Legitimate Cybersecurity Podcasts

They Send a Fake IT Guy to Hack Your Office

33 min · 8. juni 2026
episode They Send a Fake IT Guy to Hack Your Office cover

Beskrivelse

The hacker isn't a thousand miles away in a hoodie. He's standing at your desk in a polo shirt, holding a clipboard, asking to plug something into your computer. And law firms are the target. Frank Downs and Dustin Brewer break down the Silent Ransom Group — the crew skipping the phishing email and walking straight through the front door. In this episode of Legitimate Cybersecurity, Frank and Dustin dig into SRG (aka Luna Moth, aka Chatty Spider), a Conti offshoot now assessed — and corroborated by an FBI FLASH alert — to be running physical IT-impersonation attacks against law firms and other data-rich targets. They discuss why physical social engineering is suddenly back from the 1990s, the cyber-psychology that makes us trust a stranger with a lanyard, Dustin's casino fake-badge pen test, why law firms are such a rich target (trade secrets, M&A, criminal defense, HIPAA data), and the brutally simple fix most companies skip: trust but verify. The conversation also covers why "keyboard Frank" is a different person, the hospital HIPAA nightmares you've personally witnessed, and AI's role on both sides of the kill chain. The one thing to leave with: if an IT person shows up unannounced, it costs you nothing to call IT and confirm before you let Steven in. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — The hacker shows up at your door 00:36 — Mandiant + FBI: who Silent Ransom Group really is 02:39 — The cyber-psychology of "why physical works" 06:00 — War story: the student who ran from the front desk 08:00 — Cutouts, proxies, and unwitting accomplices 11:53 — Why physical access does damage instantly 12:09 — Law firms: the richest target set there is 15:46 — Mar-a-Lago, thumb drives, and the history of in-person hacks 19:08 — Tailgating past security (Dustin's seventh-floor proof) 20:58 — Trust but verify: the fix that actually works 26:26 — The societal norms bad guys exploit 27:02 — The casino badge: getting your face "known" 28:00 — The human is always the weakest link 29:41 — AI is only as smart (and hackable) as we are 32:12 — Keep on cybering #Cybersecurity #SocialEngineering #Hacking #InfoSec #DataPrivacy #LawFirms #PenTesting #AI #CyberAwareness #SilentRansomGroup #LunaMoth #PhysicalSecurity

Kommentarer

0

Vær den første til at kommentere

Tilmeld dig nu og bliv en del af Legitimate Cybersecurity Podcasts-fællesskabet!

Kom i gang

1 måned kun 9 kr.

Derefter 99 kr. / måned · Opsig når som helst.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

Alle episoder

60 episoder

episode Why Cyber War Hasn’t Worked YET cover

Why Cyber War Hasn’t Worked YET

Most people think cyber war is about better hackers, better tools, and deeper access. But the real danger may be AI turning scattered attacks into coordinated campaigns. In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer talk with Dr. Charlie Harry about why cyber has often been powerful tactically but weak strategically — and why that may be changing fast. Charlie explains why cyber operations need more than individual hacks. They need timing, sequencing, terrain, and operational grammar. In other words: not just breaking into a system, but knowing how to turn cyber activity into campaign advantage. The conversation covers Ukraine, Russia’s cyber failures, logistics systems, ports, rail lines, AI agents, quantum computing, and why the next era of cyber conflict may look less like one big hack and more like coordinated pressure across many fragile systems. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 Why cyber war may be misunderstood 01:06 What “cyber is present but peripheral” means 02:16 Cyber optimists vs. cyber skeptics 06:20 The missing grammar of cyber operations 09:05 Cyber effects vs. strategic impact 11:03 Ukraine as the first modern cyber war case study 13:18 Russia’s cyber operations at the start of the invasion 16:29 Why cyber resembles aircraft before World War II 19:46 Cyber terrain is not just a network map 23:35 Building cyber campaigns, not just hacks 25:21 When does cyber become war? 27:30 Cyber fires, effects, and tempo 29:51 How coordinated cyber attacks could disrupt logistics 31:58 Is Russia bad at cyber? 35:17 Could AI solve cyber’s coordination problem? 38:41 AI agents vs. AI defenders 40:10 Why Charlie says the genie is already out 42:55 Why humans still matter in AI-driven cyber 47:11 AI as a new layer on global infrastructure 51:19 Agentic AI, AGI, and what people confuse 54:51 Quantum computing may be closer than expected 57:19 Charlie Harry’s book and final advice #Cybersecurity #CyberWar #ArtificialIntelligence #AIsecurity #CyberOperations #NationalSecurity #CyberDefense #LegitimateCybersecurity #Podcast

