WEBVTT - RERUN: Are we in cyber war? 0:00:04.400 --> 0:00:07.800 Welcome to Tech Stuff, a production from I Heart Radio. 0:00:12.000 --> 0:00:14.360 Hey there, and welcome to tech Stuff. I'm your host, 0:00:14.440 --> 0:00:17.240 Jonathan Strickland. I'm an executive producer with I Heart Radio 0:00:17.280 --> 0:00:20.239 and a love of all things tech, and I am 0:00:20.280 --> 0:00:25.880 currently hard at work on an episode that's about cybersecurity, 0:00:25.960 --> 0:00:32.440 cyber warfare, AI, the AI arms race China. It's a 0:00:32.440 --> 0:00:34.960 lot of stuff, a lot of different parts. This is 0:00:35.320 --> 0:00:40.400 largely brought on because recently the Pentagon's chief software officer 0:00:40.720 --> 0:00:46.199 resigned and in the process left a very angry and 0:00:46.720 --> 0:00:51.360 detailed list of grievances that led to his decision to resign. 0:00:51.880 --> 0:00:55.600 So I'm working on an episode that really dives into 0:00:55.600 --> 0:00:58.720 all of that and explains what the landscape is, what 0:00:58.920 --> 0:01:05.720 the concerns are, kind of tries to examine how realistic 0:01:05.920 --> 0:01:10.440 certain threats are or whether there might be other mitigating factors. 0:01:10.959 --> 0:01:13.720 As it turns out, these things get very, very complicated, 0:01:13.760 --> 0:01:16.240 not just because of the technology, but because the way 0:01:16.240 --> 0:01:19.560 the rest of the world works. Like, we can't divorce 0:01:19.640 --> 0:01:23.760 technology from the way things happen in the world, right, 0:01:23.959 --> 0:01:27.600 I Mean, they obey the same sort of restrictions that 0:01:27.640 --> 0:01:31.080 the rest of us do. So anyway, long story short, 0:01:31.160 --> 0:01:34.640 too late. I'm still working on that piece. I want 0:01:34.680 --> 0:01:38.440 to make sure that it's as good as I can 0:01:38.480 --> 0:01:41.200 possibly make it before I publish it. So in the 0:01:41.360 --> 0:01:45.360 spirit of that piece, I thought we could listen to 0:01:45.560 --> 0:01:49.559 a classic episode of Tech Stuff. This one published way 0:01:49.560 --> 0:01:53.320 back on June two thousand nine, and it is titled 0:01:53.360 --> 0:01:57.560 are We in Cyber War? So this episode is more 0:01:57.600 --> 0:02:00.640 than a decade old. It's with me and original co 0:02:00.720 --> 0:02:04.680 host Chris Pullette, and we just have this discussion. And 0:02:04.880 --> 0:02:08.160 it's interesting to go back and listen to this because 0:02:08.200 --> 0:02:13.080 obviously things have progressed a lot since two thousand nine. 0:02:13.480 --> 0:02:17.840 The cyber threats have grown significantly since two thousand nine. 0:02:17.840 --> 0:02:20.880 They were already significant then, but they're even more so now. 0:02:21.400 --> 0:02:25.119 So I think it's a great starting point to kind 0:02:25.160 --> 0:02:29.280 of say, here's where we were more than a decade ago, 0:02:30.000 --> 0:02:33.280 and then that will lead into what will be Friday's episode, 0:02:33.800 --> 0:02:38.480 which will be the deeper dive on the current landscape, 0:02:38.480 --> 0:02:43.880 why people in positions of authority in different tech departments 0:02:44.400 --> 0:02:48.120 within the United States are concerned, and what's going on 0:02:48.200 --> 0:02:52.000 with China and whether or not that's going to have 0:02:52.639 --> 0:02:56.720 a long lasting impact. So let's go and listen to 0:02:56.800 --> 0:03:00.320 this classic episode and I'll be back at the end 0:03:00.720 --> 0:03:02.920 to kind of chat a little bit more before we 0:03:02.960 --> 0:03:08.400 wrap up Enjoy. Unfortunately, we have some serious things to 0:03:08.440 --> 0:03:10.639 talk about. Actually, we have some pretty scary stuff to 0:03:10.680 --> 0:03:13.120 talk about. This. This I think is even scarier than 0:03:13.120 --> 0:03:19.800 our zombie computers and Halloween shows combined. Really, yeah, I think. So. Okay, 0:03:19.880 --> 0:03:26.120 so we're gonna talk today about cyber war. It's not 0:03:26.240 --> 0:03:32.120 pirate war, cyber war. Cyber war, so we're all we're 0:03:32.120 --> 0:03:35.640 not talking about tron here