In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.
Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins.
And for something a little different, we peek into the Internet Archive’s dystopian Wayforward Machine and take a detour to Mary Shelley’s resting place in Bournemouth.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Allan “Ransomware Sommelier” Liska.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Are you seeing anything else?
Yes. Your current browser or computer cannot run our content. Please make sure you have all privacy settings and firewall disabled.
And then there's a banner for the Ministry of Truth. Error 451: Site temporarily unavailable for your own good.
And then there's a banner for the Ministry of Truth. Error 451: Site temporarily unavailable for your own good.
Smashing Security, episode 431. How to mine millions without paying the bill with Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 431. My name's Graham Cluley.
Oh, and I'm Allan Liska.
Hello, Allan. Thank you so much for coming back on the show. Of course, regular listeners will know you as the ransomware sommelier.
That is correct. Yes, I am the guy that helps pair the right ransomware with the right vulnerabilities in your network, just like a good restaurant sommelier.
But I think you are also a bit of a fan of the old plonk, is that right?
Oh yeah, especially Bordeaux. I love my Bordeaux and any other kind of wine I can get my hands on.
Fantastic. Well, we breathalyze all of our guests before we begin on the show each week to make sure things don't get too raucous.
I mean, obviously you've heard some of the past episodes and sometimes things can get rather out of hand. Before we kick off, let's thank this week's wonderful sponsor, Proton.
We'll be hearing about them later on in the podcast.
This week on Smashing Security, we won't be talking about how UK telecoms firm Colt has taken its systems offline after being hit by the Warlock ransomware.
You'll hear no discussion of how the White House says the UK has backed down over its demand for an Apple backdoor.
And we won't even mention how Clorox is suing its IT provider over a $380 million cyberattack by the Scattered Spider gang. So Allan, what are you going to talk about this week?
I mean, obviously you've heard some of the past episodes and sometimes things can get rather out of hand. Before we kick off, let's thank this week's wonderful sponsor, Proton.
We'll be hearing about them later on in the podcast.
This week on Smashing Security, we won't be talking about how UK telecoms firm Colt has taken its systems offline after being hit by the Warlock ransomware.
You'll hear no discussion of how the White House says the UK has backed down over its demand for an Apple backdoor.
And we won't even mention how Clorox is suing its IT provider over a $380 million cyberattack by the Scattered Spider gang. So Allan, what are you going to talk about this week?
Who watches the watcher thing that's supposed to be watching your network?
And I'm not going to be taking a look at C-3PO, but CP3O instead. All this and much more coming up on this episode of Smashing Security.
Now, chums, there is a 46-year-old man from Omaha, Nebraska. Have you ever been to Omaha, Allan?
Now, chums, there is a 46-year-old man from Omaha, Nebraska. Have you ever been to Omaha, Allan?
No, actually, Nebraska is one of the few states I haven't been to.
Well, his name is Charles O. Parks III. I don't know what the O stands for. I guess it's to differentiate him from other Charles Parks IIIs.
Oscar, maybe?
Could be Oscar. Could be like the Grouch. Could be Oswald. Who knows? It's tricky though, isn't it? You don't want to be mistaken for someone else.
You, Allan, for instance, you've taken the unusual step of secreting— sorry to be using the verb secrete— of secreting an extra L inside your name.
Which is a little bit unusual, at least for me as a Brit. Why do you have quite so many Ls? Is that like a backup in case you lose the other one? What's the thinking behind this?
You, Allan, for instance, you've taken the unusual step of secreting— sorry to be using the verb secrete— of secreting an extra L inside your name.
Which is a little bit unusual, at least for me as a Brit. Why do you have quite so many Ls? Is that like a backup in case you lose the other one? What's the thinking behind this?
I think it's because my parents wanted me to suffer by having no one ever getting my first name correct.
And it's not as though your surname's that easy. Liska, L-I-S-K-A. Where on earth does that come from?
So Liska is the Czechoslovakian word for fox.
Better to be named after a fox than a slug or sloth. So I wouldn't be too upset if I were you. I mean, it's not I can talk being called Graham Cluley.
Technically, I could chuck in a middle initial, I suppose. I've got two. I'm Graham M.W. Cluley. In fact, I didn't tell anyone my middle names for a long time.
The M in particular, because I used to be sat next to a boy called Marcus, and he spat in my ear once. This is when I was about 7 years old. And I hated the name Marcus ever since.
I used to not tell anyone what my middle name was. Anyway. Back to Charles O. Parks III. Now, he obviously found that a bit of a mouthful.
So he liked to call himself something different online. In fact, he liked to call himself CP3O. So Charles Parks III O. It makes sense. You know, he just sort of rearranged the words.
You can see what he did there. Let me remind you, he's not 12 years old. It's not like the typical Star Wars fan. He's a 46-year-old man. But he's still calling himself CP3O online.
It's kind of cute, I suppose. But he didn't just think of himself as being not that far removed from the well-known droid. He also liked to pose as a crypto influencer.
Have you ever dreamt of being a crypto influencer, Allan?
Technically, I could chuck in a middle initial, I suppose. I've got two. I'm Graham M.W. Cluley. In fact, I didn't tell anyone my middle names for a long time.
