1
00:00:03,610 --> 00:00:06,220
Sean Aylmer: Welcome  to  the  Fear  and  Greed  daily  interview.  I'm  Sean 

2
00:00:06,220 --> 00:00:09,910
Sean Aylmer: Aylmer.  We've  talked  a  lot  about  cybersecurity  on  Fear and Greed,  and 

3
00:00:09,910 --> 00:00:13,039
Sean Aylmer: about  the  alarming  number  of  individuals  and  businesses  that  have 

4
00:00:13,039 --> 00:00:16,720
Sean Aylmer: been  the  victims  of  cyber  attack  in  Australia.  But  we 

5
00:00:16,720 --> 00:00:19,599
Sean Aylmer: haven't  talked  much  about  what  happens  to  data  when  it's 

6
00:00:19,600 --> 00:00:22,410
Sean Aylmer: stolen,  how  it's  used,  how  to  get  it  back,  and 

7
00:00:22,410 --> 00:00:25,329
Sean Aylmer: how  much  your  details  can  sell  for  on  the  dark 

8
00:00:25,329 --> 00:00:29,610
Sean Aylmer: web.
 Lawrence  Patrick  is  a  cybersecurity  expert  with  Australian  company 

9
00:00:29,620 --> 00:00:32,540
Sean Aylmer: Zilirio  and  my  guest  this  morning.  Lawrence,  welcome  to  Fear 

10
00:00:32,540 --> 00:00:32,779
Sean Aylmer: and  Greed.

11
00:00:33,600 --> 00:00:34,589
Lawrence Patrick: Thank  you  very  much.

12
00:00:35,900 --> 00:00:38,890
Sean Aylmer: Let's  start  off,  Lawrence,  what  is  the  dark  web  exactly?

13
00:00:39,620 --> 00:00:42,050
Lawrence Patrick: The  dark  web  is  a  part  of  the  internet  where 

14
00:00:42,050 --> 00:00:45,550
Lawrence Patrick: hackers  and  cyber  criminals  hang  out.  If  you  could  visualize 

15
00:00:46,229 --> 00:00:51,870
Lawrence Patrick: people  doing  illicit  deals  in  shady,  dark  alleys  and  exchanging 

16
00:00:51,870 --> 00:00:55,500
Lawrence Patrick: goods,  that's  a  digital  equivalent  of  the  dark  web.  It 

17
00:00:55,500 --> 00:00:59,240
Lawrence Patrick: is  a  collection  of  websites  that  are  not  accessible  by 

18
00:00:59,240 --> 00:01:02,170
Lawrence Patrick: regular  people.  You  actually  need  special  software  tools  to  even 

19
00:01:02,420 --> 00:01:05,190
Lawrence Patrick: be  able  to  see  these  websites.
 But  they  do  exist. 

20
00:01:05,430 --> 00:01:08,670
Lawrence Patrick: And  this  is  where  people  go  to  buy  and  sell 

21
00:01:08,870 --> 00:01:12,780
Lawrence Patrick: stolen  data,  sometimes  to  buy  and  sell  exploits  that  allow 

22
00:01:12,790 --> 00:01:15,730
Lawrence Patrick: people  to  crack  into  software  and  use  it  for  nefarious 

23
00:01:15,730 --> 00:01:18,090
Lawrence Patrick: means.  The  dark  web  is  kind  of  where  the  hackers 

24
00:01:18,090 --> 00:01:19,750
Lawrence Patrick: and  cyber  criminals  hang  out  on  the  internet.

25
00:01:20,319 --> 00:01:23,100
Sean Aylmer: Okay.  We  often  talk  about  the  cost  of  business,  ranging 

26
00:01:23,100 --> 00:01:25,509
Sean Aylmer: from  the  ransoms  paid  to  get  data  back,  through  to 

27
00:01:25,510 --> 00:01:27,709
Sean Aylmer: the  cost  of  having  all  your  IT  frozen  for  days 

28
00:01:27,709 --> 00:01:29,920
Sean Aylmer: on  end,  et  cetera.  But  you've  got  data  from  the 

29
00:01:29,920 --> 00:01:31,569
Sean Aylmer: other  side  of  the  equation  or  the  other  side  of 

30
00:01:31,660 --> 00:01:34,620
Sean Aylmer: the  transaction  from  the  dark  web,  how  much  the  stolen 

31
00:01:34,620 --> 00:01:38,780
Sean Aylmer: data  is  actually  selling  for.
Can we  go  through  some  of  those? 

