1 00:00:00,160 --> 00:00:03,320 Speaker 1: Thinking Sideways is not brought you by the itch on 2 00:00:03,400 --> 00:00:07,080 Speaker 1: my right leg. Instead, it's brought you by crime Con. 3 00:00:07,720 --> 00:00:10,640 Speaker 1: That's right on June nine to June eleven at the 4 00:00:10,720 --> 00:00:15,320 Speaker 1: j W. Marriott in Indianapolis. We're gonna be at crime 5 00:00:15,360 --> 00:00:18,200 Speaker 1: Con along with a whole bunch of other podcasts and 6 00:00:18,320 --> 00:00:22,439 Speaker 1: a whole bunch of other really cool crime investigators and reporters, 7 00:00:22,680 --> 00:00:25,400 Speaker 1: people that you've been watching for years and you know 8 00:00:25,520 --> 00:00:28,400 Speaker 1: you want to see, so you need to be there 9 00:00:28,480 --> 00:00:31,480 Speaker 1: because it's gonna be cool. And as a special offer 10 00:00:31,560 --> 00:00:33,840 Speaker 1: to our listeners, if you go to crime con dot 11 00:00:33,880 --> 00:00:37,960 Speaker 1: com and enter the promo code sideways twenty, you'll get 12 00:00:38,800 --> 00:00:44,040 Speaker 1: off your admission crime con dot com and sideways twenty 13 00:00:46,640 --> 00:00:59,360 Speaker 1: Thinking Sideways. I'll group the ideas, I don't know, stories 14 00:00:59,400 --> 00:01:04,200 Speaker 1: of things, we synthie don't know the answer tube. Hey guys, 15 00:01:04,280 --> 00:01:08,760 Speaker 1: welcome to another episode of Thinking Sideways, the podcast I 16 00:01:08,880 --> 00:01:17,000 Speaker 1: Am Devon, joined this week by Joe and Steve. This 17 00:01:17,000 --> 00:01:21,840 Speaker 1: week Okay, special episodes, Special episode starring uh, Steve and Joe. 18 00:01:22,319 --> 00:01:24,000 Speaker 1: I just want to know who the other two guys are, 19 00:01:24,000 --> 00:01:27,880 Speaker 1: because really, he's spreading crumbs all over my chair. It's 20 00:01:27,959 --> 00:01:32,120 Speaker 1: really annoying. From that ham sandwich, I think faster. I 21 00:01:32,200 --> 00:01:36,320 Speaker 1: kind of suspect we're being transitioned out, dude. Yeah, well, 22 00:01:36,400 --> 00:01:39,840 Speaker 1: hello retirement. This week we're going to talk about a 23 00:01:40,040 --> 00:01:42,559 Speaker 1: mystery that's going to make half of you really happy 24 00:01:42,640 --> 00:01:46,039 Speaker 1: and half of you turn off immediately. Um. And that's 25 00:01:46,080 --> 00:01:49,160 Speaker 1: an internet mystery, because everybody loves a mystery that's in 26 00:01:49,200 --> 00:01:52,200 Speaker 1: the tubes. I like them. I think they're super interesting. 27 00:01:52,360 --> 00:01:54,400 Speaker 1: Some of our listeners like them, but it turns out 28 00:01:54,400 --> 00:01:56,760 Speaker 1: a lot of our listeners hate them, and that's why 29 00:01:56,880 --> 00:02:01,040 Speaker 1: we're like not top rated in true crime. But I 30 00:02:01,880 --> 00:02:03,840 Speaker 1: should say this before you turn it off. There is 31 00:02:04,160 --> 00:02:07,840 Speaker 1: a little international intrigue involved. There's some spice stuff going on, 32 00:02:07,920 --> 00:02:14,680 Speaker 1: maybe German warfare, possible state actors involved or possibly not. 33 00:02:15,040 --> 00:02:18,120 Speaker 1: You know it doesn't it does a computer virus counters 34 00:02:18,160 --> 00:02:21,680 Speaker 1: term warfare? Yeah, I guess. I mean if Beatles do, 35 00:02:21,880 --> 00:02:26,880 Speaker 1: I guess you know why not? Right? All right? This 36 00:02:26,960 --> 00:02:30,560 Speaker 1: week we're going to talk about ghost net, which is 37 00:02:30,600 --> 00:02:35,120 Speaker 1: also yousing wa in Chinese, but we're going to call 38 00:02:35,160 --> 00:02:38,920 Speaker 1: it ghost net better not saying that a bunch of 39 00:02:38,919 --> 00:02:41,680 Speaker 1: times ghost I like it. It sounds like a movie 40 00:02:41,880 --> 00:02:43,640 Speaker 1: ready jump from the Lady at the top of the 41 00:02:43,680 --> 00:02:46,240 Speaker 1: stairs that is only seen like once a year. Ghost 42 00:02:46,520 --> 00:02:49,519 Speaker 1: kind of ghost, yes, kind of ghost. Fishing with a 43 00:02:49,639 --> 00:02:56,160 Speaker 1: net failed bad joke, yes, pretty bad. All right, I'll 44 00:02:56,200 --> 00:02:58,400 Speaker 1: get out of the way alright. In two thousand nine, 45 00:02:58,440 --> 00:03:02,919 Speaker 1: researchers from the Universe, City of Toronto's Monk Center and 46 00:03:03,040 --> 00:03:05,720 Speaker 1: the Cambridge University. From here on out, we're going to 47 00:03:05,720 --> 00:03:09,440 Speaker 1: refer to them as the info Wars Monitor concluded a 48 00:03:09,560 --> 00:03:14,720 Speaker 1: tenish month joint investigation that was requested by a representative 49 00:03:14,880 --> 00:03:22,160 Speaker 1: of the o h Hdlice of Office of His Holiness 50 00:03:22,200 --> 00:03:25,919 Speaker 1: the Dalai lama Um. And this this meeting took place, 51 00:03:25,960 --> 00:03:29,520 Speaker 1: The request took place in Geneva, which is a safe 52 00:03:29,520 --> 00:03:36,800 Speaker 1: space for for some people. The investigation under uncovered one 53 00:03:37,160 --> 00:03:40,680 Speaker 1: of the most widespread hack hacks in history, perhaps the 54 00:03:40,800 --> 00:03:44,840 Speaker 1: most widespread hack in history, certainly, I would say the 55 00:03:44,880 --> 00:03:50,560 Speaker 1: most widespread hack that we're aware of. That that we're 56 00:03:50,560 --> 00:03:54,520 Speaker 1: aware of, which means it was yeah, and that just 57 00:03:54,600 --> 00:04:00,120 Speaker 1: means that it wasn't the best hack but computer and 58 00:04:00,200 --> 00:04:03,160 Speaker 1: at least a hundred and three countries, yes you heard 59 00:04:03,200 --> 00:04:06,640 Speaker 1: me right, one hundred and three countries were affected, and 60 00:04:06,720 --> 00:04:17,120 Speaker 1: researchers think that it was almost individual hope. In general, 61 00:04:17,279 --> 00:04:20,640 Speaker 1: it is believed that China was the perpetrator of this attack, 62 00:04:21,400 --> 00:04:24,480 Speaker 1: but no one can be certain, and I have my doubts, 63 00:04:24,480 --> 00:04:26,520 Speaker 1: which is why I thought this would be a good mystery. 