Interesting video popped over the transom from the mil email string…

This was filmed at DEFCON, the hacker conference in Vegas, but was ‘received’ from the middle east… Rather interesting on a number of fronts.

Worth watching to see how easily things can be hacked, even when you ‘think’ you have good security/systems. If you don’t read Borepatch, you should. He’s an expert…

Anyhoo, six minutes of your time. Well worth it…


Hacking… — 14 Comments

  1. Looks like they’re mostly script-kiddies. None of what I saw there was really new, people been doing that kind of stuff for a couple decades now.
    I do wonder if any of the ‘old school’ type hackers go there anymore? Or if they have a ‘new’ conference where they can talk that’s off the radar?

  2. Hey Old NFO;

    I do know that because I was a “old school” pen if you know what I mean, I wish I could find a way to reduce my electronic footprint but the world today runs digitally and you have to keep a presence.
    As far as moonbat hunter goes, I agree with most of what he says, and I wish there was a way we could pull away from the abyss but nobody is listening to the sane people.

    • Point of order: The information we have about people listening is necessarily from a subset of people. The samples we have are all not representative of the whole.

      Yesterday, my sample of unrelated people spoken was 100% listening very closely, and extremely oriented to sanity.

      Tuesday and Wednesday, a whole bunch of people whose opinions I do not know.

      This /before/ we really dig into the information operations trying to skew our estimates of these things.

  3. John- Yep, you can ‘win’ scripts at DEFCON, according to friends that have attended… sigh

    Bob- Concur, I removed his comment since it was off topic. While true, I’m getting more and more comments like that. Not going to have it…

    • At one of the (failed) startups I worked as a manager at, several of my employees went there regularly. This is back around 2002. One of them had been a rather well known black hat and had just stopped going anymore.

  4. I had my telephone hacked in exactly the way pictured here; it wasn’t by a stranger, though, it was by a family member who was angry with me. They also made some (smallish) purchases using my bank account. Had to physically go to the phone store to get my account back, and to the bank; the bank promptly reimbursed me.
    I also had to put SUPER PROTECTION!!!!!on my bank accounts and credit cards. Made it a hassle for several months, but I was safe.
    I filed a police report, but this sort of thing doesn’t get prosecuted. However, you never know when you are going to need to document that you DID file a report. (The bank wanted that info)
    In one of the other Black Hat videos, which are on YT for anyone to view, the point is made that the only thing protecting the vast majority of us is that we are obscure, and don’t have anything worth taking. It’s just not worth it to the hackers to fool with us.

  5. John- LOL, yeah same for these guys…

    Ed- Just the TIP of the iceberg!

    Pat- Sorry to hear that, but you did the right thing.

  6. I do email and the occasional text. Zero social media. Ever. Every online account I have requires two factor ID for access. I log in, I get a text message with a time limited one time code to prove it’s me. I make them send me paper statements. Means I can read my backup files with a candle.

    • I have specified that I want actual paper, rather than electronic, statements and notifications for all the accounts that I control. Two of them have recently started sending me, for those statements and notifications, postcards that say, “You have a new statement available online.”

  7. RHT447: Until they spoof your cell phone account and have your time limited one time code on their cell phone instead of yours. That is the weak link on two factor ID. It’s easy to get someone’s cell.

  8. Agree with Heresolong – if there’s an option to have the 2-factor code sent to email, use that, or voice call to a land line. And, use REAL email, not google, yahoo, hotmail, those are just enemy comms they’re letting you use. etc.

    And learn to use an encrypted secure token (which is NEVER out of your total and complete control. Mine’s on a neck chain, never left on a desk).

  9. It looks like my blog post tagging is sorely lacking on DEFCON:


    I saw some crazy stuff there about medical devices and Internet Of Things but a quick search didn’t turn them up.

    But as to the pretty blonde using baby crying noises to social engineer the phone company, I remember phone company social engineering (live demonstrations) from like DEFCON 6 or something.

    Larry Ellison was right. You got no stinking privacy.

    Oh, and Dwight is your go-to guy on DEFCON. Link includes gun safe hacking: