Talkin' About [Infosec] News, Powered by Black Hills Information Security Episode: Desperate Times Makes for More Cyber Crimes
Release Date: April 9, 2025

Introduction and Banter

The episode kicks off with the hosts engaging in light-hearted banter about microphone quality and amusing quips about cat breath:

• John Strand [00:01]: "That's what I want. I want that sweet, sweet money."
• Ralph [00:22]: "No, my cat's breath smells like." (Later referenced as a Ralph Wiggum quote)

This friendly exchange sets a relaxed tone before delving into more serious discussions.

Ralph’s Email Story and Legal Troubles

Ralph shares an amusing yet concerning experience involving an unexpected email from a Florida sheriff about unintentionally purchasing stolen hard drives on eBay:

• Ralph [02:04]: "I got an email from some random sheriff in Florida... they believe you might have unintentionally purchased some stolen hard drives on eBay."
• Ralph [02:33]: "...now you have to like submit a sworn, you know, notarized statement..."

This led to unexpected legal entanglements for the team:

• John Strand [03:29]: "So we're dealing with lawyers right now because of Ralph."
• Ralph [04:32]: "You sound bitter, John."
• John Strand [04:33]: "I am a little bit better because Kimry could have picked up the goddamn phone..."

The conversation highlights the complexities and frustrations of dealing with legal processes in cybersecurity mishaps.

News Prediction Segment

Ralph introduces an interactive segment where John predicts the outcomes of recent infosec news articles, followed by a scorecard:

a. Oracle Data Breach

Prediction:

• John Strand [07:45]: "Yes, they finally owned up. But they only owned up if, in the event that there was incontrovertible proof that they were at fault."

Outcome:

• Ralph [08:07]: "You were right."

Discussion: The team analyzes Oracle's handling of a significant data breach, emphasizing the company's tendency to deny vulnerabilities initially:

• John Strand [10:11]: "I think it's hilarious because the way Oracle handles this is very predictable."
• Corey [11:00]: "When Microsoft got breached too, I mean, there was such a big breach."

They critique Oracle's reactive rather than proactive approach to security incidents, highlighting a broader industry issue where firms prioritize legal defenses over transparency.

b. Twitter/X Data Breach

Prediction:

• John Strand [07:43]: Estimated "above a billion" records disclosed, including handles, email addresses, phone numbers, and location information.

Outcome:

• Ralph [13:21]: "They were sending out 2.8 billion records, but only 335 million active users. So the rest are bots."

Discussion: The breach revealed discrepancies in user data, indicating a mix of genuine users and bots:

• Corey [15:08]: "So the rest are bots."
• John Strand [16:27]: "If you're looking at classifications... merging multiple unclassified data sets can create a classified data set."

The hosts explore the implications of such massive data leaks, including the potential rise in insider threats and the exploitation of merged data sets for malicious purposes.

c. Phishing-as-a-Service Platforms

Prediction:

• John Strand [21:21]: Predicted usage of open-source software, customization for the number of "smishes" (SMS phishing), and tiered service models.

Outcome:

• Ralph [23:24]: "They're only sending about 100k a day... using a platform called Darkula v3."

Discussion: The segment delves into the mechanics of modern phishing services, noting the shift towards more sophisticated and scalable operations:

• Corey [25:08]: "They bought all these phones... makes it appear as legitimate devices."
• John Strand [25:23]: "Welcome aboard."

The conversation underscores the profitability and persistence of phishing services in the cybercrime ecosystem.

Insider Threats and Economic Impact

Alex raises concerns about the correlation between economic downturns and the rise in insider threats:

• Alex [15:41]: "Desperate times make for an increase in cybercrime."
• John Strand [19:48]: "With the economy going to crap and companies laying off tens of thousands, insider threats are bound to rise."

Discussion: The hosts discuss how financial strain and job insecurity can motivate employees to engage in malicious activities, either out of revenge or financial desperation. They share anecdotes and strategies to mitigate such risks, emphasizing the need for robust security measures and employee support systems.

GitHub Secret Leaks

The conversation shifts to the frequent issue of sensitive data being inadvertently exposed on GitHub:

• Corey [29:02]: "GitHub announced their advanced security platform detected over 39 million leaked secrets and repositories in 2024."
• John Strand [30:26]: "I have a fake company I created on GitHub for one of my CTF challenges... yet to get a notification from GitHub."

Discussion: The hosts highlight the challenges of managing and protecting secrets in code repositories, stressing that even private repos can be vulnerable if proper precautions aren't taken:

• Ralph [35:35]: "It's tricky because just because you deleted from the current version doesn't mean it's gone from history."
• Corey [35:59]: "Just because it's not public doesn’t mean you shouldn’t be taking care of secrets."

They advocate for continuous monitoring and the use of specialized tools to detect and remediate exposed credentials promptly.

AI Image Watermarking

The team discusses the emerging trend of embedding watermarks in AI-generated images to prevent misuse:

• Corey [40:00]: "ChatGPT is going to try to put watermarks in the images it's creating now."
• Ralph [43:04]: "There's already some gatekeeping... like Teams filtering input content."

Discussion: The conversation explores the security implications of AI-generated content, including potential vulnerabilities and the ethical considerations of watermarking:

• John Strand [43:53]: "The scary part is not where it is today but where it's going to be in two months."
• Ralph [44:27]: "The only person who'll really profit from it is Nvidia or whoever's selling the chips."

They ponder the balance between innovation and security, acknowledging both the benefits and risks associated with advanced AI technologies.

NSA Director Update

In a brief yet noteworthy segment, the hosts touch upon the recent departure of the NSA Director:

• John Strand [46:07]: "The NSA isn't really civilian facing in any large capacity... gold toilets in the Pentagon are nice."
• Ralph [46:30]: "Maybe he had ChatGPT write the five bullets for him and they just weren't good enough."

Discussion: While not delving deeply into the implications, the hosts hint at possible administrative or governance challenges within the NSA, reflecting on how leadership changes can impact national security strategies.

Conclusion

Wrapping up the episode, the hosts express a sense of anticipation for future discussions, hinting at an upcoming surge in cyber news:

• John Strand [47:46]: "We'll see if there's anything new that comes out of it... we're going to run into next week with a tsunami of cyber news."
• Corey [48:14]: "Bye guys."

They thank their co-hosts and listeners, signifying the end of a dynamic and content-rich episode.

Key Takeaways

• Data Breaches: Oracle and Twitter/X faced significant breaches, highlighting industry-wide challenges in vulnerability management and incident response.
• Phishing-as-a-Service: The evolution of phishing services into more sophisticated, scalable operations poses ongoing threats to cybersecurity.
• Insider Threats: Economic instability can exacerbate insider threats, necessitating enhanced security protocols and support systems.
• GitHub Security: The continuous leakage of secrets on platforms like GitHub underscores the need for vigilant monitoring and robust security practices.
• AI and Security: The integration of watermarks in AI-generated images reflects the broader intersection of artificial intelligence and cybersecurity concerns.
• Leadership Changes: Shifts in leadership within major security agencies like the NSA can have far-reaching implications for national and global security dynamics.

This episode provides a comprehensive overview of pressing infosec issues, enriched with expert insights and candid discussions, making it invaluable for both seasoned professionals and newcomers to the field.