um, nor are we talking 0:03:35.640 --> 0:03:39.080 about war games, both of which are awesome movies, so 0:03:39.280 --> 0:03:42.120 put them to the top of your Netflix queue. Um. No, 0:03:42.280 --> 0:03:47.680 we're talking about using computers to either spy upon, or 0:03:47.840 --> 0:03:54.520 sabotage or otherwise inflict some sort of harm upon a nation. Um. 0:03:54.680 --> 0:03:58.560 And this can be done by one of a dozen 0:03:58.600 --> 0:04:00.920 different entities. That's the That's one of the scary things 0:04:00.960 --> 0:04:04.840 about cyber war, is that? All Right? So in classic warfare, 0:04:05.280 --> 0:04:08.200 you know, usually you you would talk about two different nations, 0:04:08.280 --> 0:04:12.480 or perhaps two different factions within a nation, fighting one another. 0:04:13.240 --> 0:04:18.880 Pretty easy to identify who the parties involved are, right, normally, yeah, 0:04:19.000 --> 0:04:21.560 because guys shooting at you, right, and normally they have 0:04:21.880 --> 0:04:24.480 you know, uniforms of some kind on you know, not 0:04:24.520 --> 0:04:26.760 to shoot your own guy. Yeah, yeah, there's some there's 0:04:26.800 --> 0:04:29.400 some general little rules that make it easier to know 0:04:29.440 --> 0:04:32.320 which guys are the ones you're supposed to be shooting. Um. 0:04:32.480 --> 0:04:35.680 Cyber war is not quite that clean cut. The problem 0:04:35.680 --> 0:04:38.960 with cyber war is that the attacks can come from anywhere. 0:04:39.040 --> 0:04:42.240 They can come from another country. They can come from 0:04:42.279 --> 0:04:45.640 patriots within another country that are acting on their own. 0:04:46.040 --> 0:04:50.600 That could come from essentially a mercenary, a hacker that's 0:04:51.080 --> 0:04:53.719 hired to do this sort of thing. Um, that could 0:04:53.720 --> 0:04:56.440 come from someone who's just trying to cause mischief and 0:04:56.480 --> 0:05:00.160 they don't have any other motives. Uh. So it an 0:05:00.160 --> 0:05:02.400 attack that can come from another country, or that it 0:05:02.480 --> 0:05:05.680 can come from within the country that is being attacked. 0:05:06.120 --> 0:05:09.080 I mean, you know you're talking about uh sort of 0:05:09.080 --> 0:05:12.520 a cyber terrorism in a way. Yeah. And as a 0:05:12.560 --> 0:05:15.640 matter of fact, him, it could be somebody sitting in 0:05:15.680 --> 0:05:18.160 his jammie, is in his living room in the computer. 0:05:18.279 --> 0:05:20.920 You know, it doesn't need to be somebody out you know, 0:05:21.000 --> 0:05:24.720 skulking around the streets or you know, somewhere in a foxhole. Heck, 0:05:24.800 --> 0:05:28.000 it could be someone parked in your driveway, hacking into 0:05:28.080 --> 0:05:31.400 your WiFi. Good point, and it's that's why we're talking 0:05:31.400 --> 0:05:34.400 about how scary this is. It's um and and on 0:05:34.440 --> 0:05:37.960 another level, it's also scary because it takes so little, 0:05:38.320 --> 0:05:43.280 relatively speaking to UH to perform an effective cyber attack. Now, 0:05:43.279 --> 0:05:46.600 when you're talking about a traditional attack on from one 0:05:46.680 --> 0:05:50.080 nation on to another, you're talking about billions of dollars 0:05:50.080 --> 0:05:56.120 worth of equipment, of of personnel. UH. You know, the 0:05:56.240 --> 0:05:59.560 things that have to go behind a war machine. I mean, 0:05:59.600 --> 0:06:02.920 we're that's a huge investment. When you're talking about cyber attacks, 0:06:02.920 --> 0:06:07.480 you're talking about a computer and a computer connection, and 0:06:07.560 --> 0:06:09.320 you know, you might have a couple of other little 0:06:09.360 --> 0:06:11.159 bells and whistles to help you along, but you really 0:06:11.200 --> 0:06:13.360 you don't necessarily need it if you know what you're 0:06:13.360 --> 0:06:17.160 doing and you have the right software. So it's one 0:06:17.200 --> 0:06:21.680 of those things wherefore a very low small entrance fee. 0:06:21.800 --> 0:06:23.839 I guess you could say you could have a huge, 0:06:24.000 --> 0:06:27.760 huge impact. As a matter of fact, your computer could 0:06:27.760 --> 0:06:31.080 be used to carry out a cyber attack. Yes, if 0:06:31.120 --> 0:06:34.360 you've if you've installed some kind of malware like a 0:06:34.440 --> 0:06:37.400 virus or a worm that UH can turn your machine 0:06:37.400 --> 0:06:41.279 into a zombie someone else can direct your computer to 0:06:41.680 --> 0:06:45.280 UH to send email and a denial of service attack 0:06:45.640 --> 0:06:49.880 which basically floods UM floods computers with spam and other 0:06:50.360 --> 0:06:54.080 and other requests if you will, for information. The thing 0:06:54.240 --> 0:06:57.760 is that doesn't require any cost on the part of 0:06:58.480 --> 0:06:59.960 on the part of the attack or at all, because 0:07:00.160 --> 0:07:03.599 all the machines are essentially donated, you know, from somebody else, 0:07:03.800 --> 0:07:07.359 right and the and to make matters worse, UH, when 0:07:07.839 --> 0:07:11.160 when anyone in authority tries to trace the source of 0:07:11.200 --> 0:07:14.000 the attack, they might come to your computer and never 0:07:14.160 --> 0:07:17.400 find the person who actually infected your computer in the 0:07:17.440 --> 0:07:21.000 first place. So then you become the person of interest, 0:07:21.280 --> 0:07:24.480 the person who's under suspicion for committing an attack, and 0:07:25.000 --> 0:07:28.400 the whole time you were completely unaware. Um. Actually, that's 0:07:28.400 --> 0:07:32.559 another big, big issue with the cyber warfare problem. Even 0:07:32.640 --> 0:07:35.680 when you can detect an attack and trace it back, 0:07:35.760 --> 0:07:39.520 you can never be a sure that the last place 0:07:39.600 --> 0:07:42.280 you you trace it back to is in fact the 0:07:42.320 --> 0:07:46.520 original spot of the attack, because there are these you know, 0:07:47.000 --> 0:07:49.200 there's there are things like proxy sites, there are the 0:07:49.320 --> 0:07:53.600 zombie computers where there's always the possibility that there's one 0:07:53.600 --> 0:07:56.120 more link you haven't found yet that will take you 0:07:56.160 --> 0:07:59.880 back even further. So that's uh, you know, if you 0:08:00.040 --> 0:08:02.320 if you uh, if you were to detect, say an attack, 0:08:02.320 --> 0:08:04.040 and you say, well, we've traced it back to China, 0:08:04.400 --> 0:08:07.880 you can never be sure that that the Chinese government 0:08:08.040 --> 0:08:10.760 was behind it. It could have been patriots in China 0:08:10.840 --> 0:08:13.120 who had the same sort of goals as the government 0:08:13.120 --> 0:08:15.160 of China, but we're acting on their own. Or it 0:08:15.160 --> 0:08:17.520 could have even been a people in a totally different 0:08:17.520 --> 0:08:20.960 country that just managed to use proxy sites in China 0:08:21.360 --> 0:08:24.640 to fool you into thinking that's where the attack came from. 0:08:24.680 --> 0:08:29.040 So it's really insidious. Um And you might wonder, well, 0:08:29.080 --> 0:08:32.560 how how vulnerable are we to these sort of attacks? 0:08:32.600 --> 0:08:35.120 And I guess it really depends on which system you're 0:08:35.120 --> 0:08:38.520 talking about, because you know, the Internet is a network 0:08:38.559 --> 0:08:43.160 of networks, right right, so any given network or any 0:08:43.160 --> 0:08:47.160 given computer could be the weak spot, you know, and 0:08:47.160 --> 0:08:50.440 and there are just tons of computers as part of 0:08:50.480 --> 0:08:53.240 the Internet. You know, every time you were computer is 0:08:53.800 --> 0:08:56.320 hooked up for Internet access, you become part of this 0:08:56.360 --> 0:09:01.079 giant cloud. Um. So, and then the really sophisticated crackers, 0:09:01.280 --> 0:09:03.920 those are the really nasty hackers. Those are the ones 0:09:03.960 --> 0:09:07.720 who can find ways to manipulate a network in ways 0:09:07.800 --> 0:09:11.240 that you know, most people don't think of, right and 0:09:11.240 --> 0:09:14.400 and to give you an idea of how vulnerable certain 0:09:14.480 --> 0:09:20.080 systems can be. Back in seven, there was a secret 0:09:20.160 --> 0:09:23.080 experiment the Department of Defense commissioned and it