July 6, 2024 • 14 mins
Ever wondered how one of the largest telecommunications companies fell victim to a major cyberattack? Join us as cybersecurity students Alexis Severo and Aaron Kispe unravel the infamous Verizon hack of 2016. We kick off our discussion with an insightful look into Verizon's sprawling history and multifaceted services, shedding light on why this tech giant became such a lucrative target for cybercriminals. Discover the gripping narrative of how attackers infiltrated Verizon's enterprise client portal, leading to the unauthorized sale of customer data on the dark web. We'll also cover the chilling aftermath, including a second security flaw that further compromised user accounts by altering email forwarding settings.
But the conversation doesn't stop at just recounting the breach. We dive deep into actionable strategies to bolster your data security practices and prevent such breaches in the future. From enhancing system monitoring with cutting-edge security information and event management systems to implementing role-based access control and vetting third-party vendors, Alexis and Aaron break down the essentials. Reflecting on lessons learned, we underscore the critical importance of security alert emails and balancing convenience with robust safeguard measures. Plus, stay tuned as we discuss the valuable insights from Verizon's annual data breach investigations report—a must-read for any organization looking to shore up its defenses. Don't miss this eye-opening episode packed with expert advice and real-world lessons in cybersecurity.
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 2 (00:26):
Welcome to, and welcome to, technology Tap.
I'm Professor J Rod In today'sepisode, another summer series.
This time, they're going totalk about the Verizon hack.
Let's get into it, all right.
(01:04):
All right, welcome toTechnology Tap.
For those who don't know me, myname is Professor J-Rod and I'm
professor of cybersecurity, andif you've been listening, you
know that I've been doing, incollaboration and cooperation
with some of my students, asummer series on hacking on
companies that have been hacked.
This episode is going to beabout the Verizon hack.
(01:24):
I think it happened in 2016.
It's by Alexis and Aaron.
Thank you so much for agreeingto participate in this
assignment, and you know so farI've done.
This will be number three.
I think the students have donean excellent job and I'm very
grateful for them wanting tovolunteer and do this.
(01:47):
So, all right, here's Alexisand Aaron.
Speaker 3 (01:51):
Good afternoon.
I'm Aaron Kispe and I'm herewith my co-host, Alexis Severo,
and today's topic is whathappened to Verizon in 2016?
But before we get into anyspecific details, Alexis, can
you tell us who or what Verizonis Certainly?
Speaker 1 (02:08):
Verizon was founded in 1983 as Bell Atlantic
Corporation.
Then in 1996, they merged with9X under the name Bell Atlantic.
Finally, in 2000, bell Atlanticmerged with GTE to form a
company known as Verizon.
Verizon is one of the largesttelecommunication companies in
the world.
It has operations in over 150countries serving over 140
(02:30):
million customers worldwide.
Verizon provides a wide rangeof services.
It is organized into threedivisions.
The first division is theconsumer group, which provides
wireless network services toresidential homes and businesses
.
Then there's the business group,which caters to enterprise
clients with secure and reliablenetwork connectivity,
cybersecurity solutions, cloudcomputing and data center
(02:53):
services.
And let's not forget about themedia division, which oversees
digital advertising and providesonline services through their
platforms.
That is.
Speaker 2 (03:03):
Verizon as we know it today.
So what reasons would a?
Speaker 1 (03:05):
director have for attacking them in 2016?
Speaker 3 (03:09):
Good question.
Well, during that time period,verizon Enterprise Solutions had
a customer base of 1.5 millioncustomers.
Additionally, about 99% ofFortune 500 companies that year
were using Verizon EnterpriseSolutions in their daily IT
environments.
Not only is there a large poolof potential victims, but many
(03:31):
of these are high-value targets.
This made Verizon an enticingtarget for any financially
motivated threat actor, whocould then sell the stolen
information or exploit basiccontact details for phishing and
future cyber attacks.
Now, alexis, what specificallyhappened during this data breach
?
Speaker 1 (03:51):
Well, in March of 2016, a database containing
customer information fromVerizon Enterprise Solutions was
being advertised for sale onthe Cybercrime Forum.