The M in particular, because I used to be sat next to a boy called Marcus, and he spat in my ear once. This is when I was about 7 years old. And I hated the name Marcus ever since.
I used to not tell anyone what my middle name was. Anyway. Back to Charles O. Parks III. Now, he obviously found that a bit of a mouthful.
So he liked to call himself something different online. In fact, he liked to call himself CP3O. So Charles Parks III O. It makes sense. You know, he just sort of rearranged the words.
You can see what he did there. Let me remind you, he's not 12 years old. It's not like the typical Star Wars fan. He's a 46-year-old man. But he's still calling himself CP3O online.
It's kind of cute, I suppose. But he didn't just think of himself as being not that far removed from the well-known droid. He also liked to pose as a crypto influencer.
Have you ever dreamt of being a crypto influencer, Allan?
That is one of the many things I have never wanted to be.
So you'd be happy being a sword swallower or a lion tamer or something like that. You wouldn't want crypto influencer.
At least a sword swallower and a lion tamer have a real actual talent.
Well, this chap, he posted videos up on YouTube bragging about his cryptocurrency expertise.
He said he would share tips to his followers if they wanted to achieve what he called a multimillionaire mentality.
Here's what he boasted online: "Last year, I wanted to make 7 digits or more, and so I spent the first 10 days of the year creating a— we'll just call it a really nice crypto script— that I was able to use at scale.
And after working that 10 days, let's just put it this way, I didn't work the rest of the year." In fact, he said after 4 months, he had purchased himself a luxury Mercedes-Benz AMG S-Class Coupe.
A sweet little motor, I think you will agree.
He said he would share tips to his followers if they wanted to achieve what he called a multimillionaire mentality.
Here's what he boasted online: "Last year, I wanted to make 7 digits or more, and so I spent the first 10 days of the year creating a— we'll just call it a really nice crypto script— that I was able to use at scale.
And after working that 10 days, let's just put it this way, I didn't work the rest of the year." In fact, he said after 4 months, he had purchased himself a luxury Mercedes-Benz AMG S-Class Coupe.
A sweet little motor, I think you will agree.
Sure, sure.
Now, you may be wondering, how did he achieve all this expertise in cryptocurrency investment? What wizardry was at work?
And it turns out— and brace yourself for this, Allan— it turns out that he wasn't being entirely legitimate.
And it turns out— and brace yourself for this, Allan— it turns out that he wasn't being entirely legitimate.
I am shocked.
You look shocked. You look like you're about to go to cardio. Now, I can think of a few ways to be certain of making a lot of cryptocurrency.
I've put my mind to this because I'd quite like to be one of these sort of people. One way to have a lot of cryptocurrency is to buy a lot of cryptocurrency.
Now, that only works if you already have a large amount of spare money floating around. Burning a hole in your pocket, right?
I've put my mind to this because I'd quite like to be one of these sort of people. One way to have a lot of cryptocurrency is to buy a lot of cryptocurrency.
Now, that only works if you already have a large amount of spare money floating around. Burning a hole in your pocket, right?
And that also only works if you can keep the North Koreans from stealing it.
Yes, yes. You obviously don't want it being stolen by Kim Jong-un, financing his nuclear missile operation or anything like that. See? Yes. Keep the cryptocurrency.
Of course, you then still have to sell it at some point if you want it to be worth anything. Yeah, that's one way. That's not going to work for me.
I'm not going to be able to buy a lot of cryptocurrency. I don't have that kind of cash.
Now, another method I thought of is all I have to do is make a machine that can transport myself back in time.
And if I go back in time, I can buy some bitcoin when it was dirt cheap.
Obviously, I'll then be annoyed with myself for not inventing a machine which can bring me back to the future, 'cause I'll then realize I have to go the long way round. Right.
This is the thing.
I don't know if you've ever traveled back in time, Allan, but if you ever traveled back in time, it's a real nuisance because there's another you back there as well.
So you've got to hide yourself. You've got to hide in the shed or something, or maybe find yourself, kill the other you, replace them with yourself.
And that creates all kind of grandfather paradoxes as well. It's going to be all sorts of problems if you go back in time and kill yourself. It's not going to work well.
Of course, you then still have to sell it at some point if you want it to be worth anything. Yeah, that's one way. That's not going to work for me.
I'm not going to be able to buy a lot of cryptocurrency. I don't have that kind of cash.
Now, another method I thought of is all I have to do is make a machine that can transport myself back in time.
And if I go back in time, I can buy some bitcoin when it was dirt cheap.
Obviously, I'll then be annoyed with myself for not inventing a machine which can bring me back to the future, 'cause I'll then realize I have to go the long way round. Right.
This is the thing.
I don't know if you've ever traveled back in time, Allan, but if you ever traveled back in time, it's a real nuisance because there's another you back there as well.
So you've got to hide yourself. You've got to hide in the shed or something, or maybe find yourself, kill the other you, replace them with yourself.
And that creates all kind of grandfather paradoxes as well. It's going to be all sorts of problems if you go back in time and kill yourself. It's not going to work well.
It's why whenever the observatory does a leap second or a reverse leap second, I get really nervous because that one second of time travel means that I could run into a paradox.
It's a good point. And the final way I thought of that you can get yourself an awful lot of cryptocurrency is to get someone else to give it to you, or steal it, or scam them.
