Europe Is Quietly Preparing for a Tech War

title Europe Is Quietly Preparing for a Tech War

description Chris and Hector break down a week of cybersecurity stories, from Europe’s push to move away from U.S. tech to supply chain attacks, insider threats, and SaaS compromises. They dig into why modern security tools still fail, how attackers exploit trust in third party systems, and why some breaches matter far less than headlines suggest.

Join our Patreon for weekly bonus episodes:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]

pubDate Thu, 23 Apr 2026 09:00:00 GMT

author Chris Tarbell & Hector Monsegur

duration 3073000

transcript

Speaker 1:
[00:00] But then guess who gets fucked? The American worker. The guys who work at the data centers, those guys get fucked now. So either or, you know what? The American people get fucked. That's the fucking problem.

Speaker 2:
[00:12] Hector Monseguro was responsible for some of the most notorious hacks ever committed. FBI Special Agent Chris Tarbell.

Speaker 1:
[00:18] Hackers and FBI informants.

Speaker 3:
[00:20] Participated in some of the world's most infamous hacks. That caused up to $50 million in damages.

Speaker 2:
[00:26] A life in the shadows. Cyber attacks on the rise.

Speaker 3:
[00:41] Welcome to Hacker And The Fed. I'm Chris Tarbell, former FBI special agent, working my entire career in cybersecurity, and I'm joined as always for free episode number 128 by Hector Monseguro. Hi. Hi, Hector. Hector's a friend and podcast co-host, but also he's a former Black Hat hacker, bad boy who once faced 125 years in prison for as many years of hacking under the code name Sabu. Our stories collide in June 2011 when I arrested him and then convinced him to work with me with the FBI. Hector is now a Red Teamer, researcher, cybersecurity expert, one hell of a guy, oh, and co-founder over at Safe Hill.

Speaker 1:
[01:20] Hey, that's what I'm talking about.

Speaker 3:
[01:22] That's what the fuck you're talking about. I love it.

Speaker 1:
[01:24] That's what I'm talking about.

Speaker 3:
[01:25] Oh shit. Jonathan's upset. Too much energy. Too much energy.

Speaker 1:
[01:28] Sorry, Jonathan.

Speaker 3:
[01:29] Yeah.

Speaker 1:
[01:30] Too much energy. You got to slow it down. How you doing, buddy?

Speaker 3:
[01:34] I'm doing all right. Today would have been my father's 81st birthday. Happy birthday, dad.

Speaker 1:
[01:40] Happy birthday.

Speaker 3:
[01:41] Yeah. He's no longer with us, but he's still thinking about him on days like that.

Speaker 1:
[01:47] Yeah, man. He's still here. He's still hanging out with us. It's some memories that count. One thing that I always loved, I'm not big on sayings and people like, hey, think about the bright side and all that nonsense. But it's one thing I did take away when my grandmother passed, which was one of the most devastating things that ever happened to me. You know, somebody told me, hey, listen, hey. Well, they called me Boo. Hey, Boo, listen. You know, I understand how you're feeling right now. I know it's not a great feeling, but you know what? You should celebrate those good times you had with her, those memories. Those memories you're always going to keep. You know what I mean? And so, that's what I do, man. So, I hope you do the same. I hope you think about your dad and all the fun memories, the good memories you had, because that's something you're always going to keep with you, so you meet the great equalizer. You know what I mean?

Speaker 3:
[02:39] We may not end up in the same place, though. You never know.

Speaker 1:
[02:43] That's a good point.

Speaker 3:
[02:45] So, you never can tell. Never can tell these days. But it's funny, when you're saying, I don't like sayings and all that, you know what saying I didn't figure out until a few years ago?

Speaker 1:
[02:55] Which one?

Speaker 3:
[02:56] It'll be the last place you look.

Speaker 1:
[02:59] Okay.

Speaker 3:
[03:00] I never understood it. Of course it is. You stop looking for it once you find it.

Speaker 1:
[03:05] That is a good freaking point.

Speaker 3:
[03:08] You stop looking. So of course it's the last place you look. You'll find it. It's it. It's done. I didn't get it. And all of a sudden, I said somebody said something to me. It's like I remember exactly where I was when I was a kid, when I figured out why they call 6969. I was like, whoa. Oh yeah. It's funny being a kid like that. Like the things of the world as you become more of an adult and figure things out and you're like, whoa, wait a second, what's going on here?

Speaker 1:
[03:37] Oh yeah. No, I remember being in high school and then getting a copy of the Kama Sutra book. It was so fascinating to me because I'm over here thinking it's going to be like a sex book and all that. In a way it is, but instead of talking about women, the references were like animals.

Speaker 3:
[03:58] I don't know, really.

Speaker 1:
[03:59] Yeah, you got to read it. It's really interesting. Because now you look at it, you're like, well, okay, that makes sense.

Speaker 3:
[04:04] Read it. I picture it as a picture book.

Speaker 1:
[04:06] Yeah, that's what I thought it was too. Yeah, as a kid, you're like, oh my God, it's a sex book. But no, it's like a philosophy to it. It's fantastic stuff. But yeah, man, listen, today, let me tell you something. Today is a good day. It's a beautiful day. We got to celebrate. We got to enjoy ourselves. With all the craziness happening in the world, we got to make the best of it.

Speaker 3:
[04:28] It's a beautiful day that you're back on the podcast. Welcome back after being sick last week.

Speaker 1:
[04:33] I know. I heard you did a great job last week.

Speaker 3:
[04:35] Oh, on the Patreon, yes.

Speaker 1:
[04:38] Yeah, I heard. I heard there's some good stuff in there.

Speaker 3:
[04:41] Yeah, Will wants to kick you off the Patreon. It's just going to be me all the time.

Speaker 1:
[04:45] Yeah, that's fine.

Speaker 3:
[04:46] No.

Speaker 1:
[04:47] I'm cool with that.

Speaker 3:
[04:49] You know the people want both of us.

Speaker 1:
[04:53] It's a fun time. We can sit down with a friend and just chop it up and BS. I love that.

Speaker 3:
[04:58] Oh, yeah. It's beautiful. You just got done teaching a class. Tell me about that. How old were these kids? What did you teach?

