第六集：贝鲁特银行大劫案

当你进入银行时，会看到各种物理安全措施。

When you go into a bank, you see all kinds of physical security checks.

柜员和客户之间有厚实的玻璃隔断，有一个带沉重大门的金库，到处都是摄像头，还有保安在巡逻。

There are thick panes of glass between the tellers and customers, a vault with a large heavy door, cameras everywhere, a security guard is walking around.

但你有没有想过如何绕过所有这些安全措施？

But do you think about ways you could bypass all of that?

你可能会注意到银行的后门，想知道它是否没锁，或者柜员和客户之间的门太矮，你甚至可以跳过去。

You might notice a backdoor to the bank and wonder if it's unlocked, or the door between the tellers and customers is so short that you could jump over it.

或者你可能发现摄像头的拍摄角度存在盲区。

Or maybe you see a blind spot in the way the cameras are pointing.

你想调取记录吗？

Do you wanna pull records?

是的。

Uh-huh.

在这一集中，我们将测试一家银行的物理安全性。

In this episode, we're gonna test the physical security of a bank.

但我们的目标不是偷钱。

But our goal isn't to steal cash.

而是要进入柜员的电脑。

It's to get access to the teller's computer.

这是《暗网日记》，来自互联网黑暗面的真实故事。

This is Darknet Diaries, true stories from the dark side of the Internet.

我是杰克·雷西德。

I'm Jack Recider.

本集由DeleteMe赞助。

This episode is sponsored by DeleteMe.

DeleteMe能让您轻松、快速且安全地删除网络上的个人数据，尤其是在监控和数据泄露日益普遍、人人都可能成为受害者的今天。

DeleteMe makes it easy, quick, and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.

如今，要在网上找到关于个人的个人信息变得前所未有的容易。

It's easier than ever to find personal information about people online.

你的地址、电话号码以及家人的姓名在网络上公开，可能会在现实世界中带来实际后果，使每个人都有风险。

Having your address, phone number, and family members' names hanging out there on the Internet can have actual consequences in the real world and makes everyone vulnerable.

隐私对我来说是一个非常重要的议题。

Privacy is a super important topic to me.

所以几年前，我注册了DeleteMe，它立刻开始在网上搜索我的名字，然后向我报告发现了哪些信息。

So a few years ago, I signed up, DeleteMe immediately got busy scouring the Internet, looking for my name, and then gave me reports on what they found.

接着它开始删除这些信息，并向我展示它清理掉了哪些内容。

And then they got busy deleting things, showing me what they got rid of.

在隐私方面，有人为我保驾护航真是太好了。

It's great to have someone on my team when it comes to my privacy.

通过注册DeleteMe，掌握你的数据，让你的私人生活保持私密。

Take control of your data and keep your private life private by signing up for DeleteMe.

现在，我的听众可以享受特别折扣，访问 deleteme.com/darknetdiaries 注册DeleteMe服务，结账时使用促销码 d d 20，即可享受八折优惠。

Now at a special discount for my listeners, you can get 20% off your DeleteMe plan when you go to join deleteme.com/darknetdiaries, and use promo code d d 20 at checkout.

要享受八折优惠，唯一的方式是访问 join deleteme.com/darknetdiaries，并在结账时输入代码 d d 20。

The only way to get 20% off is to go to join deleteme.com/darknetdiaries and enter code d d 20 at checkout.

记住，访问 join deleteme.com/darknetdiaries，输入代码 d d 20。

That's join deleteme.com/darknetdiaries code d d 20.

本集由DeleteMe赞助。

This episode is sponsored by DeleteMe.

DeleteMe让移除您的在线个人信息变得简单、快捷且安全，尤其是在监控和数据泄露日益普遍、人人都可能受害的今天。

DeleteMe makes it easy, quick, and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.

如今，要在网上找到关于个人的隐私信息比以往任何时候都更容易。

It's easier than ever to find personal information about people online.

您的地址、电话号码以及家人的姓名在网络上公开，可能会在现实世界中带来实际后果，使每个人都有风险。

Having your address, phone number, and family members' names hanging out there on the Internet can have actual consequences in the real world and makes everyone vulnerable.

隐私对我来说是一个极其重要的议题。

Privacy is a super important topic to me.

所以几年前，我注册了DeleteMe。

So a few years ago, I signed up.

DeleteMe立即开始在互联网上搜索我的名字，并向我提供了他们发现的信息报告。

DeleteMe immediately got busy scouring the Internet, looking for my name, and then gave me reports on what they found.

然后他们开始删除这些信息，并向我展示他们清理了哪些内容。

And then they got busy deleting things, showing me what they got rid of.

在隐私问题上，有人为我保驾护航真是太好了。

It's great to have someone on my team when it comes to my privacy.

