86: The LinkedIn Incident

Darknet Diaries

Jack Rhysider

True Crime, Technology

4.9 • 8.6K Ratings

🗓️ 2 March 2021

⏱️ 56 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to buy. This episode goes over the story of what happened. For a good password manager, check out LastPass. Sponsors Support for this episode comes from Quadrant Information Security. If you need a team of around the clock analysts to monitor for threat in your network using a custom SIEM, check out what Quadrant can do for you by visiting www.quadrantsec.com. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	If you get fascinated with the cybercrime supply chain, it's never a solo hacker doing
0:06.7	the whole thing.
0:07.7	There's a lot of layers to this onion.
0:09.8	So, let's say a hacker breaks into a place and stills a bunch of information from some
0:14.0	company.
0:15.0	Well, next he'll typically want to sell that data to make some money and do it again.
0:19.3	So, now you've got to find a buyer.
0:21.8	But before we even get to the buyer of stolen data, there's sometimes brokers involved.
0:25.8	People who have negotiated deals between hackers and buyers.
0:28.7	So, you might go to one of these brokers, offer a percentage for selling the database
0:32.6	to someone.
0:33.6	Now it's on them to find someone.
0:35.8	But when the broker finds a buyer, sometimes one side doesn't trust the other.
0:39.5	So they bring an entrusted third party, an underground escrow agent, if you will.
0:43.9	Who will wait for both the cash and the database and then make the trade?
0:48.4	Okay, but then what does the buyer do with this database dump?
0:51.7	Well, if it's full of email addresses, they might use it to send spam to people.
0:55.8	But of course, the spammer isn't selling anything themselves.
0:58.5	They're typically promoting someone else's business, a porn website, or a pharmacy.
1:02.5	And it's just fascinating for me to think about that sometimes.
1:05.8	It's never about the data breach itself.
1:08.6	But what happens to that data after it's stolen?
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Jack Rhysider, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Jack Rhysider and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.