64 00:04:26,800 --> 00:04:31,640 Speaker 1: And these computers mostly belonged to embassies governmental ministries, and 65 00:04:31,680 --> 00:04:35,160 Speaker 1: then almost all of the Dali Lama's exile centers were 66 00:04:35,200 --> 00:04:38,920 Speaker 1: affected as well. And the thing is um. Even though 67 00:04:39,000 --> 00:04:42,640 Speaker 1: ghost net was discovered as recently as two thousand eleven, 68 00:04:43,040 --> 00:04:48,680 Speaker 1: at least one government UM Canada has uncovered an instance 69 00:04:48,920 --> 00:04:52,800 Speaker 1: of ghost net, or the bug that is referred to 70 00:04:52,839 --> 00:04:56,520 Speaker 1: as ghost net. UM. They discovered an instance of that 71 00:04:56,640 --> 00:05:00,159 Speaker 1: and it was in the Canadian official Finance department. Was 72 00:05:00,240 --> 00:05:04,120 Speaker 1: the was where the computer that was infected was discovered. UM. 73 00:05:04,120 --> 00:05:06,520 Speaker 1: This is, of course, according to an anonymous source, because 74 00:05:06,560 --> 00:05:09,960 Speaker 1: governments don't readily admit things like this, and the computer 75 00:05:10,080 --> 00:05:12,400 Speaker 1: was probably a hand me down from the Foreign ministry. Yeah, 76 00:05:12,440 --> 00:05:17,799 Speaker 1: probably are interested in the Canadian finances. I saw something about. 77 00:05:18,160 --> 00:05:19,919 Speaker 1: It was like a year or so after all this 78 00:05:20,040 --> 00:05:22,760 Speaker 1: got done, another one was found in India, and I 79 00:05:22,800 --> 00:05:25,440 Speaker 1: think another onrustration in Iran. So I mean it's it 80 00:05:25,560 --> 00:05:30,279 Speaker 1: keeps popping up. Yeah, despite the fact that and we'll 81 00:05:30,320 --> 00:05:32,240 Speaker 1: talk about in a little bit, we're going to kind 82 00:05:32,279 --> 00:05:35,800 Speaker 1: of delve into the wise and house of this um 83 00:05:35,920 --> 00:05:39,240 Speaker 1: and we'll talk about how why it was so prevalent 84 00:05:39,600 --> 00:05:42,160 Speaker 1: um and it's because it was a pretty dang good hack. 85 00:05:43,920 --> 00:05:47,320 Speaker 1: So let's jump in to the first how we're gonna 86 00:05:47,360 --> 00:05:50,480 Speaker 1: talk about tech. So we're going to talk about tech 87 00:05:51,200 --> 00:05:53,760 Speaker 1: cool and it's gonna be a little boring. I'm sorry. 88 00:05:54,000 --> 00:05:55,960 Speaker 1: I don't think it's boring, but I think a lot 89 00:05:56,000 --> 00:05:57,760 Speaker 1: of people are gonna thinks I see lots of I 90 00:05:57,800 --> 00:06:00,800 Speaker 1: see lots of joking, yoke opportunity in the title of 91 00:06:00,839 --> 00:06:02,800 Speaker 1: this that is the sub end. Yeah, I think the 92 00:06:02,920 --> 00:06:05,680 Speaker 1: work out well. So first we're going to talk about Trojans. 93 00:06:05,760 --> 00:06:08,680 Speaker 1: And for those of you who don't know, trojans are 94 00:06:08,720 --> 00:06:11,480 Speaker 1: giant horses that once roamed the land before shedding their 95 00:06:11,480 --> 00:06:14,520 Speaker 1: physical form and evolving into an internet based life form. 96 00:06:14,640 --> 00:06:17,320 Speaker 1: You left out the soldiers and sidde. Yeah, they reproduced 97 00:06:17,320 --> 00:06:19,920 Speaker 1: by sending out math emails and hoping that some duddy 98 00:06:20,000 --> 00:06:23,040 Speaker 1: dummy will download them, thus giving them access to anything 99 00:06:23,080 --> 00:06:28,239 Speaker 1: that the computers attached to and becoming mini Trojan's. Yeah, 100 00:06:28,480 --> 00:06:31,320 Speaker 1: that's how that works, right, that's what they are, not exactly. 101 00:06:34,160 --> 00:06:37,640 Speaker 1: It's a cute description, but it's actually not the worst description. 102 00:06:38,080 --> 00:06:40,960 Speaker 1: I will agree with that. So everybody knows, you know, 103 00:06:41,200 --> 00:06:44,640 Speaker 1: what a trojan horses, right, I would hope. And so 104 00:06:44,839 --> 00:06:49,560 Speaker 1: basically this is just a trojan. Virus is a delivery system, 105 00:06:49,640 --> 00:06:51,640 Speaker 1: so that it's it's like a little hitt now like 106 00:06:51,680 --> 00:06:53,440 Speaker 1: the horse, you know, you know, you let it into 107 00:06:53,480 --> 00:06:55,159 Speaker 1: your city and then you just go to bed and 108 00:06:55,160 --> 00:06:57,600 Speaker 1: then overnight it's bits how some soldiers you know, kind 109 00:06:57,640 --> 00:07:00,640 Speaker 1: of like that. It's computer. It's bits out a little 110 00:07:00,680 --> 00:07:03,520 Speaker 1: line of code that builds itself like a virus. And 111 00:07:05,360 --> 00:07:09,200 Speaker 1: so this can be this can install trojans can install 112 00:07:09,240 --> 00:07:14,040 Speaker 1: anything from like small bits of spyware, two key logging tech, 113 00:07:14,800 --> 00:07:19,000 Speaker 1: two bugs that will totally completely take over your computer. 114 00:07:19,440 --> 00:07:23,000 Speaker 1: And in our case, the trojan known as ghost rat 115 00:07:23,200 --> 00:07:26,840 Speaker 1: and yes that is a zero instead of an oh. 116 00:07:28,160 --> 00:07:31,920 Speaker 1: Ghost rat and the ghost Rat allowed hackers to gain 117 00:07:32,000 --> 00:07:36,560 Speaker 1: total and real time control of any computer running Windows. 118 00:07:36,640 --> 00:07:40,240 Speaker 1: It only infected Windows computers, which is you know, was 119 00:07:40,280 --> 00:07:42,240 Speaker 1: one of the original selling points of max is that 120 00:07:42,320 --> 00:07:48,360 Speaker 1: they don't get infected. But that's unfortunately, Yeah, ghost Rat 121 00:07:48,640 --> 00:07:54,720 Speaker 1: could even utilize UM computers as surveillance machines by clandestinely 122 00:07:54,880 --> 00:08:02,760 Speaker 1: turning on the audio recorders and the cameras and camera. Yeah. Well, 123 00:08:02,800 --> 00:08:05,520 Speaker 1: and they could record both of those things, you know, 124 00:08:05,560 --> 00:08:08,240 Speaker 1: remotely or whatever. But basically, yeah, they would just turn 125 00:08:08,280 --> 00:08:11,400 Speaker 1: on the camera and the mic and be able to 126 00:08:11,400 --> 00:08:16,080 Speaker 1: totally surveil a room, any room that the computer is in. UM. 127 00:08:16,160 --> 00:08:18,520 Speaker 1: And that's one of the origins of you know, people 128 00:08:18,760 --> 00:08:21,480 Speaker 1: like me, even though I have MAC put little pieces 129 00:08:21,520 --> 00:08:24,840 Speaker 1: of tape over their camera because you can turn the 130 00:08:24,840 --> 00:08:28,280 Speaker 1: camera on without the little light showing that the cameras 131 00:08:28,280 --> 00:08:32,199 Speaker 1: on being on, and then somebody surveilling you. If you 132 00:08:32,720 --> 00:08:39,920 Speaker 1: watch the