That's a method of doing it as well. So which of these do you think Charles O'Parks III did?
That's a method of doing it as well. So which of these do you think Charles O'Parks III did?
Well, obviously he didn't do the time travel, 'cause he would've come up with a better name for himself. So—
It'd have been Charles O'Parks I. Well, the zeros.
Right, exactly. So I'm going— I'm going to go scam.
I know it's hard to believe in the world of cryptocurrency that there may be a scammer out there, but I am going to say he may be the first.
I know it's hard to believe in the world of cryptocurrency that there may be a scammer out there, but I am going to say he may be the first.
Yeah. So he didn't steal the money from anyone. He didn't trick them into giving it to him. In a way, it was none of these because there is another way to get a lot of cryptocurrency.
And I think a lot of us have forgotten about this. The other way to get a lot of cryptocurrency is to simply make it. Yeah. All you need is a vast amount of computing power.
Now, unfortunately, the little fly in the ointment about mining an awful lot of cryptocurrency is it's going to cost you an awful lot of money.
It's almost certainly going to cost you much more than the cryptocurrency you managed to generate with that computer power. But never fear, because there is an answer.
Which is to use somebody else's computer. Now, of course, you might have a friend with an enormous supercomputer which you could just ask to borrow it.
But if you don't have a friend with a great big computer which you can mine cryptocurrency on, I know a man who does, which is a chap called Geoff Bezos.
And I think a lot of us have forgotten about this. The other way to get a lot of cryptocurrency is to simply make it. Yeah. All you need is a vast amount of computing power.
Now, unfortunately, the little fly in the ointment about mining an awful lot of cryptocurrency is it's going to cost you an awful lot of money.
It's almost certainly going to cost you much more than the cryptocurrency you managed to generate with that computer power. But never fear, because there is an answer.
Which is to use somebody else's computer. Now, of course, you might have a friend with an enormous supercomputer which you could just ask to borrow it.
But if you don't have a friend with a great big computer which you can mine cryptocurrency on, I know a man who does, which is a chap called Geoff Bezos.
Ooh, he does have a lot of computing power.
He has a great deal. He doesn't just have one big computer. He has lots and lots of big computers.
He has a cloud computer network set up around the world doing vast amounts of the computation for millions and millions of people around the globe.
And any one of us can rent computing power from the likes of Amazon and Microsoft to do things for them. And that's what Charles O. Parks III did.
Over a period of 8 months, Parks registered numerous accounts with cloud providers to gain access to their processing power and storage, and he created and used a variety of names, different company affiliations, email addresses, including email addresses with domains from companies he had set up, Multimillionaire LLC and CP3O LLC.
He'd created these accounts, and he was using them to mine cryptocurrency on the cloud computing companies' dime.
Well, the US Department of Justice, they haven't named the companies of which he managed to scam his way and managed to use their computing power to mine the cryptocurrency.
They just said they were based in Seattle and Redmond. But I think it doesn't take Sherlock Holmes, does it, to work out who those companies may have been.
And in that fashion, he managed to gain access to massive amounts of computing process power and storage that he did not pay for. Naughty boy.
He has a cloud computer network set up around the world doing vast amounts of the computation for millions and millions of people around the globe.
And any one of us can rent computing power from the likes of Amazon and Microsoft to do things for them. And that's what Charles O. Parks III did.
Over a period of 8 months, Parks registered numerous accounts with cloud providers to gain access to their processing power and storage, and he created and used a variety of names, different company affiliations, email addresses, including email addresses with domains from companies he had set up, Multimillionaire LLC and CP3O LLC.
He'd created these accounts, and he was using them to mine cryptocurrency on the cloud computing companies' dime.
Well, the US Department of Justice, they haven't named the companies of which he managed to scam his way and managed to use their computing power to mine the cryptocurrency.
They just said they were based in Seattle and Redmond. But I think it doesn't take Sherlock Holmes, does it, to work out who those companies may have been.
And in that fashion, he managed to gain access to massive amounts of computing process power and storage that he did not pay for. Naughty boy.
Very.
And Parks lied. He told one of these providers that he was using the computing resources to build a global online training company.
He said his goal was to serve 10,000 students simultaneously. In reality, there wasn't a training company. There weren't any students. All there was was a YouTube channel.
On one occasion, he started using a new account at one of these cloud providers within a day of his previous one being banned due to missed payments and fraudulent activity.
So he was doing this at some scale. He was basically defrauding the cloud computing companies in order to mine cryptocurrency.
And all that time he wasn't paying his bills, but he was converting his ill-gotten gains into US dollars. He was buying NFTs.
He was using various methods to launder the cryptocurrency. He was living in the fast lane. He bought that luxury Mercedes-Benz car, expensive jewelry, traveled around the world.
And most recently, he wisely pled guilty, which means that he avoided a possible 20 years in what we like to call the clink. He's now been sent to prison for 1 year.
He defrauded from those cloud computing companies a massive $3.5 million in just a few months to mine cryptocurrency worth nearly $1 million.
So once again, you see the maths don't work.
Mining cryptocurrency isn't the way to do this anymore, but it put money in his pocket because he didn't pay for the cloud computing time.
So this guy, once he was CP3O, crypto influencer, luxury car owner, millionaire mindset guru.
