Darknet Diaries

175: Bayrob

It started with a fake car listing on eBay. What looked like a simple online scam quietly grew, over more than a decade, into one of the most sophisticated cybercrime operations the FBI had ever traced. Custom malware. Opsec off the charts. Fleets of infected computers mining cryptocurrency for someone else. Millions of dollars siphoned from victims who had no idea. This is the story of Bayrob and the three men from Romanian who were behind it. And the long, strange road that led American investigators to their door. SPONSORS Support for this show comes from ThreatLocker® [https://www.threatlocker.com/]. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com [https://www.threatlocker.com/]. This show is sponsored by Meter [https://www.meter.com/], the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that’s built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com [https://www.meter.com/]. This show is sponsored by Maze [http://mazehq.com/darknet]. Maze uses AI agents to triage and remediate cloud vulnerabilities by figuring out what’s actually exploitable, not just what’s theoretically risky. They remove the noise, prioritize vulns that matter, and manage remediation, so your team stops wasting time on meaningless vulns. Visit MazeHQ.com/darknet [http://mazehq.com/darknet] for more information. Support for this episode comes from NetSuite [https://www.netsuite.com/darknet]. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet [https://www.netsuite.com/darknet] to learn more. This episode is sponsored by Chainguard [https://www.chainguard.dev/]. Chainguard builds container images the right way — minimal, hardened, and built from source every single day. We’re talking images with zero known CVEs, designed from the ground up for production. No bloat. No mystery packages. No 2 a.m. patching marathons because some transitive dependency lit up your dashboard. Stop patching images that are insecure. Start shipping clean. Head to chainguard.dev [https://www.chainguard.dev/] to see how secure your software supply chain can really be.

174: Pacific Rim

For six years, Sophos fought a secret cyber war against a state-backed hacking group targeting its firewalls. This forced Sophos to drastically change tactics to properly secure their firewalls. Was it ethical? Was it effective? They disrupted nine zero-day attacks, exposed who was hacking them, and forced the hackers to change tactics. But at what cost? You have to listen to one of the most audacious corporate cyber defenses ever conducted. SPONSORS Support for this show comes from ThreatLocker® [https://www.threatlocker.com/]. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com [https://www.threatlocker.com/]. This show is sponsored by Meter [https://www.meter.com/], the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that’s built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com [https://www.meter.com/]. Support for this show comes from Drata [https://drata.com/darknetdiaries]. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries [https://drata.com/darknetdiaries]. SOURCES * https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/ [https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/] * https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived [https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived] * https://www.fbi.gov/wanted/cyber/guan-tianfeng [https://www.fbi.gov/wanted/cyber/guan-tianfeng]

173: Tarjeteros

In the streets of the Dominican Republic, a new economy thrives in the shadows. It’s built not on tourism or sugar, but on stolen data. They call them tarjeteros. And they are making a lot of money from stolen credit cards. This is a story about one group of tarjeteros who came to the US, and let loose on New York city. SPONSORS Support for this show comes from ThreatLocker® [https://www.threatlocker.com/]. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com [https://www.threatlocker.com/]. This show is sponsored by Maze [http://mazehq.com/darknet]. Maze uses AI agents to triage and remediate cloud vulnerabilities by figuring out what’s actually exploitable, not just what’s theoretically risky. They remove the noise, prioritize vulns that matter, and manage remediation, so your team stops wasting time on meaningless vulns. Visit MazeHQ.com/darknet [http://mazehq.com/darknet] for more information. Support for this show comes from Privacy.com [https://privacy.com/darknet]. Privacy allows you to create virtual spending cards instantly to use for purchases. Get your $5 sign-up bonus at privacy.com/darknet [https://privacy.com/darknet]. You can use it on your first purchase! Privacy has a free plan with no transaction fees for domestic purchases. Protect your financial identity online with virtual cards.

172: SuperBox

What if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview “D3ada55”, who found such a device, but as she gazed into it, she discovered it gazing back at her. SPONSORS Support for this show comes from ThreatLocker® [https://www.threatlocker.com/]. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com [https://www.threatlocker.com/]. This episode is sponsored by Meter [https://www.meter.com/], the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that’s built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com [https://www.meter.com/]. This episode is sponsored by Exaforce [https://exaforce.com/darknet-diaries]. Exaforce was created to handle the complete security operations workflow - detect, triage, investigate, respond. Exabots autonomously manage every stage, eliminating gaps between alert and action that slow down traditional security operations. And how it works is simple too: the exabots ingest all security data and then semantically connects it to understand the full context of security events and how they relate to each other. Learn more at exaforce.com/darknet-diaries [https://exaforce.com/darknet-diaries].

171: Melody Fraud

What if the music charts you see aren’t real? What if the numbers that define success can be manufactured? We talked to Andrew, a man who has spent his career on both sides of this battle. He once profited from the loopholes in streaming platforms, but now, his job is to close them. This episode will change the way you understand music streaming platforms from now on. SPONSORS Support for this show comes from ThreatLocker® [https://www.threatlocker.com/]. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com [https://www.threatlocker.com/]. Support for this show comes from Adaptive Security [https://www.adaptivesecurity.com/]. Deepfake voices on a Zoom call. AI-written phishing emails that sound exactly like your CFO. Synthetic job applicants walking through the front door. Adaptive is built to stop these attacks. They run real-time simulations, exposing your teams to what these attacks look like to test and improve your defences. Learn more at adaptivesecurity.com [https://www.adaptivesecurity.com/]. This episode is sponsored by Meter [https://www.meter.com/], the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that’s built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com [https://www.meter.com/].