TV show Black Mirror, season three, episode three 133 00:08:40,440 --> 00:08:44,400 Speaker 1: goes right down exactly what you're talking about in terms 134 00:08:44,440 --> 00:08:47,320 Speaker 1: of gathering information and using it against people. I was 135 00:08:47,360 --> 00:08:50,240 Speaker 1: going to say that if you watched Mr Robot, it's 136 00:08:50,360 --> 00:08:54,240 Speaker 1: like the first freaking episode has an instance of this, 137 00:08:54,559 --> 00:08:59,800 Speaker 1: and in that case, that hacker was gathering surveillance information 138 00:09:00,320 --> 00:09:03,720 Speaker 1: to blackmail people like they were gathering out with pictures 139 00:09:03,800 --> 00:09:07,640 Speaker 1: or somebody from blackmail somebody. UM. But there are obviously 140 00:09:07,840 --> 00:09:14,560 Speaker 1: larger implications and uses for surveying just survey. Yeah, that's 141 00:09:14,600 --> 00:09:17,480 Speaker 1: what there's one of the new smart TVs that has 142 00:09:17,559 --> 00:09:20,760 Speaker 1: you know, you can talk to it, Panasonic whatever do this, 143 00:09:20,920 --> 00:09:23,280 Speaker 1: and people have figured out how to hack those so 144 00:09:23,320 --> 00:09:25,480 Speaker 1: that they're just it's a it's a listening device. So 145 00:09:25,600 --> 00:09:28,760 Speaker 1: that was one of the things with connects to because 146 00:09:28,800 --> 00:09:31,720 Speaker 1: they's always recording. I don't want to think about I 147 00:09:31,800 --> 00:09:34,280 Speaker 1: just can't wait for this in the future courtroom drama 148 00:09:34,280 --> 00:09:38,680 Speaker 1: where Alexis brought in as a witness. Absolutely didn't just happen, ye, 149 00:09:39,480 --> 00:09:41,480 Speaker 1: did it? Apple? Well? Yeah, no, Actually I'm talking about 150 00:09:41,520 --> 00:09:44,040 Speaker 1: Alexa actually sitting in the witness box, you know. But 151 00:09:44,160 --> 00:09:47,080 Speaker 1: I think I but this kind of stuff, you know, 152 00:09:47,120 --> 00:09:49,400 Speaker 1: we have we've all heard of the Internet of things. 153 00:09:49,559 --> 00:09:52,240 Speaker 1: You get you connect your fridge and your TV and 154 00:09:52,280 --> 00:09:54,760 Speaker 1: your microwave and your toaster to the Internet, and then 155 00:09:54,760 --> 00:09:57,360 Speaker 1: you can control it from your smartphone. And it turns 156 00:09:57,360 --> 00:10:00,640 Speaker 1: out that's a really bad thing because this security and 157 00:10:00,640 --> 00:10:03,920 Speaker 1: the encryption on those devices turns out it's really really 158 00:10:03,960 --> 00:10:08,240 Speaker 1: bad because initially everybody was like, who's gonna hack your fridge? 159 00:10:08,640 --> 00:10:12,120 Speaker 1: Except we've seen those instances where there's the nanny cam 160 00:10:12,120 --> 00:10:14,520 Speaker 1: and the teddy Bear that you can use your smartphone 161 00:10:14,559 --> 00:10:16,520 Speaker 1: with and then somebody walks in the room and the 162 00:10:16,559 --> 00:10:18,960 Speaker 1: bear is talking and rush into the baby. I mean, 163 00:10:19,000 --> 00:10:24,360 Speaker 1: like it's totally a thing because they just seemed so innocuous, 164 00:10:24,400 --> 00:10:27,360 Speaker 1: these little devices. I'm not a big believer in the 165 00:10:27,400 --> 00:10:30,959 Speaker 1: Internet of Things personally. Oh no, Internet of things is dumb. Yeah, 166 00:10:31,200 --> 00:10:33,920 Speaker 1: I disagree. I like the Internet of Things. I think 167 00:10:33,960 --> 00:10:38,679 Speaker 1: that there's some improvements that can be made, certainly, but 168 00:10:38,880 --> 00:10:41,080 Speaker 1: I think that that's just part of you know, new 169 00:10:41,080 --> 00:10:44,640 Speaker 1: way of technology implementation. But but just another fun thing 170 00:10:44,640 --> 00:10:46,160 Speaker 1: in the news. It was in a just a week 171 00:10:46,240 --> 00:10:48,680 Speaker 1: or two ago, the cops bust to the guy with 172 00:10:48,679 --> 00:10:51,800 Speaker 1: the pacemaker because he was making his big alibi was 173 00:10:51,840 --> 00:10:53,400 Speaker 1: there was a fire and he was like, you know, 174 00:10:53,520 --> 00:10:55,439 Speaker 1: like struggling to escape from the fire or something. I 175 00:10:55,480 --> 00:10:57,839 Speaker 1: can't remember exactly what it was, but they managed to 176 00:10:57,880 --> 00:11:02,360 Speaker 1: download download information from his pacemaker, the pacemaker's record. The 177 00:11:02,360 --> 00:11:05,680 Speaker 1: pacemaker basically said, no, this guy's heart wasn't beating fast 178 00:11:05,720 --> 00:11:09,680 Speaker 1: at all. Oh my god, and yeah he was busted 179 00:11:09,760 --> 00:11:13,440 Speaker 1: and crazy. Yeah. So yeah, all these digital devices there, 180 00:11:13,520 --> 00:11:16,720 Speaker 1: they're recording the crap out of your life. Yeah. Okay, 181 00:11:16,760 --> 00:11:19,600 Speaker 1: So anyway, long story short, that's why you should put 182 00:11:19,640 --> 00:11:23,960 Speaker 1: tape over your camera and don't say anything sensed eve 183 00:11:23,960 --> 00:11:26,400 Speaker 1: around your computer because it's listening all the time. I 184 00:11:26,440 --> 00:11:29,640 Speaker 1: don't have mine on. My camera's always exposed. I say 185 00:11:29,679 --> 00:11:31,440 Speaker 1: all kinds of things to my computer. I know. And 186 00:11:31,520 --> 00:11:36,360 Speaker 1: that's why people secretly have pictures of us. They have 187 00:11:36,600 --> 00:11:41,320 Speaker 1: even better pictures to Steve so ghost rat back to 188 00:11:41,360 --> 00:11:46,400 Speaker 1: the story, was a specific kind of trojan, and it 189 00:11:46,559 --> 00:11:51,280 Speaker 1: is most often referred to as an APT or an 190 00:11:51,320 --> 00:11:57,240 Speaker 1: advanced persistent threat. Often trojans will be sent out just 191 00:11:57,360 --> 00:12:00,880 Speaker 1: kind of you know, like those emails from Thenigerian Prince 192 00:12:01,000 --> 00:12:05,480 Speaker 1: just just yeah, really, just as many people as they 193 00:12:05,480 --> 00:12:07,760 Speaker 1: can possibly send them to on the hope that a 194 00:12:07,800 --> 00:12:10,640 Speaker 1: couple of people will be real dumb and infect their 195 00:12:10,679 --> 00:12:13,720 Speaker 1: computer and then they go for heavy payload real quick, 196 00:12:14,320 --> 00:12:17,320 Speaker 1: and then um they get eradicated from the computer. But 197 00:12:17,440 --> 00:12:20,679 Speaker 1: the