It started with a slow roll of weird emails and phone calls. And then award-winning filmmaker Dan Sturman found himself in the crosshairs of serious hackers. With parallels to another case of mistaken identity and an assist from security expert Reuben Moretz, this week we explore bad social engineering.

Transcript of Episode 217, What the Hack? Published September 16, 2025

Beau: Imagine being hated for something you never did by people who swear they saw you do it. 

Naomi Klein Channel 4 Clip: Well, I was in a public restroom. I, I was in a stall and I overheard two women, well, just trashing me, talking about an article I had written and how wrong it was and how ridiculous it was. And I just, and, and I. First, I just had all my high school flashbacks, and then I realized they were talking about someone else.

Beau: That’s author Naomi Klein in an interview with Channel four News in the UK about what happened when she got confused with another author named Naomi, who, in her words, same age, same career, same dark hair. But also very different. 

Naomi Klein Channel 4 Clip: So I came out and I looked at one of them in the reflected in the mirror, and I said, I think you’re talking about Naomi Wolf, who is another Naomi writer, and I’ve been confused with her and conflated with her for much of my life.

Beau: So there’s the coincidence of the name, but there are lots of other coincidences as well. Yeah. This wasn’t just limited to public restrooms. Thousands of people started yelling at Naomi Klein online. Well, yelling furious at her for things that she never said because. They’d mixed her up with the other Naomi.

Beau: She’d log on and find wave after wave of strangers. Really, really angry about statements that she never made, or ideas that she really didn’t espouse at all. 

Naomi Klein Channel 4 Clip: You can also create your own doppelganger. Yeah, I mean, what interested me about the figure of the doppelganger is that I think the more we interact with the world online, the more we’re represented to the world through a doppelganger.

Naomi Klein Channel 4 Clip: Our digital avatar 

Beau: reinforces what you think you are. Naomi Klein wrote a book about this called Doppelganger. It’s in paperback now. Came out, the paperback came out last year, and it’s about two women with the same name. And how that shared coincidence spiraled into all kinds of shenanigans. You know, in a world where confusion about a name can be serious, really serious,

Beau: I’m Bo Friedlander and this is what the hack the show that asks, in a world where your data is everywhere, how do you stay safe online?

Beau: Naomi Klein’s story is unusual, but not unique. She wrote about being confused for someone else online. Another Naomi, another famous Naomi, Naomi Wolf, and how that mistake snowballed into something that could have been pretty dangerous. So today on the show, we’re gonna look at what happens when your identity gets tangled up with somebody else’s identity, and, and also just sort of what it means to be visible and what it means to have your name when other people may have your name.

Beau: And we’re starting here with a, a man named Dan Sterman. 

Dan Sturman: I’m so happy to be here. 

Beau: Dan Sterman is a Los Angeles based director, writer, and producer of, and listen now, Emmy Peabody and Academy Award-winning documentary films. Dan, welcome to the pod. Thank you so much, Dan. Story starts in 2007. Okay, 

Dan Sturman: so I have a friend, a good friend in Los Angeles named Tucker Carney.

Dan Sturman: Who is just the sweetest, most thoughtful guy in the universe and he, back in 2007 because he, you know, he’s the kind of guy who was on the wait list to get the trial for COVID medication when it had happened. You know, he’s always like sort of noodling around and looking for the angle, and he had heard back in 2007 about Gmail and signed himself up for Gmail and because he’s such a sweet guy.

Dan Sturman: He signed my entire family up for Gmail, including my five and 6-year-old daughters, so that each of them had their name@gmail.com. He’s like, this is gonna be a big thing. Did it, I think to a bunch of people in the neighborhood. He, I actually, uh, a week ago today. Was at his memorial service. It was heartbreaking, but there were literally 300 people there, all of whom you know, had he touched in different ways, because he’s that kind of guy.

Beau: So in 2007, Tucker Carney, your early adopter friend. You’re early adopter in all things. You’re to the ground guy. He, he was first 

Dan Sturman: guy I ever saw wearing Crocs. Think about that. 

