Hacked - Online Street Crime
Episode Date: November 30, 2016Jordan Bloemen and Scott Francis Winder explore the commercialization of cybercrime. Jordan tells stories and interprets the nerdiness of Scott. Learn more about your ad choices. Visit podcastchoices....com/adchoices
Transcript
Discussion (0)
Welcome back.
Two years ago, an officer at the Dixon County Sheriff's Department opened his laptop.
There's no fan turning lazily in the lobby of the Dixon County Sheriff's Department.
There isn't a bell of the dings when you walk through the front door.
From the outside, it looks more like a shopping mall than what you probably picture when I say Dixon County Sheriff's Department.
The county is a pretty quiet place.
It's a place with history.
It's a place kind of wrapped around in interstate.
It's a place with an old mill.
The Sheriff's Department, alternatively, is a place with a little bit of a place.
tall and modern and wrapped in glass.
If you look at the budget for Dixon, Tennessee, for the whole county, one thing jumps out
of you.
This place spends a lot on their sheriff's department, and it shows.
It feels like it belongs to the future of Dixon rather than its present.
But in the fall of 2014, somewhere in this building kind of plucked out of time, someone
to feel victim to a trap from the future.
This tool, still in its infancy, crawling from depths of the internet that paints a picture
of where hacking is headed.
In the Dixon County Sheriff's Department, someone turned on their laptop.
And on their screen, a countdown timer had begun.
72 hours marching down the moment they opened the display.
A timer and the message.
Your files have been encrypted.
There is no way you will ever see them again without the key.
If you want the key, you have to pay.
This is ransomware, a malicious new breed of malware that takes your digital information
hostage.
ransomware that breached Dixon County and a half a dozen other police departments across the
United States, it took in almost $3 million before it was conquered by an international joint
task force that dismantled it piece by piece. But with hackers creating new breeds of ransomware
every day, it represents a future in which cybercrime is more like a business, and almost
anyone with the right skills is an entrepreneur. Oh, and Dixon County, they paid the ransom.
My name is Jordan Blumen. And I'm Scott.
wonder. And this is ransomware on this episode.
Nothing better exemplifies the change that's happening in the cybersecurity world than ransomware.
And to me, that's why I find it fascinating. You know, we've had malware for decades.
But it was always nuisance malware. And it was, you know, people trying to hack in and people
wanted access to things that they weren't supposed to have access to. And now we do it for money.
ransomware is a commercial transaction
and we have moved
from hackers in the underworld
causing nuisances and looking for stuff
and trying to attain access
to things that they weren't supposed to
to hackers generating millions
and millions of dollars
I feel like and this is probably
just from the outside looking in but
I have a sense that hacking
there's always been an element of like
for profit in hacking it's just been
more at the upper levels of it,
where it feels like ransomware is the first time
someone just getting into this world
for the first time can do something
that makes them money almost immediately.
Yeah, I think that's probably
because you saw hacking
through the lens of pop culture
and it's like I saw hacking
through the lens of hackers
and a lot of hackers
didn't do things to generate money.
They didn't make money from hacking.
It wasn't something
that you could easily do.
Like, you know, a hacker
who wanted to make money from hacking
would have to use
the tool set that is
being able to hack as
part of a chain
that generated money.
There wasn't just some commercial
thing. You didn't hack a bank and just
move money. That's the
kind of quintessential pop culture reference,
but it didn't happen all the time.
Yeah, it's almost the difference between like
a long con or a con artist
versus someone who's just willing
to mug you in the street.
Yeah.
Coming from your background,
how would you have made money hacking?
You know, I think it would have been part of the challenge.
It would have been part of the excitement.
It would have been, what can I do?
Okay, I have the ability to attain access to people's communications.
Okay, what communications are confidential
but relevant to future money?
Maybe it's mergers and acquisitions information from Wall Street firms.
If I had access to that stuff, then I could trade the market before the news broke.
You know, it's part of the clever problem solving that went into hacking.
And now we just literally have people, as you said, mugging people in the streets.
And that's what ransomware is.
The creativity and the cleverness of it is gone.
It is just a brute forced transaction.
And it's also about the idea of casting a really, really, really wide net and seeing who bites me.
That's fishing.
It's about putting this thing out there in the world as many times as you possibly can and seeing who falls victim to it.