Speaker 1:
[05:07] Yeah. It was college level.

Speaker 3:
[05:10] Okay.

Speaker 1:
[05:11] I started off by-

Speaker 3:
[05:13] Legal is what you're telling me? I hear you.

Speaker 1:
[05:17] No, it wasn't like-

Speaker 3:
[05:18] That Epstein shit's behind you, no longer on that shit.

Speaker 1:
[05:21] There's no Epstein shit. That's you pushing it. No, that's not a thing. But no, it was really cool. They asked some really good questions. Students were intrigued about cybersecurity from a defensive and offensive perspective. They had to share some insights. I was over here quoting freaking philosophers and gave a little history lesson at the end. So yeah, it was fun. I hope they have some good takeaways. I hope they're like, man, this guy is a nerd.

Speaker 3:
[05:53] What was the best question they asked you?

Speaker 1:
[05:58] I think the question, a question that we get all the time, but it's still a good question because it sparks some really good takeaways, which is how has defense changed over the last X amount of years? So you remember the 90s, at best you had a firewall. Late 90s, 2000, at best you had an antivirus with a firewall. Neither one worked well, right? At some point, we had a genius create us SYN cookies, and NATS, Network Address Translation, which allowed us to really get off the external facing internet and put a whole bunch of computers behind one IP address. Shout out to the team that built that. But then you moved to 2026, what do you have? You have NDRs, XDRs, EDRs. You have all these really cool tools, but the problem persists. What's the problem? These companies are not properly configuring or deploying them. And so even though the tools are better now, these are the takeaways. Even though the tools are better now, the results are still the same, right? For the most part, it's not one-to-one, but for the most part, we're seeing the same hacks, same ransomware, same extortions. So that was kind of my answer.

Speaker 3:
[07:22] Man, I thought your best question was going to be, heck, with summer coming back and around, aren't you worried about Chris getting cancer on his balls?

Speaker 1:
[07:31] Well, shit.

Speaker 3:
[07:35] Do you worry about my balls as much as I think you do?

Speaker 1:
[07:39] Well, now that you bring it up, I do worry about it because being out there in the sun, spread eagle like a cheerleader, I'm not so certain that's a good idea. I hope we're using some sunscreen or something.

Speaker 3:
[07:51] It is. Did I tell you last week on the Patreon, when I did it by myself, I so went off, I started talking about colonoscopies and that sort of thing, and how I'm concerned about people?

Speaker 1:
[08:00] No, I haven't even listened to the episode.

Speaker 3:
[08:02] You haven't gotten there? All right.

Speaker 1:
[08:03] No, you got to give me a quick TLDR, bro, because I have no idea. All I know is that Dingbat, our boy Dingbat out of Down Under, he wrote us an e-mail like, hey, Chris killed it. But he didn't say anything else. He didn't give me no hints as to what you're talking about.

Speaker 3:
[08:19] Now, my friend, one of the mean girls, she got a colonoscopy and so it was fresh on my mind, so I figured I'd talk about her butthole on the podcast.

Speaker 1:
[08:26] Nice.

Speaker 3:
[08:27] Then we went over and talking about colonoscopy, how it's so easy, such an easy cancer to prevent, but one of the most painful to die from.

Speaker 1:
[08:36] Yeah, I can imagine.

Speaker 3:
[08:39] No, but good on her, clean butthole, so we're good to go.

Speaker 1:
[08:42] Did she send you pictures?

Speaker 3:
[08:44] Of course, she brought them in. She brought them in and showed us.

Speaker 1:
[08:48] Oh my God. I got to meet these mean girls because they're hilarious.

Speaker 3:
[08:51] Yeah, you'll meet them sometime. If you come to that party, they'll be there. Okay. One of her doctors, again, I don't mean to bring the Patreon over under the free show, but one of her doctors was Dr. Shartz. Can you imagine having your last name Shartz?

Speaker 1:
[09:05] No, no, no. Come on, man. Well, it kind of makes sense. They're in that profession, brother. Like, come on.

Speaker 3:
[09:14] She said she's sitting there fucking bare ass, sticking out and all that, and that he introduces himself, and she just fucking loses it like a 12 year old fucking boy.

Speaker 1:
[09:23] Hey, I'm Dr. Shartz. Let me take a look at your asshole. Yeah, that's tough.

Speaker 3:
[09:27] That is real tough.

Speaker 1:
[09:28] It's a tough one.

Speaker 3:
[09:30] All right, guys. Thanks so much for the support on Patreon. We really do appreciate it. And the support on the merch store hackerandthefed.com. Again, Hector and I are getting hit up left and right. And the pressure is getting huff. Keep this show commercial free. But we're trying. We're trying. We want to keep it off the free show. We've even thought about putting up another show just to put commercials on that one. So who knows what we're going to do, but we really do appreciate the help.

Speaker 1:
[09:54] That's the hell of a concept. It's a podcast with just adverts. That's it. Right? You know what's crazy? There's some sick out there that would actually subscribe and listen to that shit.

Speaker 3:
[10:05] Oh, sure there would. Just to see if we put little nuggets in there, left and right. Because I do. I listen to this one guy. He does a live show on Fridays, and it's pretty much just for him to get super chats on YouTube. That's all it is. He doesn't collect money. But you listen in case he drops the tiniest of nuggets within there because it's not on the regular show. People get involved in the stories and hear things move along.

Speaker 1:
[10:30] That's so funny.

Speaker 3:
[10:31] If Will didn't handcuff us on Banter, we could do a whole show on Banter.

Speaker 1:
[10:36] Listen, I'm a Banter guy. We could Banter for days. I'm totally for that.

Speaker 3:
[10:41] The problem is we banter on the Patreon episode, but then it just gets into politics and cyber-screep over there sometimes. You never know what's going to happen with us.

Speaker 1:
[10:51] It always ends up with politics, man.

Speaker 3:
[10:54] Not every time, but it's what's fresh. Because I think I enjoy hearing your perspective, and I think you enjoy hearing my pushback on your dumb perspective.

