He Didn’t Hack In. They Let Him In.
The hacker isn't a thousand miles away in a hoodie. He's standing at your desk in a polo shirt, holding a clipboard, asking to plug something into your computer. And law firms are the target. Frank Downs and Dustin Brewer break down the Silent Ransom Group — the crew skipping the phishing email and walking straight through the front door. In this episode of Legitimate Cybersecurity, Frank and Dustin dig into SRG (aka Luna Moth, aka Chatty Spider), a Conti offshoot now assessed — and corroborated by an FBI FLASH alert — to be running physical IT-impersonation attacks against law firms and other data-rich targets. They discuss why physical social engineering is suddenly back from the 1990s, the cyber-psychology that makes us trust a stranger with a lanyard, Dustin's casino fake-badge pen test, why law firms are such a rich target (trade secrets, M&A, criminal defense, HIPAA data), and the brutally simple fix most companies skip: trust but verify. The conversation also covers why "keyboard Frank" is a different person, the hospital HIPAA nightmares you've personally witnessed, and AI's role on both sides of the kill chain. The one thing to leave with: if an IT person shows up unannounced, it costs you nothing to call IT and confirm before you let Steven in. Media/interview: [email protected] Audio: https://legitimatecybersecurity.podbe... Chapters: 00:00 — The hacker shows up at your door 00:36 — Mandiant + FBI: who Silent Ransom Group really is 02:39 — The cyber-psychology of "why physical works" 06:00 — War story: the student who ran from the front desk 08:00 — Cutouts, proxies, and unwitting accomplices 11:53 — Why physical access does damage instantly 12:09 — Law firms: the richest target set there is 15:46 — Mar-a-Lago, thumb drives, and the history of in-person hacks 19:08 — Tailgating past security (Dustin's seventh-floor proof) 20:58 — Trust but verify: the fix that actually works 26:26 — The societal norms bad guys exploit 27:02 — The casino badge: getting your face "known" 28:00 — The human is always the weakest link 29:41 — AI is only as smart (and hackable) as we are 32:12 — Keep on cybering #Cybersecurity #SocialEngineering #Hacking #InfoSec #DataPrivacy #LawFirms #PenTesting #AI #CyberAwareness #SilentRansomGroup #LunaMoth #PhysicalSecurity
How to Detect a Fake Cell Tower Spying on Your Phone (Stingray)
THESE Apps Are SPYING on You — Shut Them Off NOW!
Active Risk Management with Dr. Adam Link of Fireweed Capital
Palantir. IT’S WORSE Than You Think
When AI Chatbots Convince You You're Being Watched
How The Dark Web Actually Works | How Crime Works | Insider
Trump Attends NBA Finals, Cries Election Fraud in California & Storms Out of Interview
Attacking AI - Jason Haddix - NDC Security 2026
What RAF Pilots Said When They First Flew The American P-51 Mustang
Dragonfly sued my friend, now they're cooked
Your Phone Is Not Listening to You - Truth Is Much Worse
The Most Mysterious File On The Internet
Palantir and Switzerland – Between Data and Power | Reporter | SRF
The Most Destructive Hack Ever Used: NotPetya
What Is AI-Native Security? The Future of Security Operations
Hacker Shows the Most Insane Gadgets in His EDC
My Golden Retriever Heals a Terrified Rescue Kitten in Just 3 Meetings!
Knicks Fans Brand Elmo a Traitor & Trump Storms Out of "Meet the Press" Interview | The Daily Show
Undefeated Muay Thai Champion Pointed at a Foreigner — Didn't Know It Was Bruce Lee
