Darknet Diaries - Ep 21: Black Duck Eggs
Episode Date: September 1, 2018Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 comp...any. A company so large that theft of intellictual property could result in billions of dollars of damage. Ira's consulting company: Secure Mentum.His books: Spies Among Us, Advanced Persistent Security, Through the Eyes of the Enemy.Â
Transcript
Discussion (0)
A lot of hackers act alone, do it solo, and treat it like an art form.
They plan their attack, feel for what to do next, attempt to exploit the system, and they
rely on their intuition to conduct a hack.
But Aira does it differently.
I specialize in putting together teams of former special forces and intelligence officers
to go after organizations.
Ira is methodical, follows a playbook, and works with highly trained people.
The jobs Ira does are bigger than what one person is capable of.
He needs a crew of specialized people, each one with a different mastery of their craft.
And he's assembled one of the most elite hacking teams in the country.
Each member is incredibly skilled.
They rely more on
their training and what steps are required to accomplish the task, and less on intuition.
The plan of attack is structured and methodical. Think of it like Ocean's Eleven.
I don't even want to call it Ocean's Eleven, I mean, because that's kind of amateurish hours.
And this team is about to embark on a mission for over a billion dollars or at stake.
The first time you steal a billion dollars, it's a bit of a rush. After you've kind of done this so many times,
it's almost expected. These are true stories from the dark side of the internet.
I'm Jack Recider. This is Darknet Diaries.
Hey, it's Jack, and I want to have a quick chat with you for a moment.
I make this show so I can educate and entertain you.
It's free, so I can spread knowledge and share important stories.
But I need your help, though.
Less than 1% of my audience is supporting this show directly through Patreon.
Those people who help fund this show enable me to research and present stories that are
free from outside pressures.
It lets me be more honest with you.
And above all, it tells me this show brings
value to you. So those of you who are regular listeners and find this educational, entertaining,
or valuable, please consider donating to the show. But please don't support it if it causes
you any financial stress. By supporting this podcast, it shows a new ethic in supporting
the work you appreciate. At first, I was hesitant to even open my hand to allow you to give.
But now I see direct donations
are the most straightforward transaction for helping me.
When you buy a book or pay to see a movie,
you pay before you even know if it's a value to you.
But I give you this show free
so you can determine if it brings you value before giving.
So please visit darknettdiaries.com
slash donate and help me out.
Thanks.
I've been told that some of my listeners are nine-year-olds.
Crazy, huh?
So, hey, what's up, kids?
But because of this, I'm going to have to give warnings as needed.
And in this particular episode, it does have bad language.
Sorry, kids. I've been warned.
I want you to meet Ira Winkler.
Hey there.
Eight years ago, I heard Ira talk at a security conference, and he blew me away.
It's one of those talks that I'll never forget.
And I'm very excited to be able to talk to him again, because he leads a very interesting life.
Ira looks at the world differently than you or I.
He's quick to see vulnerability, either in a person, or a building, or a computer, and exploit it.
He's good at this because of his background.
He was fascinated early on by
the human brain, so he got a college degree in psychology. But after getting a degree,
he had a hard time finding a job. He thought maybe the U.S. government would hire him,
so he took their aptitude test. Did really well. Basically, if I got a clearance, I got a job.
I got the clearance. They said, wow, you have really good computer aptitude. You want a computer
internship? I'm like, no, I hate computers. I want nothing to do with them. They're like,
what about cryptanalysis? It'll be like playing games. I'm like,
I don't want to look at ones and zeros all day. But he didn't see any better option.
Finally, I took a job as an intelligence analyst for the National Signals Intelligence
Operations Center, which was known as NSOC, which is the only room that actually
looks cool in NSA. Part of this job was to decipher encrypted messages. This is called
cryptanalysis. Here within the walls of the NSA, he was learning about computer security.
He was understanding what encryption is secure and what isn't, in a very real world, hands-on way.
And he taught himself how to program to do his job better. But... Ironically, I hated cryptanalysis. I hated computers. My first technical computer job
was programming supercomputers to do cryptanalysis. So that was bizarre.
