Malicious Life

By Cybereason

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Technology

Open in Apple Podcasts

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 1830
Reviews: 6

 Oct 15, 2021

 Aug 6, 2021

Martin Zalcman
 Jun 20, 2021
If you see a lot of 5 star reviews its because the host of this show offers free t-shirts in exchange for them

 May 25, 2021
great stories and interesting perspective narrator can be difficult to follow, but that's my problem not his

 Jan 10, 2019
Gripping stories well told and a lot of food for thought.


Malicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.

Episode Date
“Ransomware Attackers Don’t Take Holidays” [ML BSide]
Last month, in November of 2021, Cybereason - our show’s sponsor - released a special report titled: “Organizations at Risk: Ransomware Attackers Don’t Take Holidays”, focusing on the threat of ransomware attacks during weekends and holidays. Nate Nelson, our Sr. producer, talked with Ken Westin, Cybereason’s Director of Security Strategy, about why attackers love holidays and weekends, and why ransomware attacks during these times are so effective and dangerous.
Dec 06, 2021
Tay: A Teenage Bot Gone Rouge
In March, 2016, Microsoft had something exciting to tell the world: the tech giant unveiled an AI chatbot with the personality of a teenager. Microsoft Tay - as it was nicknamed - could tweet, answer questions and even make its own memes. But within mere hours of going live, Tay began outputting racist, anti-Semitic and misogynist tweets.
Nov 30, 2021
Wild West Hackin’ Fest [ML BSide]
The Wild West Hackin’ Fest is a unique security conference. Not only because it's held in South Dakota and not only because of the Wild West visual vibe - but also because of the emphasis it puts on diversity and lowering the entry barriers for people who wish to join the world of information security. Eliad Kimhy talks to John Stand, one of the conference's founders.
Nov 23, 2021
Operation Flyhook, Part 2
To capture Alexey Ivanov and his business partner and bring them to justice, the FBI created an elaborate ruse: a fake company named 'Invita', complete with a fake website and a fake office building. Ray Pompon, a security professional, was brought in as an 'evil security consultant", to convince Alexey to demonstrate his hacking skills on a pre-arranged honeypot...Alexey came up with a 'brilliant' idea: hacking American corporations, and then blackmailing them - forcing them to hire his services as a 'security consultant.'
Nov 15, 2021
IP Hijacking [ML BSide]
by China Telecom and routed through China. In 2017, traffic from Sweden and Norway to a large American news organization in Japan was hijacked - also to China - for about 6 weeks. What is IP Hijacking (a.k.a. BGP Hijacking), and what are its security implications? Nate Nelson talks to Dr. Yuval Shavitt, from from Tel Aviv University‘s Cyber Research Center.
Nov 09, 2021
Operation Flyhook, Part 1
Alexey Ivanov was exactly the kind of person to benefit from the early-2000's dot-com boom: He was bright, talented, and knew his stuff. His only problem was the fact that he was born in Chelyabinsk, a sleepy Russian town in the middle of nowhere…when he sent his resume to American companies, nobody was willing to bet on him. Alexey came up with a 'brilliant' idea: hacking American corporations, and then blackmailing them - forcing them to hire his services as a 'security consultant.'
Nov 01, 2021
In Defense Of The NSA [ML B-Side]
The NSA is one of the world's most formidable and powerful intelligence agencies. Some people fear that the National Security Agency’s advanced capabilities would one day be directed inwards, instead of outwards. Are those fears justified? Is the NSA more dangerous than it is useful? Nate Nelson spoke with Ira Winkler, who started his career at the NSA.
Oct 26, 2021
Marcus Hutchins: A Controversial Hero
In May 2017, Marcus Hutchins - AKA MalwareTech - became a hero for stopping WannaCry, a particularly nasty ransomware that spread quickly all over the world. Yet his fame also brought to light his troubled past as the teenage Black Hat hacker who created KRONOS, a dangerous rootkit. Should a criminal-turned-hero be punished for his past crimes?…
Oct 18, 2021
Operation GhostShell [ML B-Side]
In July, 2021, Nocturnus - Cybereason’s Threat Research and Intelligence team - was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies, mainly in the Middle East. Their investigation resulted in the discovery of a new threat actor that has been operating since at least 2018, and new and sophisticated malware that abuses Dropbox. Nate Nelson, Our Sr. producer, spoke with Assaf Dahan - senior Director and Head of Threat Research at Nocturnus - about the investigation. Find the full report about "Operation GhostShell" at:
Oct 11, 2021
Smart TVs: A New Battlefield
Smart Homes are slowly but surely becoming a part of our everyday lives, and so far it seems that Smart TVs - equipped with microphones, cameras, and an internet connection - are the weakest link. What are the current and potential threats against smart TVs - and is a person's smart home, still his castle?...
Oct 04, 2021
The MITRE ATT&CK Framework [ML B-Side]
In some ways, cyber security is like Art - and that’s not a good thing… MITRE’s ATT&CK framework tries to make sense of the collective knowledge of the security community, and share that knowledge so that cyber defence become less an art form, and more about using the correct tools and technique. Nate Nelson, our Sr. producer, talks with Israel Barak - Cybereaon’s CISO and a regular guest of our podcast - about MITRE ATT&CK, and how it can help your organization stay safe.
Sep 27, 2021
Should The U.S. Ban Chinese and Russian Technology?
Every year, seemingly, there’s a new story of some software - like 'Tik Tok' or 'FaceApp' - from a hostile country that may or may not be a security threat to us in the west. So what should be done in cases like this? What if the U.S. just banned all technology from Russia and China? Is it a good idea? Is it even possible?
Sep 20, 2021
Jack Rhysider, Darknet Diaries [ML B-Side]
Darknet Diaries, Jack Rhysider's show, is the most popular cyber security podcast - and one of the most successful tech podcasts in the US in general. Eliad Kimhy spoke with Jack about the origins of Darknet Diaries, his heroes and role models, and the effect the show’s success has had on his personal life - which, you might be surprised to discover, wasn’t always 100% positive.