32
00:01:38,780 --> 00:01:41,610
Sean Aylmer: I  thought  it  was  really,  really  fascinating.  So  medical  records, 

33
00:01:42,390 --> 00:01:47,260
Sean Aylmer: the  average  asking  price  in  2022  for  medical  records  is $

34
00:01:47,270 --> 00:01:51,390
Sean Aylmer: 400  plus,  which  is  actually  at  the  very  high  end 

35
00:01:51,390 --> 00:01:51,960
Sean Aylmer: of  the  spectrum.

36
00:01:53,510 --> 00:01:56,640
Lawrence Patrick: Yeah,  that's  absolutely  correct.  I  mean,  medical  records  are  very 

37
00:01:56,640 --> 00:01:59,290
Lawrence Patrick: prized  in  terms  of  stolen  data.  And  part  of  the 

38
00:01:59,290 --> 00:02:03,410
Lawrence Patrick: reason  is  that  they  have  a  perfect  combination  of  super 

39
00:02:03,410 --> 00:02:06,190
Lawrence Patrick: reliable  personal  details.  I  mean,  your  medical  records  are  not 

40
00:02:06,190 --> 00:02:09,230
Lawrence Patrick: likely  to  be  out  of  date  or  inaccurate.  It's  sort 

41
00:02:09,230 --> 00:02:12,280
Lawrence Patrick: of  the  gold  standard  in  terms  of  accuracy  of  the 

42
00:02:12,280 --> 00:02:16,520
Lawrence Patrick: records  and  the  personal  identifying  information.
 But  then  also,  you 

43
00:02:16,520 --> 00:02:20,910
Lawrence Patrick: got  financial  transaction  information.  And  because  it's  quite  sensitive,  it's 

44
00:02:20,910 --> 00:02:25,070
Lawrence Patrick: very  easy  to  launch  a  ransomware  campaign  once  you  have 

45
00:02:25,400 --> 00:02:28,020
Lawrence Patrick: these  types  of  medical  records.  But  in  terms  of  on 

46
00:02:28,020 --> 00:02:31,169
Lawrence Patrick: the  dark  web  and  hackers  buying  and  selling  them,  if 

47
00:02:31,169 --> 00:02:34,910
Lawrence Patrick: you  wanted  to  target  an  individual,  having  access  to  medical 

48
00:02:34,910 --> 00:02:38,910
Lawrence Patrick: records  is  a  very  powerful  way  to  target  people.  And 

49
00:02:38,910 --> 00:02:40,840
Lawrence Patrick: this  is  part  of  the  reason  why  they  command  such 

50
00:02:40,840 --> 00:02:42,040
Lawrence Patrick: a  high  price  on  the  dark  web.

51
00:02:42,780 --> 00:02:48,570
Sean Aylmer: Okay. Does that mean there are  more  cyber  attacks  on  medical  facilities,  hospitals,  doctors,  surgeries, 

52
00:02:48,570 --> 00:02:51,050
Sean Aylmer: those sorts  of  things,  because  of  the  value  of  the  data?

53
00:02:52,100 --> 00:02:55,690
Lawrence Patrick: Yeah,  that's  right.  We  have  seen  increased  activity  in  Australia. 

54
00:02:55,690 --> 00:02:59,510
Lawrence Patrick: The  Australian  Cybersecurity  Center  has  actually  issued  an  alert  last 

55
00:02:59,510 --> 00:03:04,820
Lawrence Patrick: year,  reminding  hospitals  and  doctors'  offices  and  healthcare  facilities  of 

56
00:03:04,820 --> 00:03:08,280
Lawrence Patrick: all  kinds  that  they  are  targeted  by  these  hackers,  and 

57
00:03:08,280 --> 00:03:12,960
Lawrence Patrick: that  they  have  to  take  measures  to  find  outside  partners, 

58
00:03:13,280 --> 00:03:15,730
Lawrence Patrick: whether  it's  Zirilio  or  other  companies,  to  try  to  help 

59
00:03:15,730 --> 00:03:19,090
Lawrence Patrick: them  strengthen  their  cyber  defense  because  they  really  are  big 

60
00:03:19,090 --> 00:03:22,370
Lawrence Patrick: targets.
 And  we've  seen  a  wave  of  ransomware  attacks  going 

61
00:03:22,370 --> 00:03:25,209
Lawrence Patrick: after  that  data  in  Australia.  That  unfortunately,  there  were  even 

62
00:03:25,210 --> 00:03:28,270
Lawrence Patrick: some  hospitals  that  were  shut  down  and  unable  to  complete 

63
00:03:28,520 --> 00:03:32,139
Lawrence Patrick: surgeries  and  unable  to  move  forward  with  their  daily  operations, 

64
00:03:32,360 --> 00:03:34,990
Lawrence Patrick: which  you  can  imagine  is  very  scary  for  a  hospital 

65
00:03:35,120 --> 00:03:38,120
Lawrence Patrick: to  actually  lose  operational  focus  because  of  a  cyber  attack.