The seller gave interestedcustomers the option of buying
the entirety of the compromiseddatabase for $100,000.
The alternative option was tobuy the information in chunks of
(04:11):
100,000 records for $10,000, apackage forcing potential
customers to gamble on the typeof information they were buying.
The poster was also offering tosell information about security
vulnerabilities in Verizon'swebsite.
The reactors were able to dothis by exploiting a security
vulnerability in the enterpriseclient portal.
Speaker 2 (04:30):
Aaron, can you go into?
Speaker 1 (04:31):
further detail about the information we found
regarding this data breach,although not many details about
this attack was released.
Speaker 3 (04:40):
Verizon claimed that no customer proprietary network
information was accessed oraccessible.
What was stolen, though, wasbasic contact info like names
and email, but in that sameresponse, verizon claimed to
have resolved this issue, butjust a couple weeks later, their
PR team claimed that thedatabase that was being sold
(05:01):
online was just fictitious data.
That was being sold online wasjust fictitious data.
Naturally, we had toinvestigate to see if there was
any truth behind the claims madeby Verizon, or were they just
downplaying the impact of thisbreach?
And, most importantly, wewanted to know if the seller of
the compromised database couldprovide more insight into the
weaknesses of Verizon's webservices.
Speaker 1 (05:21):
Giving credence to the claims made by the seller.
On April 14, 2016, anothersecurity flaw in Verizon's
website was discovered.
It was discovered that anyonewith a valid Verizonnet account
would be able to change theforwarding settings of another
person's account.
Imagine having your passwordreset, emails being sent to
another person and, worst of all, not knowing that they were
(05:43):
being sent to them in the firstplace.
Victims of this exploit wouldhave no way of knowing that
their email address wascompromised because they would
not be able to receive anysuspicious emails in their inbox
.
Before we get into any specificinformation about this
vulnerability, it is importantthat we give listeners a brief
overview of what website APIsecurity is.
It is important that we givelisteners a brief overview of
what website API security isAbsolutely.
Speaker 3 (06:04):
Web API security is essential for protecting
sensitive data and ensuring theintegrity of online systems.
At its core, web API securityfocuses on safeguarding the
application programminginterfaces that enable
communication between thedifferent software applications
over the internet.
Apis serve as the bridgebetween the front-end user
(06:27):
interface and the back-endserver, where the data is then
stored and processed.
When a user interacts with aweb application, they're
essentially sending requests tothe API endpoints, which then
processes these requests andreturns the appropriate response
.
However, ensuring the securityof these API endpoints is
(06:49):
crucial, as they can bevulnerable to various threats if
they're not properly protected.
That's where measures likeauthentication, authorization
and encryption come into play.
Authentication, authorizationand encryption come into play.
The API gateway acts as thegatekeeper, verifying the
(07:11):
identity of users and ensuringthat they have the necessary
permissions to access therequested data.
By encrypting the data intransit and at rest,
organizations can preventunauthorized access and protect
the sensitive information fromprying eyes.
So, in essence, web APIsecurity is all about fortifying
the communication channelsbetween the different software
(07:33):
components, ensuring that thedata remains secure and
confidential throughout theexchange process.
But now, alexis, what specificvulnerability was being used for
this exploit?
Speaker 1 (07:46):
What was being exploited is known as an
insecure direct object referencevulnerability, which means
there was an issue with the APIendpoint.
As I stated earlier, a threatactor only needed a valid
Verizonnet account to takeadvantage of this exploit.
Then they must obtain the userID of an email, which they can
do by looking at the forwardingsettings of an email account,
(08:09):
more specifically, the proxysettings.
The user ID is importantbecause it is used to identify
accounts in Verizon's internalsystems.
Speaker 2 (08:17):
It also points to another internal ID known as the
mail ID.
Speaker 1 (08:21):
The mail ID is what is used to identify a specific
email address in Verizon'sinternal systems.
This was only possible becauseVerizon exposed an API endpoint
that gave people the means tolook up a target's mail ID.
A user would then send a POSTrequest to the URL of the
exposed API endpoint, which wasdot Verizon dot com.
(08:47):
Forward slash webmail forwardslash driver.