Sep 13, 2021
The Tesla Hack
It's every company's nightmare: a mysterious stranger approached an employee of Tesla's Gigafactory in Nevada, and offered him 1 million dollars to do a very simple job - insert a malware-laden USB flash drive into a computer in the company, and keep it running for 8 hours.
Sep 06, 2021
Understanding China [ML B-Side]
Lt. Colonel (Ret.) Bill Hagestad talks to Nate Nelson about how China's culture and troubled history of western colonialization influence its goverment views and actions regarding the global internet, and its interactions with western technology companies such as Google and Nortel.
Aug 30, 2021
John McAfee
What do you get when you take a hypersexual, drug enthusiast gun-toting paranoid - and add some serious amounts of money to the mix? You get a life so bizarre, so unbelievably extreme, that people will tell its story even after you’re long gone. Murder, rape, drugs, lies and a possible Dead Man's Switch... it's all part of John McAfee's story.
Aug 23, 2021
RSA Breach FollowUp: Are We Doing Security Right? [ML B-Side]
Nate Nelson talks to Art Coviello, Former CEO of RSA Security, and Malcolm Harkins, Vice President & Chief Security Officer at Intel, about the current cyber security landscape - 10 years after the RSA Breach.
Aug 16, 2021
DeadRinger [ML B-Side]
Nate Nelson talks to Assaf Dahan, Sr. Director and Head of Threat Research at Cybereason’s Nocturnus team about a recent attack they uncovered, on multiple major Telecommunication companies.
Aug 10, 2021
The Jester
The Jester is a patriotic, pro-American Hacktivist that since 2010 has waged a personal cyberwar against an array of targets he considers to be “the bad guys.” But detractors have insinuated that some of the Jester's operations were little more than internet sleight-of-hand. So, who is The Jester and what can we make of his reported exploits?
Aug 03, 2021
The State of Credit Card Security [ML B-Side]
In 2005, when Albert Gonzalez was hacking his way into the networks of many retail chains in the US, credit cards were still very insecure: magnetic stripes and signed receipts did little to stop smart hackers such as Gonzalez and his crew. Sherri Davidoff talks to Nate Nelson about the past and present state of credit card security.
Jul 26, 2021
Albert Gonzalez, Part 3
In early 2007, a Secret Service agent operating out of San Diego takes a flight halfway across the world. He’s going to meet with Europe’s most prolific stolen card salesman. It is this meeting that will be the beginning of the end for Albert Gonzalez and his 'All Star' crew of hackers, international businessmen and mules.
Jul 20, 2021
DerbyCon – Dave Kennedy [ML B-Side]
DerbyCon was all about making the community - a family. Dave Kennedy, one of the founders of DerbyCon, talks about the unique vibe of the conference, his fear of clowns, and why he'll never - NEVER - listen to a Busta Rhymes album again.
Jul 13, 2021
Albert Gonzalez, Part 2
Working with the Secret Service, Albert Gonzalez was outstanding. He was such a good employee, in fact, that they had him do seminars, and speak at government conferences. At one point he met personally with the then Director of the Secret Service. Albert gave a presentation, and got to shake the man’s hand. It’s a remarkable redemption story, you’d have to say. There was just one caveat. You see, Albert Gonzalez went from stealing millions of credit cards to quarterbacking the largest cyber crime bust in U.S history. And then? He went back to the Dark Side.
Jul 07, 2021
Jeff Moss: DEF CON [ML B-Side]
Jeff Moss, founder of the DEF CON Hacker convention (and also the BlackHat convention), talks to Eliad about the origins of DEF CON, its "interesting" relationship with law enforcement agencies, and some of the notable shenanigans the conference attendees pulled off over the years...
Jun 28, 2021
Albert Gonzalez, Part 1
It was as a teenager that Albert Gonzalez--one of the few greatest cybercriminals in history--developed the obsession that would go on to ruin his life. Gonzalez and some of his friends would go on to pull off some of the most remarkable crimes in the history of computers - but they just didn’t know when to stop. If they did, they might have gotten away with it. They might not have ruined their lives.
Jun 21, 2021
The History of THOTCON Hacking Conference [Malicious B-Side]
THOTCON is not your ordinary, run-of-the-mill security conference - and it's even obvious from the moment you browse their website. How did a local, small-scale event in Chicago, grow to become a major cybersecurity conference, and what is its connection to The Matrix movie? Producer Eliad Kimhy talks to Nick Percoco and Jonathan Tomek, two of THOTCON's founders.
Jun 15, 2021
China’s Unrestricted Warfare, Part 3
For more than a decade, China orchestrated a sophisticated espionage campaign against Nortel Networks, using Huawei, Chinese civilians working in Canada, and even organized crime gangs to steal important technical and operational information. When Nortel finally fell, the Chinese were there to reap the rewards of their death.
Jun 08, 2021
Colonial Pipeline & DarkSide: Assaf Dahan [B-Side]
On Friday, May 7th, 2021, Colonial Pipeline suffered a cyberattack that forced the company to shut down its operations. As a result, gasoline outages were reported in many East Coast states. The entity behind the attack is a criminal group known as DarkSide. Nate Nelson, our Sr. producer, spoke with Assaf Dahan - Head of Threat Research at Cybereason - about the Colonial Pipeline attack: how & why it happened, and its implications - both for the security of critical infrastructure in the US, and for the criminal underworld of Ransomware groups. That last one is particularly interesting, since it seems that the Colonial Pipeline attack has set off a somewhat unexpected trend on the dark web.
Jun 01, 2021
RSA Breach, Part 2
In the wake of RSA's disclosure of the breach, the company cyber analysts chose not to boot the attackers of their network - but followed their activities closely, trying to figure out their identities and motives. For the first time since the actual breach, a decade ago, we'll get the (surprising) answers to those questions - and more.
