- Spies, Lies & Cybercrime
- Posts
- 009: A Web of Deception
009: A Web of Deception
Spies, Lies & Cybercrime - Eric O'Neill
A Web of Deception
Happy Tuesday! If you are a US citizen voting today in our national election, may your lines be short and your polling place safe from election attacks.
Leading up to Election Day, adversaries of the United States have been hard at work launching election attacks, but not just the ones you think! Yes, Russia, China, Iran, North Korea and others will always engage in targeted election interference and espionage for a variety of reasons. But those usual suspects might not be the biggest problem. Financially motivated criminals see a new weak-point in attacking election infrastructure. As the lines between espionage and crime blur, cyber crime syndicates have upped their game in launching impersonation attacks that disguise themselves as IT services. A.I.Chatbots continue to be a panacea and a curse. A company that markets custom-made chatbots to become companions has been sued by a mother that claims the chatbot led her teenage son to commit suicide. Read below for an opportunity to test your surveillance skills in a spy hunt led by Eric O’Neill this December. And finally, or story of the week. What happens when your remote worker is a spy?
Weekly Story: Is Your Remote Worker a Spy?
Jane, CEO of a mid-sized tech company, thought she had things under control. Her business was thriving, and remote hiring allowed her to tap into global talent. But this flexibility also exposed her company to a new wave of cyber threats.
Today’s cybercriminals aren’t just hacking firewalls or launching ransomware. They’re targeting people—the very employees companies rely on. In a remote work world, criminals are slipping through hiring protocols, posing as legitimate hires to gain insider access. Jane’s company was about to become their latest target.
It all started when her team hired “Daniel,” a remote IT contractor. On paper, Daniel seemed ideal: stellar resume, glowing references, and a strong portfolio. When he faced “technical issues” with video interviews, HR overlooked it, trusting his qualifications. They had no idea they were hiring a cyber operative.
For months, Daniel worked quietly, turning in reports and completing tasks, though his performance didn’t match his resume. Jane’s team thought it was just a poor fit and gave him time to adjust. But Daniel wasn’t simply a bad hire—he was a North Korean spy, strategically placed to steal sensitive data.
Using his position, Daniel accessed proprietary information and exfiltrated data behind the scenes. When his poor performance finally led to his termination, Jane thought the problem was solved. Little did she know, the real nightmare was just beginning.
A week after his termination, Jane received a chilling email from an anonymous sender: “We have your company’s data. Pay $250,000 in Bitcoin, or we’ll leak everything.” Attached were samples of confidential files—files only an insider could access.
Panic set in. Jane couldn’t believe what she was reading. How had her company, with its cybersecurity protocols, ended up here? The attacker was clear: pay up or risk a devastating leak. The leverage was all theirs, and Jane’s options seemed bleak.
This wasn’t just a hacker—it was a sophisticated, state-sponsored operation. North Korean operatives had infiltrated Western companies for years, and remote hiring opened the door for one of them. Unlike traditional espionage, this was outright extortion.
The attackers planned meticulously, routing activity through U.S.-based servers, using AI to avoid detection, and blending seamlessly into the hiring process. Now they demanded cryptocurrency, knowing it couldn’t be traced back.
Jane faced a tough choice. Paying might buy time, but there was no guarantee the criminals wouldn’t return. Refusing could lead to a data leak that would cripple her business.
In a moment of resolve, Jane chose not to pay. She sought help from cybersecurity experts to contain the breach and strengthen her defenses. It wasn’t easy, but she was determined to take control.
The experience was a wake-up call. In today’s hybrid work environment, businesses must be vigilant. Cybercriminals are exploiting systems meant to increase efficiency, using remote hiring as a gateway for infiltration.
Afterward, Jane tightened hiring protocols, implementing stricter checks and real-time verification for remote hires. Shaken but resolute, she knew her responsibility was to protect her team, her company, and its future. In a world where information is currency, staying ahead of cyber threats was now non-negotiable.
Has your organization thought about how to incorporate a diligence system to trust hires you may never meet in person? If not, your colleague on a Zoom call might be a spy.
