SafernetPodcast - Digital Desperados Episode 1: Maksim Yakubets And The Importance Of Device-Level Security

In a world where digital threats lurk behind every click, safeguarding your devices is not just a convenience—it’s a necessity. This is where the concept of ‘device-level security’ comes into play, offering a fortified shield for your personal and professional online interactions. Whether you’re a remote worker securing sensitive data or a parent safeguarding your family’s online activities, the need for robust security measures tailored to each device is paramount. SaferNet VPN rises to this challenge by delivering unparalleled protection that extends beyond traditional security means. By encompassing a vast array of cybersecurity features—including VPN services, malware defense, and internet controls—SaferNet ensures that your devices are not only connected but also comprehensively protected. As we delve into the darker corners of the digital world in this episode of the Digital Desperados podcast, remember that the device-level security offered by SaferNet VPN is your vigilant guardian against the ever-evolving cyber threats.

“Jim Brangenberg: This episode of the Digital Desperados podcast is brought to you by SaferNet VPN, found online at SaferNet. com.

Welcome to the Digital Desperados podcast featuring dark tales from the web. Patrick McMurphy is here today to tell us about our dark tales. I’m Jim Brangenberg and I’ll serve as your story guide.

We’re also joined by Brad Hawkins from SaferNet VPN. This podcast is brought to you by SaferNet VPN. You know, usually a business or family would need three different services for Protecting their computers, a VPN, malware, and antivirus protection as long as, as well as internet controls. But SaferNet offers all three features in one product.

SaferNet truly is an endpoint security presence that can be implemented in minutes anywhere in the world. It can be done on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes just minutes.

And it’s easily accessible anywhere in the world. And their control hub helps you monitor your employees, your family members, devices, including activity, time spent online and threats blocked. Is there any reason you don’t get secured now? I can’t think of one. We did it here at our organization. You should do it at yours.

Check out our affordable protection, SaferNet. com online. That’s SaferNet. com. Now, Patrick McMurphy, which dark tale are you telling us today?

Patrick McMurphy: Yeah, I think we’re going to start with the best one. And when I say best, probably, I don’t mean morally the best, but definitely one of the most notorious it’s a gentleman by the name of Maxim Yakubets.

He’s gone by the acronym of Aqua. The media have called him the hacker who stole 100 million, but I take a bit of issue with that because that figure is definitely much, much higher. So Aqua, I’m just going to call him Aqua, it’s because I’m going to butcher people’s Russian’s name in this, so you know.

He’s a, he’s a genius, first and foremost. Most of the hackers we talk about are, they’re either brilliant mathematicians, they’re just whiz kids with computers,

but he was an extraordinarily talented hacker. These days he’s running one of the most sophisticated cybercrime groups to ever exist called Evil Corp.

Definitely not an original name by any means, but you’ll see this in the hacking world. People kind of have cheesy names like Deathlord and all this. It’s just, it kind of comes with the territory. Now he, he’s been primarily involved in banking malware as is the rest of Evil Corp. But Aqua, Aqua was born in the late 1980s.

He was born in Ukraine. And as he grew up, it was, yeah, late 1980s. So he grew up into really post USSR Ukraine. And his family were moving close to Russia and Moscow, and it’s, I mean, if you think about it back then, it is a titanic change in your life, going from communism to quasi capitalism, it never really quite worked out there, but it’s a titanic change for any country to make, so it is a difficult upbringing and he, Really spent a lot of his formative years around Moscow and there, there’s not a lot of information on his family out there.

The only person we kind of know, we do know his father is still alive. There was a couple of years back, a bunch of reporters from, I think it was Channel 4 in the UK. They went to the father’s apartment in Moscow. Real, just a modern apartment, nothing fancy or special about it. They tried to interview him.

He wasn’t taking interviews, obviously. He just, he told them that his son wasn’t a criminal. I mean, obviously, look, you’re living in Russia. You can’t really be saying your son’s a criminal. You probably did.

Brad Hawkins: I, I, I, I gotta say. Obviously, he doesn’t, he doesn’t know this name of his son’s company named as Evocore.

You would think, what made him, maybe my son has stepped offline a little bit.

