fundamental security measures can significantly reduce vulnerabilities.

"If we all did this, then the world would be a safer place." — Joe Tidy [84:56]

About Joe Tidy

Joe Tidy is a renowned cybersecurity journalist and author of the forthcoming book, "Control Alt: How Teenage Hackers Hijack the Internet". His investigative work sheds light on the intricate dynamics of modern cybercrime, bringing awareness to the vulnerabilities and challenges faced in the digital age.

For more information, visit Joe Tidy's website or follow him on his social media channels.

Disclaimer: This summary is based on a transcript provided and aims to capture the essence and key points of the podcast episode. For a comprehensive understanding, listening to the full episode is recommended.

Summary

Modern Wisdom Episode #954: Joe Tidy - Chasing The Most Hated Hacker In History

Release Date: June 14, 2025

1. Introduction to Scattered Spider and Recent Cyber Attacks

Marks & Spencer (M&S) Cyber Attack: Caused disruptions such as inability to take online orders and empty store shelves around Easter time.

"If you're not in the UK, there's a really big chain of supermarkets called M&S... logistics problems, empty shelves in some stores." — Joe Tidy [00:04]
Co-op Cyber Attack: Similar disruptions in another prominent UK supermarket chain.

"We saw disruption at stores, empty shelves, real chaos behind the scenes." — Joe Tidy [00:04]
Harrods Attack: Targeting the luxury retailer in London.

"Attacks on US retailers as well." — Joe Tidy [07:52]

These attacks have been attributed to Scattered Spider, a name coined by cybersecurity firm CrowdStrike to describe this decentralized group.

2. Nature and Organization of Modern Cybercrime Gangs

"They're not a normal cybercrime gang... more out for cybercrime and money and infamy than sort of hacktivism." — Joe Tidy [01:46]

CrowdStrike's nomenclature underscores the fragmented nature of these groups, emphasizing their lack of centralized structure.

3. Influence of Social Media on Hacker Motivations

[03:01] Chris Williamson probes the shift in hacker motivations, particularly the role of social media platforms like Twitter.

"Do you think social media platforms like Twitter have sort of changed what hackers motivations are from just exploration or exploitation to now fame, clout chasing, stuff like that?" — Chris Williamson [03:01]

[03:15] Joe confirms this transformation, attributing the rise of social influence and cryptocurrencies to the change.

"There are two kind of factors which I think have turned teenage hackers from largely benevolent groups... to... cybercrime gangs." — Joe Tidy [03:15]

He highlights how Twitter introduced the concept of followers and clout, encouraging hackers to seek recognition and financial rewards.

4. Techniques in Cyber Attacks: Social Engineering and Ransomware

Joe details the common methods employed by hackers, emphasizing the combination of social engineering and technical exploitation.

"I think the initial entry is usually through social engineering... pretending to be a member of staff." — Joe Tidy [08:15]

Key techniques discussed include:

Phishing Emails: Trick individuals into downloading malicious attachments.
Impersonation: Call IT help desks to gain unauthorized access.
Ransomware Deployment: Infect systems to encrypt data, demanding ransom for decryption keys.

Ransomware is identified as the leading cyber threat, crippling organizations by rendering their data inaccessible.

"Ransomware completely cripples an organization. It's like going back to medieval times." — Joe Tidy [09:33]

5. Cybersecurity in Autonomous Vehicles

The conversation shifts to the vulnerabilities in autonomous driving systems.

"If these ransomware attacks, you need. As the level of kinetic importance to people's lives increases, the level of security around those systems needs to increase in kind." — Chris Williamson [12:22]

Joe concurs, acknowledging the inevitability of cyber threats targeting autonomous vehicles and the need for robust security measures.

"It seems almost inevitable that someone will find a way to cause havoc with autonomous driving." — Joe Tidy [13:31]

6. The Story of Julius Kivamaki and the Vestamo Hack

[43:46] The Vestamo Hack involved:

Data Breach: Infiltrated the database of psychotherapy notes affecting 33,000 individuals.
Extortion: Demanded Bitcoin ransoms to prevent data release.
Operational Security Failure: Kivamaki accidentally uploaded his entire server directory, exposing his identity.

"He did a scan of open servers with no passwords. He logged in, saw it all there, downloaded..." — Joe Tidy [57:21]

The botched extortion attempt led to his rapid identification and arrest, showcasing how operational lapses can lead to the downfall of even the most elusive hackers.