Beau: That does paint a picture. And he was probably the first person to have the little things that go in the crock there. He’s polls too.

Beau: But, uh, anyway, Tucker gets you an email address on Gmail. He’s an early adopter. He’s gotten it for all your family and no doubt. Plenty of people who attended his memorial also had Gmail accounts courtesy Tucker Carney, um, seems like a wonderful person and it’s a wonderful situation to have because yes, your email address is very easy.

Beau: Now, did you use it right away? Were you, uh, were you an early adopter or did you just kind of have it and not use it?

Dan Sturman: So I moved to London in 1995 and right around then I got an A OL email address. And you know, when you used email at that time, you actually paid by the second that you were online. And so you would sign on really quickly and do whatever you needed to do and then sign off really quickly. And I remember that sitting in my apartment in London, I would, you know, sign on, send an email, sign off.

Dan Sturman: And then place a transatlantic call to the person I sent the email to saying, did you get my email? You know, ’cause I had no idea how it worked. Um, so anyway, but yeah, so I was on a LL up until probably like 2012, 2013 and, you know, switched to Gmail and do not regret that choice.

Beau: Well now to give a OLA break here, a lot of us. Olds, as I’ve heard us, referred to used a OL and there’s something kind of OG about having an a OL account still. I still, when I see them, I’m like, okay, so, so, so there’s some street cred I think for having one of these old school email addresses. But here’s the thing, if you wanna get your exact name@gmail.com in 2012.

Beau: It’s a lot harder to do than it was in 2007, 2008. There weren’t that many people using Gmail. It was possible that I got my name. You know, don’t, don’t abuse that, but 

Dan Sturman: yes. Yeah, there’s a huge prestige, you know, that I experienced every day when I sent the email, 

Beau: because you got the handle you wanted@gmail.com.

Beau: Through the years, Dan’s prominence as a filmmaker grew. His documentaries, won awards. Even an Academy award. Critics wrote about his work. His name was out there big time, but in 2021, he started getting a different kind of attention, not for his work, and not the kind that you celebrate, but the kind that makes you check your inbox.

Beau: Uh. Way too much, probably obsessively wondering exactly what people think. Maybe you did. 

Dan Sturman: Suddenly I started getting a lot of attention. You know, hey, following up on our conversation where, you know, I promised I would send you that email, you know, wanna set up a time to discuss investment opportunities.

Dan Sturman: Um, you know, I had a jet charter service soliciting me. You know, now might be the time to get a share in our jet charter. I got an email from the Tiffany’s jewelry store. Uh, they were informing me that the beautiful sapphire necklace, I pi I had picked out was ready, uh, to be picked up. 

Beau: So we’re used to the hook and real strategy of phishing attacks on, on the show, the fake calls, scam calls the obvious cons, the not so obvious cons, the lateral moves.

Beau: But the thing is, these weren’t fake. These were legit. These were real messages, real. People reaching out to Dan and that made it even stranger because the question wasn’t, is this a scam? It was, why are they coming to me at all? 

Dan Sturman: I kept my wife abreast of all these different like, sort of random, you know, pitches I kept getting and she saw that She’s just like, this is like an episode of I Love Lucy, where like.

Dan Sturman: I would see this email on your desktop and I would either think you’re having an affair, you know, or I’d waiting for that necklace to be presented to me and when it didn’t show up, you know, my suspicions would be flamed and you know, fan the flame, whatever. 

Beau: They would flare into a huge conflagration in the whole, 

Dan Sturman: yeah.

Dan Sturman: Did you just let them know, Hey, you got the wrong answer? It, it felt like it would not be the perfect crime, that they would figure out a way to track me down eventually. And, uh, it would not be a good choice. That’s 

Beau: true. Well, now I do a show about scams and cyber crimes, so, you know, I would have a ready answer.

