Risky Business #809 — Hackers Try to Pay a Journalist for Access to the BBC

Podcast: Risky Business
Hosts: Amberly Jack & Adam Boileau
Date: October 1, 2025

Episode Overview

With regular host Patrick Gray on holiday, Amberly Jack and Adam Boileau steer this "Pat-free" episode through another busy week in cybersecurity. They cover a wild hacker attempt to bribe a BBC journalist for access, ransomware's ripple effects on critical businesses, cybercrime in unexpected demographics, intriguing crypto-related legal drama, and fresh research highlights—from insecure location trackers to resilient hardware backdoors. Injecting humor and insider perspective, they dissect threats and trends shaping today’s infosec landscape, while highlighting the ongoing unpredictability of the "Risky Business curse" (big security news surfacing whenever Pat is away).

Main Discussion Points & Insights

1. Hackers Attempt to Bribe BBC Journalist (00:23–08:12)

• Incident: BBC reporter Joe Tidy was contacted via Signal by hackers offering him a cut of their ransom if he provided his BBC credentials.
  • Amberly: “If I was still working in a newsroom and I received a message like that… my first thought would be, I’m going to run straight to my editor and say, look at this great story.” (01:23)
• Adam’s Take:
  • Ransomware gangs get initial access wherever they can—not just through privileged users—and frequently land through regular employee accounts.
  • Targeting journalists is unlikely to work: “Journalists are not there for the money… If they were willing to do journalism for money, they’d be in corporate comms.” (03:20)
  • The insider attack vector is attractive but risky and rarely works in practice—“...chances that it’s not going to be tracked back to you is basically zero.” (05:11)
  • “If you work at that company and you get them ransomware on purpose for money, you should expect law enforcement on your doorstep… You should expect to not work again.” (05:27)
  • The “you’ll never have to work again” promise to the journalist turned out to be only $55,000: “That’s not enough money to go on the lam for the rest of your life...” (08:06)

2. Jaguar Land Rover: Ransomware, Rescue, and Supply Chains (08:12–09:58)

• The UK government is guaranteeing a £1.5 billion loan to Jaguar Land Rover to weather ransomware fallout and support its entire supply chain.
  • Adam: “It really does underscore how much grief this is causing… especially to all of the smaller little companies in the supply chain…” (08:46)
  • This is about national economic stability; “If Jaguar Land Rover fails, they were probably going to get nationalised anyway.” (09:00)

3. Scattered Spider Teen Hackers Face Consequences (09:58–12:58)

• Brian Krebs reported on UK teen hackers Thala Joubert and Owen Flowers facing charges for attacking Transport for London (plus a litany of prior offenses).
  • Adam: “When you lay it all out like that, you do see, like, this kid’s been doing bad stuff for a long time and he’s only 19 now.” (11:06)
  • Discussion on evolution of young hackers: “It’s kind of hard to see some of these kids in that same light… the violence and the money… all round nastiness… is just getting so much more intense.” (12:08)

4. Arrest in European Airport Ransomware: Not Just Kids (12:58–15:17)

• Surprise twist: The suspect in the Collins Aerospace attack is a man in his 40s.
  • Adam: “You would hope that if you’re in your 40s… hacking airports… surely that would give you some pause. But no, apparently not.” (13:21)
  • Re-examination of the insider angle: The Brazilian case—“...in his 40s… hadn’t gone places in his career… sold his access at a bar for a few thousand dollars and now he’s facing the rap for it.” (14:54)
  • Could the UK case be something similar? They speculate, but details remain thin.

5. The $7 Billion Bitcoin Ponzi Ponzi That Paid (15:17–18:48)

• Chinese woman in UK pleaded guilty; her Bitcoin Ponzi scam from 2010s resulted in 61,000 BTC ($7bn USD) seized.
  • Amberly: “...they were promised something kind of crazy, like 300% returns. If they now make 11,000% returns, is it even a scam?” (17:06)
  • Adam: “If the UK government said, okay, we’re going to give the money back to investors… did she even really do a crime?” (17:32)
  • Sometimes, “Having your bitcoin stolen is potentially the best term deposit possible.” (18:59)
  • Caution: “Don’t come to Risky Business for financial advice.” (19:16)

6. Ransomware Hits Japanese Brewer Asahi (19:16–20:07)

• Attack impacts Asahi’s domestic ops—shipping and order management—though international brewing continues.
  • Adam: “It’s pretty rude if it does turn out to be ransomware… hacking beer. That’s just… not on.” (19:29)
  • Amberly: “Don’t mess with people’s beer, man.” (20:04)

7. Complete Internet Shutdown in Afghanistan (20:07–22:23)

• Taliban shut down the internet to clamp down on “immoral acts.”
  • Amberly: “The isolation would just be phenomenal.” (21:24)
  • Adam: “It’s not even being pitched as a temporary thing… they’re talking about maybe we’re going to build some alternative system instead. Excuse me, you what now?” (21:37)

8. Vulnerabilities in Tile Trackers: Design Flaws & Stalking Risk (22:23–25:37)

• Georgia Tech research: Tile trackers, unlike Apple’s, broadcast static identifiers, creating privacy risks.
  • Adam: “If you can see the same device going past the same place, you’ll be able to… spot patterns of life…” (23:58)
  • Vendor response: “We’ve done some things but wouldn’t specify exactly what those things are. So not super confidence inspiring.” (25:10)
  • “Stalking use cases for this stuff are all pretty gross.” (25:21)

