Often we binge on our favourite shows on Netflix and or podcasts such as Serial.
A recent binge was the podcast Darknet Diaries which focuses on true stories from the dark side of the internet. It is an investigative podcast created by Jack Rhysider, chronicling true stories about hackers, malware, botnets, cryptography, cryptocurrency, cybercrime, and Internet privacy.
It is hugely entertaining and you get to learn more about infosec along the way.
Here are 10 things take-aways from a 70 episode binge.
1. Humans are the Weakest link
Humans are the weakest link in any system, due to social-engineering, phishing or plain old carelessness e.g password on a sticky note on a laptop.
Although it should be considered that a well-trained and educated employee can be vital in protecting systems from hackers.
2. Social Engineering
Social engineering is a technique used to trick users into revealing confidential information. Physical penetration testers pretending to conduct an IT audit, will often dress the part and use props such as clipboards and fake or cloned badges.
Social Engineering skills can often help penetrate physical or software systems that may be viewed as impenetrable. Episode 41 has an incredible story about how devious penetration testers can be, often exploiting people’s caring and good-hearted natures.
3. Incident Response
Incident response is an organised approach to addressing and managing a security breach or cyberattack.
What is really interesting is that typically the malware is not removed right away. Teams will often want to discover what tools the hackers are using, and try and identify how many back doors they into the environment. Also once they know you’re onto them, the hackers will change their tools, tactics and procedures. (Checkout episode 11 for more info)
4.Hardware and Software for penetration testing
Rubber ducky and metasploit are often referred to on the podcast.
The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. It is commonly used for physical penetration testing
Metasploit is a hacking framework. It has over a thousand exploits all pre-programmed and ready to run.
5. International relations – cyber warfare
International relations in the real world often play out in the cyber world too.
For example we know that Israel and the US have close ties, and have a fractious relationship with Iran.
Stuxnet a complex piece of malware was deployed in a nuclear facility in Iran and destroyed its centrifuges which caused a massive amount of damage to this nuclear enrichment facility. (Checkout episode 29 for more info on stuxnet)
Who was behind stuxnet? It has been suggested it was the US and Israel.
Israel has their own version of the NSA called Unit 8200.
6. Hackers cover their tracks
Hackers tamper with logs including disabling auditing, clearing logs, modifying logs and erase command history.
For state sponsored hacking it can be vital to wipe any traces of an attack, as it could potentially lead to an international incident. Also hackers may not wish to give away exploits to others.
Episode 53 it is discussed that it was known that you could clear windows event logs but not edit them. Then in 2016 a new exploit was discovered that hackers could edit an event log in Windows
7. Zero Day Exploits
A zero-day (0day) exploit is a cyber attack targeting a software vulnerability which is unknown to the software vendor or to antivirus vendors.
Often if a group uses 1 or more zero days it’s a sigh that they are a serious hacking group, often state sponsored.
8. Security Awareness
Throughout these podcasts the importance of keeping your software up-to-date, using multi-factor and spotting potential phishing scam teaches you how to protect your systems.
In episode 69 it was mentioned that some companies give an annual reward to each employee who has good security e.g. 2FA enabled, anti-virus up-to-date, didn’t click on any phishing emails in the last 12 months etc.
9. Red, Blue and Purple Teams
Red and Blue two teams is an approach to improve an organisations security. Red Teams are the internal or external attackers. Blue Teams are the internal defenders of a company. Purple is a cooperative mindset between attackers and defenders, relying on the expertise of both teams.
10. Addiction vs Criminality
The podcast poses a lot of ethical and moral taking points. If someone with a drug addiction commits a crime to fund their addiction is it a public health or criminal justice issue?
Similarly if a person is addicted to hacking and does so for the thrill but does not do not so for financial gain, how should it be dealt with?
The podcast features so many young men(seems majority of hackers are male) who lives are destroyed by their hacking addiction.
A number of times the point is made that outreach programmes to help them with their addiction and use their skills for good would be much better than a prison sentence.
So these are just 10 takeaways, see what you can learn from Darknet diaries.