Topic: Spear Phishing

Microsoft claimed to have foiled Russian hacking attempts targeting the U.S. Senate and conservative think tanks. The hosts analyze a cybersecurity promo featuring Debra Plunkett, formerly of the NSA, which encourages the use of encrypted messaging. They question the authenticity of the "hacking" claims, noting that many were later downgraded to simple phishing attempts.

The hosts mock the idea that "spear phishing" is a sophisticated state-sponsored attack, noting that it is a common tactic used by low-level criminals. One host describes receiving suspicious emails with Cyrillic attachments and discusses the importance of not clicking on unknown files or using isolated "sandbox" machines for testing.

Robert Mueller indicted 12 Russian intelligence operatives for hacking the DNC. The hosts note that details in the indictment, such as the "Act Blues" spear-phishing setup, are identical to claims made in a 2017 lawsuit by George Webb. Webb's theory alleged the Awan brothers were responsible for the hack, leading the hosts to question if Mueller's team plagiarized the details.

A producer provided a rundown of a DHS/FBI briefing regarding the "Grizzly Steppe" hacking campaign. The report clarifies that the activity was a 100% spear-phishing campaign using fake Gmail and Yahoo landing pages, and the DHS explicitly stated there was no attack on actual voting systems.

Homeland Security Secretary Jeh Johnson testified that the FBI is still investigating the DNC hack and is not yet ready to attribute it to a specific actor, contradicting claims of Russian involvement. Johnson explained that the DNC initially bypassed the FBI to hire private firms like FireEye. He also detailed how his department uses internal spear-phishing tests, such as fake Nationals or "Hamilton" tickets, to train employees on cybersecurity.

The Office of Personnel Management (OPM) data breach is analyzed, with the hosts noting the media's immediate attribution of the attack to China despite a lack of official White House confirmation. They discuss the potential for the stolen personal information and security clearance data to be used for future spear-phishing or blackmail. The segment critiques the government's failure to update server software.