Beau: And, and there are people who listen to the show. I’m convinced to just use it as, as, you know, a way to get ideas for committing crimes. But, um, you know, ’cause it could get lost Dan. It is insured. Yeah. It could have just gone walk about. Oh, well. So no Ruby? No Ruby. Was it a bracelet or a necklace? What was it?

Beau: Bracelet, right? It was, I think it was, it was a necklace blue. I think that’s the sapphire, right. Oh, it was a Sapphire. Yeah. Yeah. Yeah. Okay, well, that’s pretty weird, tempting as it was to just ignore it all. Dan kept fielding the messages as best he could until he couldn’t anymore. I got a phone 

Dan Sturman: call and it was from my sister and I answered the phone, and rather than it being my sister, there was like a momentary pause and then a male voice came on.

Dan Sturman: And it was threatening, and I actually wrote down the quote among the things this person said is, you need to make things right. We’re now gonna take it out on people’s families. That was the direct quote. And then I also started getting really threatening text messages, including. In which it said, uh, uh, it in case you have not been made aware already, you need to reach out very soon.

Dan Sturman: If Jesus can give his life as a ransom, then there is no excuse. You know? Kind of creepy. Kind of weird. Very creepy. And these are two separate instances. Oh, yeah. Yeah. The same. Yeah. And by the way, so then I, you know, I called my sister and I was like, have, have you had any, like, what’s going on with this?

Dan Sturman: And she said she had gotten calls that she thought were from me and, uh, with the exact same message, you know, so, uh, which, you know, now that I’m hip, you know, with what, uh, the technology is, it’s, I guess it’s called spoofing, where you can basically somehow make it so that it appears the phone calls coming from someone when it really isn’t coming from them.

Beau: By now, Dan had figured out, uh, this wasn’t just random noise, it wasn’t about Tiffany’s, it wasn’t about jet charters, and it wasn’t about him. It wasn’t about him at all. It was bigger than that, and somehow he’d gotten caught in the middle of something really weird. He was being targeted by a ransom attack.

Beau: He was being targeted by hackers, real hackers after the break, who the attack was targeting and why the hackers got it so wrong.

Beau: When the threats started piling up, Dan Sturman found himself unwittingly in the middle, getting messages that grew darker, more urgent. More menacing, but the people on the other end of the line weren’t after him. They were after another Dan Sterman. So what exactly happened here? How does a filmmaker end up in the crosshairs of a ransomware attack meant for someone else?

Beau: To find out, we called in an expert and one of my colleagues, Ruben Moritz, he’s the head of security at Delete Me. Ruben, I have a question for you. I think. I think you can answer it. 

Reuben Moretz: Okay. 

Beau: So I told Reuben Dan’s story, how a filmmaker kept getting random emails or not. So random emails with investment pitches, even threats, really serious threats.

Beau: And so he had a take 

Reuben Moretz: my best friend. Shares the same name of another person in another state. They’re both doctors that have the same name. So they’re both doctor 

Reuben Moretz: this person. 

Beau: Yeah. 

Reuben Moretz: And if you look them up, like my best friend gets emails and he, he’s kind of, I wouldn’t say he’s famous, but he’s, he’s, he’s is on TV and he does.

Reuben Moretz: Interviews and et cetera. He is, he’s got like kind of a higher, kind of a high exposure job for what he does, but the other individual does too is they’re just, he’s just not on TV as much, but, but for what he does as the doctors is pretty well known as well. So there’s a lot of crossover when you Google them.

Reuben Moretz: And my best friend gets a lot of messages and emails, targeted marketing. Teams and sales people that contact him directly and find his phone number to market to him what they think that they’re marketing to this other doctor.

Beau: Dan, I need to ask you, did you ever notice another Dan’s German out there? So I, 

Dan Sturman: I mean, basically anytime I’ve ever released a film yeah. At a festival, uh, you know, or a theatrical release where. I expect I’ll be getting reviews because I’m insecure and as I mentioned earlier, I feel, you know, sort of affirmed by my prestige email address.