hackers already have what they wanted. Oftentimes, as we 198 00:12:20,679 --> 00:12:23,120 Speaker 1: were talking about with you know, trying to get information 199 00:12:23,120 --> 00:12:26,160 Speaker 1: that you could blackmail somebody with, or you know, any 200 00:12:26,200 --> 00:12:29,800 Speaker 1: financial records or just passwords or things like that. UM 201 00:12:29,840 --> 00:12:34,720 Speaker 1: apt s, however, are pretty much the opposite of that. 202 00:12:35,800 --> 00:12:39,720 Speaker 1: Um They're usually targeted at one organization, be it a 203 00:12:39,760 --> 00:12:43,320 Speaker 1: corporation or government or ministry or something like that, and 204 00:12:43,360 --> 00:12:47,600 Speaker 1: they usually have inside intel on how to get into 205 00:12:47,600 --> 00:12:53,440 Speaker 1: the system. Pretty frequently apt s are executed with um 206 00:12:54,120 --> 00:12:58,920 Speaker 1: like old school espionage skills, stick in a USB, stick 207 00:12:58,920 --> 00:13:03,640 Speaker 1: in a computer, well, more like social engineering to get 208 00:13:03,720 --> 00:13:06,320 Speaker 1: to the point where that guy can stick that USB 209 00:13:06,480 --> 00:13:10,880 Speaker 1: stick in to a computer or even you know, so 210 00:13:10,920 --> 00:13:15,160 Speaker 1: that they know social engineering. You mean what Okay, so 211 00:13:15,160 --> 00:13:21,160 Speaker 1: social engineering is a term that generally refers to the 212 00:13:21,240 --> 00:13:25,559 Speaker 1: old school manipulation of people. Yeah, basically, yeah, but I 213 00:13:25,920 --> 00:13:28,760 Speaker 1: know what social engineering used to be called. But in 214 00:13:28,920 --> 00:13:31,680 Speaker 1: like special social engineering you're talking about, Actually it's still 215 00:13:31,920 --> 00:13:35,400 Speaker 1: the same thing, okay, Yeah, where you know, you try 216 00:13:35,600 --> 00:13:38,319 Speaker 1: you convince people to do things that they shouldn't necessarily 217 00:13:38,360 --> 00:13:40,319 Speaker 1: do by talking to them in person. I mean, you know, 218 00:13:40,360 --> 00:13:43,280 Speaker 1: it's similar to you know, you can call somebody and 219 00:13:43,280 --> 00:13:45,719 Speaker 1: and start a conversation with them and get information out 220 00:13:45,720 --> 00:13:47,640 Speaker 1: of them by pretending like you know what you're talking about. 221 00:13:47,880 --> 00:13:50,240 Speaker 1: You know, little things like that, Or you can dress 222 00:13:50,280 --> 00:13:52,280 Speaker 1: up like a janitor and pretend like you're supposed to 223 00:13:52,320 --> 00:13:56,400 Speaker 1: be in that corporate office and walk around and nine 224 00:13:56,400 --> 00:13:59,079 Speaker 1: times that attend, nobody's going to be like, hey, excuse me, 225 00:13:59,360 --> 00:14:01,480 Speaker 1: you're not the weal, guy, what are you doing here? 226 00:14:01,920 --> 00:14:03,480 Speaker 1: They're just going to ignore you, and you're going to 227 00:14:03,559 --> 00:14:06,640 Speaker 1: get away with doing a lot of research or intel 228 00:14:06,720 --> 00:14:10,480 Speaker 1: work or you know again sticking a USB in a 229 00:14:10,480 --> 00:14:13,240 Speaker 1: place that doesn't exist or it shouldn't exist. I mean, 230 00:14:13,320 --> 00:14:15,240 Speaker 1: and this is the other thing, right, is that let's 231 00:14:16,280 --> 00:14:20,840 Speaker 1: a lot of places say you should never put like 232 00:14:20,880 --> 00:14:22,680 Speaker 1: a used to b C d s or floppy disks 233 00:14:22,760 --> 00:14:24,800 Speaker 1: or anything like that that you don't know what it's 234 00:14:24,800 --> 00:14:27,760 Speaker 1: on it, don't put it in your computer because that 235 00:14:27,840 --> 00:14:30,960 Speaker 1: used to be a pretty standard delivery system for these 236 00:14:31,040 --> 00:14:33,920 Speaker 1: little bugs, because it would just install into your computer 237 00:14:33,960 --> 00:14:35,880 Speaker 1: and then all of a sudden, you've infected every People 238 00:14:35,880 --> 00:14:38,200 Speaker 1: would go to Starbucks and leave a flash drive and 239 00:14:38,280 --> 00:14:40,880 Speaker 1: some somebody would like, oh, who's flash dry? I don't know, Well, 240 00:14:40,920 --> 00:14:42,320 Speaker 1: let's see what's on it. Maybe I can find out 241 00:14:42,320 --> 00:14:47,160 Speaker 1: who belongs to. So they did a study of some 242 00:14:47,320 --> 00:14:49,480 Speaker 1: university recently where they left a bunch of the flash 243 00:14:49,560 --> 00:14:53,120 Speaker 1: drives just laying around campus and uh and if you downloaded, 244 00:14:53,120 --> 00:14:55,680 Speaker 1: you've got instructions on just bring it back to this department. 245 00:14:55,720 --> 00:14:58,280 Speaker 1: They found that like half the people that pick these 246 00:14:58,280 --> 00:15:02,080 Speaker 1: things up stuck them into their computers. Yeah, yeah, unbelievable. Yeah. Well, 247 00:15:02,080 --> 00:15:04,880 Speaker 1: and that's where the kind of social engineering thing can 248 00:15:05,000 --> 00:15:07,760 Speaker 1: can come in handy rate is if you call if 249 00:15:07,800 --> 00:15:10,120 Speaker 1: you have a target, a high value target, you know, right, 250 00:15:10,280 --> 00:15:12,880 Speaker 1: is like the CEO of a company who has proven 251 00:15:12,920 --> 00:15:15,160 Speaker 1: to be maybe not as tech savvy as they should be, 252 00:15:15,400 --> 00:15:20,320 Speaker 1: and you know, yeah CEO of Sideways Co. And you 253 00:15:21,080 --> 00:15:24,440 Speaker 1: want to somehow infect that person's computer. Well, you can 254 00:15:24,560 --> 00:15:27,040 Speaker 1: go through the arduous process of trying to figure out 255 00:15:27,080 --> 00:15:29,960 Speaker 1: if there's a backdoor exploit tech wise where you can 256 00:15:30,000 --> 00:15:32,520 Speaker 1: you know, get into the pack of the mainframe, you know, 257 00:15:32,520 --> 00:15:37,040 Speaker 1: blah blah blah, or or even easier, right, you can 258 00:15:37,040 --> 00:15:40,440 Speaker 1: call his secretary and say, I am supposed to be 259 00:15:40,440 --> 00:15:43,000 Speaker 1: in this meeting with him. I'm so sorry, Or my 260 00:15:43,080 --> 00:15:44,760 Speaker 1: supervisor is supposed to be in my meet in this 261 00:15:44,840 --> 00:15:47,520 Speaker 1: meeting with your CEO and he's running late, and I 262 00:15:47,560 --> 00:15:50,160 Speaker 1: just need to know, like where they're meeting, please can 263 00:15:50,200 --> 