66
00:03:39,180 --> 00:03:41,670
Sean Aylmer: I'm  not  going  to  go  through  them all,  but  crypto  accounts are worth about 

67
00:03:42,130 --> 00:03:46,020
Sean Aylmer: 120  to  550.  It's  quite  a  range.  Driver's  license  says 

68
00:03:46,020 --> 00:03:49,640
Sean Aylmer: at $ 200.  I  thought  it  was interesting  that  credit  card  details 

69
00:03:49,640 --> 00:03:52,730
Sean Aylmer: with  CVV,  that's  the  security  number  on  the  back  of 

70
00:03:52,730 --> 00:03:56,000
Sean Aylmer: the  card,  was  only $ 40.  Why  is  that?  I  would've 

71
00:03:56,000 --> 00:03:59,380
Sean Aylmer: thought that was a  really  good  one  for  a  criminal  to  have  for.

72
00:03:59,930 --> 00:04:02,430
Lawrence Patrick: Yeah.  Well,  it's  very  interesting. And  this  is  part  of  the 

73
00:04:02,430 --> 00:04:04,360
Lawrence Patrick: point  that  we  want  to  make  is  that  it's  very 

74
00:04:04,360 --> 00:04:06,900
Lawrence Patrick: counterintuitive.  If  you  ask  the  average  person  on  the  street 

75
00:04:07,580 --> 00:04:10,170
Lawrence Patrick: their  most  valuable  asset,  they  would  probably  think  their  wallet 

76
00:04:10,170 --> 00:04:12,540
Lawrence Patrick: with  their  credit  card,  or  their  bank  card.  They  would  say, "

77
00:04:12,540 --> 00:04:14,620
Lawrence Patrick: Wow,  that's  where  the  money  is,"  so  obviously  that's  the 

78
00:04:14,620 --> 00:04:18,670
Lawrence Patrick: thing  that  people  would  try  to  steal.
 But  in  fact, 

79
00:04:19,100 --> 00:04:21,430
Lawrence Patrick: banks  and  credit  card  companies  have  actually  done  a  pretty 

80
00:04:21,430 --> 00:04:24,570
Lawrence Patrick: good  job  of  making  it  easy  to  change  those  numbers. 

81
00:04:24,960 --> 00:04:27,820
Lawrence Patrick: The  second  you  realize  you've  been  compromised,  if  your  wallet 

82
00:04:27,820 --> 00:04:31,800
Lawrence Patrick: physically  gets  stolen,  it's  fairly  trivial,  fairly  easy  to  request 

83
00:04:31,800 --> 00:04:34,929
Lawrence Patrick: a  brand  new  number  to  change  that  code,  that  three-

84
00:04:34,930 --> 00:04:37,420
Lawrence Patrick: digit  code  on  the  back,  and  basically  reset  those  details 

85
00:04:37,420 --> 00:04:41,150
Lawrence Patrick: to  make  it  essentially  useless  for  charging  up.
 Now  that's 

86
00:04:41,150 --> 00:04:43,260
Lawrence Patrick: only  if  you  realize  it's  gone,  which  is  why  they 

87
00:04:43,260 --> 00:04:47,610
Lawrence Patrick: still  do  have  some  value.  But  those  things  are  pretty 

88
00:04:47,610 --> 00:04:51,330
Lawrence Patrick: easy  to  reset.  Some  credit  cards  now  even  will  automatically 

89
00:04:51,330 --> 00:04:53,860
Lawrence Patrick: expire  that  three- digit  code  after  a  certain  period  of 

90
00:04:53,860 --> 00:04:56,659
Lawrence Patrick: time.  The  credit  card  companies  and  banks  have,  have  gotten 

91
00:04:56,660 --> 00:04:59,290
Lawrence Patrick: more  sophisticated  and  stepped  their  game  up  a  little  bit 

92
00:04:59,600 --> 00:05:03,339
Lawrence Patrick: around  trying  to  help  consumers  with  that  type  of  fraud. 

93
00:05:03,490 --> 00:05:05,039
Lawrence Patrick: But  it  does  still  exist,  which  is  why  they  have 

94
00:05:05,040 --> 00:05:05,570
Lawrence Patrick: some  value.

95
00:05:05,970 --> 00:05:08,060
Sean Aylmer: Okay.  And  then  some  of  the  social  media  accounts,  actually 

96
00:05:08,060 --> 00:05:11,920
Sean Aylmer: being  able  to  access  individual  social  media  account,  has  a 

97
00:05:11,920 --> 00:05:13,010
Sean Aylmer: higher  value  than  that.