Dan Sturman: Yes. You know, I would, uh, set a Google alert for the name of the film and I absolutely also have a Google alert just for my name, so whenever people are writing about a project I’m involved in, I can see what they’re saying. Mm-hmm. When alerts came in, 99.98% of the time, they were about me and there was a 0.02% of the time.

Dan Sturman: Where I would get an alert about one other, Dan Sterman, who I wasn’t paying a lot of attention to, but I did note that he was involved in the internet in some way. I wasn’t super close attention, but the moment when the equation flipped, uh, was when he started working for a company called Robots. 

News Clip: Maybe not too surprising to some, I mean, certainly if you’re a parent, um, or you have a kid in your life, you have heard of Roblox.

News Clip: Enormous growth for that platform. You know, you saw the daily act of users jump 85% to 33 million. If you are a video game investor, you’re thinking all that growth, all that momentum. Momentum in 2020. What just happens 

Dan Sturman: for your listeners who are under 30 years old, they probably have heard of it and everybody over 30 has never heard of it.

Dan Sturman: You know, but it, it is a, it is a gaming platform of some kind that, uh, had its IPO in 2021, and. Is now worth like close to a hundred billion dollars. Does that make him the real Dan 

Beau: Sterman? 

Dan Sturman: He’s certainly the wealthier Dan Sterman at this point. 

Beau: Here’s where the stories line up. Just like Ruben’s friend, two doctors with the same name, constantly getting each other’s email.

Beau: Dan wasn’t being targeted for who he was. He was being targeted for who someone thought he was. Back in 2007, thanks to his friend Tucker, he got a premium Gmail address, no dots, no numbers, no middle initials. And when an attacker went looking for Dan Sturman, the filmmaker’s email looked like the other Dans the kind of address you’d expect from a CTO at one of the biggest tech companies in the world who happened to work with Google earlier in his career.

Beau: And that tiny detail, an email handle from the early days of Gmail. Was enough to make our Dan the wrong target. 

Reuben Moretz: My friend, over a spanning many, many, many years since even he’s been an ER physician, has, you know, he’s has public exposure even in his early part of his career. So even before necessarily privacy services were around, there was still management related to.

Reuben Moretz: You know, as if any person in a public space, even to the general public, there’s, you know, things to, to, they Google things and find things and write things that you know may not be true. And, and then you have to sort of manage those, right? So in this particular instance, there was kind of stumbled upon by happenstance that these two individuals have the exact same name.

Reuben Moretz: They have the exact same middle initial. No joke. And they’re both doctors. They’re just completely different doctors in different areas and in different states. Right. Wow. 

Beau: Yeah. 

Reuben Moretz: Now nothing has happened for, for them, but I have a fair amount of context knowledge to be able to create a persona where I might know enough about one individual to gain access to another one just by saying, you know, just by sort of, oh, yeah.

Reuben Moretz: You know, this, the, the, you know, the relationship with this other person or the person. ’cause they know each other, you know, loosely just based off of being their names. And they’ve crossed paths a couple times, but, but it’s enough to create trust just by knowing their name or what they do. 

Beau: For Dan, it turned out to be a bad hacker.

Beau: No bad intentions, not like a bad. Like a threat actor? No, just bad. Like he stunk, he was as bad at his job. They just, they got the email wrong. But in the hands of someone more skilled, more nefarious, the same hack could have worked, I suppose. You know, if they could go lateral from there, they could have built an official looking email.

Beau: Using Dan Derman maybe, um, to fool someone else. But here’s where the scammers got it wrong. They did something that happens with data brokers all the time. They had a false positive, but this was a scammer facing false positive. Meaning to say that the, the scammers didn’t know that they had the wrong person, and they should have because they’re scammers, their hackers.

Beau: They should know these things and they didn’t. So don’t hack me bros. But. You screwed up. Okay. So the real threat isn’t just confusion, it’s social engineering, 

Reuben Moretz: I feel, because especially if someone is, uh, as famous or has an established name presence and social media and, and or in media in general. 

Reuben Moretz: Yeah.