He eventually moved to another department, this time doing research and development for
tactical signals intelligence.
It's where I was running around Europe, helping people in little green trucks do stuff.
Do stuff.
Ira is secretive about what he did at the NSA,
because he has to be.
But signals intelligence is collecting information
from the enemy.
And the enemies are everywhere.
There's always a threat brooding somewhere.
Possibly another country is planning an attack on us,
or a terrorist group is meeting to discuss their next steps. Signal's intelligence is knowing what
the enemy is up to. And you do this by finding where they are, and then figure out a way to
intercept those conversations. So while running around Europe helping people in little green
trucks, Ivor became more worldly and started to learn how spies operate. But eventually he left the NSA and joined a
contracting company. He did various IT tasks, but then one day a new contract job was given to him.
They're like, well, we have a contract to find out as much about the company as possible
without breaking into their computer systems. Basically, the contract was to use social
engineering against an investment bank to see if he could get access to it. Now keep in mind, this is the early 90s, so not a lot was known about social engineering at
the time. I just started going ahead and basically my intelligence background, you know, having worked
in NSA, working with a bunch of other intelligence agencies along the way and stuff, you know, I just
used essentially basic human elicitation techniques to lie to people over the phone.
Human elicitation is the act of getting someone to tell you a piece of information.
With his experience in intelligence gathering at the NSA and being a psychology major, Ira took an interest to this and did pretty good at getting people to tell him information they shouldn't be telling him.
For instance, he might start out by simply asking an employee for a phone number and getting it, and then slowly asking for more and more stuff until he has the whole phone directory.
Eventually, the person is giving him loads of information that they shouldn't be giving him.
And get them to slowly give away information. And then I, you know, started getting lots of
login IDs and passwords. I even got the investment bank to send me a computer pre-configured for
their VPN.
That was fun.
Getting people to tell him information they shouldn't be telling him came naturally.
He realized he was good at this.
And by the end of three days, I had supposedly user IDs and logins to make financial transactions.
By using just a phone and his wits, Ira was eventually able to take over the bank.
He gave a talk at a security conference and wrote an article about how he did this.
People responded in ways he didn't see coming.
They were so impressed with his methods and abilities.
Then when it got really well publicized and people started coming to me to do weirder and weirder stuff,
they're like, well, we want you to come into our company as a temporary employee and rob us blind.
So I did.
And that's how Ira's career got started as a temporary employee and rob us blind. So I did. And that's how Ira's career
got started as a social engineer and penetration tester. He was paid to test whether he could
access places he shouldn't be allowed to access or get information he shouldn't be allowed to get.
Because this is what bad guys will try to do and companies wanted to protect themselves.
As the jobs got weirder and weirder, he got better and better at gaining unauthorized access.
He eventually started getting so many jobs that he started his own security consulting company.
But here's where things get totally crazy. Ira has a background in national intelligence,
and he's very familiar with how spies operate, like real military-trained spies. He met many
of them at his time working for the government. So when he started doing his own penetration testing,
he would ask some of his spy friends to help him on certain missions.
And over time, Ira was able to build a crack team of highly trained special agents
to help him break into buildings and steal information.
Ira started taking on bigger jobs and using his crew to get into some of the most secure buildings.
Buildings such as nuclear reactor facilities and banks.
Ira became known as one of the best to hire
to do penetration testing
because he brings a team like nobody else can.
I like to call them more espionage simulations.
I specialize in putting together teams
of former special forces and intelligence officers
to actually go after organizations
like real high level adversaries would.
Yeah. The media has called him the modern-day James Bond.
Depending on the job, he'll put together an elite team for the task.
For instance, there's Stu.
Stu's a former Navy SEAL.
He's extremely fit, agile, tactical, and has years of training in espionage and raiding.
Yeah, raiding.
He knows where to look for weak points
in a structure, knows how to use a grappling hook, and he's good at going undetected by security.
So he helps Ira whenever there's a need for physical intrusions.
