Darknet Diaries - Ep 6: The Beirut Bank Job
Episode Date: November 15, 2017Jayson E. Street tells us a story about the time he broke into a bank in Beirut Lebanon. ...
Transcript
Discussion (0)
When you go into a bank, you see all kinds of physical security checks.
There are thick panes of glass between the tellers and customers,
a vault with a large heavy door, cameras everywhere,
a security guard is walking around.
But do you think about ways you could bypass all of that?
You might notice a back door to the bank and wonder if it's unlocked.
Or the door between the tellers and customers is so short that you can jump over it.
Or maybe you see a blind spot in the way the cameras are pointing.
In this episode, we're going to test the physical security of a bank.
But our goal isn't to steal cash.
It's to get access to the teller's computer.
This is Darknet Diaries.
True stories from the dark side of the internet. I'm Jack Recider. know a bit too much about how scam callers work. They'll use anything they can find about you online to try to get at your money. And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive. It's endless
and it's not a fair fight. But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete.me. Delete.me is a subscription service that finds and removes
personal information from hundreds of data brokers' websites and continuously works to keep it off.
Data brokers hate them because Delete.me makes sure your personal profile is no longer theirs to sell.
I tried it and they immediately got busy scouring the internet for my name and gave me reports on what they found.
And then they got busy deleting things.
It was great to have someone on my team when it comes to my privacy.
Take control of your
data and keep your private life private by signing up for Delete Me. Now at a special discount for
Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com
slash darknetdiaries and use promo code darknet at checkout. The only way to get 20% off is to go to join delete me.com slash dark net diaries and enter code dark net at
checkout. That's join delete me.com slash dark net diaries. Use code dark net.
Support for this show comes from Black Hills Information Security. This is a company that
does penetration testing, incident response and active monitoring to help keep businesses secure. I know a few people who
work over there, and I can vouch they do very good work. If you want to improve the security
of your organization, give them a call. I'm sure they can help. But the founder of the company,
John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security
world-class in security training.
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
But get this, the whole thing is pay what you can.
Black Hills believes that great intro security classes do not need to be expensive,
and they are trying to break down barriers to get more people into the security field. And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers.
Head on over to BlackHillsInfosec.com to learn more about what services they offer
and find links to their webcasts to get some world-class training.
That's BlackHillsInfosec.com. BlackHillsInfosec.com.
BlackHillsInfosec.com.
In this episode, we're going to hear a story from Jason E. Street.
What's up?
Jason is one of those guys that has endless stories
of incredible things that have happened to him.
He's also a Diet Pepsi addict.
When you talk to him,
you hear him say random things like,
It's never drinking the Diet Pepsi that gets me. It's usually trying to get rid of the Diet Pepsi
that gets me. I almost died peeing off a cliff in Bulgaria.
While I was talking to him, I was kind of curious to hear the backstory of all these
little footnotes that he was throwing at me. But it didn't take long before I heard him say
something that I just had to hear the whole
story. I accidentally robbed the wrong bank the last time I was in Beirut.
Jason started out in law enforcement, but for almost the last 20 years, he's been working in
InfoSec. He's done considerable work defending the network, but he's also done numerous penetration
tests. One of his favorite things to do is what he calls security
awareness engagement. He's hired by companies to test the physical security of a place. For instance,
it shouldn't be possible for a guy to just walk off the street, walk right into an office, walk
directly past reception, sit down at a random computer, and do work, and then walk out. He
should be stopped, right?
The door should be locked.
Reception should not let him pass.
And the computer should be locked.
And then someone should notice that he shouldn't be there.
This is what should stop him.
But companies hire Jason to actually test if this kind of thing is possible.
When I do these engagements, they're not red team engagements.
They're not pen testing.
They're literally security awareness engagements.
I don't mind getting caught.
And if I don't get caught, I try to get caught by the end of the engagement because I'm trying to teach the employees how to be better.
While you listen to this story, you may question the legitimacy of what he's saying.
I know I have.
So I will be providing photos and videos of him doing these things.
You can check out the show notes to see these. The stories you're about to hear were all captured by his wrist camera, a button camera on
his jacket, or closed caption cameras in the bank itself. In fact, there's even an episode of
National Geographic that filmed him doing some of the stuff he'll talk about. I've fact-checked this story as best I can, and amazingly enough, it checks out.
So a few years back, a bank hired him to do one of these security awareness engagements,
and they wanted him to test the physical security of a bank in Beirut.