May 24, 2021
RSA Breach: The Untold Story, Part 1
In the early 2000s, Nortel was consciously, intentionally, aggressively positioning itself as a partner and a friend of China. At the same time, it was China's number one target for corporate espionage - and an early victim of its new 'Unrestricted Warfare' doctrine.
May 20, 2021
China’s Unrestricted Warfare, Part 2
In the early 2000s, Nortel was consciously, intentionally, aggressively positioning itself as a partner and a friend of China. At the same time, it was China's number one target for corporate espionage - and an early victim of its new 'Unrestricted Warfare' doctrine.
May 11, 2021
The History of Security BSides Conferences with Jack Daniel [ML B-Side]
Security BSides - or just 'BSides', for short' - is the first grassroots, DIY, open security conference in the world - with more than 650 events in more than 50 countries. Jack Daniel, one of BSides' founders, recalls how the conference started, and what do such 'community-oriented' events contribute that other events often cannot.
May 04, 2021
China’s Unrestricted Warfare, Part 1
Back in the 1990s, Cyberwarfare was a word rarely used in the West - and definitely unheard of in China, which was just taking it's first steps in the Internet. Two Chinese military officers, veterans of the semi-conflict with Taiwan, helped shape the role of cyber in modern warfare in China and beyond.
Apr 27, 2021
Can Nuclear Power Plants Be Hacked?
Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, speaks to Sr. Producer Nate Nelson about the cybersecurity of Nuclear facilities. How protected are modern nuclear power plants?
Apr 19, 2021
Shutting Down The Internet in 30 Minutes: Chris Wysopal [ML B-Side]
Chris Wysopal, a cyber security pionneer and one of L0pht's founding members, talks about the group's 1998 testimony in the Senate, how they used shaming to force cooporations to fix their software, and the (not so fortunate) consequenses of the sale to @stake.
Apr 12, 2021
‘L0pht’, Part 2 – The End
In the early days, the L0pht guys tinkered with what they already had laying around, or could find dumpster diving. But things change, of course. By the end of the ‘90s many of the L0pht hackers had quit their day jobs, incorporating under the name “L0pht Heavy Industries”, and moving into a nicer space, the “new L0pht.” Seven days after Y2K, they merged with @stake, an internet security startup. It was a signal that hacking wasn’t just for the kids anymore.
Apr 05, 2021
The Story of ‘L0pht’, Part 1
'L0pht', or 'L0pht Heavy Indutries', was one of the most infuencial hacker collectives of the 90's: it's members were even invited to testify infront of the Congress on the current state of Internet security. In this episode, four L0pht's founding members - Count Zero, Weld Pond, Kingpin & Dildog - talk about the begining and influence of the L0pht on cyber security.
Mar 30, 2021
The MS Exchange Hack [ML B-Side]
Israel Barack, Cybereason's CISO and an expert on cyber-warfare, on the recent MS Exchange hack that hit thousands of organizations worldwide: what happened, what were the vulenrabilites expolited in the attack - and what can we do to defend against such attacks in the future.
Mar 22, 2021
NotPetya, Part 2
When the NotPetya pandemic hit, Cyber Analyst Amit Serper was sitting in his parents' living room, getting ready to go out with a few friends. He didn't have most of his tools with him, but he nonetheless took a swipe at the malware. An hour later, he held the precious vaccine.
Mar 15, 2021
NotPetya, Part 1
On June 28th, 2017, millions of Ukranians were celebrating 'Constitution Day.' Their national holiday turned into a nightmare, as tens of thousands of computers all over the country were infected by a mysterious malware. By that afternoon, the cyber-pandemic was already going global.
Mar 01, 2021
Facial Recognition in Law Enforcement, Pt. 2
It seems likely that legislation alone won't be able to regulate the widespread use of facial recognition. Andrew Maximov, who uses AI to fight Belarus's dictatorship, shows us another way facical recognition can be used - this time for us, instead of against us.
Feb 16, 2021
Should Law Enforcement Use Facial Recognition? Pt. 1
There are plenty of reasons why Police should use AI for facial recognition: after all, Humans are notoriously bad eye witnesses. However, placing AI in the hands of law enforcement does have its dangers - due to the limitations of the technology itself, and the biases of the officers who use it.
Feb 03, 2021
Clearview AI
Clearview AI scrapes billions of images off social media and the open web, applies facial recognition algorithms on them - and sells that data to law enforcement agencies all over the world. But who are the people behind this secretive company, and what did a breach into its databases reveal?
Jan 21, 2021
Breaking Into Secure Buildings
FC, aka 'Freaky Clown', is an expert in "Physical assessments" - otherwise known as breaking into ultra-secure office buildings. FC shares some of his (incredible) adventures, as well as some tips and tricks on how to protect your organization's HQ from hackers such as himself.
Jan 07, 2021
Special: The SolarWinds Hack
Ran talks to Israel Barak, Cybereason's CISO and a Cyber-defense and Warfare expert, about the recent SolarWinds hack that impacted upto 18,000(!) enterprise organizations in the US. What is a Supply Chain Attack, how can organizations defend against it - and what does all this have to do with Evolution and Natural Selection?...
Dec 28, 2020
100th Episode Special
For our 100th episode, we bring you three stories that tie in to previous episodes of the show: Shadow Inc. (Election Hacking), J&K (Max Headroom) and T-Shirt-Gate (Yahoo's Ugly Death). Enjoy :-)
Dec 21, 2020
Jan Sloot’s Incredible Data Compression System
In the mid-90's, a Dutch TV repairman claimed he invented a revolutionary data compression technology that could compress a full-length movie into just 8KB.
Dec 07, 2020
Op. GUNMAN & The World’s First Keylogger
In 1983, the US got word that an ally's embassy - probably France's - was bugged by the Soviets. This reports triggered Operation GUNMAN: a complete removal & de-bugging of *all* electronic devices in the US embassy in the USSR. This secretive operation resulted in a surprising discovery - and made the NSA what it is today.