通过注册 DeleteMe，掌控你的数据，保护你的私人生活不被泄露。

Take control of your data and keep your private life private by signing up for DeleteMe.

现在，我的听众可以享受特别折扣，访问 deleteme.com/darknetdiaries 注册，结账时使用促销码 d d 20，即可享受 20% 优惠。

Now at a special discount for my listeners, you can get 20% off your DeleteMe plan when you go to join deleteme.com/darknetdiaries, and use promo code d d 20 at checkout.

要享受 20% 折扣，唯一的方式是访问 join deleteme.com/darknetdiaries，并在结账时输入代码 d d 20。

The only way to get 20% off is to go to join deleteme.com/darknetdiaries and enter code d d 20 at checkout.

就是 join deleteme.com/darknetdiaries，代码 d d 20。

That's join deleteme.com/darknetdiaries code d d 20.

在本期节目中，我们将听到 Jason e Street 的故事。

In this episode, we're going to hear a story from Jason e Street.

怎么了

What's

好吗

up?

杰森就是那种有无数惊人经历的人。

Jason is one of those guys that has endless stories of incredible things that have happened to him.

他还是个健怡可乐成瘾者。

He's also a Diet Pepsi addict.

和他聊天时，你会听到他突然冒出一些奇怪的话。

When you talk to him, you hear him say random things like

让我困扰的从来不是喝健怡可乐。

It's never drinking the Diet Pepsi that gets me.

通常是因为想摆脱健怡可乐才让我陷入麻烦。

It's usually trying to get rid of the Diet Pepsi that gets me.

我差点在保加利亚的悬崖边小便时丧命。

I almost died, peeing off a cliff in Bulgaria.

和他聊天时，我很好奇他那些随口提到的小插曲背后都有什么故事。

While I was talking to him, I was kind of curious to hear the backstory of all these little footnotes that he was throwing at me.

但没过多久，我就听到他说了一件事，让我非得听完整个经历不可。

But it didn't take long before I heard him say something that I just had to hear the whole story.

上次在贝鲁特时，我不小心抢错了一家银行。

I accidentally robbed the wrong bank the last time I was in Beirut.

杰森最初从事执法工作。

Jason started out in law enforcement.

但过去近二十年里，他一直在信息安全领域工作。

But for almost the last twenty years, he's been working in InfoSec.

他做了大量工作来保护网络，同时也进行过多次渗透测试。

He's done considerable work defending the network, but he's also done numerous penetration tests.

他最喜欢做的事情之一就是他所谓的安全意识互动。

One of his favorite things to do is what he calls security awareness engagement.

他受雇于公司，测试场所的物理安全性。

He's hired by companies to test the physical security of a place.

例如，一个普通人不应该能随便走上街头，直接走进办公室，径直走过接待处，坐在一台随机的电脑前工作，然后大摇大摆地离开。

For instance, it shouldn't be possible for a guy to just walk off the street, walk right into an office, walk directly past reception, sit down at a random computer, and do work, and then walk out.

他应该被拦下来。

He should be stopped.

对吧？

Right?

门应该上锁。

The door should be locked.

前台不应该让他通过，电脑应该锁定，而且应该有人注意到他不该在那里。

Reception should not let him pass, and the computer should be locked, and then someone should notice that he shouldn't be there.

这才是应该阻止他的方式。

This is what should stop him.

但公司会聘请杰森来实际测试这种情况是否可能发生。

But companies hire Jason to actually test if this kind of thing is possible.

当我进行这些演练时，它们并不是红队演练。

When I do these engagements, they're not red team engagements.

它们也不是针测。

They're not pin testing.

它们纯粹是安全意识演练。

They're literally security awareness engagements.

我不介意被抓住。

I don't mind getting caught.

如果我没被抓住，我也会在任务结束前设法被发现，因为我旨在教导员工如何做得更好。

And if I don't get caught, I try to get caught by the end of the engagement, because I'm trying to teach the employees how to be better.

在你听这个故事时，你可能会质疑他所说内容的真实性。

While you listen to this story, you may question the legitimacy of what he's saying.

我知道我有过这种疑问。

I know I have.

所以我会提供他做这些事情的照片和视频。

So I will be providing photos and videos of him doing these things.

你可以查看节目说明来查看这些内容。

You can check out the show notes to see these.

你即将听到的故事都是通过他的腕部摄像头、夹克上的按钮摄像头或银行内的闭路摄像头拍摄的。

The stories you're about to hear were all captured by his wrist camera, a button camera on his jacket, or closed caption cameras in the bank itself.

事实上，甚至有一集国家地理频道的节目曾拍摄过他做的一些事情。

In fact, there's even an episode of National Geographic that filmed him doing some of the stuff he'll talk about.

我尽可能地核实了这个故事，令人惊讶的是，它完全属实。

I've fact checked this story as best I can, and amazingly enough, it checks out.

