Italian Hacking Scandal, NSA Best Practices, Insider Threats & a Former Anonymous Hacker?
Hacker And The Fed
Deep Dive
- Hector has been busy with family additions and content creation.
- Chris has taken on leadership roles in local community centers and food banks.
Shownotes Transcript
Hecker on cigar was responsible for some of the most notorious hacks ever.
Committee special agent Chris tarbell, the I .
tip to fifty million .
dollars in damages shadows cyberattacks on the rise.
Welcome to hacker in the fed. I'm Chris carbo, former FBI speciation, working my entire career and cybercrime. And I am joined as always by my friend and podcast khost text my ger form a black a hacker who once faced one hundred and twenty five years in prison.
Where is many years of hacking out of the code name sab. Our stories collided in june of two thousand and eleven when I arrested him and then convinced him to work with me at the FBI. Hector is now teamer researcher and cyber current expert. Hector.
how you do in in tonight? Now i'm a fantastic brother. I'm just here. Enjoy the weekend.
the week or or weekend. You maybe started early.
Who knows you? I'm at the point. So what you've been up to.
I don't think we've really caught out. And what we've been up to the last few months when we took a little break from the show, what are some of the fun things .
you've been doing? Oh, man, that's that's a fantastic question. Let me tell you, i've been very busy.
Aside from like working with customers on their penetration task for cyber risks, uh, work is been a lot of family stuff. You know we have some new additions in the family and very excited by that. But also it's been a lot of like content creation. You know I was never really sold in the whole thing of like creating content.
But as i've been i've been one a lot of speech with you and and even outside of that where folks like k, can you provide us a slide, you know debt presentation or a presentation or something? So i've been just sitting here writing a bunch of stuff, so i've been kind of doing that, learning how to do that. He had to remember I have A G D.
education. So I never really had an opportunity to go to school and put together like a slight presentation or um you know um do any like public speaking within the school or classes. So sometimes I one of the things there is a kind of newton mi still and so yeah i've just been sitting here creating a whole bunch of stuff and and i've been presenting here and there between here and importer ego or maybe like a online maybe like a webinar type thing for different organizations has been pretty busy on my end. I can't complain. I would have to hear about yourself because I know you have been super busy on in your side.
have been in a lot, but I have seen the new additions. Your family, they are super cute, I have to say. So i'm a little jealous of that.
You know, my kids are starting to get a little older, so i'm starting to miss on those Younger years of kids. I mean, the older stuff is cool too, you know, is fun to go and do stuff you know with. As children get, you know, become an adult, they drive and they can take you places and stuff. But, but, but the little .
kids mission is narrowly, you know why? If we could to go around two brother.
around three would be so little too go back to maybe I don't want to wish my life away. Maybe grandkids is the good thing again and given back when you're done.
actually know that's a good point, right? So like you, you ably a few years away from that. But yeah, I the grand can experience be pretty cool.
I'm only forty six years old. I hope i'm a little bit away from being called a grandpa.
Now but I ve been doing a lot to here to go. I got a little little ways back. I don't know how long ago I took over as the president of my local community center.
So that is taking a lot of my time. Um so I run the community center and kind of like to make a Better. It's bit it's an older buildings spent there for thirty years. And so so we're making a lot of improve ince there. I also started started working at the local food bank um uh and then they asked me to join the board uh and then in january, i've taken over as the president of the food book. I know I .
know I ve put me in .
charge so but it's a great place. I've got a lot of people that in my life involved in IT and coming out and do IT, you were resort about three thousand customers every month. Um we have about one hundred and fifty volunteers that it's a completely volunteer organization.
Um so it's good. It's I I like giving back. I like the reward of IT.
sure. No that is that is a absolute blessing i'm very excited by. I'm happy to hear that.
Yeah I don't like anybody to go hungry. So you know yeah, it's something i've felt passionate about for a long time now. I really didn't get involved that sort of thing for a long time, but but now I have the ability to do that.
So I enjoy doing. And you know you know how i've told you that i'd go on a group of all FBI guys. We go out to mean up in vagues every year and watch foobar games and just do not have a good time, and we see each other once a year. I told you about that trip, right?
sorry. Yeah, absolutely.