00:15:52,960 Speaker 1: you tell me? And the secretary will take pity on 264 00:15:53,000 --> 00:15:57,240 Speaker 1: you if you tried enough times, and you'll and she'll say, oh, 265 00:15:57,240 --> 00:15:59,560 Speaker 1: they're meeting at the Starbucks. You'll go leave a flash 266 00:15:59,640 --> 00:16:04,600 Speaker 1: drive where he's going to find it, and and that's 267 00:16:04,640 --> 00:16:07,560 Speaker 1: like an old school kind of social engineering technique, right 268 00:16:07,600 --> 00:16:10,080 Speaker 1: where you you make somebody give pity on you and 269 00:16:10,240 --> 00:16:11,920 Speaker 1: there you go. But yeah, or you can send a 270 00:16:11,920 --> 00:16:13,680 Speaker 1: phishing email, which is what we're going to talk about 271 00:16:13,680 --> 00:16:18,520 Speaker 1: a little bit. So all of that to say that 272 00:16:18,520 --> 00:16:21,480 Speaker 1: that's one way that um A pt s are delivered 273 00:16:21,600 --> 00:16:24,800 Speaker 1: is by social engineering, and the other way is by 274 00:16:24,800 --> 00:16:30,960 Speaker 1: spending a lot of money or manpower to expose those 275 00:16:31,040 --> 00:16:35,600 Speaker 1: backdoor vulnerabilities that exist in all systems, and not necessarily backdoor, 276 00:16:35,640 --> 00:16:39,160 Speaker 1: but vulnerabilities that exist in like every single system. There's 277 00:16:39,160 --> 00:16:41,800 Speaker 1: always some way that a system is a little messed up. 278 00:16:42,800 --> 00:16:46,160 Speaker 1: It's not cheap route typically because on the dark web 279 00:16:46,240 --> 00:16:49,960 Speaker 1: you can buy a lot of different bits of script 280 00:16:50,040 --> 00:16:55,360 Speaker 1: and code or full on assault packages for systems, but 281 00:16:55,440 --> 00:16:58,320 Speaker 1: that's not a cheap endeavor. Yeah, it sounds like from 282 00:16:58,400 --> 00:17:02,480 Speaker 1: the research that I have been doing just around this project, 283 00:17:02,560 --> 00:17:06,520 Speaker 1: not for my own anything, don't worry. Um it sounds 284 00:17:06,600 --> 00:17:08,639 Speaker 1: like there are a lot of people who make a 285 00:17:08,680 --> 00:17:12,240 Speaker 1: lot of money basically make their living on finding these 286 00:17:12,320 --> 00:17:15,720 Speaker 1: exploits and not exploiting them and just putting it out 287 00:17:15,720 --> 00:17:18,679 Speaker 1: there on forums and saying, hey guys, just you know, 288 00:17:18,840 --> 00:17:20,680 Speaker 1: I have a way to get into this goes to 289 00:17:20,720 --> 00:17:23,560 Speaker 1: the highest bidder and letting a bidding war happen, and 290 00:17:23,600 --> 00:17:25,680 Speaker 1: then you know, eventually somebody will say, I will give 291 00:17:25,680 --> 00:17:28,480 Speaker 1: you three million dollars for that one thing. And the 292 00:17:30,280 --> 00:17:34,320 Speaker 1: zero vulnerabilities. Yeah, zero dave vulnerabilities is the technical term 293 00:17:34,840 --> 00:17:37,320 Speaker 1: that I've been avoiding because I don't I don't know, 294 00:17:37,320 --> 00:17:38,760 Speaker 1: because I don't know how many people are going to 295 00:17:38,840 --> 00:17:42,359 Speaker 1: know it. Um And yeah, it's it's a lot of 296 00:17:42,359 --> 00:17:44,440 Speaker 1: manpower or a lot of money to go that route. 297 00:17:44,480 --> 00:17:48,480 Speaker 1: It's much easier just call somebody secretarian you know, and 298 00:17:48,640 --> 00:17:51,920 Speaker 1: fishing you know. Um. So yeah, the all of that 299 00:17:52,000 --> 00:17:55,280 Speaker 1: to say again that a p t S are typically 300 00:17:55,400 --> 00:18:00,479 Speaker 1: very well financed. It is a long term investment because 301 00:18:00,520 --> 00:18:05,040 Speaker 1: the goal is to surveil for a very long amount 302 00:18:05,040 --> 00:18:11,280 Speaker 1: of time. It's not to it's it's really quantity and 303 00:18:11,560 --> 00:18:18,040 Speaker 1: quality over just like sheer volume extracting volume. All I mean, 304 00:18:18,240 --> 00:18:20,200 Speaker 1: correct me if I'm wrong. This is the way I 305 00:18:20,320 --> 00:18:22,960 Speaker 1: understood a pt S, and tell me if I'm wrong. 306 00:18:22,960 --> 00:18:24,960 Speaker 1: Here is I looked at it is is there's two 307 00:18:25,000 --> 00:18:28,040 Speaker 1: types of ways to to rob a bank. There's the 308 00:18:28,160 --> 00:18:31,199 Speaker 1: smash and grab, where you go in you grab as 309 00:18:31,359 --> 00:18:35,120 Speaker 1: much as you can, and you run and whatever you get, 310 00:18:35,240 --> 00:18:40,840 Speaker 1: you get or your bank employee, and you just start 311 00:18:41,359 --> 00:18:45,600 Speaker 1: funneling funds and embezzling a thousand dollars a day and 312 00:18:45,680 --> 00:18:47,920 Speaker 1: do it for as long as you can, because chances 313 00:18:47,960 --> 00:18:49,720 Speaker 1: are you're not going to get noticed and you're gonna 314 00:18:49,720 --> 00:18:53,120 Speaker 1: get more long term, I would I would add it's 315 00:18:53,320 --> 00:18:56,600 Speaker 1: more like it's a subtler approach. It's more like somebody 316 00:18:56,640 --> 00:19:00,200 Speaker 1: getting a job out of bank to funnel five bucks 317 00:19:00,200 --> 00:19:04,119 Speaker 1: a day. Yeah, I mean a little tiny amount. I 318 00:19:04,160 --> 00:19:07,400 Speaker 1: mean like even just like dropping a roll of coins 319 00:19:07,480 --> 00:19:11,800 Speaker 1: into your purse every day for six or seven years 320 00:19:12,520 --> 00:19:15,200 Speaker 1: before you get caught, and then obviously like not spending 321 00:19:15,240 --> 00:19:18,360 Speaker 1: any money. So by the end of your process, you 322 00:19:18,359 --> 00:19:20,600 Speaker 1: you have a ton of money. You have a huge 323 00:19:20,720 --> 00:19:24,600 Speaker 1: value there. So that that's a really good analogy. Yeah, okay, 324 00:19:24,840 --> 00:19:26,720 Speaker 1: you have to have a lot of coins to make 325 00:19:26,720 --> 00:19:30,359 Speaker 1: it worth it. Remember all the quarters is ten bucks. Yeah, 326 00:19:30,440 --> 00:19:35,000 Speaker 1: so ten bucks a day for seven years, eight years, 327 00:19:34,760 --> 00:19:39,720 Speaker 1: that's what three thousand dollars a year as auxiliary income. 