Jim Brangenberg: Maybe, yeah. They, maybe they, they were like clowns for birthday parties. They just happened to be called Evocore, you know?

Brad Hawkins: It’s a little head in the sand stuff, but yeah. But yeah, so, I mean, again, not a lot is known about how we got into computing but we kind of first see Aqua in the media around 2009.

And so, 2009, Aqua got involved with this gang called the Jabber Zeus crew. And so Jabber Zeus, with their name, they’re using a piece of malware called Zeus, which is a banking virus. Now Zeus is a real historical virus if you look

back on the history of digital virology because it started many, it’s basically, it’s source code was taken as time went on and other viruses were created from it, but this is around 2009 is the genesis of Zeus.

He didn’t create Zeus, did he?

Patrick McMurphy: No. No he didn’t. It was created by, I was hoping you would not I cannot, I cannot pronounce the creator surname.

Jim Brangenberg: I got it. It’s Hamza.

Patrick McMurphy: I was gonna call him Hanny B. I was gonna, I was gonna go with Hanny B, but yeah, you can go with that. I’m probably gonna wake up tomorrow with Zeus on my computer for saying that, but, you know. Yeah, he was just an operator, and you kind of do find this as well. The, oftentimes the, the original virus will be created by some…

Like Mathematical Zabant type character, some real, you know, next level guy. And then it’s distributed by various hackers who use different techniques. And so when he was, when Aqua and the Jabberzoo’s crew were distributing it, they were mostly going by phishing attacks. So, you know, you get a dodgy link in an email and it could be from a stranger or it could be from someone pretending to be someone you know and say, hey, click on this and…

Bang, it’s a drive by download, you’re infected. Now Zeus had a number of capabilities.

Jim Brangenberg: What do you mean by a drive by download?

Patrick McMurphy: So that’s, that’s kind of, it’s, it’s, it’s one of the kind of quickest attack vectors. So it’s, you’re just opening a link and without you really knowing it, there’s a, there’s malware being…

Download it onto your machine, because a lot of people make the mistake with phishing. They say, Oh, I can click a link, but I just, if I just don’t enter any account details, I’ll be fine. But that’s actually not the case. Just the act of clicking the link is, is enough to get you infected. That’s the door. That’s the door they’re opening,even with device-level security

Jim Brangenberg: So Patrick, I just, this question is, you know, I’m a simple guy. What? Why do people do this stuff? I mean, do they have no other time on their hands? Are they truly doing this as a job? They’re doing this because they

want to make money. So they’re going to do, I mean, I mean, you’ve been studying hackers, even studying virus guys for years. Why? they go to school for this?

Patrick McMurphy: It’s a school, but it’s not an official school, I would say, more, more than the school in the dark web. Yeah, you don’t. No, you might get a digital degree, maybe like an NST type degree or something, but digitally assigned. But I think really, Jim, there, you, you come across a few different motivations, some, which we’ll see in a couple of weeks time are a lot stranger than others, but, I would say the most common is financial gain.

It’s financial gain. Now, with that I would say what’s a joint motivation with that is that they are either under pressure from their government or they’re actually working for their government to carry out the attacks. Because if you’re looking at a guy who’s deploying banking malware to, we’ll say, a bank in the United States.

It’s doing two things. He’s getting money from it, but it’s actually disrupting something in the United States as well. So it’s, it’s kind of, there’s two reasons for an attack like that.

You know, they’re making money and they’re having a giggle at the same time.

Jim Brangenberg: All right. You better get back to this guy’s story.

Patrick McMurphy: Yeah. So Zeus, yeah. So as I said, it was distributed by phishing attacks and it had a few capabilities. It could deploy other malware, including ransomware, which is just deadly. One of the worst kinds you can get. It had a key logging feature. I know that’s where. Someone can, is tracking your keystrokes, so if you typed in the word hello, they could see you typed. H E L L O. You can imagine, if that’s on someone’s computer, they’re typing in bank details, all that information is going back to the hacker’s server. Probably it’s worst thing was it’s ability to hijack the browser to create fake login pages. So we’ll say you’re infected with Zeus. You go onto your, you open your browser, and you go onto, let’s say, Chase Bank.

