She Can Hack Your Bank Account With the Power of Her Voice🎙Darknet Diaries Ep. 144: Rachel

Jack recounts a college experience where he received a scam call about stock predictions. The scammer accurately predicted a stock's rise and fall over multiple weeks, eventually revealing an algorithm that supposedly cracked the stock market. Jack's curiosity led him to discover the scammer's method of splitting the audience and playing the odds, which appeared as a perfect prediction to a select few.

Rachel shares her origin story, starting with her childhood fascination with the idea of being a spy, inspired by the movie Harriet the Spy. Despite her interest in technology, misguided advice from her guidance counselor led her to not pursue coding classes. Instead, she pursued a degree in neuroscience and behavioral psychology, which eventually and unexpectedly led her to a career in social engineering.

Rachel's journey into the tech world began with improv and teaching, which transitioned into a community manager role at a tech company. Her husband introduced her to the world of hacking through Defcon, a hacker conference. Despite initial reluctance, Rachel found her calling in social engineering after witnessing a live hacking contest at Defcon.

Rachel's first experience competing in the social engineering contest at Defcon led to her winning second place. Her success was unexpected, as she had only recently discovered her talent for social engineering. This accomplishment sparked her interest in pursuing social engineering as a career, leading her to apply and compete in the contest for the following two years, securing second place each time.

After consistently placing second in Defcon's social engineering contest, Rachel was approached by companies wanting to learn more about hacking and how to prevent it. This led her to establish SocialProof Security in 2017, a company focused on social engineering for hire. Her clients included major tech companies and government organizations, demonstrating her significant impact in the field.

Rachel describes a penetration test for a bank, where she was tasked with hacking into customer accounts through phone calls, emails, or chat. Despite initial setbacks with the chat feature, Rachel successfully spoofed a customer's phone number and used social engineering tactics to extract personal information from the bank's customer support, highlighting the vulnerability of voice-based authentication.

Rachel explains the process of phone number spoofing, a technique used by social engineers to manipulate targets into revealing sensitive information. She discusses the ease of spoofing numbers and the limitations of current security measures, emphasizing the need for better protocols to prevent such attacks.

Rachel's attempt to pose as a journalist to extract information about a company's upcoming mergers and acquisitions was unsuccessful. Despite her efforts to build a believable persona and engage with company employees, she was unable to obtain any significant insider information, indicating a higher level of security awareness within the company.

Rachel details her strategy of applying for a product manager role within a company to gain access to information about potential mergers and acquisitions. She invested significant time in creating a convincing persona, including a social media presence and relevant experience, to prepare for the interview process.

Rachel successfully progressed through the interview stages, maintaining her cover as a prospective product manager. During the interviews, she subtly extracted information about the company's acquisition plans by asking indirect questions, leading to confirmations in the form of hints and generalities from several interviewers.

Rachel's social engineering tactics not only allowed her to gather valuable information about the company's acquisition plans but also led to her being offered the product manager position. Her findings were presented to the security team, who recognized the need for clearer communication protocols to prevent future leaks.

Rachel was approached by 60 Minutes to perform a live hack, aiming to demonstrate the potential of AI in scamming. With the consent of the show's host and her coworker, Rachel planned to use AI to clone the host's voice and trick the coworker into revealing personal information. The challenge was to execute the hack naturally and without arousing suspicion.

Rachel's use of a voice-cloning tool allowed her to replicate the host's voice and make a phone call to the coworker, requesting personal information under the guise of the host. Despite the inherent technical delays and audio discrepancies, the coworker provided the information, illustrating the effectiveness of such social engineering tactics.

The discussion shifts towards the future implications of AI cloning on trust and verification in communication. The need for cryptographic keys and secure verification methods is highlighted to establish genuine communication channels and prevent falling victim to sophisticated AI-based scams.

Jack expresses his excitement for the rapid advancements in technology and its impact on human evolution. He envisions a future where human intelligence and technology will continue to evolve and merge, creating new possibilities and challenges that will shape the future of humanity.