Stu has like an innate nature. Like, so he, frankly, one time he took advantage of a situation
much quicker that I'm mad at myself. I didn't do this. But we were once in a security room having our pictures taken for badges.
And the guard walks out.
He's like, oh, I got to go to the other room and pick up the badges.
And Stu's like, Ira, lean against the door, you know, for a second.
So I go lean against the door.
Stu goes behind the desk and pulls up a bunch of blank badges, like valid security badges, and grabs them.
These are some of the things Ira tests for.
Him and Stu look for physical vulnerabilities like this and report them.
And then there's Tony.
Former Army counterintelligence officer.
Tony has been trained to look for threats against his country.
He's good at collecting this information by using traditional spying techniques,
gaining physical access to a building, stealing documents, or simply doing
social engineering. Tony is also good on the physical side, but we primarily used him for the
telephone social engineering. He's trained, you know, he would be an intelligence specialist in
human intelligence. He was trained in counterintelligence, so he would know how to
conduct interviews. He would know how to elicit information and so on.
See, Tony has been trained to follow a process to get someone to divulge information that would, in essence, betray their own country.
He's tricky and clever and extremely good at what he does.
There's a process of establishing a relationship and elevating the relationship to the point where you get people
to slowly divulge non-important information, to where you slowly raise the stake of what level
of information they give out, till at some point they're pretty much over the hump and they're
screwed. Tony comes across as a nice guy and everyman, someone who you might think is a good
wholesome gentleman. He's calm and courteous, which comes in handy when you're trying to get information from
everyday normal people who might not even know they have valuable information to divulge.
Like say, the front desk receptionist.
He has like this nice, you know, just a slow speaker.
You know, it's kind of like you expect to see when you're driving through Kansas and
stop to ask for directions.
You would swear he was a good old country boy.
And then there's Stan. Stan is kind of my favorite.
Stan was a colonel in the GRU before he defected over.
The GRU is Russia's foreign intelligence agency, similar to the CIA.
They're often trained to follow spies or be deployed in foreign lands and collect information. Stan has extensive training in intelligence gathering. And Stan's background,
besides it being a Russian operative, his primary target while he was in the GRU was against China.
And so he speaks fluent Mandarin. He also reads Chinese and all that before he came to the U.S., where he was obviously focused on targeting U.S. intelligence type of stuff. Stan came to the U.S. to collect data on U.S.
government and report it back to Russia. He's a masterful spy. He would often go to Washington,
D.C. and hang out in bars. He'd ask someone for a cigarette and start a conversation. He'd learn
they work for a government agency, no surprise in Washington, D.C. And over time, Stan would build trust with that person and get
them to divulge government secrets. Stan was referred to me as one of the most successful
GRU agents targeting the U.S. in history. So Stan literally gets people to betray his country under
penalty of death, which is a different level of social engineering than
getting somebody to give up a password. We use him to target an organization the way a real
foreign operative would, because everybody thinks of spying like James Bond, but the actual
traditional espionage is done by spies like Stan. And what they try to do is they try to find access
to people with information and get them to divulge it either knowingly or unknowingly to him.
You know, this is kind of like, you know, I don't even want to call it Ocean's Eleven.
I mean, because that's kind of amateurish hours.
Stu, Tony and Stan have had training in some of the most advanced places in the world and have enough experience to have mastered their craft.
And this is just some of the members of Ira's team.
Their combined skills make them potentially one of the most advanced hacking teams in the world.
I just know them from my intelligence background. But here's the difference between somebody who
goes around. I'm a social engineer. It's like, you know, these people, if they get caught,
they just give the get out of jail free card. You're talking about Stan, who was in China,
being monitored, who had radioactive powder put on his doorknob so it was easier to track him.
You know, Stan knew any moment in time he could be pulled off the street, tortured and killed.
You know, Stu Navy SEAL, he knows any point in time he gets captured, he's dead. We're talking about people
who have a fundamental aversion to be captured, not because, you know, not because they're afraid
they'll have to pull out their get out of jail free card and it'll be embarrassing.