98
00:05:13,610 --> 00:05:17,270
Lawrence Patrick: Yeah.  I  mean,  social  media  can  be  really  powerful  from 

99
00:05:17,270 --> 00:05:22,250
Lawrence Patrick: the  standpoint  of  creating  disruption  and  chaos.  People  really  value 

100
00:05:22,250 --> 00:05:25,529
Lawrence Patrick: their  social  media  presence,  in  particular  if  you're  able  to 

101
00:05:25,770 --> 00:05:28,339
Lawrence Patrick: get  control  of  the  social  media  account  of  a  brand 

102
00:05:28,650 --> 00:05:32,229
Lawrence Patrick: or  company,  that  could  be  quite  valuable.  And  they  would 

103
00:05:32,350 --> 00:05:34,320
Lawrence Patrick: be  willing  to  pay  a  lot  to  get  access  back 

104
00:05:34,320 --> 00:05:37,040
Lawrence Patrick: to  it.
 But  in  general,  people  live  on  social  media 

105
00:05:37,770 --> 00:05:40,420
Lawrence Patrick: and  so  cyber  criminals  are  smart.  They  go  to  where 

106
00:05:40,420 --> 00:05:44,010
Lawrence Patrick: people  spend  their  time  and  energy,  and  because  people  are 

107
00:05:44,010 --> 00:05:47,089
Lawrence Patrick: just  so  fascinated  and  so  enthralled  by  spending  time  on 

108
00:05:47,089 --> 00:05:50,690
Lawrence Patrick: social  media,  it  does  get  a  disproportionate  level  of  attack 

109
00:05:50,690 --> 00:05:52,770
Lawrence Patrick: and  has  a  lot  of  value.  One  of  the  things 

110
00:05:52,770 --> 00:05:55,210
Lawrence Patrick: that  people  can  do  with  social  media  is  they  can 

111
00:05:55,210 --> 00:05:59,919
Lawrence Patrick: create  more  sophisticated  targeting  of  other  individuals.
 For  example,  the 

112
00:05:59,920 --> 00:06:02,669
Lawrence Patrick: best  way  to  target  someone  is  to  make  them  think 

113
00:06:02,670 --> 00:06:05,539
Lawrence Patrick: that  they're  receiving  an  authentic  message  from  someone  they  know. 

114
00:06:06,510 --> 00:06:08,300
Lawrence Patrick: Most  people  will  give  you  a  lot  of  details  and 

115
00:06:08,300 --> 00:06:10,370
Lawrence Patrick: give  you  a  lot  of  information  if  you  impersonate  someone 

116
00:06:10,370 --> 00:06:13,110
Lawrence Patrick: that  they  know  and  they  believe  they're  talking  to  someone 

117
00:06:13,110 --> 00:06:15,979
Lawrence Patrick: they  know  or  someone  who's  trusted.  So  through  social  media, 

118
00:06:15,980 --> 00:06:19,170
Lawrence Patrick: you  can  very  easily  send  a  flurry  of  messages  out 

119
00:06:19,610 --> 00:06:22,729
Lawrence Patrick: and  get  very  good  responses.
 There's  a  gift  card  scam 

120
00:06:22,880 --> 00:06:25,870
Lawrence Patrick: that  people  do  where  they  ask  you  to  send  them 

121
00:06:25,870 --> 00:06:28,080
Lawrence Patrick: some  money  on  a  gift  card.  And  this  is  one 

122
00:06:28,080 --> 00:06:29,990
Lawrence Patrick: where  a  social  media  account  is  very  valuable,  because  if 

123
00:06:29,990 --> 00:06:32,730
Lawrence Patrick: you  use  someone's  social  media  account,  say, " Hey,  I'm  stranded 

124
00:06:32,730 --> 00:06:35,060
Lawrence Patrick: in  this  destination.  I  was  traveling  and  I  lost  all 

125
00:06:35,060 --> 00:06:36,760
Lawrence Patrick: my  credit  cards.  Can  you  just  send  me  some  money?" 

126
00:06:37,020 --> 00:06:39,010
Lawrence Patrick: And  you  send  that  same  message  out  to  everybody  on 

127
00:06:39,260 --> 00:06:41,460
Lawrence Patrick: someone's  Facebook  friends  list,  you  can  imagine  the  kind  of 

128
00:06:41,720 --> 00:06:43,850
Lawrence Patrick: damage  that  gets  done in  a  very  short  amount  of  time.

129
00:06:44,660 --> 00:06:46,200
Sean Aylmer: Stay  with  me,  Lawrence,  we'll  be  back  in  a  minute.