Speaker 1:
[11:04] Yeah, it's dumb. It's always dumb. It's fun to go over some of that stuff. I have, as you know, I have a couple of friends I talk politics with. And it's always the craziest conversations, because it's like, there's that initial claim, and then a retort, and then some research, and some Googling or PDF, and then the conversation just stops. Hey, by the way, check this meme out. Here's a picture of this dude breakdancing with no legs. And you're like, what the hell? How the hell did we end up here?

Speaker 3:
[11:37] I believe it's pronounced meh-meh.

Speaker 1:
[11:39] Oh yeah, nice little meh-mehs. Man, remember that stupid fucking debate, the whole meme, meh-meh shit? Man, that pissed me off back in the day.

Speaker 3:
[11:47] Was it really a debate? I thought it was a joke. I called it a meh-meh because Bryce Harper called it a meh-meh once on an interview. He's a baseball player for the Phillies. That's the only reason I do it.

Speaker 1:
[11:57] Nah, bro, some idiot convinced me it was meh-meh. I said it out loud. I was like, that's not a meh-meh, bro.

Speaker 3:
[12:07] I sort of did that. So my nephew, my dad had, what is that machine that pumps air into your face?

Speaker 1:
[12:13] Fluffer?

Speaker 3:
[12:14] No, they were like guys with apnea have...

Speaker 1:
[12:18] Oh, yeah, yeah, yeah.

Speaker 3:
[12:19] They put a mask on, sleep, whatever the sleep apnea man. I convinced it was called a pap smear machine. Now, do you know what a pap smear is?

Speaker 1:
[12:28] Yeah, I don't wear pap smears.

Speaker 3:
[12:29] So for two and a half years, I just kept calling it a pap smear machine. Finally, he said it. That's how long I laid the groundwork on this joke. In public, he finally called it Bubba's pap smear machine. So I go the long-term on a joke like that.

Speaker 1:
[12:44] That was a long-term campaign, bro.

Speaker 3:
[12:46] It was. I tortured that kid though. For Christmas, one year, I wrapped up his own clothes as presence. One time, I got a ladies underwear. Man, that was no good. That's why I'm not going to go to the same place as my dad.

Speaker 1:
[13:01] That's borderline bullying, bro. What the hell are you talking about? It's not a prank.

Speaker 3:
[13:06] I'm like 14 years older than him. I'm just his older uncle. It's like a kid brother. Yeah. All right, let's get into this show. We got a lot of show going on. I'm sure we'll cut all that shit out because he hates our banter. Damn you, Will. Damn you.

Speaker 1:
[13:18] He loves it.

Speaker 3:
[13:20] So, France to ditch Windows for Linux to reduce reliance on US tech. So, I think you've been calling this for a long time, that people are going to start blowing out windows, but I didn't think it's be for the same reasons. So, France Digital Affairs has announced that on April 8th, that it will immediately exit windows in favor of Linux workstations as the first concrete step in the nation's push for digital sovereignty and to reduce extra European tech dependency. The move affects government workstations across the ministry. Roughly 250 to 350 machines begins the switch, while every ministry and public operator must submit a full mitigation plan by autumn of 2026, covering desktops, collaboration tools, antivirus, AV, databases, virtualization and network gear. I see why they're doing it, but I think it's going to be difficult.

Speaker 1:
[14:17] Yeah, this will be a tough one because Microsoft, just like any virus, they've been able to spread across as many surfaces as possible. So, this is a great story. I'm looking at it from different angles. If you don't mind, right?

Speaker 3:
[14:30] Yeah, I'd love to hear both all your sides.

Speaker 1:
[14:33] So, angle number one, I am for the technology sovereignty. Like, I'm totally down if France wants to do their own thing and Europe wants to do their own thing in general. If Germany wants to come out with its own operating system, if China wants to do its own thing, I get it. I respect it. I'm for it. Okay? On the flip side, I think it's a shame. I think it's a shame. Why is that? It's a shame because we've reached a political state where in less than two years, we have alienated so many of our allies, some of them being part of the Five Eyes, to the point that they're looking at us as a supply chain risk. That is disgraceful. It's shameful.

Speaker 3:
[15:23] Do you think they actually believe that Microsoft is in bed with the US government?

Speaker 1:
[15:28] Absolutely. That's their language. You got to look at the articles and look at what they're saying. It didn't start with this. It goes back to last year. What happened last year? Immediately last year, the CVE issue, the whole situation with NIST, MITRE and CISA, as soon as DOGE, that scam that happened, DOGE came in to prevent fraud or find fraud. Instead, they started eliminating government programs specific to cybersecurity. We saw a bunch of different groups, associations, councils being wiped out, and then CISA almost got freaking killed off. But the CVE system, the numbering system, the tracking system for vulnerabilities was immediately affected, and Europe had to launch their own or push their own, which is great. Again, I'm happy for them with that sovereignty. But it's a shame that we've reached that point where our own allies can't even trust us anymore. Microsoft and any company in the United States have proven that they will gladly jump in bed with the US government to satisfy its needs, regardless of the legalities. It doesn't fucking matter. So shout out to France, shout out to Europe, shout out to our friends. It's a shame that we've got to this point. But that's the two angles I'm looking at.

Speaker 3:
[16:46] Let's take a step back. If you're running the joint, your workforce does not know Linux. It doesn't know, it's going to be a difficult switchover. Like most kids these days, they run Windows machines since they're given Windows machines in school. Now I think it's getting a little bit better. I think kids can go do it on a Mac. But there's a lot of crossover with a Mac now. You can still use Word and all that stuff on a Mac. The Linux machines, it's not as user crossover.

Speaker 1:
[17:19] Maybe 10 years ago you were right. But now I got to push back. You usually push back with me. I got to push back with you.

Speaker 3:
[17:25] I ain't pushing back on you if that's what you're talking about.

Speaker 1:
[17:27] Don't push back with me, I might get excited. No ditty. Mac is Unix. If you're able to operate and leverage and use Mac and you're comfortable with it, if you're able to really enjoy your Android or your iPhone, and you go out and use the operating system and file system, Linux is going to be the same. It's the same shit. All you have to do is put a nice UI in front of it and that's it. That's all there is. That's what Mac did.

Speaker 3:
[17:59] But I don't think, like installing programs, it's not as easy as clicking on an executable. You got to do a little bit more.