Whereas what you're talking about is the idea of staring down a target and going after them and using all of that creativity and those skills that a hacker has to facilitate that.
Yeah, quality over quantity versus quantity over quality.
If you send out a fishing scam and demand a Bitcoin ransom from 70 million people and seven million people pay it,
Hey, you're a wealthy, wealthy person.
You know, if I know what the interest rate decisions are going to be for the United States Federal Reserve hours before they become public, I'm also going to be a very rich person.
But I didn't injure people to get it.
I think that's the difference.
Okay, so what is ransomware?
Well, ransomware is, you know, literally malware that holds your computer or your information ransom.
And the you in that is very flexible.
It could be your mother, or it could be a hospital, or it could be the FBI.
And pretty much all of those people have paid it at some point.
Right.
So when you say it holds your data hostage, how does it hold data hostage?
We can think of holding a person hostage in a very literal way.
But how do you hold data hostage?
Well, the thing that they've discovered is they can encrypt it.
and generate a key to decrypt it that's unique to just your data.
And then they essentially hold that decryption key hostage.
So your data is still in your possession.
It's just being encrypted.
But if you want to unencrypt it, you need the decryption key from them.
So it's using a form of key-based encryption,
which we've kind of touched on in other episodes.
So this piece of malware infects your computer,
it takes all of your data and encrypts it,
and the only way that you can unencrypted is if you pay them for that key.
Correct.
And usually it's on some demand time, like a traditional ransom demand.
You've got 96 hours to produce $1,500 or else it's all gone.
How do you get, without getting too specific,
how do you get a piece of software like this onto a victim's computer?
The most interesting thing that we might be able to look at in ransomware is the propagation of it.
How is it getting spread?
And it's getting spread in all kinds of ways,
from phishing scams over email to probably the most interesting cases are when people figure out ways to inject it into advertising, which is called malvertising.
How do you do that?
I think it's ad network dependent, but some ad networks have had flash vulnerabilities or have had HTML5 vulnerabilities that will actually set off an attack vector that ends up with malware being put on.
your computer.
So it's, yeah, it's pretty substantial.
I don't even, we'll have to cut this.
I don't even want to go down this road, but that's, that might be the most ethical argument
for ad blockers I've heard yet, is that they're unsecure platforms and people can use
them to inject stuff on your computer.
Yeah.
You could, you could probably spend a few months researching and put together a pretty strong
argument for that.
That's bananas.
Yeah.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora superintelligence platform, a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is fully.
of deterministic agents that handle whole entire workflows. Humans stay in the loop and on the loop
to validate the critical decisions and keep everything trustworthy. And all of this is just off
running on their secure operations graph. A constantly updating intelligence engine fueled by more
than 9 trillion telemetry events every week and over a decade of real world incident response.
The system reasons on real signals and real context not synthetic training data. And the result
is the new Aurora agent SOC. It's the first SCC that is agent-Legiate.
by design, you get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven decision
reflects your environment instead of generic assumptions. The automation frees your concierge
Air security team to focus on higher value strategy and proactive risk reductions while the agents
handle the grind. If you want to see what trustworthy production ready AI and security operations
actually looks like, go to arcticwolf.com slash hacked. Okay, so someone decides that they want to
try to do this. They want to put ransomware on the world. Again, without being too specific,
where do people find these things? Like, this is not a piece of software that I can download
off the app store. Most of them are kind of custom written, but like a lot of the organized crime
that's using it now, they might have, somebody might have written it a long time ago, like
crypto lockers a big one. There's a new one that's flying around right now. It's not new,
but it's kind of having a resurgence right now called Locky. And yeah, these were written by people,
like I, crypto lockers in its, I don't remember, fifth, sixth version maybe. Like, it's been around for a while.
So yeah, so they're generally custom-written, shared amongst specific groups.
Right, and if they're not custom-written?
Yeah, or they're copycats.
So they're clones of this original good idea, if you want to say it's a good idea,
but appears to make organized crime millions and millions of dollars,
so I guess it's good to some people.
Okay, so do you pay these people?
Well, I think the general consensus is yes.
Like, I think the FBI pays them.
I know a sheriff's department in the States paid them, which we talked about in the opening.
Hospitals have paid them.
It's really do or die.
So I think you have to make a personal decision of whether what they have of yours is worth what they want you to pay for it.
