She hacked a billionaire, a bank and you could be next. Do this now to protect yourself!



She has hacked a CNN reporter, a billionaire, a bank and many others. Rachel Tobac can hack just about anyone – including you. Learn how to protect yourself.

// MENU //
0:00 – Intro
00:58 – Rachel Tobac introduction
01:36 – Hacker vs Criminal
02:28 – SocialProof Security // Hacking sea shanty video
04:02 – Hacking CNN’s Donie O’Sullivan
05:36 – Flaws in phone call authentication
08:01 – Finding passwords through data breach repositories
09:00 – Preventing hacks // YubiKey & MFA
16:38 – Flaws in SMS authentication
18:01 – Creating “uncrackable” passwords
19:56 – Recommended password managers
21:26 – “Politely Paranoid” // Be vigilant
23:17 – Phone call authentication is in the dark ages
24:59 – Tips to prevent being hacked
26:41 – MFA fatigue // How a teenager hacked Uber
29:05 – “Hacking isn’t that complicated”
30:07 – Hacking Jeffrey Katzenberg // Learn from examples
33:06 – Delete the cookies // Have a different computer for work and home
34:22 – Scenario: preventing hacks as the president
45:59 – Effective preventions // Password managers & MFA
47:51 – Hacking into a bank
49:33 – “Infiltrating” a company
51:53 – Technical-based vs human-based
53:31 – Getting into Social Engineering at DefCon
55:39 – Tips for getting into Social Engineering
57:36 – Final words // Conclusion

// Rachel’s SOCIAL //
Twitter: https://twitter.com/racheltobac
Instagram: https://www.instagram.com/racheltobac
Mastodon: https://infosec.exchange/@racheltobac
Website: https://www.socialproofsecurity.com/

// Videos Mentioned //
– It was easy to hack a billionaire: https://youtu.be/7-lDRgxbU1Y
– John Hammond // He tried to hack me: https://youtu.be/y1WgyR4c-4A
– Corridor Crew // Channel was terminated, we got hacked: https://youtu.be/KdELfn1WK0Q
– We asked a hacker to try and steal a CNN Tech Reporter’s data. She got it in seconds: https://youtu.be/LYilP-1TwMg
– Watch a CCN Reporter get hacked: https://youtu.be/yIG4kTJTZuY
– Watch How Easy It was to Hack this CNN Reporter: https://youtu.be/Wb4-4PN8u4w
– 16 Secs to Break Wifi Networks Owned! https://youtu.be/ZTIB9Ki9VtY
– Modernize MFA with the Yubikey: https://youtu.be/YRQAJzOuo10
– Inside the mind of and ethical hacker https://youtu.be/UwPK_ietuxg
– My YouTube channel being hacked https://www.youtube.com/watch?v=gii-IMlv6_Q

// Books //
The Social Engineer’s Playbook by Jeremiah Talamantes https://amzn.to/3BmU3pq

// David’s Social //
Discord: https://discord.gg/davidbombal
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Channel: https://www.youtube.com/davidbombal
YouTube Tech Channel: https://youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

dreamworks
hack a billioniare
jeffrey katzenberg
jeffrey katzenberg hacked
cnn hacked
cnn
hack cnn
Donie O’Sullivan
rachel tobac
Donie O’Sullivan cnn
hacker
social engineer
yubikey
CNN
CNN Business
technology
cybersecurity
defcon
2fa
mfa
token
web hacking
hacking
infosec

#cnn #billionaire #hacking

source

This Post Has 23 Comments

  1. David Bombal

    She has hacked a CNN reporter, a billionaire, a bank and many others. Rachel Tobac can hack just about anyone – including you. Learn how to protect yourself.

    // MENU //
    0:00 – Intro
    00:58 – Rachel Tobac introduction
    01:36 – Hacker vs Criminal
    02:28 – SocialProof Security // Hacking sea shanty video
    04:02 – Hacking CNN's Donie O'Sullivan
    05:36 – Flaws in phone call authentication
    08:01 – Finding passwords through data breach repositories
    09:00 – Preventing hacks // YubiKey & MFA
    16:38 – Flaws in SMS authentication
    18:01 – Creating "uncrackable" passwords
    19:56 – Recommended password managers
    21:26 – "Politely Paranoid" // Be vigilant
    23:17 – Phone call authentication is in the dark ages
    24:59 – Tips to prevent being hacked
    26:41 – MFA fatigue // How a teenager hacked Uber
    29:05 – "Hacking isn't that complicated"
    30:07 – Hacking Jeffrey Katzenberg // Learn from examples
    33:06 – Delete the cookies // Have a different computer for work and home
    34:22 – Scenario: preventing hacks as the president
    45:59 – Effective preventions // Password managers & MFA
    47:51 – Hacking into a bank
    49:33 – "Infiltrating" a company
    51:53 – Technical-based vs human-based
    53:31 – Getting into Social Engineering at DefCon
    55:39 – Tips for getting into Social Engineering
    57:36 – Final words // Conclusion