was called 0:09:23.120 --> 0:09:26.680 Eligible Receiver. I remember that. Yeah, this isn't This was 0:09:27.679 --> 0:09:30.000 kind of an eye opener um. Now a lot of 0:09:30.000 --> 0:09:33.280 Eligible Receiver, A lot of that mission remains classified, so 0:09:33.320 --> 0:09:35.440 we don't know all the details. But what we do 0:09:35.559 --> 0:09:40.480 know is that part of the the experiment involved getting 0:09:40.520 --> 0:09:44.440 a group of hackers together, giving them some very basic 0:09:44.920 --> 0:09:49.240 computing hardware and software, and telling them to try and 0:09:49.720 --> 0:09:53.440 break their way into the Pentagon's computer system. And it 0:09:53.480 --> 0:09:59.319 took them three days using basic computers and basic software. Uh, 0:09:59.520 --> 0:10:03.880 three day is just for regular hackers. These aren't necessarily 0:10:03.920 --> 0:10:06.199 the people who are who have a you know, an 0:10:06.240 --> 0:10:09.000 actual motive to break into the Pentagon and the fact 0:10:09.000 --> 0:10:11.360 that they're part of an experiment, right, It's not like 0:10:11.360 --> 0:10:13.440 they have a government breathing down their next saying we 0:10:13.480 --> 0:10:19.160 need access to this information. Uh So that's that's pretty 0:10:19.160 --> 0:10:22.559 sobering to think that within three days one of the 0:10:22.679 --> 0:10:27.080 nation's most important computing systems was compromised, even though it 0:10:27.160 --> 0:10:30.640 was an inside job and an experiment, right, well, they 0:10:31.559 --> 0:10:34.600 there have been attempts to shore that up since then, 0:10:34.640 --> 0:10:39.920 and in fact they conduct regular exercises in order to 0:10:39.920 --> 0:10:42.160 do that. In fact, there was one not that long ago. 0:10:43.040 --> 0:10:47.520 Every year they there are students from Army, Navy, Air Force, 0:10:47.600 --> 0:10:49.640 and the Coast Guarden Merchant Marine, as well as the 0:10:49.720 --> 0:10:53.760 Naval Postgraduate Academy and the Air Force Institute of Technology. 0:10:53.960 --> 0:10:58.800 And basically it's it's uh, undergrads were given the opportunity 0:10:58.960 --> 0:11:02.480 to defend themselves from an attack by the n s 0:11:02.559 --> 0:11:08.239 a UM and UH every year they undergo this experiment, 0:11:08.440 --> 0:11:11.360 and uh, the West Point held out the longest and 0:11:11.400 --> 0:11:14.520 they the Army got to defend their title. But they 0:11:15.040 --> 0:11:20.120 were using Lenox computers. But this is apparently a normal thing. Um. 0:11:20.440 --> 0:11:23.680 The Defense Department is only graduating eighties students a year 0:11:24.000 --> 0:11:26.680 from schools of cyber war in the United States, according 0:11:26.720 --> 0:11:30.480 to the New York Times article that I read about it. UM. 0:11:30.520 --> 0:11:33.640 And if you're wondering, this is the fifty seven Information 0:11:33.640 --> 0:11:38.080 Aggressor Squadron. They're based in Nellis Air Force Base, and 0:11:38.120 --> 0:11:40.679 they are they they are. They are. They make a 0:11:40.720 --> 0:11:45.080 point of doing this test every year, and um, you 0:11:45.120 --> 0:11:47.959 know they it's one of those things where they are 0:11:48.040 --> 0:11:53.600 making a conscious effort to attack and defend UH computer networks. 0:11:53.600 --> 0:11:57.359 And apparently the uh you know, the nerds are nerds everywhere, 0:11:57.520 --> 0:12:01.280 even at West Point Um according to the way, according 0:12:01.320 --> 0:12:03.240 to the way the article was written. They get a 0:12:03.240 --> 0:12:05.680 little ribbing for being the geeks of the group. But 0:12:06.120 --> 0:12:10.400 even the you know, the the future officers that graduate 0:12:10.440 --> 0:12:14.520 from their know the importance of the computer network because 0:12:14.520 --> 0:12:16.360 that's one of the very first things they do. They're 0:12:16.360 --> 0:12:18.760 about to deploy these guys to Afghanistan as a matter 0:12:18.800 --> 0:12:20.040 of fact, and the first thing they're gonna do is 0:12:20.040 --> 0:12:22.680 set up a secure internet connection, and they have to 0:12:22.679 --> 