Breaking-In with Berryman EP1:
This episode features Mr. Jordan Becker, a recent Computer Science graduate from American University in Washington D.C., and focuses on White Hat hacking, Blue-Teaming, the 2014 Sony breach, State-Sponsored hacking, Van Buren V. United States, our concerns for the industry, and a brief introduction to the multifaceted world of cybersecurity.
DANIEL BERRYMAN: Hello and welcome to Breaking-In with Berryman, I am your host Dan Berryman. Today we are going to take a look behind the curtain of hacking and the cybersecurity industry by talking to a recent cybersecurity graduate from American University in Washington D.C.
DANIEL BERRYMAN: Thank you for joining us on the podcast, Jordan. Would you like to introduce yourself to the guests?
JORDAN BECKER: Hi everyone, my name is Jordan Becker, and I recently graduated from American University. I graduated with a computer science degree, hopefully to work in cybersecurity, as that’s what I’ve focused on, and I came today just to talk about some cybersecurity questions that Dan wanted answered. So here I am!
DANIEL BERRYMAN: We really appreciate you coming and joining us on the podcast today, my friend. We’re going to jump right into it for the sake of brevity. My first question for you is, what does ‘hacker’ mean to you?
JORDAN BECKER: So that’s a question which many people can answer instantly with one response, and many people can respond with many different terms for hacking, what it means. For me personally, hacking is very broad in the sense that you say hacker, and the majority of people who aren’t as well informed on the subject say, “oh, my God, he’s hacking into the mainframe”, or whatever they’ve seen on TV, and it always has a negative connotation to it.
JORDAN BECKER: But hackers are mainly defined into three different aspects: white hat hackers, who are ethical hackers, black hat, which is unethical and malicious, and gray hat, which is kind of blurring the lines where maybe you would have permission to do something, but you go a bit too far. Not enough to be a crime, but what you think is okay. And when you talk about the bad hackers, that definitely does open an entire new- how do I say this, ‘portfolio’ of different people inside. So you have your regular black hat hackers, personal people looking to profit off people via blackmail, extortion, however, whatever means they see fit.
JORDAN BECKER: You have hacktivists who are people, groups, organizations, or just individual people who hack for a political or social reason, (what they think is right). They believe it’s okay to cause damage to other people because they’re hacking for ‘the good cause’. And you finally have state sponsored hackers, which are arguably the most dangerous out of all of them, which are hackers who are sponsored by different governments.
JORDAN BECKER: For example, if there was any recollection, in 2014, Sony was hacked by a group called Guardians of Peace, which was found out to be linked to the North Korean government. And this was because Sony released a film called The Interview, which has James Franco and Seth Rogen, and they go to North Korea and they play Kim Jong UN as an actor. And it caused outrage in North Korea because of the picture that it painted of them.
JORDAN BECKER: So when they got hacked, they started releasing some of the leaks that they had of the stuff on the Sony internal network so they released movies. They exposed behind the scenes politics of the Spider Man films. They released emails between executives and Marvel Studios. And because of this, it led to actually Sony having to split the licensing of Spiderman with Marvel because of everything that had happened. And this included screenplays as well, more Sony pictures which were coming out. And the interview was going to be released nationally on December 25, 2014, which is when these same hackers planned to release more information, which they didn’t. And we don’t specifically know how it was resolved, whether they were hacked back, whether they were paid off, whether there was a settlement.
JORDAN BECKER: We’re not sure because that’s not been disclosed. But there’s definitely a type of hacker who, with enough power and manpower behind him, can get exactly what he wants.
DANIEL BERRYMAN: It’s a big field and there’s a lot of nuances to it. So I appreciate you taking the time to explain it to us, but on that topic, how would you describe what you do to the average person?
JORDAN BECKER: So people say, oh, hacking is something just for computers or just for companies. Well, it affects everything, especially in this day of age with the internet of things. People have smart thermostats, smart fridges. If you wanted to mess with somebody and you had the skills, you could easily hack a smart fridge. You could turn off the cooling element. Just that’s a small thing.
JORDAN BECKER: There are an almost unlimited amount of things to do. And while people think, oh, I don’t go on websites, I don’t get like viruses. For example, a big part of hacking is social engineering. And social engineering is maybe if you know someone’s reset password, security is ‘what is your first dog’s name’, and you were to speak to them and find that out with the intention of hacking them, then that is still a version of hacking. And with that, people, you get a new security system installed in your house and they are going to go and install it. And the only way you know that it’s secure is because that company have tried to hack through it.
JORDAN BECKER: And at the same time, if you think of your house then you can think of on a national scale the safety of every single electronic device. Because there’s so many different types of hacks which can happen that you have no idea whether your laptop camera has been bugged, whether there’s a tracker under your car, whether any of your systems or your families have been compromised. Because extortion is a very common crime with the people who have the skills. And a vendetta especially.
DANIEL BERRYMAN: Absolutely, that’s a major concern that I feel like people are talking about today is how resilient we are with technology, or the lack of resiliency, I should say. We’re so reliant on technology for everything from our healthcare data to navigation, to financial systems, so on and so forth, that you’re only as secure as your weakest link. So you give this tech to somebody who doesn’t understand it and expect them to keep it secure, and then everybody’s at risk. On that topic, what are your major concerns for the industry today?
