Confessions of a Cyber Criminal Stalker - Ken Westin - PSW #852
Nov 21, 2024
auto_awesome
Ken Westin, a Senior Solutions Engineer at Lima Charlie and seasoned cybersecurity expert, shares his thrilling journey in stalking cybercriminals. He discusses the dark world of malware and personal safety when tracking down criminals. Ken dives into the alarming vulnerabilities in major platforms like Fortinet and Palo Alto, emphasizing the risks of using commonplace passwords. He also explores the importance of open communication about online safety, innovative tracking methods with USB devices, and how technology evolves alongside cyber threats.
Ken Westin emphasizes understanding the mindset of cyber criminals to develop effective defensive strategies against insider threats and theft recovery.
Collaboration and communication among cybersecurity professionals and stakeholders are crucial for raising awareness and improving organizational security practices.
The debate between open-source and commercial software highlights the need for organizations to assess their specific risks and capabilities when choosing cybersecurity solutions.
Recent vulnerabilities in popular cybersecurity tools illustrate the importance of remaining vigilant and proactive against emerging threats in the digital landscape.
Organizations must foster a culture of security awareness and continuous education to empower employees to combat potential threats effectively.
Deep dives
Confessions of a Cyber Criminal Stalker
The podcast episode features a discussion with Ken Weston from Lima Charlie, who shares his experiences as a cybersecurity expert with a focus on insider threats and criminal tracking. He recounts how he stumbled into the field, initially exploring offensive security through USB-based Trojans, before transitioning to working with law enforcement to unveil organized crime. Weston emphasizes the importance of understanding the mindset of criminals to develop effective defensive strategies against cyber threats, including insider trading and theft recovery. His journey showcases the evolving landscape of cybersecurity, where personal experiences and technological advancements drive the pursuit of justice against cyber crime.
Participating in Cybersecurity
Weston highlights the need for consistent communication with stakeholders and the public regarding cybersecurity practices, particularly in organizations and schools. He shares insights on the challenges faced by professionals in effectively communicating the importance of security measures and educating users about potential threats. He also emphasizes the role of collaboration among cybersecurity professionals to share knowledge and strategies for mitigating risks. By actively participating in discussions and outreach efforts, Weston believes that cybersecurity can improve overall safety and awareness in the digital landscape.
The Challenges of Unmanaged Devices
The podcast discusses the growing concern of unmanaged devices accessing company data, emphasizing the need for robust security measures in today’s digital work environments. Tools like OnePassword’s Extended Access Management are presented as solutions to help secure sign-ins across various applications and devices. Listeners are prompted to consider the implications of allowing employees to use personal devices and apps for work purposes without proper oversight and management. The conversation encourages organizations to prioritize data security and user education to protect sensitive information amidst the shift to remote work.
The Balance Between Open Source and Commercial Software
The episode dives into the debate surrounding open source vs commercial software in cybersecurity, examining the strengths and weaknesses of both. The discussion acknowledges that while open source can provide flexibility and transparency, it often comes with the need for additional expertise and manual management. Conversely, commercial solutions might offer user-friendly interfaces and comprehensive support but can come with hidden costs and lower transparency. Ultimately, the decision between the two styles should be driven by a risk assessment of the organization's needs and capabilities.
Evolving Threats and Vulnerabilities
As the discussion unfolds, the podcast touches upon the critical vulnerabilities recently discovered in popular cybersecurity products, including Fortinet and Palo Alto Networks. These vulnerabilities illustrate the ongoing risks that even established software faces in today’s threat landscape. Experts note that many organizations still rely heavily on vendors, often to their detriment, as attackers continuously seek out zero-day vulnerabilities and exploit them. The conversation highlights the necessity for companies to remain vigilant and proactive in their security measures to defend against emerging threats.
Impact of Cybersecurity on Critical Infrastructure
A significant portion of the podcast addresses the current geopolitical climate and the potential risks posed to critical infrastructure in the U.S. by adversarial nations. Radioing concerns about water supply disruptions and the vulnerabilities inherent in these systems, experts stress the need for a strong collective defense. The conversation emphasizes the importance of preparedness among organizations and local governments to respond to cyber threats that target essential services. This proactive stance is crucial to ensuring resilience in the face of increasing threats to national security.
Concerns Over Emerging Technologies
The episode discusses the implications of rapidly evolving technologies like AI and machine learning on cybersecurity practices. Experts express concern over the exploitation of these tools by nefarious actors, reflecting on how adversaries can harness AI for malicious purposes. Furthermore, the podcast highlights the necessity for organizations to adopt strong security measures and continuously educate their workforce about potential vulnerabilities. As technology advances, so too must the approaches to safeguarding sensitive data and critical infrastructure against emerging threats.
Historical Perspective on Cyber Communication
A lighter note in the conversation reveals interesting historical tidbits about early virtual meetings and communication technologies, drawing parallels to modern cybersecurity practices. The discussion recounts the story of a pivotal moment in 1916 where engineers participated in a groundbreaking virtual meeting, showcasing the evolution of communication from that era to now. This historical analogy serves as a reminder of how technology has changed the way professionals interact and collaborate in the ever-evolving field of cybersecurity. These reflections invite listeners to appreciate the roots of the industry while considering its future trajectory.
Treasure Hunting in Tech Trash
A humorous anecdote ends the podcast, recounting a story of a fortunate find by a garbage truck driver who stumbled upon a high-end gaming PC while out on the job. The computer, equipped with cutting-edge components like a 32-core CPU and powerful graphics card, was discarded yet still functional. This lighthearted tale not only entertains but also highlights the unusual nature of tech waste in today's rapidly changing tech landscape. Listeners are reminded that in the ever-evolving world of technology, valuable resources often exist in the most unexpected places.
Importance of Security Awareness
The podcast wraps up with a call to action for organizations to foster a culture of security awareness among employees and stakeholders. Recognizing that threat actors often exploit human behavior rather than just technical vulnerabilities, experts stress the value of ongoing education in cybersecurity. Organizations are encouraged to invest time and resources into training their workforce to recognize potential threats and practice safe online behaviors. By cultivating a proactive approach to security, businesses can significantly reduce their risk exposure and contribute to a more secure digital environment.
Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety.
Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and Fortinet, the first zoom call, and one person's trash is another person's gaming PC!