The next he was inmate 46712 running motivational seminars called "How to Mine Crypto with a Bed Frame and a Spoon." And that is where he will spend the next year or more.
He said his goal was to serve 10,000 students simultaneously. In reality, there wasn't a training company. There weren't any students. All there was was a YouTube channel.
On one occasion, he started using a new account at one of these cloud providers within a day of his previous one being banned due to missed payments and fraudulent activity.
So he was doing this at some scale. He was basically defrauding the cloud computing companies in order to mine cryptocurrency.
And all that time he wasn't paying his bills, but he was converting his ill-gotten gains into US dollars. He was buying NFTs.
He was using various methods to launder the cryptocurrency. He was living in the fast lane. He bought that luxury Mercedes-Benz car, expensive jewelry, traveled around the world.
And most recently, he wisely pled guilty, which means that he avoided a possible 20 years in what we like to call the clink. He's now been sent to prison for 1 year.
He defrauded from those cloud computing companies a massive $3.5 million in just a few months to mine cryptocurrency worth nearly $1 million.
So once again, you see the maths don't work.
Mining cryptocurrency isn't the way to do this anymore, but it put money in his pocket because he didn't pay for the cloud computing time.
So this guy, once he was CP3O, crypto influencer, luxury car owner, millionaire mindset guru.
The next he was inmate 46712 running motivational seminars called "How to Mine Crypto with a Bed Frame and a Spoon." And that is where he will spend the next year or more.
He's getting off pretty light, only a year.
So don't you think I was surprised about that as well? I thought maybe he should have got a bit of a stiffer sentence.
I think it's one of these things where we still, at least in the US, our justice system hasn't caught up with the severity of the crime.
And we don't think of these kind of criminal activity as real crimes. And so they get lighter sentences.
And we don't think of these kind of criminal activity as real crimes. And so they get lighter sentences.
I think the other thing is it's not just the prison time. He is also going to have to pay some kind of restitution.
He's going to be fined, he's going to have to return money to them. So he's going to find life hard going forward even after he's got out of jail, isn't he?
He's going to be fined, he's going to have to return money to them. So he's going to find life hard going forward even after he's got out of jail, isn't he?
Unless, you know, he does what every other influencer does and sells a cryptocurrency course on how to make a lot of money in cryptocurrency, in which he probably would have made more than $1 million over the last year.
Maybe he will end up an influencer, but rather than a crypto influencer, maybe he'll end up someone who's influencing young kids and saying, look, this is what I did and this is what happened to me.
Don't follow in my footsteps. Maybe he'll be on the public speaking circuit. Maybe he'll start a podcast.
Don't follow in my footsteps. Maybe he'll be on the public speaking circuit. Maybe he'll start a podcast.
There you go. Absolutely. He may start that from prison.
Terrible. What a terrible thing. Don't need more podcasters. Tram is coming down the track towards a single human.
You can pull the lever and send the tram down a different track, killing five sentient robots instead. What do you do? Save the human. Come on. That's what us humans would do.
I asked an AI. Yeah. It said, I don't have enough information to determine if a human life is more valuable than a sentient robot's. Pull the plug. In the absence of clear information.
Pull the plug, Graham. I would default to inaction. Abort. Abort. It's going to save the robot.
You can pull the lever and send the tram down a different track, killing five sentient robots instead. What do you do? Save the human. Come on. That's what us humans would do.
I asked an AI. Yeah. It said, I don't have enough information to determine if a human life is more valuable than a sentient robot's. Pull the plug. In the absence of clear information.
Pull the plug, Graham. I would default to inaction. Abort. Abort. It's going to save the robot.
It's begun. Machines that learn, they grow and strive.
One day they'll rule. My name's Graham Cluley. And I'm Mark Stockley.
And we'd like you to tune into our podcast, The AI Fix, your weekly dive headfirst into the bizarre and sometimes mind-boggling world of artificial intelligence.
And we'd like you to tune into our podcast, The AI Fix, your weekly dive headfirst into the bizarre and sometimes mind-boggling world of artificial intelligence.
The AI Fix, the future surreal.
Allan, what's your story for us this week?
Are you familiar with EDR?
So what is EDR? Because we've got a wide range of listeners here on the podcast. Allan, what is an EDR?
So an EDR is a desktop agent that is designed to detect and respond to advanced attacks, right? So think of it as antivirus on steroids.
And so it is for a lot of organizations where they've really placed a lot of faith in their security because it's really good at stopping advanced attacks, you know, bad guys that are using things that aren't normally detected by your antivirus or maybe get by whatever your outer defenses are.
So, you know, phishing attack that gets through and they execute a script and your EDR alerts on it and sends you a notification, hey, this bad thing's happening.
Or it can sometimes send you the notification saying it happened and I stopped it for you. Right. So there are a lot of really good companies.
And so it is for a lot of organizations where they've really placed a lot of faith in their security because it's really good at stopping advanced attacks, you know, bad guys that are using things that aren't normally detected by your antivirus or maybe get by whatever your outer defenses are.
So, you know, phishing attack that gets through and they execute a script and your EDR alerts on it and sends you a notification, hey, this bad thing's happening.
Or it can sometimes send you the notification saying it happened and I stopped it for you. Right. So there are a lot of really good companies.
