Cyber Crime Junkies

The MOST INSANE Things That's Happened in Cyber Space This Month!

Cyber Crime Junkies. Host David Mauro. Season 8 Episode 7

Share episode

Question? Text our Studio direct.

New Episode🔥🔥The Cybercrime Junkies show discusses contemporary `cyber security` challenges, emphasizing that older notions of threats are outdated. We dive into how direct `hacking` via `wifi` can lead to gaining `root` access, and how quick action is needed to mitigate these `exploit`s. Stay informed to protect your systems from `cyber crime` and ensure proper `shell` access management.
==========================================================


00:00 Cold Open – Welcome to Chaos
 01:35 Meet the Hosts and Chaos Format
 02:45 Story 1 – AI Coding Tools with Critical Vulnerabilities
 05:20 Story 2 – Flock Safety and the Surveillance Camera Nightmare
 11:40 Story 3 – Insider Threats and the Ghost Contractor Database Wipe
 15:20 Hack or Hype – AI CEO Beats Human Executives
 18:05 Hack or Hype – Therapy Dog GPS Ransomware Story
 20:50 Final Takeaways and Why This Matters
 21:55 Where to Follow Cyber Crime Junkies


=============================================================


Feeling Kind? Consider Supporting Our Channel by subscribing! 

👍Like, Subscribe, and Comment on our Channel or this Video!

➕Join me on my other channels: Main Site | LinkedIn | X/Twitter | Meta/Instagram | 

Season 8 is officially here — and it’s the most unhinged, hilarious, and dangerously educational season we’ve ever done with full cyber chaos:

🔥 Interviews with spies & double agents 💥 Cyber WTF moments 🎮 New interactive segments & games 🛡️ Business-grade cybersecurity insights 😂 More humor, more banter, more chaos

Hit SUBSCRIBE 

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 

Support the show

🔥New Exclusive Offers for our Listeners! 🔥

Dive Deeper:
🔗 Website: https://cybercrimejunkies.com

📰 Chaos Newsletter: https://open.substack.com/pub/chaosbrief

✅ LinkedIn: https://www.linkedin.com/in/daviddmauro/
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

===========================================================

 

The MOST INSANE Things That's Happened in Cyber Space This Month!      

speaker-0 (00:10.466)
Yeah, I know it's like show and tell.

speaker-0 (00:14.988)
Alright, quick question before we start. Did you wake up today thinking the biggest threat to your organization was a hoodie wearing hacker in a basement somewhere outside of Eastern Europe? Cool. You're wrong. Today cyber criminals don't break in anymore. They log in. They sit next to you. They pass background checks. They bring therapy dogs. Yeah, therapy dogs.

In the next few minutes, you're going to hear about AI tools that can be hijacked surveillance cameras that can hear you scream, but can't even protect themselves or render help and insiders who used AI literally to ask how to cover up the crime they had just committed. I can't make this stuff up. This isn't black mirror. It's not science fiction. This is corporate America with admin privileges.

Welcome to Chaos, the monthly segment of Cybercrime Junkies where the hacks are real, the hype is optional, and someone somehow has the dumbest ideas that keep winning. This is Cybercrime Junkies. Let's get into it.

Before how's that going and doing?

doing fine. I think he's doing fine. All right, well welcome everybody to cyber crime junkies. am your host David Morrow and in the studio today is the illustrious Dr. Sergio Sanchez and the infamous Zach Moscow gentlemen. How are you?

speaker-1 (01:42.485)
Exit.

speaker-1 (02:00.696)
Very good yourself.

doing fine, Zach, on the mend?

I'm on the mend, feeling back to normal. Thanks for checking.

Well, that's great. So we have our chaos episode. It is the most insane cyber stories you won't believe are real AI hacks and WTF moments. And we each bring a story that we found the meaning behind it, why it matters. And we're also going to play.

Hack or hype? That's right, ladies and gentlemen, we're going to play hack or hype. The greatest... The greatest... Wow, I didn't turn that off.

speaker-0 (02:44.974)
All right, we're back. It's the greatest trivia game on the planet. And we are playing for 4322 cybercrime bucks, which, by the way, are completely worthless. But

can make a coin out of them, David.

We very well may make a cryptocurrency out of it or send you a sticker for playing. So who would like to begin for our first story? All right, go ahead.

Enough.

