A (4:47)
It's arguably the most voluntary database where you can find cleared professionals. Engineers, defense contractors, intel officers, and then policy specialists that work across our entire government. And people list everything. We have active security clearances on there. So specific weapons systems people are working on satellite programs, they're working on AI driven technologies they're supporting. We have cyber and operational units listed. And then geographic assignments are all over the place on there. During the Cold War, intelligence agencies literally had to recruit people to go out and collect this level of detail. Not anymore. Everyone just shares it publicly on the Internet. There was this documented case of a Chinese intelligence recruiter. His name is Dixon Yao, and he created like fake consulting firms. And then he was reaching out to candidates on LinkedIn and he ended up with 400American resumes from people within the defense and policy space within our government. He, he didn't have to hack them or implement any sort of malware operation. He just had to reach out and have a conversation and show interest in them. North Korea even took it a step further. It was crazy. They were literally having mock interviews with people. Like people thought they were interviewing for actual jobs. They were saying, send us code, send us examples of your work. Hey, look at these technical assessments for us. And of course, when you open the technical assessment, it had malware in was such a simple thing to do because so many people are ambitious, so many people want to share their knowledge and be a part of something and be someone that gets recruited. I ran, did a really interesting operation that was targeting aerospace engineers. All they did was like spoof UAE and defense firms. And people would go there to look through like the job portal, right? This isn't spam. This was like a tailored profiled campaign to bring in people with that sort of expertise. And it began with something so incredibly simple. Submit a resume. So to make this clear, when an adversary takes a resume, let's say they brought it in through that job board. Here's what they get. They get email Formatting conventions. So like how your company does like the first name and the last name at and then your company, they have internal project names, they learn about technology stacks, they have an understanding of who your vendor relationships are, insights into who may have clearances within your organization, team structures and then geographically where you may be distributed. Well, when you have that type of data, it enables a lot of different operations. One is just doing something similar, simple like spear phishing emails, but they're using your company's jargon. Another thing is making kind of like fake HR profiles and portals that look like the real defense contractors own sites. Other thing is credential harvesting pages. Obviously we've explained how they introduce malware but it looks as like real internal documentation. And lastly they can social engineer how they target you but use actual program knowledge from inside of your company. So at a first look you're not going to be confused. It's not like the old days where it's bad English, you know, words are spelled funny like we're in a new era of this type of targeting. Do you ever feel like something is off? You're hitting the gym, you're crushing your goals, you're showing up every single day? Or have you noticed a change in your partner? Slower recovery time, less focus and a drive that used to be there that just isn't. It's subtle, but it's real. Most people don't understand that. Testosterone. Testosterone naturally decreases 1% every year over the age of 30. Think about it. That slow change really does make workouts harder. It makes the workday longer and it can make life more exhausting. That's where Marsman comes in. Your body produces testosterone, but sometimes it's just locked up. Think about it like this. You have money in the bank, but your debit card's not working. So you have the funds. You can't access them. Mars Men helps you with that access. It helps you naturally. It uses eight clinically proven ingredients. We have Tongkat, Ali, Shilajit, vitamin D, zinc boron and others. What are men saying about this? Some are saying they're feeling like a stronger performance. Others are recovering faster from the gym. We're hearing about a more consistent natural energy. Not like when you have coffee. It's more of a sustained energy through the day. And many are saying they felt better than they felt in years. Marsman is made in the USA, it's third party tested and it has a 90 day money back guarantee. There's essentially no risk to just go out and try it. 91% of users have felt, you know, some change in their performance and thousands have been happy with the product. I mean, just go see the reviews for yourself. And here is the best part. For a limited time, our listeners get 50% off for life, plus free shipping and three free gifts. When they go to MengotoMars.com it's literally the perfect way to continue the gains that you kicked off at the start of New Year's. Again, that's men g o t o mars.com to get your 50% off and your three free gifts. And at checkout, let them know the watch floor sent you. In terms of China, they spent a lot of time and effort making sure their spearfishing campaigns target your personal email, not your work email. But when it comes in, in your personal email, it still talks about the positions within your role, things that you would find interesting as part of your role. It's still focused on your industry and the job market you're in. Of course, they were able to do that because they did reconnaissance first. Now they sent you this mail and then if you respond to it, it then gives them the next opening for exploitation. And they want to target the personal email. As I said before to you, it's because it's so much more vulnerable. So if your company built this giant fortress, you know, around their systems, all they're doing then is just tunneling