    // Rachel's SOCIAL //
    Twitter: https://twitter.com/racheltobac
    Instagram: https://www.instagram.com/racheltobac
    Mastodon: https://infosec.exchange/@racheltobac
    Website: https://www.socialproofsecurity.com/

    // Videos Mentioned //
    – It was easy to hack a billionaire: https://youtu.be/7-lDRgxbU1Y
    – John Hammond // He tried to hack me: https://youtu.be/y1WgyR4c-4A
    – Corridor Crew // Channel was terminated, we got hacked: https://youtu.be/KdELfn1WK0Q
    – We asked a hacker to try and steal a CNN Tech Reporter’s data. She got it in seconds: https://youtu.be/LYilP-1TwMg
    – Watch a CCN Reporter get hacked: https://youtu.be/yIG4kTJTZuY
    – Watch How Easy It was to Hack this CNN Reporter: https://youtu.be/Wb4-4PN8u4w
    – 16 Secs to Break Wifi Networks Owned! https://youtu.be/ZTIB9Ki9VtY
    – Modernize MFA with the Yubikey: https://youtu.be/YRQAJzOuo10
    – Inside the mind of and ethical hacker https://youtu.be/UwPK_ietuxg
    – My YouTube channel being hacked https://www.youtube.com/watch?v=gii-IMlv6_Q

    // Books //
    The Social Engineer’s Playbook by Jeremiah Talamantes https://amzn.to/3BmU3pq

    // David's Social //
    Discord: https://discord.gg/davidbombal
    Twitter: https://www.twitter.com/davidbombal
    Instagram: https://www.instagram.com/davidbombal
    LinkedIn: https://www.linkedin.com/in/davidbombal
    Facebook: https://www.facebook.com/davidbombal.co
    TikTok: http://tiktok.com/@davidbombal
    YouTube Main Channel: https://www.youtube.com/davidbombal
    YouTube Tech Channel: https://youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
    YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
    YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
    Apple Podcast: https://davidbombal.wiki/applepodcast
    Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

    // MY STUFF //
    https://www.amazon.com/shop/davidbombal

    // SPONSORS //
    Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

  2. UberGeek Dude

    Interesting how you say MFA, MFA, but not explain what that means. The Factors of MFA are
    1: what you know; DOB, address, mother's maiden name, etc.
    2: what you have; Yubi key, cell phone, etc. And
    3: What you are; biometrics such as fingerprints.
    Using two or all three would be proper MFA.
    Your password examples are easier to crack than using a mix of upper case, lower case, numbers and special characters.
    Great example for social engineering to gain access.
    I have a couple elderly clients who for the life of them are paranoid about using tech like password managers. The important key is not to use the same password for every login, as she says.

  3. Eschin Tenebrous

    Check out the recent Security Now(s) with Steve Gibson on the LastPass breach. Lot of folks are finding their vaults were still encrypted with "circa 2007" encryption standards…. And their vaults are trivial to crack with today's 'rigs', around 60 seconds or less.

    LastPass seems to be losing a tremendous amount of rep since their breach, and it's beginning to show just how negligent they were with a sizable amount of their customer's vaults. Ironically, it seems the longer you were a lastpass customer, the more vulnerable your vault is… They never upgraded user vaults to keep up with changing standards.

    From what I'm hearing, LastPass simply isn't "credible" anymore, and they may go under from this breach and it's fallout.

  4. Tyro James

    I get what mrs. Tobac is saying, but I reently watched a YouTube video, where a person using a Python script Hacked into an OFF-LINE Password system. MAN, NOTHING IS SAFE❗

  5. cyberDevil

    Great work David 😀
    And Rachel seems awesometo would love to work at her company one day

  6. Maleko Okelam

    can we talk about how many websites don't support sufficiently complex and long passwords in the first place? 🙃

  7. Michael Foster

    Only the best hackers and cyber security professionals on this channel

  8. Jesse Smith

    After listening to this, I started wondering about the use of management software that promote a single pane of glass view – located in the cloud. Should I avoide those cloud based products and use on premise dedicated devices instead?

  9. Matúš P.

    That's beautiful interview. Everyone who is on internet should watch it. Thanks @David Bombal.

  10. IBM Museum

    @5:48 – I had to contact a bank (no account and previous transaction history) when someone was attempting to fraudulently open an account in my name. The representative said she would send me a "verification text" and then asked me what number I wanted it sent to! When I incredulously responded how that would "verify" me, she said that the bank "had a way to check the number" and that it was a process that they used all the time.

  11. John K. Asenso

    She mentioned Swiss Cheese model. I think she met the lasagna model Layers of security. 🤔

  12. Vic

    David, do you know of any up and coming defcon / infosec equivalents in the UK this year?

  13. Sheriff Sheriff

    Nothing Special to be Honest. If you don't open your door, a thief would not come in.

  14. DarkCode

    Google is a data pirate probably the largest in the world so I wouldn’t recommend giving google more power over data, your data, than they already have. I’m a Cybersecurity professional btw. Also apps are full of malware. Be wary do the research.

Leave a Reply