Nov 22, 2020
Election Hacking, Part 2
Georgia's elections infrastructure had been hacked multiple times since 2014 - both by Russian Intelligence and local White Hat hackers. The upcoming elections are plagued with uncertainty - and uncertainty and democracy go together like wet hands and electrical outlets.
Nov 03, 2020
Election Hacking, Part 1
Today we’re talking about just one state. One which, depending on which way it leans, might bring the entire electoral college with it. One which, as of this writing, is absolutely, positively, neck and neck. Dead heat. A few votes one way or the other could swing it. In other words: this is the kind of state that cannot afford to be hacked. But might be.
Oct 22, 2020
MDR Vs. The TrickBot Gang
About a year ago, Cybereason's Managed Detection and Response team (aka MDR) stumbled upon a attack involving Russian cybercriminals, POS devices and an entire new family of previously undiscovered malware.
Oct 12, 2020
Yahoo’s Ugly Death, Part 2
Between 2010 and 2014, Yahoo was hacked numerous times - each time setting a new 'world record' for the largest data breach in history. It also hid those breaches from it's investors, customers and the SEC.
Sep 25, 2020
Yahoo’s Ugly Death, Part 1
When Marissa Mayer joined Yahoo as CEO, the company's stock rose 2% the day of the announcement. But the new CEO was basically initiated into her job by a major data breath - and the worst was yet to come.
Sep 11, 2020
The Great Firewall of China, Pt. 2: Cisco’s Trial
Falun Gong is a religious movement heavily persecuted in China. In 2017, members of the movement sued Cisco Systems for aiding and abetting the Chinese government in this persecution - since Cisco helped China erect 'Golden Shield'": the massive Chinese IT infrastructure project which combined internet censorship and pervasive Chinese state cyberspying.
Aug 27, 2020
The Great Firewall of China – Part 1
The Great Firewall is just mind-bogglingly big, repressing freedom of speech and information for over 800 million Chinese internet users every year. The Great Firewall is so big that it’s worth asking: how did the Chinese manage to build it in the first place? 20 years ago, our info-sec technology was much less advanced than it is today. China was a second-rate technology power, not even comparable to their position today. Most of all: a firewall, like the one they proposed, had never existed before--or, for that matter, since. How, then, did they pull it off?
Aug 14, 2020
Multi-Stage Ransomware (Live!)
Ran & Israel Barak, Cybereason's CISO, discuss the latest development in ransomware evolution: multi-stage attacks in which the attackers infiltrate the target network, steal data and gather intelligence - before detonating the ransomware to cause maximal denial-of-service to the victim organization. What does this new tactic mean for the use of backups as a mean to mitigate the risk from ransomware? This episode was recorded live on July 29th, 2020.
Aug 02, 2020
Protecting The “Panama Papers” Whistleblower
In 2015 Bastian Obermayer, an investigative journalist for the Süddeutsche Zeitung, received a message every journalist dreams of: the biggest leak in journalism history. But dealing with the massive 2.7 Terabyte data-dump, 11.5 million documents - while making sure his source's identity could not be uncovered, turned out to be a huge challenge.
Jul 16, 2020
From Ransomware To Blackmail, With Assaf Dahan
Hackers keep modifying and improving their methods of operations. Assaf Dahan, Sr. Director and Head of Threat Research at Cybereason, tells us about the recent shift to Blackmail - as a way to pressure Ransomware victims to pay the ransom.
Jul 07, 2020
SegWit2x, Part 3
On August 1st, 2017, Bitcoin forked. But it wasn't the SegWit2x fork everyone was talking about - It was a different fork, supported by a coalition of miners who, in doing what they were doing, were essentially ditching SegWit2x in favor of their own scaling solution. What happened here? Who betrayed SegWit2x?
Jul 03, 2020
SegWit2x, Part 2
SegWit2x was proposed as a solution to Bitcoin's network problems - but some people in the anti-2x movement claimed that it is nothing less than a cyber-attack: a 51% attack on Bitcoin, to be precise. This is getting ugly.
Jun 19, 2020
Hacking Fortnite Accounts (CPRadio)
A black market economy has developed around Fortnite's in-game currency. Cyber criminals are hacking user accounts, juicing credit cards, and selling virtual currency for real-life dollars and cents. To ensure fun and safety for players, the cycle must be stopped.
Jun 11, 2020
SegWit2x, or – The Year Bitcoiners Will Never Forget, Part 1
In 2017, Bitcoin was winning. Money, attention, success poured out of every seam. It appeared that a golden age had dawned. But just under the surface, the network was teetering on the verge of collapse. Technical problems that were just nuisances when the community was small now became glaring and potentially lethal. Debates among tight communities of knowledgeable users and developers ballooned into full-on internet wars. Factions hardened. Heroes became enemies of the people.
Jun 04, 2020
No Honor Among Thieves
Amit Serper was doing a routine inspection on a client's network, when he came across a suspicious-looking pen-testing tool, exhibiting RAT-like behavior. We'll follow Amit's investigation, and in the process learn the basics of cyber research.
May 22, 2020
Cybersecurity during a crisis: how remote work has impacted security – With Sam Curry
The COVID19 pandemic forced organizations to transition to a work-from-home model - and many of them were unprepared for such a radical departure from the ‘normal’ security perimeter. Sam Curry, Cybereason's CSO, talks to Ran about the lessons learned from COVID19, and what steps should Cyber Security professionals take in order to be ready for a future outbreak.
May 14, 2020
The Problem With Passwords
At the end of our last episode, it kind of seemed like Huawei--the Chinese telecommunications company accused of aiding in state cyberspying--was completely innocent. They were being accused of crimes they may not have committed, based on evidence that largely did not exist. The conspiracies around them seemed unfair at best, malicious at worst. But there’s another side to this story, of course. Huawei didn’t end up on people’s radars for no reason. They’ve earned their notoriety.
