Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
232
hpr_transcripts/hpr3612.txt
Normal file
232
hpr_transcripts/hpr3612.txt
Normal file
@@ -0,0 +1,232 @@
|
||||
Episode: 3612
|
||||
Title: HPR3612: Who is Evil Steve? Part 2
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3612/hpr3612.mp3
|
||||
Transcribed: 2025-10-25 02:10:28
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 3612 for Tuesday the 7th of June 2022.
|
||||
Today's show is entitled, Who Is Evil Steve, Part 2.
|
||||
It is part of the series' privacy and security.
|
||||
It is hosted by Lurking Private and is about 16 minutes long.
|
||||
It carries an explicit flag.
|
||||
The summary is, we take a closer look at the types of evil steves attacking us.
|
||||
Good morning, good afternoon, good evening, wherever it happens to be, where you're listening
|
||||
to this on this little planet that we call Earth.
|
||||
You are listening to another episode of Abin Admin.
|
||||
I'm your host, Lurking Pryon.
|
||||
Today's episode is going to be Who Is Evil Steve, Part 2.
|
||||
This week I spoke generally about who Evil Steve was and the kind of things that they
|
||||
do.
|
||||
He, they, I'm going to use all those pronouns and mix them up, look, just understand
|
||||
that there's a human that's attacking you.
|
||||
That's the important thing to understand.
|
||||
Now there's really two classes of attackers.
|
||||
Now I know that people who are in cybersecurity are going to get a little bit defensive about
|
||||
this, but just bear with me for a second.
|
||||
First of all, we have the low level hackers who are really just interested in your data.
|
||||
They're using tools that they don't develop, they just find them online, they can follow
|
||||
a quick tutorial and use them, or they can even just hire as a service on the dark web.
|
||||
The barrier to entry as far as hacking goes is almost zero today for a vast majority of
|
||||
the attacks that you would want to launch on people.
|
||||
So at this point for these attackers is simply a matter of finding information that they
|
||||
can turn around and monetize.
|
||||
So let's sit around for a minute and think about the information you have that could be valuable
|
||||
to someone else.
|
||||
First of all, valid email addresses.
|
||||
These are something that is very valuable, there are resellers that will buy these.
|
||||
Granted the payout on isn't very much.
|
||||
Not when you compare it to things like credit card numbers, banking information, social security
|
||||
numbers, or other identification numbers that you have that would allow for different kinds
|
||||
of identity theft.
|
||||
When it comes to identity theft, we're going to get more into this another episode, but
|
||||
I do want to point out that there are a couple of different kinds of identity theft.
|
||||
Well identity theft is a big one.
|
||||
I had a troop when I was in the military, he was deployed to somewhere stand.
|
||||
And when he came back, he started getting past due notices for medical bills from a hospital
|
||||
in Seattle.
|
||||
Apparently, while he was deployed to somewhere stand, he'd had breast augmentation.
|
||||
So even with orders proving that this person was out of the country, was not the person
|
||||
who had the surgery, it took him months to get this cleared up and get it off his credit
|
||||
report.
|
||||
So keep in mind that once identity theft happens, it is incredibly hard to get it fixed.
|
||||
The other kind I want to mention real quick is child identity theft.
|
||||
It is very easy to get a hold of a kid's, so security number, and then use their identity
|
||||
to rack up all kinds of death.
|
||||
The problem is most parents don't find out about this until their kid turns 18, they
|
||||
go to college, they apply for financial aid, only to find out that they have a whole bunch
|
||||
of stuff in their credit history that is not theirs.
|
||||
And long story short, you are not getting that loan anytime soon.
|
||||
So I would recommend if you haven't done it, and if you have children, today go and
|
||||
do a credit check on your children.
|
||||
Go and look at the credit score, go look at their credit reports, and see what's there.
|
||||
Transunion, experience, and I can't remember the other one on top of my head.
|
||||
Those are the three major ones in the US.
|
||||
You can get a free credit report from each one once a year.
|
||||
Hit up experience, get a credit report, and then set a calendar reminder, four months
|
||||
later, get one from experience, four months later, get another one, and then you can keep
|
||||
rotating through so that you're checking on your kid's current score on a regular basis.
|
||||
The thing with identity theft is the sooner you notice it, the easier it is to fix.
|
||||
This is really the basis behind life lock.
|
||||
Life lock doesn't stop identity theft.
|
||||
Life lock identifies you and alerts you to the fact that identity theft probably is happening
|
||||
at an early enough stage that you can fight it effectively.
|
||||
The longer it goes on, the harder it is to fight.
