))
Who are these mysterious hackers that the world is afraid of? Have you ever wondered who they are and what they’ve done? Whether you're new to the world of cyber security, a seasoned engineer, or just someone that’s picked up enough to follow along, we’ve got a podcast for you. Hacking the Gibson is a podcast about the history of cyber security on the Internet. We’ve pulled together stories of the Information Superhighwaymen that have shaped the Internet. Some are heroes and heroines, some a ...
…
continue reading
Whether you’re working in cybersecurity or acting as your own tech support at home, you’ve probably heard about firewalls. A properly configured firewall acts like a fastidious border guard, making all the little data packets show their credentials before they can enter the country - er, the computer. In this episode, we’ll learn about the history …
…
continue reading
In the 1990s and early 2000s, fast food giant McDonald’s teamed up with iconic board game Monopoly to run a promotion that lured customers with prizes ranging from a free small fries to a million dollars in cash. Pairing fast food with a game that’s famous for taking hours and straining family relationships might not seem like an obvious choice, bu…
…
continue reading
Welcome to part two of Hacker Summer Camp, reviewing the highlights of hacking conventions our hosts attended this summer. Ymir and Hackalope share what they learned on a range of topics, from updates in the field of satellite and spacecraft security, cloud service event logging, and newly discovered vulnerabilities in keycard security systems. The…
…
continue reading
At this year’s annual Black Hat convention in Las Vegas, artificial intelligence was top of mind for attendees and presenters alike. Join us as Hackalope recounts the talks and topics that got his brain churning. We discuss using AI in incursion and defense, and how it works as a modeling tool. We also talk about how the cost of cyber defense is st…
…
continue reading
We’ve Been Trying To Reach You About Your Firewall’s Extended Warranty Voice over IP (or VoIP) lets a user make phone calls over a computer data connection rather than a phone line. This union of computing and calling enables lots of flexibility and fancy features, but it also makes phone calling vulnerable to all the security challenges of being o…
…
continue reading
1
Season 7 Episode 9 - Where The Streets Have No Plane
29:59
29:59
Play later
Play later
Lists
Like
Liked
29:59
One of the main features of the Cold War was the great lengths the United States and Soviet Union went to gather intelligence about each other. Few of those went further than the U-2, a US spy plane so secret that its pilots were issued suicide pills, and so advanced that it could take detailed photographs from an altitude above most anti-aircraft …
…
continue reading
In the constant arms race between cybersecurity and hackers, law enforcement is a huge player. Without effective oversight, programs they deploy to investigate potential crimes can easily be used for illegal mass surveillance, or to target and punish political dissent. This week we’re talking about the NSO Group, a vendor whose tools have emboldene…
…
continue reading
1
Season 7 Episode 7 - Dorking, Dorking Everywhere
31:41
31:41
Play later
Play later
Lists
Like
Liked
31:41
Google has arguably the most comprehensive index of all the publicly identifiable websites, files, and servers that are available on the Internet. Inevitably, that’s going to include evidence of security vulnerabilities that might be turned up by the right search query. A “dork” is a specialized search string that can zero in on interesting results…
…
continue reading
During the Cold War, information about the enemy's nuclear arsenal was a top priority for intelligence operations. Force deployment, base construction, and untold billions of dollars in weapons development all turned on how many nukes each side had pointed at the other. So what did military, intelligence, and political officials do when they couldn…
…
continue reading
1
Season 7 Episode 5 - Viruses Part 2: Going Pro
44:05
44:05
Play later
Play later
Lists
Like
Liked
44:05
The mid-90’s to the end of the 2000’s is a fascinating period in the cat-and-mouse history of viruses and the methods to defend against them. Dozens of vulnerabilities were identified, exploited, and (mostly) fixed. New attack vectors were opened up as well, many of which are still with us today. Various countries started taking steps to criminaliz…
…
continue reading
1
Season 7 Episode 4 - The JSTOR Underground: Sci Hub
30:24
30:24
Play later
Play later
Lists
Like
Liked
30:24
Journal publishing is a cornerstone of science. It’s how new findings get shared with other researchers, and plays a huge role in career advancement for scientists. But the companies who control those journals charge exorbitant fees to access their papers, despite the fact that most of the research is paid for with taxpayer money. This week, we’re …
…
continue reading
Open-source code is woven into programs running on virtually every machine on Earth. When a free program solves a common problem, of course developers don’t want to solve the same problem from scratch. But widespread adaptation makes popular open-source software a tempting target for bad actors spreading malicious code. This week, we’re talking abo…