Now on to the news!
News Roundup
Impersonating Microsoft Teams IT Support
Infamous cybercrime group Black Basta is upping its game, using Microsoft Teams to impersonate IT support and trick employees into sharing their logins. In this latest twist, they target employees with a flood of spam emails, then reach out as "helpdesk support" on Microsoft Teams, using fake accounts designed to look like legitimate IT help. Once they’ve gained the employee’s trust, Black Basta deploys remote desktop software and other tools to install ransomware, locking down company systems and demanding payment. Stay vigilant, and remind your team to verify any unexpected IT support requests.
Cybercriminals Pose Greater Election Threat Than Foreign State Hackers
As the 2024 U.S. election approaches, a recent Department of Homeland Security report highlights a surprising shift in cyber threats: financially motivated cybercriminals now pose a bigger risk to election infrastructure than state-sponsored hackers from Russia, China, or Iran. While foreign operatives focus on espionage and influence campaigns, cybercriminals are more likely to launch ransomware or DDoS attacks, aiming to disrupt critical systems and demand payment. With reports of increased ransomware incidents targeting local government networks involved in election processes, the DHS warns of a "heightened threat environment" and urges vigilance to safeguard election security.
A Lawsuit Alleges Teen Suicide Linked to Chatbot A.I. Companion
Character.AI and Google are being sued by the mother of a 14-year-old, who died by suicide in February 2024 after extensive interactions with chatbots on Character.AI. The lawsuit alleges wrongful death, negligence, and product liability, claiming the platform marketed itself as safe for kids but lacked adequate warnings and safeguards. According to the suit, the teen had been using Character.AI since last year, engaging continuously with chatbots, including a character from Game of Thrones named “Daenerys.” The platform is accused of “anthropomorphizing” AI characters and offering “psychotherapy without a license.” In response, Character.AI has made updates aimed at protecting young users, such as content moderation, clearer disclaimers, and reminders that chatbots aren’t real people.
Want to Spy with Eric O’Neill?
Surveillance 101: The Holiday Edition with The International Spy Museum.
City sidewalks, busy sidewalks, dressed in shadowy style… other people might be out holiday shopping, but spies never get a day off! This festive surveillance workshop in the streets of DC will be led by Eric O’Neill. This intense small group introduction to surveillance will include learning the basics and conducting surveillance from the glamourous Doyle Collection, DC hotel through the enticing stalls of the DC Holiday Market. Will you be able to track the “Rabbit” without being “made”? You’ll learn how to snap clandestine shots and keep your target in view so you won’t miss operational acts or clandestine meetings. O’Neill will lead the exercise and help you learn how to blend into the sugarplum shadows for the best spy results!
This very in-demand event has limited capacity so get your tickets ASAP before it fills up!
Tech of the Month
My friends at Impact. Heard my wife and daughter are ferocious runners so sent me samples of their innovative self-defense spray. As a former law enforcement officer (LEO), I appreciate this this spray is compact, easy to use and contains an acetic acid formula instead of traditional pepper spray. Ever had to spray pepper spray in self defense? It seems like half of it gets all over you in addition to the criminal. And that stuff stinks. Impact’s formula is direct, has no blow back and won’t cause respiratory distress. But don’t worry, get it in an attacks face, and they will still be crying for their mother.
Check out their innovative work here.
Check out my latest podcast appearance
I recently sat down with OpenText for their cybersecurity series on the ReimaginingCyber Podcast where we discussed the looming cyber threats to critical infrastructure. I also give a sneak peak into my forthcoming book, "Invisible Threat," which teaches readers how to think like a spy and defend against modern cybercrime and so much more! My conversation with Host Rob Aragao was long enough to split this into two episodes. Enjoy!
Are you protected?
Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this link to get up to 60% off of Aura’s threat monitoring service.
What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!
Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.
Best,
Eric
Let's make sure my emails land straight in your inbox.
Gmail users: Move this email to your primary inbox
On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."
On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen
Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”
For everyone else: follow these instructions
Reply