So Jason got on a flight and headed to the Middle East.
Beirut is the capital city of Lebanon, which is nestled between Syria and Israel,
and has lovely views of the Mediterranean Sea. The main language is Arabic, but they also speak
French and English. Jason arrives at the bank headquarters. It's a tall building, at least 30
stories high. There's a bank branch on the ground floor, and the other floors are the bank's offices.
Jason heads up to the 20th floor to a conference room.
Okay, so it started off with a meeting that morning with a guy who wasn't too very impressed with me, to say the least. It's like, I'm not good at making a good first impression
for some reason. He's just like being very sort of condescending because I'm American and I'm like,
you know, weird and all that. He's like, I don't know if we're going to be able to, anybody's going to be able to fall for
that. Or what do you need for us to help you with? And I'm like, I'm like, you know what,
why don't I just go downstairs right now and compromise your, your branch downstairs.
And he's like, what? And so we went downstairs and I compromised his whole entire branch even was behind his teller line uh he was uh not
thrilled with that uh but then it was like i sort of shot myself in the foot with it because now
they're like okay well you're so good we want you to see if you can get actual network compromise
and i'm like well how would i show network compromise from physically stealing stuff
and i will get us a user id a smart card, a computer, and network access.
And we'll give you three chances and three different branches,
and you go and do what you can to do that.
And this was like, sure, whatever.
It was like, we'll see what happens.
YOLO.
Jason doesn't like to do a lot of recon before a mission like this.
If he's working with another person on the mission and they start planning and plotting and prepping for the break-in, Jason will just say,
Can't I just walk in and be adorable?
That seems to work with me.
Jason gets suited up.
I'm wearing a leather jacket that says DEFCON on it, red Thundercat tennis shoes, a khaki shirt, and a collared shirt, but with a badge that has their lanyard,
which I could have gotten anywhere, the trash, whatever,
with a card
that's just a blank card
that looks like a hidden card.
He likes to wear what he calls his Vest of Doom,
which contains a few essentials needed
for this mission. Usually it's a
foam plug, it's a USB
rubber ducky,
it may be a Proxmart 3 uh tool a couple drop boxes i mean
just some malicious things to show them the damage that i could do i never really uh execute code i
never really do any kind of the actual exploit the vulnerabilities i'm doing it just to show
what the potential is remember i'm not trying to get a red team i'm not trying to do red team i'm
not trying to exploit them i'm not trying to show the vulnerabilities. I'm trying to educate
them on the dangers that actually exist. Jason is all set now. So he gets picked up by the driver
and is taken to the bank. So I go to the first branch and I literally just walk in and I walk
in and I walk exactly like I know where I'm going. And I walk past the executive. I walk to this manager's office where he's talking to someone.
So he doesn't see me step in, look in.
So I pause right outside his door.
But before I get back to the executive can see me and I wait there for about 30 seconds.
This pause he's doing is important. He didn't go immediately to the
tellers. Instead, he went in the opposite direction to a hall with offices. And he's hovering just
outside the manager's office because he wants to look like he's meeting with the manager. So that
when he moves to the next location in the bank, he's hoping someone will see him coming from the
manager's office. Then I walked from there straight into the executive's office.
Her first impression has got to be that I just got finished talking to the manager.
So I tell her that, yeah, I'm here with the auditor.
We're doing an audit on the computer systems from head office.
It's like, I need to look at the computer.
Because it looked like he had just come out of the manager's office,
she bought this story and let him use her computer.
The first thing he does is plug a rubber ducky into her machine.
The rubber ducky looks just like any other regular USB stick, but it's actually an incredibly dangerous tool.
When it's plugged into a computer, it tells the computer that it's a keyboard.
The rubber ducky then proceeds to send pre-recorded keyboard commands to the computer.
The rubber ducky can be configured to create a remote control session to that computer.
So by simply plugging it into a computer for only a few seconds,
it can give a hacker full control of that machine from a remote location.
But Jason's rubber ducky only opens a notepad and types the word hello in it.
Because he doesn't want to actually hack into the machine,
he just wants to test if the machine is hackable.
So once he sees Notepad pop up,
he takes a picture of the screen with his iPad
and then takes the mouse, closes the window,
and unplugs the rubber ducky.
I plug in the device.
Now I'm golden because now people are seeing me
come out of her office.
After coming out of the manager's office,
I go to this other lady that's beside the teller line.
She made eye contact with me as I left.