29. juni 202656 min
episode MSG’s Hidden Face Database Just Leaked cover

MSG’s Hidden Face Database Just Leaked

You may have gone to Madison Square Garden for a game or concert. But the bigger question is whether the venue was quietly building a file on you. In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer break down the alleged Madison Square Garden data leak, the ShinyHunters claims, facial recognition concerns, VIP dossiers, biometric surveillance, and why modern venues may be collecting far more information than ordinary fans realize. This is not just a story about hackers. It is a story about what happens when stadiums, arenas, and entertainment companies turn guests into data profiles — and then that data becomes someone else’s leverage. Frank and Dustin discuss: How biometric and facial recognition data changes the risk of attending public events Why “we met best practices” is not always good enough after a breach How extortion groups profit without traditional ransomware Why venues collect data they may not fully understand yet What ordinary people can actually do when opting out is barely realistic Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Hosted by Frank Downs and Dustin Brewer. Chapters: 00:00 Should you still go to major sporting events? 01:07 What allegedly leaked from Madison Square Garden 02:00 Why venues collect more data than they need 04:19 “Best practices” after a breach 05:17 Oracle, vendors, and third-party risk 09:12 Who are ShinyHunters? 13:29 Token theft, MFA, and modern extortion 14:57 VIP dossiers, face scans, and SSNs 16:08 The privacy regulation problem 18:35 Why companies collect data before knowing its use 21:48 Consent is hard, so systems avoid asking 24:57 Preventable security failures 25:34 Why AI will not kill cybersecurity 28:44 How ordinary people can reduce exposure 30:20 Keep on cyberin’ #Cybersecurity #DataPrivacy #MadisonSquareGarden #FacialRecognition #Biometrics #DataBreach #ShinyHunters #Surveillance #Privacy

22. juni 202630 min
episode SpaceX IPO: Did You Just Fund a Spy Network? cover

SpaceX IPO: Did You Just Fund a Spy Network?