328 00:19:39,760 --> 00:19:43,520 Speaker 1: I don't know, that's like three thousand bucks a months, right, 329 00:19:43,960 --> 00:19:48,199 Speaker 1: My math skills are hideous six a year, Yeah, that's right. Right, 330 00:19:48,240 --> 00:19:51,760 Speaker 1: because ten all a day. Okay, never mind, that's more 331 00:19:51,800 --> 00:19:54,480 Speaker 1: than I thought. Yeah, okay, it was like it's only 332 00:19:54,520 --> 00:19:59,199 Speaker 1: three grand years. That's yeah. Yeah, it's not enough to 333 00:19:59,400 --> 00:20:05,400 Speaker 1: retire it. It's not nothing, especially as auxiliary income. Right. Yeah, 334 00:20:05,680 --> 00:20:08,000 Speaker 1: So this is kind of vague, and we've kind of 335 00:20:08,040 --> 00:20:10,520 Speaker 1: like gone in a bunch of different directions. But that's 336 00:20:10,560 --> 00:20:14,000 Speaker 1: because a pt s are pretty vague in nature, and 337 00:20:14,119 --> 00:20:18,280 Speaker 1: the way that they're deployed is oftentimes very different. Again, 338 00:20:18,400 --> 00:20:22,080 Speaker 1: because you don't want to be detected. Well let's say, yeah, 339 00:20:22,080 --> 00:20:24,040 Speaker 1: it's like an espionage you know, it's like you don't 340 00:20:24,040 --> 00:20:25,919 Speaker 1: want to protect your sources. You don't want people to 341 00:20:25,960 --> 00:20:28,919 Speaker 1: know that they've actually been penetrated. So you know, you 342 00:20:28,920 --> 00:20:31,240 Speaker 1: don't just when you get something and you get some information, 343 00:20:31,280 --> 00:20:33,200 Speaker 1: you don't just run out and act on it because 344 00:20:33,280 --> 00:20:38,240 Speaker 1: it tells the other side that, well, compromise. And I 345 00:20:38,240 --> 00:20:40,880 Speaker 1: would encourage our listeners to remember the thing that Joe 346 00:20:40,960 --> 00:20:43,720 Speaker 1: just said when we get into theories. That occurred to 347 00:20:43,760 --> 00:20:46,200 Speaker 1: me too, because I've read ahead a little bit too. Yeah, 348 00:20:46,480 --> 00:20:50,919 Speaker 1: that's good. I'm glad that you've read. Um. So, there 349 00:20:51,240 --> 00:20:55,920 Speaker 1: is a fifty three page report that was put out 350 00:20:55,920 --> 00:21:00,760 Speaker 1: by INFO War Monitor by Professor Ron Deep who's the 351 00:21:00,800 --> 00:21:04,439 Speaker 1: director at the Citizen Lab at the Monk Center for 352 00:21:04,520 --> 00:21:10,040 Speaker 1: International Studies at the University of Toronto, and Raffael Rojozinski, 353 00:21:10,400 --> 00:21:13,960 Speaker 1: I think, who's the principal and CEO at the SECTV Group. 354 00:21:14,280 --> 00:21:16,719 Speaker 1: I read all fifty three pages of this and let 355 00:21:16,720 --> 00:21:20,959 Speaker 1: me tell you, it was not easy reading. Read myself 356 00:21:22,000 --> 00:21:26,159 Speaker 1: good and I really deeply encourage if this is a 357 00:21:26,200 --> 00:21:29,440 Speaker 1: mystery that grabs you, you should read this whole report 358 00:21:29,480 --> 00:21:33,480 Speaker 1: because it's really interesting. But if you are just enjoying 359 00:21:33,560 --> 00:21:36,840 Speaker 1: listening to the sound of my voice, don't. I wouldn't 360 00:21:36,920 --> 00:21:39,080 Speaker 1: encourage you to read it. We will link it on 361 00:21:39,119 --> 00:21:41,560 Speaker 1: the website. I just played this episode over and over 362 00:21:41,600 --> 00:21:46,080 Speaker 1: and over again. Yeah. Um, so the next little bit 363 00:21:46,160 --> 00:21:48,320 Speaker 1: here we're gonna do is basically like a too long 364 00:21:48,400 --> 00:21:51,760 Speaker 1: didn't read of the fifty three pages of the report, 365 00:21:52,160 --> 00:21:54,760 Speaker 1: because I think it's important that we talked about the 366 00:21:54,840 --> 00:21:59,439 Speaker 1: report and the investigation that happened. The investigation took place 367 00:21:59,480 --> 00:22:03,199 Speaker 1: in two parts. One the first part from June to 368 00:22:03,240 --> 00:22:06,600 Speaker 1: November in two thousand eight, um, and then the second 369 00:22:06,720 --> 00:22:10,639 Speaker 1: part was December two thousand eight to March two thousand nine, 370 00:22:11,119 --> 00:22:14,680 Speaker 1: and again as I mentioned the whole you know, pushed 371 00:22:14,680 --> 00:22:16,720 Speaker 1: to do this was because there was a request from 372 00:22:16,760 --> 00:22:19,640 Speaker 1: the Office of His Holiness the Dalai Lama. And yes, 373 00:22:19,680 --> 00:22:21,600 Speaker 1: I am going to say that every single time. I 374 00:22:21,680 --> 00:22:23,280 Speaker 1: read it that way in my head every time. So 375 00:22:23,320 --> 00:22:25,560 Speaker 1: I'm glad you gonna keep doing two the other way. 376 00:22:30,320 --> 00:22:33,960 Speaker 1: Uh So June to November two tho. The first part 377 00:22:34,480 --> 00:22:38,200 Speaker 1: was an on site investigation in which investigators took time 378 00:22:38,240 --> 00:22:43,000 Speaker 1: to figure out what the typical computer and infosecurity practices 379 00:22:43,080 --> 00:22:46,919 Speaker 1: looked like at the organizations that were infected or that 380 00:22:46,960 --> 00:22:49,520 Speaker 1: they thought were infected. At this point, they didn't really 381 00:22:49,560 --> 00:22:51,959 Speaker 1: know how many were well, they didn't know what they 382 00:22:51,960 --> 00:22:53,480 Speaker 1: were dealing They didn't really know what they were dealing with, 383 00:22:53,520 --> 00:22:56,880 Speaker 1: but they were trying to identify. Is they're a good 384 00:22:56,880 --> 00:23:00,040 Speaker 1: password protocol. Is it possible that somebody just guessed on 385 00:23:00,160 --> 00:23:04,600 Speaker 1: passwords right that got this information? Is there a different 386 00:23:04,600 --> 00:23:08,160 Speaker 1: way that this information could be leaking? Is somebody inside 387 00:23:08,160 --> 00:23:12,280 Speaker 1: the office? Yeah? Or even you know, just things like 388 00:23:12,359 --> 00:23:15,720 Speaker 1: did somebody lose a computer and I didn't want to 389 00:23:15,720 --> 00:23:18,560 Speaker 1: admit it, or you know, are you guys not shredding 390 00:23:18,640 --> 00:23:22,120 Speaker 1: your sensitive document? You know, really just and suspicious things 391 00:23:22,160 --> 00:23:26,719 Speaker 1: were happening to. Yeah, the organization itself in terms of 392 00:23:27,040 --> 00:23:32,439 Speaker 1: reactions and preemptive reactions and stuff. Yeah, we're gonna talk 393 00:23:32,480 --> 00:23:35,879 Speaker 1: about that in a second, but them to ask for 394 00:23:35,920 --> 00:23:41,359 Speaker 1: the help. Yeah. But basically what the investigators or researchers 395 00:23:41,400 --> 00:23:44,320 Speaker 1: were trying to do at the get go was what 396 00:23:44,359 --> 00:23:47,679 Speaker 1: they used to do on ghost Hunters, right where when 397 00:23:47,760 --> 00:23:49,840 Speaker 1: they would like film something suspicious and they'd be like, 398 00:23:49,840 --> 00:23:53,640 Speaker 1: all right, how can we recreate this with like normal environments? 