Ed - Darknet Diaries Recap

Podcast: Darknet Diaries

Published: 2022-07-26

Duration: 42 min

Summary

In this episode, Ed Skotis shares his journey from a young hacker to a prominent figure in cybersecurity, emphasizing the human vulnerabilities that cybercriminals exploit. He discusses real-world phishing scams, including a significant case involving Barbara Corcoran, illustrating how easily people can fall victim to digital cons.

What Happened

The episode opens with host Jack Recider reflecting on the precariousness of cybersecurity, highlighting how a single click can lead to devastating consequences. He shares the story of Barbara Corcoran, a judge on Shark Tank, who lost $400,000 due to a sophisticated phishing scam. The email appeared to be from her assistant and approved a payment for a renovation, showcasing how attackers manipulate trust rather than relying solely on technical means.

Ed Skotis, the guest for this episode, introduces himself as a seasoned penetration tester and instructor at the SANS Institute. He recounts his early experiences with computers and hacking, which began with his childhood fascination for technology. After studying electrical engineering and information networking, he found himself in the world of cybersecurity, initially working at Bell Labs before transitioning to penetration testing for major banks. Ed's career evolved as he began speaking at cybersecurity conferences and eventually became a SANS instructor, where he continues to educate others about security vulnerabilities.

Throughout the episode, Ed emphasizes the importance of understanding the human aspect of cybersecurity. He discusses a past penetration test at a hospital, where he was tasked with assessing the network's security. The defined scope of the test was crucial, as it ensured that the assessment was both effective and ethical. Ed's deep knowledge and experience in the field bring to light the ongoing challenges of securing systems against both technical exploits and human errors.

Key Insights

• Phishing attacks often exploit human trust rather than technical vulnerabilities.
• Barbara Corcoran's incident exemplifies the financial risks of social engineering.
• Ed Skotis's journey illustrates the diverse pathways into cybersecurity careers.
• The importance of clearly defined scopes in penetration testing to ensure security assessments are ethical.

Key Questions Answered

What happened in Barbara Corcoran's phishing scam?

Barbara Corcoran, a judge on Shark Tank, became a victim of a phishing scam that cost her $400,000. The scam involved an email that appeared to come from her assistant, approving a payment related to a real estate renovation. This email deceived her bookkeeper into wiring a significant amount of money to the attacker, showcasing how attackers can manipulate trust.

How did Ed Skotis get into cybersecurity?

Ed Skotis began his journey in cybersecurity as a child when he first started hacking on a VIC-20 and later a Commodore 64. His interest grew during his college years, where he studied electrical engineering and information networking, engaging in hacking activities with peers. This foundation led him to a career in penetration testing after working at Bell Labs.

What is the significance of penetration testing?

Penetration testing is crucial as it helps organizations identify security flaws within their systems. Ed mentions that his early work involved testing the security of banking networks, where he aimed to find vulnerabilities that could allow unauthorized access. This proactive approach helps organizations bolster their defenses against potential cyber threats.

What does SANS Institute focus on in cybersecurity?

The SANS Institute is known for its comprehensive cybersecurity training and high-quality instruction. Ed emphasizes that SANS employs the instructor-practitioner model, ensuring that instructors are actively engaged in the field of cybersecurity. This approach helps bridge the gap between theoretical knowledge and real-world application.

What are the challenges of securing against phishing attacks?

One of the biggest challenges in securing against phishing attacks is the manipulation of human behavior rather than technical systems. Ed points out that even educated individuals can fall victim to such scams, highlighting the limitations in our ability to 'update the firmware in our brain'. Continuous education and awareness are essential, but the inherent vulnerabilities in human nature remain a significant concern.