几年前，一家银行聘请他进行一次安全意识评估。

So a few years back, a bank hired him to do one of these security awareness engagements.

他们希望他测试贝鲁特一家银行的物理安全性。

They wanted him to test the physical security of a bank in Beirut.

于是杰森搭上飞机，前往中东。

So Jason got on a flight and headed to the Middle East.

贝鲁特是黎巴嫩的首都，位于叙利亚和以色列之间，拥有美丽的地中海风光。

Beirut is the capital city of Lebanon, which is nestled between Syria and Israel and has lovely views of the Mediterranean Sea.

主要语言是阿拉伯语，但人们也说法语和英语。

Main language is Arabic, but they also speak French and English.

杰森抵达了银行总部。

Jason arrives at the bank headquarters.

这是一栋高楼，至少有30层高。

It's a tall building, at least 30 stories high.

一楼有一个分行，其他楼层是银行的办公室。

There's a bank branch on the Ground Floor, and the other floors are the bank's offices.

杰森上到20楼的一个会议室。

Jason heads up to the 20th Floor to a conference room.

好的。

Okay.

所以那天早上，一开始是和一个不太看好我的人开了个会，这么说吧，他对我印象极差。

So it started off with a meeting, that morning, with a guy who wasn't too very, impressed with me, to say the least.

不知为什么，我总是不太擅长给人留下好印象。

It's like, I'm not good at making a good first impression for some reason.

他就是一副居高临下的态度，因为我是个美国人，还觉得我古怪之类的。

He's just, like, being very sort of condescending because I'm American, and I'm, like, you know, weird and all that.

他直接说：我不知道你们这些人会不会上当，或者你们到底需要我帮什么忙？我当时就想：你知道吗？

He's like, I don't know if we're gonna be able anybody's gonna be able to fall for that, or what do you need for us to help you with and I'm like and I'm like, you know what?

我为什么不现在就下楼，直接黑掉你们楼下的分行呢？

Why don't I just go downstairs right now and compromise your your branch downstairs?

他问：‘什么？’

And he's like, what?

于是我们下楼，我彻底攻陷了他整个分行，甚至溜到了他的柜员柜台后面。

And so we went downstairs, and I compromised his whole entire branch, even was behind his teller line.

他对此并不高兴。

He was, not thrilled with that.

但接着我有点搬起石头砸自己的脚了，因为他们说：‘好吧。’

But then it was like I sort of shot myself in the foot a little bit because now they're like, okay.

你太厉害了。

Well, you're so good.

我们想让你试试能不能实现真正的网络入侵。

We want you to see if you can get actual network compromise.

我心想：‘那我怎么通过物理偷窃来证明网络入侵呢？’

And I'm like, well, how would I show network compromise from physically stealing stuff?

我说：‘那你们给我一个用户账号、密码、智能卡、一台电脑和网络访问权限。’

And I'm like, well, get us a user ID, a password, a smart card, a computer, and network access.

我们会给你三次机会，去三个不同的分行，你去尽力完成任务。

And we'll give you three chances in three different branches, and you go and do what you can, to do that.

这简直就是，没问题。

And this was like, sure.

随便吧。

Whatever.

我们就看看会发生什么吧。

It was like, we we'll we'll see what happens.

人生只有一次。

Yolo.

杰森不喜欢在这种任务前做大量侦察。

Jason doesn't like to do a lot of recon before a mission like this.

如果他和别人一起执行任务，当对方开始规划、策划、准备入侵时，杰森就会说

If he's working with another person on the mission and they start planning and plotting and prepping for the break in, Jason will just say

我能直接走进去，表现得可爱一点吗？

Can I just walk in and be adorable?

这对我来说似乎挺管用的。

That seems to work with me.

杰森穿上了装备。

Jason gets suited up.

我穿着一件皮夹克，上面写着红色雷霆猫运动鞋，搭配卡其色衬衫和有领衬衫，但还挂着一个带有他们挂绳的徽章——这徽章我随便在哪都能搞到，垃圾桶里也行，还有一张看起来像隐藏卡片的空白卡片。

I'm wearing a leather jacket that says on it, red Thundercat tennis shoes, a khaki shirt, and a collared shirt, but with a badge that has their lanyard, which I could have gotten anywhere, the trash, whatever, with a a card that's just a a blank card that looks like a hidden card.

他喜欢穿他所谓的‘末日背心’，里面装着执行这次任务所需的几样必需品。

He likes to wear what he calls his vest of doom, which contains a few essentials needed for this mission.

通常是一枚掌上插头。

Usually, it's a palm plug.

那是一个USB橡胶鸭子。

It's a USB rubber ducky.

可能是一个Proxima三号工具，再加上几个投放盒。

It may be a Proxima three, tool, couple of drop boxes.