in under that fortress. It's a very simple concept. This isn't isolated. So if you work in these industries, there's a barrage of these campaigns coming after you. Gtig highlighted a few interesting points. First off, the fact that China dominates this space. So if you get one of these strange requests, I mean, there is a very good chance it is the Chinese government. Then they highlighted that Russia usually does focus on like battlefield systems, but they are kind of reaching out and focusing on the persons who manage those systems. Then they highlight that Iran is running like spoof employment portals. I mean, that's a concerning thing you're applying to a job. And really all your information is just going to the Iranian regime. The last one was that North Korea is actually even infiltrating, like hiring pipelines. I mean, all of this is a massive escalation. Now let's ask a real question. How does this succeed? Why are they so successful at this? This is actually not a technology problem. This is a cultural problem. Think about it here in America, about the values that we hold strong, especially when it comes to when you're working. I mean, ambition is very important. Visibility, make it known what you're Working on, I mean, professional mobility, right? Like climb that ladder, right? Put in the work and then branding. People need to know who you are. They need to know how to reach out to you. They need to know you're a real person with all of these accomplishments behind you. Now, when you take a step back, all of those are strengths, right? None of those are really viewed as weaknesses. You don't really think through them. Now think about a young person coming into the space space. You leaning in even harder to help motivate them. You tell them, well, build your network, right? Share your accomplishments. Post the different certifications you got. Highlight your accesses. Let us know when you get promoted. Share your accomplishments. All of these are perfectly great if you're in the private sector, but if you're in national security, all of that is exposure. I want to walk through a few posts just so you hear them in your head and can see what I'm talking about. First off, we have a defense engineer. And here's the post. Excited to be working on next generation satellite communication systems supporting NATO partners. I mean, that's a lot of enthusiasm. It is an exciting thing, but you just put out targeting data. In another case, we have a cybersecurity contractor and they just have listed on their profile, active TSSCI clearance. Experiencing DoD Cloud Migration in zero trust infrastructure. Right. That's not like just padding your resume. It puts a little flag on your profile and then the adversaries are interested. The last one's a system analyst and they say, proud to support missile defense initiatives at. And we'll just say X company. We don't need to name a specific company. Now that gives real details to like a foreign intelligence service. Right? You already have your location on there, so there might be time. The company's location and your location. They know your mission area, what exactly you're working on. They might now be able to narrow down what facility you could be in. They have some idea about your level of access because of what you said you're working on and then the technical ecosystem that you're operating in. These are things Americans covet from what we just talked about. Clearances, prestigious contracts, cutting edge defense work. And then like projects where there's a trust in the government in them, Right? I am trusted to be in these secure roles in the government. Well, that makes you very appealing to those targeting our government. So we have to stop normalizing this, like open source exposure. Hey, I love when people overshare. When terrorists overshare on their social media sites, I pull everything Down. I love it. But we don't want to do it if we're in certain positions and the adversary can just data harvest everything at scale because they are doing it. You know, we built a culture that supports and rewards professional transparency. But you have to remember adversaries then built a system system that exploits it and weaponizes it. So we have this strange tension between openness and that exploitation. And unfortunately then we do have a national security problem. So let's zoom out. So this episode clearly, as you heard, isn't like about cybercrime, it's about counterintelligence. We have a big problem here as I walk through through it. So when you're a hostile state and if you do some of the things we walk through today, you now can maybe map the defense workforce, identify emerging AI talent, you can target hypersonics researchers, you can track satellite communications engineers, and you can explore, exploit different subcontractor vulnerabilities that were complained about online right in front of you. And you gain an advantage. And you didn't have to do any sort of kinetic act to make that happen. So when we talk about this, Homeland Security is no longer like just the borders or the airports or our physical infrastructure. It's this workplace integrity, digital hygiene, real counterintelligence awareness. Not like a yearly box checking online course. Now the border is running in through your inbox. It's personal in how they're targeting our people, some of the best and brightest working in our government. So again, as we said in the statement, start in cyber espionage, your weakest point isn't the firewall, it's a resume. And foreign adversaries are moving so much faster in the ways they target us than any of our government policies can keep up with. So the next major breach likely isn't going to be based on a piece of malware. It's going to start with a message that comes into someone's inbox and it says, I find your background interesting. Let's chat more. I have some great opportunities to offer you. They are going to exploit the ambition of our people and we need to watch for these patterns to prevent them from occurring, because that's what we do here on the watch for.