Reuben Moretz: And that’s actually a common social engineering, uh, technique. But you don’t hear about it a lot. A lot. ’cause it’s not as, as popular. It’s called mimicry. Mimic, right, mimic mi, mimic behavior. So mimic behavior, utilizes a social engineering attack to impersonate and establish credibility uhhuh based on another person.

Reuben Moretz: And that’s to establish trust and, and there’s, you know, when you have a name that’s associative legally and you have your own online presence and information tied to that name, then. These techniques become, if you know what you’re doing, become a vector of attack because you can create trust with other people that that person is associated with.

Reuben Moretz: Like you don’t have to potentially obfuscate what your name is to influence someone else’s behavior, uh, to influence the news for someone else. Like in this particular case, I mean, I’m assuming that they did, did bad things or nefarious things. So that creates some confusion and especially if you’re familiar with the name and that person is well known or famous, then you can by association.

Reuben Moretz: You know, think about that person in relation to this bad thing happening, right? So a fabricated scenario, or you could, for instance, for spearfishing, so you could pick the mimicked individual, could be a organization or a person, and craft personal emails. That seems like it’s coming from a trusted source as part of a spear phishing attack in order to get someone to, you know.

Reuben Moretz: Click on a link or a fake news profile, uh, and they immediately or passively just absorb the link or the information because the name is familiar. Right. But it’s not necessarily mimicry at that point. Right? Because you know a lot about them already. It’s, it’s still that instance of established trust among, Hey, if I’m impersonating this one person with the same name and I know enough, I’m about to that person, then that creates a method of attack to the, like a similar, right.

Reuben Moretz: So Dan Sterman, Roblox. You know, even if that’s not you, someone trying to impersonate you, going to the Dan Sterman or trying to just to attack them or provoke them on social media is a means of attack. Right? And if I really, depending on what kind of harm I want to do, it’s certainly a vector that I would approach.

Beau: So what do you do when strangers are threatening you and your family and another family you’ve never even met over something you have nothing to do with, do you try to warn them? So, um, 

Dan Sturman: I have no idea what the other Dan St. Stern’s email address is, and I’ll tell you why. Why? Because he apparently has an incredibly low profile on the internet.

Dan Sturman: And, uh, that low profile eventually came to bite me. 

Beau: I’ve got the sneaking suspicion. The reason that this other Dan Sturman is such a ghost online is because he is got somebody or a company scrubbing his info form. I’m just gonna leave it there. That might be something. 

Dan Sturman: Yeah. I mean, let’s put it this way.

Dan Sturman: Um. The other Dan Sterman, I think for somehow had made it. So he has a very low profile on the internet now. You can’t find his email address, his phone number, his address. You know, the kinds of ways that you know, I mean, I, I, you know, I used to work at 2020 as an investigative reporter. You know, I dug up some extraordinary bits and pieces of information.

Dan Sturman: Uh, including by the way in the Stamp Thief, which is showing in theaters soon, and you will, uh, there’s incredible reveals in that film, but no. Oh, 

Beau: did you make a film called The Stamp Thief? That’s about to come out Dan. 

Dan Sturman: Um, but, uh, yeah. Um, and, uh, you know, I, so I, I, I know what it is involved in sort of going through wormholes to try to like, dig up information on people and the enterprising ways that one can get that information.

Dan Sturman: And, uh, you know, I don’t think, you know, Dan Sterman has, uh, sort of the other, Dan Sterman has made it so that you can’t, you can’t find him. And, uh, so 

Beau: that’s great. That makes you the Dan Sterman that’s getting scammed. 

Dan Sturman: Well, it, it, I think it very much made me the object of this guy’s ire. You know, because he presumed that I was the Dan Sermon of Roblox and started, you know, threatening me.

Beau: So this guy called he, he called your sister, he called you, he left. He said some very strange things. I 

Dan Sturman: can’t remember how many texts we got, but it was, the language in the text made it clear that he was, he had it in for the entire sort of executive staff of Roblox and they were gonna okay, you know, suffer Jesus’s wrath or whatever the hell this guy was thinking of.