…
continue reading
1
Season 7 Episode 2 - APT Files: Deep Panda and Sandworm
37:50
37:50
Play later
Play later
Lists
Like
Liked
37:50
Just in case you’ve been sleeping well lately, we’re back with some more scary bedtime stories about advanced persistent threats. This time, we’re talking about APTs where the attackers weren’t just looking to ransom data, they were actively trying to steal, or even destroy, data held by healthcare companies, veterans’ service providers, and energy…
…
continue reading
1
Season 7 Episode 1 - Getting The Soviet Blocks to Fit
43:55
43:55
Play later
Play later
Lists
Like
Liked
43:55
Tetris is one of the most popular video games of all time. Its simple premise and straightforward reward system (drop a block, clear a line) made it easy to learn and majorly addictive. But the game’s path to the world stage from the secrecy of the Cold War Soviet Union was as twisty as the game itself is elegant. Join us as we discuss the secret m…
…
continue reading
Viruses have been a part of computing history almost from the beginning. Programs that could hide on systems and replicate themselves onto other machines leapt from theory to actual code long before most people dreamed of having a computer in their homes. This week, we’re taking the long view, talking about the history of those early viruses. We’ll…
…
continue reading
1
Season 6 Episode 11 - Operation Ivy Bells
25:30
25:30
Play later
Play later
Lists
Like
Liked
25:30
In the mid-80’s, Cold War spy games between the United States and USSR were taking place all over the world. Playing a hunch, US intelligence and the Navy were able to find and tap undersea cables carrying unencrypted Soviet communications. Info they gained from the tap helped guide negotiations on a landmark nuclear arms treaty. This week, we’ll t…
…
continue reading
1
Season 6 Episode 10 - How to Torture an Acronym: MITRE
37:14
37:14
Play later
Play later
Lists
Like
Liked
37:14
The MITRE Corporation is a nonprofit think tank with Cold War origins. MITRE has brought government, business, and academia together to develop some of the most important modern technical and logistical infrastructure. For cybersecurity pros, one of their most important developments is ATT&CK, a framework for identifying and labeling the methods us…
…
continue reading
1
Season 6 Episode 9 - Stupid Sexy Smartcards
43:41
43:41
Play later
Play later
Lists
Like
Liked
43:41
There are lots of ways to protect sensitive systems with multifactor authentication. Big businesses and government agencies often rely on physical, machine-readable cards assigned to specific users. Smartcards offer some advantages over passwords and pins, but setting up and running the systems to manage them can be a challenge. We’ll talk through …
…
continue reading
1
Season 6 Episode 8 - Internets Before The Internet
30:39
30:39
Play later
Play later
Lists
Like
Liked
30:39
The modern Internet has made the global exchange of information easy, ubiquitous, and relatively inexpensive. But it’s only the latest expression of the human drive to communicate and share. This week, we’re looking at historical systems that used phone lines, telegraphs, and even pen and paper, to establish widespread, efficient networks of commun…
…
continue reading
We’re back on orbit this week, talking about two incidents from the 2000s where satellites in space were interfered with from the ground. We’ll talk about what the attackers were able to do, the kind of info that’s necessary to detect a satellite hack in progress, how trends in the aerospace industry make cybersecurity a challenge, and why physical…
…
continue reading
1
Season 6 Episode 6 - The APT Files - Elfin & Lazarus
33:00
33:00
Play later
Play later
Lists
Like
Liked
33:00
Advanced Persistent Threats (APTs) are the incursions that keep cybersecurity professionals up at night. When an attacker gets in undetected they can spend months or years installing malware, stealing data, and invading every corner of a network. This time, we’re profiling two hacking groups that have achieved APT status, the attacks that put them …
…
continue reading
1
Season 6 Episode 5 - No Solace In Quantum
27:21
27:21
Play later
Play later
Lists
Like
Liked
27:21
The next leap forward in computing will likely come from calculating in the quantum realm. Harnessing the non-binary states of quantum bits could allow machines to run problems and break codes that would choke even the most powerful digital computers. Can we still protect our data in a world of quantum computers, or will their probabilistic problem…
…
continue reading
1
Season 6 Episode 4 - Windows Security Analysis Without a Net
49:11
49:11
Play later
Play later
Lists
Like
Liked
49:11
Securing networked Windows machines is a badge of misery honor shared by admins the world over. But, like a lot of things in Windows, the tools to report and track potential security events can be about as helpful as a cat lying on the keyboard. Tune in for tips, tricks, and tetchiness about the audit utilities in Windows, and some external tools a…
…
continue reading
Information technology is an ever-changing field. Cybersecurity paradigms can change overnight. New types of vulnerability are always being discovered, and niche tools can rapidly become industry standard. If you’re an aspiring cybersecurity professional, is getting an academic degree a good use of your time? Our hosts weigh in, and share their tip…