May 08, 2020
The Huawei Ban, Part 2
At the end of our last episode, it kind of seemed like Huawei--the Chinese telecommunications company accused of aiding in state cyberspying--was completely innocent. They were being accused of crimes they may not have committed, based on evidence that largely did not exist. The conspiracies around them seemed unfair at best, malicious at worst. But there’s another side to this story, of course. Huawei didn’t end up on people’s radars for no reason. They’ve earned their notoriety.
Apr 23, 2020
The Huawei Ban, Part 1
Over the past 20 years, western governments have accused Huawei of everything from IP theft to financial fraud to cyber spying. Often, these claims are made either with no evidence, or only circumstantial evidence. Is Huawei really a national security threat, or are they a political scapegoat?
Apr 09, 2020
The Max Headroom Signal Hijack
On November 22nd, 1987, a hacker took over the signals of two Chicago-area TV stations and broadcast two bizarre and somewhat vulgar messages. In this episode we explore this notorious hack, and its implications on the nature of hacking in general.
Mar 24, 2020
ToTok, Part 3: Becoming a Spyware Superpower
The fact that ToTok came out of the United Arab Emirates is no surprise: in recent years, the UAE has deployed some of the most sophisticated mobile device exploits ever seen. But they got a lot of help from one country in particular... today’s episode is about the UAE. But it’s really about the Americans.
Mar 15, 2020
ToTok, Part 2: The Masterminds of Mobile Malware
The corporate structure supporting ToTok involved at least half a dozen real companies, shell companies and intelligence groups, with the individuals who actually operated the app being hidden behind other individuals given sinecure jobs and ponied around to the public as the supposed developers. Ultimately, though, every path that begins with ToTok ends with one very rich and powerful man at the heart of the Emirati state. His name is Sheikh Tahnoon bin Zayed al-Nahyan.
Mar 10, 2020
ToTok, Part 1: How to Convince Someone to Download Spyware
Only a few months after its release, ToTok - an ordinary messaging app, with no exceptional features - had over five million downloads, and held the number 4 position in Apple's App Store global charts. So what was it that made ToTok so popular, so quickly? The answer: nothing good.
Mar 05, 2020
How To Defend A Bank, Part 2: Right Of Bang
As much as we can imagine what it’s like to be a defender in a cyber-conflict, we don’t really know what it is - unless we’re in the shoes the time of it happening. That's what simulations are for.
Feb 27, 2020
How To Defend A Bank, Part 1: Fusion Centers
Banks & other financial institutions face a variety of security threats: from state-sponsored cyber-attacks, to smaller acts of fraud, to thousands of random malware attacks from the web. To survive in this hostile landscape, these organizations turned to the military for inspiration.
Feb 13, 2020
Triton, Part 2: The World’s Most Dangerous Malware
Petro Rabigh were facing lots of problems in defending their systems. But they did get lucky in one sense: their hackers were unprepared when their plan went awry. Who were the hackers that infiltrated the Saudi petrochemical plant, and what can this breach teach us?
Jan 30, 2020
Triton: A Malware Designed To Kill Humans, Part 1
Industrial Security requires a different skill set--really, an entirely different mindset than working in IT does. In this episode we dive into the story of one of the most dangerous malware ever to be discovered in the wild: Triton/Trisis.
Jan 16, 2020
Deep Fakes, Part 2: Man Vs. Machine
Deep Fakes are set to revolutionize content creation, but alongside this technology's benefits, it also has the potential two sow havoc, fear, and distrust via Social Networks. Just this week, Facebook disclosed a network of fake users it found, whose profile images were all deep faked. So, how can we identify deep fakes - even before they go online?
Jan 02, 2020
GAN and Deep Fakes, Part 1
Over the past two years, the internet has been inundated with celebrity Deep Fake videos of all kinds: Obama, Putin, and Trump deliver speeches they never gave, Gal Gadot "stars” in a porn video, and professional comedians such as Bill Hader eerily turn into the people they impersonate, like Tom Cruise and Arnold Schwarzenegger. What all of these videos have in common is that they were mostly created by amateur developers or small startups with tight budgets - but their quality is surprisingly good, and in some cases as good as what the biggest movie studios were able to produce with huge budgets just a few years ago. So what happened in the last five years, that turned special effects from being the exclusive domain of industry experts - into something a 14-year-old can create more or less at the touch of a button? Like the top end of a floating glacier, Deep Fakes are by and large only the visible product of a fascinating - and much deeper - technological revolution in the field of artificial intelligence. As we shall soon see, this revolution has the potential to put some very powerful tools in the hands of both attackers and defenders in the world of cyber-security.
Dec 19, 2019
Sam Curry: The 2020 Crystal Ball
Sam Curry is Cybereason's Chief Security Officer and an award-winning cyber security visionary. Sam & Ran discuss Sam's upcoming webinar, in which he will present his insights into what 2020 will bring for the security industry: the rise of 5G cellular networks, The US Presidential Elections, the 2020 Tokyo Olympics and more.
Dec 10, 2019
Human Side Channels
Even the best hackers are human, and humans are inescapably unique. Forensic Linguistics, Behavioral Signatures and Cultural Captchas can help defenders identify and (maybe) catch even the best of hackers.
Dec 05, 2019
What’s the problem with Cyber Insurance?
Thousands of companies are losing millions of dollars to cyber attacks. An insurance seems an ideal solution to their woes - yet this kind of insurance is much less common today, than it should be. What's the problem with Cyber insurance?
Nov 21, 2019
Gozi B-Side: Amit Serper & Sam Curry
Nate Nelson speaks with Amit Serper & Sam Curry, notable veteran in Cyber Security, about Malware-As-A-Service, bullet-proof hosting, avoiding the lure of the 'dark side' and more.