Yeah, there's one that I really love. So I saw this on, um, on the hacker news a couple of days ago. Researchers have come out with a report that identified 30 vulnerability vulnerabilities across AI coding tools. Now, some of the audience may not know about these, but one of the big innovations in AI is being able to code more efficiently, faster, more error free even than, than humans can can do. And there are tools out there like

speaker-2 (03:45.166)
Cursor is a big one. I know that GitHub has an AI powered version. Anyway, they found multiple flaws across a lot of these tools and technologies for remote code execution and injection. So if you're not a coder, why does that matter? I think it reinforces everything that we're talking about and have been talking about about the security implications of new technologies.

right and understanding that inherently there is risk in using AI products, being mindful of that, prioritizing your security practices, being careful what you give them access to. This is a perfect example of having proprietary code exposed to anybody.

Yep, absolutely. good, good, good story. That was a good lesson, good story. Good, fine, from the Hacker News. We will give you applause for that. Well done. I mean, from the bottom of my heart. Alright, Sergio, you're up next. ahead.

Perfect. So actually this article, this story came from my cousins in Spain. And I will tell you again why he's connected to us here in the United States. So I want you to imagine a company that promised to eliminate all crime in America, all crime out of United States. Sounds great, right? Yeah. they are doing it by tracking every car, listening to every scream on the street.

and giving also attention to something like a gunshots. Okay, welcome to Flock Safety. This is the surveillance company that built America's largest private spy network. So, Flock Safety operate over 80,000 AI powered cameras across the United States. This is not only normal traffic cameras.

speaker-0 (05:34.806)
the traffic cameras and stuff.

speaker-1 (05:49.484)
they can check for your license plate. They have basically license plate readers that captured your plate number. But now also your vehicle details, even your bumper stickers, you know, they discovered that people, change license plates. you have, you know, bumper stickers that are specific for that car or even, you know, for, you know, crashes, scratches, et cetera, et cetera.

Yeah, that's why Zach keeps his drill in the back of his trunk. Because after he knocked off that liquor store last Thursday, he had to like, he was doing it by hand and he's like, my hands were getting cold. I'm sorry. wasn't sure. It's the pulse it pulls right off. Next time I see you I'm pulling that beer.

This beard is actually a stick on I can just yeah

speaker-1 (06:38.144)
All right. So this information that these cameras are kept for 30 days. Okay. And every time you pass in front of these cameras, you are logged. When you went and all is traceable and track by basically police, which is a good idea. You know, if you are not a criminal, you don't have to be worried about it. But now wait, it's more. They just add Raven.

This is their acoustic gunshot detection system. But now, it's not only designed to detect gunfire, also have a new feature that listens for human distress.

somebody's screaming for...

So they have very high power microphones in basically every important city in America. So now that sadly violates a couple of, you know, ear dropping laws, but the vlog doesn't look like care. Now the real problem here is this. This is what my cousins in Spain found in this article.

So these cameras was tested by an independent security researcher. The name is John Gainsek Gaines. He conduct an extensive research on documented and documented 51 security findings, including 22 CVE assigned vulnerabilities. So what he found in these cameras. So

speaker-1 (08:17.486)
they were reduced default passwords. So password 123 or admin password. Hidden triggers accessibly via button press. You can press a button and give you information.

Yeah.

speaker-0 (08:33.112)
So it's susceptible to a lot of people hacking.

Yes, completely unauthenticated APIs. You can have root shell access directly using wifi. Direct camera feed access, so you can see what the cameras see. And this is somebody that just can walk, be under the pole where the camera is located and get it.

So what you're telling us, so let me pause you for a second. What you're telling us is they've amassed this massive surveillance system that can hear and see all the way down to the details of a bumper sticker on a car and hear a voice from yards away, 100 yards away or more. And then those are not even secured. They're easily hacked.

Correct. basically that's the translation. know, everyone with basic thing got knowledge could potentially compromise these cameras view for footage, manipulate the data, even take them offline.

Where has this been installed? I imagine this has been installed in several cities in the US.

speaker-1 (09:47.33)
Chicago Seattle New York City and this is why it's happening in Spain. They are having 500 of these cameras in Barcelona where my cousins lives. So when they saw that they send me this email telling me is this true?

Yeah, right down by Plaza Mayor and stuff in Madrid and Barcelona.