And it doesn’t matter if you type in the URL, it’s in a bookmark or whatever, Zeus notices it, the URL actually might even still seem the same. Brings up a page that looks identical to Chase. You enter your login information. And you’ll just get an error saying wrong password or something. Whereas in fact, Aqua, you just gave Aqua your bank account details.

So this thing was vicious. It was vicious. And during its time, really, cause this was the peak of Zeus, but Zeus made between 70 million dollars on Aqua was definitely the main guy with Zeus. So it was devastating at this time. Again, why device-level security is so critical.

Brad Hawkins: how does Aqua get Zeus if somebody else made it, do they just share their technology to help everybody out, or are they working together or what’s the strategy?

Jim Brangenberg: Hackers, they steal it!

Patrick McMurphy: Yeah, well, there’s a lot of different strategies. We often talk about SaaS, software as a service, but something that’s very popular is MaaS, which is malware as a service. So, a hacker is on the dark web. Ransomware is probably actually the most powerful, but they’re on the dark web and they rent out licenses to use their, to use their malware.

So it’s, it’s a business, man. It’s these guys, like these guys aren’t clowns. They’re businessmen just with you know, different motivations.

Brad Hawkins: Gotcha. Gotcha.

Jim Brangenberg: I got it. I got it. Okay. I want to hear more of the story. And Patrick, you could pick up here in a second. Yeah. But Brad, you know, you’re talking about these are people that are stealing virus offers from other people or paying licensing to virus offers.

They can do it. And this is just one virus. We know there’s lots of them. I mean, and this is any, this is why SaferNet exists.

Brad Hawkins: Honestly, you know, I’ve been here thinking Man, these guys are, these guys are on top of it. If, if, if we could just help them with a little morality, I’d love to hire them. But they, they know what they’re doing, but the struggle is, is that they’re using it just to, to steal.

They could, they could be amazing at business if they would just run it straight up and they could enjoy their money right in front of everybody. Yes, that is the reason that SaferNet exists. That is exactly the reason, is that you know, one of the, one of the things that, that Patrick said was that You know, you just to drive by it, just you’re not even paying attention and it gets you all of a sudden now you have Zeus on your device and it’s wanting to suck up all your passwords or whatever it is that it’s trying to get to.

And the reason is, is that most people forget to turn on the cyber security devices and the tools. That you have on your device. So if you’re working for a company, the company puts it in there. They say you have to use this, but you forget to turn it on. You forget to turn on a whatever, whatever it is that we’re working on.

But the reality is, is that with SaferNet, one of the greatest things that I’m proud of our developers are putting out. Is that we’re 24 seven always on you. You don’t even have to think about it. It’s always They’re protecting to stop those drive bys

Jim Brangenberg: SaferNet. com. All right. Now patrick you said that the american government finally got the I mean they finally Think like hey this yakubets Hey We got to watch out for him.

Patrick McMurphy: Yeah. And what really was the catalyst for that was that, you know, Aqua had been targeting a lot of Western Europe and American companies, but what he did was he targeted the Kentucky County treasurer. So at that point you’re, you’re actually targeting the government in a sense. And that, and that’s when the U. S. got, you know, that really ticked them off. Now something notable about that attack, and it, it really just speaks to Aqua as a hacker and his methodology, was that he hoises tracks so well that it took eight days for the Treasurer to notice any money was missing. Now you might say it was just a bad treasure, but I’d like to believe that.

Aqua was pretty significant in what he did there. But that attack alone, that was half a million dollars. But it was an inter it was an international incident. And the U. S., the U. S. appealed to other countries to help them. They did figure out he was Russian. It’s unknown how. It could be some calling card.

He may have even, you know, he could have left anything there. But. He asked the Russians to, they asked, the U. S. asked the Russians to help them track down Aqua, which was one of the last times they asked the Russians for help in something like this, but So what happened was that Aqua, even though this guy is so good at hiding his tracks, he actually used a duplicate email in one of his hacking attempts, and when he had ordered something to his house online, I think at like 12 months previous.