But on this last trip that we I just got back from about a month ago, a couple of those guys know they started to punch out of the bureau's i've done there twenty years. They're gone to do IT and they also want to get involved in their local food banks. So I feel like it's it's good and you know how to spread that out. The uh of how nice that is do you know kind of give back to the community .
yeah that's that's that's a beautiful thing i've always set to folks that you know you have a lot of fans. People set me up like directly or when I do the speeches of people yes, tell you about Chris so well Chris, a very caring person, very loving person, you want to do more um and so this only makes sense to me, right? So i'm not shot a surprise that you went in this world.
I think that those people very blessed have you there. Now I I will bring up, kind of make a funny thought I had, which I remember the story I read several years ago. These two guys and went to rob a bar, and he walked in.
IT was all FBI agent because there was like a conference to something and and the guy is like, their life suck, right? I went to prison and I caught up. So god, for video, i've have a bad guy like walk and looking around and he's just just so happy to follow the news didn't be IT. Oh my god. Call IT is, you know, I started to hope bad .
guys don't go through the local food bank, hopefully that so all of our customers are great people to work with. We got a lot of the volunteers and IT ranges from the retired people all way down to like college kids. So it's good to work with with the old ends of different people.
So well, i'd tell you what when i'm down there, i'm hope if to visit you summer so stuff you to put in some work with you and go there and check that out for sure.
It's fun. You couldn't believe how many people in my personal life come and to ask me about you. And I want to be acted. My mom is in your biggest fans. You definitely wants to meet in person one day.
But everybody I run into their like, h how's hectored? How's you doing? I want to heard him in a while, always asking about you.
ah, that's beautiful. One of them. I'm happy to hear that if anybody listening that in from crisis life, i'm OK china.
I try to update Chris as much as I can't, even both our schedules, we get there. We get busy sometimes, but we try our best to deal keeping conflict. Ast, once a week, because you know how life is. My life is active. Yes.
sometimes. Do you make me nervous? I couldn't hold you a couple of days the day you, I was freaking him out.
Yeah yeah well so so for the audience here that those are a curious um I went to do a presentation and porter eagle for the east events shot out to east. I love the east organization for those who know that are not really the tech industry or a security rather issa is the um a really coordinate ization the information system security administration.
Um you have chapters all over the world very so much like uh if regard Chris very much, I regard chapters like you know different cities, different countries, municipalities, seta. If you guys have just habit of east organza in your toe, go check and out. It's not going to caution thing.
Um I tell you right now though is a security conference or or um you know maybe meet IT a lot of auditors whatever meet a lot of auditors rather uh but yes so I went to do the event um importer ago I read in an office kind of wrap on my presentation into my practice with my team um and so yeah during that time, Chris, I was a busy brother. I really look at my phone. I was nonstop. I flew IT on thursday, thursday. I went straight to the office, friday to the presentation, and then I feel right back to new york.
After that, I had zero time. That's a busy day. So sorry, sorry. I freak out because I couldn't. I came here for me.
I get nervous. I do that real case with this, the case I get lost that all you saw up. So hector .
brought up in regard so big shadow to saying this a lot in our speeches as we gotten corporate america. Um if you guys have an infrared chapter and you guys are an IT and join your local regard in regards to organza, the FBI runs with the private partners. They just give good information, good meetings have always said, you know, have local law forceful you know, a telephone number it's a good place to meet FBI guys, secret service guys.
So you know, when that hack does happen, you have somebody to reach out to. So a big shutout in for garden. Infor garden is one of the big reasons that brought up and night together and hacked actor, hacked into IT. I found him and we've been friends.
every sense set out to effort. But you know, let me takes something, Chris. You know, I obviously list I made some mistakes in my life, and there are times I run into like a victim organization, the company is. And before I broken into at some point and believe they are not and IT makes sense, right? In some cases, like their their leadership don't really want associate with me or the communicate with right.
I I can get that hundred percent and i'm hopefully one day out of those companies can you know sort of conversation with me but if regard not so much if for god been very open to having me speak at their events um and especially Chris um and i've done I I think i've done wanted informed by myself where's like this web on like web on thing I just show up and speak. I became friends like the director of irregular importer eo as well. Very nice guy.
So yeah, I want to read a great big, I want to erect dan really coorg animation. If you don't know who they are, you know, if you have a local chapter, man, sign up IT doesn't cautious thing, you know, as you do. Membership does not the conversation, but they have they have to medical programs. And if you are a business owner and you are in the space, if forward, they do give out the alerts, you know, before the news get IT. So if you if you want to be in the know, that's the place to .
be yeah so yeah, joining for good hector. We ve been ramblin on here for for a while. So let's get into some stories.