0:12:27.000 be ready to defend themselves against denial of the denial 0:12:27.320 --> 0:12:31.000 of service attacks and uh another attacks. So I mean, 0:12:31.040 --> 0:12:33.640 they're they're coming right out of the service academies with 0:12:34.200 --> 0:12:39.840 knowledge of how to attack and to protect UM computer networks, 0:12:39.840 --> 0:12:42.920 military computer networks. There's a bit more to go with 0:12:42.960 --> 0:12:48.560 our conversation about the state of cyber war in this 0:12:48.840 --> 0:12:51.640 classic episode, but before we get to that, let's take 0:12:51.679 --> 0:13:01.520 a quick break. You usually we call those sort of 0:13:01.840 --> 0:13:07.080 exercises red team attacks UM where a group is is 0:13:07.360 --> 0:13:12.040 designated to play the part of an UM adversary and 0:13:12.080 --> 0:13:15.120 that's the Red team. And the Red team's job is 0:13:15.200 --> 0:13:19.840 to is to achieve their goals by whatever means necessary. 0:13:20.160 --> 0:13:21.719 So in other words, you know, you're not supposed to 0:13:21.800 --> 0:13:24.880 necessarily follow a certain protocol or rules. You're supposed to 0:13:24.920 --> 0:13:27.600 be inventive and creative and try and find new ways 0:13:28.200 --> 0:13:33.000 to to really compromise or defeat the other team and UM, 0:13:33.040 --> 0:13:35.040 because that's exactly what the enemy is going to do. 0:13:35.280 --> 0:13:36.840 You know, the enemy is not going to play by 0:13:36.920 --> 0:13:40.400 rules necessarily, especially if you're talking about enemies that you 0:13:40.440 --> 0:13:43.679 can't predict. I mean, they may not even be directly 0:13:43.960 --> 0:13:48.440 involved with any other government or or official agency. So 0:13:49.360 --> 0:13:53.600 UM and and you know, we government websites and our 0:13:53.800 --> 0:13:57.040 government web servers and and systems aren't the only targets. 0:13:57.640 --> 0:13:59.880 One of the big targets in the United States, and 0:14:00.040 --> 0:14:01.800 it's been in the news quite a bit over the 0:14:02.120 --> 0:14:06.120 spring of two thousand nine is the electric grid and UH. 0:14:06.360 --> 0:14:08.160 Part of the problem with that is that systems like 0:14:08.360 --> 0:14:11.200 the electric grid and and some water and fuel systems 0:14:11.600 --> 0:14:16.839 are using UM, using the software that that directly ties 0:14:16.880 --> 0:14:19.800 into hardware, and if you just change a few settings, 0:14:20.320 --> 0:14:24.880 you can cause catastrophic damage to the the equipment. UM. 0:14:24.920 --> 0:14:27.440 There was a video that was on CNN for a 0:14:27.440 --> 0:14:33.360 while where some uh, some electric utility experts showed that 0:14:33.400 --> 0:14:36.520 with just a couple of tweaks, you could completely destroy 0:14:36.640 --> 0:14:40.960 a generator by changing some settings through the computer system, 0:14:41.040 --> 0:14:44.040 and they essentially turned a generator into a pile of 0:14:44.080 --> 0:14:47.800 scrap metal. UM. Yeah, it was very sobering to me 0:14:48.240 --> 0:14:52.120 to see that, because not that long ago the news 0:14:52.240 --> 0:14:55.240 broke out that the United States electric grid, certain parts 0:14:55.240 --> 0:14:59.400 of it anyway, uh, has been under attack by some 0:14:59.560 --> 0:15:02.960 cyber spies over the last several years. And I don't 0:15:02.960 --> 0:15:05.080 really know who it is, right right right. They've traced 0:15:05.120 --> 0:15:08.440 them back mostly to China and Russia. But again um, 0:15:08.520 --> 0:15:10.800 both China and Russia deny that they had anything to 0:15:10.800 --> 0:15:12.880 do with it. But I mean, of course, wouldn't you. 0:15:13.440 --> 0:15:16.440 The thing is it, you know, those countries are are 0:15:16.600 --> 0:15:21.680 gradually becoming more and more uh, computer centric, and it 0:15:21.760 --> 0:15:24.080 you know, it could be anybody. It could be you know, 0:15:24.440 --> 0:15:28.040 it could it could be that they are directly involved, UM, 0:15:28.160 --> 0:15:31.520 or it could be that it's groups of of individuals 0:15:31.560 --> 0:15:33.760 within those countries, or like