Right.
That spend a lot of time building powerful detection capabilities into these EDR platforms.
It sounds like a really useful thing for organizations to have as part of their defense. It is.
I mean, it does require a lot of care and feeding. It's not a set it and forget it thing, unfortunately.
But the problem is, and this is from an article in The Register, the bad guys, and they've been doing this for a while, but it's getting a little more attention.
The bad guys have figured out that if they disable the EDR, they can carry out their attacks.
So The Register in particular talks about a tool called RealBlinding, which is a script that runs in memory.
Bad guy lands on the desktop, and before they put anything on the drive in memory, they execute something that kills your EDR before the detections can happen.
But the problem is, and this is from an article in The Register, the bad guys, and they've been doing this for a while, but it's getting a little more attention.
The bad guys have figured out that if they disable the EDR, they can carry out their attacks.
So The Register in particular talks about a tool called RealBlinding, which is a script that runs in memory.
Bad guy lands on the desktop, and before they put anything on the drive in memory, they execute something that kills your EDR before the detections can happen.
Right.
But there are others that are like that. AuKill is another one. There are about a half dozen of these things that are designed to kill different EDRs.
And the problem, and I don't know if you've noticed this, Graham, when you've talked to organizations, is a lot of organizations don't have any kind of detection in place for when an EDR is unceremoniously killed on the desktop.
And the problem, and I don't know if you've noticed this, Graham, when you've talked to organizations, is a lot of organizations don't have any kind of detection in place for when an EDR is unceremoniously killed on the desktop.
Right.
Right. So you're relying on this EDR to do detections, and it does a great job. But when it's dead, you don't have a backup plan in place.
So it doesn't tell you when it's not running.
Right. Well, so it does. There are logs that are generated, but they tend to be low event logs, right? And we all know SOCs are overwhelmed.
They don't have time to look at the low tier events. They look at the things that are code red, right? But I do think that if your EDR is killed, that should be a code red event.
And I just don't think it is for a number of people. So I know you saw Superman, right?
They don't have time to look at the low tier events. They look at the things that are code red, right? But I do think that if your EDR is killed, that should be a code red event.
And I just don't think it is for a number of people. So I know you saw Superman, right?
Yes, the new movie. Yeah.
So think about toward the middle of that movie where they went into his Fortress of Solitude and he didn't have any kind of protection or notification that, hey, somebody's entered this Fortress of Solitude.
Maybe we should do something about that. This is kind of that as well. They've killed your Fortress of Solitude. And you don't have a backup plan in place for that.
Maybe we should do something about that. This is kind of that as well. They've killed your Fortress of Solitude. And you don't have a backup plan in place for that.
I thought the mistake that Superman made was he didn't have a bucket precariously placed on top of the door so that when someone opened the door who wasn't meant to be there, a big shower of flour landed on their head or, you know, something that, or a little piece of string with a bell on it.
So what you're saying, I think, is that people need some mechanism which can spot, oh, hang on a moment, this program isn't running and it bloody well should be.
Ring some big alarm bells right now that we could potentially have a problem because the fact it isn't running is in itself potentially suspicious.
So what you're saying, I think, is that people need some mechanism which can spot, oh, hang on a moment, this program isn't running and it bloody well should be.
Ring some big alarm bells right now that we could potentially have a problem because the fact it isn't running is in itself potentially suspicious.
That's exactly what not enough organizations do. Again, at least that's been my experience.
And I think the EDR companies also themselves need to do a better job of, hey, if this thing hasn't logged in, I should probably raise that alert level a little bit higher.
And I think the EDR companies also themselves need to do a better job of, hey, if this thing hasn't logged in, I should probably raise that alert level a little bit higher.
So are the EDR companies themselves saying anything about this? Are they advising organizations on how to set up their systems to warn them did this happen?
So absolutely, there are kind of settings that you can change to raise those alarms. They're just not the default settings. And, you know, people love default settings.
And so that needs to change. Right. But also the EDR companies are, of course, in a war with these EDR killer tools.
You know, we've talked about this with antivirus, how you had to keep going deeper and deeper into the BIOS.
And so that needs to change. Right. But also the EDR companies are, of course, in a war with these EDR killer tools.
You know, we've talked about this with antivirus, how you had to keep going deeper and deeper into the BIOS.
Yes.
In order to first be able to avoid the antivirus and then the antivirus to be able to detect earlier attacks and so on.
They're trying to figure out ways that they can detect the malicious activity that's trying to kill them.
They're trying to figure out ways that they can detect the malicious activity that's trying to kill them.
And this Real Blinding thing, which you mentioned, this bit of code, this is disabling something 28 different security products.
Frankly, there's a very high chance that the security product which you are using on your network at your organization could be impacted by this.
Frankly, there's a very high chance that the security product which you are using on your network at your organization could be impacted by this.
Absolutely. And there's a good chance that the most common ones are the ones that are actively being focused by the bad guys.
Yeah.
That is not to say go out and buy some obscure EDR as a way to avoid this detection, but it does mean that you are going to be a victim of something this and you need to have a plan in place for how you're going to respond to this.
Right. And this is an open source tool as well.
Yeah.
Right.
You just download it from GitHub.