我的意思是，就带一些恶意工具，让他们看看我能造成多大的破坏。

I mean, just some malicious things to show them the damage that I could do.

我从来不会真正执行代码。

I never really, execute code.

我从来不会真正去利用这些漏洞。

I never really do any kind of the actual exploit the vulnerabilities.

我只是想展示一下潜在的可能性。

I'm doing it just to show show what the potential is.

记住，我不是想当红队。

Remember, I'm not trying to get a red team.

我不是想做红队。

I'm not trying to do red team.

我不是想攻击他们。

I'm not trying to exploit them.

我不是想展示这些漏洞。

I'm not trying to show, the vulnerabilities.

我是想让他们了解真实存在的危险。

I'm trying to educate them on the dangers that actually exist.

杰森现在已经准备好了。

Jason is all set now.

所以他被司机接走，带到了银行。

So he gets picked up by the driver and is taken to the bank.

所以我去了第一家分行，直接走进去，装作非常熟悉路线的样子。

So I go to the first branch, and I literally just walk in, and and I walk in, and I walk exactly like I know where I'm going.

我从高管身边走过。

And I walk past the executive.

我走到那位经理的办公室，他正在和别人谈话。

I walk to this manager's office where he's talking to someone.

所以他没看到我走进来、往里看。

So he doesn't see me step in, look in.

于是我停在他门口，但在高管看到我之前，我在那里等了大约三十秒。

So I pause right outside his door, but before I get back to the the executive can see me, and I wait there for about thirty seconds.

他这一停顿非常重要。

This pause he's doing is important.

他没有直接去柜台。

He didn't go immediately to the tellers.

相反，他走向了相反方向，进入了一个有办公室的走廊。

Instead, he went in the opposite direction to a hall with offices.

他就在经理办公室门外徘徊，因为他想让人看起来他正要去见经理，这样当他前往银行的下一个地点时，希望有人会看到他从经理办公室出来。

And he's hovering just outside the manager's office because he wants to look like he's meeting with the manager so that when he moves to the next location in the bank, he's hoping someone will see him coming from the manager's office.

然后我直接从那里走进了高管的办公室。

Then I walked from there straight into the executive's office.

她第一印象必须是我刚和经理谈完话。

Her first impression has gotta be that I just got finished talking to the manager.

所以我告诉她，是的，我是和审计员一起来的。

So I tell her that, yeah, I'm here with the auditor.

我们正在总部进行计算机系统的审计。

We're doing an audit on, on the computer systems, from head office.

我需要看一下你们的电脑。

It's like, I need to look at your, the computer.

因为看起来他刚从经理办公室出来，她相信了这个说法，并让他使用她的电脑。

Because it looked like he had just come out of the manager's office, she bought this story and let him use her computer.

他第一件事就是把一个橡胶鸭子插进她的电脑。

The first thing he does is plug a rubber ducky into her machine.

橡胶鸭子看起来和普通的U盘一模一样，但实际上是一种极其危险的工具。

Rubber ducky looks just like any other regular USB stick, but it's actually an incredibly dangerous tool.

当它插入电脑时，会告诉电脑它是一个键盘。

When it's plugged into a computer, it tells the computer that it's a keyboard.

随后，橡胶鸭子会向电脑发送预先录制好的键盘指令。

The Rubber Ducky then proceeds to send prerecorded keyboard commands to the computer.

橡胶鸭子可以被配置为远程控制这台电脑。

Rubber Ducky can be configured to create a remote control session to that computer.

因此，只需将它插入电脑几秒钟，就能让黑客从远程位置完全控制这台机器。

So by simply plugging it into a computer for only a few seconds, it can give a hacker full control of that machine from a remote location.

但杰森的橡胶鸭子只打开了记事本，并在里面输入了‘hello’这个词，因为他并不想真正入侵这台机器。

But Jason's Rubber Ducky only opens a notepad and types the word hello in it because because he doesn't want to actually hack into the machine.

他只是想测试这台机器是否容易被入侵。

He just wants to test if the machine is hackable.

所以一旦他看到记事本弹出来，就用iPad拍下屏幕，然后拿起鼠标关闭窗口，拔下橡胶鸭子。

So once he sees notepad pop up, he takes a picture of the screen with his iPad and then takes the mouse, closes the window, and unplugs the rubber ducky.

我插上了这个设备。

I plug in the device.

现在我稳了，因为人们看到我刚从经理办公室出来，接着又从她办公室出来。

Now I'm I'm golden because now people were seeing me come out of her office after coming out of manager's office.

我走到出纳线旁边另一位女士那里。

I go to this other lady that's beside the teller line.

我离开时，她和我对上了眼神。

She made eye contact me as I left.

所以我一直和她保持眼神接触，走到她的办公桌前。

So I stayed straight on eye contact with her, went to her desk.