we said, it could even 0:15:33.800 --> 0:15:36.600 be that the attacks are ultimately originating somewhere else, but 0:15:36.640 --> 0:15:38.640 we're only able to trace them back as far as 0:15:38.680 --> 0:15:41.760 Russia and China. So that's that's the other issue with 0:15:42.160 --> 0:15:45.240 the Internet is that it is a global entity, and 0:15:45.360 --> 0:15:49.600 so law enforcement officials only have so much authority to 0:15:50.120 --> 0:15:54.040 pursue cyber attacks. You know, they can cross over borders 0:15:54.520 --> 0:15:57.920 easily on the Internet, but law enforcement can't. They don't 0:15:57.960 --> 0:16:01.600 necessarily have the authority to pursue an investigation beyond the 0:16:01.600 --> 0:16:04.720 borders of you know, whatever their jurisdiction is. So that 0:16:04.800 --> 0:16:08.080 also makes life much more complicated when you're talking about 0:16:08.440 --> 0:16:13.400 fending off cyber warfare attacks. Yeah, you know, uh, it 0:16:13.440 --> 0:16:17.840 wasn't even that long ago that some countries were complaining 0:16:18.200 --> 0:16:23.800 of real cyber attacks launched on their inner infrastructure, like 0:16:23.920 --> 0:16:27.480 Estonia not too long ago, and uh they were blaming 0:16:27.520 --> 0:16:29.600 the Russians for that attack. But that was back in 0:16:29.600 --> 0:16:34.120 in two thousand seven, all those years ago. Yeah, all 0:16:34.120 --> 0:16:37.440 those both years ago. Yeah. Well, you know they say 0:16:37.440 --> 0:16:40.240 that Internet time is sort of like dog years. It's 0:16:40.280 --> 0:16:43.720 about that would make it about fourteen years ago in Internet, 0:16:43.960 --> 0:16:46.320 So I guess so, um. Yeah. And then of course 0:16:46.360 --> 0:16:49.960 there's the example of the Dalai Lama's office that the 0:16:49.960 --> 0:16:55.160 Tibetan office that was uh. They knew they were being watched, right, 0:16:55.560 --> 0:17:00.160 they were absolutely certain that their systems had been compromised UM, 0:17:00.240 --> 0:17:04.679 and they hired a Canadian firm to investigate. In the 0:17:04.680 --> 0:17:09.440 Canadian firm found that indeed, there there were programs installed 0:17:09.560 --> 0:17:13.800 upon the Dali lamas Uh computer systems, and that it 0:17:13.880 --> 0:17:18.000 appeared to be coming from an offshore island off the 0:17:18.040 --> 0:17:24.680 coast of a China. And the software even included UM 0:17:24.720 --> 0:17:27.480 controls that would allow people on the other end to 0:17:27.600 --> 0:17:31.280 activate audio and video software UM and hardware so that 0:17:31.320 --> 0:17:33.440 they could turn on if the computer had a webcam 0:17:33.560 --> 0:17:35.600 or a microphone, they could turn it on and turn 0:17:35.640 --> 0:17:38.920 it into a remote listening station, so they could actually 0:17:38.960 --> 0:17:44.560 spy on the goings on of these offices remotely. UM. So, 0:17:44.680 --> 0:17:47.280 I mean, this is a very real problem worldwide. It's 0:17:47.359 --> 0:17:50.200 not just something that we have to worry about in 0:17:50.240 --> 0:17:53.639 the United States or or you know, any other specific nation. 0:17:53.720 --> 0:17:56.960 It's it's pretty much if if you have computers, there's 0:17:57.000 --> 0:18:00.440 a good chance there's another party somewhere that's really interested 0:18:00.480 --> 0:18:02.160 in finding out what you know and what you don't 0:18:02.160 --> 0:18:06.240 know and what you're up to. Yep, and um, there's 0:18:06.320 --> 0:18:09.239 there's even another component to it that I know we 0:18:09.240 --> 0:18:12.600 were gonna stick, uh mainly to talking about how you 0:18:12.600 --> 0:18:17.520 could use computers to launch computer attacks, but um, another 0:18:17.720 --> 0:18:20.880 facet of this that I think is interesting was sort 0:18:20.920 --> 0:18:22.960 of relates to a blog post I wrote in early 0:18:23.000 --> 0:18:27.159 April um on the tech stuff blog that talked about 0:18:27.200 --> 0:18:33.400 the Moldovan pro democracy protesters and they weren't launching computer attacks, 0:18:33.720 --> 0:18:37.440 but what they were doing was using uh social networking 