Dan Sturman: As somebody who has not been regularly threatened. I I, I think any kind of antagonism that you get in your direction, somebody giving you the finger on the freeway is enough to, like, that 

Beau: can 

Dan Sturman: seem 

Beau: quite insane. But this, I, I guess I’m so, so, obviously if someone’s texting you already, that is a bit insane, but did, and it’s intrusive.

Beau: It’s like, all right, 

Dan Sturman: this person’s like somehow entering my life in a way that. I’d know how on earth this person had my phone number. 

Beau: And you don’t have any agency to stop it. So you have this person coming at you. And I guess my point was obviously it seems insane just that they’re reaching out to you in the first place, but the nature of what he was saying sounds like it was a little Oh, threatening.

Beau: Absolutely. Yeah. And threatening. Okay. And did you at any point feel frightened for the Dan Sterman he thought he was talking to? 

Dan Sturman: I was frightened for myself. I was frightened for the other dander. And I was actually frightened for all the other executives at Roblox because it seemed like he had it out for everyone.

Beau: So what do you do when the threats won’t stop and you know they’re not for you. They’re not meant for you. That’s coming up after the break.

Beau: In today’s digital world, your identity isn’t fully under your control, right? Visibility has its costs and to gain obscurity after becoming visible also has its costs. And when you’re misidentified, the fallout doesn’t just hit you, it hits everyone around you, family, friends, even coworkers. But the internet doesn’t just blur who you are with.

Beau: Uh, it it, it, it doesn’t just blur who you might be with. Uh, it also suggests who you might be with and who you are and all that. And, and because of that weird cocktail of good and bad information, it can be kind of dangerous. Now imagine you’re suddenly the standin target for someone. Else’s enemies.

Beau: ’cause that’s what we’re talking about here. You’re, you’re getting the threats, you’re feeling the fear because you are being targeted, but it’s not even about you. Okay? So what do you do? It’s about the other guy with your name. How do you warn him? 

Dan Sturman: So, um, you know, if you ever try to reach out to Facebook or Google or whoever, I mean, most of these, you know, large companies.

Dan Sturman: There’s not a phone number you can call and you know, a little trick. Most of these companies will have a press office and the press office does want to be contacted, and so they will put out press releases and at the top of the press release will be their phone number. So I dug up a press release on PR Newswire from Roblox, which included a phone number and an email address, and so I emailed and called.

Dan Sturman: And I got a response to my email within an hour, and basically the email I sent was, you know, Hey, you know, I share a name with your chief technology officer, and I’m getting some pretty scary messages that I’m guessing are meant for him, and he probably ought to know about it. And so within an hour I got a call back from, uh, their head of security who was really kind and sharp and clearly very good at his job.

Dan Sturman: And, you know, he told me a whole bunch of really worrisome information. And basically what he explained is that, you know, they have sort of eight executives who, uh, have been targeted, have been getting harassed, have been getting threatening calls and texts and sort that sort of thing. He surmised that the reason one of the eight, the other Dan Sterman wasn’t getting any of this stuff is because he has such a low profile online.

Dan Sturman: He then explained that three of the eight executives had been swatted over the weekend. 

Beau: That adds a lot of credence to your own feeling, your misgivings, and fear that because it’s exactly what I would be afraid of if I were being contacted by someone who clearly was a little unhinged. And so some of the employees at Roblox were swatted.

Beau: The Dan Sterman of Roblox was not swatted, which actually adds more credence to the idea that maybe you were going to be swatted. Um, you know, he, he said, 

Dan Sturman: uh, a, they, they were working with the FBI and trying to figure out where this was coming from. They were taking it very seriously. I think I specifically, he said something about how.

Dan Sturman: The swatting incidents made it sound like it was somebody working at a suicide hotline who was calling the, you know, the police and saying, you know, I’m, you know, I’ve, I’ve been on the phone with somebody who I think is, you know, in imminent danger and I’m hoping you guys can rush over there because, you know, I think he’s gonna do something rash or, you know, and, and so that’s, and then would give the address of whoever they were hoping to swat.