JORDAN BECKER: My major concerns are that people will get more access and more understanding of this without knowing where to draw the lines. And that’s where grey hat hacking comes in, because people it’s like giving candy to a baby in the sense of people who enjoy that creativity, of being able to intrude into a system and penetrate into it. That’s what they think is in their ability.
JORDAN BECKER: So I’d like to say, for example, there was a Supreme Court case of Van Buren versus United States where a Georgia police sergeant named Nathan Van Buren, he received money in exchange for accessing a law enforcement database to get license plate information through his computers, through his patrol car’s computer. And because of this, he was able to give out information which was found to be illegal overall. But his argument, which is very interesting, is that they gave him the access to do it.
JORDAN BECKER: If he wasn’t caught, then he could be looking at as many people’s personal information because the database is right in front of him, much like candy to a baby. And if you are struggling financially and someone says, hey, do something which you do routinely and you know what to do, and I’m sure they would jump at the choice and they believe that he had the access to do it, but he did it for the wrong reasons. And that itself is not a crime because he has been given the keys. And this is really where the word unethical comes in because it could be seen as illegal or it could be seen as legal, but very unethical.
JORDAN BECKER: So there is no positive to this, but there is the ability for any person, a police officer who’s not technology proficient whatsoever gives them the ability to do what they want to make money and to keep things like this going.
DANIEL BERRYMAN: Absolutely, we had some conversations earlier this year around these Supreme Court cases. Specifically, Section 230 and the Google v. Gonzalez cases where we were seeing the senators talk with the CEO of TikTok and you just got an idea of how little they actually understand how the Internet works.
JORDAN BECKER: I was just going to say, when it specifically comes to that TikTok case and how we’re talking about cybersecurity, the Chinese have the data, the collections, they have our faces, our videos, our likeness, what we enjoy.
JORDAN BECKER: Over COVID, It was the perfect opportunity because people filled their time with watching 24/7 videos of cool stuff, fun facts, of maybe interesting things. There’s Dances, which is very popular. And the issue is that with that information, they have the power to influence whoever is in their fan base, which in this case is every TikTok user. And it doesn’t need to be said of the influence of having a foreign power push, a ideal, a set of videos, a political video, really anything of the kind that would influence a child, a teen, even adults who don’t know better and don’t want to disprove it, that is their main source of information. And there’s a reason that newspapers exist and not TikTok social media as official platforms of news.
DANIEL BERRYMAN: Definitely, and we’re seeing more people start to use these platforms as their main venue for that. Like you were saying, whether it’s Facebook, Instagram, TikTok, especially kids in the younger age generation, they don’t really look to traditional news outlets anymore.
DANIEL BERRYMAN: Media sources, they kind of have a distrust of them. And the problem with that, as you were mentioning, is that there’s the national security concerns about having a foreign power have such an intense data collection on our citizens without any monitoring from a domestic adversary. And then you think about the fact that China has data collection laws that allow them to look at this. For any organization that is owned by a parent company in China, the PRC has the right to look at that data.
DANIEL BERRYMAN: And then you look at the TikTok content that we’re seeing in America versus China. And because it’s like you can’t have anything anti-PRC being broadcasted on Chinese channels, it’s very audited what they’re allowed to put out there onto their waves. The content that you’re seeing go on TikTok in China is much more educational.
DANIEL BERRYMAN: It’s much more like framing it in a positive lens versus when you come to America and there’s not well-, we have First Amendment rights, first off, so there’s not as much of a filter involved. And you see things from cartel talk, (people literally digging tunnels) to like, you name it. But I appreciate that. And then to wrap us up, where do you see yourself in a year or two?
JORDAN BECKER: I would love to be working on Blue Team. Any aspect of Blue Team in cybersecurity and Blue Team and Red Team are two very common jobs you’ll see in cybersecurity. If you want a company to come to you as a cybersecurity firm and they say, hey, I have a server, I have a company I’m starting, I’d like to make sure it’s secure. As I said before, with the home security, there has to be two sides of testing. There has to be the side which tries to defend itself and which tries to see how it could be vulnerable and to patch it up. And then there’s the red team, which is the offensive side, who are trying to penetrate and to try and take the data. So by constantly working against each other, that is the harmony, essentially, of a successful job completed. So I would like to work on the blue team, preferably.
DANIEL BERRYMAN: Hell. Yeah. Well, that sounds like it’s going to be exciting work. I really appreciate you coming and taking the time to talk to us. It’s been a great crash course in the industry and honestly, I can see it being a very educational experience for people that aren’t as technically inclined.
JORDAN BECKER: 100%, Thank you for having me on
DANIEL BERRYMAN: Of course! Its been a pleasure
DANIEL BERRYMAN: You’ve been listening to Breaking-In with Berryman, it has been my absolute pleasure to have you with us today, I wish you all the best and GOOD NIGHT!
Daniel Berryman – firstname.lastname@example.org
Jordan Becker – Recent American University graduate
American University, Washington D.C.