this episode of Cybersecurity Today salutes Katie Moussoursis, CEO of Luta Security, who wins our first speaking Truth to Power Award for having the courage to speak up when others wouldn't, even when it wasn't to her financial or career advantage. The nightmare of identity theft explodes in Canada's tax system Cybersecurity firm Prodaft buys hacker forum accounts to monitor cyber criminal activity. Google reboot introduces new security features for Android.
Hertz was hit by a supply chain hack from the CClop gag, and a US attorney alleges that a UK intelligence firm paid to have them hacked while engaged in a trial. This is Cybersecurity today.
I'm your host, Jim Love radio Canada, a part of the CBC Canada's national broadcaster broke a story on Tuesday that started with a chilling tale of how a Canadian nurse named Leslie Warner was taken into federal custody by the RCMP fingerprinted, a mugshot taken, and all because someone had stolen her identity and filed bogus tax returns with the Canada Revenue Agency CRA. The return listed the tax preparation firm, H&R Block, as her agent.
In this phony return, she maintains she never engaged them, and that's the real terror of having your finances and your life hijacked. Your identity can be stolen. Your address changed. In this case, the woman suddenly had children on the official tax records. You may never know who did it or why, or what else they're doing with your identity.
But this story got closer to an answer that affects not just Warner, but apparently 28,000 other people who an anonymous tipster said had their names stolen from a provincial health agency in British Columbia. The article says that the likely agency was the Interior Health Agency. The Tipster claims the list was sold on the dark web for about a thousand dollars, and later circulated on the Encrypted Telegram app. But the story gets murkier because of the link to the tax preparer.
Reporters found at least six people who had their CRA accounts hacked by imposters using various locations of H&R Block. And while H&R Block claims they knew nothing about the incidents when asked by the CBC's Investigative Journalism program, the Fifth Estate leaked internal memos suggest otherwise.
The same program had previously broken a story that revealed that tens of thousands of Canadians have had their CRA accounts hacked since 2020 when scammers took advantage of security gaps between the CRA and the third party tax preparation companies like H&R Block. Despite what's been revealed, there's still a lot of confusion and a lot of unanswered questions. The matter remains an open RCMP investigation and interior health.
The reported source has engaged external security experts from Deloitte, Canada, but nobody's talking. Even the CRA won't provide the answers that Warner wants to know, which is why didn't anybody tell her? Proponents who have criticized the Canadian government for failing to enact solid privacy legislation will have one more story to tell about the damage this failure has caused. There's a link to the full CBC story in the show notes.
. You have to admire the cleverness of turning greed into good. Swiss Cybersecurity Company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming to infiltrate and monitor cyber criminal activities from within these communities. The initiative named Sell Your Source involves acquiring established accounts on cyber crime forums to gain insider access and gather intelligence on.
Illicit operations and Prodaft has advertised this program directly on the hacking forums, utilizing an older account on the Russian speaking XSS cybercrime forum to promote the account purchasing scheme. Prodaft evaluates each account individually with pricing dependent on various factors, and is currently interested in accounts from specific forums. Though this focus may change over time, it's particularly interested in buying accounts from XSS exploit IN ramp for you.
Verified and breach forums, cyber crime forums and offers to pay extra for accounts with moderator or administrator privileges. However, they will only accept accounts created before December, 2022, and the accounts must not have engaged in cyber crime or unethical activities in the past. Also, they will not purchase accounts on the FBI's or other law enforcements most wanted lists, and while they will communicate with law enforcement, they will keep the purchase details confidential.
By integrating into these forums, Prodaft aims to collect real-time intelligence on cyber criminal operations, enhancing their ability to detect and respond to emerging threats. This approach reflects a growing trend among cybersecurity firms to adopt proactive measures in monitoring and countering cyber crime. But will cyber criminals, especially amateurs on the fringes, sell out their friends for a buck? My bet is on Prodaft.
Google is introducing a new security feature in its latest Android update that will automatically reboot phones and tablets if they remain locked for three consecutive days. This measure aims to enhance data protection by placing the device into before first unlock, or BFU State, which encrypts user data and disables biometric logins until a passcode is manually entered.
The feature is part of the Google Play Services 25.14 update and is designed to reinforce data security for devices that are left unused for extended periods. It's applicable to Android phones and tablets, but excludes other devices like Android Auto, TV, and Wear os. The move mirrors Apple, similar inactivity reboot. Introduced an iOS 18.1, which activates after four days of inactivity.
This feature frustrated many law enforcement agents who had found that after a few days in storage hacking the iPhone was next to impossible. Google has not yet specified the precise rollout time for the update, or which devices will support this auto reboot feature. For users, this means that a device left untouched and locked for three days will automatically restart, requiring the user to enter their passcode to regain access. The process ensures that the device's data remains secure.
Even if the device is lost or stolen and remains unused, and the before first, unlock encryption makes it next to impossible to crack the device and find usable data. So if your phone is stolen or someone tries to access it without your consent, it's a lot harder to crack. I remember it being one of the highlighted stories from Don Tapscott, if anybody remembers him. It was one of those stories about the digital revolution.
Instead of a ton of paper forms, you could pull your car into a car rental rent or turn it over in minutes. Why they remembered you. Well, the problem with that is. They remember you because your data is on their systems. A lot of it hugely sensitive data, driver's license, insurance, credit card. Actually, what didn't they know about you?
And Hertz has disclosed a data breach resulting from a cyber attack on its vendor, Cleo Communications, which compromise this sensitive customer information, including the driver's license, credit card details, and who you rented with. The Clop ransomware gang has reportedly claimed credit for the attack on its dark web leak site alleging that it stole the data on more than 60 companies by exploiting a bug in their Cleo systems.