399 00:23:53,960 --> 00:23:56,439 Speaker 1: And then when they couldn't, they said, okay, there's a 400 00:23:56,440 --> 00:24:00,440 Speaker 1: ghost here. Or in our case, when they couldn't account for, 401 00:24:00,640 --> 00:24:04,240 Speaker 1: you know, the leaks that were happening, they said, computer okay, 402 00:24:04,240 --> 00:24:07,240 Speaker 1: it was the computer. Okay, something is wrong with your computers. 403 00:24:07,720 --> 00:24:11,719 Speaker 1: This part of the investigation was again primarily carried out 404 00:24:12,320 --> 00:24:15,439 Speaker 1: in the Tibetan government in exile, so at the office 405 00:24:15,480 --> 00:24:19,639 Speaker 1: of His Holiness the Dali lama Um. Since he hadn't 406 00:24:19,960 --> 00:24:23,399 Speaker 1: requested the investigation or his office had requested the investigation, 407 00:24:23,400 --> 00:24:25,400 Speaker 1: they were pretty sure that there was something going on there. 408 00:24:25,800 --> 00:24:32,040 Speaker 1: From their investigators designed their investigation this post November December. 409 00:24:32,680 --> 00:24:36,800 Speaker 1: They did intense on site interviews again to see if 410 00:24:36,800 --> 00:24:39,879 Speaker 1: there were any other reasons for leaks? Did you use 411 00:24:39,920 --> 00:24:45,199 Speaker 1: your computer to just tell us you probably look at 412 00:24:45,200 --> 00:24:48,680 Speaker 1: people's bank accounts? Probably did they take a close look 413 00:24:48,720 --> 00:24:51,440 Speaker 1: at the d L himself. That's what I'm wondering. What 414 00:24:51,840 --> 00:24:56,679 Speaker 1: was Yeah maybe, yeah, I somehow suspect not but maybe 415 00:24:58,800 --> 00:25:07,480 Speaker 1: interrogation so um okay. And then also from December two 416 00:25:07,840 --> 00:25:12,040 Speaker 1: eight till March two nine, investigators analyze the information that 417 00:25:12,080 --> 00:25:14,760 Speaker 1: had been gathered in the first phase UM and they 418 00:25:14,800 --> 00:25:17,720 Speaker 1: found some interesting stuff. Again, I'm not going to go 419 00:25:17,760 --> 00:25:20,280 Speaker 1: into great detail because I don't feel like I need 420 00:25:20,320 --> 00:25:23,840 Speaker 1: to talk for another hour, but I will say you 421 00:25:23,880 --> 00:25:26,439 Speaker 1: should read the report. It's all in there. Basically, they 422 00:25:26,480 --> 00:25:28,760 Speaker 1: were able to curate a list of systems that were 423 00:25:28,800 --> 00:25:35,680 Speaker 1: infected and with the with with ghost rapt and UH, 424 00:25:35,720 --> 00:25:38,320 Speaker 1: they were trying to see if they could figure out 425 00:25:39,200 --> 00:25:41,960 Speaker 1: who was perpetuating the attack. They were able to find 426 00:25:41,960 --> 00:25:45,880 Speaker 1: out that seventy of the servers from which the attack 427 00:25:46,000 --> 00:25:54,080 Speaker 1: was being sent were hosted in China. However, yeah, that 428 00:25:54,119 --> 00:25:57,880 Speaker 1: sounds right mostly, but yeah, primarily the China servers were 429 00:25:57,880 --> 00:26:00,760 Speaker 1: in chained, do I Primarily That doesn't necessarily mean that 430 00:26:00,840 --> 00:26:03,800 Speaker 1: China was involved or the government of China was involved. 431 00:26:03,800 --> 00:26:07,760 Speaker 1: Because you know, servers in like South Carolina were also 432 00:26:07,840 --> 00:26:12,119 Speaker 1: involved um as well as Sweden, South Korea, and Taiwan. 433 00:26:12,720 --> 00:26:15,720 Speaker 1: Most of these servers were set up on what's called 434 00:26:15,800 --> 00:26:21,440 Speaker 1: a dynamic domain name system, which is dynamic DNS or 435 00:26:22,119 --> 00:26:25,000 Speaker 1: d d NS C d n S, which Joe is 436 00:26:25,000 --> 00:26:26,760 Speaker 1: going to talk about a little bit so that you 437 00:26:26,840 --> 00:26:29,879 Speaker 1: can drink some water given to give devon or break 438 00:26:29,960 --> 00:26:33,400 Speaker 1: here and yeah, not much to talk about really, it's 439 00:26:33,400 --> 00:26:37,879 Speaker 1: really simple. I mean the main name services where there's 440 00:26:37,920 --> 00:26:40,600 Speaker 1: you got the name of your website dub dub dub 441 00:26:40,680 --> 00:26:43,960 Speaker 1: Devin dot com. But then you've got the actual IP address, 442 00:26:44,600 --> 00:26:47,000 Speaker 1: which is some numbers with dots in between them, usually 443 00:26:47,040 --> 00:26:49,400 Speaker 1: like three and then three and three and then three 444 00:26:49,520 --> 00:26:53,080 Speaker 1: two yeah or two or whatever. But yeah, and then 445 00:26:53,119 --> 00:26:56,600 Speaker 1: but since i P addresses are not necessarily permanent, it 446 00:26:56,720 --> 00:26:58,000 Speaker 1: used to be in the old days, it was kind 447 00:26:58,000 --> 00:27:00,040 Speaker 1: of a manually updated system, and then they had to 448 00:27:00,040 --> 00:27:02,040 Speaker 1: go something a little more automated. And now you've got 449 00:27:02,040 --> 00:27:08,320 Speaker 1: this system that's really flexible called dynamic don domain name services, 450 00:27:08,400 --> 00:27:11,479 Speaker 1: where uh so you plug a device into your network 451 00:27:11,520 --> 00:27:14,440 Speaker 1: at home and that's connected to your router so that 452 00:27:14,440 --> 00:27:17,159 Speaker 1: that device, like say it's a webcam is going to 453 00:27:17,240 --> 00:27:20,240 Speaker 1: have an IP address, right, and so well what do 454 00:27:20,240 --> 00:27:21,720 Speaker 1: you do? You got to set it up and you 455 00:27:21,760 --> 00:27:24,080 Speaker 1: know and like send an email to the Domain Name 456 00:27:24,160 --> 00:27:27,320 Speaker 1: Service guys and say, hey, would you recognize my IP 457 00:27:27,440 --> 00:27:29,760 Speaker 1: camera and sign it a name or an IP address? 