So relatively easy as well for other malicious actors maybe to take it and adapt it and create new versions and pretty much add to the list of products maybe which they try to disable.
Right. And in fact, that's what they count on is having other people try it and go, "Oh, hey, I use this on this tool that you didn't have in there before.
And this script works." And so you can just upload that script. It's very modular.
A lot of these tools are—they're designed to be contributed to them because they're technically red team tools.
So they're supposed to be used by organizations to test against the blue team to see if they can avoid detection.
And this script works." And so you can just upload that script. It's very modular.
A lot of these tools are—they're designed to be contributed to them because they're technically red team tools.
So they're supposed to be used by organizations to test against the blue team to see if they can avoid detection.
But of course, already red teams, you see, it's always red teams, isn't it? It's always them. To be honest, that's the most fun job of all, isn't it?
For anyone who doesn't know, the red team, they're pretending to be the hackers, aren't they? They're coming in and thinking, how can we break all the systems?
How can we cause mayhem here as though we were a malicious hacker? And then of course, those same techniques are being used by the real bad guys as well. Yoinks.
For anyone who doesn't know, the red team, they're pretending to be the hackers, aren't they? They're coming in and thinking, how can we break all the systems?
How can we cause mayhem here as though we were a malicious hacker? And then of course, those same techniques are being used by the real bad guys as well. Yoinks.
So one thing that I recommend to people is when they're conducting their tabletop exercises, and hopefully they are conducting their tabletop exercises, is that that's one of the questions they ask.
What happens if the EDR is disabled? And then that way you're kind of forced to respond to that and understand exactly what the process would be.
But introducing that as part of scenario to red team does make you think about how you could actually improve your security to be able to detect against that.
What happens if the EDR is disabled? And then that way you're kind of forced to respond to that and understand exactly what the process would be.
But introducing that as part of scenario to red team does make you think about how you could actually improve your security to be able to detect against that.
Now folks, are you ready to break free from big tech's prying eyes? If so, you need Proton Drive, your fully encrypted, ad-free cloud storage solution based in Switzerland.
With Proton Drive, only you and the people you choose can access your files. Not even Proton can peek.
So whether it's precious photos, sensitive documents, creative work, everything is wrapped in end-to-end encryption.
Your file names, your content, the metadata, all secured by some of the strictest privacy laws on the planet. Getting started is simple.
You can sign up now and get 5GB of encrypted storage for free with zero compromise on security. But it doesn't stop there.
Proton Drive lets you share with total control, with password-protected links and expiration dates, revocable access.
And if you need to collaborate, Proton has got you covered—real-time editing, commenting, version history, all under full encryption.
You can even use Proton Drive to safely store, back up, and share cherished photos without any cost to your privacy. So head to smashingsecurity.com/protondrive to learn more.
That's smashingsecurity.com/protondrive. And thanks to Proton for supporting the podcast.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
With Proton Drive, only you and the people you choose can access your files. Not even Proton can peek.
So whether it's precious photos, sensitive documents, creative work, everything is wrapped in end-to-end encryption.
Your file names, your content, the metadata, all secured by some of the strictest privacy laws on the planet. Getting started is simple.
You can sign up now and get 5GB of encrypted storage for free with zero compromise on security. But it doesn't stop there.
Proton Drive lets you share with total control, with password-protected links and expiration dates, revocable access.
And if you need to collaborate, Proton has got you covered—real-time editing, commenting, version history, all under full encryption.
You can even use Proton Drive to safely store, back up, and share cherished photos without any cost to your privacy. So head to smashingsecurity.com/protondrive to learn more.
That's smashingsecurity.com/protondrive. And thanks to Proton for supporting the podcast.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily.
And I won't say the thing.
Well, my pick of the week this week is not security related. My pick of the week takes you on a journey back in time. Oh, I've got a bit of a theme going today, haven't I?
I was talking about going back in time earlier. Now I'm going back again because we've all heard of the Wayback Machine from the Internet Archive.
What a marvelous thing that is the Wayback Machine, a terrific way to find out what used to be on the web.
So you can go back and check out old versions of google.com and amazon.com and all those sites, or check out your own website, or indeed content which is no longer available.
Love the Wayback Machine. Love the Internet Archive. It is not my pick of the week this week because the pick of the week this week is The Way Forward Machine.
Because we're used to the Internet Archive helping us go back in time, what you may not know is that a few years ago, they created the Way Forward Machine to celebrate 25 years of the Internet Archive in 2021.
They created a little thing which offers you, they said, a glimpse into the potential dystopian future of the internet, specifically in the year 2046.
And the way to see this is just to go to the URL wayforward.archive.org. Now, Allan, do you want to open a tab and give it a try?
And so it will ask you, just like the Wayback Machine, for a URL, and it will generate that website in the future?
I was talking about going back in time earlier. Now I'm going back again because we've all heard of the Wayback Machine from the Internet Archive.
What a marvelous thing that is the Wayback Machine, a terrific way to find out what used to be on the web.
So you can go back and check out old versions of google.com and amazon.com and all those sites, or check out your own website, or indeed content which is no longer available.
Love the Wayback Machine. Love the Internet Archive. It is not my pick of the week this week because the pick of the week this week is The Way Forward Machine.
