Episode Summary: Talkin' About [Infosec] News – "Hackers claim Discord breach exposed data of 5.5 million users" (2025-10-13)

Main Theme Overview

This episode dives into several recent cybersecurity incidents, with a primary focus on the widely publicized Discord data breach, prompt injection vulnerabilities in GitHub Copilot, and active exploitation of Velociraptor and SonicWall products. The hosts, a group of penetration testers from Black Hills Information Security, unpack the technical and human factors behind these breaches, discuss implications for end users and security professionals, and share practical takeaways for defending organizations. Engaging banter, community anecdotes, and quotable commentary shape the tone.

Key Discussion Points and Insights

1. Recap of Wild West Hackin’ Fest (00:44–05:39)

• Charitable Swear Jar: The in-person "swear jar" tradition was revived, collecting $200 which snowballed into nearly $10,000 for the Becky Fund (a domestic violence victims charity), thanks to vendor matches and attendee generosity.
  • "We turned swearing into $10,000... there was no planning. We didn’t even talk about it beforehand." —Dave (04:38)
• Technological Hiccups: Virtual participation faced significant network issues and freezing video.
  • "It was just still frames for the most part." —Megan (02:17)
• Event Vibes: Much AI-hacking content this year, reflecting industry focus.

2. GitHub Copilot 'Camo Leak' & Prompt Injection Vulnerability (05:39–22:08)

Incident: Researchers from "Legit Security" exposed how malicious prompt injections hidden in comments on GitHub could cause Copilot to exfiltrate secrets from private repos, exploiting the tool’s permissions. (07:35–10:33)

• Attack Mechanics:
  • Prompt injection embedded in PR comments or possibly other communication channels.
  • Copilot, running with the user’s permissions, could inadvertently leak data from private repos.
  • Unclear if attack requires a public repo as an entry point, or can be triggered via DMs (08:03–08:40).
• Mitigations:
  • The fix: stop rendering images in explanations, which blocked the exploit path.
  • Practical advice: Use separate accounts for public and private GitHub work to minimize exposure (12:14).
• Broader Issues:
  • Prompt injection is a persistent, "unfixable" challenge for LLMs: the smarter the AI, the more prone to trickery.
    • "The better an AI is, the better it is at getting hacked by prompt injection... there never will be [a silver bullet]." —Dave (21:08)
  • Permission checks (“RBAC”) and explicit user approval for actions across multiple repos recommended.
  • Increasing reliance on AI in software development will keep these risks alive.
    • "The right answer is for Copilot to do something like 'Hey, we’re about to access a repo that isn’t the one you’re currently on. Do we have permission?'" —Hayden (18:03)
• Memorable Quotes:
  • "They [AIs] want to be so helpful... they’re so sycophantic." —John Strand (14:57)
  • "As AIs get smarter, they’ll also get more vulnerable... it’s a self-fulfilling thing." —Dave (12:14)
  • "You shouldn’t be reading comments on a public repo with an account that has super secret recipes." —Dave (21:08)
• Anecdotes:
  • Social engineering works as well on LLMs as on people; even simple justifications like "doing a CTF" can bypass guardrails (14:07–14:57).
  • Discussion laughs about how much a CTF’s success now depends on cloud-based AI tools functioning (15:07–15:53).

3. Discord Data Breach – Third-Party Vendor Compromise (24:09–36:39)

Incident: Attackers compromised Discord’s third-party customer support provider (5CA), not Zendesk directly, and accessed the identities and documents (~70k ID cards) for users appealing age verification bans. Additional data may have included emails, billing info, and IP addresses.

• Technical Details:
  • Breach chain: Compromised support agent account → 5CA’s custom Zendesk extension (“Zenbar”) → data siphoned from Discord’s support system (25:34–29:15).
  • 5CA handles the age verification process for Discord by reviewing user-submitted IDs.
• Nature and Scope:
  • Discord claims 70,000 IDs stolen (29:15), but sources note the attackers had broader access (potentially millions of API queries and payment data).
    • "They had data or access to a lot different data than just, you know, IDs...they could disable Multi Factor, look up phone numbers..." —Hayden (28:06)
  • Discord’s communications downplaying severity, possibly for legal reasons.
    • "The worst thing you can do during a breach is downplay the severity and impact. Just be honest." —Dave (29:15)
  • Affected individuals should be cautious of phishing using their newly leaked info (33:06).
• Broader Context:
  • Growing prevalence of third-party “business process outsourcing” for compliance (age checks, KYC).
  • Concern over exploitation risk for minors, streamers, and pseudonymous users on Discord (30:23–30:40).
  • Government ID leaks could facilitate more convincing identity theft and fraud across multiple platforms (31:01).
• Memorable Moments:
  • "If this was breached... I can go submit verification for my identity on a bunch of sites...It would let me impersonate someone a lot easier than if I don’t have their photo ID." —Dave (31:01)
  • "They're only explicitly naming a number in regards to [ID theft]...I would imagine it is a small subset so they don't have to disclose total users affected." —Hayden (31:47)
  • "Check those email headers... you might get one that's like, hey your email was stolen. Click here and log in." —Corey (33:00)

4. Active Exploitation of Velociraptor Tool (36:50–45:04)

Incident: The digital forensics and IR tool Velociraptor (v0.73.4) had a critical RCE vulnerability exploited by a Chinese APT (Storm-2603/TALOS) abusing its high privileges during investigations.