So I stayed straight on eye contact with her, went to her desk.
And I told her, hey, look, I'm doing an audit on the machines from head office.
I need to go through all these machines.
Got her to let me compromise her machine.
So she thinks now she's bought into the whole thing.
So she walks me behind the teller line.
And then I then proceed to compromise the teller that's behind there.
That took a whole two minutes and 20 something seconds from walking in the door from the very first time.
At this point, Jason is now hanging out behind the teller line in the bank.
He's asked tellers if they can move out of the way while he plugs in his rubber ducky into their computer.
And then he takes control of their mouse and begins using it.
It didn't take him long to do this to every computer behind the teller line.
Now, after he touches every computer he sees,
he starts messing around with other electronics,
like scanners, printers, monitors, everything.
At one point, while he was only a couple feet away from the teller,
a person was making a large deposit.
Yeah, I took pictures of that, actually.
He was depositing $250,000 in cash. I could reach
out and touch it. One of the executives that was there watching this go down actually wanted me at
one point to go and steal the money because I was getting everything. Because about five minutes
after I was behind the teller line, I was there for almost 30 minutes. I was behind the teller
line and at all the different offices i mean i totally
compromised this whole facility and had full carte blanche uh the manager shows up in about
10 minutes 15 minutes after i was already doing everything and uh i then he assumes everybody was
verified me um so i'm safe everybody thought that he verified me because I was, so therefore I was safe. No one
actually verified me. It's a crosstalk between the two. So I get one to think that the other one
verified me. At this point, Jason had established himself so well that the manager asked him to take
a look at a computer problem they've been having. Jason said in order to help, he's going to need a
user ID, a password, and a smart card. So they gave it to him.
Jason looked at the problem for a minute and told him he'll just replace that computer with a new one.
The manager was thrilled to hear this news and asked him to take a look at the scanner and monitors too.
Jason decided to just tell him that headquarters is planning to do a full refresh of all the equipment,
which was a total lie.
The manager reacted to this like a kid getting presents on his birthday. I tell him that I'm here to help do a restore and a rebuild of their, remodel of their office,
their branch. So he lets me do everything except for going to the vault. It's like,
that's the only place he wouldn't let me go into because there was no phone lines or jacks or any
kind of internet devices in there. Though I asked and said, are you sure? Let me take a look. While I was there,
I got the user ID, the password, and the smart card from one of the main supervisors.
So I successfully got three of the things in the first branch.
Jason kept trying to push the limits of what he was allowed to do.
So he began taking things out of the building. It's like I really left the
branch about three times. I walked out with all the documentation underneath the teller's desk,
their notepads. I walked out with that. Then I got all the, I got his user ID, password, badge,
stuff, you know, to work on a machine. And then I walked away with this badge saying I need to use
this to go test something. And I left with that. And then there was something else that I took and I left with
that. So it's like, I left the building three times. The branch was so horrible on the response.
I literally waited in there until the whole branch was closed for the day. And then I had
everybody come around and had the executive that was with me actually translate everything into Arabic just to make sure everybody understood fully how bad the situation was and how bad I compromised them and what they need to do to be better protected and to be better aware of things like this in the future.
That's when they first became aware that I was a bad guy.
The bank manager was still confused about who Jason was.
Oh, he was like, it was like kicking a puppy.
I felt so bad because after I'm teaching everybody and training them what's going on,
he raises his hand during this whole all-hands meeting.
He says, what about the free computers?
Do we still get the new computers?
And I'm like, no, I was lying to you.
I'm a horrible person. The next day, Jason meets up with his driver to take him to the next branch.
Jason has two objectives left, to steal a computer and to get network access.
The driver drops him off outside the bank. It was a glass building and there was um there was a sign on the door and the sign on the door
said something in french and arabic and i'm like and they had an arrow and i'm like i have no idea
what that means it's like so i guess it meant go to the door next door uh go to the next door
and so i'm walking and i go and i'm about to walk in the door and i hear the horn honking
and i'm like it's just insistent.
And I'm like, and there's a lot of traffic, but this is actually, it got to the point right before I got in,
and I already targeted someone inside behind the telephone I was going to go talk to.
The horn honking was insistent. So I was like, I turned around and looked to see if it was, and sure enough, it was my guy who was driving me.
And I was like, I went up to him.
He's like, that's the wrong bank.
