馃攳
Anonymous Fugitive Arrested in Mexico... - YouTube
Channel: unknown
[0]
hello world an anonymous fugitive who
[2]
has been on the run for 10 years has
[3]
finally been tracked down and arrested
[5]
in mexico
[6]
google has reached a verdict on the
[8]
future of the humble url
[9]
the world's largest darkware marketplace
[11]
for stolen credentials has been raided
[13]
and shut down by the fbi
[15]
and cyber security stocks are booming
[17]
but why that's in today's episode of the
[19]
week web where we break down and dissect
[21]
cyber security related tech news
[24]
[Music]
[27]
after a decade on the run the infamous
[29]
anonymous hacktivist going by the name
[30]
of commander x
[31]
has been caught in mexico and deported
[33]
to the us in what seems to be the first
[35]
anonymous related arrest in
[37]
years the story of commander x otherwise
[39]
known as christopher doyle
[41]
reads like quite an adventure the tale
[43]
starts in 2010
[44]
when doyan organized a ddos attack
[46]
against california's santa cruz county
[48]
website
[49]
he did this in response to the county's
[51]
policy on homeless people
[52]
which prohibited them from setting up
[54]
camp overnight doing admits he was
[56]
rather naive he explains his associates
[59]
and himself didn't take any precautions
[61]
to hide their web traffic
[62]
or encrypt their communications this was
[64]
one decision he'd live to regret
[66]
nine months after the ddos attack he was
[68]
sitting behind his laptop working on an
[70]
unrelated anonymous operation
[72]
in a coffee shop when suddenly his
[73]
laptop was snatched from him by what
[75]
turned out to be an fbi agent
[77]
this is a common tactic used by
[78]
investigators in order to confiscate
[80]
computers
[81]
whilst they're unlocked as the drives
[83]
will be in an unencrypted state
[84]
this is similar to how silk road
[86]
operator ross ulbricht was arrested in
[88]
2013.
[89]
doyen's ddos attack knocked out the
[90]
county website for just 30 minutes
[92]
you would expect this to carry pretty
[94]
minor charges a small fine
[96]
perhaps some community service at worst
[98]
however the county claimed damages had
[100]
been caused in excess of five thousand
[102]
dollars
[102]
this makes the attack a federal crime
[104]
despite the fact those damages will
[106]
likely just have amounted to the cost of
[108]
the time it took employees to
[109]
investigate the ddos
[110]
because of course no computer equipment
[112]
is actually damaged in a ddos attack
[114]
faced with the prospect of a combined 15
[116]
years in federal prison along with a
[118]
fine
[118]
five hundred thousand dollars doyan came
[120]
to the conclusion there was no other
[121]
option but to skip bail and flee the
[123]
country
[124]
initially to canada during which he
[126]
endured a whole series of escapades
[128]
in his bid to reach the canadian border
[129]
including being attacked by perez and
[131]
whatnot
[131]
i'll link the interview he did with ask
[133]
technica which explains that ordeal in
[135]
the description
[136]
he eventually trekked from canada to
[137]
mexico where he put in an application
[139]
for political asylum
[140]
he had been living with friends in a
[142]
mexican gated community until about a
[144]
week ago
[144]
when he was arrested by authorities we
[147]
don't have many details surrounding the
[148]
arrest but one of his friends
[150]
said that armed uniformed men tried to
[152]
gain entry to the community by posing as
[154]
dea agents
[155]
not having much luck they later returned
[157]
scaled to the walls and nabbed commander
[159]
x
[160]
it all sounds pretty dramatic and all
[162]
over a county website
[163]
being booted offline for 30 minutes a
[165]
decade ago
[166]
i do feel sorry for the guy i reckon
[168]
he'll probably be made an example of
[170]
especially given the latest bout of
[172]
cyber crime sweeping the interwebs
[173]
has made the issue of hacking or in this
[175]
case ddosing a hell of a lot more
[177]
relevant
[177]
despite his actions being completely
[179]
unrelated and of course non-financially
[181]
motivated
[182]
however he hasn't helped his case by
[184]
fleeing the country since his escape
[185]
he's done many interviews with
[187]
journalists
[187]
and at one point he claimed anonymous
[189]
might well be the most powerful
[190]
organization on earth
[192]
which sounds rather bizarre he also
[194]
wrote a book whilst on the run
[195]
titled behind the mask an inside look at
[197]
anonymous giving his account on the
[199]
early days of anonymous
[200]
which no doubts the fbi have combed
[202]
through with great interest
[204]
google has reached a decision on the
[205]
fate of the humble url you see a year
[207]
ago google began experimenting with the
[209]
new feature in chrome which would hide
[210]
almost all of a url from the address bar
[212]
leaving only the domain name in view the
[214]
reasoning behind this was to make it
[216]
easier to spot phishing domains
[217]
dodgy domains sometimes only differ from
[219]
the real thing by a couple of characters
[222]
the logic is that when a url consists of
[224]
a couple hundred characters
[225]
those deviant domains are a little too
[227]
difficult to spot i can't say i relate
[229]
with this issue and i imagine you guys
[231]
who watch my videos are also
[232]
scratching your heads but i suppose this
[234]
could be an issue for less savvy people
[236]
either way google has been exploring a
[238]
prototype and a study they also rolled
[240]
it out to a small percentage of real
[241]
chrome users to ascertain if it actually
[243]
helps them identify phishing domains
[245]
the verdict is in google has decided
[247]
that the full fat url will
[249]
live to see another day this comes after
[251]
their experiments essentially failed
[253]
which doesn't come as much of a shock if
[255]
you know how domains work you know the
[257]
bit at the beginning
[258]
is responsible for who you're actually
[259]
connecting to i can't see how removing
[261]
the rest of the url
[262]
changes that but don't rejoice just yet
[264]
this isn't the first time google has
