From working in the military to online hacktivism, Mike Jones has seen the internet in its rawest form, from a perspective that not many others can.
As host of the H4unt3d Hacker podcast, his unique knowledge of hacking has led to a career filled with remarkable stories.
In this interview, Mike shares his story of getting involved with cybersecurity, the rise of geopolitics-driven cyber attacks, and the future of hacking.
What is one of the most false pretenses when looking at security?
The little thing most of us carry in our back pocket, the cell phone has more power than the first rocket that went to the moon.
So you take that computing power and you look at how we authenticate into different apps. How can I get past this two-factor authentication and access all those applications?
I’ve seen people go as far as creating masks to get past that authentication, but I’ve been working on an attack lately which I can’t go into the details of it, but just put it this way… Two-factor authentication on mobile devices is done. There’s no way that we can rely on that anymore.
That’s the attack that I think will have the biggest impact as I’m, assuming the role of a fraudster, able to get all of his details without even having to touch the device, which is super dangerous.
Frauding people is a business, it’s an economy, it’s a market and it’s only going to grow.
What one thing have you learned during the pandemic?
It’s not necessarily a new lesson learned but that fraudsters, hackers, and cybercriminals, are just as agile if not more than businesses.
They will pocket the cash and move on to the next one. What we’re seeing is people playing on different high points during the pandemic, for example, a lot of people were using Amazon.
So many people received a phone call from, a scammer saying, “oh, someone just bought an iPhone on your Amazon account, if this was not you please call me at this number.”
Then you call and they try to scam you out of your Amazon. They’re playing on people’s fears and on people’s dependability of being able to shop fast and bring stuff into the home.
When we saw people going outside the home, we saw a huge number of credit cards, skimming, and looking at gas stations where they would set those skimmers up but since we’ve lost that face-to-face, or that physical transaction, they’ve simply put their energy into the internet.
To really understand how to defend against people like me or other fraudsters, you really have to understand psychology.
I spent years just observing people and just learning about how people interact and behaviors to look for. I think that’s key instead of, looking at criminals as criminals, maybe look at them as subjects and look at their behavior, learning the psychology and what drove them to do what they did.
I think if you understand that and you look at the behaviors, motivations, and the end game, I think you can defend yourself, it’s just a matter of understanding people.
How do you change the mentality toward committing fraud?
Education. For example, I assist the London Metropolitan Police in intervention workshops that they run for kids who have been identified as potential or future cyber-criminals.
I was brought in to talk to them and show them the potential routes they can go down, explain what’s going to happen and that it’s not a comfortable life, as well as talk to the parents and try to bridge that gap. This is what your kid is going through. And this is what you need to do in order to understand what’s going on and monitor and maintain the situation.
Young kids from 10 or 11 up to 18. The youngest one I saw was I think, 10 years old which is crazy when you think about how early in their development they are.
Kids feel like they’re indestructible and they live for the moment. It’s an instant gratification type thing.
But I think when they bring somebody in that’s been in the news, who’s truly been there, done that. There’s a little bit of respect there.
In terms of previous offenders, I’m doing some stuff right now for an individual who’s a pretty high-profile hacker and I’m just giving them an opportunity to see how I work now and see what I do.
To bring them into the fold and show them, look, you could be a speaker, you could be a red teamer, you can have your own podcast just things to give them, to keep them busy and give them some kind of positive outlook on the future.