And the FSB, the Russian intelligence wing, they caught this and so they raided the apartment he was living in. He was there living with his first wife and their child, who was a baby at the time. And this raid is, is the turning point in Aqua’s

life. The Russians immediately claimed to the U. S. that Ack was innocent and no further action needs to be taken.

Now, if the story ended there, it wouldn’t be a very exciting story. In reality, what happened here is that the FSB realized that, okay, we’ve got a serious hacker on our hands. This guy is really talented. So the FSB either coerced them into working for them or they recruited him. I’d like to believe they recruited him just based on his later life after this.

They tell the U. S. Don’t worry about this guy. You’ll never hear from him again. And then they take him under his wing or they take him under their wing effectively and his career just explodes at this point.

Brad Hawkins: What does the FSB stand for?

Patrick McMurphy: Something in Russian that I cannot pronounce. Oh, okay.

Jim Brangenberg: It’s the Federal Security Bureau.

Patrick McMurphy: Is it?

Jim Brangenberg: I just made that up, but I’m going with it. .

You could’ve said yes there and I would’ve bought it.

Patrick McMurphy: Like if you, if you wanna sell me some magic beans, Jim, I’ll buy a pack off you .

Jim Brangenberg: There are some beans at the end of the rainbow. I, I heard an Irish guy say that once.

Patrick McMurphy: That’s a pot. That’s a pot of gold. And we’re very protective about our pots of gold.

Jim Brangenberg: Yeah, bet you are. Alright, so, so the Russians, obviously we know the Russians are now in charge of lots of hacking. They clearly found the leader of their. The Hacker Division.

Patrick McMurphy: Yeah, they found their golden boy. And immediately they start introducing him to the top dogs. They introduce him to Dmitry Peskov who was, and still is, Putin’s press secretary. So he’s immediately going to the top.

He gets introduced to an FSB agent by the name Edward Benerskaya. Now, Benerskaya is believed to, he could have been a mentor for Aqua in terms of just dealing with, I suppose, Russian political life.

No, these two grow very close. Later on, in fact Aqua marries Benerskaya’s daughter. So he introduced him to the family. These guys are toys. And so Aqua really under the direction of, and with the funding of the FSB phones, EvilCore this international cyber crime crew, they’re based out of Moscow Aqua has insane plans for EvilCore. It’s plans like this why you need device-level security.

He wants to take Zeus, remodel it and make it better. And so they do. They invent something called DroidX, which is built on the bones of Zeus. Zeus at this point, you don’t see a lot of Zeus infections that much anymore because people are figuring it out. There’s unlockers for it. This always happens with malware.

In the lifespan of malware, it’ll get stalled by white hat hackers, the cybersecurity experts. And then something new will appear. DroidX is this new piece of malware. It had much greater obfuscation methods and it was also distributed by phishing. Thanks for watching. But here’s, here’s the thing, right?

Brad Hawkins: So, so, Patrick, you said distributed by phishing. Yeah. Can you give a quick explanation of that?

Patrick McMurphy: Yeah. So we’ll say I’m a hacker. I send, I have a list of business leader emails. I send them all an email with the links in at, Hey, you need to see this quickly. It’s about the company’s finances. They click on it and they’re suddenly, you know, it’s a fake login page, or again, it could be a download again.

But effectively, you’re just trying to convince anyone who will read your email that they need to click on this link. There is another type called spear phishing, where I deliberately target someone in a company, like I might look at Brad’s CEO of SaferNet, so I get Brad’s email specifically. I might write to Brad, pretending to be SaferNet’s accountant, and say, Brad, you need to look at this, you need to look at this for, you know, our finances for the next 12 months.

Such and such a thing, but it’s all just a ploy to get you to click a link to either get your account information or deliver another virus on your system.

Brad Hawkins: Yeah, I’ve, I’ve, I’ve seen some of those phishing emails and it’s just absolutely amazing how enticing it is to, to, to click on them. I, I, I got one

from my electric company and, and, and I’m like, Gosh, I need to do something on my account and and I work in this field and I click on it and I get this SaferNet window saying I don’t think you want to do that.

And so It stops you right in the middle of it But it was it’s absolutely amazing how easy it is to click and to get Sucked into those phishing emails, but yeah.