9. Intel & AMD Trusted Enclave Research: Niche, but Not Panic-Worthy (25:37–28:13)

• Two new papers show attacks on trusted enclave hardware via direct hardware manipulation.
  • Adam: “These two research papers look at… use cases that these trusted enclaves weren’t really meant to solve… not a thing that everyday people really need to concern themselves much about.” (27:04)

10. Unremovable Malware in Super Micro Server Motherboards (28:13–30:54)

• Research by Binarly details a firmware validation flaw in Super Micro motherboards’ baseboard management controllers.
  • Adam: “If you can get to the point where the only way to throw out the attacker… is to physically replace the equipment, then that bar is very, very high.” (29:39)
  • “I’ve never seen anyone do that [replace every machine]… probably outside of a government or military context…” (30:41)

11. Competent Chinese Espionage: Brickstorm Highlighted (30:54–33:18)

• Mandiant/Google report on Chinese Brickstorm espionage operations impresses with the attackers’ technical skill and stealth.
  • Adam: “When you see good stuff, it really warms my heart… dwell time of this actor… in excess of a year… The logs no longer cover how they got in, which as an attacker is wonderful.” (31:23)
  • “I feel like I did good hacking and they are doing good hacking. Therefore, we are all good hackers and good times—unless you’re the victim.” (32:37)

12. Cisco Firewall Zero Day Frenzy (33:18–35:38)

• Federal agencies receive urgent orders to patch Cisco ASA and Firepower firewall Vulnerabilities; real-world exploitation in progress.
  • Adam: “Firewalls are meant to make things more robust… except if they come from Cisco, in which case they are meant to provide attackers with remote code exec.” (33:46)
  • Patch deployment is complex and disruptive—“No one enjoys doing it and so no one does.” (34:34)
  • “These bugs will be, you know, exploited in the wild… plenty of compromised boxes all over the Internet. Good times.” (35:29)

13. Good Exploit Writeups: Watchtower Labs & Fortra MFT Saga (35:38–38:27)

• Two-part blog post details remote code execution bugs in Fortra GoAnywhere MFT—exploitation being observed “in the wild” even though exploitation ostensibly requires private key material.
  • Adam: “I always have a weak spot for Watchtower Labs writeups because… they write it up with the kind of humor and snark that… was exactly the same sort of thing.” (36:10)
  • Mystery: Exploitation requires keys only Fortra should possess—did they leak, or were they stolen? Raises more questions than answers.
  • Amberly: “Maybe… a Fortra staff member went to a pub and was offered a couple of thousand dollars for their ultra creds.” (38:27)

Notable Quotes & Memorable Moments

• Adam (on bribing journalists):
  “If they were willing to do journalism for money, they’d be in corporate comms instead.” (03:20)
• Amberly (on hackers’ bribe offer):
  “You’ll never have to work again… but $55,000 is not going to be enough to flee the country and retire on.” (07:38)
• Adam (on young hackers):
  “You can’t have good OPSEC and be that young because it’s… complicated… these kids are not, you know, they’re not good dudes.” (11:46)
• Amberly (after learning Asahi was attacked):
  “Don’t mess with people’s beer, man.” (20:04)
• Adam (on Tile vulnerabilities):
  “The stalking use cases for this stuff is really all pretty gross.” (25:21)
• Adam (on Watchtower Labs’ style):
  “They write it up with the kind of humor and snark that… feels like we’re at one.” (36:10)
• Amberly (on being a fraud ‘victim’ in Bitcoin):
  “It would have to be the first time where you would be absolutely stoked to be a victim of fraud.” (17:54)

Timestamps for Important Segments

• 00:23–08:12 — BBC journalist bribery attempt & insider threats
• 08:12–09:58 — Jaguar Land Rover ransomware loan
• 09:58–12:58 — Scattered Spider teens & hacker consequences
• 12:58–15:17 — Collins Aerospace: hacker in his 40s arrested
• 15:17–18:48 — Chinese crypto Ponzi & Bitcoin seizure
• 19:16–20:07 — Ransomware hits Asahi brewery
• 20:07–22:23 — Afghanistan internet shutdown
• 22:23–25:37 — Tile trackers’ vulnerabilities
• 25:37–28:13 — Trusted enclave hardware attack research
• 28:13–30:54 — Super Micro firmware flaws: unremovable malware
• 30:54–33:18 — Brickstorm espionage campaign: “competent hacking”
• 33:18–35:38 — Cisco firewall zero-days & urgent patching
• 35:38–38:27 — Watchtower Labs & Fortra MFT mystery exploit

Closing Thoughts

Amberly and Adam blend humor with sharp technical insight, making sense of front-page breaches, unlikely cybercriminals, and shadowy APTs, all while keeping the infosec community’s morale—if not their firewalls—intact. Amid wild scams, beer outages, and Bitcoin drama, the hosts repeatedly remind listeners:
“Don’t come to Risky Business for financial advice.” (19:16)

The “Risky Business curse” is alive and well; with Pat away, chaos reigns—but Amberly and Adam keep the signal-to-noise ratio (and the snark) high.

Listen for:

• Real-world perspectives on ransomware’s ripple effects
• Sarcastic takes on security vendor failures (“Firewalls, except Cisco…”)
• Cautionary tales for would-be insider threats
• Rare praise for “competent hacking”—with grudging professional respect

(Next week: No regular episode, but a sponsored Snake Oilers show will drop. Regular programming resumes upon Pat’s return.)