130
00:06:52,100 --> 00:06:55,029
Sean Aylmer: My  guest  this  morning  is  Lawrence  Patrick  from  cybersecurity  company, 

131
00:06:55,029 --> 00:06:58,990
Sean Aylmer: Zirilio.  Okay,  so  how's  the  data  are  obtained?  Is  it 

132
00:06:58,990 --> 00:07:00,640
Sean Aylmer: mostly  from  attacks  on  big  companies?

133
00:07:01,320 --> 00:07:04,490
Lawrence Patrick: That's  correct. Oe  of  the  reason  why  hackers  are  so  interested 

134
00:07:04,490 --> 00:07:09,060
Lawrence Patrick: in  targeting  these  soft  targets,  such  as  hospitals  and  schools 

135
00:07:09,060 --> 00:07:14,170
Lawrence Patrick: and  universities,  nonprofit  organizations,  social  serving  organizations,  we're  really  seeing 

136
00:07:14,410 --> 00:07:17,330
Lawrence Patrick: an  increase  in  the  targeting  of  all  of  these  soft 

137
00:07:17,330 --> 00:07:19,980
Lawrence Patrick: targets.  They're  not  going and  after  banks  and  credit  card  companies 

138
00:07:19,980 --> 00:07:23,460
Lawrence Patrick: so  much,  they're  going  after  targets  that  have  more  personal 

139
00:07:23,460 --> 00:07:26,540
Lawrence Patrick: details  because  that's  what  they  want.  They  want  the  personal 

140
00:07:26,540 --> 00:07:31,060
Lawrence Patrick: data.
 What  they  do  is  they  use  malware  tools.  They 

141
00:07:31,060 --> 00:07:35,070
Lawrence Patrick: use  a  special  toolkit  of  software  that  is  mostly  automated, 

142
00:07:35,460 --> 00:07:40,410
Lawrence Patrick: that  allows  them  to  relentlessly  attack  the  network  of  the 

143
00:07:40,410 --> 00:07:44,000
Lawrence Patrick: organization  until  they  can  find  a  weak  spot.  And  then 

144
00:07:44,000 --> 00:07:47,870
Lawrence Patrick: once  they're  in,  they  hang  out  and  figure  out  how 

145
00:07:47,870 --> 00:07:51,190
Lawrence Patrick: to  go  lateral  and  what  other  surfaces  they  can  attack 

146
00:07:51,190 --> 00:07:54,360
Lawrence Patrick: within  the  organization,  to  get  a  sense  of  the  map 

147
00:07:54,360 --> 00:07:56,740
Lawrence Patrick: of  the  terrain.
 And  then  once  they  feel  very  confident, 

148
00:07:57,070 --> 00:07:58,929
Lawrence Patrick: or  I  should  say,  once  the  software  has  a  sense 

149
00:07:58,930 --> 00:08:03,100
Lawrence Patrick: of  that,  the  software  can  then  alert  the  hacker  to 

150
00:08:03,770 --> 00:08:06,530
Lawrence Patrick: press  the  button  and  deliver  a  payload  and  go  after 

151
00:08:06,730 --> 00:08:09,200
Lawrence Patrick: the  target.  And  nine  times  out  of  10,  that  target 

152
00:08:09,200 --> 00:08:12,530
Lawrence Patrick: is  elevating  to  administrative  privileges  and  going  after  a  big 

153
00:08:12,530 --> 00:08:17,780
Lawrence Patrick: database,  usually  a  customer  database.  That's  typically  what  hackers  look 

154
00:08:17,780 --> 00:08:21,470
Lawrence Patrick: for,  because  that  customer  database  has  all  of  these  personal 

155
00:08:21,470 --> 00:08:25,910
Lawrence Patrick: details,  a  lot  of  times  payment  information.
 But  the  credentials, 

156
00:08:26,220 --> 00:08:29,020
Lawrence Patrick: because  a  lot  of  people  reuse  their  username  and  password, 

157
00:08:29,350 --> 00:08:32,410
Lawrence Patrick: so  it's  a  double- win  if  the  hackers  are  successful. 

158
00:08:32,410 --> 00:08:34,900
Lawrence Patrick: Because  in  addition  to  getting  that  database,  which  they  can 

159
00:08:34,900 --> 00:08:38,219
Lawrence Patrick: then  chop  up  and  sell  on  the  dark  web  for 

160
00:08:38,220 --> 00:08:42,070
Lawrence Patrick: money,  they  also  get  a  bunch  of  logins  and  passwords, 

161
00:08:42,160 --> 00:08:46,010
Lawrence Patrick: which  could  be  useful  to  attack  other  websites  and  other 

162
00:08:46,010 --> 00:08:49,349
Lawrence Patrick: companies.  So  if  you  reuse  your  username  and  password  and 

163
00:08:49,350 --> 00:08:52,559
Lawrence Patrick: they  stole  your  username  and  password  from,  say,  a  hospital, 

164
00:08:52,770 --> 00:08:54,960
Lawrence Patrick: they  can  then  go  around  to  other  websites  and  try 

165
00:08:54,960 --> 00:08:57,820
Lawrence Patrick: that  same  combination  to  see  if  you've  reused  it.  And 

166
00:08:57,820 --> 00:09:00,610
Lawrence Patrick: if  you  have  reused  it,  they  may  gain  access  to 

167
00:09:00,610 --> 00:09:02,580
Lawrence Patrick: five  or  six  other  accounts  that  you  have.