Speaker 1:
[18:07] It depends on the distribution. If you're installing, if you're putting Slackware on workstations, yeah, or Debian. Even Debian has some decent package management systems. But, for example, Pop OS coming out of System 76, they have come out with the most beautiful UI. It looks like a modern system. I'm using it right now. Shout out to Pop OS and System 76. And yeah, it has its quirks. But with a little bit of effort, a little bit of money, a little bit of investment, you can make it look just like, just look and feel just like a Mac OS. Same thing.

Speaker 3:
[18:46] You want to switch Safe Hill all off of Windows. What are you going to do? What are you going to put them on? What are you going to make everybody switch over to?

Speaker 1:
[18:53] We're not on Windows.

Speaker 3:
[18:55] Nobody has a Windows seen? Alanis isn't running a Windows box?

Speaker 1:
[18:59] She has a Mac.

Speaker 3:
[19:00] Oh my goodness.

Speaker 1:
[19:02] So we're mostly Linux and OS X. We might have Windows for research, but not for workstations.

Speaker 3:
[19:11] Are you differentiating apples from Microsoft being able to get in bed with the US? Or you still have that problem?

Speaker 1:
[19:17] Well, you just had Tim Pool step down. He had Donald Trump go on Twitter.

Speaker 3:
[19:20] Tim Cook. Tim Pool is a hard-core right-wing podcaster.

Speaker 1:
[19:26] I think I saw one of his videos recently. Well, yeah, Tim Cook just stepped down, and Trump's message about him was crazy. You guys got to read it. I think that any US company that wants to do business and make money, at the end of the day, ROI is important to US businesses and investors. So they're going to get in bed with the US government regardless. We're not seeing any pushback. In fact, the whole Tech Bros scene, we've talked about this. During Trump's inauguration, who was there?

Speaker 3:
[19:58] All Tech Bros?

Speaker 1:
[19:59] Oh.

Speaker 3:
[20:00] And Joe Rogan.

Speaker 1:
[20:01] Yeah. So that right there, answers what you need to know.

Speaker 3:
[20:07] I don't know. Again, implementing it, I think might be a little more difficult than they're expecting. I think finding certain tools to operate. I know the medical field has had that problem. A lot of these small things or software applications are written specifically for Windows. So switching over, I mean, that's the reason why there's so much legacy in a hospital setting, is these old-ass tools that have worked, but they didn't have any security, hence why they were the target of ransomware seven, eight years ago.

Speaker 1:
[20:43] Even right now, there's still a major target, but you pick up a good point. So I've dealt with customers that are hospital networks or health care networks, and they'll tell me straight up, hey, heck, you know what? During your internal pen test, red team, whatever it is you're doing, please ignore this IP range. Why? Well, because these computers are so old, they're running very important X, Y, and Z software, but they're running on Windows 7, Windows XP, and they'll crash. Once they crash, it's going to cost us untold amount of dollars. So yeah, that is a problem, but what we're talking about here is workstations. Let's see how France does it. France could do it really well. China's done it. Yeah, China uses Microsoft, but for the most part, in their government, a lot of them are using Linux or similar.

Speaker 3:
[21:41] What do enterprise EDR looks like on a Linux-based network?

Speaker 1:
[21:46] Not good.

Speaker 3:
[21:48] There's not a solution, so there's a problem right there.

Speaker 1:
[21:51] You have CrowdStrike, you have some other solutions, but with no disrespect to CrowdStrike, their EDR for Linux is not where it needs to be. So there's definitely problems. 100% right, there are gaps that need to be addressed before a widespread adoption. At this point, you kind of stuck with two evils. Are we going to continue to trust Microsoft, which we know, you and I both know. They don't give a fuck about your security, and they'll get in bed with whoever's in charge, whether it's Biden or Trump, it doesn't matter who, or are you going to trust in what Steve Jobs left behind?

Speaker 3:
[22:35] Why is there a giant hole? Is it because capitalism, we haven't had a need for it? There hasn't been enterprise deployments of Linux, so why invent something that we don't need?

Speaker 1:
[22:47] I think that for the most part, Linux and UNIX, FreeBSD, for example, have served us really well for servers. They power like 90% of the servers on the internet. Mac, obviously, went the BSD route, the UNIX route, and they did a great job at building what they have. Linux, on the other hand, we could get into a whole debate on that one, why Mac or Apple could have went with Linux as their underlying operating system. We know that Google did that with Android, and there's pros and cons to Android and OS X. Here's what France and Germany and Britain, all these European countries, Australia over there and Asia Pacific, what they all got to have to figure out is, who's going to bite the bullet? Because somebody somewhere's got to spend a shitload of money to build a Microsoft Windows replacement. It's not going to be cheap, it's not going to be easy, and it's going to be detrimental for any economy to do like a one-to-one replacement.

Speaker 3:
[24:00] We'll see how it goes. We'll keep an eye on this situation, but let's stay over in Europe and go on with this sovereignty type issue. Europe has unveiled an anti-kill switch technology stack, it's tension with the US rise. Europe tech companies have unveiled a sovereign disaster recovery pack, marketed as Europe's first anti-kill switch stack on April 15th as the European Data Summit in Berlin to guarantee business continuity if a foreign, primarily the United States, vendor remotely disables Cloud services. What do we got going on here, Heck?

Speaker 1:
[24:36] We are the adversary. That's what happened. They are looking at us.

Speaker 3:
[24:41] Is it all Big Orange Man or is it something different than that?

Speaker 1:
[24:46] It's not only Big Orange Man. Listen, Trump, let's see, Trump, Trump, President Trump, Trump at least I respect, President Trump has some advisors. They're not handling a lot of things well. They're very aggressive in the way they speak, is adversarial. I, you and I have shouted out and gave props to Pete Exit for some of the things he's done in cybersecurity. He's done some great things. He's aggressive. And so when you have that kind of tone, your own allies are going to be looking at you like, hmm. So what they're thinking is at this point, the United States is adversarial and then we need to have backup plans. Because if one of the advisors, Stephen Miller decides, you know what? We're not going to sell Amazon services to Europe anymore. That's going to crash the entire world economy. Whether Stephen Miller gives a fuck or not is one thing. The consequences could be very real. This is why Europe is like, okay, we're going sovereign here. We've got to split away from the US, and we've got to have backup plans in place. It's sad that we got to this point, but it's where we're at.