|
||||
These are the kinds of information that people are looking for when it comes to the low-level
|
||||
hacker.
|
||||
Keep in mind if you are somebody that may generate some kind of animosity toward other people
|
||||
on the internet, they may target you specifically looking for information about you that could
|
||||
be detrimental to your image.
|
||||
There's all kinds of stuff that's out there that you probably don't want falling into
|
||||
other people's hands.
|
||||
I would recommend doing a good check of your social medias, trying to see what's out there,
|
||||
trying to see what other people have about you out there, do a Google search, and then
|
||||
those things that you really don't want other people knowing about.
|
||||
How about going and checking where you have that data, how it's protected, and maybe
|
||||
at the very least, change your passwords for all of those things.
|
||||
I'll talk more about passwords in another episode.
|
||||
The bariter entry when it comes to being a hacker is extremely low.
|
||||
The payout, it could be pretty good depending upon how much effort a person is willing to
|
||||
put into it, and what kind of a target audience they happen to be hitting.
|
||||
The second level is what we call the advance persistent threat.
|
||||
These are the attacks that have a person actively sitting behind.
|
||||
What they are doing is they are not just looking for things like your social security number.
|
||||
What they are doing is they are getting into your organization, they are using tools that
|
||||
are already installed.
|
||||
They're not installing malware or anything like that.
|
||||
They're using things like PowerShell that's already there.
|
||||
What they are doing is they are pivoting through your network to find information that would
|
||||
be valuable to them, things like intellectual property, trade secrets, and they are not
|
||||
a quick smash and grab.
|
||||
They are in there for the long haul.
|
||||
They're going to create multiple points of entry so that if one is found and closed,
|
||||
they have another way to get in.
|
||||
They really want to get in, stay there covertly, and watch what's going on, and slowly
|
||||
steal information from your network.
|
||||
This is where identifying the who becomes very valuable from a security standpoint.
|
||||
When it comes to these kinds of attackers identifying a profile on who they are, how they go
|
||||
about doing their business, what tools they use, different ways that they go around doing
|
||||
precursors to an attack, the things that they do once they're in the network will help
|
||||
you identify other times or other places that they may happen to target you.
|
||||
A lot of these APTs are already known, and there's information out there, there's information
|
||||
sharing centers if you're in a critical industry, and there's other information if you're
|
||||
willing to look around for it.
|
||||
The advanced persistent threats, these are really not the attackers that are going to show
|
||||
up on your alerts.
|
||||
It's not going to show up on your SIM, and if it does, it's probably going to be an anomaly.
|
||||
Most of these, you're going to have to go find.
|
||||
You're going to have to go look for signs that they are there.
|
||||
They are very good, and a lot of them can go years without being detected.
|
||||
These are state actors, these are well-funded criminal groups, these are threat actors
|
||||
that have a very strong ideology.
|
||||
We like to think about people like ISIS, and we say, oh, well, they just go and blow
|
||||
themselves up.
|
||||
Well, I'm going to tell you right now that not every extremist in the world wants to
|
||||
blow themselves up.
|
||||
They have some very skilled hackers, and yes, there's a lot of terrorist groups out there
|
||||
that are hacking different sides and different companies for different reasons.
|
||||
So again, the who that is attacking you really plays a difference in how you look for
|
||||
signs of an attack and how you defend against those attacks.
|
||||
My recommendation is for your business, your organization, the industry that you're in,
|
||||
I would highly recommend doing some research into the current act of threat actors, who
|
||||
are the ones that target your industry, who are the ones that are targeting the information
|
||||
that you are trying to protect and keep secret.
|
||||
Those are the people that you're really going to want to study and take a look at and
|
||||
other threat actors that may be in the same space, but maybe aren't quite as active to
|
||||
give yourself a better threat profile.
|
||||
Now the thing that I want to caution you with is when it comes to gathering intelligence
|
||||
about threat actors, tactics, techniques, and procedures, and all of the different things
|
||||
that you can look for.
|
||||
You can very quickly overwhelm your security team with the amount of information that's
|
||||
coming in.
|
||||
That is not effective at all, which is why I always recommend let's start with the very
|
||||
most active people in our sector, who are the ones that are most likely to attack us
|
||||
and go through research them and rack and stack them and start with number one and work
|
||||
your way down to number 99, whatever happens to be.
|
||||
And then start with number one.
|
||||
All right.
|
||||
So here's this threat actor.
|
||||
Here's what they do.
|
||||
Here's the tools they use.
|
||||
Here's the way they get in.