So if it's the operating spreadsheets for your business, and it would cost you hundreds of thousands of
thousands of dollars to pay to get them back, or you could just give them $1,500.
I think the economic utility of that statement speaks for itself.
It is distinct from a classic hostage situation in that they don't have a person that they're
responsible for at the end of this.
The data is on your computer, it's just encrypted.
So it doesn't really matter to them one way or another whether or not you pay it.
If you decide not to pay, you're just out your data and they're still out there in the world.
Nothing bad has happened to them.
Yeah, and I think there's some.
organizational structure behind that too where it's like there's call centers for a lot of the big
organizations that do this so you're completely removed the person who is in charge of writing the code
isn't probably the person who's in charge of having it deployed who isn't the person who's in charge
of communicating with the hostages you know it's it's you're so far removed from it you're just a
call center worker at some point and you know it's not on you you know you're not the one deciding
someone's life like you would be if you were truly holding someone hostage.
So it's got levels of insanity and that are also levels of brilliance depending on what
lens you're looking through.
It's taking the skills of hacking instead of being one phase and along con to use that
term we used earlier, it's using them as a resource in starting up a business.
And I feel like that's what's different about it, at least that's what feels different about it.
Yeah, it is, you know, petty level crime activity for profit.
It is organized crime in the 21st century.
I think it's worth asking, you're not willing to pay.
Is there anything you can do to get this information back, or is it just lost to the world?
Depends.
So some of them aren't using strong enough encryption that people can actually reverse-engineer the encryption.
So some of them, and I don't know the exact ones
or I would use them by name,
but some of these different ransomware versions,
if you have some of your original files
and can feed in the encrypted version
and the exact same version as an original,
so maybe from an email or from a backup,
it can actually figure out the decryption key
and then you can decrypt your stuff.
But most of the modern versions, no.
It's heavy encryption.
and it's gone.
I think it's tough because in that moment
I would be so angry
and I would be so upset
even if it is just X amount of dollars
for my data back.
I'm so angry with these people
I don't want to give them money.
Yeah, but they get you in the hook
because they target specific file types,
notably images, spreadsheets,
Word documents.
So imagine if you, you know,
we're writing a book,
keeping photo diaries
of all your family,
you know,
and as all photos
have pretty much gone digital
at this point.
all of your memories.
You know, what are these things worth to you?
Are they backed up to the cloud?
Better question, was your cloud hit with ransomware?
Because that's another major problem.
What exactly happens when your backup gets infected?
Yeah, so think about something like Google Drive
or Apple Eye Cloud Drive, Dropbox.
These are services that keep files local
on your computer, but then they replicate and sync to essentially a virtual hard drive in the sky.
So if your files become encrypted on the local version and they sync to the virtual hard drive
in the sky, assuming there isn't version control, all of the files in the cloud are now the
encrypted versions, not the original versions. So a lot of these little services like Dropbox
have the ability to kind of look through some versions, hopefully.
But for major corporations, this becomes a huge issue.
Because you get something called hotsight backups,
so a lot of big companies will have their entire technical infrastructure
replicated at a separate server farm.
So if something happens, you know, the infrastructure immediately swaps over.
So imagine you're building with your server farm burns down.
It's kind of okay because the server farm exists in another place.
and the data is kept in sync in real time,
which is why it's called a hot site.
It's not a cold site where they have to show up
and turn the servers on and rebuild the data.
It's live.
So major, major companies will have this,
but the issue is,
is that if one site gets hit with a ransomware,
it'll real-time sync to the hot site swap.
So you're getting this, like, enterprise-level headache.
You've spent millions of dollars to have this second,
And technological infrastructure set up for you.
But it can be ruined in a heartbeat.
At that point, you're just paying someone to back up a virus
that has compromised your system.
Right.
Well, if you think about it, something like a fire,
like a traditional hazard,
you know, a building burns down
and it's a huge incident,
but can be less destructive to a company than ransomware can be.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th, diving to the most
impactful breaches of 2025. Their field CTO and security leaders are going to unpack not just
what happened, but why these attacks succeeded. And most importantly, what businesses can do to
fortify their defenses for it's too late. You're going to walk away with real insights into how
threat actors are evolving, how defenders are responding, and what strategies can help you
stay ahead of the next big breach. It's not fearmongering. It's practical, actionable,
intelligence from experts in the trenches. Register now at arcticwolf.com slash hackt.