Speaker 3:
[26:03] But don't you think they should be? I mean, they should have done this to begin with.

Speaker 1:
[26:08] One thousand percent, but it should have happened naturally. It should have been something like, hey, we like the US, the US are our boys, but what if the US gets taken over by aliens? You know what? We need to have our own shit. I'm for that. What I'm saying is the last year and a half has been no adversary that our own allies are looking at is funny. That's what I got a problem with. I don't like that shit.

Speaker 3:
[26:34] Well, I mean, from the US perspective, it's kind of tough to call them allies.

Speaker 1:
[26:39] Why is that?

Speaker 3:
[26:41] They're not supporting the US and some of their military actions, not even allowing them to use the bases that we already have there.

Speaker 1:
[26:48] Come on, bro. That's some ignorant shit. That's some right-winger bullshit.

Speaker 3:
[26:52] No, it's not.

Speaker 1:
[26:53] Yes, it is.

Speaker 3:
[26:54] It's fact.

Speaker 1:
[26:57] During Vietnam, there was 300,000 South Korean soldiers that fought along outside.

Speaker 3:
[27:03] Vietnam? That was 60 years ago. Hold on a second.

Speaker 1:
[27:06] That's just the beginning. That's just the beginning. You fast forward to Afghanistan. Forget Grenada, forget the Dominican Republic, forget Cuba, forget all the Caribbean and South American campaigns, where we had British intelligence, we had Australian SAS, we had all these allies helping us along the entire path. You get to Afghanistan, 9-11 happens, you get to Afghanistan, every single ally we've had lost, soldiers, they die for us. I respect that shit.

Speaker 3:
[27:36] It wasn't just us. We weren't the only one that ISIS was attacking.

Speaker 1:
[27:41] No, 1,000%. But when we went and just make the decision to go into Afghanistan, then we're not even talking about ISIS. We're talking about Al Qaeda first. I went through a timeline. 9-11 happens, we go into Afghanistan, make the decision to do that, our allies were there. Fuck. We even had an ally in Africa sending us cows. This is what I'm talking about. Iraq, even though Iraq was an obvious blunder, everybody could agree, our allies still supported us with men on the ground. The British snipers getting shot, you had Australians getting kidnapped, you had people dying on our behalf, knowing it was a blunder. Then you fast forward, then you have to do with ISIS. Yeah, ISIS affected everybody. They attacked the British, they attacked everybody. Still, alongside our allies, we did what we had to do. Now you fast forward. Okay, Spain didn't let us use their base. Spain doesn't agree with the situation in Iran. Guess what? Spain was right. It fucked everybody. Everybody's. You want to talk about our allies? I'm going to talk about our allies. In Australia, my good friends in Australia, their fucking gas is like 11 US dollars. Let me ask you a question. How many of these pussies down south, in fucking South Carolina, could afford $11 a gallon and not fucking commit fucking some craziest fucking suicide shit? They'll go crazy.

Speaker 3:
[29:06] They didn't know. We're going back in history. They didn't know us that.

Speaker 1:
[29:10] Who did know us what?

Speaker 3:
[29:12] All our allies didn't know us that. All these things you just said. Hitler didn't. Hitler didn't invade us. That is true. And that shit.

Speaker 1:
[29:21] Yeah, but we we we a lot.

Speaker 3:
[29:23] Listen, bro, we lost a lot of people over there.

Speaker 1:
[29:26] That is very true. But we fucking also ignored that shit. And we even had a US Nazi party in the Mass Square Garden do a massive presentation. We had an American Nazi party. You know that shit?

Speaker 3:
[29:37] Sure, there's a lot of fucked up people doing a lot of fucked up things. But that's not the majority of our society.

Speaker 1:
[29:43] We ignored the Hitler problem until Japan hit Pearl Harbor. That's the reality. That's when we got involved. If Japan never attacked us, we probably would have been sitting here like isolationist assholes playing with ourselves. That's the fucking reality.

Speaker 3:
[29:57] All right. All right. We're going way off cyber here. Way off cyber. This is like a Patriot episode. You're going out there.

Speaker 1:
[30:06] Here's the fucking reality. Our allies have supported us whether we were right or wrong, and us treating our allies like assholes is the reason why they're looking at us like adversaries. We need to grow the fuck up.

Speaker 3:
[30:18] I don't know. They can go get their own fucking toys, their own ball, and they can play with their own ball. Get your own fucking cloud network.

Speaker 1:
[30:27] Well, yeah, that's going to happen. We know what's the consequence of that, right?

Speaker 3:
[30:31] What?

Speaker 1:
[30:33] Amazon is going to hurt, Microsoft is going to hurt, Google is going to hurt, because they're about to lose billions of dollars in customers to European counterparts. This was an economical disaster.

Speaker 3:
[30:45] Yes, it's true.

Speaker 1:
[30:47] You know how much money the Europeans are spending on Google Cloud, Amazon and fucking Azure? And now if France comes out with their one-to-one parity alternative, any dollar that leads to the blessed ghost of that.

Speaker 3:
[31:01] Who's going to put that infrastructure?

Speaker 1:
[31:03] Well, that's the million-dollar question. Who's going to bite the bullet to do that?

Speaker 3:
[31:08] Google, Google and Amazon and Azure, they're just going to spin up fucking European countries, or European companies that are just separate. The infrastructure is already over there. It's just going to spin it off. Just, all right, here you go. Well, here's your infrastructure anyways. It's just going to be them as the parent company.

Speaker 1:
[31:26] That is true, but then you know what's the consequence of that is, right? Yeah, so Google still wins. You're right. Google and Amazon is still going to win.

Speaker 3:
[31:32] Billion-dollar companies never lose.

Speaker 1:
[31:34] Yeah, but it's all priced in, right? But then guess who gets fucked? The American worker. The guys working at the data centers, those guys get fucked now. So either or is, you know what? The American people get. That's the fucking problem. That's the problem, please.

Speaker 3:
[31:50] I think the Europeans are a little themselves, but c'est la vie.