Nov 19, 2019
Gozi, Part 2
In 2010, Nikita Kuzmin returned to the malware scene with Gozi 2.0, an improved version of the successful banking Trojan. How did Gozi 2.0 fair against Zeus & the new generation of Trojans, and what can we learn from Nikita's story about how does one become a malicious hacker in the first place?
Nov 14, 2019
B-Side: Lodrina Cherne On Stalkerware
In this out-of-band episode, we're bringing you the full interview with Lodrina Cherne, a Digital Forensics Expert, on Spyware : what is it, how it works, who sells it, and how you can avoid it yourself.
Nov 08, 2019
Gozi, Part 1: The Rise of Malware-as-a-Service
Nikita Kuzmin could have been a whiz programmer or a CEO of a successful startup. But as a teen in Moscow, he fell in with the wrong crowd, and his entrepreneurial skills found a different path: Gozi, the oddest and most brilliant malware operation ever conceived to that point in time.
Oct 31, 2019
How is Spyware Legal?
Today's Cyber Stalkers have free access to almost government-grade spyware software with which they can terrorize their victims. Who's enabling the commercial spyware market?
Oct 17, 2019
Listeners Survey Special
Ran and Eliad Kimhi, one of the show's top producers, discuss the recent Listener's Survey results: what do like and dislike about the show, ideas you gave us for future improvements - and what do our listeners think about Ran's accent?...
Oct 10, 2019
Operation Aurora, Part 2
Google, it turned out, was only one of 35 major US corporations hit in Aurora. Was is an espionage campaign, or could it be that it all began with one top ranking Chinese official who googled his own name - and wasn't happy with the search results?...
Sep 26, 2019
Operation Aurora, Part 1
In January 2010, Google revealed in its blog that it was hacked. This attack, since known as Operation Aurora, is attributed to China. In this series of episodes, we'll expose the complicated and often turbulent relationship between the world's largest internet company, and the world's most populated nation.
Sep 12, 2019
Responding to a Cyber Attack with Missiles
Is the use of deadly force a legitimate – and practical – response to cyber attacks? what lessons did Israel learn from the Yom Kippur War of 1973 about the best way to manage it’s offensive cyber units? How can governments ‘signal’ to their opponents their cyber power, without actually deploying cyber weapons? Join us […]
Aug 29, 2019
Are Ad Blockers Malicious?
Ad Blockers, such as AdBlock Plus, provide an important service to users who find web ads annoying, creepy and sometimes even dangerous. In recent years, how ever, the business models adopted by some blockers present us with a moral dilemma.
Aug 15, 2019
Can a malware be *too* successful? This is the story of Conficker, one of the most advanced worms in history - and how its success led to its ultimate failure.
Jul 18, 2019
Operation SoftCell
A rare, inside look, at how Cybereason's researchers were able to uncover one of the largest Cyber Espionage campaigns ever discovered, against multiple Telecommunications companies around the world.
Jul 04, 2019
‘Pa Bell’ Vs. Youth International Party Line
The YIPL phreaking magazine was the spiritual predecessor to the better-known '2600' zine, and it was founded by a ideological party determined to bring down the largest monopoly in US history: Bell Telephone.
Jun 13, 2019
The U.S vs. Gary McKinnon
After the Challenger Disaster of 1986, NASA had a hard time convincing the public that the Galileo spacecraft, fueled by radioactive Plutonium, is safe to launch. The WANK worm, it turns out, was a message aim at NASA - from the two most powerful hackers in the world.
May 27, 2019
The WANK Worm, Part 2
After the Challenger Disaster of 1986, NASA had a hard time convincing the public that the Galileo spacecraft, fueled by radioactive Plutonium, is safe to launch. The WANK worm, it turns out, was a message aim at NASA - from the two most powerful hackers in the world.
May 10, 2019
The WANK Worm, Part 1
On October 16th, 1989, NASA's scientists went into work preparing to launch a spacecraft that very day. But when they sat down to their computers, they were met with an unexpected greeting: “Your system has been officially WANKed. You talk of times of peace for all, and then prepare for war.”
Apr 25, 2019
The Equifax Data Breach Pt. II: The Bits Hit The Fan
After its momentous breach, Equifax's CEO Richard Smith said: “Equifax will not be defined by this incident, but rather by how we respond.” Well, he was spot on, but not in a good way.
Apr 11, 2019
The Equifax Data Breach Pt. I: A Big Data Bubble
In their 120 year history, Equifax never sold anything, or provided any service to ordinary folks - except collect DATA. In 2017, that huge data repository, a 1000 times larger then the Library of Congress, got hacked.
Mar 27, 2019
DeCSS: Hackers Vs Hollywood
Twenty years ago, a 15-years old Norwegian kid was put on trial for breaking the DVD Copy Prevention system. His case spawned a whole new "artistic" movement...
Mar 13, 2019
Marconi & The Maskelyne Affair
Guglielmo Marconi--the beloved, hated, disputed inventor of radio--gets trolled by a mustached magician in the world’s first ever, wireless, grey hat hack.
Feb 21, 2019
The Fall Of Mt. Gox – Part 2
In its prime, Mt. Gox was essentially the place where Bitcoin happened. But for two years, Mt. Gox was imploding from the inside - while soaring to unprecedented success on the outside. 
Feb 06, 2019
The Fall Of Mt. Gox – Part 1
In its prime, Mt. Gox was essentially the place where Bitcoin happened. But for two years, Mt. Gox was imploding from the inside - while soaring to unprecedented success on the outside. 
Jan 22, 2019
Dave Kennedy: The Psychological Principles of Social Engineering
Today on Malicious Life, tens of thousands of people get robbed.  Then a community gets together to ask: should we take our money back, or let the hacker walk with it?
Dec 25, 2018
The Ethereum DAO Hack
Today on Malicious Life, tens of thousands of people get robbed.  Then a community gets together to ask: should we take our money back, or let the hacker walk with it?