We guess some with stories for the people first that we pulled up is a massive hack for higher scandal rocks, italian and political elites. So the president, former prime minister, I were among the targets of a hacking. They were selling highly sensitive data.
Um apparently this was multi ear breach of national security database. And so they had hired a group to come in and um at night they were breaking into their servers. The allegations, four people have been arrested. Sixty people are still in their investigations, with allegations of conspiracy to have corruption, illegal, a access of data in violation of official secrets. Do you read this one?
Yeah no, I read the story I been following and you know very big on geopolitics. And of course I I have friends and customers in italy, in fact one of my customers from this week from italia and we had a fantastic time when we spoke about this.
Um so yeah, this is very concerning because whenever you have folks in the government going up to the president office um that are you know part of a targeted campaign that's successful, that's very concerning because we're talking about a information that should not be in the hands of people that we shouldn't have IT you know as you know, as italy is as a major partner in an allied united states and we share information with our allies and partners. So as you can imagine, if there's something sensitive to us and we're sharing IT with the president's office, uh, that could be problematic. S so yeah, this is so this is a crazy story in my friend.
yes. So IT says that they compromise database that one log suspicious financial activity to trace private bank transactions in three house police investigations um but then the data was a then sold by the clients who used for black mail uh and profited roughly about was three point one million a reprise, many three point four million us dollars. If there is all this information about politicians doing things, suspicious financial activities or whatever, why not being investigated by the enforcement?
That's a tough one. Imagine if this breach had happened in united states. In fact, I remember stories back in the nineties, maybe when you had members of a certain organization in europe that had compromised I T.
Firms and accounting firms, uh, around the White house here even though the the folks came from an outline nation, IT was concerning because you know won what kind of information that they gets too? Can they utilize that in in a active campaign? In an intelligence campaign. And three, once the FBI got a hold of the information that was stolen in our taps, you know, I always found that interesting is like, what if the F. P.
I finds evidence of wrongdoing from that, say, a political person, a politician for example um you know does that sprang a whole bunch of other investigates? I could imagine in italy if wrong doing was found um and extra traded by bad actors um you know what the italian cyber police at that points uh or or or their FBI contort then start investigating you know all of that activity plus the breeze itself and what does that do of like like chain of custody know that self like you I I don't engaged on law but you know I can't imagine with the kind information that came out of here, what what that does for all sorts of other investigation are taking place. You know.
examples. Hunter is laptop. I mean, that information was used further criminal investigations into the president. Sun, so you know that that kind of solves that chain of custody issue. But I mean, so the data was worth three point four million dollars, us dollars. So I had to be pretty good information against some of these people if they paid IT the for blackmail or you know their political opponents paid for IT, that's a pretty high, high number of people .
and that's a good money right there. But I really surprised, honestly, if you look at the fact that but there are some wiretaps that, uh, implicate this one gentleman, tous IT consultants, who had a whole team, you like a whole team of sofia engineers and creating, maintaining database.
And so was interesting about this um these guys is that they had allegedly you know something like eight hundred or information and eight hundred thousand people in italy and probably abroad. My question here is you know who was he dealing with right? Like you know .
was he to who .
is he selling IT to? Yeah, absolutely. Is he selling IT to russia, right? Or are you setting get to your local politicians that you don't want some dirt?
You they came over from from italy, are any inside and do that because you I think we're getting bits and pieces of whatever story is but but yeah, who's paying in the three point four million .
years for this information? Yeah no, that's a great question. And honey, I think not enough details on this yet. This is kind of like an onward story.
We're hearing more and more easy day, but my main surprise was that we are only talking about three point one million dollars. You've see some crazy crimes out the crease, three point one mill um with this kind information seems kind of low. Maybe maybe i'm looking at a road. Maybe we were told a small Operation here, but the information of these guys had, uh, you know, I I think would be pretty worth more. I don't know.
You saw that your boy, when they've arrested in this whole thing. New zo, I guess, is his name. He used to be a hacker with anonymous .
first he's not my boy let's not make that association thank you um but yeah apparently he claims some sort of filling ation to anonymous at some point um apparently both that he compromise the pending on which is which is not a good boss to make especially post arrest. Um you what kind of happened to him? You know, I have no idea, but I guess we'll see is the kind of story comes up. But yeah, that is just .
somebody might be getting excited.