So that's when the ransoms start to get out of control.
If they get into an infrastructure and encrypt an entire enterprise,
databases, accounting software, every operational document, versions, logos, you name it.
Imagine it all gone.
Everything in public drives.
And that you drive that you have at work, everything is gone.
These people that are sending this software out, they send it out en masse.
They try and get as many people infected as they can.
Do they know when they've gotten that massive corporation whose information is worth millions versus your aunt with a couple of photos that's only willing to pay maybe a couple hundred bucks for it?
Yeah.
I don't know the ins and outs of the technology enough to know exactly how it does, but I assume it's based on volume.
Because the first thing it does, like if it hits your work computer, the first thing it does is it looks not only at what's on your computer, but what's on the network that it can reach.
So it starts to spread through the network.
So imagine a big company where you've got thousands of computers maybe accessible over the network or sharing files back and forth.
And they're literally just sharing the ransomware back and forth.
Okay, so how do you defend against this either as an individual or as an organization that has this massive network of connected computers?
It's tough.
the way, like, there's no, man, I don't even know what to say to that.
There's no level of organization that's really figured out how to avoid it.
Like it hits everybody.
I know one of the things that's becoming more common is like a sandboxing system.
So that the second you download any file or any file downloads on your computer,
it kind of lives inside of a little small virtual machine on your computer
so that you kind of get to run it in there and,
ensure that it works.
So it won't have access to any
files, any other files on the hard drive.
It won't have access to the network.
It won't have any access to that stuff
until it's been proven clean,
which at that point it can come out.
But, you know, those are expensive
enterprise-level systems.
I'm sure there are other things
that I'm not super familiar with them.
If anybody knows any, feel free to tweet them at us.
And what about for an individual?
Be smart.
Same old, same old comes down to being smart.
But then again, to go back to
propagation. I can't remember exactly who it was, but I think it was an FTP client for OSX.
Somebody had hacked their server so that if you downloaded the installer over the course of
like one week inside of that installer, it also installed ransomware.
Like it's, you know, as the more walls you put up, the more clever people become, and it seems
people keep becoming more and more clever. So I don't know if the best way to protecting it is just
is to just keep your wits about you when you're doing stuff.
Which is kind of the exact opposite way of how people actually interact with computers now.
We're becoming way more trusting even as things get theoretically a lot more dangerous.
I think that's the game now.
The more trusting that the end user becomes more field they've created for the hackers to play.
So last episode we mentioned having some potentially...
What's a good way to get into this?
Last episode we mentioned some of the delays.
and some other things that were going on
that we were trying to get going
to kind of allow us to do more of this.
We were very, very hush-hush about it,
but the press release has kind of gone out,
so it seems like we can probably talk about it.
Yeah, so we...
Why don't you just read the press release?
Sure. Let's just read the press release.
Network Media Group Incorporated
is pleased to announce
it has acquired the exclusive right
to adapt the iTunes podcast hacked
as a television series.
Created by tech entrepreneurs and storytellers,
Scott Francis Wynder and...
Jordan Blumen.
The Hacked podcast explores the curious, enlightening,
and occasionally criminal underbelly of the Internet.
With the podcast currently attracting tens of thousands of followers
for each new installment,
network and the hacked creators will expand the scope and scale of the storytelling
to bring its legions of podcast followers,
that's you guys,
an even bigger payoff with a deeper dive into the mirror,
of mysteries and other compelling stories lurking in the online world.
We're the worst.
We just read our entire press release.
That is not the entire press release.
No, that's the first paragraph.
But anyway, so we might make a TV show.
That's what we're working on.
It doesn't mean that we're going to get to make it,
but it means that some very, very nice people want to try and make it.
So hopefully that was worth the big old delay between the last batch of episodes.
We're super ecstatic about it, truthfully.
Jordan and I would love to make a TV show, and this seems like a great TV show to make.
But in the meantime, we're going to keep trying to make podcast episodes.
Yeah, and if you happen to be a person that works at a major T-Elevision network that wants to buy a TV show, then you should buy ours.
And on that note, my name is Jordan Blumen.
And I'm Scott Winder.
Thanks for listening to this episode, The Fact.