Question mark N-I-M-L-E-Tequals mail ID lookup.
A post request, put simply, issending information from your
computer to another computer.
Once a person has thisinformation, they could change
(09:08):
the mail ID that their user IDpoints to.
From there, they could changethe mail ID that their user ID
points to.
From there, they could changethe forwarding settings like
normal but this time thesettings are saved for another
account.
So we can see that these twovulnerabilities are not the same
thing, but they are related toeach other.
A vulnerability in one can beused to affect the security of
the other one.
A vulnerable client portal canbe used to make unauthorized API
(09:31):
requests.
An exposed API endpoint can beexploited by manipulating
requests from the client portal.
Luckily for users, this law waspassed in May 12th of 2016.
Speaker 2 (09:42):
But this was a dangerous month for users of
this email service, verizonnetis now a discontinued service
but there is a lot we can learnfrom this security flaw.
Speaker 1 (09:51):
Aaron, can you give the listeners an idea of what
companies can do to protectagainst data breaches in general
?
Speaker 3 (09:57):
Let's start by addressing the need to enhance
your system monitoring andauditing practices.
Introducing a securityinformation and event management
system can significantlybolster your security efforts.
This system collects andanalyzes the security logs from
(10:18):
across the network.
Moving on, we'll discuss theimplementation of role-based
access control as a fundamentalmeasure in fortifying your
database security.
Rbac works by restrictingaccess to sensitive data based
on the employee's role withinthe organization.
By enforcing RBAC protocols,you can mitigate the risk of
unauthorized access and databreaches, ensuring a more secure
(10:41):
environment for yourorganization's data.
Lastly, before dealing with athird-party vendor, it is good
practice to conduct a thoroughsecurity assessment on the
company before granting themaccess to your customer database
, include specific data securityrequirements in these contracts
and regularly monitor vendoractivity.
(11:01):
And don't forget to hold themaccountable for meeting those
security standards that wereagreed upon.
Now, with that being said,alexis, what are your thoughts
on what happened to Verizon?
Speaker 1 (11:14):
Personally speaking, I have a greater appreciation
for the security alert emails Ireceive.
Speaker 3 (11:19):
It's reassuring that should my email address be
compromised, I can be informedof it immediately.
Speaker 1 (11:25):
Honestly, I think one of my problems is going to be
reading that email on time,because I'm not good at looking
at my email, but like it's good,like I said, this is reassuring
that I also like to have likeemails separated for different
things.
I have one for school, one forapplying for jobs another one
just for, like, personalbrowsing.
Of course it's good to keep yourthings organized yeah, so like
(11:47):
when I do get breached, I wantto limit the scope of it, of
course, but's good to keep yourthings organized.
Yeah, so when I do get breached, I want to limit the scope of
it, of course.
But I recommend people find abalance between convenience and
security, because I think thisis good enough for me, but
people might struggle justremembering one password, so I
recommend just trying to use asmany different passwords as they
can.
Speaker 3 (12:07):
Or a password manager .
Speaker 1 (12:09):
I mean that too.
That would work, but like, thisworks for me and people just go
with what works for them.
Speaker 3 (12:16):
I mean, I guess that could be true, but you know,
security over convenience at theend.
I mean, if you want your thingsto be protected, yeah, but you
don't want to get locked out ofyour account, that's true too.
Well, I think about this wholesituation that it's a bit ironic
that Verizon Enterprise istypically the one telling the
(12:40):
rest of the world how these sortof breaches take place, which
is why I recommend reading theVerizon's annual data breach
investigations report, becauseeach year it is full of
interesting case studies fromactual breaches yeah, like the
viral one, yes and most of thesecase studies include hard
(13:01):
lessons which mostly age verywell.
Even a DBI report from fouryears ago has a great deal of
relevance to today's securitychallenges.
So there is always something tolearn from from all these
breaches, even if they were acouple of years ago, because
technology keeps advancing, butthe concepts stay the same,
that's true, and with that weconclude today's segment.
(13:24):
Thank you, dr Rodriguez, forhaving us on your podcast.
Speaker 1 (13:27):
Thank you for Dr Rodriguez for having us on your
podcast.