You might might be hyo k magazine that the skill .
sets there ruses used to get in, but he also had access through inside models. So they had people in on the inside.
work on the inside.
I knew you'd get there.
Yeah, list at the inside. The threat is a very real issue that most organizations have no idea how to deal with. You know, in fact, I had a really good conversation not that long ago about buz words.
In fact, i'm helping one of my, one of my friendly companies company is I do business with they're doing like a marketing event and they wanted to put together this marketing rather this like marketing bingo to everything with buzz ds less mystify these buzz ds. And though number one, buzz are always pop up. Chris, can you guess .
what that is my .
photoshop. I ahead word i'd .
say A I right now, but you used to be cloud. Um I don't know what what is of zero .
trust ah so when you look at zero cross I got beat down. Unfortunate but is in in theory how most networks are won today. In fact, the nc has tonn a documentation on how to implement the concepts within zero trust within your organization.
Zero trust is not just a thing. IT is a IT is a conglomeration of different concepts, right? At least privilege and microseismic IT seems like that.
So for any view, guys listening to this story here and what's happening in italy or what has happened italy in your concerned about like a rogue insider, you have to start looking at um you know the assumed the breach, what will be the worst case in every so embrace into my network, how can I mitigate or limit damage you can cause? Take a look at zero trust, take a look at the core concepts, micro segmentation. Chris would to stop this guy, or limited his damage, and he also would limited somebody else. So if I don't want to mention someone that did, that was here in the states as well.
it's true. And it's true. So you write of the nsa. The nsa just put out their mobile device best practices. You can we go through these and see which ones .
you and I do yeah and I even tell you which was I don't do so how much fAiling .
their standards on on okay. So disabled blue tooth, when you're .
not using IT.
I do that. Sure you turn that off.
Yeah I turn off for the tories is want to security applications.
but also the battery mattering. But if you leave your blue to the searching for device, so type yeah I leave my not I hate my headphones at least once today. Go to the gym or going out for a Walker something so it's too much pain in my ice.
Turn off, right? wifi. Do not connect the public wifi.
Okay, so this is where your boy hackers in the grey, right? So as you know, I have multiple phones. I know you have multiple phone as well.
The phone that I use courter call for public stuff like, you know, Prices. People on this, on this, uh, listen to what day party have my phone number. I have a public number right now.
I use that phone to connect. Elect the united airlines wife, for example, right? I will do that.
But for my, my private phones, I dodt. So I kind of great. I'm in the middle.
I I don't connect. I'll use, I Carry an ipad that just don't care about all connect that to public wifi, I will not, but it's not there to delete anything, any real accounts that I use. I will not take my phone to public wifi, I don't know. I don't cook my phone to like if I go to someone s house, their guest newark, I will do I just go off whatever network of my family in .
network yeah makes a lot of you know what I listening to you and what you're doing here with tablet tablet I finally have to go out. I do have a tablet here that could use for that um and I could I could further segments you know that public phone away from potential tag because I don't do this all the time, I should definitely do that more, more.
Next category in wifi. I disabled wifi when unneeded. I definitely am not doing that because I would never remember to turn IT back on same here.
I failed this policy that the ending is offering here or or or suggestion I do not to save with my .
wifi when i'm not using .
IT delete unused wifi. You know, this is a good one, Chris, because I i've gone to my phone or my public phone and I have like ten thousand wifi a configurations on that phone. And I ve always wondered, you know, I have been done like a risk assessment and IT bothers me. But no, I do not delete on news wifi. I do.
I do that on a plane. I'll set on our plane and just go to the use wifi. So probably once, once or twice a month that i'll go through really just that ipad that I use, i'll go through and delete, letting me know I try I once in a while grab my White phone and go through hers and delete those is she's Better that stuff.
But that lead into the next one, maintain physical control. My wife actually does not maintain physical control if I can get to your phone. But yeah, i'll tell you like I have my phone with me all the time. No one else is rabbit. I don't leave IT sitting anywhere and even in the gym I have IT with me um and when I sleep at night, you know the only thing closer to a to me that my phone is my gun.
Yeah, there you go. Yeah I was about to say, I don't think this anybody, the planet, they would try to take your phone away. That's a big no.
T, T, oh yeah. no. absolutely. As for me, fortunately you know as as a former um as A X fun and I can have any weapons.
So what I do have the phone is always with me. I do not lend IT out share IT. If someone has used my phone in the street, I do not do that.