我对她说：‘嘿，你看，我正在做总部对机器的审计。’

And I told her, I said, Hey, look, I'm doing an audit on the machines from head office.

我需要检查所有这些机器。

I need to go through all these machines.

让她同意我入侵她的电脑。

Got her to let me compromise her machine.

所以现在她真的相信这套说辞了。

So she thinks now she's bought into the whole thing.

于是她带我走到出纳柜台后面，接着我继续入侵后面那位出纳的电脑。

So she walks me behind the teller line and then I then proceed to compromise the teller that's behind there.

从我进门开始算起，整个过程只花了两分二十几秒。

That took a whole two minutes and twenty something seconds from walking in the door from the very first time.

此时，杰森已经躲在银行出纳柜台后面了。

At this point, Jason is now hanging out behind the teller line in the bank.

他向出纳们提出请求，让他们让开一下，好让他把橡胶鸭子插进他们的电脑，然后他接管了鼠标并开始操作。

He's asked tellers if they can move out of the way while he plugs in his rubber ducky into their computer, and then he takes control of their mouse and begins using it.

他没花多久就对柜台后面的每一台电脑都这么做了。

It didn't take him long to do this to every computer behind the teller line.

在他接触了每一台电脑后，他开始摆弄其他电子设备，比如扫描仪、打印机、显示器等等。

Now after he touches every computer he sees, he starts messing around with other electronics, like scanners, printers, monitors, everything.

有一刻，当他离柜员只有几英尺远时，有个人正在存一大笔钱。

At one point, while he was only a couple feet away from the teller, a person was making a large deposit.

是的。

Yeah.

我其实拍了照片。

I took pictures of that, actually.

他正在存25万美元现金。

He he he was depositing $250,000 in cash.

我本可以伸出手去碰它。

I could've reached out and touched it.

当时在场观看这一切的一位高管，曾一度想让我去把钱偷走，因为我已经把所有东西都搞定了。

One of the executives that was there watching this go down actually wanted me at one point to go and and steal the money because I was, like, getting everything.

因为大约五分钟后，我就已经待在柜员线后面了。

Because about five minutes after, I've been behind the teller line.

我在那里待了将近三十分钟。

I was there for over almost thirty minutes.

我待在出纳柜台后面，还去了各个办公室。

I was behind the teller line and at all the different offices.

我的意思是，我完全渗透了整个设施，获得了完全的自由权限。

I mean, I totally compromised this whole facility and had full carte blanche.

经理大约在我开始行动十到十五分钟后才出现，他以为所有人都已经验证过我了，所以觉得我很安全。

The manager shows up in about ten minutes, fifteen minutes after I was already doing everything, and, I then he assumes everybody was verified me, so I'm safe.

大家都以为他验证过我，因此认为我是安全的。

Everybody thought that he verified me because I was so therefore I was safe.

实际上没有人验证过我。

No one actually verified me.

这是两者之间的信息错位。

It's a crosstalk between the two.

所以我让一方以为另一方已经验证过我了。

So I get one to think that the other one verified me.

到这时，杰森已经建立起了足够的信任，以至于经理请他帮忙看看他们一直困扰的电脑问题。

At this point, Jason had established himself so well that the manager asked him to take a look at a computer problem they've been having.

杰森说，为了帮忙，他需要一个用户账号、密码和智能卡。

Jason said in order to help, he's gonna need a user ID, a password, and a smart card.

于是他们把东西给了他。

So they gave it to him.

杰森看了一眼问题，告诉他只需用一台新电脑替换掉那台旧的。

Jason looked at the problem for a minute and told him he'll just replace that computer with a new one.

经理听到这个消息非常高兴，让他也检查一下扫描仪和显示器。

The manager was thrilled to hear this news and asked him to take a look at the scanner and monitors too.

杰森干脆告诉经理，总部计划全面更新所有设备——这完全是谎话。

Jason decided to just tell him that headquarters is planning to do a full refresh of all the equipment, which was a total lie.

经理听到后反应就像孩子在生日那天收到礼物一样兴奋。

The manager reacted to this like a kid getting presents on his birthday.

我告诉他，我来这里是帮忙恢复和重建他们的办公室，也就是他们的分行。

I tell him that I'm here to help do a restore and a and a rebuild of their, remodel of their office, their branch.

所以他让我做一切事情，就是不能进金库。

So he lets me do everything except for go into the vault.

那是他唯一不让我进去的地方，因为里面没有电话线、接口，也没有任何网络设备。

It's like that's the only place he wouldn't let me go into because there was no phone lines or jacks or any kind of Internet devices in there.

不过我还是问了，确认一下，你确定吗？

Though I asked and said, are you sure?

让我看一下。

Let me take a look.

当时我在那里，从一位主要主管那里拿到了用户ID、密码和智能卡。

While I was there, I got the user ID, the password, and the smart card from one of the the the main, supervisors.

