CYBER, a cybersecurity podcast sponsored by the Canadian-based media organization VICE, through its Motherboard technology-focused division, launched in November of 2018. There have been 16 full podcast episodes. They average 30 minutes in length, some shorter and some longer. They aren’t long enough for my full hour-long commute but work well for my getting ready routine or for when I’m doing household tasks like folding laundry or loading/unloading the dishwasher. It is hosted by Ben Makuch (sounds like Mack-coo), a security journalist with Motherboard/VICE, with guest Motherboard reporters Joseph Cox and Lorenzo Franceschi-Bicchierai. It is ad-supported, but anyone who listens to podcasts is used to ads. (If you’re not a fan of Samsung maybe plug your ears during the ads.)
I discovered the podcast in January of 2019 when I was doing an Internet search for “cybersecurity podcasts”, because a friend wanted some suggestions for his 400-mile round trip to visit his daughter and was interested in learning more about cybersecurity. I found CYBER and since I appreciate the edginess of the VICE and Motherboard brand – I want to be informed, but I want to be entertained while I’m being informed - it was one of the first I sampled.
Fun trivia fact: the introduction sequence features Lex’s line from Jurassic Park, “it’s a Unix system; I know this”, which many poke fun at as an example of outrageous tech-in-entertainment-fiction, but is based in reality. The File System Navigator (FSN) shown in the movie was an actual 3D file browser.
The first episode, “SIM Hijacking and the Phone Number Scam”, frightened me the most of them all, even the Bounty Hunter location tracking expose episode. I remember what I was doing when I heard it, even: steaming dresses (for wearing, not eating). I knew on a vague level that it was possible for nefarious folks to get a mobile number transferred away to them, but when I heard Lorenzo Franceschi-Bicchierai saying “here’s the bad news: there’s very little you can do, unfortunately”, I panicked. I have a mobile number through my carrier, of course, but I try to use my Google Voice numbers when I can, both for communication and the times when two-factor authentication (2FA) relies on text messages (SMS) instead of an authenticator app. However, there are some situations where I am forced to provide my carrier mobile number. I don’t trust my mobile carrier to do the right thing and ask for the passcode whoever is calling to make changes should have to give. There is nothing we, as consumers, can do to protect ourselves from our mobile carriers and their employees who are a known insider threat. The Bounty Hunter episode went more into that, because mobile carriers were selling location data to the highest bidder. Lorenzo wrote a detailed article on SIM Hijacking in the summer of 2018: https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
"The Dark Overlord and the 9/11 Insurance Files Hack" revealed that some ransomware groups have professionalized and use contracts. (It's only a matter of time, then, until they are so busy having meetings and filling out reports that they won't have time to do actual hacking.) "Spy Versus Spy" was like a James Bond movie, which proved that true life is stranger than fiction.
My favorite episode, hands down, was the “The Penetration Tester” episode, featuring a Walmart Red Teamer, Jek. It made me want to be young and unattached and starting off in security so that I could fly around the country being a physical penetration tester. What made the episode even cooler was that a few weeks before I had noticed a tweet about how a physical pentester almost got caught. I wondered as I was listening to the podcast episode whether this was the same person, and, yes, it was.
This next part will doubtless surprise my mother and anyone else who knows what my language is like when I’m driving (“well-educated sailor” covers it), but one thing I have to point out about this podcast is that it’s at least PG-13 in terms of language and often veers into what I would call R. Myself, I don’t care, because I’m listening in an environment where no one is going to notice or comment, but when I went to recommend it to an audience where I was unsure whether ears would be sensitive I started paying closer attention to the language. One should be very careful listening to this podcast at work, in the car with kids, or around sensitive grownups.
Interestingly, only one of episodes, the PewDiePie Hacks, is marked as Explicit. The creators are Canadian, and thus have different language conventions, but I also think there’s an attempt to be more with it by using strong language. I’m reminded of when my husband’s Belgian cousins tried to impress me with their English and had a higher F-word count than a Samuel L. Jackson movie. When the podcast is playing clips from interviews or other sources, they could bleep out the F-words, for instance (which, to be fair, are the PG-13 usage where it’s an expletive and not an activity). Or, maybe I’m finally showing my age ;-)
Still, despite having to be careful about with whom I share
the podcast I do recommend adding CYBER to one’s podcast list. They know how to
tell an engaging story about current and relevant cybersecurity issues, and you
will want to keep listening until the end. I look forward to each new episode
and have learned a lot about cybersecurity from listening.