Dan Sturman: But basically the security guy essentially told me. You know, there, there’s not much you can do on your end. I would advise two things and the first thing he advised was that I should call up the non-emergency line of the Los Angeles Police Department and the Sheriff’s office and you know, sort of explain to them my circumstance and.

Dan Sturman: Explain that. If they were to get a swatting call or a call about a disturbance in my address, an agency, yeah. You know, please, you know, crosscheck before sending out, you know, people, responders, you know, make sure that you, you, you crosscheck with me. It just felt like I was like dropping this into like, you know, an abyss of emptiness.

Dan Sturman: That there’s no way that they were gonna be able to like, figure, you know, if something were to happen to me, they wouldn’t be cross-checking. ’cause that’s not how these departments, I assume, you know, respond, but. You know, I did not get swatted, but I did have strange and ultimately kind of dissatisfying conversations with, you know, both LAPD and the sheriff’s office, where they were like, we’ll do our best, but you know, we can’t really promise anything.

Beau: In the end, Dan was lucky. His hacker wasn’t very talented. Sorry, hacker. They had bad intentions sure, but poor skills. And so everybody was lucky. They, they just grabbed the wrong email address. But Dan’s story highlights two super important things. First, what happens when your data is public? Okay. A lot.

Beau: Dan’s gmail was out there, easy to find. The other, Dan, uh, the, the Roblox guy, uh, his email was hidden and that made the filmmaker the easier target. Second, what happens in the hands of a more skilled attacker? Well, building false trust online doesn’t take much if you’re, if the person hacking you is good at it, an an official looking email, a spoof phone call, a mimic name, uh, that social engineering, as you know, if you listen to this show.

Beau: So the question is how do you protect yourself from that? Here’s Reuben Moritz again. 

Reuben Moretz: A healthy dose of paranoia goes a long way. Right, right. And I say this a lot to our own team. And, uh, to my family, like it’s the same thing I keep repeating to them. It’s a healthy dose of paranoia goes a long way. It means that you don’t have to go to extremes and assume that every single call is hey.

Reuben Moretz: Right. Even if it’s from a provider for healthcare, if it’s from, like, you’re never gonna get a call from a bank, although, unless you have a personal banker, and then you might, and then it gets a little, you know, it’s, it gets a little suspect there. 

Beau: And that paranoia isn’t about assuming that every call or email is fake.

Beau: Right. It’s just about noticing patterns and the tricks that hackers lean on the most. You know, being aware of them is a start. The biggest one is urgency. 

Reuben Moretz: You think that presents itself as urgent? Yeah. In the digital form Is not necessarily that virgin from like, from your typical standpoint, like, no. If you get alerts, right?

Reuben Moretz: One of the things I worry about is people kind of getting smart enough to realize the vectors of attack that actually do have a sense of urgency for like incident response or alerting. 

Reuben Moretz: Like what? 

Reuben Moretz: Right. Um, 

Reuben Moretz: like 

Reuben Moretz: someone would obscure a incident alarm from PagerDuty. Relating to an event that would require an immediate escalation, like the use of a rude account or a, uh, or, or a token, uh, credentials on, uh, on an account that’s accessing something from a behavioral analysis that, that doesn’t normally have access to or shouldn’t have access to.

Reuben Moretz: Right. So it would be a security alert that where it would link to an alert. Or an alarm where you would move, sort of, you would click through these things or click through alerts, right? And those actually create a digital sense of urgency, at least on a security team. So there are methods of attack there that are important to us.

Reuben Moretz: Uh, you know, a security person that does have typically does have, you know, privileged access to things that could create problems, right? You have access to administrative credentials from. Uh, someone on the security team that has administrative rights on what can be enabled or disabled from a logging perspective.

Reuben Moretz: Yeah. 

Reuben Moretz: And we have a tremendous amount of power for what you can do. Right. 

