A

Welcome to the watch floor. I'm Sarah Adams. In cybersecurity, the weakest link isn't a firewall, it's a resume. For over 20 years, we've hardened networks, we built digital fortresses, we deployed intrusion detection systems, we enabled multi factor identification, we adopted zero trust infrastructure, we protected the perimeter of our systems. But what happens when the perimeter isn't the target anymore? What happens if it's just you, the employee? Because right now foreign intelligence services aren't trying to break down the perimeter, they're just trying to walk around it. And they're doing this through networking sites, job offers, recruitment portals, and the personal devices sitting in our homes that link back to our jobs. This isn't theory, it's documented. And today we're going to walk through methodically how this works. Earlier this month, Google's Threat Intelligence Group put out a report in advance of the Munich Security Conference. And in it they described this interesting pressure campaign against the US and Europe defense industrial bases. And one of the most important findings in their research was this, the shift towards individual centric targeting, according to GTIG analysts. I'm going to paraphrase this. The whole personnel piece has become one of the major themes. Let that sink in. It's not servers, it's not routers, it's personnel. The report described nation state actors being the usual. Iran, China, Russia, North Korea, all employing new targeting strategies. And who are they focusing on? Defense contractors, aerospace engineers, supply chain partners, individual employees especially, that have some sort of clearance, and then those personal devices that leave the offices and go outside of these protected systems. And why? It's because our personal systems are so much harder to detect. Of course. Your corporate email system has layers of security. Your Gmail may not your work Internet has some sort of enterprise system that monitors it. Does your home WI fi have that? It's like taking the battlefield from the network perimeter and just targeting the human profile. And we as humans are always making mistakes. Let's talk about something that every American professional understands. LinkedIn. To us, it's about networking to the enemy. They literally use it for reconnaissance.

B

It started as any job search would. A posting on ZipRecruiter for a major bank, a LinkedIn application for a tech startup, an email from a recruiter about a top PR job. But on the other end, it's not employers, it's scammers job scam. Recruiting texts and fake job postings are on the rise, according to the Federal Trade Commission. Targeting the millions of Americans hunting for work and taking advantage of a slowing

C

Job market scams are always preying on the vulnerable, right? And I think people who are looking for work are vulnerable people in a way.

B

Timothy Brown encountered one of these scams on his job hunt.

C

I was certain that it was a real job when I first encountered it on a platform that I trust to be able to find jobs.

B

It's a new wave of scams. Some of those poorly worded text messages you've probably received now, some fake listings are nearly indistinguishable from legitimate job postings. And they're popping up on trusted job hunting websites.

