Hacking Humans

The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as “penetrations.” By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses in various government systems.

Dave & Joe have a tip as some follow-up on cloning social media accounts, Dave's story is about turning the tables on hackers in the UK, Joe talks about Kaspersky's Spam and phishing report, The Catch of the Day is is from a listener, Bob, who received an email from Eddy looking for the love of a woman (but, Bob is not a woman), and later in the show, Dave's conversation with Max Heinemeyer from Darktrace on threats that he and his team have tracked throughout the onset and spread of COVID. Links to stories: Boomer outsmarts hackers: “Kiss your cash goodbye” Spam and phishing in Q2 2020 Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tactics involve phishing attacks and watering hole attacks.

Joe's story is about the effectiveness of social media account cloning, Dave talks about toll fraud, The Catch of the Day is a Bitcoin scam with some scam baiting on the side, and later in the show, Dave's conversation with Ben Rothke from Tapad on Medium piece: A conversation with an iTunes card scammer.Links to stories: Attack of the Instagram clones A Game of Phones: Fighting Phone Phreaks in the 21st Century Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors can’t be open at the same time. A person presents credentials to the entry doorway. If authorized, the entry door opens and the person walks into the mantrap. The man trap exit door will not open until the entry door closes. The person presents credentials to the exit door. If authorized, the exit door will open. If not, the person is captured in the man trap until security arrives to handle the situation. Physical security leadership installs man traps to separate unrestricted areas from restricted areas, to prevent tailgating by uncleared personnel, and to impede access by unauthorized persons.

Dave's story is about robocalls to a telephony honeypot, Joe talks about postcards impersonating HIPAA communications (you have one? please let Joe know), The Catch of the Day is an email that our editor, Tom, received from the FBI about his COVID-19 death,, and later in the show, Dave's conversation with Rachel Tobac from SocialProof with her insights on the Twitter hack.Links to stories: A simple telephony honeypot received 1.5 million robocalls across 11 months Fraudulent HIPAA Communications: An Alert from the Office for Civil Rights Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A class of software-security-weakness-issues where independent researchers discover a software flaw before the owners of the code discover it. Zero-day, or 0-day in hacker slang, refers to the moment the race starts, on day zero, between network defenders who are trying to fix the flaw before hackers leverage it to cause damage. It is a race because on day zero, there is no known fix to the issue.

Dave's story is about a forgotten scam, Joe talks about the recent Twitter hack, The Catch of the Day is a pretty standard phishing email for you to be on the lookout for, and later in the show, Dave's conversation with Carolyn Crandall from Attivo Networks on why human-controlled ransomware, Ransomware 2.0, is so threatening to today’s remote businesses.Links to stories: Question Quiz - The Forgotten Scam The Teenager Allegedly Behind the Twitter Hack and How He Did It Catch of the Day: Fake email notice for business owners on Bluehost.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades.

Dave shares an horrific cyberstalking story from the local area, Joe's story is about a phishing campaign impersonating voicemail alerts, The Catch of the Day is an HR front for a check floating scam, and later in the show, Dave's conversation with Johnathan Hunt of GitLab on his perspective of dealing with bad actors: ignore them.Links to stories: Anne Arundel man sentenced for ‘cyberstalking’ ex-girlfriend by hacking her accounts and getting her arrested New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials Catch of the Day:I was just super bored. But now I have something to do.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.