The SpaceX IPO is being sold as rockets, innovation, and the future of space. But investors may have also bought into a private network with battlefield, intelligence, and surveillance potential. In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer examine what the SpaceX IPO really means when you look beyond rockets and stock hype. Starlink has already proven how powerful satellite internet can be in remote regions and war zones. Starshield raises an even bigger question: what happens when the same company building consumer satellite internet also builds national-security infrastructure? This is not a claim that SpaceX is spying on Americans. It is a question about capability, incentives, oversight, and public-market funding. If Starlink can shape connectivity in Ukraine and Russia, and Starshield is built for government and intelligence use, what stops similar infrastructure from becoming part of domestic surveillance, border enforcement, emergency response, law enforcement, or classified government operations? And if that happens, would ordinary citizens or retail investors ever know? Frank and Dustin discuss: * Why the SpaceX IPO changes the public-interest question * The difference between Starlink and Starshield * How satellite internet became a war-zone capability * Why private infrastructure can become public power * Whether investors understand what they actually bought * Why regulation always arrives after someone sticks their finger in the pencil sharpener * The uncomfortable line between innovation, profit, warfare, and surveillance Media/interview: mailto:admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Hosted by Frank Downs and Dr. Dustin Brewer. Chapters: 00:00 - Did SpaceX Just Become the Biggest IPO Ever? 01:06 - Why Everyone Loves Rockets 02:23 - Starlink vs. Starshield Explained 03:52 - Why Starlink Is Different From Old Satellite Internet 05:22 - The Good Side: Remote Access and Global Connectivity 06:41 - How Starlink Changed Modern War 07:21 - Drones, Jamming, Fiber Optics, and Satellite Links 08:44 - Should One Company Control Battlefield Connectivity? 10:46 - Is This Different From Traditional Arms Dealers? 13:22 - Why the IPO Changes the Question 14:45 - Lockheed, Palantir, Boeing, and Public Funding 16:59 - Did Investors Know What They Bought? 17:28 - The Elon Musk Factor and Private Decision-Making 18:52 - Rockets Are Cool — The Implications Are Harder 20:02 - The Hidden Cost of Powerful Technology 22:12 - Starshield and Government Intelligence Contracts 23:23 - When Safety Tools Become Tracking Tools 24:32 - Could Becomes Should: The Jurassic Park Problem 29:32 - Shareholder Value vs. Human Consequences 31:00 - Facebook, Terrorists, and “We Just Connect People” 35:32 - Why Regulation Exists 37:23 - Who Should Decide Who Gets the Network? 38:33 - Final Thoughts: Know What You Invest In #spacex #starlink #Starshield #cybersecurity #surveillance #ipo #privacymatters #nationalsecurity #techethics #legitimatecybersecurity #ai

15. juni 202638 min
episode They Send a Fake IT Guy to Hack Your Office cover

They Send a Fake IT Guy to Hack Your Office

The hacker isn't a thousand miles away in a hoodie. He's standing at your desk in a polo shirt, holding a clipboard, asking to plug something into your computer. And law firms are the target. Frank Downs and Dustin Brewer break down the Silent Ransom Group — the crew skipping the phishing email and walking straight through the front door. In this episode of Legitimate Cybersecurity, Frank and Dustin dig into SRG (aka Luna Moth, aka Chatty Spider), a Conti offshoot now assessed — and corroborated by an FBI FLASH alert — to be running physical IT-impersonation attacks against law firms and other data-rich targets. They discuss why physical social engineering is suddenly back from the 1990s, the cyber-psychology that makes us trust a stranger with a lanyard, Dustin's casino fake-badge pen test, why law firms are such a rich target (trade secrets, M&A, criminal defense, HIPAA data), and the brutally simple fix most companies skip: trust but verify. The conversation also covers why "keyboard Frank" is a different person, the hospital HIPAA nightmares you've personally witnessed, and AI's role on both sides of the kill chain. The one thing to leave with: if an IT person shows up unannounced, it costs you nothing to call IT and confirm before you let Steven in. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — The hacker shows up at your door 00:36 — Mandiant + FBI: who Silent Ransom Group really is 02:39 — The cyber-psychology of "why physical works" 06:00 — War story: the student who ran from the front desk 08:00 — Cutouts, proxies, and unwitting accomplices 11:53 — Why physical access does damage instantly 12:09 — Law firms: the richest target set there is 15:46 — Mar-a-Lago, thumb drives, and the history of in-person hacks 19:08 — Tailgating past security (Dustin's seventh-floor proof) 20:58 — Trust but verify: the fix that actually works 26:26 — The societal norms bad guys exploit 27:02 — The casino badge: getting your face "known" 28:00 — The human is always the weakest link 29:41 — AI is only as smart (and hackable) as we are 32:12 — Keep on cybering #Cybersecurity #SocialEngineering #Hacking #InfoSec #DataPrivacy #LawFirms #PenTesting #AI #CyberAwareness #SilentRansomGroup #LunaMoth #PhysicalSecurity

8. juni 202633 min