Speaker 2 (13:31):
Yeah thank you for this growing experience.
All right, that's going to puta bow on the show.
Thank you so much for listening.
Thank you for Alex and Aaronfor that lesson on the Verizon
hack.
We all appreciate it and wehope you learned something.
Speaker 1 (14:02):
Until next time.
Speaker 2 (14:13):
If you want to reach me, you can email me at
professorjrod at gmailcom.
That'sP-R-O-F-E-S-S-O-R-J-R-O-D at
gmailcom.
This has been a presentation ofLittle Chacha Productions.
Art by Sarah Music by Joel Kim.
Until next time.
Welcome to, and welcome to, technology Tap.
I'm Professor J Rod In today'sepisode, another summer series.
This time, they're going totalk about the Verizon hack.
Let's get into it, all right.
(01:04):
All right, welcome toTechnology Tap.
For those who don't know me, myname is Professor J-Rod and I'm
professor of cybersecurity, andif you've been listening, you
know that I've been doing, incollaboration and cooperation
with some of my students, asummer series on hacking on
companies that have been hacked.
This episode is going to beabout the Verizon hack.
(01:24):
I think it happened in 2016.
It's by Alexis and Aaron.
Thank you so much for agreeingto participate in this
assignment, and you know so farI've done.
This will be number three.
I think the students have donean excellent job and I'm very
grateful for them wanting tovolunteer and do this.
(01:47):
So, all right, here's Alexisand Aaron.
Speaker 3 (01:51):
Good afternoon.
I'm Aaron Kispe and I'm herewith my co-host, Alexis Severo,
and today's topic is whathappened to Verizon in 2016?
But before we get into anyspecific details, Alexis, can
you tell us who or what Verizonis Certainly?
Speaker 1 (02:08):
Verizon was founded in 1983 as Bell Atlantic
Corporation.
Then in 1996, they merged with9X under the name Bell Atlantic.
Finally, in 2000, bell Atlanticmerged with GTE to form a
company known as Verizon.
Verizon is one of the largesttelecommunication companies in
the world.
It has operations in over 150countries serving over 140
(02:30):
million customers worldwide.
Verizon provides a wide rangeof services.
It is organized into threedivisions.
The first division is theconsumer group, which provides
wireless network services toresidential homes and businesses
.
Then there's the business group,which caters to enterprise
clients with secure and reliablenetwork connectivity,
cybersecurity solutions, cloudcomputing and data center
(02:53):
services.
And let's not forget about themedia division, which oversees
digital advertising and providesonline services through their
platforms.
That is.
Speaker 2 (03:03):
Verizon as we know it today.
So what reasons would a?
Speaker 1 (03:05):
director have for attacking them in 2016?
Speaker 3 (03:09):
Good question.
Well, during that time period,verizon Enterprise Solutions had
a customer base of 1.5 millioncustomers.
Additionally, about 99% ofFortune 500 companies that year
were using Verizon EnterpriseSolutions in their daily IT
environments.
Not only is there a large poolof potential victims, but many
(03:31):
of these are high-value targets.
This made Verizon an enticingtarget for any financially
motivated threat actor, whocould then sell the stolen
information or exploit basiccontact details for phishing and
future cyber attacks.
Now, alexis, what specificallyhappened during this data breach
?
Speaker 1 (03:51):
Well, in March of 2016, a database containing
customer information fromVerizon Enterprise Solutions was
being advertised for sale onthe Cybercrime Forum.
The seller gave interestedcustomers the option of buying
the entirety of the compromiseddatabase for $100,000.
The alternative option was tobuy the information in chunks of
(04:11):
100,000 records for $10,000, apackage forcing potential
customers to gamble on the typeof information they were buying.
The poster was also offering tosell information about security
vulnerabilities in Verizon'swebsite.
The reactors were able to dothis by exploiting a security
vulnerability in the enterpriseclient portal.
Speaker 2 (04:30):
Aaron, can you go into?
Speaker 1 (04:31):
further detail about the information we found
regarding this data breach,although not many details about
this attack was released.
Speaker 3 (04:40):
Verizon claimed that no customer proprietary network
information was accessed oraccessible.