Dec 13, 2018
The Jerusalem Virus, Part 2
How did the Jerusalem virus trigger the birth of the entire Anti Virus industry in Israel? A high-stakes wager on Live TV, and more.
Nov 26, 2018
The Jerusalem Virus, Part 1
Although scary, the Jerusalem virus, discovered in Israel in 1987, was in fact a rather simple virus. How, then, did the virus trigger the birth of an entire national industry?
Nov 15, 2018
Gene Spafford on the Morris Worm & Cyber-security in the 1980’s
Eugene Spafford (aka Spaf), a professor of computer science at Purdue University, was the first researcher to publish a detailed analysis of the infamous Morris Worm. Gene talks to Ran about this incident, as well as how was security different in the 1980’s.
Oct 31, 2018
China Vs. Github
It’s a weapon that harnessed the strength of millions of computers at once: a cannon so powerful it could break through any wall, take down any website. It is “the Great Cannon”.
Oct 16, 2018
The Ashley Madison Hack, Part 2
On the second installment of our Ashely Madison hack retelling, we look at the fallout of one of the hack, and the people who’ve suffered from it.
Oct 04, 2018
The Ashley Madison Hack, Part 1
When Ashley Madison got hacked, it made international headlines. Why? Because it wasn’t just a major event. It demonstrated how there’s information even more sensitive, even more significant than your credit card, or your social security number: your secrets.
Sep 19, 2018
Interview Special: Graham Cluley
As we prepare to release an awesome 2-part story in two weeks, we decided to give you a chance to go back to some old favorites and check out some of the behind-the-scenes interviews of Malicious Life. Graham Cluley tells about his entry into the world of security. There are stories aplenty in this interview- Graham […]
Sep 05, 2018
The Target Hack
If movies have taught me anything, it’s that if you want to rob a bank, you dress as the cleaning crew. The people behind the Target hack must have seen one action film too many, because when they decided to hack one of the biggest retailers in the world, they did so via the HVAC […]
Aug 23, 2018
WoW: Corrupted Blood
How does the outbreak of a “plague” inside a video game- a bug, essentially- affect real-life disease research?
Jul 25, 2018
The Stuxnet Virus Pt. 3
Stuxnet was a devastating weapon, but who wielded it? That is the question we try to answer with the final installment of our Stuxnet series. In this episode, we explore other, similar battles of the modern cyber war, and look further into the topic of Zero Day vulnerabilities. With special guests: Andrew Ginter, and Blake […]
Jul 12, 2018
The Stuxnet Virus Pt. 2
Stuxnet was a weapon, a kind of a smart bomb- perhaps one of the smartest bombs ever created. A bomb that couldn’t rely on operators, cameras, and laser targeting, instead it had to “think” its way to its destination. An invisible commando unit, dropped deep behind enemy lines. And its payload- not explosives, but lines […]
Jul 12, 2018
The Stuxnet Virus Pt. 1
Where armies once fought with bullets and bombs, they now engage in clandestine, invisible warfare. In 2010 a virus was discovered that would change the world’s perception of cyber warfare forever. Dubbed Stuxnet, this malicious piece of code has a single focus- to stop to development of Iran’s nuclear program. Part one of this three […]
Jul 12, 2018
Shamoon – The Biggest Hack In History
The Shammon Virus. There is a single company, run by a royal family, which employs the majority of the Saudi working population. It’s worth more than Apple, Google, and Amazon…by a lot. The Saudi Aramco oil company is one of the most significant commercial entities in human history. It’s hard to imagine, then, what could […]
Jun 29, 2018
The Melissa Virus
Not all malware is created equal. Some malware will attempt to erase your files, demand ransom, or steal your information. Others will do no such thing- and still end up being worse. Don’t believe us? What if a virus made your computer send pornography to fifty of your closest friends and family? Yes, including your […]
Jun 14, 2018
A young woman is arrested by the Chinese government while trying to cross the border to Tibet. Her interrogator, a Chinese spy, pulls out a dossier full of information regarding her activity online. It turns out she’s been visiting pro-Tibet websites, and for that, she’s sentenced to two months in jail. What is GhostNet? Find […]
May 30, 2018
The Morris Worm Pt. 2
In an attempt to halt the Morris worm’s path of destruction, a systems administrator at Harvard shut down the university router through which Andy Sudduth’s message would be sent to the internet.  The post didn’t go through until after it was too late.  In a tragic movie-twist, the fix that everybody needed was heard by […]
May 16, 2018
The Morris Worm Pt. 1
We’ve introduced you to some of the seminal malware attacks that have shaped cybersecurity history. Perhaps no other incident in history, though, has had the effect on how we think about computer security today as the Morris worm.