I am sorry. I rather give you a dollars. You could find a payphone, a step that which spite the way don't exist your city more.
But but, and I also have like a cross body bag. So if you're going to try to take my phone, you going have to fight me for the back. That's very much where we.
the nsa says we should have a case that will drowns the microphone for the government against hot my attacks. IT also blocks the camera. I do. I do not have that.
I do not have that. I I products. This might be like privacy cases right yeah I .
you know what .
audience if if we finds some cool ideas are I do some ideas are um on on those kind of like privacy central cases I don't have when I should yeah according this is I need to get so so this one .
I went to be write off the sheep is this one I understand so I need you to explain to me he says, do not in big, bold letters have sensitive conversations in the facilities of mobile devices. Not can figure to handle secure voice so they're telling me not to have a sensitive conversation on my phone.
Maybe what they are saying is, you know, if you're going to have sensitive conversations, you probably not do that around other people with technology or devices. And I could understand .
and imagine like they're trying they can record you even in a room or something. Like that, yeah.
what if you could visit one year power? He has a syria in the room. And you know, you go to the room to talk to your wife, something very sensitive.
You close the door. But series, they are listening, right? So I think that and say is like, you know what, Chris, maybe you just step outside to make that call the .
what apps medical number and only from the official APP store. I am religious about this like like I will not even believe the APP store of official. I go to the website, let the website take me to the APP store. You know, the domain has to be verified now that the guy downloading the artificial lap, it'll never catch me doing that. People probably targeted me now said that.
well, we've seen evidence where official apps have been breathe compromised by means of developers and maintainers, right? So it's still there's still some risk there. But I do the same.
I do not downright anything outside the scope. If I need a APP, I would get IT from the the fiscal stores. Um as for my phone, have minimal apps, right? I have the things that I did and that's IT and games. No, I constantly tly going through and deleting .
things that i'm not using them anymore. If I don't use IT for a month, there's something yes, I did IT and I wish I waste of my life. I'm not like I look in my closet. I still have clothes I have in one flag years, so I don't know. So I guess i'm not a minimalist, but on my phone, I and I get rid of the apps quick.
Oh, yes. And by the way, for the folks listening, the reason why the n is uh is putting out this recommendation de from giving you some perspective on on how to secure yourself and secure your mobile devices and family devices, cetera. The core concept here is minimizing your tax surface.
If you guys have not got onto that, you right want to minimized a tax service, minimized your apps, disable the wifi not using IT the reading old wifi profiles that can be problematic for you, disabling blue tube without another attack vector. So that's really what the nnc is trying to promote here. Minimize your tax surface to as more of an the surface as possible is really fantastic.
S so I got ta tell you though, android security has been concerning for me because i've been I have both android ends iphone. I also have dum phones. Have you see those? Chris dum phone, yes, so a dumb phone.
Okay, let let's go back to like the early twenty years or two thousands when you had like the motor role to razor, maybe the psychic they have to the psychic, by the way, I think I think that so those phones quote and quote, we're smart with the psychic. You could downa like a java essays client and essays over, like, you know, over drage whatever, and you to access service, whatever. So in that regards was smart.
And the attacks service on that was pretty bad. But now let's take IT a step back. Is the one generation backers from the psychic, from the raisers IT will go to like the palm, remember palm O S. Devices, right? Some of them, I think, I think they had a phone at some point, or they had a phone model that like the promos devices, those were very simple applications that you cannot modify your update applications over the wire, uh, or or over the air O T A.
So some of those apps, I mean, you know, we find when those phones now more than likely it'll turn on and those still work mainly because the purpose for a lot of those devices was IT just offer saying our capabilities maybe some SMS, maybe a little calendar and that's IT. That's won't dm phones. So i've i've been talking .
about that as well. nice. yeah. Next one is used biometrics. You use biometrics.
your great question. So now that I am a law biting citizen, I don't mind using biometrics. But Chris, I tell you.
what did you have against IT when you are not on the side of the law? Well.
I would say that my big concern was if I got arrested and I was going with the agent that was not so professional, maybe you'll put my finger on on on the reader right? Um now product school the case up. But if you go to the streets, criss, you come to new year k city.
Come to the street you see the drug dealers all that they don't use biometric either. They're using you know long pins now right um so as a long long biting citizen I don't might use the biometric goa bit I get hit by a car maybe uh uh the uh law force middle or uh ambuLance folks needs to use uh the context by my device. They could pull my finger on IT I fine, I don't care. Um but yeah, that's kind of where that why .
do you think the N. S. A. Is pushing for people .
use by a metrics that's go on. But let's s assume that the nsa is being a know sincere in the recommendation. You know if they're being sincere about the regardant here, it's mainly because humans ffo patterns. Most humans will follow a pattern.