Beau: Speaking of administrative credentials, um, yeah, so I have this theory that Roblox Dam. Must have used a service like delete me. I tried reaching out to him for an interview and I did not hear anything back. Can you look to see if he’s in an in, you know, if he’s one of ours?

Beau: Is he, do we, is he one of us? Is he a customer? Sure. Can you just please look up this Dan Sturman from Roblox and gimme his phone number? 

Reuben Moretz: Like, okay. Okay. It’s, uh, 5 5 5 Ruben. Stop messing around. Gimme the real phone number. Five. Five. Five. Nothing. Burger. That’s 

Beau: no. And that is, that is the answer. The answer is 5, 5, 5, 5, 5, 5, 5.

Beau: Okay, so, so where are we now? 

Dan Sturman: Well, it’s funny, I, in preparation for this, uh, discussion, I actually did look up the other Dan Sterman. Apparently he has now left Roblox and is consulting with companies and, you know, suspending his, you know, his vast fortune and having a nice life, I suspect. 

Beau: Well, good for Dan Sterman.

Dan Sturman: There is one very exciting point to be made, which is that the, I never spoke to the other Dan Sterman, 

Beau: but. 

Dan Sturman: The security guy, the head of security at Roblox told me that he’d spoken to the other Dan Sterman and the other Dan Sterman said he was aware of my work and he admired it. 

Beau: Yes. What a perfect way to end.

Beau: Dan Sterman, thank you so much for joining. What the heck? It has been my pleasure.

Beau: Naomi Klein’s book is Doppelganger Dan St. Stern’s new film, the Stamp Fee. The other Dan Sturman, the one at Roblox. I’m sure he’s having a great day. I could not find him for the life of me. I wasn’t able to get in touch with this other Dan Sterman. I tried. No, no dice and, and I knew someone who knew somebody who could get me his contact information Bki.

Beau: Um, and here I am at delete me with my, my colleague Ruben Moritz, where, you know, if you need some help, reach out. Okay? And if you have a good story, please don’t hesitate to reach out to me at wth, at join delete me.com. I would love to hear from you.

Beau: Now it’s time for the tinfoil swan. Your paranoid takeaway to keep you safe on and offline. So what’s the lesson here? Visibility has its costs. If your information is out there, you can be targeted, right? You can be confused for someone else. You can be the, the recipient of an attack based on a scammer facing false positive.

Beau: So. Obscurity also has its costs. Okay? It’s true because if you want to disappear completely and you lose the ability to control your own story, there’s that. And also to disappear completely requires a ton of work, and you might need help. And there are places and including Delete Me, that can help you do that.

Beau: The balance comes from paying attention, right? Balance as in like yin and yang balance, like good and evil. Pay attention. Ordinary people can take simple steps. Who’s ordinary? Me? You monitor your alerts, right? Update your, any update you get from a, from a software, from software that you’re using or an app.

Beau: Update it, you know, scrub your data when you can and, and watch closely for, uh, phone calls that don’t make any sense. ’cause they could be spoofed. The bigger picture, that’s harder. What does it mean for society if none of us can fully control who we are online? If at any moment your name, your email, or your face could be mistaken for someone else’s, well that’s, that’s a bigger question for another day.

Beau: But until that is solved, you are your own, you know, guardian here and you have to be careful. So that’s the world we live in right now and the only real defense is to stay aware. I know, be careful. Doesn’t sound like good advice, but, um, go slow. Pause and remember that the most powerful tool that you have sometimes is just knowing when to hang up or say no or not pick up at all.

Beau: Okay? Stay safe out there and, uh, we’ll talk to you next week.

Beau: What the heck is brought to you by Delete me. Delete me. Makes it quick and easy and safe to remove your personal data online, and was recently named the number one pick by New York Times wire Cutter for personal information removal. You can learn more if you go to join delete me.com/wth. By the way, if you do use that URL, join delete me.com/wt.

Beau: You’re gonna get a 20% discount on Delete me products, so check it out and um, again, stay safe out there.