That's the wrong bank. I was like, yeah, but there's a sign on the door. It says, it says push the button
for entry. I'm like, oh, it's like, so I go back to the original door and I push the button and
that lets me in. Jason is known for giving awkward hugs, but if he would have gone into the wrong
bank and tried to steal a computer from it, this would have been a whole new level of awkwardness
that he would not have been prepared for.
Luckily, his driver caught him before entering the wrong bank, so he reset himself and went
into the right bank.
I felt bad about all the stuff I did in the first one, so I vowed not to talk to anybody.
I just walked back, found the break room, got a little bit of water, and so that way, after a couple of minutes, I'm now approaching from a different direction.
Instead of coming from the untrusted side, I'm now coming and approaching from a trusted side.
It's all psychological.
So I walked into the behind this door that got me into the teller area.
It was like a little circular kind of thing.
And I literally go up to the beside the teller, uh, the teller area. Uh, it was like a little circular kind of thing.
And I literally go up to the,
beside the teller that's actually conducting business beside me.
And I,
without even saying a word to him, I started unplugging the computer,
uh,
unplug it,
disconnect everything.
And I walk out with it.
What,
how is that possible?
Because what kind of crazy person walks into a freaking branch and steals a computer?
I mean, besides me, that is.
It was a small computer in their defense.
So now Jason has four of the five objectives complete and has one branch left.
The last objective is to get network access.
The driver takes Jason to the last branch.
That was the simplest.
I just walked up and there was a lady uh cleaning offices
i need to get into the the network closet doing some work uh for uh headquarters and she just
opened the door i mean that was very anticlimactic at that point why did that work because they don't
associate that with money that's just a network closet you know it's like i'm not i don't have
a ski mask i don't have like, I don't look threatening.
I'm smiling and I'm laughing and joking around.
And it's like, I'm harmless.
And it's like, so why not let me in?
He took a picture of himself in their networking room and all their networking equipment,
and then left that room and closed the door behind him and walked out of the bank.
Jason had easily broken into three banks in three days and completed all five
of his objectives. He met back up with the executives that hired him. Their response was...
Shock. I mean, literally, they were flabbergasted. It was just unbelievable to them that that
occurred. They're like, this cannot be real. This episode is sponsored by Vanta. Trust isn't
just earned, it's demanded.
Whether you're a startup founder navigating your first audit or a seasoned security professional scaling your GRC program,
proving your commitment to security has never been more critical or more complex.
And that's where Vanta comes in.
Businesses use Vanta to establish trust by automating compliance needs across over 35 frameworks like SOC 2 and ISO 27001, Thank you. quickly. Plus, with automation and AI throughout the platform, Vanta gives you time back so you
can focus on building your company. Join over 9,000 global companies like Atlassian, Quora,
and Factory who use Vanta to manage risk and prove security in real time. For a limited time,
listeners get $1,000 off Vanta at vanta.com. That's spelled V-A-N-T-A,
vanta.com. For $1,000 off.
A few years pass, and Jason gets another call for another security awareness engagement.
This time, it's a different bank in Beirut, so he heads back out there.
Of course, he has to have a Diet Pepsi while he tells this story. It's a different bank in Beirut. So he heads back out there. So I was supposed to, I was hired.
Of course, he has to have a Diet Pepsi while he tells the story.
I was hired to rob a bank there for this one bank.
And there's a problem is there's a lot of banks in Beirut.
So I was doing this one engagement.
We started out that morning.
It was very successful.
We started off with a success. And then the one that we totally compromised
started sending out phone calls to like other people to warn them about me. So I was a little
upset. And so we were going one off script to a branch that they didn't know about, hoping that
we'd be able to get them unawares. And I'd already drank a 1.5 liter bottle of Diet Pepsi already, which usually leads me to problems.
I have to go really bad. And the guy's telling me that the guy who's the liaison for the engagement
is telling me, OK, go down this sidewalk further toward the end. It's right there. Just go in and
I'll be in there two minutes after you because he's my, you know, my get out of jail free card.
And so I go down and I'm like, all I'm thinking about literally, I'm going, I'm looking at other
stores and other places. If I could find one with the restroom, I'll go into it first. I wouldn't
go into the bank already having to go to the restroom. But I couldn't find one. I see the
branch. I don't look at the signage. I don't look at anything. It's got tellers. It's the bank I'm
supposed to go into. I get into it. I know that the bathrooms in Europe and a lot of other countries, they're either on
the second floor or in the basement.
They're never on the first floor.
So I automatically look for the stairs or look for going up or down.
I find some stairs going up.