Speaker 1:
[31:53] C'est la vie.

Speaker 3:
[31:57] Crazy. So Rockstar hackers, the research stolen data reveal that Rockstar was right to not pay them anything for it. So shiny hunters, back in the fucking news, shiny fucking hunters. Hacking group compromised Rockstar Games via a third party breach of an AI business analyticals platform. They stole roughly 79 million business records from Rockstar's Snowflake data warehouse, demanding $200,000 in ransom with an April 14th deadline, and then publicly released the data on April 13th after Rockstar refused to play. The stolen data consisted of internet sales, revenue, and player metrics for GTA Online and Red Dead Online. No source code, no GTA 6 assets, and no high-value intellectual property.

Speaker 1:
[32:47] Makes sense.

Speaker 3:
[32:48] They weren't going to pay, and so they put the data out there.

Speaker 1:
[32:51] Well, this is why it's important for you to know what's out there, for you to have an understanding of your assets, and do some proper threat modeling and risk management. Here's the reality. A lot of companies use, they use, what was that service?

Speaker 3:
[33:08] Anodot?

Speaker 1:
[33:09] Snowflake. Okay.

Speaker 3:
[33:10] Oh, all right.

Speaker 1:
[33:11] Yeah. So a lot of companies use Snowflake for like metrics. They use that shit for like logging of metrics, like this player did this at this time and blah, blah, blah. Most of it is bullshit. It's for gazing. Right? For gazing. It's for gazing. So I know Rockstar was like, what the hell are we going to pay for metrics? And yeah, there's some revenue stuff in there, but that's public shit anyway. We're a publicly traded company, you know? Like, so who cares? They did the right thing, but guess what? If Rockstar wasn't aware of the assets that they had exposed within those sectors, they would have probably paid. Because ignorance is going to drive fear. But they knew exactly what was on it. And like, nah, we're not paying for that. It was the right move. It's a great lesson for companies out there.

Speaker 3:
[34:00] What exactly is the lesson? Just to know which assets are being breached?

Speaker 1:
[34:04] No, no, no. You have to know your tax surface. You have to understand your dread exposure. If you're using Snowflake for metrics, metrics that are not IP, metrics is not going to hurt your business at all if it's leaked. If you know that, and then someone tells you, hey, we just hacked your Snowflake account, and we have all of your data, give us $100 million, you know, risk-wise, ROI-wise, it doesn't make sense to pay for metrics because you're aware of that. There's some companies that don't even know that. There's some companies that lawyers are like, oh, we have a breach, we're going to have to pay this out. No.

Speaker 3:
[34:40] I guess, but it's still a reputational harm. It's still, grab the headlines that Rockstar was hacked.

Speaker 1:
[34:46] It's a gaming company.

Speaker 3:
[34:48] You read into it though. You read into it, it doesn't sound, yes, you and I understand what fucking happened, but people that just read headlines, click bait and shit, they don't understand that it's just a fucking metrics bullshit that walked out the door. I mean, you kind of gather that from the $200,000 asking price. I mean, Rockstar Games is a billion dollar company.

Speaker 1:
[35:06] That is true.

Speaker 3:
[35:07] I'm gonna ask for something a little higher.

Speaker 1:
[35:09] Yeah, ask for like half a percent of something, but the $200,000 was a dead giveaway. The attackers knew that there was probably nothing in there, right?

Speaker 3:
[35:19] A dead giveaway.

Speaker 1:
[35:20] Dead giveaway. But it also, context, context is everything. Rockstar, they make video games. They make most of the money with GTA Grand Theft Auto, right? They're making, they're killing, I'm not sure you saw the numbers. They're making like $40 million a month for some craziness, right? It's ridiculous numbers. Do you think their players give a hell, they give a crap that Rockstar got hacked? No, you know what they care about? The gaming service is online, so you can log in after school or after work and play some GTA.

Speaker 3:
[35:53] Stealing a car and shooting a cop in the face. That's what they want.

Speaker 1:
[35:56] That's right. Or go to the strip club and throw some digital books at somebody. Now, let's change the story now. Let's say it was a massive law firm or a massive IP holder. Now, the conversation changes. Because almost anything associated with that organization, whether they decide to pay or not, whether the security team decides, hey, you know what, we don't have to pay these guys. Doesn't matter. Because if they're in the financial space, guess what? They're paying. The cyber insurance company is paying, right? The lawyers are paying. And then conversation at that point is different. So because they're a rock star and this happened, it makes sense when they're like, eh, eh, middle finger up, keep it.

Speaker 3:
[36:38] Have you seen anything of how this compromise happened? I wasn't able to find out exactly how it happened.

Speaker 1:
[36:44] So if this has to do with the snowflake breach, then it's a third party SaaS provider, Anodots. They were compromised. I don't know how they were compromised. But the adversaries, the groups then were able, the Shiny hunters, were then able to get all-off keys, tokens for authentication for snowflake, and then started extracting a bunch of stuff. All-off, listen.

Speaker 3:
[37:13] Same shit.

Speaker 1:
[37:14] Same shit different day. It smells worse than it did yesterday, but it's the same.

Speaker 3:
[37:19] Yeah, you're right. Stolen-off tokens here from the SaaS platform. Yeah. All right. Someone bought 30 WordPress plugins and planted a backdoor in all of them. Man.

Speaker 1:
[37:30] Of course.

Speaker 3:
[37:31] Can you imagine planting 30 backdoors? Jeez, that's a busy night.

Speaker 1:
[37:35] That's a busy night.

Speaker 3:
[37:36] An unknown buyer legally purchased the entire Essential Plugins portfolio, 30 plus popular WordPress plugins on the Flippa market in early 2025 for six figures. Inherited wordpress.org, SVN, Commit Access and planted a sophisticated PHP deserialization backdoor in all the plugins, starting with version 2.67 for countdown timer ultimate on August 8th, 2025. The backdoor remained dormant for eight months and then activated in April of 2026 with hidden injection SEO spam, redirects and fake pages via PHP modification on hundreds of thousands of active installations across 31 affected plugins. Diabolical or just some kid fucking with us?