|
||||
Let's take our analysts and let's go out and let's start looking to see if there's any
|
||||
signs of compromise that would indicate that we've already been attacked.
|
||||
Always work under the assumption that you've already been attacked.
|
||||
If you think that you are not already vulnerable, chances are you've been attacked and you just
|
||||
don't know it yet.
|
||||
It's not a matter of if you're going to be hacked.
|
||||
It's going to happen.
|
||||
It's not a matter of if it's when.
|
||||
It's going to happen.
|
||||
The name of the game is getting the attacker out as quickly as possible.
|
||||
There's something that we call dwell time.
|
||||
This is the amount of time that an attacker is in a network undetected until they're removed.
|
||||
And the last time I checked, I believe it was, I think, a 2019.
|
||||
The global average for dwell time was 99 days, just shy of four months.
|
||||
There's a lot of time that an attacker has undetected in a network.
|
||||
We've gotten better.
|
||||
I believe the last time I checked, we had come down to, I believe, the 50s for the number
|
||||
of days.
|
||||
Still 50 days in a network is a long time.
|
||||
Let's talk about ransomware.
|
||||
What we have found is that with most of the ransomware attacks over the last two years,
|
||||
there's about a two-week delay between the time they actually get into the network, to
|
||||
the time they actually take action and start going about doing the damage to your network.
|
||||
So if that attack had been found and stopped in those two weeks prior to them actually
|
||||
activating and doing damage to your network, the attack would have effectively been stopped.
|
||||
That's really the name of the game.
|
||||
Let's find them as soon as they get in.
|
||||
It's really trying to limit that dwell time, limit the amount of time that they have to
|
||||
do damage to you.
|
||||
So it's not about keeping them out.
|
||||
I really want to drive this point home.
|
||||
It is not about keeping hackers out.
|
||||
That is an impossible task.
|
||||
You can't do it.
|
||||
There is no such thing as security.
|
||||
It does not exist among men or in nature.
|
||||
That's a quote from Helen Keller.
|
||||
I don't believe I got it quite right, but that's the genital just of it.
|
||||
So security doesn't exist.
|
||||
It's a myth.
|
||||
We can't make something secure.
|
||||
If you don't believe me, watch Oceans 11, Oceans 12, Oceans 13, Oceans 8, Oceans
|
||||
92.
|
||||
How many they made?
|
||||
But basically, no matter how much security you put, if someone has enough time, enough
|
||||
determination and enough resources, they're going to get in.
|
||||
And you have limited time, limited termination, and limited resources.
|
||||
That's an asymmetric battle that you will never, ever win.
|
||||
So we need to focus on the flip side.
|
||||
Okay, let's go and we recognize the fact that they're going to get in.
|
||||
What can we do to identify them as soon as they got in, so that we can minimize and stop
|
||||
that attack at its earliest stage possible?
|
||||
So who are the evil steves out there?
|
||||
We've talked about that.
|
||||
I'm hoping that this gives you a better idea of who the attackers are out there.
|
||||
And keep in mind, it's not things that are attacking you.
|
||||
It's people.
|
||||
Behind every single one of those attacks, there's a person.
|
||||
Now, they may have targeted you specifically, or you may have just been caught in up in
|
||||
the mess of IP addresses that they found.
|
||||
It really doesn't matter at the end of the day.
|
||||
So people attack you, not things, people cause damage to your networks.
|
||||
At the end of the day, it's people that we have to worry about.
|
||||
Security is, and always will be a people problem.
|
||||
And I think if we can start changing our focus and security to thinking about security as
|
||||
a people problem, we will go much further in our ability to protect our organization.
|
||||
And I'll talk about this in future episodes where I talk about personnel relationships
|
||||
within your organization.
|
||||
Again, security is a people problem.
|
||||
So keep that in mind.
|
||||
So talk about different threat actors, hoping that you guys found this useful and helpful.
|
||||
I'll be back again with another episode looking forward to hearing your feedback.
|
||||
And until next time, this has been Abin Abman, and this is Lurking Pryon, signing off.
|
||||
Have a good week.
|
||||
You have been listening to Hacker Public Radio, and Hacker Public Radio does work.
|
||||
Today's show was contributed by a HBR listener like yourself.
|
||||
If you ever thought of recording broadcast, click on our contribute link to find out how
|
||||
easy it needs.
|
||||
The HBR has been kindly provided by an honesthost.com, the internet archive, and our sings.net.
|
||||
On the Sadois status, today's show is released under Creative Commons Attribution 4.0 International
|
||||
License.
|
||||
Reference in New Issue
Block a user