168
00:09:03,250 --> 00:09:05,300
Sean Aylmer: Who's  doing  the  buying  of  this  product?

169
00:09:06,380 --> 00:09:11,040
Lawrence Patrick: Yeah.  I  mean,  there's  a  big  industry  around  cyber  crime 

170
00:09:11,040 --> 00:09:15,820
Lawrence Patrick: and  cyber  criminals  buying  these  stolen  credentials  and  then  repackaging 

171
00:09:15,820 --> 00:09:18,660
Lawrence Patrick: them.  Essentially  the  way  that  would  look  is,  if  I 

172
00:09:18,670 --> 00:09:20,550
Lawrence Patrick: was  a  bad  guy,  I  go  on  the  dark  web, 

173
00:09:20,880 --> 00:09:25,949
Lawrence Patrick: I  see  someone's  offering  5, 000  Medicare  accounts  with  usernames 

174
00:09:25,950 --> 00:09:29,979
Lawrence Patrick: and  passwords  and  personal  details.  And  I  buy  that.
 Well, 

175
00:09:29,980 --> 00:09:32,839
Lawrence Patrick: now  I  can  take  that.  And  then  I  can  have 

176
00:09:32,840 --> 00:09:37,429
Lawrence Patrick: a  software  program  that  automatically  runs  against  those  usernames  and 

177
00:09:37,429 --> 00:09:40,300
Lawrence Patrick: passwords  that  people  are  using  for  their  myGov  for  Medicare, 

178
00:09:40,440 --> 00:09:43,770
Lawrence Patrick: and  test  other  websites  to  see  if  any  of  those 

179
00:09:43,770 --> 00:09:49,500
Lawrence Patrick: match.  And  from  that  I  may  get  500  accounts  for 

180
00:09:50,190 --> 00:09:54,340
Lawrence Patrick: a  bank  or  a  thousand  accounts  for  email  accounts  that 

181
00:09:54,340 --> 00:09:56,480
Lawrence Patrick: I  can  now  use,  I  can  now  log  into  people's 

182
00:09:56,520 --> 00:09:59,420
Lawrence Patrick: email.  And  from  being  able  to  log  into  people's  email, 

183
00:09:59,530 --> 00:10:03,579
Lawrence Patrick: I  now  have  access  to  essentially  all  of  their  accounts 

184
00:10:03,580 --> 00:10:05,960
Lawrence Patrick: and  all  of  their  traffic.
 But  the  other  big  buyer 

185
00:10:06,360 --> 00:10:09,960
Lawrence Patrick: is,  we  have  a  nation  state  problem,  which  means  that 

186
00:10:10,700 --> 00:10:12,280
Lawrence Patrick: we  have  a  lot  of  countries  in  the  world  whose 

187
00:10:12,280 --> 00:10:16,440
Lawrence Patrick: military  hackers.  These  are  actually  soldiers  whose  job  is  to 

188
00:10:16,670 --> 00:10:20,020
Lawrence Patrick: essentially  sit  at  a  keyboard  and  either  design  hacking  tools 

189
00:10:20,020 --> 00:10:23,929
Lawrence Patrick: or  use  those  hacking  tools  to  get  valuable  data.  And 

190
00:10:23,929 --> 00:10:28,189
Lawrence Patrick: so  you  have  several  nation  states,  North  Korea,  Iran,  China, 

191
00:10:28,240 --> 00:10:31,300
Lawrence Patrick: Russia  are  some  of  the  big  ones,  and  this  is 

192
00:10:31,309 --> 00:10:34,179
Lawrence Patrick: what  they  do  24  by  seven.  And  so  in  a 

193
00:10:34,179 --> 00:10:36,530
Lawrence Patrick: lot  of  cases,  they're  the  ones  who  are  actually  doing 

194
00:10:36,530 --> 00:10:40,610
Lawrence Patrick: the  hacking  and  they're  also  buying  data.  They're  doing  hacking, 

195
00:10:41,130 --> 00:10:43,460
Lawrence Patrick: and  at  the  same  time  they're  also  buying.  So  they're 

