New Host Unknown Music Video shines spotlight on phishing attacks

Press Release

11 September 2019

Host Unknown, the undisputed global leader in information-security based videos made by three random men based out of London has delighted fans with its eagerly-awaited third song.

Already an established acting team, the group rose up the musical charts with their hit single in 2014, “I’m a C I Double S P“, and was followed up by 2016’s “Accepted the Risk”.

The trio’s latest video, ‘Lost all the money‘ a parody of Nelly’s Ride Wit Me is expected to be a huge hit, with one insider telling us off the record that YouTube may need to increase their bandwidth just to accommodate the rush of expected views.

Sole founder Thom Langford explained the challenges that come with a third song. “There are a lot of expectations with a third song. You have people wondering if the first two songs were just lucky flukes. So, I won’t lie, there was a lot of pressure, both externally and internally. But this is the moment that almost two decades of being a CISO prepared me for.”

Adding his views, sole founder Andrew Agnês said, “People recognise that I’m the creative bulldozer behind the songs. I locked myself away in the recording studio for weeks to nail this, because if I hadn’t nobody would have.”

Sole founder Javvad Malik was unavailable to comment as he was on holiday at the time of writing, but he did send his love and appreciation for all of his fans.

None of the supergroup’s sole founders would respond to comments about being snubbed twice by the Pwnie Awards.

Watch the full music video: Lost all the Money

About Host Unknown

Host Unknown is an information security educational / entertainment group from London, England. It was the pioneer and most significant popularisers of Infosec-Rap and is widely considered one of the seminal groups (based in London) in the history of information security. The group has endured controversy owing to their lyrics which many security managers viewed as being disrespectful of their trade, as well as its glorification of certifications and risk management. The group was subsequently banned from many IRC and sub-Reddit channels. In spite of this, the group has amassed a huge and loyal following.

Our C-level Friend

We all have a friend that’s made it to the upper echelons of success, they’re a C-level exec. They’re the ones with the tailored suit, VIP passes, and corporate cards that can help out friends in need.

But sometimes you do wonder how they ended up in the position they’re in – as did Kav, who told us all about Randy and their C-level friend Jhom. (names have been changed to protect the guilty innocent.) 

I have people to do that for me

Jhom likes to talk about technology, like how a shark talks about dental hygiene. Sure, it’s probably a concept the shark understands, but there’s no way it could hold a toothbrush in its fins.

Whenever called out about his lack of hands-on technical skills on any system after 1991 Jhom responds with, “I don’t need to know how to do that, I have people to do that for me.”

Social media what?

Jhom doesn’t know how to use social media. The only people that don’t use social media are people in prison without access to the internet, or members of weird religious cults.

For many years Randy and I told Jhom he should create a Facebook account to at least secure his identity. When he failed to do so, some unknown people setup a Facebook account under his name.

These people would post on Jhom’s behalf, made a whole bunch of new friends, as well as connecting with some old school friends.

Luckily, before things got out of hand, Randy and I were able to track down the culprits and gain access to the account before handing control over back to Jhom. I shudder to think what would have happened had we not been there to watch his back.

Instead of being thankful Jhom accused us of being behind the account all along.

If that’s how he treats his friends, I’m glad we don’t work for him.

Fanboi

Jhom refuses to own any electronic device that isn’t made by Apple. He believes linking all his devices through iCloud is the height of convenience.

One time, in a WhatsApp group chat, Jhom disclosed he wasn’t aware of what a “meme” was. For the sake of education, Randy and I started sending photos of “infosec memes” to Jhom – not realising that autocorrect had changed “infosec” to something else.

These somewhat unsavoury photos ended up in Jhom’s iPhone, and synched to his photo library, from there they were synched to his iCloud account. The photos in his iCloud account was used by his AppleTV box as a screensaver on his television at home.

Fortunately Jhom was working at home and valiantly jumped over the coffee table to rip out the cables to the TV before his wife and kids came into the room.

His shin hurt for a few days, but he learnt a very important security lesson that day.

Presentations

Despite only having 3 stories, Jhom is a rather competent speaker who knows how to work a crowd.

What he isn’t good at doing, is remembering to turn his phone off, or disabled notifications on his Apple Watch before going up to present.

Whenever Randy and I know Jhom is on stage, we start a barrage of calls and texts to remind him to turn his devices off.

We’re just nice people like that.

Hold my phone

Because we continually remind him to disable his phone during presentations, one time Jhom left his phone with Randy and I before going up to do a presentation.

While Jhom has a passcode on his phone, the camera was unlocked. So, we decided to take a bunch of selfies and weird photos for the full 60 minutes that Jhom was on stage.

We’re sure Jhom’s family was delighted to see our smiling faces on their AppleTV screensaver.

Podcast editor

We started the Host Unknown podcast three years ago. After a hugely successful pilot podcast, we recorded the second episode which Jhom said he would edit by the end of the week.

We’re still waiting for the final product. I sure hope he doesn’t deliver security initiatives with the same enthusiasm!

Hold my phone again

One time at RSA in San Francisco, Jhom and I were at an evening event. He left his phone on the table at some point and I thought I’d check to see if he’d secured his camera. Which to his credit he had.

So, I thought I’d check to see if Siri was disabled, unfortunately it was not. To test it out, I said, “Siri, send a text to my wife saying, I’m ever so sorry, please forgive me, I love you.” By accident Siri actually sent the message to Jhom… waking up his wife in London at 3am.

Clearly that was Siri’s fault, and nothing to do with me – and Jhom’s learnt about different threat vectors. 

Brutal Feedback

Jhom doesn’t mince his words. That’s not to say he’s a rude person – but if he feels like you did a bad job, he’ll tell you to your face. He won’t anonymously leave negative comments, and he certainly won’t shy away from a difficult conversation.

But perhaps more important than that is that Jhom is also very welcoming of brutal feedback. He understands how to separate the person from the problem, not afraid to admit when he’s wrong – and take steps needed to fix any issues.

And that, maybe, is why he’s far better-suited to being a C-level exec than I am.

Bugger… oh… Congratulations Melissa!

We sat with the tension of an Australian entertainer looking forward to the morning’s Daily Mail until late Wednesday night as we awaited the results of the pwnie.com awards. We nursed our coco/vodka/champagne (Jav/Andrew/Thom( respectively) as the news trickled in.

We had a few key people on the scene, recounting the experience to us.

BuZjTV-IUAAFqRO.jpg-largeGiven the competition, we had the champagne on ice, the shisha warmed, and the alarms set (we were after all operating in the much more civilised Greenwich Meantime).

Given the timezone differences though, we went to bed, and set our Google Alerts for the impending winning announcement.

Bugger.

joey-loses-award-o

We awoke to the news that we hadn’t won. Unfortunately our beautifully coloured, tempo’ed, written and choreographed song didn’t tweak the judges auditory senses as much as the dulcet tones of @0xabad1dea with a beautifully timed Christmassy SSL thematically themed jingle.

We are gutted, but happy for the ultimate winner (of course).

Congratulations @0xabad1dea / Melissa, you were a worthy opponent.

RSA Europe has them now, part 2: dirty clothing causes problems

Following on from last weeks post, our legal team flagged this message to us. As such we are once again forced to reissue our statement that the actions of these individuals does not represent the views or opinions of Host Unknown.

HU RSA teaser 02Stay tuned for their full report on their time in Amsterdam, because they really do have some explaining to do.