May 02, 2018
The Half Life 2 Hack
How far should a die-hard fan go, in order to bring closer to them the thing that they love? In one of the most interesting, yet relatively unknown cybersecurity stories, a young hacker attempts to steal his favorite game prior to its release and then attempts to blackmail his victims into hiring him. An evil […]
Apr 18, 2018
The Legalities of the Cyber War
Catching a criminal is by no means easy, but there’s something we take for granted in any crime: that the criminal has a face and a name, that they used a specific weapon on a specific target, and that the crime had ended once it was complete.   But what about a crime without a […]
Apr 04, 2018
Fancy Bear, Cozy Bear
When representatives from the Democratic National Committee reached out to a silicon valley cybersecurity company, to investigate a potential breach in their computer system, it’s hard to imagine what they might have expected to come of it. It didn’t take long to discover that something was amiss.  Red flags were popping up all over the […]
Mar 21, 2018
Hack Back
Those who have experienced a cybercrime know the feelings of frustration and helplessness that come along with it. A hacker could be halfway across the world when they attack you, and you might have no way of figuring out who it was or catching them even if you could. So frustrating. But is there really nothing we […]
Mar 07, 2018
Cyber Terrorism
What governments and powerful organizations regularly use, others will find ways to use as well. Cyber activity fits so incredibly well with terrorism. Actors can remain hidden, or reveal themselves to the world; Create propaganda campaign, or aim for real damage. Join us on this episode of Malicious Life, as we learn the story of […]
Feb 21, 2018
Super Spies
The NSA has many means at its disposal. But how does it use these means, and for what goals? Discover the (literally) secret history of the NSA’s cyber activity. Travel with us to Russia and back, learn the origins of FISA, and find out more about the government agency so secret it was once dubbed […]
Feb 07, 2018
The Trojan Horse Affair
The early 2000s were an interesting time in Information Security. This is roughly the period when malware transitioned from viruses written by teenagers for fun, to cybercrime tools in the hands of sophisticated criminals. This week’s story took place in that time frame – and was a precursor of that transition. It is also a cautionary […]
Jan 24, 2018
Friend or Foe
The largest hack in U.S military history may have been conducted by… The NSA. In 1997, a wargame conducted by the NSA showed just how unprepared we were for a potential cybernetic strike- in 4 days, NSA hackers were able to take down entire military networks. It revealed the dire consequences of a possible cyberattack, and even […]
Jan 10, 2018
Amit Serper Interview- Holiday Special Episode
It’s the holidays and everyone’s on vacation – but the Internet never rests and neither do the bad guys in cybersecurity. So, for this holiday special, we figured we’ll air an interesting interview we did a few weeks back with Amit Serper, Principal Security Researcher at Cybereason, NotPetya vaccinator, and former cyber warrior for the […]
Dec 27, 2017
From the Bulgarian hacker scene of the 90’s, featured in episodes 1 and 2, we now move to the vibrant underground hacker scene of West and East Berlin. Working secretly for the KGB, a young Berliner hacker attempts to hack the U.S military network, only to be stopped by a curious, and inventive astronomer. A […]
Dec 13, 2017
Weapons of Mass Disruption
The threat of fire and fury stands at the center of all modern conflicts- nuclear bombs that can eradicate life in seconds are the ultimate weapon of war, as they pose a huge threat to centers of population. But what of the cyber war? What threat could it possibly pose to life as we know […]
Nov 29, 2017
The Soldiers of North Korea
Guerrilla warfare has been around for as long as conventional warfare has. The idea that a small force, through cunning and brazen action, could overtake a larger force is an old one. From pirates who would take merchant ships by surprise, to lengthy military campaigns against an enemy that is hiding in plain sight. The […]
Nov 15, 2017
The Propaganda
Governments around the world have been making devious use of the internet as a platform to spread, not malware, but propaganda. As in all wars, propaganda is a huge part of the modern cyber war. Join us as we explore the roots, and the most creative uses of the internet to spread information and disinformation […]
Nov 01, 2017
The Whistleblowers
WikiLeaks has ushered in a new age in whistle blowing: Modern leakers such as Chelsea Manning – who’s story is the focus of our current episode – expose huge amounts of confidential information. But can these mega-leaks really influence the actions and policies of governments?
Oct 17, 2017
Stuxnet, part 3
Stuxnet was a devastating weapon, but who wielded it? That is the question we try to answer with the final installment of our Stuxnet series. In this episode, we explore other, similar battles of the modern cyber war, and look further into the topic of Zero Day vulnerabilities. With special guests: Andrew Ginter, and Blake […]
Oct 02, 2017
Stuxnet, part 2
Stuxnet was a weapon, a kind of a smart bomb- perhaps one of the smartest bombs ever created. A bomb that couldn’t rely on operators, cameras, and laser targeting, instead it had to “think” its way to its destination. An invisible commando unit, dropped deep behind enemy lines. And its payload- not explosives, but lines […]
Sep 18, 2017
Stuxnet, part 1
Where armies once fought with bullets and bombs, they now engage in clandestine, invisible warfare. In 2010 a virus was discovered that would change the world’s perception of cyber warfare forever. Dubbed Stuxnet, this malicious piece of code has a single focus- to stop to development of Iran’s nuclear program. Part one of this three […]
Aug 30, 2017
Hell to Pay
A global FBI manhunt for the world’s most wanted cyber criminal ends in the capture of a massive criminal network, but with the escape of the man himself. Security experts who operate within the gray areas of morality develop botnets that destroy personal devices infected with malicious botnets in what they call “the chemotherapy of […]
Aug 21, 2017
The Roots of Evil
WannaCry’s widespread cyber attack on more than 200,000 computers all over the world made headlines – but only a few people remember a similar attack, named The AIDS Trojan, almost 30 years earlier… In this episode of Malicious Life, we go deep into the world of ransomware to examine its roots, the tools used and […]
Aug 07, 2017
Big Cannons
2016 is known throughout the circles of information security as “The Year of The DDoS Attacks”, and rightfully so: 5 large scale DDoS attacks – ‘Distributed Denial Of Service’ – shocked the technology world. In this episode of Malicious Life, we examine how the power of the internet itself can be harvested and deployed to […]
Jul 24, 2017
Spam Empire
In this episode of Malicious Life, we take a look at one of the oldest forms of criminal activity on the web- the spam empires of the 90’s and 2000’s. Find out how these multi-million dollar industries operated, how they served as a half step towards the organized online crime groups of the modern age, […]
Jul 06, 2017
The Dark Avenger
In 1989, a message was found in a virus: “Eddie Lives…Somewhere in Time!”. ‘Eddie’ was a particularly nasty virus, and its discovery led a young Bulgarian security researcher down a rabbit hole, on a hunt for the prolific creator of the Eddie virus: The Dark Avenger. With special guests: Vesselin Bontchev, Graham Cluley.
Jun 30, 2017
Ghost In The Machine
Cybercrime is one of the most notable threats we face as computer users, nowadays. But it wasn’t always so. Those of us who’ve been in the field long enough may remember a time when computer viruses were much more innocent, and virus authors were usually just bored computer geeks- not members of a sophisticated, well-organized […]
Jun 28, 2017