It is helpful to understand what is really going on out there in the cyber world when you are training and planning your defenses. Hearing how the hackers got into systems or maybe how the security team found them and shut them down is a very interesting way to do just that. We are fans of the podcast DarkNet Diaries, “True stories from the dark side of the Internet”. As fans, it explains why we are excited to have Jack Rhysider, the host of DarkNet Diaries, on the podcast with us today. Prepare to be surprised by some of these real hacker stories.
First, we have to thank George, our loyal listeners up in the great Northwest for turning us on to Dark Net Diaries. He first sent us the episode The Beirut Bank Job and pointed out that it sounded like something David would do. Since then, David has been an avid listener. I am not completely up to date on my episodes but I am close and they are truly fascinating to hear. (Stick around to the end and we will tell that story. FYI, George was spot on!)
Before we get off on our conversation let’s make sure everyone knows why we thought this would be a good fit for our HIPAA podcast.
- We can prove that we don’t have to make this stuff up, it is out there everywhere, we are not kidding.
- We think Jack can share information to reiterate that anyone can become a hacker conduit or target across all sizes and types of businesses and people.
When it comes to episodes that really tie into what we do here at Help Me With HIPAA, I had a hard time deciding on just one. So, here are a few different ones that I think apply to our broad audience.
Hacker as hacktivist
#OpJustina. We actually discussed this case when the sentencing was announced. The situation is a very sad case of a very sick child was sent to a specialist by one of her doctors. When she was sent to Boston Children’s Hospital the doctors there felt that the parents and doctors at Tufts Medical Center were treated her incorrectly. Boston Children’s initiated proceedings to remove the child from their parent’s custody and blocked her other doctors from treating her. Unfortunately, the state took custody of her.
When this starts hitting the media and Anonymous announced opposition to Boston’s actions. They launched Operation Justina for their legions to attack the people keeping the child from her family. That is when things got really scary for anyone that was being treated at Boston Children’s Hospital.
The hackers launched a DDOS attack flooding their network. The attacks went on for weeks and weeks. Then phishing happened and everything got worse very quickly. They even had to shut down email servers for 24 hours. Three weeks of attacks went on before it finally stopped. They estimated $300,000 in damages to the hospital.
This is a story we use to explain just how interconnected everyone is in healthcare. It is also an example of how you never know what could make you a target of hackers.
Hacker with a simple message
Hacker Giraffe. People do not understand that everything is connected, including network printers. This case was just someone messing around but let’s talk about this story and just how easy it is to find open devices on your network if someone is just bored much less actively attacking you. Also, how often do you hear that network attacks often start by finding something like a printer?
It was so easy for this to be done that it should be a training case for everyone that thinks they are secure. Three lines of code and report that probably took minutes to generate and download. That is it. It should not be so easy to send things to thousands of printers around the world!
Hackers who are just kids
Finn. We have numerous cases where kids are brought to the office and set up to do work or play games or whatever it is the parents think they are doing. Sometimes, it is for punishment and other times it is just for convenience in schedules. I could easily see a bored kid like Finn poking around the network at one of our client offices. Let’s talk about Finn’s story and what it was like interviewing him.
Physical penetration testing accidents do happen
The Beirut Bank Job. We don’t have time to do all the details but I do want to point out quickly why George thought this story sounded like David. The security consultant that was hired to break into the network of a bank was successful. Then, he figures out it was the WRONG BANK. Yes, not his client’s bank but another bank just around the corner. It is really fun to listen to the story.
BTW, for you tech folks out there, Jack also hosts a blog called TunnelsUP.com which is loaded with information for security professionals. It is like a big rabbit hole for me when I go there! There are loads of information for those responsible for security management. You can find things to help defend your networks from these hackers before they find you.
When you listen to Jack’s stories you get a glimpse of the real story behind some of these hackers actually do in the cyber attacks you hear about in the news. By understanding those hacker stories behind the curtain you are better equipped to answer questions as to why you need to secure your own network. It also makes you a bit more paranoid like we are!