…
continue reading
1
Season 6 Episode 2 - Black Hat Time Machine
26:44
26:44
Play later
Play later
Lists
Like
Liked
26:44
The year is 2013. The Harlem Shake is getting millions of views on Vine. “Selfie” is the Oxford English Dictionary’s word of the year. And thousands of computing professionals and enthusiasts have gathered for another installment of the Black Hat conference. Fire up the time circuits as we revisit the prescient presentations from the cybersecurity …
…
continue reading
Even the most comprehensive network security is only as tight as its least careful user. When a system is compromised, it’s often because a user has been tricked into revealing their sign-in credentials. We’ll discuss the techniques used to tease out passwords, review some of the most dramatic incidents of this kind of attack, and tackle the big qu…
…
continue reading
In 1998, several members of the hacking collective known as The L0pht accepted an invitation to testify in front of the United States Senate about “Weak Computer Security in Government.” These rock-star hackers schooled legislators on widespread vulnerabilities that threatened the information security of both government and private industry. Tune i…
…
continue reading
Electronics are expensive, and replacing or upgrading parts can be a much cheaper, more sustainable way to keep your hardware humming. But the biggest obstacle to your right to repair a thing you own is often the company that originally sold it to you. We’ll talk about the tricks and tactics tech vendors use to keep you from updating gear on your o…
…
continue reading
1
Season 5 Episode 10 - Hacking In The Sky With Diamonds, Part 2
30:57
30:57
Play later
Play later
Lists
Like
Liked
30:57
When a manmade satellite is whizzing through space at 11,000 kph, sending up a repair team to kick the tires is a non-starter. Ground-based mission crews can get around this by using virtual environments to simulate satellite software, hardware, and even the physics of being on orbit. And, there’s hardly ever been a useful computing tool that hacke…
…
continue reading
In 2016, a website of the Philippines election agency was hacked, and information on millions of voters was leaked. Can governments modernize election systems, while still keeping them secure from large-scale manipulation? We look to Brazil, which has been rigorously testing and securing its homegrown electronic voting system, for an example of how…
…
continue reading
Insulin pumps are small, wearable computers. They help Type I Diabetes patients maintain safe blood glucose levels by delivering critical insulin without the need for injections. Thanks to the late Barnaby Jack and other cybersecurity researchers, we also know they’re vulnerable to being hacked. We’ll talk about the implications for patients, and h…
…
continue reading
1
Season 5 Episode 7 - I'm in Love with Stasi's Mom
34:30
34:30
Play later
Play later
Lists
Like
Liked
34:30
The East German secret police, AKA the Stasi, kept the citizenry under their thumb through a combination of fear tactics and near-total surveillance. Neighbors, friends, even family members informed on each other, and Stasi operatives gathered huge troves of data which they used to influence and blackmail everyone they could. You won’t believe how …
…
continue reading
If you want a twisted nightmare landscape dominated by machines, look no further than the Internet. Humans online are completely outnumbered by internet-enabled devices. Each one is a thing that might be able to run DOOM, and also a potential security problem. Go change the default password on your router, then learn about all the other things in y…
…
continue reading
1
Season 5 Episode 5 - The Wrongfully Accused
38:32
38:32
Play later
Play later
Lists
Like
Liked
38:32
Technology moves a lot faster than the laws intended to regulate it. One of those tools is the Computer Fraud and Abuse Act, which was passed in 1984. Vague and outdated language in the CFAA gives ambitious law enforcers a lot of power to criminalize ordinary conduct and harass people who never could have known they were breaking the law. Join us f…
…
continue reading
1
Season 5 Episode 4 - Logging, The Final Frontier
1:03:40
1:03:40
Play later
Play later
Lists
Like
Liked
1:03:40
An important part of cybersecurity is reviewing the messages our systems send about potential problems, and looking into the ones that seem most serious. But there’s no way a fragile human (or team) can check the sheer volume of pings coming from even fairly small systems. Fortunately, there are tools, tips, and tricks to reduce the flood of info d…
…
continue reading
Hey, kid, you want a shot at some sweet new hardware? How about cash prizes? All you need to do is find and exploit (on the fly) a unique vulnerability in some of the world’s most popular tech. This week we’re exploring the history of Pwn to Own, one of the OG bug bounty contests that’s been digging up security vulnerabilities since 2007.…
…
continue reading
It’s November of 1992. The Internet is slowly starting to move beyond the boundaries of government and educational institutions. A group of hackers are meeting in broad daylight just outside our nation’s capital. What were they discussing that had law enforcement so worried? We don’t know. But we do know they bent the law as far as they could to br…