Jim Brangenberg: You guys just solved a problem for me. I’ve got an 89 year old mother Who, when she sees a link, she thinks that is the prettiest thing in the world.

She has to click on that link. I have to do this. We need to put SaferNet on every elderly person’s computer to save them. From clicking on pretty links because my father in law who is now with the Lord, he he was clicking on every link. I mean, he actually answered the phone when people said, Hey, I’m calling from Microsoft.

We need to update your antivirus. He would talk to those people. This is fantastic. This is great. But I was thinking, Patrick, that this is like this, this Yakubets thing that this whole aqua guy. This is like the next episode of Austin powers and his. This is some powers where we should actually submit this to Hollywood. Well, once they get off strike. All right. So, so, so this ride X thing,

Patrick McMurphy: I do want to add about trade X as well. So it was delivered mostly by fishing. However, Aqua was concerned that people would get educated about fishing attacks. He did not need to be concerned about that because it’s still happening, even with device-level security.

People get fished every single day. It can happen to anyone. So what he does, he also distributes it through what is what are called Microsoft Word macros. And it was called Microsoft Word, but it, it applies to Excel and just that general suite of products. And what that is, it’s, it’s the one attack where there is actually zero defense for except education.

So what happens, it’s, it’ll start like a phishing attack. I could be the accountant talking to a CEO and saying, Hey, look at this document, this Excel spreadsheet. Do the numbers look correct here? And the person opens it, now it’ll just be, it’ll be an attached document and people will see it and think, oh, it’s just Microsoft Word, it’s not necessarily a link, nothing can go wrong.

And they click it, and occasionally if you get kind of corporate level Excel sheets or Word documents, there’ll be an option to enable macros that’ll pop up.

And if you click OK on one of these pop ups, and it’s sent by someone like Aqua, immediately, Right. X’s on your machine, because what happens in the background, the macro that executes is actually a piece of code saying, go to this server, download this and execute it right now.

And the person never knows. They just, they’re looking, they might even be looking at a black document and then, you know, go back to the person. They think who sent it and said, oh, I didn’t send you anything. So the work, the macro attacks are just next level. They’re next level.

Jim Brangenberg: All right. You better finish up the story before I run out of time.

Patrick McMurphy: Yeah, yeah, sure. There’s not a ton left. But, so Aquid, he’s really pushing Tridex. Tridex ends up being found in over 40 countries. Hundreds of millions of dollars worth of theft. That’s why I don’t think he’s stolen 100 million. It’s a lot more. In fact, if you’re in the US now, and you get a Tridex infection you are by law not allowed to engage in transactions with Evil Corp, which really pushes home why device-level security is important.

If they hold your computers for ransom, it’s against the law to pay them. It’s that serious. B have a $5 million bounty on Aqua’s head. So the man definitely cannot leave Russia at all.

Brad Hawkins: Well, it, it could be that he only made the a hundred million because he is having to share the rest with the, the Russian government, though

Patrick McMurphy: it’s a strong possibility.

But I mean, if you look at his day-today life, so you know, he did marry this FSB agent, daughter, their wedding was the best day for Russian cyber crime. Who’s who? Top most wanted cybercriminals, lot of FSB agents, politician, wedding itself costs over 300, 000. So he’s definitely, there’s definitely money coming from somewhere.

Furthermore, he he drives a 200 or 200, 000 Lamborghini. around Moscow with the words B. O. P. on the side, which is Russian for Thief. So he’s very proud of what he does. There’s videos of the cops stopping him, and then they realize who it is, and they’re just having a laugh with him. And he’s doing donuts around Moscow.

The guy’s above the law in Moscow. He’s basically immune, because he’s now functionally immune. Not only just an FSB agent, but the FSB golden boy when it comes to computer hacking. Wow. But yeah, he’s still at large. Like I said, if he leaves Russia, he probably has about 50 FBI task forces waiting for him.

But I think he’s pretty happy in his mansion hacking the world. So, that’s Maxim Yakovets, Aqua.

Brad Hawkins: Wow, that’s amazing.

Jim Brangenberg: So let me just ask, I’m a simple guy, and so, if an email gets sent to me and I don’t do anything with it and I just delete it, I’m okay, right?

