Nov 2, 2020
Ryan Chapman and John Wood: Anatomy of a Breach
Play • 1 hr 23 min



Anatomy is to physiology as geography is to history; it describes the theatre of events.

 -- Jean Fernel; Legendary French physician


Those who cannot remember the past are condemned to repeat it

 -- George Santayana; The Life of Reason: The Phases of Human Progress, 1905


Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones

 -- Donald Rumsfeld; US Secretary of Defense, 2002


The World Economic Forum considered a Massive incident of data fraud/theft the FOURTH biggest risk facing THE WORLD for 2019, behind major natural disasters and ahead of man-made environmental damage including massive oil-spills or massive ration leaks.


2020 said… hold my beer.


Just last week, the Wisconsin Republican Party was attacked by bad actors and suffered the theft of $2,300,000.00 in payments that were due various vendors to their organization. How did the bad guys get in? The most basic, tried and true way of ingress: email phishing. Was the motivation to damage national and state-wide election campaigns? Was it to sew more discord in an already tumultuous election season? Was it TWO POINT THREE MILLION DOLLARS? Do we even care?


What cannot be disputed is that bad guys came into their system with bad intent and left with a lot of other peoples’ money.


When is a breach a breach? When is it a data leak? When is it simply a server left exposed? On this edition of InSecurity, Matt Stephenson talks with veteran Incident Response Consultants John Wood and Ryan Chapman about what happens once the bad guys break in and what the good guys can and must do when dealing with the results of a cyber-attack. Plus: PORT 3389! Dig it…



About John Wood



John Wood is Technical Director for BlackBerry’s (Previously Cylance) Incident Response practice. He leads teams of Incident Responders in large-scale and small-scale breaches across a variety of industries. John is responsible for evaluating and improving the tools and methodologies used by the practice and ensuring quality control across all engagements.


Prior to joining Cylance, John retired as an FBI special Agent after 23 years. During his time in the FBI, John served in six field offices where he was a computer forensic examiner and cybercrime investigator. He was involved in several high-profile cases to include being the lead forensic examiner on the Edward Snowden espionage case, the Ardit Ferizi terrorism case, the “Russian voter hacking”, and several Advanced Persistent Threat (APT) cases. He was also a SWAT operator, a bomb tech, a firearms instructor, and has also testified as an expert witness in the United States Southern District of Texas, The Eastern District of Missouri, The Eastern District of Virginia, and The Northern District of Florida.



About Ryan Chapman



Ryan Chapman (@rj_chap) is Principle Forensics Consultant at BlackBerry. An Information Security professional with over 18 years of experience in the IT realm, Ryan sees the security industry as an ever-evolving creature where nothing is stale and there is always something new to learn.

He has worked in SOC and CIRT roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through PCAPs; analyzing malware; and performing host and network forensics are all things his passions. One of Ryan’s primary interests is the exciting world of reverse engineering. Malware has become pervasive, so he relishes the ability to dissect, understand, and protect against evolving threats. He is always on the lookout for the new tricks that malware authors use to circumvent security appliances. Ryan has presented at DefCon, SANS Summits, BSides Las Vegas and San Francisco, CactusCon, Splunk.conf and Splunk Live!



About Matt Stephenson



Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe.


I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know...


Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.


InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...


Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!


Make sure you Subscribe, Rate and Review!

More episodes
Clear search
Close search
Google apps
Main menu