0:18:37.480 --> 0:18:41.520 sites like Twitter and Facebook to coordinate their efforts sort 0:18:41.520 --> 0:18:44.720 of like flash mobs. They could go ahead and use 0:18:44.840 --> 0:18:51.040 computer networks like those and uh text messaging to discuss 0:18:51.080 --> 0:18:53.280 where and when they were going to organize and meet 0:18:53.359 --> 0:18:58.000 and hold a demonstration. So that's um, I mean, that's 0:18:59.280 --> 0:19:01.840 you know, relying on the network staying up and rather 0:19:01.920 --> 0:19:04.399 than taking them down. But UM, I just it's just 0:19:04.440 --> 0:19:06.560 kind of funny because you know, you don't think of 0:19:06.680 --> 0:19:08.719 you think of Facebook and Twitter or something we use 0:19:08.800 --> 0:19:11.120 for fun or to to keep up with people, and 0:19:11.960 --> 0:19:14.400 just another way that you can use them to actually, 0:19:14.840 --> 0:19:16.840 I mean, those could those could just as well have 0:19:17.000 --> 0:19:21.200 been used to hold a violent, you know, attack on someone. Say, 0:19:21.280 --> 0:19:23.679 you know, meet at this corner at one forty in 0:19:23.680 --> 0:19:28.479 the afternoon, Uh, you know, and have everybody show up 0:19:28.520 --> 0:19:31.479 and start fighting. Well, if the law enforcement is unaware 0:19:31.480 --> 0:19:33.760 of it or the military forces are unaware of it, 0:19:34.320 --> 0:19:36.320 you know, that could be a devastating attack, and it 0:19:36.320 --> 0:19:39.199 could be used by virtually anybody. Chris and I have 0:19:39.240 --> 0:19:42.480 a bit more to say about cyber war in general, 0:19:43.080 --> 0:19:52.639 and we'll get to that after this quick break. The 0:19:52.720 --> 0:19:56.560 dangers of these attacks go beyond just damaging a network 0:19:56.680 --> 0:19:59.680 or shutting down a system. UM. One of the big 0:20:00.400 --> 0:20:04.080 fears that a lot of security folks have is that 0:20:04.160 --> 0:20:07.320 what if you were to coordinate a physical attack with 0:20:07.359 --> 0:20:09.880 a cyber attack. So what if you were to target 0:20:09.920 --> 0:20:13.520 a major city and first you bring down the city's 0:20:14.080 --> 0:20:16.920 power grid through a cyber attack, and then you couple 0:20:17.000 --> 0:20:21.120 that with an actual physical attack like bombs or or whatever, 0:20:21.760 --> 0:20:25.719 and that UM together, that would cause a real panic 0:20:25.920 --> 0:20:29.080 because suddenly you have an entire population that that doesn't 0:20:29.240 --> 0:20:33.520 have access to UM information the way they normally would, 0:20:34.080 --> 0:20:37.320 and yet there is obviously chaos going on. And uh 0:20:37.480 --> 0:20:41.360 that that really is the true definition of terrorism. There 0:20:41.520 --> 0:20:45.560 you're you're inspiring terror in the victim. UM. Now would 0:20:45.600 --> 0:20:48.679 this be nationwide? Probably not. For one thing, the electric 0:20:48.720 --> 0:20:51.080 grid is really much a pretty much a regional kind 0:20:51.080 --> 0:20:55.200 of thing. UM. But it's something that every region could 0:20:55.359 --> 0:21:02.600 theoretically be vulnerable to without the right security measures in place. UM. I. Now, 0:21:02.720 --> 0:21:04.919 that sort of attack obviously would have to come from 0:21:04.960 --> 0:21:08.000 a much more organized group. UM. It would have to 0:21:08.040 --> 0:21:11.639 come from a country or organization that had a strong 0:21:11.760 --> 0:21:15.320 financial backing to be able to fund the physical side 0:21:15.359 --> 0:21:19.080 of the attack. UM. So that that narrows down the 0:21:19.119 --> 0:21:22.360 list of possible suspects who could do that. But it's 0:21:22.400 --> 0:21:24.720 still within the realm of possibility. And it's one of 0:21:24.720 --> 0:21:27.520 those things that you know, keep security people up at night. 