We're talking people who know to do this because their lives depended on it. As Ira's reputation went up as an elite pen tester, he got a contract
from one of the biggest companies in the world, Global 5 Company. They wanted him to do an espionage
simulation against them to see how vulnerable they are. Now, Global 5 Company is worth hundreds of
billions of dollars, which means the company has a lot to lose. One thing in particular that would cause a lot of financial damage is all the research and
development information. This is stuff like the source code for their systems or all the
technologies they're coming out with in the next few years. So that was our primary target to prove
we could get access to all the R&D data. If this were to be stolen by another competitor or
government, it could cost them billions of dollars. So Ira's job is to find as many weaknesses as possible
to help secure them.
Well, primarily it was just, I mean, I hate to say,
you know, grab them by the balls and squeeze.
Ira started researching and planning the mission.
He first figured out the location of the R&D department,
which turned out to be in a small town
in the middle of nowhere.
He used Google Maps and other tools to learn more.
There was a fence around the whole property and stationed guards to restrict people from being
able to drive in. He determined the building was going to be locked and the data he was looking
for would be in their computer operations center. He was able to make some phone calls and figure
all this out pretty quickly. As he sized up the job, he knew he was going to need some help.
So he assigned Stu, Tony, and Stan to the mission.
All four of them fly to this small town where the Research and Development Office was located.
The team arrives one by one.
The ex-NSA agent, the Navy SEAL, the Army counterintelligence officer, and the Russian spy.
Tony, ironically, was responsible for following Russian spies around Europe while he was in the Army.
It was kind of funny to have
him and Stan working on the project together. But I flew in late at night and all I wanted was a
stupid bottle of water that the hotel didn't have. And so I'm driving around trying to, you know,
in this like little strip mall type of place. And all of a sudden I'm driving around late at night
and I look in my rearview mirror and there's a car behind me and I was driving pretty slow, which is unusual for me because I was looking to see what stores
might be open. And so anyway, I moved over to let the car go by me and then the car moves over with
me. And then it's like, am I being followed? And then as I switch lanes once again and the car
follows me again and I'm like I'm being followed.
Most people think okay speed off that's not what you do when you're being followed you know like in the real world. I saw a you know one of the you know gas station open up
with a little quick mark in it so basically I'm driving and I do make the, you know,
I do make the sharp turn, like I'm gonna drive past
and I make the sharp turn into the gas station,
pull my car up to where I can get out of the car
and go straight into the door of the quick mark,
blocking everything.
And what happened was the car pulls behind me,
it turns out to be an unmarked police car.
And I'm like kind of relieved it's a police car. Then the cop gets out. I go, what the hell were
you following me for? He's like, what are you cutting over? I go, because I was being followed.
And the guy couldn't argue with me. He goes, well, you were driving kind of, you know,
you're driving, you know, below the, I go, one is driving below the speed limit in an area of concern, you know, like a crime. It was kind of funny, but I was calling out the cop for following me.
So the squad begins the mission. First, they scout the building and watch what people are wearing
as they come and go. They notice which points of entries there are and how traffic flows.
Then they regroup to put clothes on to physically blend in with other employees. Ira puts on a shirt with a corporate logo on it, and they suited up
and got ready. And at last, they're all set. It's now go time. All four of them get in
the car and drive to the building. We ended up going there. They had a campus-like setting
for their R&D center. There was a guard gate to get onto the campus,
with actual guards checking everyone coming through.
But there was a lot of traffic that morning.
Everybody was just lined up coming off the main road
and stuff.
You hold up something that looks like a badge
and they don't check.
Nobody wants to slow down the morning rush hour.
They just waved us through.
We knew where their computer operations center was,
so this was like day one.
Drove everybody in.
And then we're like, okay, let's get in.
So I told everybody, yeah, hold on a second.
Let's just stand here by the door.
The team waits around, acting inconspicuous while Ira forms a plan.
He tries the door.
It's locked.
He thinks maybe he can tailgate someone in.
He waits for someone to come out.