Speaker 1:
[38:30] It's definitely diabolical. It's structured, it's planned out, it's coordinated. It could have been a kid that got ransomware money and converted that to some sort of OSDC and bought the plugins and the developer was like, yeah, I'm not making any money anymore. Here you go. And yeah, Flipper is dope. You go to Flipper right now and buy developer accounts or projects and WordPress plugins. Yeah. Yeah. flipper.com has been doing that since 2012 or whatever. It's been doing it for a long time. Now, the problem with that is, especially with an old ecosystem like WordPress, those plugins go dormant left and right. Those plugins get bought out and sold and compromised. You have no idea what you're installing. It is a supply chain nightmare. It really is. I'm surprised this doesn't happen more often, especially after all these ransomware kitties got access to money. Because that right there, that's the easiest way to compromise hundreds of thousands of websites, simultaneously, instantaneously and perpetually.

Speaker 3:
[39:35] But it seems like they fixed this pretty fast. They're paying six figures for this for one day of access. They permanently closed the plugins on April 7th, and then pushed on auto-update. This guy paid six figures for 24 hours of... But again, it's stolen money. Maybe it's just for the Lulz. A lot of people do things for the Lulz.

Speaker 1:
[39:56] Well, look what happened. I don't want to admonish anybody. Remember what happened recently with the supply chain attacks? It ended up compromising Light LLM, which affected hundreds of thousands of developers. The guys that were TPCP, you remember those guys?

Speaker 3:
[40:11] Sure.

Speaker 1:
[40:12] They went in, bing, bing, bing, super quick. They stole a bunch of credentials. They started hacking immediately. 24 hours is enough time, Chris.

Speaker 3:
[40:21] Oh yeah. It's true.

Speaker 1:
[40:23] It's enough time. So...

Speaker 3:
[40:27] I don't know. We'll see. There's no arrests have been made, no attributions, no further leaks reported. But classic supply chain ownership takeover. I don't know. You think Flippa is going to have any sort of ramifications on this one?

Speaker 1:
[40:42] Just like Google Ads continues doing what it's doing, Flippa, you can still use Flippa to buy and sell plugins. It's going to continue to happen. It's going to continue to happen until a massive hack comes as a result. The next plugin could be used by, let's say, the Church of Nowadays Saints or something. Then all of a sudden, it's like Lucifer in the front page because of a backdoor. You know what I mean? Once that happens, it's a big story that Flippa is like, oh, we can't sell plugins no more unless it was KYC and blah, blah, blah.

Speaker 3:
[41:16] Interesting. Interesting shift. There's a cracking security update, cracking crypto exchange, which is out in Wyoming, disclosed it's being extorted by a criminal group that obtained videos of internal client supported systems showing limited client data. Two separate insiders, incidents involving support team members who inappropriately access client records. No system breach, no client funds at risk, and Kraken will not pay or negotiate approximately 2,000 client accounts, about 0.02% of total, potentially viewed across both incidents. So now we got an insider threat here. People videotaping inside data, giving access, selling it? Or I don't know how they got the information, how they pushed it out.

Speaker 1:
[42:01] Insider threat, support staff probably got paid a couple bucks. Hey, open up your phone and record the support session. It's just, we've talked about this. We've predicted this for years, long time ago. You know, shit, when you and I was really talking about this heavy, it was around the time that all the T-Mobile, you know, sim swaps were happening. T-Mobile was hit really hard by it. Those guys were getting paid like 40 bucks to do a sim swap. It ended up, you know, stealing 2 million dollars. Yeah, no, this is going to continue to happen. You know, there was a point that I made a while back, I think last year when we covered the North Korean, North Carolina story, you're going to have a lot of employees that just don't care. They're not getting paid enough and they're doing it for the laws. And so you have to look at how to compartmentalize their access. But here's the thing, support people need to access account information to be able to supply support. How do you deal with that? That's a problem.

Speaker 3:
[43:09] Do you think they're not being paid enough or do you think there's not enough punishment?

Speaker 1:
[43:14] There's no accountability. What are they going to do, get fired? Those two guys probably got fired. Now what? You're going to go get a hybrid T-Mobile, do the same shit?

Speaker 3:
[43:22] You don't think they're going to be held criminally liable?

Speaker 1:
[43:24] No. Come on, brother. You know better than anybody.

Speaker 3:
[43:31] Yeah, it's hard to prove.

Speaker 1:
[43:33] It's hard to prove, right? You told me so many times when I would ask you in a case or something like, hey, why is this guy getting arrested? Why is it this guy? Dude, it's hard to prove. There's a whole process. You can't just look at a video of a guy taking the shit aside and going, all right, I'm going to arrest this guy, because then his back is turned. What if it's the same guy? What if he has a fucking doppelganger? How do we prove it's him?

Speaker 3:
[43:56] Beyond a reasonable doubt, it's very difficult. It's the system that protects us, but also it protects those that are guilty.

Speaker 1:
[44:04] Oh yeah, okay, 100%.

Speaker 3:
[44:07] So it's a great system. I wouldn't go against the system, but you know.

Speaker 1:
[44:10] Yeah, I wish there was ways to improve it without compromising it, you know. But I know it's a tight, you know, rope walk.

Speaker 3:
[44:22] Does this scare you as a business owner?

Speaker 1:
[44:25] Yeah, it could happen to me. You know, I could hire somebody where things are amazing, and then they're going through something, or they're broke, and they need a couple bucks, and they'll take an internal screenshot of one of our, like, you know, customer's reports or something. I can't do nothing about that. The best I could do is have them work through, like, a virtual workspace, which, like, Amazon offers. Amazon offers, like, a virtual desktop. You log in. You can control through that. You can see what they're doing, right? But one, that's expensive, and two, like, you still need a babysitter. You still need somebody to oversee that. You know, otherwise, you're just collecting evidence. The problem is, you want to try to catch it before it happens, or in the middle of it. Because once that, once that leaks, like, it's over. Like, your brand reputation is terrible, you know?

Speaker 3:
[45:15] There's no EDR solution that could come up with some sort of, like, a thing where this data was exposed, like, almost like an investigative type tool. Like, this data, the exact data you're looking at was accessed by these two employees on this day. Those are your potential leak, investigative, leak, start points.