所以我成功在第一个分支机构拿到了三样东西。

So I successfully got three of the things in the first branch.

杰森不断试探自己被允许做的极限，于是开始把东西从大楼里带出去。

Jason kept trying to push the limits of what he was allowed to do, so he began taking things out of the building.

我实际上离开了那个分支机构大约三次。

It's like I literally left the branch about three times.

我从柜员桌下拿走了所有的文件和他们的便签本。

I walked out with all the documentation underneath the teller's desk, their notepads.

我就这样带着它们离开了。

I walked out with that.

然后我拿到了一个用于操作机器的用户ID、密码和工牌。

Then I got all the I got a user ID password badge to work on a machine.

接着我带着这个坏东西离开了。

And then I walked away with this bad thing.

我需要使用它去测试一些东西。

I need to use this to go test something.

我就这样带着它离开了。

And I left with that.

然后，我还拿走了别的东西，我告诉你，我也带着它离开了。

And then, there was something else that I took, and I tell you, and I left with that.

所以，我总共离开了大楼三次。

So it's like I left the building three times.

这家分行的反应太糟糕了。

The branch was so horrible, on the response.

我 literally 等到整个分行当天关门为止，然后我让每个人都过来，让当时和我在一起的高管把一切内容翻译成阿拉伯语，以确保每个人都能完全理解情况有多糟糕，我给他们造成了多大的损害，以及他们未来需要做些什么才能更好地保护自己、提高警惕。

I literally waited in there until the whole branch was closed for the day, And then I had everybody come around and had the executive, that was with me actually translate everything into Arabic just to make sure everybody understood fully how bad the situation was and how bad I compromised them and what they need to do to be better protected and to be better aware of things like this in the future.

那时他们才第一次意识到我是个坏人。

That's when they first became aware that I was a bad guy.

银行经理仍然对杰森是谁感到困惑。

The bank manager was still confused about who Jason was.

哦，他那种反应就像在踢一只小狗。

Oh, he was he was like it was like kicking a puppy.

我感觉特别糟糕，因为在我给大家培训、讲解情况之后，他在全员会议上举手问：那免费的电脑呢？

He felt I felt so bad because after I'm teaching everybody and training them what's going on, he raises his hand during this whole all hands meeting, he says, what about the free computers?

我们还能拿到新电脑吗？

Do we still get the new computers?

我只好说：不能了。

And I'm like, no.

我一直在骗你。

I was lying to you.

我是个糟糕的人。

I'm a horrible person.

第二天，杰森和他的司机见面，前往下一个分行。

The next day, Jason meets up with his driver to take him to the next branch.

杰森还有两个目标：偷一台电脑并获取网络访问权限。

Jason has two objectives left, to steal a computer and to get network access.

司机把他放在银行外面。

The driver drops him off outside the bank.

那是一座玻璃建筑，门上有一块牌子。

It was a glass building, and there was there was a sign on the door.

门上的牌子写着一些法语和阿拉伯语，我当时想，牌子上还画了个箭头，但我完全不知道那是什么意思。

And the sign on the door said something in French and Arabic and I'm like, and it had an arrow and I'm like, I have no idea what that means.

所以我想，它大概是让我去隔壁的门，去下一个门。

It's like, so I guess it meant go to the door next door, go to the next door.

于是我正走着，快推门进去的时候，听见了喇叭声。

And so I'm walking and I go and I'm about to walk in the door and I hear the horn honking.

我觉得这喇叭声特别执着。

I'm like, it's just insistent.

而且周围车很多，但这次不一样，就在我即将进门、已经锁定目标——那个在拖车线后面的人、准备去搭话的时候，喇叭声突然响了。

And I'm like, and there's a lot of traffic, but like this is actually, it got to the point right before I got in and I already targeted someone inside behind the tow line I was gonna go talk to.

喇叭声一直响个不停。

The horn honking was insistent.

我转过身去看，果然，是我那个开车的司机。

I was like, I turned around and looked to see if it was and sure enough, it was my guy, who was driving me.

于是我走过去找他。

And I was like, I went up to him.

他说：‘你走错门了。’

He's like, that's the wrong bang.

你走错门了。

That's the wrong bang.

我当时想，是的，但门上有个标志。

I was like, yeah, but there's a sign on the door.

上面写着按按钮进入。

It says it says push the button for entry.

我当时想，哦。

And I'm like, oh.

所以我回到原来的门，按了按钮，门就开了。

It's like so I go back to the original door, and I push the button, and that lets me in.

杰森以给人尴尬的拥抱而闻名。

Jason is known for giving awkward hugs.

但如果他误入了错误的银行并试图偷走一台电脑，那就会带来一种他完全无法应对的全新尴尬局面。

But if he would have gone into the wrong bank and tried to steal a computer from it, this would have been a whole new level of awkwardness that he would not have been prepared for.