Second floor, sure enough, right there is the bathroom.
I'm really happy about that.
So I use the bathroom.
I come back down and i'm at the head
of the stairs at top of the stairs and i'm looking down and i see two people working on a in a cube
and i'm like well i might as well start working so i go down there tell them i'm with microsoft
show my microsoft my fake microsoft badge uh plug in the uh the rubber ducky compromise the machine
it's like screen pops up the window text document pops up saying,
hey, yeah, this shouldn't have happened.
And then I go to the next one and it's like I compromised that machine.
And so I've already succeeded. I'm already done.
The whole engagement's already completed.
I've already compromised their network.
The security awareness engagement, the success is plugging it into one device
because one device is all it takes to
compromise the network it's like everything else is gravy and teaching experiences for the employees
because I compromise all the employees and then I go back and I talk to all the employees and tell
them what I what I did and what they did wrong that allowed me to do what I did. So I get the second one, and I'm really happy now.
I'm feeling relaxed.
And then this guy comes up to me when I'm going to the third one,
and he says, what are you doing here?
And I'm like, oh, I'm here with Microsoft.
I'm doing USB audit rights and stuff because of the merger and acquisitions,
but it's supposed to be very hush-hush.
I show him this forged email on an iPad.
You always do it on an iPad because that makes it look legit.
Except, you know, if it was on paper, it could be just printed out.
It's like I put it on the iPad so it would look more legit.
And I show them this forged email that's from the head, the CFO of the bank, who's actually also the daughter of the owner of the bank, giving them authors, giving me authorization to do this audit.
And so they said, well, you got to talk to the supervisor it's like for that and I'm like okay because I've already won so all I all I can
I have to do now is just escape so I go to the supervisor and I show her the email now this get
out of jail free card this this forged email has two options that i knew of option one was they
read it and they go okay this looks totally legit uh option two and they go yeah this looks sketchy
as i'm gonna need some more documentation i need to call someone and then i go and say very
innocently and adorably like hey uh do you need more paperwork because i have some more paperwork
in my car i can go get that.
Then they let me leave.
And that's a fine because they allowed me to escape after they realized something suspicious was going on.
Well, it turns out there's a third option.
This third option was not known to me or even conceived of me for a very long time because I just never it just never crossed my mind. But the third option is when the lady
reads the email, looks at me very sternly and very upset and says, this is for the bank next
door. What are you doing in here? And what did you plug into our computers? And I kid you not,
the first thing I said, I mean, I could have done all these pretexts, I could have done all this,
but I was not prepared for that
and I just looked at her dead in the eyes
and I said like
this is unfortunate
this is unfortunate
yeah I got nothing
I should not be here
about two days later
I'm in the bank manager's office
Don't even ask me how I got there
I'm sitting down in this chair
Six people are speaking Arabic very angrily around me
And I'm like, this is not a good thing
So I start to panic a little bit
And I'm like, guys
It's just, it opens up a text document
It's totally fine
It's just, I'm doing an guys, it's like it's just it opens up a text document. It's totally fine.
It's just I'm doing engagements.
This is what I do.
And so I said, look, I plugged the USB drive into the bank manager's computer, which I thought at the time was a very good idea.
It popped up the notepad.
It showed that this is all it said.
And I look behind me and I see their faces and I'm like, oh, yeah, I just compromised another machine.
But with more witnesses.
This is unfortunate.
So that did not work out as well as I thought it would be.
I really even got to the point where I was like, you can Google me.
I'm known for this stuff.
And it's like, so they're like very unhappy.
By that time, the representative from the from the company that hired me, he found out where I was at because he realized I had not shown up in the branch I was supposed to be at.
He didn't know where I was. He thought I was in the back room compromising everything there until finally he realized, wait, something's off, and then went looking for me.
And so he found me, and then he was able to start talking to them in Arabic and English and French
because it's a mixture they speak all three languages fluently so he's talking to them
he's trying to explain to them what's going on and then so finally we're like okay you have to
go to the head office with an escort so the head security team can go and look at this payload
make sure that it's not something malicious or what's going on so we drive to the head security team can go and look at this payload and make sure that it's not something malicious or what's going on.
So we drive to the head office.
Jason is now being escorted by car to the headquarters of a bank that he accidentally broke into.
He was starting to get pretty worried.
Yeah, it was not going well.
Yeah, I was a little nervous.
I have to be honest with you.
Um, I don't know the condition of loving these prisons, but, uh, I don't want to ever find out.