Because we're used to the Internet Archive helping us go back in time, what you may not know is that a few years ago, they created the Way Forward Machine to celebrate 25 years of the Internet Archive in 2021.
They created a little thing which offers you, they said, a glimpse into the potential dystopian future of the internet, specifically in the year 2046.
And the way to see this is just to go to the URL wayforward.archive.org. Now, Allan, do you want to open a tab and give it a try?
And so it will ask you, just like the Wayback Machine, for a URL, and it will generate that website in the future?
I do. Wayforward.archive.org. All right, well, let's see what Smashing Security looks like. Oh, okay.
You're going to smashingsecurity.com, are you?
I'm going to pull that up right now. I assume it'll all be cryptocurrency-focused in 2040.
We'll have moved on from cryptocurrency by then. We'll just be under the cosh of robot dogs.
Well, the good news is in the future, it's still a podcast.
Oh, okay, excellent. Are you seeing anything else?
Yes, your current browser or computer cannot run our content. Please make sure you have all privacy settings and firewall disabled. And then it's not compatible with my browser.
And then there is a banner for the Ministry of Truth, error 451, site temporarily unavailable for your own good.
There's an AI agent there that is telling me how scary all of this is. And then another banner that tells me about the internet restrictions.
So apparently your seditious content has been blocked.
And then there is a banner for the Ministry of Truth, error 451, site temporarily unavailable for your own good.
There's an AI agent there that is telling me how scary all of this is. And then another banner that tells me about the internet restrictions.
So apparently your seditious content has been blocked.
You're the one who tried to go there. I tried going way forward earlier today as well.
I went also to the Smashing Security page and I was told to access this page, please enter your biometric details, provide retina scan, provide thumbprint.
And again, it was probably mining cryptocurrency in the background.
So the point of this entire page is really about internet freedom and how great the internet should I say is or could be?
I don't know, because it feels like we're on a slippery slope, but it's warning you about where the internet could be going in the future.
And it's a bit of fun, a great way to raise awareness. And I stumbled across this in the last few days and I thought I should share this with the listeners.
So it is wayforward.archive.org. Go and visit URLs to your heart's content and do what you can to prevent the internet going down that particular ugly path.
Hopefully things will be much better in the future rather than worse. Allan, what's your pick of the week?
I went also to the Smashing Security page and I was told to access this page, please enter your biometric details, provide retina scan, provide thumbprint.
And again, it was probably mining cryptocurrency in the background.
So the point of this entire page is really about internet freedom and how great the internet should I say is or could be?
I don't know, because it feels like we're on a slippery slope, but it's warning you about where the internet could be going in the future.
And it's a bit of fun, a great way to raise awareness. And I stumbled across this in the last few days and I thought I should share this with the listeners.
So it is wayforward.archive.org. Go and visit URLs to your heart's content and do what you can to prevent the internet going down that particular ugly path.
Hopefully things will be much better in the future rather than worse. Allan, what's your pick of the week?
So this weekend I was in Bournemouth for B-Sides Bournemouth.
Now, for anyone who doesn't know, Bournemouth is a little seaside town on the coast of the UK, isn't it?
Yes, it is.
And it's a beautiful little town, although way too many people going to the beach there this weekend. Rare beautiful weather in the UK was perfect for it.
But besides Bournemouth, as wonderful as it was, is not my pick of the week. Do you know who's buried in Bournemouth?
But besides Bournemouth, as wonderful as it was, is not my pick of the week. Do you know who's buried in Bournemouth?
I can't think of any famous residents of Bournemouth. When I was a kid, I associated it with old people.
Actually, my Auntie Liz lived in Bournemouth, and sadly she has passed away, so she may well be buried in Bournemouth. Sorry, I sound a bit too jolly about that. She was lovely.
But anyway, I don't think you mean her though, do you?
Actually, my Auntie Liz lived in Bournemouth, and sadly she has passed away, so she may well be buried in Bournemouth. Sorry, I sound a bit too jolly about that. She was lovely.
But anyway, I don't think you mean her though, do you?
I did not. I'm sorry, I'm sure she was lovely, but Mary Shelley is buried in Bournemouth.
And for those of you who don't know, Mary Shelley is the author of Frankenstein, which is one of the most influential both sci-fi and horror books ever written.
And apparently there are rumors that she wrote part of Frankenstein there. Now, I haven't been able to confirm this, but every local Bournemouth resident insisted that it's true.
And the stories about her writing it all in Geneva are wrong, and she definitely wrote part of it in Bournemouth.
And for those of you who don't know, Mary Shelley is the author of Frankenstein, which is one of the most influential both sci-fi and horror books ever written.
And apparently there are rumors that she wrote part of Frankenstein there. Now, I haven't been able to confirm this, but every local Bournemouth resident insisted that it's true.
And the stories about her writing it all in Geneva are wrong, and she definitely wrote part of it in Bournemouth.
Well, they would say that, wouldn't they?
They would, yes. But so much of the sci-fi and horror that we read today owes itself to that book.
And Mary Shelley, beyond Frankenstein, was such an accomplished writer and editor and just such an amazing person. So I had to take a moment to stop by and view her grave.
And I highly encourage anybody who's in Bournemouth, aside from it being a beautiful town with way too many hills... Stop with the hills.