幸运的是，他的司机在他进入错误的银行前拦住了他，于是他调整了一下，走进了正确的银行。

Luckily, his driver caught him before entering the wrong bank, so he reset himself and went into the right bank.

因为对第一部里我做的那些事感到愧疚，所以我发誓再也不跟任何人说话。

Felt bad about, all the stuff I did in the first one, so I vowed not to talk to anybody.

我只是走回去，找到了休息室，喝了一点水。

I just walked back, found the break room, got a little bit of water.

这样一来，过了几分钟后，我就从另一个方向接近了。

And so that way, after a couple of minutes, I'm now approaching from a different direction.

我不是从不可信的一侧过来，而是从可信的一侧进入。

Instead of coming from the untrusted side, I'm now coming in approaching from a trusted side.

这完全是心理作用。

It's all psychological.

于是我走进了那扇门，来到了出纳员区域。

So, I walked into the, behind this door that got me into the teller, the teller area.

那是个小小的圆形区域。

It was like a little circular kind of thing.

我直接走到旁边正在办理业务的出纳员身边。

And I literally go up to the, besides the teller that's actually conducting business beside me.

我甚至没跟他说一句话，就开始拔掉电脑的插头，断开所有连接。

And I, without even saying a word to him, I started unplugging the computer, unplug it, disconnect everything.

然后我就带着它走了。

And I walk out with it.

这怎么可能？

What how is that possible?

谁会疯到直接冲进一家分行偷走一台电脑？

Because what kind of crazy person walks into a freaking branch and steals a computer?

除了我，大概没人会这么干。

Probably, besides me, that is.

为了公平起见，那台电脑其实很小。

It was a small computer in their defense.

现在杰森已经完成了五个目标中的四个，只剩下一个分行了。

So now Jason has four of the five objectives complete and has one branch left.

最后一个目标是获取网络访问权限。

The last objective is to get network access.

司机把杰森送到了最后一间分行。

The driver takes Jason to the last branch.

嗯，那可真是最简单的了。

Well, that was the simplest.

我只是走过去，有个女士正在打扫办公室。

It was just I just walked up, and there was a lady, cleaning offices.

我说我要去网络机房做点总部那边的工作，她就直接把门打开了。

I was like, I need to get into the the network closet doing some work, for, headquarters, and she just opened the door.

我的意思是，那时候事情进展得实在太平淡了。

I mean, that was very anticlimactic at that point.

为什么这招能管用？

Why did that work?

因为他们不会把这和钱联系起来。

Because they don't associate that with money.

那只是个网络机房而已。

That's just a network closet.

你懂的？

You know?

就像我没有戴滑雪面罩一样。

It's like, I'm not I don't have a ski mask.

我没有看起来很威胁的样子。

I don't have a I don't look threatening.

我微笑着，笑嘻嘻地开玩笑，让人觉得我无害。

I'm I'm smiling, and I'm I'm laughing and joking around, and it's like, I'm harmless.

那为什么不让进去呢？

And it's like, so why not let me in?

他拍下了自己在他们网络室里的照片，以及所有网络设备，然后离开了那个房间，关上门，走出了银行。

He took a picture of himself in their networking room and all their networking equipment, and then left that room and closed the door behind him and walked out of the bank.

杰森在三天内轻松潜入了三家银行，并完成了全部五个目标。

Jason had easily broken into three banks in three days and had completed all five of his objectives.

他与雇佣他的高管们重新会合了。

He met back up with the executives that hired him.

他们的反应是

Their response was

震惊。

Shocked.

我的意思是，他们真的惊呆了。

I mean, literally, they were flabbergasted.

他们觉得这简直难以置信，简直不敢相信这种事情真的发生了。

They it was just unbelievable to them that that occurred, that They're like, that this cannot be real.

本集由Shopify赞助。

This episode is sponsored by Shopify.

还有比新年伊始尝试新事物更好的时机吗？

Is there any better time to try out something new than at the start of a new year?

我太喜欢了。

I love it.

我觉得自己有理由去学习一项新技能、启动一个新项目，或者做出新的决定。

I feel like I have permission to try learning a new skill or starting a new project or making new decisions.

但如果你更有雄心壮志，为什么不三者都尝试，让2026年成为你用Shopify开启新事业的一年呢？

But if you're feeling extra ambitious, why not do all three and turn 2026 into the year you started your new business with Shopify?

Shopify 为你提供在线和线下销售所需的一切。

Shopify gives you everything you need to sell online and in person.

借助 Shopify 内置的 AI 工具，你可以快速完成设置，这些工具能撰写产品描述和标题，甚至帮助你编辑产品图片。

Set up as fast with Shopify's built in AI tools that write product descriptions and headlines and even help you edit product photos.