…
continue reading
What happens when the people in charge of setting the standards for secure cryptography are also tasked with spying on private communications? What could an intelligence agency do with a secret back door into widely adopted crypto? Could the open-source community discover the hidden vulnerability and make us all safer?…
…
continue reading
A former president's home was raided, mishandling of presidential records and classified material is allged. So what happened, is it really differnet from events in the past, and exactly what are the rules and why? The US government classifcation system seems byzantine and archaic, in this episode we use these examples to explore why these policies…
…
continue reading
It’s been a year, and every week we’ve given you your dose of HtG. We’ve covered some of the Internet Hall of Fame, like John Postel and Paul Vixie. We’ve talked about some of the infamous like APT1 and Brian’s club. We’ve even eulogized a few of the greats that passed – Barnaby Jack and Dan Kaminsky, and a bunch of episodes on the Internet and how…
…
continue reading
Quis Custodiet Ipsos Custodes, Who watches the Watchers is an eternal question. Famously, the United States didn’t have an intelligence agency until World War 2. It only took a few more decades to realize that they needed oversight as well. It difficult not to be shocked at the breadth of activities uncovered by Sen Frank Church and his Select Comm…
…
continue reading
1
Season 4 Episode 11 - The Crypto Wars Pt 3
40:12
40:12
Play later
Play later
Lists
Like
Liked
40:12
Universally available encryption tools started to pave the path of freedom and security on the Internet. The early 2000’s also brought technical content controls, using the same encryption tools, known as Digital Rights Management (DRM). Unfortunately for them every crypto-system can have weaknesses and the world is filled with hackers. This is the…
…
continue reading
1
Season 4 Episode 10 - The Crypto Wars Pt 2
41:16
41:16
Play later
Play later
Lists
Like
Liked
41:16
In part one we talked about DES, Horst Feistel, the NSA and the public. Who was right about the durability of the algorithm and key standard? How long was DES viable, and how long was it used? Even after the genesis of the DES algorithm and the drama associated, things were still incomplete. We still need asymmetric cryptography to achieve all the …
…
continue reading
1
Season 4 Episode 9 - The Crypto Wars Pt 1
40:33
40:33
Play later
Play later
Lists
Like
Liked
40:33
Have you ever thought you would change the world? Have you ever read something from decades ago that saw so clearly into the future that it could have been written yesterday? The hero of our story did change the world and wrote an article for Scientific American that laid out the same case for digital privacy that we deal with today, in 1973. This …
…
continue reading
1
Season 4 Episode 8 - Credit Card Fraud Pt 2
45:23
45:23
Play later
Play later
Lists
Like
Liked
45:23
Now we’re living in the future, right? All of the sins of the past have been absolved, and all our credit cards are secure, because everybody took lessons to heart, right? Well of course not, some old problems remain, some previous fixes didn’t work as well as intended, and some new problems have shown up. In this episode we talk about the solution…
…
continue reading
1
Season 4 Episode 7 - Credit Card Fraud Pt 1
43:16
43:16
Play later
Play later
Lists
Like
Liked
43:16
Take out you wallet, inside you’ll have at least 3 on average in America. In much of the world it’s becoming the default payment method, and yet we cope with billions of dollars in fraud – approaching $12B in 2022. In this episode we’ll talk about the first one, the golden age of carding, and the early days of PCI DSS.…
…
continue reading
What would you do you win a war? What would you do after you won a war? The US had to face those questions, but in the reverse order. Seeing both the Nazi crimes and the science and weapons they developed, they were faced with a choice. Knowing that the confrontation with the Soviets was on the horizon, they chose to give a way out to a number of N…
…
continue reading
The modern web is a crazy place. We started with a simple protocol that gave us formatted text that was flexible about the way it was displayed, to active processing of user input, to globe spanning integration at all scales. It sometimes seem like the web services of the 2020’s has infinite variety and complexity. It would be a mistake to think th…
…
continue reading
1
Season 4 Episode 4 - Barnby Jack of All Trades
32:55
32:55
Play later
Play later
Lists
Like
Liked
32:55
What can we say about Barnaby Jack? Was his life cut short? Yes. Did he change how we think about device security? Absolutely. Did the work he left behind lay the groundwork for hacks to come? Without a doubt. By many accounts he took excesses to excess and paid the price. Dead at 36, for a reported drug overdose, he left a legacy, an impact in the…
…
continue reading
In our first episode on HTTP we saw the seeds on the modern web be planted. The beginning sprouts of the active responsive web began to break the surface. This was both the start of the mania for Internet businesses and the large scale web attacks.
…
continue reading