And for example, if an ava service targeting you and they know enough about you, more unlikely they will probably figure out on your pin code, right, maybe a birthday, maybe your x wives birthday, maybe your first address, your first home. And this, a lot of this information is publicly cessions. So I think that's why the N. S is pushing this. If you want to be a conspiracy theory, you could also say all of the and say wants to use the biometric ics because they're party sitting on everybody is finger presidence abase anyway, you know.
i'm really good to get people's pin numbers when they use their pins. I log IT away all the time. I so I always, I was I member.
We were on the squad one time. And the guy across, he is a great guy. I'm not going to make his name, but great guy. I saw his pin and I logged IT away, back of my mind, probably for, like, nine month or so.
And he had his phone, and I and I convinced him that the FBI had taught me how to break in, that I think he was like iphone, probably four back down or whatever. And I said, hate me your phone. I bet I getting your phone is like, no way and he had an eight digit pin, but opened up, blew his mind.
I I never told him how I got and I say, oh yeah, they put a back door in IT, but I never get into IT. yeah. Blew his mind.
I also, I was sitting on a plane once next to a very famous person worth hundreds of millions of dollars. Yes, got her pin. Got a quick.
yeah. So I don't know, I don't know why. I'm intrigued with fuel pins. I think he says something about you. Once I get your pain, I tried to figure out, why did you pick that one?
Well, here's a thing. From every pain i've ever seen from people there are personal close to me, right in life, business, whatever, is always something personal to them. You know, the kids birthday is something. So I think this is why the nnc is like, no, no, no, let's not use pins because we are predictable by nature. We do follow patterns um unless use something that is little bit more around than what would be your finger prick, right?
IT is easy to get a passport. Just install the camera right over something you know desk or something like that. It's pretty easy to snow.
You're pretty quick. So yeah, I guess you know pins are pretty easy. Yeah but I get your finger. I got you're going to you're touching the phone .
so and exactly right and and so like there's a devalue to IT, right? There are present cons to this approach. I could agree with us especially if like you're square, you don't do anything crazy um and then you know you wants to provide the capability for someone to, you know listen, emergencies happen what if if I know catches focus something and you know my mom's numbers there, you know maybe the cup once of which shots my mother really quickly you know I mean like .
I get IT when you call .
me a squares that I put down no, no, no, no, no, no. Maybe back in the fifties, you know. But listen, I call myself square all the time.
I don't even in jail. In fact, i'm actually know. I think this legislation to make jay walking legal in new york now I don't even do that. I'll just wait until the light turns Green number ago, you know so yeah I I definitely biometric. Now, the plans, I would pray forget I yeah .
yeah I here. Well, updates do you? How are you with updates?
So updates, yes, I am pretty good with updates. I do have some like the public phone that I use is a pixel. So the eagle advisors, you have a attack pack.
You are given away a lot of your secrets.
Oh yeah, so much making me called my ones up.
Yeah, yeah you long tell you to shoot your mouth.
But yes, so I feel like the public phone I use a google pixel and big set out to google as soon as their security updates, they're sending them off to the point you and and they're really good with like like security update. So um yes, now for my other phones that do not have like all update whatever, I do try to update manually in the weekends every week. So yes, and not doing every day.
You know I don't think we have time for that row. You know that this is too much, but on the weekends remember doing anything yeah i'll describe with the phones. I go to all the phones and just start updating them when appropriate .
yeah this other one I do all the time to the power cycle. The the device powered off and powered off and is weekly I probably do every forty eight hours just I think IT works Better. I think you flushes a little something now, you know and know sure member defragging, I don't think d flags but but if he feels like that after they just workflow yeah and .
for the folks listening, you know, one of the one of the recommendations at the same makes and this such a big one. I saw a lot of people coming on this one place, which is you want to reboot your machine once a week, several times a week, whatever works for you, whatever fits your schedule.
The reason for that is because there are gonna some exploits um that will you know compromise your device and you'll live in memory you know when you look at uh like sailor, always a cell phone security or mobile security. And we've done stories on this, Chris, where an adversary has created was a peg is right pegs as created like a three stage plus a payload where one they identify exploit wannabe in um I think PDF. So whatever was of the image processor.