What was stolen, though, wasbasic contact info like names
and email, but in that sameresponse, verizon claimed to
have resolved this issue, butjust a couple weeks later, their
PR team claimed that thedatabase that was being sold
(05:01):
online was just fictitious data.
That was being sold online wasjust fictitious data.
Naturally, we had toinvestigate to see if there was
any truth behind the claims madeby Verizon, or were they just
downplaying the impact of thisbreach?
And, most importantly, wewanted to know if the seller of
the compromised database couldprovide more insight into the
weaknesses of Verizon's webservices.
Speaker 1 (05:21):
Giving credence to the claims made by the seller.
On April 14, 2016, anothersecurity flaw in Verizon's
website was discovered.
It was discovered that anyonewith a valid Verizonnet account
would be able to change theforwarding settings of another
person's account.
Imagine having your passwordreset, emails being sent to
another person and, worst of all, not knowing that they were
(05:43):
being sent to them in the firstplace.
Victims of this exploit wouldhave no way of knowing that
their email address wascompromised because they would
not be able to receive anysuspicious emails in their inbox
.
Before we get into any specificinformation about this
vulnerability, it is importantthat we give listeners a brief
overview of what website APIsecurity is.
It is important that we givelisteners a brief overview of
what website API security isAbsolutely.
Speaker 3 (06:04):
Web API security is essential for protecting
sensitive data and ensuring theintegrity of online systems.
At its core, web API securityfocuses on safeguarding the
application programminginterfaces that enable
communication between thedifferent software applications
over the internet.
Apis serve as the bridgebetween the front-end user
(06:27):
interface and the back-endserver, where the data is then
stored and processed.
When a user interacts with aweb application, they're
essentially sending requests tothe API endpoints, which then
processes these requests andreturns the appropriate response
.
However, ensuring the securityof these API endpoints is
(06:49):
crucial, as they can bevulnerable to various threats if
they're not properly protected.
That's where measures likeauthentication, authorization
and encryption come into play.
Authentication, authorizationand encryption come into play.
The API gateway acts as thegatekeeper, verifying the
(07:11):
identity of users and ensuringthat they have the necessary
permissions to access therequested data.
By encrypting the data intransit and at rest,
organizations can preventunauthorized access and protect
the sensitive information fromprying eyes.
So, in essence, web APIsecurity is all about fortifying
the communication channelsbetween the different software
(07:33):
components, ensuring that thedata remains secure and
confidential throughout theexchange process.
But now, alexis, what specificvulnerability was being used for
this exploit?
Speaker 1 (07:46):
What was being exploited is known as an
insecure direct object referencevulnerability, which means
there was an issue with the APIendpoint.
As I stated earlier, a threatactor only needed a valid
Verizonnet account to takeadvantage of this exploit.
Then they must obtain the userID of an email, which they can
do by looking at the forwardingsettings of an email account,
(08:09):
more specifically, the proxysettings.
The user ID is importantbecause it is used to identify
accounts in Verizon's internalsystems.
Speaker 2 (08:17):
It also points to another internal ID known as the
mail ID.
Speaker 1 (08:21):
The mail ID is what is used to identify a specific
email address in Verizon'sinternal systems.
This was only possible becauseVerizon exposed an API endpoint
that gave people the means tolook up a target's mail ID.
A user would then send a POSTrequest to the URL of the
exposed API endpoint, which wasdot Verizon dot com.
(08:47):
Forward slash webmail forwardslash driver.
Question mark N-I-M-L-E-Tequals mail ID lookup.
A post request, put simply, issending information from your
computer to another computer.
Once a person has thisinformation, they could change
(09:08):
the mail ID that their user IDpoints to.
From there, they could changethe mail ID that their user ID
points to.
From there, they could changethe forwarding settings like
normal but this time thesettings are saved for another
account.
So we can see that these twovulnerabilities are not the same
thing, but they are related toeach other.
A vulnerability in one can beused to affect the security of
the other one.
A vulnerable client portal canbe used to make unauthorized API
(09:31):
requests.
An exposed API endpoint can beexploited by manipulating
requests from the client portal.