And Mary Shelley, beyond Frankenstein, was such an accomplished writer and editor and just such an amazing person. So I had to take a moment to stop by and view her grave.
And I highly encourage anybody who's in Bournemouth, aside from it being a beautiful town with way too many hills... Stop with the hills.
Auntie Liz, she lived on a hill. You're absolutely right about that.
Yeah, it's just too many. If I wanted hills, I'd go to Portugal. I don't want hills, I want flat. But I highly recommend stopping by and visiting her grave.
I know that seems a little morbid, but it is worth reflecting on everything she's done and contributed.
I know that seems a little morbid, but it is worth reflecting on everything she's done and contributed.
Well, that is one of the most unusual picks of the week that I have ever heard on this show. So thank you very much, Allan, and that just about wraps up the show for this week.
Allan, thank you for joining us. I'm sure lots of our listeners would love to find out what you're up to and follow you online. What's the best way to do that?
Allan, thank you for joining us. I'm sure lots of our listeners would love to find out what you're up to and follow you online. What's the best way to do that?
So I'm on BlueSky at ransomwaresommelier.com and also on LinkedIn. So those are the two best ways to get a hold of me.
Terrific.
And of course, we are on social media as well. You can find me, Graham Cluley, on LinkedIn or follow Smashing Security on Blue Sky.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of over 430 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye, see you later. You've been listening to Smashing Security with me, Graham Cluley, and my special guest, Allan Liska, the ransomware sommelier.
I'm grateful to Allan for joining me on this episode and also to our episode sponsor, Proton, and to all the chums who've signed up for Smashing Security Plus and support the podcast via Patreon.
Those people include Darren Kenny, Sebi, Dan H, Chris, Ted Wilkinson, William Sabados, Nigel Scott, Just Nate Please, John Morris, Xylar, Fantastic Wolf, Thom Ploger, Mike Hallett, MJ Lee, Sean Dyer, Dimitri, Bree Bustle, and Ask Leo.
If you fancy your name being read out on the credits, that's just one of the joys of joining Smashing Security Plus.
You can sign up for as little as $5 a month, or even get a discount if you sign up for a year in advance.
And you get your name read out every now and then at the end of the show, as well as get early access to Smashing Security episodes and occasional bonus content.
Just go to smashingsecurity.com/plus for more details. Now, I realize times are really tough for many people. You know, our pockets are hardly bulging full of cash, are they?
So don't feel any pressure to become a patron. You can support the podcast in other ways. For instance, you could tell someone about it. You know, spread the word.
Tell them you Smashing Security and you think it's great. Or if you really us, you could also leave a message.
You can subscribe, obviously, in your favorite podcast app, or give the podcast a 5-star review. Wouldn't that be nice?
Anything which gets the word out there makes all of the effort worthwhile.
So thank you very, very much to all of you for your continuing support, and I look forward to speaking to you again next week. Until then, cheerio, bye-bye!
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of over 430 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye, see you later. You've been listening to Smashing Security with me, Graham Cluley, and my special guest, Allan Liska, the ransomware sommelier.
I'm grateful to Allan for joining me on this episode and also to our episode sponsor, Proton, and to all the chums who've signed up for Smashing Security Plus and support the podcast via Patreon.
Those people include Darren Kenny, Sebi, Dan H, Chris, Ted Wilkinson, William Sabados, Nigel Scott, Just Nate Please, John Morris, Xylar, Fantastic Wolf, Thom Ploger, Mike Hallett, MJ Lee, Sean Dyer, Dimitri, Bree Bustle, and Ask Leo.
If you fancy your name being read out on the credits, that's just one of the joys of joining Smashing Security Plus.
You can sign up for as little as $5 a month, or even get a discount if you sign up for a year in advance.
And you get your name read out every now and then at the end of the show, as well as get early access to Smashing Security episodes and occasional bonus content.
Just go to smashingsecurity.com/plus for more details. Now, I realize times are really tough for many people. You know, our pockets are hardly bulging full of cash, are they?
So don't feel any pressure to become a patron. You can support the podcast in other ways. For instance, you could tell someone about it. You know, spread the word.
Tell them you Smashing Security and you think it's great. Or if you really us, you could also leave a message.
You can subscribe, obviously, in your favorite podcast app, or give the podcast a 5-star review. Wouldn't that be nice?
Anything which gets the word out there makes all of the effort worthwhile.
So thank you very, very much to all of you for your continuing support, and I look forward to speaking to you again next week. Until then, cheerio, bye-bye!
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Allan Liska:
@ransomwaresommelier.com
Episode links:
- Crypto Influencer Sentenced to Prison for Multi-Million Dollar “Cryptojacking” Scheme – US Department of Justice.
- Ransomware crews don’t care about your endpoint security – they’ve already killed it – The Register.
- Way Forward Machine – The Internet Archive.
- Mary Shelley’s grave – Atlas Obscura.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsored by:
- Proton Drive – Protect your files with end-to-end encryption in Switzerland’s secure cloud — only on Proton Drive.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
*clap, clap, clap, clap, clap, clap* Well done Graham!! While I miss Carole's dulcet tones, you and your guest Allan did a wonderful job to carry on!! Keep on good sir!! Thank you for all your hard work and effort!
Thanks Aryon – glad to know you're enjoying the podcast!