And then I started hearing somebody come out. There was a crypto lock on the door.
And I just started acting like I'm pressing buttons. The guy goes out, holds the door
open for me. I and my team go in.
They quickly orient themselves in the building and start heading to the computer
operations center. They act like they belong, walking deliberately but not too fast, scanning
the room but careful not to be obvious. They try to blend in and go unnoticed. They eventually found
the room they were looking for and gained access to it. Once there, we find out that all their
critical servers were left logged on as admins. So pretty much we, you know, just added a new.r
host and free, you know, for one we had control over.
So we were able to basically get a trusted relationship on all of the critical servers within the room without causing any significant damage.
And then pretty much the technical operation was done.
And while we were walking around, though, Stan was walking.
He's like, I don't know what are these Chinese American dictionaries doing on the shelf here? And I'm like, have you seen U.S. colleges lately, Stan?
You know, sarcastically, Stan's like, I'll look into this. So anyway, and pretty much we were
done day one where Stu and I were like, we physically compromised every, you know, the
critical information we needed. They head back to the car with a feeling of mission accomplished.
But Ira's done this so much, he doesn't really get excited anymore.
Well, it's kind of, I mean, the first time you steal a billion dollars, it's a bit of a rush.
After you've kind of done this so many times, it's almost expected. You know, I mean, frankly,
it was really unclimatic to actually take over control of all their computers in the R&D center.
There were still a couple more objectives that the team wanted to do.
Tony made some phone calls and was trying to get people to tell him
usernames and passwords over the phone.
And, you know, of course, Tony was able to get information right and left.
And Stan was doing what spies do.
He was going around town doing a counterintelligence assessment.
Basically, he was looking around for anything suspicious.
Iry began compiling his findings in a report, showing exactly how much damage he could have
done to the company with what he found. But because the team finished early, they had a few
days with nothing to do in this small town. We had time to kill. We drove around, looked at
different restaurants and so on and figure out where we're going to go. And a couple of days
later, after I go, I remember I'm
like done. I moved on to a different project while Stan was doing his counterintelligence
assessment of the area, calls me up two days later, goes, I love there are black duck eggs
on the menu. And I'm like, what the fuck is this? What we're paying you for? He's like, I don't know
my naive American friends. He goes, don't you know, black duck eggs, delicacy, China.
So then you start putting it together. He goes, I't you know, black duck eggs, delicacy China. So then you start
putting it together. He goes, I go to Chinese restaurant number one that we drive past.
Chinese restaurant number one, people friendly, food not so good. I go Chinese restaurant number
two, walk in, menu written only in Chinese. Delicacies you can't get in San Francisco,
let alone this little piece of shit town in the
middle of nowhere. I start talking to them in Mandarin and they get very, very worried.
What funny Russian guy doing talking fluent Mandarin? And then he's like, I love this
special menu. Only Chinese people would appreciate. Number two, you hold meeting there. They give you
free meeting room and then they give you big discount if you want to hold meeting there. They give you free meeting room. And then they give you big discount if you want to hold meeting there.
I'm sure there must be recordings.
Stan started adding up all the signs.
This restaurant was very unusual.
But only someone fluent in Chinese culture would recognize how unusual it was.
Stan essentially found a Chinese intelligence operation operating across the street.
A Chinese intelligence operation in the middle of this small town directly across the street
from the research and development center of a Global 5 company led Ira and the team to
one conclusion.
It's a high probability that this Chinese restaurant was there to steal trade secrets
from the company and send them back to China's government agencies.
This restaurant may have been used to recruit employees of the company and help gather
information. Often temp employees are converted to spies.
Being there for only a short time means you're less likely to get caught.
Or perhaps they would simply record all conversations that took place in that restaurant
hoping to catch secrets or something more sinister.
But what they do is they set up a social situation where people come in, see that they can read the special menu.
They talk to them, say, my friend, I see you like our special menu.
Are you from China? Are you here on a visa? Do you have family back there?
Would you like your family to stay alive?
Is your loyalty to this temporary employer or is your loyalty to your motherland?