Uh, so I've never watched Locked Up Abroad, thankfully.
Uh, so I was just, uh, I was a little nervous.
I was like, uh, I mean, I literally legit, you know, technically did bad things.
While he didn't actually do anything malicious to a computer,
he did cross the line for where he shouldn't have been physically.
And he lied to the employees about why he was there.
The situation would have been a lot worse if he had actually tried to take a computer out of the building.
And lucky for him, the USB
rubber ducky he was plugging in did not actually do anything bad to their computers. He kept trying
to explain himself as they drove him to the bank's headquarters, but they still wanted their security
team to check out the rubber ducky and question him further. I get into the head office and I get
to their floor and we find some other security vulnerabilities because they allowed us to walk around unescorted into areas they shouldn't have, which was another finding.
And so then I finally get into the security department's office and I literally, I do,
I'm doing the best I can to be as adorable as I can. I'm making jokes about having to pee.
I'm making jokes about everything. I'm
trying to be all disarming. Luckily, we had the rubber ducky sticker still on the rubber ducky.
Usually, I take it out of the casing to make it look sketchier, which is luckily I did not do this
time. So they were able to Google rubber ducky. They were able to see that it was a testing tool.
They interrogated. I mean, literally,, it was like four hours it seemed like.
I spent at least two of the hours giving them educational training. It's like consulting with
them on all the things they did wrong that allowed me to successfully do what I did.
So when the director of security came in and I talked to him,
I did some of the same old jokes to him, trying to disarm him.
He calls the guy who hired us to rob the bank.
They start talking and halfway through the conversation,
he literally says, it's like, do we have to put the cost for this?
So at that point I realized it was probably going to be okay.
And as I'm leaving, I tell them, it's like, I'm going out the door. I'm like, we're good,
right? You know, we're okay. I gave you some consulting and I clinked my wrist together.
Like, I don't go to jail. We're good, right? They're like, yeah, we're good. You're good. You can go. And I'm like, good. I'm getting out. and I left and I did not breathe a good sigh of relief until I was on a plane to
Paris like three days later
who hasn't robbed the wrong bank before mistakes happen I did find out the next
day that as soon as I left they closed that branch and did a forensic wipe on
all their machines which actually I'm not even mad I left, they closed that branch and did a forensic wipe on all their machines, which actually, I'm not even mad.
I can't even blame them.
That was actually probably a pretty good idea.
Before leaving Beirut, Jason did find the right bank and successfully broke into it
and gained access to all the computers in the first branch, including each of the teller's machines.
In fact, that break-in he did was documented by National Geographic for an episode of a show called Breakthrough.
He was tasked with breaking into three branches, and he had no problem with two.
One of the employees in the third branch stopped him from touching the computer.
He showed them the forged email on his iPad. The employee didn't buy it and was suspicious.
Jason said he had more documentation in the car and asked if he should go get it.
The employee said yes. This allowed Jason to escape the branch.
He was stopped, but not caught.
He was proud of them for stopping him and made sure to speak highly of them in his report
for being good at stopping him.
How can we protect ourselves from people like you?
By letting people know that it is okay for them
to be suspicious when someone walks in,
that they need to call someone to verify
when someone new is around, that robbers don't just carry ski masks and shotguns, but they also have, you know,
suits and USB drives. Yeah, I think that's the key thing is it's like be weary of certain emails
that they look like they're coming from them. They have a link of attachment should actually
up your suspicious level by, you know, 9,000, uh, no
matter what, uh, no matter if you were expecting it or anything, you should always be cautious with
it. You should always check, uh, and double check, uh, with the sender to make sure that's what you
were looking for. And also, um, when you see people new that are coming in or saying that
they're going to be doing work in your area, uh, there's no harm in verifying that. And you never let someone follow you in with your ID and badge using your access to get into
the building. They should have their own access and get in themselves. We want to be polite. We
don't want to be rude. And so you have to not be rude, but you have to be firm. It's like,
this is a security policy. This isn't my decision, but this is the security policy. Thank you, Jason, for coming on the show and sharing your story with
us. Kudos for you for doing this and trying to get more information out there. That's the key
thing. It's like we win by informing and giving knowledge out to others and stuff, you know,
who may not know what the threats are.
You've been listening to Darknet Diaries. You can find photos, videos, and more information about Jason
in the show notes at darknetdiaries.com.
Music is provided by Ian Alex Mack and Jazar.