Hacking with Alissa Valentina Knight

Gifted hackers can access data from a government website, a hospital medical system, or even a car. Most are not aware when their personal information is stolen, sold, and used until it is too late.  Today's guest is Alissa Knight. Alissa is a recovering hacker of 20 years, a cyber security influencer, content creator, and the principal cyber security analyst at Alissa Knight and Associates. She is the author of the recently released book Hacking Connected Cars. Alissa has been quoted in articles by Brian Krebs and featured in numerous magazine articles including PC Magazine, Wired, and Forbes. Show Notes: [1:01] - Alissa shares how she started hacking at the age of 13 and she got caught hacking a government network. They came to arrest her at school. [2:27] - After this experience, Alissa later went on to own a few startups and sold them for millions of dollars. [3:44] - Alissa explains her combat training when owning a defense contracting company. She then transitioned back into cyber security. [5:10] - Her company shifted from defense contracting to private sector cyber security. [6:06] - While living in Germany, Alissa got into hacking connected cars. [7:07] - Although Alissa knows the risks of having connected technology, she is definitely a consumer of connected devices. [7:55] - We are seeing a fundamental change in cybersecurity because now it isn't just about information. It can literally be life or death. [9:02] - Alissa loves cinematography and combines her knowledge of hacking and content creation. [10:17] - Cybersecurity can be boring and uninteresting. Alissa states that she got tired of seeing the same white papers and changed it up to make it more interesting not just for her but for clients as well. [11:22] - Alissa references a book called Blue Ocean Strategy and summarizes its content in relation to her business model and content. [12:58] - "A lot of the content out there for security is told through the eyes of a blue team member. It's told through the eyes of the defender. Very rarely do we see content being told through the eyes of the adversary." [14:13] - Alissa describes what she wants people to see through her content. [15:58] - In Alissa's opinion, we need to relearn the concept of prevention. [17:27] - Chris points out that many mistakes are made when people think they have an impenetrable system. They become complacent. [18:20] - There are so many products out there right now that become very overwhelming and many don't know what to choose or buy. [19:17] - Alissa breaks down the categories of mHealth and describes how she was able to hack into them. [20:59] - When testing these systems through hacking, Alissa was shocked at how much information she was able to access about patients. [22:01] - Alissa explains the rule that CMS passed called FHIR. [24:36] - Describing the systems that hospital systems use, Alissa points out some issues with lack of security. [26:48] - Alissa shares a personal story about being diagnosed with cancer and the experience of getting an email with her medical data available through a mobile app. [29:21] - The average person is not digging deep to find where their information could have been published on the darkweb. [30:54] - Alissa explains the differences between what some providers can and cannot do with data.  [31:41] - To explain a BOLA vulnerability, Alissa uses an easy to visualize analogy. [33:58] - Some of the problems in the APIs that Alissa is testing is insecure coding and programming. She lists how this can see patient health information in medical systems. [35:13] - Simply changing an ID slightly once it has been authenticated is the number 1 vulnerability in APIs. Alissa says it's the easiest hack in the world. [36:08] - Sharing a story about an experience with a pen tester, Chris demonstrates how important testing for vulnerabilities is. [38:16] - We as consumers have to rely on manufacturers to make more secure cars and our healthcare providers to create more secure programs. It's unfortunately out of our hands. [39:54] - It is not an immediate thing to learn. Alissa points out the many tools and the importance of understanding them. [42:16] - Exploits and these penetration testing tools are important, but if they are in the wrong hands they can be used for different purposes. [43:32] - When the developer is responsible for data, it leads to many problems. Alissa describes what can happen. [46:19] - Alissa explains what she predicts what she thinks will happen in the future. [47:28] - "I think zero trust should have been the foundational elements of the building blocks from the beginning." [49:37] - There is a lot of amazing technology coming from Tel Aviv which is a shift from the past. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Alissa Knight on YouTube Alissa Knight Home Page Alissa Valentina Knight on LinkedIn Alissa Knight on Twitter Hacking Connected Cats: Tactics, Techniques, and Procedures by Alissa Knight