196
00:10:43,870 --> 00:10:46,679
Lawrence Patrick: selling  and  buying  at  the  same  time.  Because  what  they're 

197
00:10:46,679 --> 00:10:50,219
Lawrence Patrick: trying  to  do  is  they're  trying  to  amass  a  more 

198
00:10:50,220 --> 00:10:55,450
Lawrence Patrick: valuable  and  more  accurate  database  on  different  countries.  And  that 

199
00:10:55,450 --> 00:10:58,000
Lawrence Patrick: becomes  very  useful  to  them  in  the  time  of  a 

200
00:10:58,000 --> 00:11:00,970
Lawrence Patrick: conflict  if  they  try  to  engage  in  cyber  warfare.
 And 

201
00:11:00,970 --> 00:11:03,960
Lawrence Patrick: so  this  is  a  pattern  that  we've  seen.  It's  been 

202
00:11:03,960 --> 00:11:06,880
Lawrence Patrick: very  well  documented  by  the  United  Nations.  They  put  out 

203
00:11:06,880 --> 00:11:09,680
Lawrence Patrick: a  report  last  year,  pointing  out  that  North  Korea  had 

204
00:11:09,809 --> 00:11:14,110
Lawrence Patrick: stolen  more  than  400  million  in  cryptocurrency  by  breaking  into 

205
00:11:14,370 --> 00:11:18,559
Lawrence Patrick: people's  individual  crypto  wallets.  And  also  this  building  this  database 

206
00:11:18,559 --> 00:11:23,010
Lawrence Patrick: and  buying  these  stolen  data  records  to  build  a  massive 

207
00:11:23,010 --> 00:11:27,100
Lawrence Patrick: database  of  individuals  around  the  world.  We  know  this  is 

208
00:11:27,100 --> 00:11:29,300
Lawrence Patrick: a  big  problem,  and  this  is  part  of  the  reason 

209
00:11:29,300 --> 00:11:32,210
Lawrence Patrick: why  the  cybersecurity  industry's  really  trying  to  come  together  to 

210
00:11:32,210 --> 00:11:33,140
Lawrence Patrick: do  something  about  it.

211
00:11:33,790 --> 00:11:35,790
Sean Aylmer: It's  almost  modern- day  spies.

212
00:11:35,970 --> 00:11:39,210
Lawrence Patrick: It  is.  It's  really  interesting.  In  the  spy  movies,  I 

213
00:11:39,210 --> 00:11:43,949
Lawrence Patrick: think  they  always  underestimated  the  power  of  technology.  One  of the interesting 

214
00:11:44,260 --> 00:11:47,500
Lawrence Patrick: things  about  technology  is  that  Moore's  law,  which  essentially  says 

215
00:11:47,500 --> 00:11:52,190
Lawrence Patrick: that  compute  power  doubles  every  two  years,  Moore's  law  is 

216
00:11:52,190 --> 00:11:54,839
Lawrence Patrick: powerful  and  it  applies  equally  to  everything,  including  the  bad 

217
00:11:55,010 --> 00:11:57,640
Lawrence Patrick: guys.
 In  the  James  Bond  movies  and  Mission  Impossible  and 

218
00:11:57,640 --> 00:12:02,179
Lawrence Patrick: stuff,  Ethan  Hunt's  got  to  break  into  this  secure  facility 

219
00:12:02,179 --> 00:12:04,830
Lawrence Patrick: in  Langley  and  he  can't  touch  the  floor,  and  it's 

220
00:12:04,970 --> 00:12:08,220
Lawrence Patrick: very  dramatic  and  very  visual.  The  reality  is  that  the 

221
00:12:08,220 --> 00:12:12,589
Lawrence Patrick: real  attacks  come  from  software  and  people  using  server  farms. 

222
00:12:12,880 --> 00:12:16,380
Lawrence Patrick: So  it's  very  interesting  how  different  the  reality  is  from 

223
00:12:16,380 --> 00:12:16,880
Lawrence Patrick: the  movies.

224
00:12:17,360 --> 00:12:19,189
Sean Aylmer: So  Ethan's  not  real,  is that what you're  trying  to  tell  me?

225
00:12:19,720 --> 00:12:22,170
Lawrence Patrick: Ah,  he's  real.  He's  just  a  nerdy  hacker,  probably  wearing 

226
00:12:22,170 --> 00:12:24,760
Lawrence Patrick: a  hoodie,  drinking  Red  Bull.