A

It's arguably the most voluntary database where you can find cleared professionals. Engineers, defense contractors, intel officers, and then policy specialists that work across our entire government. And people list everything. We have active security clearances on there. So specific weapons systems people are working on satellite programs, they're working on AI driven technologies they're supporting. We have cyber and operational units listed. And then geographic assignments are all over the place on there. During the Cold War, intelligence agencies literally had to recruit people to go out and collect this level of detail. Not anymore. Everyone just shares it publicly on the Internet. There was this documented case of a Chinese intelligence recruiter. His name is Dixon Yao, and he created like fake consulting firms. And then he was reaching out to candidates on LinkedIn and he ended up with 400American resumes from people within the defense and policy space within our government. He, he didn't have to hack them or implement any sort of malware operation. He just had to reach out and have a conversation and show interest in them. North Korea even took it a step further. It was crazy. They were literally having mock interviews with people. Like people thought they were interviewing for actual jobs. They were saying, send us code, send us examples of your work. Hey, look at these technical assessments for us. And of course, when you open the technical assessment, it had malware in was such a simple thing to do because so many people are ambitious, so many people want to share their knowledge and be a part of something and be someone that gets recruited. I ran, did a really interesting operation that was targeting aerospace engineers. All they did was like spoof UAE and defense firms. And people would go there to look through like the job portal, right? This isn't spam. This was like a tailored profiled campaign to bring in people with that sort of expertise. And it began with something so incredibly simple. Submit a resume. So to make this clear, when an adversary takes a resume, let's say they brought it in through that job board. Here's what they get. They get email Formatting conventions. So like how your company does like the first name and the last name at and then your company, they have internal project names, they learn about technology stacks, they have an understanding of who your vendor relationships are, insights into who may have clearances within your organization, team structures and then geographically where you may be distributed. Well, when you have that type of data, it enables a lot of different operations. One is just doing something similar, simple like spear phishing emails, but they're using your company's jargon. Another thing is making kind of like fake HR profiles and portals that look like the real defense contractors own sites. Other thing is credential harvesting pages. Obviously we've explained how they introduce malware but it looks as like real internal documentation. And lastly they can social engineer how they target you but use actual program knowledge from inside of your company. So at a first look you're not going to be confused. It's not like the old days where it's bad English, you know, words are spelled funny like we're in a new era of this type of targeting. Do you ever feel like something is off? You're hitting the gym, you're crushing your goals, you're showing up every single day? Or have you noticed a change in your partner? Slower recovery time, less focus and a drive that used to be there that just isn't. It's subtle, but it's real. Most people don't understand that. Testosterone. Testosterone naturally decreases 1% every year over the age of 30. Think about it. That slow change really does make workouts harder. It makes the workday longer and it can make life more exhausting. That's where Marsman comes in. Your body produces testosterone, but sometimes it's just locked up. Think about it like this. You have money in the bank, but your debit card's not working. So you have the funds. You can't access them. Mars Men helps you with that access. It helps you naturally. It uses eight clinically proven ingredients. We have Tongkat, Ali, Shilajit, vitamin D, zinc boron and others. What are men saying about this? Some are saying they're feeling like a stronger performance. Others are recovering faster from the gym. We're hearing about a more consistent natural energy. Not like when you have coffee. It's more of a sustained energy through the day. And many are saying they felt better than they felt in years. Marsman is made in the USA, it's third party tested and it has a 90 day money back guarantee. There's essentially no risk to just go out and try it. 91% of users have felt, you know, some change in their performance and thousands have been happy with the product. I mean, just go see the reviews for yourself. And here is the best part. For a limited time, our listeners get 50% off for life, plus free shipping and three free gifts. When they go to MengotoMars.com it's literally the perfect way to continue the gains that you kicked off at the start of New Year's. Again, that's men g o t o mars.com to get your 50% off and your three free gifts. And at checkout, let them know the watch floor sent you. In terms of China, they spent a lot of time and effort making sure their spearfishing campaigns target your personal email, not your work email. But when it comes in, in your personal email, it still talks about the positions within your role, things that you would find interesting as part of your role. It's still focused on your industry and the job market you're in. Of course, they were able to do that because they did reconnaissance first. Now they sent you this mail and then if you respond to it, it then gives them the next opening for exploitation. And they want to target the personal email. As I said before to you, it's because it's so much more vulnerable. So if your company built this giant fortress, you know, around their systems, all they're doing then is just tunneling in under that fortress. It's a very simple concept. This isn't isolated. So if you work in these industries, there's a barrage of these campaigns coming after you. Gtig highlighted a few interesting points. First off, the fact that China dominates this space. So if you get one of these strange requests, I mean, there is a very good chance it is the Chinese government. Then they highlighted that Russia usually does focus on like battlefield systems, but they are kind of reaching out and focusing on the persons who manage those systems. Then they highlight that Iran is running like spoof employment portals. I mean, that's a concerning thing you're applying to a job. And really all your information is just going to the Iranian regime. The last one was that North Korea is actually even infiltrating, like hiring pipelines. I mean, all of this is a massive escalation. Now let's ask a real question. How does this succeed? Why are they so successful at this? This is actually not a technology problem. This is a cultural problem. Think about it here in America, about the values that we hold strong, especially when it comes to when you're working. I mean, ambition is very important. Visibility, make it known what you're Working on, I mean, professional mobility, right? Like climb that ladder, right? Put in the work and then branding. People need to know who you are. They need to know how to reach out to you. They need to know you're a real person with all of these accomplishments behind you. Now, when you take a step back, all of those are strengths, right? None of those are really viewed as weaknesses. You don't really think through them. Now think about a young person coming into the space space. You leaning in even harder to help motivate them. You tell them, well, build your network, right? Share your accomplishments. Post the different certifications you got. Highlight your accesses. Let us know when you get promoted. Share your accomplishments. All of these are perfectly great if you're in the private sector, but if you're in national security, all of that is exposure. I want to walk through a few posts just so you hear them in your head and can see what I'm talking about. First off, we have a defense engineer. And here's the post. Excited to be working on next generation satellite communication systems supporting NATO partners. I mean, that's a lot of enthusiasm. It is an exciting thing, but you just put out targeting data. In another case, we have a cybersecurity contractor and they just have listed on their profile, active TSSCI clearance. Experiencing DoD Cloud Migration in zero trust infrastructure. Right. That's not like just padding your resume. It puts a little flag on your profile and then the adversaries are interested. The last one's a system analyst and they say, proud to support missile defense initiatives at. And we'll just say X company. We don't need to name a specific company. Now that gives real details to like a foreign intelligence service. Right? You already have your location on there, so there might be time. The company's location and your location. They know your mission area, what exactly you're working on. They might now be able to narrow down what facility you could be in. They have some idea about your level of access because of what you said you're working on and then the technical ecosystem that you're operating in. These are things Americans covet from what we just talked about. Clearances, prestigious contracts, cutting edge defense work. And then like projects where there's a trust in the government in them, Right? I am trusted to be in these secure roles in the government. Well, that makes you very appealing to those targeting our government. So we have to stop normalizing this, like open source exposure. Hey, I love when people overshare. When terrorists overshare on their social media sites, I pull everything Down. I love it. But we don't want to do it if we're in certain positions and the adversary can just data harvest everything at scale because they are doing it. You know, we built a culture that supports and rewards professional transparency. But you have to remember adversaries then built a system system that exploits it and weaponizes it. So we have this strange tension between openness and that exploitation. And unfortunately then we do have a national security problem. So let's zoom out. So this episode clearly, as you heard, isn't like about cybercrime, it's about counterintelligence. We have a big problem here as I walk through through it. So when you're a hostile state and if you do some of the things we walk through today, you now can maybe map the defense workforce, identify emerging AI talent, you can target hypersonics researchers, you can track satellite communications engineers, and you can explore, exploit different subcontractor vulnerabilities that were complained about online right in front of you. And you gain an advantage. And you didn't have to do any sort of kinetic act to make that happen. So when we talk about this, Homeland Security is no longer like just the borders or the airports or our physical infrastructure. It's this workplace integrity, digital hygiene, real counterintelligence awareness. Not like a yearly box checking online course. Now the border is running in through your inbox. It's personal in how they're targeting our people, some of the best and brightest working in our government. So again, as we said in the statement, start in cyber espionage, your weakest point isn't the firewall, it's a resume. And foreign adversaries are moving so much faster in the ways they target us than any of our government policies can keep up with. So the next major breach likely isn't going to be based on a piece of malware. It's going to start with a message that comes into someone's inbox and it says, I find your background interesting. Let's chat more. I have some great opportunities to offer you. They are going to exploit the ambition of our people and we need to watch for these patterns to prevent them from occurring, because that's what we do here on the watch for.