数百万创业者已经完成了这一跃，从家喻户晓的品牌到刚刚起步的初次创业者。

Millions of entrepreneurs have already made this leap from household names to first time business owners just getting started.

就连我，我的 T 恤店也在 Shopify 上。

And even me, my t shirt shop is on Shopify.

那是 shop.netdiaries.com，我非常喜欢 Shopify，因为它让我轻松地把业务搬到线上。

That's shop..netdiaries.com, and I love Shopify because how easy it is for me to get my business online.

营销功能也内置其中。

Marketing is built in too.

你可以创建电子邮件和社交媒体活动，触达客户浏览的每一个角落。

You can create emails and social campaigns that reach customers wherever they scroll.

所以，在 2026 年，别再等待，立即用 Shopify 开始销售吧。

So in 2026, stop waiting and start selling with Shopify.

注册你的每月1美元试用版，今天就开始在shopify.com/darknet上销售。

Sign up for your $1 per month trial and start selling today at shopify.com/darknet.

前往shopify.com/darknet。

Go to shopify.com/darknet.

就是shopify.com/darknet。

That's shopify.com/darknet.

在新的一年里，让Shopify陪伴你开启你的第一段旅程。

Hear your first this new year with Shopify by your side.

几年过去了，杰森又接到另一个安全意识培训的邀请。

Few years pass, and Jason gets another call for another security awareness engagement.

这次是贝鲁特的一家不同银行，所以他再次前往那里。

This time, it's a different bank in Beirut, so he heads back out there.

好的。

Alright.

所以，我本来是被聘来

So I was supposed I was hired to

他讲这个故事的时候必须喝一杯健怡可乐。

he has to have a Diet Pepsi while he tells this story.

所以我被雇去为那家银行实施抢劫，但这件事有个问题。

So I was hired to rob a bank there for this one bank, and there's a problem with this.

贝鲁特有很多银行。

There's a lot of banks in Beirut.

所以，我当时正在做这个安全评估项目。

So, I I was doing this one engagement.

我们那天早上开始了行动。

We started out that morning.

非常成功。

It was very successful.

我们一开始就很顺利。

We started off with a success.

然后，我们完全攻陷的那台设备开始给其他人打电话，警告他们提防我。

And then the one that we totally compromised started sending out phone calls to, like, other people to warn them about, me.

所以我有点不高兴。

So I was a little upset.

于是我们临时改变计划，去了一家他们不知道的分行，希望能在他们毫无防备的情况下得手。

And so we were going one off script, to a branch that we they didn't know about, hoping that we'd be able to get them unawares.

我之前已经喝掉了一瓶1.5升的健怡可乐，这通常会给我惹麻烦。

And I'd already drank a 1.5 liter bottle of, Diet Pepsi already, which usually leads me to problems.

我急需上厕所，而负责这次行动的联络人告诉我：‘沿着这条人行道再往前走，到尽头那里。’

I have to go really bad, and the guy's telling me guy who's the liaison for the engagement is telling me, Okay, go down this sidewalk further, toward the end.

就在那儿。

It's, right there.

直接进去，我两分钟后就到，因为他是我的护身符。

Just go in, and, I'll be in there two minutes after you because he's my, you know, my get out of jail free card.

于是我走下去，脑子里想的全是别的事——我一边走一边留意其他商店和地方。

And so I go, down, and I'm like, all I'm thinking about literally, I'm going I'm looking at other stores and other places.

如果能找到一家有洗手间的，我就先去那里，免得一进银行就得上厕所。

If I could find one with the restroom, I'll go into it first so I wouldn't go into the bank already having to go to the restroom.

但我没找到。

But I couldn't find one.

我看到了那个分行。

I I see the the branch.

我没看标识。

I don't look at the signage.

我什么都没看。

I don't look at anything.

里面有柜员。

It's got tellers.

这就是我该进的银行。

It's the bank I'm supposed to go into.

我进去了。

I get into it.

我知道欧洲和许多其他国家的洗手间要么在二楼，要么在地下室。

I know that the bathrooms in Europe and a lot of other countries, they're either on the 2nd Floor or in the basement.

它们从来不在一楼。

They're never on the 1st Floor.

所以我自然会去找楼梯，或者找往上或往下的路。

So I automatically look for the stairs or look for for going up or down.

我找到了一段往上的楼梯。

I find some stairs going up.

二楼，果然，就在那儿，是洗手间。

2nd Floor, sure enough, right there is the the bathroom.

我对此感到非常高兴。

I'm really happy about that.

于是我去了洗手间。

So I use the bathroom.

我走下楼，来到楼梯口，站在楼梯顶端。

I come back down, and I'm I'm at the head of the stairs, at top of the stairs.

我往下看，看见两个人在一个隔间里工作。

And I'm looking down, and I see two people working on a in a cube.