Speaker 1:
[45:37] Yeah, so you have, you have really good or really crappy data loss prevention software, DLP. Some of them do what you just said, and some of them just block you as soon as it identifies an anomaly. Which is a problem because a lot of people are constantly opening up tabs, opening up files, and they can't keep having to, keep authorizing the freaking DLP box. So, this is why DLP failed a lot of companies, and in some cases, you know, could have done some really good work in this space. Those support guys that did what they just did, DLP software could have caught that. What does it was that? You know, their odd anomalous behavior. Why are they scrolling to 2,000 customer accounts?

Speaker 3:
[46:21] What is that?

Speaker 1:
[46:23] Right? But, yeah, that's kind of where we're at.

Speaker 3:
[46:28] I think it's going to get worse. I think the insider recruitment type activity, I think it's just going to get worse. You know, more and more people, you know, putting their shit out on LinkedIn. I worked here. It's too easy to find people. It's too easy for the bad guys to reach out. Hey, it looks like you have access to this. Take a screenshot, do this, do that.

Speaker 1:
[46:46] Well, look, then you look at, of course there's two factors in play, right? One is the economical situation in the US. There's a lot of people that are doing support. They're not getting paid shit. You know that. They're getting paid fucking $15 an hour. At most, they're making $32,000 to $40,000 a year. That's nothing for support system. It has access to everything.

Speaker 3:
[47:04] It's not a revenue maker. It's a cost center. If you're running a business, I got to keep my cost center down. Supporting clients isn't what's bringing money in the door. I've already got those clients in the fucking door.

Speaker 1:
[47:18] 1,000%. So that's one. Then the second one is all the ransomware victims that have been paying all these years, all these other ransomware groups, they're sitting on piles and piles of Bitcoin. So you take one of those guys, hey buddy, you want 10 Bitcoin? Take a screenshot of this customer's account. That's all it fucking takes.

Speaker 3:
[47:38] Yeah, it's a good way to get rid of your, to wash your Bitcoin too.

Speaker 1:
[47:44] That's so true.

Speaker 3:
[47:46] It's tough. All right guys, reach out to us at questions at hackerandthefed.com. My boy's voice is banged up. We gotta get back into rants. I think people are missing your fucking rants.

Speaker 1:
[47:57] Well, I had a rant today. I had a good rant today.

Speaker 3:
[48:01] Yeah, you did. You did. I had to calm you down. You called me a fucking right-wing lunatic.

Speaker 1:
[48:07] I didn't mean that. Well, I didn't say that. I implied that you were kind of pushing out right-wing of talking points.

Speaker 3:
[48:15] Jonathan, get this guy's ass in line. Enough of this shit.

Speaker 1:
[48:19] Well, he's trying.

Speaker 3:
[48:21] Love that guy. Love that guy. One of our best listeners.

Speaker 1:
[48:24] Oh, yeah.

Speaker 3:
[48:24] Support Hacker And The Fed on Patreon, guys. We appreciate it. Safe Hill, thank you for everything you guys do. We got another Safe Hill event coming up soon. I'm excited about that. I got a text about it.

Speaker 1:
[48:33] It's coming up in May, right?

Speaker 3:
[48:34] Yeah, it'll be nice. Help us out on the merch store, hackerandthefed.com. You guys want different shirts? We can do different types of shirts. Let us know if you want some sort of slogan or something. Or Alanis, come up with some good ideas. You think Alanis is listening 48 minutes into the show still?

Speaker 1:
[48:49] She does.

Speaker 3:
[48:49] I know she does. I know.

Speaker 1:
[48:52] She was listening to your episode by herself last week. She was like, oh my God, it was so good. It was so funny. I think, bro, she's great. We got to slip in some troll messages to her or something. Some indirects for sure.

Speaker 3:
[49:09] Let's just have her on the show. Let's have her come on. Let's do 20-minute interview with her.

Speaker 1:
[49:14] We can do that. That sounds fun.

Speaker 3:
[49:15] She'll have a good time. We'll get inappropriate with her. I will. You can't. You're, she's one of your employees. You have to do that.

Speaker 1:
[49:21] Stop that. We don't have an HR department, but I don't want to get to that point.

Speaker 3:
[49:26] Exactly. Five Star Review, wherever you download or subscribe to your podcast. Guys, help us out. Blow up the show. We're trying to blow up and just fucking talk about cyber. A couple of assholes telling you about all the cyber shit going on. Share us on social media. Tell your coworkers, tell your friends, tell your lovers. Say, get up in there. Get all up in those guys. Those guys care about your colon health and your cybers. Eat some fiber once in a while. Clean that shit out. Cut your colon blow.

Speaker 1:
[49:53] I was about to say, would you do that? You know, when they put the thing in your butt and then.

Speaker 3:
[49:57] The colonic, high colonic?

Speaker 1:
[49:58] Yeah.

Speaker 3:
[49:59] Yeah, I want to go as a group of people. Me and the Mean Girls are going to go and do it together.

Speaker 1:
[50:03] No way.

Speaker 3:
[50:05] Dude, that is so cool. Same hose, same hose.

Speaker 1:
[50:09] Same hose? Or all the hose? I'm kidding.

Speaker 3:
[50:13] I'm kidding. We're not. So, but no, I can see where it's nice. I can see where it was. I, you know, speaking of like on these lines and things, dude, I would love to do like a fast. You know that, the colonoscopy, how you have to like shit your brains out? You feel good afterwards. You feel clean.

Speaker 1:
[50:28] Yeah, yeah.

Speaker 3:
[50:28] You feel lighter.

Speaker 1:
[50:29] Fasting is awesome.

Speaker 3:
[50:30] Yeah, I'd love to do it. If I wasn't hitting the gym so much and you need concerned about protein and all that, I would definitely do like a 72 hour fast.

Speaker 1:
[50:37] Yeah.

Speaker 3:
[50:38] Yeah, well. Fun times.

Speaker 1:
[50:40] Oh, brother, it's been a pleasure.

Speaker 3:
[50:41] It has. I love you and respect you. I can't wait to talk to you again next week.

Speaker 1:
[50:45] Of course, let's do this. Make it happen. Cheers.