Patrick McMurphy: If you delete it, yeah, but I would do some bit of digital hygiene you know, a lot of these emails can just be sent out on a blast.

You could just be a random target. But if I did get an email, I would still, you know, check my accounts, has there been any unusual, check all my accounts, has there been unusual activity? Am I actually being targeted, or am I just a random a random target, you know?

Jim Brangenberg: So, brad, can, if I’m getting an email and it’s got naughty stuff on it, is SaferNet helping me out there?

Brad Hawkins: Oh, oh, totally. You know, what we’re doing is we’re, we’re locking down that computer so that it doesn’t reach out to places that we know that are bad locations. So, if you click on a link that, that we know that is a location that you don’t want to go, even if the web, even if the the email page looks like, Something you’ve seen a hundred times from companies that you work with.

If that link takes you to a wrong location we’re going to stop it. And you’re, you’re going to have to go through a lot of hoops to get to that, that location. And we’ve, we’ve actually had clients that have done that turnoff SaferNet. And, and because they know that they’re supposed to go there.

And, and have regretted that move. But the, the reality is, is that we’re, we’re trying to silo your work into the locations that we know that are good.

Jim Brangenberg: It’s amazing. Anybody that’s ever had a ransomware attack from our buddies over there in Russia, it’s painful because if you don’t have a

great backup. You’re paying, you’re paying a ransom in order to get your computer. You’re a host.

Patrick McMurphy: It’s either that or you’re throwing the computer out the window, you know, it’s, it’s a bad deal.

Jim Brangenberg: So Patrick, I love that you brought the story of Aqua and I, just the awareness of where did this all come from? It’s sad that there are people out there in the world that this is what they’re doing, but we now understand more how Russia.

I mean, they are known as the number one hackers in the world because they’ve got nothing else better to do because they destroyed their economy. So this is one of the ways to get to do it. And we’re talking about it.

Patrick McMurphy: And I mean, a lot of these guys, you know, we haven’t heard anything, maybe in the last two years from them. And that’s, I mean, a lot of these guys now probably employed in their current war in Russia. And they’re, you know, they’re, they’re doing diver warfare as opposed to actually targeting us corporations for, for a few years. Anyway, you know, boss. They’re still out there the whole time, man. You know, it’s, it’s crazy, which is why cybersecurity as a whole and device-level security is important.

Jim Brangenberg: It is crazy, but it’s good to know that SaferNet’s there to back us up because this is a, this is a great thing. Love the fact that you’re bringing these stories to us. Can’t wait for the next episode. Just remember you heard it here, the internet and everything digital. Can have a dark side with many dark players.

It’s why you need SaferNet by your side. Thanks to SaferNet for supporting our efforts to bring these stories to your ears and giving them the exposure that they need, please, for your own safety and security of those you love and those you work with, check out SaferNet. com SaferNet. com. And get secured today. Till next time click only on the attachments you trust from those you trust and delete the rest, or you may become the next victim of a digital desperado.

Outro: This episode of the digital desperados podcast is brought to you by SaferNet VPN found online at SaferNet. com.

Calling all entrepreneurs and parents. Protecting those we love on the internet is important. Safeguard your ventures and loved ones with SaferNet VPN. Our cybersecurity app keeps you safe on any device.

Shield your business from cyber threats while ensuring a family friendly online environment. Simplify your digital life with SaferNet VPN today. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com.”

As we conclude today’s insightful journey with the Digital Desperados podcast, let’s reflect on the critical takeaway: the importance of device-level security in our interconnected era. SaferNet VPN isn’t just a tool; it’s your digital bodyguard, vigilantly securing every device you own—from smartphones to laptops. It’s the armor in your arsenal against cyber threats, ensuring that your online environment remains uncompromised. With SaferNet VPN, you’re not just using a service; you’re embracing a comprehensive security strategy designed to protect at the device level, where the battle against cyber risks is often won or lost. So, equip your digital life with SaferNet VPN, and move forward with the confidence that comes from knowing you’re protected at every turn. Visit SaferNet.com now and take the definitive step towards complete device-level security. Secure your peace of mind today, because in the digital world, safety isn’t just a feature—it’s a promise.