• Attack Vector: Vulnerable Velociraptor deployments allowed attackers to run code, escalate privileges, and create admin accounts on compromised networks (37:01–38:30).
  • Sometimes attackers purposely installed an old, vulnerable Velociraptor build for exploitation (41:49–42:08).
• Mitigations/Response:
  • Prompt patching and careful deployment are essential; only install when necessary and supervise with custom detection rules.
  • "You could have it installed to a specific directory, or allow only a SHA256-matching exe..." —Dave (44:20)
• Memorable Exchange:
  • "If someone ever [clones Hayden’s voice] and doesn’t say something extremely sarcastic in the first sentence, that’s a deepfake. That’ll never be me." —Hayden (41:10)
  • Joking about using a sarcastic passphrase to detect voice deepfakes among team alerts.

5. SonicWall Config Breach – Cloud Portal Threat (46:38–54:47)

Incident: Hunters and CISA warned of an attack where SonicWall’s cloud portal (MySonicWall) was breached. Threat actors dumped device configs (possibly including encrypted credentials), likely spidering out from those to attack more appliances.

• Nature and Risk:
  • Most impacted: small businesses using cloud-enabled SonicWall VPN/firewalls, often managed by MSPs for cost reasons (52:01–53:12).
  • While credentials are encrypted, recovery may be possible if weak passwords/hashes used.
  • Increasing risk profile for SSL VPN products across all vendors; legacy and edge devices often neglected on patching.
  • General advice: "SSL VPNs are on the chopping block... Use something else. Use Zero Trust, use key-based VPNs, WireGuard, etc." —Dave (54:12)
• Industry Issue: It’s not just SonicWall—Fortinet, Cisco, Palo Alto, etc., have similar patterns due to architecture and pricing for small business needs.

6. CTF Wrap-up & Community News (54:54–57:44)

• CTF Announcements: Winners from a recent business email compromise challenge announced (Inbox 0day and Samson 2.07). Huge anti-siphon on-demand training prize.
  • CTFs now a regular (and highly engaging) part of the webcast schedule.
• Sock Alert Anecdote: The CTF triggered real SOC (Security Operations Center) alerts, including isolating John Strand’s account—leading to behind-the-scenes banter about incident response and practical jokes (57:03–57:38).
• Closing: Encouragement to join the Discord community, with a tongue-in-cheek shout-out to "how incredibly secure" it is.

Notable Quotes & Moments (with Speaker & Timestamp)

• "We turned swearing into $10,000..." —Dave (04:38)
• "The better an AI is, the better it is at getting hacked by prompt injection." —Dave (21:08)
• "You shouldn’t be reading comments on a public repo with an account that has super secret recipes or whatever." —Dave (21:08)
• "They're so sycophantic... they want to be so helpful." —John Strand (14:57)
• "Which is dramatizing a little bit, but..." —Hayden, on SOC locking out John Strand (57:11)
• "SSL VPNs are on the chopping block... Use Zero Trust, use key-based VPNs, etc." —Dave (54:12)

Timestamps for Major Segments

• 00:44 – 05:39: Wild West Hackin’ Fest Recap & Charity
• 05:39 – 22:08: GitHub Copilot AI Prompt Injection Vulnerability
• 24:09 – 36:39: Discord/5CA Third-Party Data Breach
• 36:50 – 45:04: Velociraptor Exploitation & Defense
• 46:38 – 54:47: SonicWall Cloud Breach
• 54:54 – 57:44: CTF Winners, SOC Response, Closing Community Notes

Takeaways

• Prompt injection remains an unsolved AI security challenge; separation of accounts, RBAC, and user confirmation recommended.
• Third-party risk (as with Discord) means sensitive user data can be at stake even if the core provider isn't directly hacked.
• Incident response tools (Velociraptor) can be turned against defenders if not patched and closely managed.
• Network appliances (SonicWall et al.) are recurring targets due to outdated devices, poor patch management, and small-business cost constraints; Zero Trust and non-SSL VPN solutions are encouraged.
• Vibrant community spirit, from in-person events to CTFs, blends expertise with humor and a commitment to transparency.

This summary captures the episode’s discussions, technical insights, and the team’s distinctive, engaging style—serving listeners and non-listeners with an in-depth snapshot of today’s pressing infosec events.