You know, a whole bunch of stuff like that.
So that's how Chinese
intelligence operations acts. And, you know, I mean, there's been multiple times Stan has found
Chinese intelligence operations operating out of Chinese social clubs in different areas and so on.
Stan comes up with these what the fuck moments, but he's good at what he does.
Oh, yeah. And he goes, oh, by the way, I was followed. I go, how do you know you were followed?
He goes, oh, they were not very good. I go, how do you know that? Why weren't they very good?
It's like, well, I think I find them. I start making lots of right turns and they keep following
me around the block. And then I made a U-turn and and they're not very good. I go, why aren't
they very good? They hit a pole when they went to make a U-turn to follow me. I just hope they weren't corporate security or we're screwed. We reported to the security manager and the CISO and the CISO was like,
what the fuck am I supposed to do about China? I'm taking care of their computers.
This chief security officer has seen a lot of pen test reports, but not even in his wildest
imagination was a Chinese intelligence operation even a possibility.
And we're like, well, you should talk to the FBI, let the FBI find out the FBI knows this or whatever.
And the guy was like, I don't know.
Stan, because of his situation, he obviously has to stay in touch with the FBI.
So Stan informed the FBI about the operation.
But there's one last step, the biggest one.
Ira needs to present his findings to the CEO
in a way that the CEO can understand.
In this case, what happened was, you know,
after three days, I'm like,
okay, here's your mergers and acquisitions data,
which is worth billions
because of the negotiation points that you would have.
And, you know, if they knew,
if other companies knew what you were targeting and so on, again, could throw what, you know, could ruin things. You know, here's your new
technologies coming out in three years. We have full control of your entire network. So, again,
it was showing him the business value of all the loss of of the vulnerabilities found, because
there's a difference between finding vulnerabilities and demonstrating the
potential cost of the vulnerabilities that matters. This is another thing that impresses me about Ira.
He doesn't simply put in the report what is vulnerable, but he gives a clear dollar amount
to the CEO of how much a theft like this could cost the company. When the CEO sees vulnerabilities
in terms of dollar amounts, action happens much quicker because they're speaking the same language. You know, in this case, all the research and development, frankly,
China would have loved to get their hands on it if they didn't already have it. If you were going
to ask me, I'll bet China did have it by that point in time. Years later, the company gets a
new CISO and Ira asks him about the Chinese intelligence operation across the street.
The CISO told Ira,
Oh yeah, we actually made a dozen arrests out of that restaurant.
The FBI was able to dismantle this Chinese intelligence operation.
This could have went on for years if it wasn't for Ira and his team.
A squad so good that they can blend into their surroundings anywhere in the world,
disappearing into crowds, gathering information. Not acting
like James Bond and shooting up to place and making a scene, but instead they're more stealthy,
and they might be the one asking you for a smoke at the bar, or calling you up and asking for help.
Perhaps the next time you go out, you can start looking for anything out of place. Someone might
be acting too nice, but also asking a lot of questions. Or you might notice that guy in the
corner of the Chinese restaurant eating alone with a Russian accent. The spies are among us.
You've been listening to Darknet Diaries. If you liked Ira's story and want to hear more,
you're in luck. He wrote numerous books.
Spies Among Us is one of the books he wrote, which has great stories just like this one.
Like he tells a story about how his team was able to steal nuclear reactor plans in under
three hours.
He's currently in the process of updating that book, so look for a newer version of
that soon.
If you want to know more of how to protect your company from attacks like this, check
out the book Advanced Persistent Security.
You can also go to securementum.com to learn more about what Aira does. And if you want to
know more about Stan, check out the book Through the Eyes of the Enemy. It's Stan's autobiography,
and Aira actually helped co-authored the book. Links to these will be in the show notes.
This show is made by me, Jack Recyder. Story editing is by Stephanie Jens. Some songs were
made by Wesley Slover, and the theme music is made by the esoteric Breakmaster Cylinder.
Also, please visit darknetdiaries.com slash donate to help support this show.
It really means a lot to me.
Thank you.