Exactly. So I was writing this white paper that you can find, anybody can find in the website called Zenodo. Z E N O D O. And the writer again is John Gain. And basically the defender checklist for vulnerabilities is there. he contacted, actually he contacted Flog and told him about it.

story.

speaker-1 (10:40.938)
And there's a, well, don't worry. The cameras have physical security. So it's like, well, I guess criminals can never climb a pole. Yeah, sure. So that is not that the police is using it is that criminals can use it. That is the problem.

Right.

speaker-0 (11:00.779)
my.

I feel like they're both problems. There's privacy laws and also this is very evocative of what was happening in China five, 10 years ago.

with the police.

Wasn't me.

Unbelievable. Well, that was thank you for sharing that. So that was a really interesting. That's an interesting story. I mean, that is so I mean, that could be an entire episode because there's privacy issues. There's all of the the Internet of Things vulnerabilities. There's a lot of things to to break that down. Maybe we'll we'll do a deeper dive into that later. Really interesting. All right. My story is

speaker-1 (11:42.08)
Absolutely.

speaker-0 (11:46.932)
Insider risk. You ever think the big danger to your company is some shadowy hacker in Russia or a zero day exploit that you haven't patched yet? Well, spoiler alert, sometimes the real danger sits right next to you in the break room, sipping good coffee scrolling LinkedIn like everybody else. Enter the ghost contractors meet Moneeb and so high up after twin brothers.

from Virginia who are formerly convicted state level hackers who rejoined the workforce working for, of all places, a federal contractor. Yeah, what could go wrong, right? Well, looks like their work ethic or their work product wasn't up to snuff and they got fired.

But instead of walking out quietly, they walked into legendary status. On their way out, they deleted, allegedly, 96 government databases held by their employer, including files for the Department of Homeland Security, the IRS, the FBI, and more. 96 databases.

No

speaker-0 (13:04.04)
The brothers had previously pled guilty a couple years earlier for hacking related offenses. And apparently that didn't stop their contractor employer from rehiring them. According to the indictment, because they got indicted minutes after deleting a Department of Homeland Security entire database, one of them opened an AI tool, a generative AI tool, and asked, how do I cover my tracks?

Clear system logs now.

Yeah. Good at hacking. Not good at common sense.

Right. They even used AI for the cleanup. Devices were wiped. Files were destroyed. Evidence was erased, all orchestrated by people with legitimate access. So yeah, insider threat doesn't just mean data leaks, right? Or people exposing things. Sometimes it means we wipe your records, erase your audits and ghost delete everything.

It also means you need good termination policies and revoking access before that meeting starts.

speaker-0 (14:13.218)
Yeah, I mean if you run a business, even a small one or manage a family run operation, treat every user with internal access as a potential threat vector. Enforce the principle of least privilege. Only give access to what they need today, not what they might need in a crisis and remove access immediately. The second someone is off boarded. Don't wait until later next week. Absolutely.

Zero trust.

So now, yeah, well, wasn't that interesting? I you know, I like insider threat because it's something that a lot of people don't talk about that often in cybersecurity because it doesn't involve detection or bells and whistles and things that vendors sell. it is, yeah, but it's really, really significant.

It's universal.

Yeah, you know these guys were malicious and they do it on purpose but how many people can erase that database because they don't know what they're doing and suddenly the company has not set it up something in place to try to avoid that mistakes

speaker-0 (15:27.982)
Okay, now it is time for the legendary hack or height All right, are you guys excited? Yeah way really excited we are we are So in this game as you recall I will read a Newspaper headline a title

of a story and each one of you will tell me is it a real hack or is it just hype? it made up? All right. All right. Here we go.

Chinese gaming company appoints an AI robot as their CEO and the stock outperforms the market.

I think it's real.

Sergio, you're down for re-

speaker-1 (16:22.158)
I'm done for real. And let me tell you why, because also I think Albania declared AI to be the, I don't know, the head of the Department of State. So, what is getting crazy? Yep.

Nothing could go wrong there.

Nothing can go wrong there. OK, Zach, where are you falling on the scale?

You know, I feel like that's crazy enough and there's enough PR involved in that that I'm going to say that is real.

I have to tell you something, know, 16 years working in the video game industry, I saw people doing very crazy things there, so...

speaker-0 (17:05.474)
Both of you got it right. Well done. Both of you are correct. It is a Chinese gaming company. Sergio, you nailed it. NetDragon WebSoft appointed Ms. Tang Yu, an AI powered virtual humanoid robot, as the rotating CEO of its flagship subsidiary.