[266]
come for our urls
[267]
and it likely won't be the last in 2014
[270]
chrome implemented a similar url
[272]
cloaking feature
[273]
dubbed origin chip this innovation put
[276]
the domain of the current site in little
[277]
box to the left of the address bar
[279]
which itself was left empty to enable
[281]
quick google searching
[282]
at the time this was criticized as
[284]
simply a ploy to draw in more google
[286]
search traffic
[286]
it also came with a few little bugs of
[288]
its own which further complicated things
[290]
i don't know why google doesn't just
[292]
make the domain bold that way you get
[293]
the best of both worlds we get to keep
[295]
our urls
[296]
and google gets to scratch their rich
[298]
and implement a feature no one asked for
[299]
as a side note whilst researching for
[301]
this topic i came across a cool little
[303]
url shorting website
[305]
shadyurl.com shortens urls but makes
[308]
them look as sus as possible
[309]
its outputs are sometimes a little
[311]
risque but if you've got some time to
[313]
kill it's good fun to play with
[314]
and you get some good reactions when you
[315]
send them to people the world's largest
[317]
dark web marketplace for stolen
[319]
credentials has been shut down
[320]
courtesy of the fbi at the time of its
[323]
demise the stilp
[324]
marketplace had 80 million username and
[325]
password combos up for sale
[327]
these mapped to bank accounts paypal
[328]
accounts amazon accounts among countless
[330]
others
[331]
accounts for pretty much any site you
[333]
could imagine were up for sale in
[334]
exchange for crypto
[335]
these were sold as active accounts
[337]
meaning people would buy them in order
[339]
to loot them
[340]
such as transferring money away from
[341]
bank accounts or ordering things off
[343]
amazon
[344]
at the expense of the account's owner
[345]
still featured 1400 sellers
[347]
many of these will have been malware
[349]
operators each hovering up thousands of
[351]
credentials with dodgy software
[352]
given ransacking each account themselves
[354]
would have been quite time consuming as
[356]
well as increasing the chances of them
[358]
getting caught up in the lore these guys
[359]
sell pilfered credentials on
[360]
marketplaces like slip
[362]
it's estimated that the exchange of
[363]
credentials on silp resulted in 200
[366]
million dollars of losses in the us
[367]
alone but this sounds like a rather low
[369]
figure given that this dark website has
[371]
been active since 2012.
[373]
the fbi along with their counterparts in
[375]
germany the netherlands and romania
[377]
executed those service seizures
[379]
following this the website now hosts the
[381]
famous
[381]
fbi seizure banner the details
[383]
pertaining to house lil saw its downfall
[385]
remain
[386]
unknown but we do know that a dozen
[388]
people have been arrested in connection
[389]
with the site
[390]
it's unlikely that the downfall of still
[392]
will make any large impact on the
[393]
criminal underworld
[394]
whilst it was the largest marketplace
[396]
for credentials no doubt one of the
[398]
still outstanding marketplaces will soon
[400]
exploit the opportunity of filling the
[402]
gap in the market that the fbi have
[403]
created
[404]
usually marketplaces like still part
[406]
automatic i.e the customer receives
[408]
their credentials as soon as the crypto
[410]
payment is received
[411]
so presumably unless i'm missing
[413]
something the creds should be stored in
[415]
some unencrypted database
[417]
meaning the feds should be able to
[418]
notify the websites that the accounts
[420]
belong to
[421]
that they have been compromised cyber
[422]
security companies seem to be making a
[424]
lot of money who would have thought
[426]
with all the ransomware offensives and
[427]
assorted cyber attacks seemingly
[429]
ravaging corporations
[430]
it's not too surprising that the
[432]
companies which aim to defend against
[433]
this very problem
[434]
have been benefiting from the turmoil in
[436]
the last week alone ea games was hacked
[438]
which caused parts of their source code
[440]
to be exposed and mcdonald's was hit
[442]
with a data breach which resulted in
[443]
user data being stolen
[444]
cyber security stocks like cloudflare
[447]
crowdstrike varonis among others
[449]
are up in some cases over 10 percent in
[451]
the last week alone
[452]
cyber security solutions aren't a
[454]
one-time fix for companies
[456]
the issue is a constant threat which
[458]
means a lot of recurring revenue in the
[459]
form of subscriptions
[461]
is being realized for the companies
[462]
which aim to plug and monitor security
[464]
holes
[465]
a good example is the first trust cyber
[467]
security etf
[468]
which is a fund that essentially
[469]
consists of a lot of cyber security
[471]
stocks
[472]
by buying into this etf you are in
[474]
essence buying into a range of different
[476]
cyber security companies
[477]
in order to mitigate the risk of buying
[479]
into a single stock while still
[480]
retaining the benefit of exposure to the
[482]
industry at large
[483]
over the last month this etf is up 10
[486]
which just goes to show how much this
[488]
whole sector is seeing a bit of a boom
[490]
full disclosure i do own some of this
[492]
fund so far i've made an eye-watering
[494]
50p since i bought in
[496]
so excuse me while i go plan my early
[497]
retirement if you enjoy this kind of
[499]
video make sure to help me out by
[500]
tickling the like button for the youtube
[502]
ai
[502]
as well as turning on those sub
[503]
notifications if you're looking for
[505]
something to watch next go check out my
[507]
previous video on how a us military
[509]
contractor
[509]
which works on nuclear weapons was
[511]
targeted with ransomware
[512]
if you get a lot of value from this
[514]
series of videos do consider becoming a
[516]
channel member
[516]
as always sources will be linked in the
[518]
video description stay tuned for more
[520]
hacking videos
[521]
and have a good one
Most Recent Videos:
You can go back to the homepage right here: Homepage