And then that would execute a payload, which is based like a virtual machine hypervisor, and then that would try to do a send box escape. And then they're trying to some persistence, by the way, and experts like that lasing gents are not common. This is reason why those kind of exports are being sold in the in h the dark, dark marketplace for millions upon millions of dollars. Now.
five, five billion dollars per use.
So if you believe .
that somebody was willing to pay five million dollars to get information off your own, the may be you be a target, but you may yeah .
more than likely not now, but there are other x boys and adversary or not as ophicleide that or do not have that those kind of resources. So what they'll do is they will identify of variability, maybe a one stage vult ability that will explore your phone and just sit their memory may be it's not a set box escape.
Maybe just like a inforce dealer sitting your collecting information right now, when you rebuild your device, you were going to kick off or eliminate that process is a sitting their collect information. That means that the evolution has to to attack you all over again, right? So IT makes sense what the N.
S. C says. Hey, by the way, you guys should be rebooting your phones, at least you know weekly.
So makes sense. Me, I do IT. I've been do IT for body here. Now.
you know, the big one that people tall forget though, these last two, the update in the the power cycle, you device routers, your home routers, you make sure they are stayed updated with with the latest patch on the firm work, but then cycle IT like at least once a month, you know, just just cycle the power on IT IT, IT. It'll kick anything out there shouldn't be sitting there.
Yeah and by the way, for the loves of you that have like your router surrounded by, but this stuff I have my rode in my closet, it's always round by cloth and stuff. It's always hard. And there that's my food I I got to find a Better solution.
But IT degradations that the grades of IT, the grades your uh sometimes your international speed right is your connectivity gets affected by that. Um so like rebooting around and make sure it's update at first and then rebooting IT goes a long way. I've seen some major boost and in band with after that.
And the last one, do not use public charging stations. Yeah I can't imagine someone is going to because most of these charging cords now there are all, all data cables. You know you have no idea what you're plugging in that data cable into.
Now if you're you're using just you know a power block and then the data cable comes off, that fine. Uh, but yeah, I don't get on a plane. Do you think that you have no, yeah, what's on that? You know, yeah, it's crazy.
Well, that's that's where your boy hecker fails. I don't.
How do you like in?
I plugged in on the plane. I don't pluggin at the at the public stations where people sit around and like together, right? But you're write, you know, you borrow a good point.
Yes, the plain technically could be compromised. Nobody is really ordered in or assessing the last time. You IT rather the integrity of those ports or the last time those ports are updated or investigated, assess whatever you want to call IT.
So yeah, technically speaking, if IT available on a long you know across ross country trip or international trip, they're sitting at their at their um at their chair for fourteen hours. You have no idea what they've done an airport without detection. And so yes, I feel that I differ. Use the poor at tisa.
Well, check that out. We'll put the link in the description to the nsa sheet and hopeful that you guys can can check yourself and see how you measure up the hacker and I, our use of the nas tip for mobile device best practices. Hector, it's been a fun show. I've enjoys talking you about cyber security and some of the great things we've been to list. If you guys wanted reach out to reach out to, I tions uh, I want to definitely do a uh, complete listener questions show here soon after or because those are our favorites, I love the, I love that that even share the questions with you, just have hit you with and see what your raw responses we're looking at for five star reviews share us on social media, put us out there. Let every know, let your friends and your coworkers know that hacker, and if that is back, and when we back every week with a brand new episode to talk you guys about cybersecurity, answer your questions and just two friends shooting the shifts once in a while.
right? This depart where, like, finish up in. Like, mm, guess who's back? Good, good.
yeah. No, absolutely. We love your questions. Please feel free to send and let's get a thread noy. You know, we've had some great conversations in the past for forces you'll go back for the threat. I'm i'm forward.
I think we said at last epsom, we've had some great questions to go. We had A A kid who started in cybersecurity. Now he works in end to saying we had a hacker reach out to us and talk to a ongoing conversation about how he was compromising things. He used to write this questions from compromise machines and know hatcher had a heart to heart with him telling him, you know, that, you know, he had a great skills set. And he used that skills set for for good things um and you know you can make just as much money and not be worried about that knock on the door.
right? I don't .
think i've been on one side of the door. It's it's a whole different world. So actor, it's been fun. I look forward to talk to to you next week.
Chee's friend. Cheers, my friend. And and thanks very, very for listening.