Malicious Life wasn’t intended to be this way.
In the very first episode of our podcast, I listed off the topics we were going to cover on the show. We had six episodes planned about the history of cybersecurity, and we were really excited about those six episodes. A few people even tuned in to listen to the podcast, here and there.
A year later, at last year’s DEFCON, we sold so many Malicious Life t-shirts that we ran out in 72 hours. The year after that, we surpassed a million downloads. Best of all, we now have loyal listeners--IT professionals, miscellaneous geeks, and complete newbies that listen to some of our favorite stories of cybersecurity history on their drives to work, their treadmill runs, and during their late-night coding sessions.
All of this has let us do so many episodes that new listeners often ask: where do I start? To close out the year, answer that question, and celebrate seventy episodes, we’re listing the best cybersecurity podcast episodes we’ve released in 2019. In honor of our humble beginnings, here are our six favorites:
For a few months at the beginning of 2009, Conficker seemed to be the story of a computer worm that couldn’t be destroyed. It spread from a French Navy air station to a hospital in New Zealand to London’s House of Parliament before anybody knew what to do about it. A 60 Minutes feature proclaimed “The Internet Is Infected,” and while reporting on the story, their computers got infected.
What the story of Conficker turned out to be, in the end, was one of unity. In response to the worm’s out-of-control spread, security experts from different companies and countries worldwide banded together, as one unit, with the sole purpose of ridding the world of Conficker.
Unfortunately, the hackers behind Conficker were equally up to the task.
Thus began a months-long tug of war over the future of the internet. Every time the security community got close to cracking Conficker, the hackers would release a new update. Every time it seemed like the outbreak was over, it turned out not to be.
Listen here: Conficker
5. Marconi & the Maskelyne Affair
Unlike Mark Karpeles, Guglielmo Marconi made for a capable villain. He was a fascist, he fabricated his accomplishments, and he really only came to be known as the father of telecommunications after Nikola Tesla’s laboratory burned down.
Nevil Maskelyne wasn’t exactly an angel, either. He was originally hired to spy on Marconi’s company, and also happened to run his own competing company. Still, he was more of a playful man than a vengeful one. He was an accomplished magician, for one thing, as well as an inventor. His father was the inventor of the tragically ridiculous “spend-a-penny” toilet locks.
When Marconi claimed to have invented an “unhackable” communications technology, Maskelyne decided to step in. With a healthy dose of humor, he demonstrated that such a thing could never exist. In the process, he publicly trolled one of the world’s most respected men.
Listen here: Marconi & The Maskelyne Affair
4. The Equifax Data Breach
You don’t choose to give your personal information to a creditor. And if you don’t like it, you can’t stop them from taking it.
When the Retail Credit Company was founded at the turn of the 20th century, its function was to gather private information on citizens to determine their trustworthiness. That information could include personality traits, whether they were in debt and, in some cases, whether they were cheating on their spouse. The information was then sold to businesses, without the knowledge or consent of those surveyed.
RCC changed its name to Equifax in 1975 to escape an onslaught of negative press, but their business practices never changed. Equifax exists to collect all your most sensitive personal data, then sell it to businesses.
This non-consensual model of data trafficking is what made the Equifax hack of 2017 so infuriating. If you’re an American, and you’ve owned a credit card, car or house in your life, you were almost certainly implicated in their data breach. Your name, address, social security number--just about everything a criminal would need to steal your identity--was lost, to a yet-unidentified hacker group. And it will be lost to them forever.
Listen here: The Equifax Data Breach Pt. 1: A Big Data Bubble
(Dancho Danchev’s Blog)
Nikita Kuzmin didn’t have to turn out the way he did. He was bright. Programming came easily to him. And for all his anti-capitalist ramblings online, he really did have a remarkable penchant for entrepreneurship. In another universe, he might’ve become one of the top programmers, security experts, or startup entrepreneurs in Russia.
Instead, at an age when most of us were learning trigonometry, figuring out how to talk to girls/boys, and having our first beers, Nikita conceived of an entirely new model for monetizing malware. This was malware-as-a-service; Spotify for hacking bank accounts.
For a while, his service--76Service--and the malware supporting it--Gozi--ran quite smoothly. Its success is what caught the eye of the kinds of folks capable of bringing the whole operation down.
Listen here: Gozi, Part 1: The Rise of Malware-as-a-Service
2. The Fall of Mt. Gox
It’s convenient, when writing a Malicious Life episode, to have a juicy bad guy: the NSA, Kim Jong-Un, or, in most cases, the CEO/CISO of whatever organization is in the episode title. Mark Karpeles didn’t allow us this luxury. The more you get to know him, the harder it is to vilify him. He’s really just a strange person who, mostly due to dumb luck and impeccable timing, ended up in a job he was vastly unprepared for.
Few men in history can claim to have run a company so poorly as Karpeles ran Mt. Gox. But what can you really expect from a guy who’s so dedicated to quiche that he bought a $35,000 pastry machine and hired an “independent pastry consultant” for a cafe that never actually opened? In another instance, Mark agreed to be interviewed about his dying company on the condition that a reporter bring him ingredients for a quiche he was preparing to make.
The story of Mt. Gox is, in many ways, a story of one man’s tragic inability to focus on important tasks. Even if his quirks didn’t directly cause the fall of his company, they certainly go some way to explaining how anybody could lose so much of the world’s total supply of Bitcoin without even noticing.
Listen here: The Fall of Mt. Gox, Pt. 1
1. How is Spyware Legal?
Have you ever had a fly in your car, or your house, and you open a window to let it out? It starts bouncing off the window frame, in and around the opening, but it doesn’t actually manage to go through. So you sit there and think: “Stupid fly, how are you not seeing this? It’s right there, it’s so obvious! Just look right there!”
This is how it felt to research spyware. In articles online, speeches given at universities, and FBI notices, experts described in great detail the ubiquity, and the dangers, of emerging stalkerware platforms. But almost nobody was asking what seemed like a glaringly obvious question: how could a program, designed to track private citizens without their consent, be legal?
For awhile, we at Malicious Life wondered if we were missing something. Maybe the answer was so obvious that nobody felt the need to address it.
That was not the case. In fact, the legal framework that allows shady spyware companies to sell their subscription plans to jealous lovers, stalkers and domestic abusers is labyrinthine, difficult to understand, and just vague enough to allow the creeps who propagate the system free reign.
Listen here: How is Spyware Legal?
The only thing that beats the best Malicious Life episodes of 2019 is those episodes we’ve got lined up for 2020. Seriously. Our production team keeps a list of topics we’ve been meaning to get to, and some of them are just wild. We’ll talk about the world’s most famous hacker, the children whose biometric information was stolen by Taylor Swift’s security detail, a KGB spy whose immolation was officially recorded as a “suicide,” and much more.
Thanks for listening.
P.S. One of the show's frequent guests, Sam Curry, has recently released a recap of his biggest trends and predictions for 2020. If you're interested in how the cybersecurity landscape will change this year, in light of several dominant geopolitical events, feel free to check out the link below.