7. Cybercrime Hotbeds: Russia and North Korea

Joe discusses regions that are prolific sources of cybercriminal activity, particularly Russia and North Korea.

"The biggest gangs are organized and run, we think from Russia, Eastern Europe." — Joe Tidy [28:13]

Key points include:

Russia: Home to advanced cybercrime groups like Evil Corps, with a culture that tacitly allows extensive hacking as long as Russian infrastructure remains untouched.

"The golden rule if you're a Russian cybercriminal, which is you do not hack Russia or former Soviet states." — Joe Tidy [32:44]
North Korea: Engages in cyber espionage and cryptocurrency theft to fund the regime.

"They are the only country that, that we know of in the world, that... steal cryptocurrency." — Joe Tidy [32:30]

8. Operational Security Failures and Law Enforcement Tactics

Joe emphasizes the critical role of Operational Security (OpSec) and how its failures often lead to the capture of cybercriminals.

"These groups are terrible at it because they don't seem to care." — Joe Tidy [26:02]

He illustrates this with the case of Kivamaki, whose mistakes allowed authorities to track and convict him despite his sophisticated hacking activities.

"He sends out all these records and then accidentally uploads his entire home directory." — Joe Tidy [43:46]

Law enforcement agencies utilize strategies like following the money, tracing cryptocurrency transactions, and exploiting OpSec failures to apprehend criminals.

9. The Impact of Major Cyber Attacks: CrowdStrike Incident

The episode touches upon a significant incident involving cybersecurity firm CrowdStrike, highlighting the widespread consequences of major cyber disruptions.

"They sent through some really, like, tiny bits of information to keep the software up to date. It completely bricked the system." — Joe Tidy [79:24]

"Flights canceled, online services down, shops offline. Massive problems." — Joe Tidy [80:01]

This incident underscores the fragility of our interconnected systems and the far-reaching impact of cybersecurity failures.

10. Future Threats: Quantum Computing and Encryption

Looking ahead, Joe discusses the potential ramifications of quantum computing on encryption and cybersecurity.

"Quantum computing will be able to make all encryption totally obsolete because it can work out prime numbers in the split of a second." — Chris Williamson [85:10]

He explains the concept of "Q Day", a hypothetical future event when quantum computers can break current encryption standards, posing a significant threat to data security.

"The National Crime Agency recently put out advice... the deadline is 2030... post-quantum encryption safe." — Joe Tidy [86:53]

Closing Thoughts

Joe Tidy emphasizes the importance of basic cybersecurity practices to mitigate risks:

Use Password Managers: Prevents password reuse and enhances security.

"Get a password manager and use that." — Joe Tidy [10:22]
Enable Multifactor Authentication (MFA): Adds an extra layer of protection.
Keep Software Updated: Ensures vulnerabilities are patched promptly.

Despite the evolving landscape of cyber threats, Joe remains optimistic that adherence to fundamental security measures can significantly reduce vulnerabilities.

"If we all did this, then the world would be a safer place." — Joe Tidy [84:56]

About Joe Tidy

For more information, visit Joe Tidy's website or follow him on his social media channels.

wavePod

#954 - Joe Tidy - Chasing The Most Hated Hacker In History

Powered by Wave AI

Summary

1. Introduction to Scattered Spider and Recent Cyber Attacks

2. Nature and Organization of Modern Cybercrime Gangs

3. Influence of Social Media on Hacker Motivations

4. Techniques in Cyber Attacks: Social Engineering and Ransomware

5. Cybersecurity in Autonomous Vehicles

6. The Story of Julius Kivamaki and the Vestamo Hack

7. Cybercrime Hotbeds: Russia and North Korea

8. Operational Security Failures and Law Enforcement Tactics

9. The Impact of Major Cyber Attacks: CrowdStrike Incident

10. Future Threats: Quantum Computing and Encryption

Closing Thoughts

About Joe Tidy

Summary

1. Introduction to Scattered Spider and Recent Cyber Attacks

2. Nature and Organization of Modern Cybercrime Gangs

3. Influence of Social Media on Hacker Motivations

4. Techniques in Cyber Attacks: Social Engineering and Ransomware

5. Cybersecurity in Autonomous Vehicles

6. The Story of Julius Kivamaki and the Vestamo Hack

7. Cybercrime Hotbeds: Russia and North Korea

8. Operational Security Failures and Law Enforcement Tactics

9. The Impact of Major Cyber Attacks: CrowdStrike Incident

10. Future Threats: Quantum Computing and Encryption

Closing Thoughts

About Joe Tidy