Łukasz 
"Charlatans in InfoSec - from Kim to Jonathan" by @[email protected] at @[email protected] starts in a couple of minutes.
I'll be live tweeting/tooting it in this thread! 🧵
I'll be live tweeting/tooting it in this thread! 🧵
Charlatans damage the reputation and trust in infosecurity and their behaviour can have real life consequences
This definition of charlatan is pretty close to the definition of impostor syndrome...
This charlatan playbook is very interesting. You can break down any kind of a disinfo agent into these fairly simple steps.
If you want to become a charlatan - here's your guide! :)
If you want to become a charlatan - here's your guide! :)
The charla&tan fraud matrix - from attack methods (in red) to defence methods (in blue)
Drama is always good, because it draws people's attention.
If no one is engaging with you - create fake accounts.
One of the best defence tactics is changing the topic very fast and moving on to the next thing.
If no one is engaging with you - create fake accounts.
One of the best defence tactics is changing the topic very fast and moving on to the next thing.
Let's do case studies!
First up: our friend and his "remote code execution" PoC that isn't really an RCE.
The video is apparently 50 minutes long...
First up: our friend and his "remote code execution" PoC that isn't really an RCE.
The video is apparently 50 minutes long...
Next up: unhackable wallet pushed by John McAffee.
The last point is really good: you can claim some government has hacked you because they usually won't engage with you and if they do - it's a conspiracy!
The last point is really good: you can claim some government has hacked you because they usually won't engage with you and if they do - it's a conspiracy!
Jonathan: Chinese Olympics app spies on you because there's a string that mentions microphone or whatever...
Doesn't matter as long as the media buys it and reports on it.
Doesn't matter as long as the media buys it and reports on it.
Next up: drama. Drama is good because The Algorithm only cares about the engagement, no matter if it's positive or negative.
Lie about your past by mixing truth and lies.
Lie about your past by mixing truth and lies.
Change topics as frequently as possible, if you change whole domains it's even better!
You're moving from one set of debunkers to the other set of debunkers and the other ones have to catch up!
And, as always, gaslight people all the time!
You're moving from one set of debunkers to the other set of debunkers and the other ones have to catch up!
And, as always, gaslight people all the time!
You have to make vague, abstract predictions and don't go into the details. If they ever come true (and since it's vague and abstract they probably will) you can claim you were right from the beginning.
Next defence strategy: victimize yourself, say that there are people out there to get you. Become a martyr. You are the hero and everyone else is a villain.
Create a personal army by working with a well defined group - e.g. Rwandan government, NSO Group etc.
Unrelated: if you figure out why this slide has a picture of pasta on it share it in the replies ;)
There's always collateral damage to charlatans - be it the reputation of organizations or it may even endanger personal lives of people who e.g. get spied on by their own government.
If something can be proven wrong you should prove it wrong. If you cannot prove something's wrong but it looks wrong ask your community for help.
Don't let the emotions take over. You will be attacked.
Assume every conversation will be made public and taken out of context.
Don't let the emotions take over. You will be attacked.
Assume every conversation will be made public and taken out of context.
... and that's it! Go and follow @[email protected]!
Popcorn was tasty, thanks Lara and @[email protected]!
Popcorn was tasty, thanks Lara and @[email protected]!
mame82 
Luc4m@maldr0id magnifiquely executed 😅🔝🔝🔝🤣
evariste.gal🌈is@maldr0id I call that the "horoscope technique", it works really well
nscrut @maldr0id this also reminds me of the Anonymous accounts who would latch on to celebrity drama on Twitter to drive views to YouTube to monetise or just for the sheer lust for clout back in the day. https://www.complex.com/music/2014/12/anonymous-threatens-iggy-azalear-on-twitter
Livia Ponzio@MoniqueCamarra check this out! 👀👀👀
webhat@maldr0id If you spot someone who might be a charlatan, just remember the acronym RIEEMODE