In This Issue

Title Story

The Great Escape: What a New Orleans Prison Break Can Teach Us About Cybersecurity

The water stopped flowing at precisely 2:00 AM, unnoticed by anyone on the overnight shift. In a cell block deep inside a maximum-security prison in New Orleans, inmates quietly removed a toilet fixture from its moorings, revealing a narrow hole meticulously chiseled through brick and steel. A secret passage to freedom.

It was no amateur attempt. This plan had been months in the making—carefully plotted, patiently executed. The escapees, hardened criminals serving sentences for brutal and violent crimes—armed robbery, aggravated assault, even murder—moved silently through their makeshift tunnel, crawling into a maintenance corridor that led to the loading dock. From there, they slipped unnoticed into the humid Louisiana night, vanishing without triggering a single alarm.

A trusted insider made this escape possible. A prison employee had deliberately turned off the water, providing the critical cover for the inmates’ final push to freedom. Security cameras recorded everything, yet nobody was watching in real-time. Guards patrolled regularly, yet never suspected a thing. By dawn, news of the daring escape exploded across headlines, igniting panic and disbelief across New Orleans.

Law enforcement scrambled into action, launching one of the largest manhunts in recent history. Within days, several of the escapees were recaptured—cornered in abandoned houses, arrested at checkpoints, caught hiding in plain sight. But more than a week later, two remain at large today, fugitives blending into an unsuspecting public.

These remaining fugitives aren’t petty criminals. They're violent, ruthless, and desperate to stay free. One is a convicted murderer who once terrorized the streets; another, an armed robber known for his calculated brutality. Their freedom poses a terrifying threat to the communities they've melted into—communities unaware of the dangers lurking quietly beside them.

Security Is Never a 'Set and Forget' Proposition

The New Orleans prison break wasn't merely a daring escape—it was a critical failure of vigilance. It reminds us that criminals spend their every waking hour looking for vulnerabilities, meticulously planning their next move. Meanwhile, those responsible for maintaining security often fall into complacency, assuming the protective measures in place yesterday will still hold tomorrow.

This real-world event offers profound lessons for personal and cybersecurity alike:

• Continuous Monitoring: Security cameras that merely record aren't enough; active, continuous monitoring is essential. In cybersecurity, passive defenses that detect threats after the fact are equally insufficient. Real-time threat detection is critical to swiftly identifying and neutralizing cyber intrusions before substantial harm occurs.

• Proactive, Not Reactive: Law enforcement’s response was swift but ultimately reactive. True security demands proactive strategies—hunting threats before they hunt us. Whether in prisons or cyberspace, understanding the enemy's mindset, methods, and goals can prevent devastating breaches.

• Inside Threats are Real: The insider who disabled the prison’s water was trusted—until he wasn’t. Insider threats are just as potent in cybersecurity, highlighting the importance of strict internal security protocols, regular audits, and comprehensive vetting.

• Avoid Complacency: Security is a dynamic, ongoing responsibility. Systems and protocols should regularly evolve and adapt. Like the prison guards who didn't notice a missing toilet or dry faucets, cybersecurity teams must regularly test defenses, refresh training, and challenge assumptions to stay ahead.

In the end, the most dangerous threats are those we fail to anticipate. As we lock our doors tonight—both physical and digital—remember:

Your security is only as strong as your weakest moment. Stay alert, stay proactive, and remember—someone, somewhere, is always planning their next escape.

Cybersecurity Tip of the Week

Trust No Voice, Trust No Text

The FBI just issued two chilling warnings that feel ripped from a spy thriller—only they’re very real, and you’re the target.

Second: scam texts. If you receive a message claiming suspicious activity on your bank account, gift card offers, or shipping issues—don’t reply, don’t click. Just delete it. These messages are bait for smishing attacks that steal your credentials, deploy malware, or redirect you to fake sites. The FBI says even replying “STOP” confirms your number is active—making you an even juicier target.

Act Like a Spy Hunter: AI is arming cybercriminals with Hollywood-level deception. Your best defense? Be skeptical. Always verify through official channels. And remember: the more urgent the message sounds, the more likely it’s a trap.

Stay alert. Stay secure. Don’t be scammed.

Cybersecurity Breach of the Week

It began quietly over Easter weekend—just a routine call to the helpdesk. A voice, calm and confident, claimed to be from IT, requesting a simple password reset. The staffer on the other end didn’t hesitate. That single act—one moment of misplaced trust—unlocked the gates to one of Britain’s largest retailers.

Within hours, the DragonForce ransomware group was inside Marks & Spencer’s digital infrastructure. Like seasoned operatives, they deployed a ransomware payload that encrypted critical systems—paralyzing online orders, severing inventory tracking, and turning 1,500 stores into blind, stumbling giants.

The company didn’t confirm the breach publicly until April 22nd. By then, the damage was done. Customers couldn’t shop online. Warehouses couldn’t sync with stores. Chaos spread. Deutsche Bank estimated M&S lost nearly $19 million a week. The company’s market value dropped $1.7 billion.

But DragonForce wasn’t finished. They struck again—Co-op on April 30th, Harrods the next day—executing a coordinated blitz across UK retail. Inside M&S, war rooms were set up. IT staff slept on-site. Employees were ordered to keep cameras on during virtual meetings to prove they were who they claimed to be. And in the background, millions of customer and employee records—names, addresses, birth dates—drifted into the dark web.

This cybercriminal infiltration matched the best espionage techniques from top-tier spy agencies—social engineering at its most devastating. Just like the Caesars and MGM breaches the year before, it wasn’t malware that opened the door. It was trust. And it only took one phone call to bring a $17 billion empire to its knees.

Tech of the Week

“Have I Been Pwned?” Just Got a Major Upgrade

Data breaches are relentless. Every week, millions of emails, passwords, and phone numbers are leaked onto the dark web. So how do you know if your information has been caught in one?

Enter Have I Been Pwned, the go-to resource created by cybersecurity expert Troy Hunt—now updated with a powerful new 2.0 version.

This free tool lets you check whether your personal data has been exposed in known breaches. Just enter your email address, and it will show you which breaches it appeared in—like the 19 billion usernames and passwords recently auctioned on the Dark Web. The new version is faster, easier to use, and provides more detailed breach insights.

Act Like a Spy Hunter: Knowing which breaches you’re part of helps you take action—like changing reused passwords or enabling stronger authentication. You can even sign up for alerts and monitor your domain for future exposures.

AI “TREND” of the Week

I’ve renamed this section of the newsletter Artificial intelligence trend of the week because AI shenanigans have transcended just images. For this week’s trend, I asked Chat GPT 4.0 to “Gen Alpha” the first part of my opening story. Every generation has their particular slang, and I’m certain my own Generation X vexed the Baby Boomers as much as our children cause us to roll our eyes. Enjoy the chat prompt: “Turn this text into a Generation Alpha version.”

Like What You're Reading?

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive, totally secure.

Are you protected?

Recently nearly 19 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this affiliate link to get up to 60% off of Aura’s Cybersecurity, Identity monitoring and threat detecting software!

Want to start a newsletter?

Use this Link to get a 30 days trial + 2-% Beehiiv!

Ready for Next Week?

What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions

Partner Disclosure: Please note that some of the links in this post are affiliate links, which means if you click on them and make a purchase, I may receive a small commission at no extra cost to you. This helps support my work and allows me to continue to provide valuable content. I only recommend products that I use and love. Thank you for your support!