0:21:27.760 --> 0:21:33.320 Sure sure UM. And you know, I'm really not certain 0:21:34.000 --> 0:21:35.920 what we're going to be able to do short of 0:21:35.960 --> 0:21:39.560 pulling all the plugs um to make it h an 0:21:39.560 --> 0:21:42.960 impost complete and utter impossibility that they could carry out 0:21:42.960 --> 0:21:45.639 those kinds of attacks, because UM, it's just going to 0:21:45.880 --> 0:21:50.399 require constant monitoring and searching for vulnerabilities. That's why the 0:21:50.520 --> 0:21:55.800 efforts of those who are participating in those um those 0:21:55.840 --> 0:22:00.880 computer security uh war games, if you will, UM, there 0:22:00.920 --> 0:22:03.399 they're so important because they're searching, they're actively searching for 0:22:03.400 --> 0:22:05.600 those vulnerabilities in the system and try, you know, to 0:22:05.640 --> 0:22:07.479 try to find ways to patch them up before they 0:22:07.480 --> 0:22:11.000 can be hacked into. But um, you know, I think 0:22:11.119 --> 0:22:14.800 that any time that you update those systems, you're going 0:22:14.840 --> 0:22:18.320 to open up new vulnerabilities and new problems. And you know, 0:22:18.440 --> 0:22:21.000 it's just one of those things where the people who 0:22:21.080 --> 0:22:23.160 whose job it is to pay attention to it are 0:22:23.200 --> 0:22:26.399 just going to have to stay constantly vigilant to prevent 0:22:26.440 --> 0:22:28.880 something like that from happening. And it is even more 0:22:28.920 --> 0:22:31.600 complicated when you think that. You know, not every system 0:22:31.680 --> 0:22:35.320 runs on the same software or operating system or whatever, 0:22:35.840 --> 0:22:38.919 so some of them are proprietary and uh and and 0:22:38.960 --> 0:22:41.160 so you might find something that works as a great 0:22:41.160 --> 0:22:44.000 security measure for one system, but it's not at all 0:22:44.040 --> 0:22:47.000 applicable to any other. So it is a huge challenge. 0:22:47.040 --> 0:22:49.639 I mean, well, what's the response to that. Do you 0:22:49.800 --> 0:22:52.800 go ahead and try and standardize everything so that hopefully 0:22:52.840 --> 0:22:55.239 the same measures will work across the board. Because if 0:22:55.240 --> 0:22:57.919 you do that and someone does find a vulnerability, suddenly 0:22:57.920 --> 0:23:01.400 they've got a vulnerability that works across all systems. So 0:23:02.080 --> 0:23:03.920 I mean it's a yeah, it's a double edged sword, 0:23:04.000 --> 0:23:06.639 and it's it's there are no easy answers. We've got 0:23:06.720 --> 0:23:09.800 people who are way smarter than I am working on 0:23:09.840 --> 0:23:13.680 this UM and I wish them the best because this 0:23:13.760 --> 0:23:16.480 is this is scary stuff. Now. Are we all in 0:23:16.640 --> 0:23:21.080 danger of something like this happening anytime soon? I don't know. 0:23:21.320 --> 0:23:23.080 I don't know. I don't think so. I mean, I'm 0:23:23.119 --> 0:23:26.280 not I'm not staying up at night worrying the next 0:23:26.359 --> 0:23:28.399 day about that's going to be the day when the 0:23:28.400 --> 0:23:31.840 cyber war attack is going to happen. But it's I mean, 0:23:31.880 --> 0:23:35.280 it is possible. It's just not necessarily something that you 0:23:35.320 --> 0:23:38.920 know that I'm gonna have to worry about on a 0:23:39.000 --> 0:23:42.160 day to day basis. Well, the more systems come online 0:23:42.720 --> 0:23:45.000 UM in more places around the world, I think it's 0:23:45.000 --> 0:23:47.960 going to be it becomes sort of like you know, 0:23:48.000 --> 0:23:51.320 aerial assaults were after you know, that became a real 0:23:51.400 --> 0:23:54.240 possibility in the twentieth century. It's it's going to be 0:23:54.320 --> 0:23:58.680 something that a well planned military strategy is going to include. 0:23:59.080 --> 0:24:03.840 You got your ground groops, you know, air see and internet. 0:24:04.480 --> 0:24:07.440 Anything that can take down the computer network, the computer 0:24:07.560 --> 0:24:11.720 the communications network, the power grid, all at one time. 0:24:11.760 --> 0:24:14.160 If you can do that, then you know you'll panic 0:24:14.240 --> 0:24:16.800 the citizenry, and that just gives you a better chance. 0:24:17.160 --> 0:24:19.800 I can pretty much guarantee that just about every modern 0:24:19.920 --> 0:24:22.199 nation in the world has some sort of plan like 0:24:22.240 --> 0:24:24.600