Luckily for users, this law waspassed in May 12th of 2016.
Speaker 2 (09:42):
But this was a dangerous month for users of
this email service, verizonnetis now a discontinued service
but there is a lot we can learnfrom this security flaw.
Speaker 1 (09:51):
Aaron, can you give the listeners an idea of what
companies can do to protectagainst data breaches in general
?
Speaker 3 (09:57):
Let's start by addressing the need to enhance
your system monitoring andauditing practices.
Introducing a securityinformation and event management
system can significantlybolster your security efforts.
This system collects andanalyzes the security logs from
(10:18):
across the network.
Moving on, we'll discuss theimplementation of role-based
access control as a fundamentalmeasure in fortifying your
database security.
Rbac works by restrictingaccess to sensitive data based
on the employee's role withinthe organization.
By enforcing RBAC protocols,you can mitigate the risk of
unauthorized access and databreaches, ensuring a more secure
(10:41):
environment for yourorganization's data.
Lastly, before dealing with athird-party vendor, it is good
practice to conduct a thoroughsecurity assessment on the
company before granting themaccess to your customer database
, include specific data securityrequirements in these contracts
and regularly monitor vendoractivity.
(11:01):
And don't forget to hold themaccountable for meeting those
security standards that wereagreed upon.
Now, with that being said,alexis, what are your thoughts
on what happened to Verizon?
Speaker 1 (11:14):
Personally speaking, I have a greater appreciation
for the security alert emails Ireceive.
Speaker 3 (11:19):
It's reassuring that should my email address be
compromised, I can be informedof it immediately.
Speaker 1 (11:25):
Honestly, I think one of my problems is going to be
reading that email on time,because I'm not good at looking
at my email, but like it's good,like I said, this is reassuring
that I also like to have likeemails separated for different
things.
I have one for school, one forapplying for jobs another one
just for, like, personalbrowsing.
Of course it's good to keep yourthings organized yeah, so like
(11:47):
when I do get breached, I wantto limit the scope of it, of
course, but's good to keep yourthings organized.
Yeah, so when I do get breached, I want to limit the scope of
it, of course.
But I recommend people find abalance between convenience and
security, because I think thisis good enough for me, but
people might struggle justremembering one password, so I
recommend just trying to use asmany different passwords as they
can.
Speaker 3 (12:07):
Or a password manager .
Speaker 1 (12:09):
I mean that too.
That would work, but like, thisworks for me and people just go
with what works for them.
Speaker 3 (12:16):
I mean, I guess that could be true, but you know,
security over convenience at theend.
I mean, if you want your thingsto be protected, yeah, but you
don't want to get locked out ofyour account, that's true too.
Well, I think about this wholesituation that it's a bit ironic
that Verizon Enterprise istypically the one telling the
(12:40):
rest of the world how these sortof breaches take place, which
is why I recommend reading theVerizon's annual data breach
investigations report, becauseeach year it is full of
interesting case studies fromactual breaches yeah, like the
viral one, yes and most of thesecase studies include hard
(13:01):
lessons which mostly age verywell.
Even a DBI report from fouryears ago has a great deal of
relevance to today's securitychallenges.
So there is always something tolearn from from all these
breaches, even if they were acouple of years ago, because
technology keeps advancing, butthe concepts stay the same,
that's true, and with that weconclude today's segment.
(13:24):
Thank you, dr Rodriguez, forhaving us on your podcast.
Speaker 1 (13:27):
Thank you for Dr Rodriguez for having us on your
podcast.
Speaker 2 (13:31):
Yeah thank you for this growing experience.
All right, that's going to puta bow on the show.
Thank you so much for listening.
Thank you for Alex and Aaronfor that lesson on the Verizon
hack.
We all appreciate it and wehope you learned something.
Speaker 1 (14:02):
Until next time.
Speaker 2 (14:13):
If you want to reach me, you can email me at
professorjrod at gmailcom.
That'sP-R-O-F-E-S-S-O-R-J-R-O-D at
gmailcom.
This has been a presentation ofLittle Chacha Productions.
Art by Sarah Music by Joel Kim.
Until next time.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.