227
00:12:25,510 --> 00:12:27,979
Sean Aylmer: Fair  enough,  fair  enough.  Look,  one  of  the  services  offered 

228
00:12:27,980 --> 00:12:32,309
Sean Aylmer: by  Zirilio  is  penetration  testing,  and  we've  heard  lots  about 

229
00:12:32,309 --> 00:12:35,760
Sean Aylmer: penetration test.  I  don't  think  a  lot  of  us  quite  understand 

230
00:12:36,190 --> 00:12:38,970
Sean Aylmer: what  it is.  It's  kind  of  ethical  hacking,  it's  like  hacking 

231
00:12:38,970 --> 00:12:40,130
Sean Aylmer: for  good  guys  or  something.

232
00:12:40,940 --> 00:12:42,850
Lawrence Patrick: Yeah,  that's  exactly  right.  And  that's  one  of  the  things 

233
00:12:42,850 --> 00:12:45,790
Lawrence Patrick: that  we  do  to  help  organizations  and  businesses  in  Australia, 

234
00:12:46,309 --> 00:12:49,160
Lawrence Patrick: with  penetration  testing.  It's  something  that  a  lot  more  organizations 

235
00:12:49,160 --> 00:12:51,500
Lawrence Patrick: are  realizing  they  need  to  do.  And  it's  exactly  what 

236
00:12:51,500 --> 00:12:55,130
Lawrence Patrick: you  said.  We are  the  good  guys,  but  we  pretend  to 

237
00:12:55,130 --> 00:12:57,640
Lawrence Patrick: be  the  bad  guys.  And  we  take  a  look  holistically 

238
00:12:57,640 --> 00:13:00,350
Lawrence Patrick: at  your  system  to  see  where  the  weaknesses  are.  And 

239
00:13:00,350 --> 00:13:02,890
Lawrence Patrick: then  we  give  you  a  really  detailed  report  at  all 

240
00:13:02,890 --> 00:13:04,809
Lawrence Patrick: of  the  things  you  need  to  correct  and  fix  and 

241
00:13:04,809 --> 00:13:09,329
Lawrence Patrick: strengthen  to  increase  your  cybersecurity  maturity  level  and  your  security 

242
00:13:09,330 --> 00:13:12,480
Lawrence Patrick: posture.
 It's  really  important,  because  how  will  you  know  where 

243
00:13:12,480 --> 00:13:15,470
Lawrence Patrick: your  weaknesses  are  unless  you  test  it.  You  can't  just  go, "

244
00:13:15,470 --> 00:13:17,559
Lawrence Patrick: Oh,  I  installed  some  software  to  protect  me.  Now  I'm 

245
00:13:17,559 --> 00:13:19,540
Lawrence Patrick: great,  I  don't  have  to  worry."  It  doesn't  quite  work 

246
00:13:19,540 --> 00:13:22,610
Lawrence Patrick: that  way.  You  really  do  need  to  actively  check  it. 

247
00:13:22,950 --> 00:13:26,559
Lawrence Patrick: And  so  we  have  an  amazing  team  of  cybersecurity  engineers. 

248
00:13:26,790 --> 00:13:28,910
Lawrence Patrick: That's  one  of  the  things  that  makes  our  company  stand 

249
00:13:28,910 --> 00:13:31,689
Lawrence Patrick: out,  I  think,  is  we  just  have  an  amazing  level 

250
00:13:31,690 --> 00:13:35,490
Lawrence Patrick: of  expertise  and  technical  prowess.  And  so  we're  always  able 

251
00:13:35,490 --> 00:13:38,340
Lawrence Patrick: to  help  our  customers,  and  it's  very  collaborative,  working  with 

252
00:13:38,340 --> 00:13:40,950
Lawrence Patrick: them  to  help  find  these  problems  and  then  come  up 

253
00:13:40,950 --> 00:13:42,630
Lawrence Patrick: with  a  plan  for  how  we  can  correct  it.

254
00:13:43,380 --> 00:13:44,840
Sean Aylmer: Lawrence,  thank  you  for  talking  to  Fear  and  Greed.

255
00:13:45,740 --> 00:13:47,309
Lawrence Patrick: Thank  you  so  much  for  having  me  on.  I  really 

256
00:13:47,309 --> 00:13:47,760
Lawrence Patrick: enjoyed  it.

257
00:13:48,500 --> 00:13:51,260
Sean Aylmer: That  was  Lawrence  Patrick  from  cybersecurity  company,  Zirilio.  This  is 

258
00:13:52,630 --> 00:13:54,900
Sean Aylmer: the  Fear  and  Greed  daily  interview.  Join  us  every  morning 

259
00:13:54,900 --> 00:13:57,570
Sean Aylmer: for  the  full  episode  of  Fear  and  Greed,  Australia's  most 

260
00:13:57,570 --> 00:14:01,070
Sean Aylmer: popular  business  podcast.  I'm  Sean  Aylmer,  enjoy  your  day.