On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked. Links from the episode:  https://www.ice.gov/about-ice/homeland-security-investigations https://www.ice.gov/partnerships-centers/cyber-crimes-center https://www.usajobs.gov/ https://www.usajobs.gov/Search/?k=homeland%20security ..read more

This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult. Links from the episode:  FBI Shares Tactics of Notorious Scattered Spider Hacker Collective https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective ..read more

This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management. Links from the episode:  Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover   Thousands ..read more

This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules. Links from the episode: Microsoft Releases Its Yearly Digital Defense Report https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023   Are Paying Ransoms Illegal in the U.S.? https ..read more

This week on Hacker And The Fed the end of privacy with AI being used to dox people in viral videos, billions of usernames and passwords are exposed, nationstate hackers are hiding in router firmware updates, we answer listener questions about working with the FBI, setting up a cyber security business, and safely using data sent to you be others. Finally, we announce Hacker And The Fed's first contest for cyber security awareness month. Links from the episode: The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech https://www.404media.co/the-end-of-privacy-i ..read more

This week on Hacker And The Fed we break down how Equifax was breached, is Google Authenticator MFA Cloud Sync feature responsible for a hack into 27 crypto companies? Google’s Threat Analysis Group announces an in-the-wild 0-day exploit chain for iPhones, the year of the insider threat continues with the arrest of a Department of State IT Contractor on espionage charges. Links from the episode: How Equifax Was Breached in 2017 https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/ https://twitter.com/vxunderground/status/1700335482440204521   Retool Blames Breach on Google ..read more

This week on Hacker And The Fed we answer listener questions about finding out our relative is a hacker, applying for a cyber security job as a chemical engineer, preparing you for a technical interview, the FBI being a great place to work, is MFA once every 24 hours too much, and much more. Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com ..read more

This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government. Links from the episode: Insurer Fined $3M for Exposing Data of 650k Clients for Two Years https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-6 ..read more

This week on Hacker And The Fed the FBI's Operation "Duck Hunt" takes down a ransomware botnet, we disclose the secret weapon hackers use for doxing, the New York City subway system allows its users to be tracked online, and we answer listener questions about leaving the FBI, getting jobs in cyber security, and Hector's detailed description of a red teamer. Links from the episode: How the FBI Took Down the Notorious Qakbot Botnet https://techcrunch.com/2023/09/01/fbi-qakbot-takedown-operation-duck-hunt/   The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15 https ..read more

This week on Hacker And The Fed a Danish cloud provider loses all of their customer's data, a hacker in custody continues hacking through a fire stick, there are two great write ups about a zero day vulnerability and HTML smuggling, cyber security entry jobs should be just that, entry into the industry, and we answer listener questions that include an ongoing dialogue with an active hacker about becoming a white hat. Links from the episode: Criminals Go Full Viking on CloudNordic, Wipe All Servers and Customer Data https://www.theregister.com/AMP/2023/08/23/ransom ..read more