After the announcement, coverage noted the company's stock performance outpaced the Hang Seng's index for a long period of time, prompting headlines like, Bot CEO Beats Human CEO on Financial Returns. I can't make this stuff up. Or can I?

That is giving bad ideas to people here in the United States. I can see now that some board says, well, why we don't try this?

Yeah

They did say rotating CEO, not.

speaker-0 (18:01.666)
Right, and it was a subsidiary. It wasn't the parent company.

It's heck of a PR stunt.

Well, and as we say with AI crawl, then walk, then run. So maybe they're just crawling. They're starting with a subsidiary. OK, I've got another one. Guys ready? Ready. All right. Hospital discovers ransomware gang used its therapy dog's GPS collar to map the facility.

Hospital discovers a ransomware gang used its therapy dog's GPS collar to map the facility. Sergio? I'm true or false.

I think it's true too. I have all my dogs with, I have six, they have GPS and I can see exactly where are they located and I can actually see their room in my house that suppose they are. So that is possible.

speaker-0 (18:59.512)
Okay. Where are you sitting, Zach?

Time out. You have six dogs,

Know I wasn't gonna go down that rabbit hole He's got six dogs all with GPS He must have like 20 monitors How many smart vacuums do you have man three

I'm sorry, I'm sorry, I'm sorry, I'm sorry.

speaker-1 (19:12.878)
I

speaker-2 (19:17.875)
How many vacuums do you have?

I have one Braba and the same brand for

We're not sponsored, but if they want to sponsor we will be happy to be sponsored by smart vacuums

I think the use case of this example actually makes all the sense in the world to me. I'm gonna go true.

Both of you are wrong. It's tough game this time. Both of you are wrong. No, I just totally made that one up. But I just, I had fun with that one.

speaker-0 (20:01.728)
It's plausible though, isn't it? Yeah, it is plausible.

In my mind, was thinking through how much intel would a cyber criminal really get out of a physical map was the one pause that I had. I got distracted by the six dogs at Sergio's.

You think about it, if you get the floor plans of a hospital, you can call and do something like a social hacking and say, hi, and such and such nurse from this floor. I can see that, you know, this room, blah, blah, blah. So that will give them familiarity with the location. And I think it's in a different way.

Yep, that's exactly right. All right, well, thank you everybody for this session of chaos. We appreciate you. You know, check us out on LinkedIn. Follow each one of us. Sergio Sanchez, Dr. Sergio Sanchez, David Morrow, myself, Zach Moscow. Also, you can find us on Substack where we have newsletters and our podcast is on there now as well. I've got the chaos newsletter. Sergio, what's the name of your?

Yes.

speaker-0 (21:17.462)
newsletter there on Substack.

basically behind the digital core.

Right. Behind the Digital Curtain by Dr. Sergio Sanchez. Check us out. I'm going to get Zach to do a substack too. I really enjoy it. I really like it. It's a neat platform. kind of like a blend of LinkedIn and Twitter. Yeah. Because you can kind of tweet out stuff and get some really good insight. It's not very political and the Kardashians aren't on there. So it's really kind of nice.

What a nice day.

speaker-2 (21:50.894)
I'm out if they're not there David. Yeah

I know, I know. That's a big driver for you. So, well, thanks everybody for attending and gentlemen, thank you so much for your contributions. I think this is a really fun episode. I look forward to the next one. I've got a whole bunch of stories and titles for Hacker Hype. So that game's got legs. So I'm thinking of even creating like a little intro.

See you all next time.

speaker-0 (22:19.98)
so that it like announces it like ladies and gentlemen welcome to hacker hype so

can add it to the soundboard.

Yes, and I've got your music too from your bands. I still have to have to to integrate that as well. So alright, thank you everybody. We will be back next time with leading stories. Each one of us brings you on and we hope you find value. Feel free to reach out. Texas studio with questions and we'll go from there. Thanks everybody. Thanks.

yeah, we should do that.

speaker-1 (22:50.242)
Thank you. Bye.

speaker-0 (22:57.262)
Catch us on YouTube, follow us on LinkedIn, and dive deeper at cybercrimejunkies.com. Don't just watch, be the type of person that fights back. This is Cybercrime Junkies, and now the show.


Head Shot

David Mauro

Host

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Breaching the Boardroom Artwork

Breaching the Boardroom

NetGain Technologies, LLC