In a later post, Cleo claimed dozens more alleged corporate victims. Hertz initially denied the attack, but later confirmed unauthorized access to customer data, such as names, contact information, dates of birth, driver's license, and payment card information. A small subset of customers may even have their social security numbers, passport details, or workers' compensation data exposed . The splitting of hairs comes from the fact that Hertz's internal systems remained unaffected.
But the company became aware of the breach from Cleo on February 10th, 2025, and had just completed its analysis by April 2nd. The breach affects customers in multiple regions, including the us, Canada, the eu, uk, and Australia. In Texas alone, approximately 96,000 customers were impacted. Hertz has notified law enforcement and regulatory bodies and is offering two years of free identity monitoring services through Kroll to affected individuals.
The company advises customers to monitor their accounts for any unauthorized activity. Daniel Feldman, a New York attorney has filed a motion in Manhattan Federal Court accusing a London-based intelligence firm Vantage Intelligence of orchestrating a hack for hire operation against him during a legal dispute from 2016 to 2018.
Feldman claims that the cyber espionage compromised privileged communications, unfairly influencing the outcome of a case involving entities linked to the defunct Russian oil company. Yukos feldman alleges that Vantage intelligence paid Israeli private investigator Aviram Azari , 357,000 British pounds to hire Indian hackers who intercepted his emails with legal counsel.
These communications were reportedly accessed during the litigation over allegations of self-dealing related to Ucos affiliated companies. In 2019, Feldman was found liable for breaching fiduciary duties, resulting in a nominal $5 fine and a one year suspension of his law license. He now seeks to overturn this judgment, asserting that the hacking tainted the legal process.
The US Justice Department is confirmed that Feldman's emails were breached, and From what we can see, vantage Intelligence is keeping a low profile, but it's an influential firm. Eric Prince, founder of Private military company, Blackwater, and reportedly an ally of President Donald Trump joined Vantage's Board of Advisors last year. Just to be clear, however, he's not implicated in Feldman's allegations.
Feldman's case is part of a broader pattern where litigants have used evidence of hacking to challenge legal decisions. For instance, aviation executive Fire had zema successfully overturned a UK judgment after proving that his opponents had hacked his emails. So, warning to law firms big and small, be nice to your ciso and if you don't have one, get one. There are good fractional CISOs out there, even for small companies.
Now, for those who prefer the non-ED editorial version of the podcasts, consider this to be my sign off for the day. I'm Jim Love. Thanks for listening. I'd originally rejected the story I'm gonna cover next because we will speak truth to power, any power, but I don't want this podcast to become political, but sometimes. Being silent is cowardice, not editorial discretion.
President Donald Trump has revoked the security clearance of Chris Krebs, the ex-director of the Cybersecurity and Infrastructure Security Agency, Seesaw, and he ordered a Department of Justice investigation into Krebs tenure. Krebs, who publicly refuted Trump's unfounded claims of election fraud in 2020 now faces accusations of weaponizing his position charges, critics argue or politically motivated and threaten the integrity of federal cybersecurity efforts.
On April 9th, 2025, Trump signed a presidential memorandum directing federal agencies to revoke any active security clearances held by Krebs and to initiate a review of his activities during his time at CISA. The order also suspends clearances for individuals associated with Krebs, including employees at Sentinel One, the cybersecurity firm where he currently serves as Chief Intelligence and Public policy Officer. Now There are two issues here.
First, if any cybersecurity professional can't speak freely and honestly their company is in trouble. If the head of CISA a can't speak openly and honestly, we're all in trouble and There's already enough about personal liability of cybersecurity professionals, especially CISOs.
CSOs may now have to face court trials, but are we really served well when the whole might of government might come down on someone because they spoke what they thought was the truth about something the government did, and not only that person is affected in this case, everyone who works with him also has their livelihood affected.
We have a large US audience and I respect your right to support any political candidate, but if I'm traveling into the US for a cybersecurity event now will I be on a list for speaking out? You may think I flatter myself and maybe I do. We have a lot of listeners though. but one reason I felt I had to speak up was that the cybersecurity community, at least the vendor community, has largely remained silent with only one vendor organization commenting publicly on this matter. I get it.
It is tough to tackle issues like this yet. If we say nothing, doesn't that say something? If your commercial interests take precedence over defending the ability to give an honest opinion, what does that say about us? And maybe I'm being too tough. Companies have a responsibility to their shareholders. People want to keep their jobs. Who am I to judge? But in that case, those who have power always win.
The investigation into Krebs could have a chilling effect on professionals, particularly those tasked with safeguarding federal elections or guarding something where the government has an action, it will be easier for them to look the other way rather than maybe offend the winner and lose their career.
David Becker, executive Director of the Center for Election Innovation and Research and a former DOJ attorney criticized the executive order saying it attempts to tarnish Krebs outstanding reputation and harm his business. Though I suspect both efforts will fail for me, I sincerely hope he's right.
but to Katie Moussouris, CEO of Luta Security, I hope I'm saying it right, and a former member of CISA Cyber Safety Review Board who stated that the probe will have several chilling effects and issued a full LinkedIn post where she criticizes it. Katie, if I ever need services, you are at the top of my list. And if Sentinel One stands by Krebs, they're on my list as well.
, here's a shout out to a company Luta Securities and Katie Moussouris, who you know will always do the right thing, even if it costs them. I'm your host, Jim Love. Thanks for listening.