458 00:27:29,960 --> 00:27:32,680 Speaker 1: Not not the way it works anymore. So now your 459 00:27:32,720 --> 00:27:34,880 Speaker 1: device gets in there, you've got software and your router 460 00:27:35,480 --> 00:27:37,600 Speaker 1: that sends out a ping and that gets and then 461 00:27:38,119 --> 00:27:42,320 Speaker 1: gets back from a remote server it's IP address, a 462 00:27:42,320 --> 00:27:45,959 Speaker 1: new IP address, and then your software sends out an 463 00:27:46,080 --> 00:27:51,240 Speaker 1: update to a DNS server that updates. They're essentially their catalog, 464 00:27:51,240 --> 00:27:55,240 Speaker 1: their directory that's got said Devin dot com. And then 465 00:27:55,240 --> 00:27:58,080 Speaker 1: it's got you know this, that's got this IP address 466 00:27:58,200 --> 00:28:00,960 Speaker 1: next to it. That's your new IP address them and 467 00:28:01,040 --> 00:28:03,720 Speaker 1: I presumably if you I guess, if you reboot that thing, 468 00:28:03,800 --> 00:28:06,240 Speaker 1: you might wind up with a new IP address. And 469 00:28:06,240 --> 00:28:08,000 Speaker 1: then so it's time for that thing to send out 470 00:28:08,040 --> 00:28:11,560 Speaker 1: a new update to the DNS server again. And so 471 00:28:11,880 --> 00:28:13,480 Speaker 1: there's a lot of that going on right now, a 472 00:28:13,520 --> 00:28:16,960 Speaker 1: lot of updates being sent to these these dynamics, the 473 00:28:17,080 --> 00:28:20,800 Speaker 1: DNS services. So essentially the i p s are not 474 00:28:20,960 --> 00:28:24,400 Speaker 1: nearly as permanent as they were say ten years ago. 475 00:28:24,440 --> 00:28:27,160 Speaker 1: Would that be a correct a correct interpretation of that. Yeah, 476 00:28:27,240 --> 00:28:29,000 Speaker 1: although there are some you know, I mean, if you 477 00:28:29,040 --> 00:28:31,800 Speaker 1: want to, like you know, IBM S website, I'm pretty 478 00:28:31,880 --> 00:28:34,239 Speaker 1: much going to change pretty much that. I'm sure that's 479 00:28:34,280 --> 00:28:36,520 Speaker 1: pretty permanent. Yeah, but for a lot of us who 480 00:28:36,680 --> 00:28:39,920 Speaker 1: are always you know, getting new devices, changing providers maybe 481 00:28:40,000 --> 00:28:43,680 Speaker 1: or getting new devices and things and adding on devices 482 00:28:43,720 --> 00:28:47,080 Speaker 1: and stuff, then yeah, they're just constantly being updated. That way. 483 00:28:47,080 --> 00:28:50,080 Speaker 1: It makes it a lot more flexible and fast. So 484 00:28:50,120 --> 00:28:53,800 Speaker 1: that that that explains something that we've experienced internally, which 485 00:28:53,880 --> 00:28:56,000 Speaker 1: is one of us will get a new phone or 486 00:28:56,080 --> 00:28:59,480 Speaker 1: we'll update the OS on our phone, and internally we 487 00:28:59,560 --> 00:29:02,240 Speaker 1: have an l system that will alert us when somebody 488 00:29:02,280 --> 00:29:04,320 Speaker 1: knew is there, and that's that's the kind of thing. 489 00:29:04,360 --> 00:29:07,920 Speaker 1: And if anybody does that, you get that kind of notification. 490 00:29:07,920 --> 00:29:11,080 Speaker 1: It sounds like, if I'm understanding correctly, it's that very 491 00:29:11,200 --> 00:29:15,280 Speaker 1: simple to us. Now, very simple process is just simply 492 00:29:15,440 --> 00:29:18,200 Speaker 1: that d d S. Yeah, And of course there's a 493 00:29:18,240 --> 00:29:21,080 Speaker 1: reason you get that that notification is because d DNS 494 00:29:21,120 --> 00:29:24,680 Speaker 1: has been abused a lot, you know, by hackers and 495 00:29:24,760 --> 00:29:27,120 Speaker 1: such and so and so. Even though it's a great 496 00:29:27,160 --> 00:29:30,160 Speaker 1: thing it's very convenient, handy. It can be used to 497 00:29:30,200 --> 00:29:33,120 Speaker 1: like cover your tracks, for example, and then redirect people 498 00:29:33,160 --> 00:29:35,040 Speaker 1: to a server they don't even know that they're going to. 499 00:29:35,960 --> 00:29:38,560 Speaker 1: And so yeah, it's a it can be used for 500 00:29:38,560 --> 00:29:41,160 Speaker 1: sneaky purposes even though it's a very handy tool. And 501 00:29:41,240 --> 00:29:45,360 Speaker 1: so that is why it is suspicious that all of 502 00:29:45,360 --> 00:29:49,880 Speaker 1: these servers were d D and asked particularly what ten 503 00:29:49,960 --> 00:29:57,600 Speaker 1: years ago relatively new um, But it's not necessarily suspicious. 504 00:29:57,840 --> 00:30:00,400 Speaker 1: That makes sense. Yeah, and to me, yeah, now finally, 505 00:30:02,000 --> 00:30:04,200 Speaker 1: and the main target for this heck does seem to 506 00:30:04,240 --> 00:30:08,080 Speaker 1: be the office of His holiness, the Dali lama Um. 507 00:30:08,080 --> 00:30:11,960 Speaker 1: This is his personal office location. Well, there are a 508 00:30:12,000 --> 00:30:16,560 Speaker 1: government in exile, but it's not his governmental office. It's 509 00:30:16,640 --> 00:30:20,960 Speaker 1: his personal office, like the person who says, like, here's 510 00:30:20,960 --> 00:30:24,200 Speaker 1: your coffee, Do you need me to go buy you 511 00:30:24,760 --> 00:30:28,520 Speaker 1: new underwear? Like whatever? I mean. It's not like there's 512 00:30:28,640 --> 00:30:34,320 Speaker 1: huge secrets following through his home office. And that's probably 513 00:30:34,320 --> 00:30:37,440 Speaker 1: some interesting conversations going on in there there maybe, but 514 00:30:38,000 --> 00:30:41,880 Speaker 1: the payload would be much more if they were to 515 00:30:42,000 --> 00:30:45,640 Speaker 1: go through like the government or the government extile office 516 00:30:45,680 --> 00:30:48,560 Speaker 1: for instance, But we don't know that necessarily, and they're 517 00:30:48,560 --> 00:30:50,600 Speaker 1: not also doing that, I would think they would be. 518 00:30:50,680 --> 00:30:53,800 Speaker 1: So we are. We're getting ahead of ourselves in terms 519 00:30:53,800 --> 00:30:57,960 Speaker 1: of where else could it be. But yeah, exactly, so, yeah, 520 00:30:57,960 --> 00:30:59,600 Speaker 1: we'll get there and serious, I guess, And I think 521 00:30:59,600 --> 00:31:01,920 Speaker 1: that's really the right place to talk about that. UM, 522 00:31:01,960 --> 00:31:04,920 Speaker 1: So let's talk about the social engineering component of this. 523 00:31:05,320 --> 00:31:08,720 Speaker 1: It turns out this is not actually the first investigation 524 00:31:08,840 --> 00:31:14,480 Speaker 1: that info War Monitor, or at least people associated with 525 00:31:14,840 --> 00:31:18,360 Speaker 1: the Infowar Monitor UM had aided with. In regards to 526 00:31:18,400 --> 00:31:22,600 Speaker 1: the Office of His Holiness the Dalai Lama. In September 527 00:31:22,600 --> 00:31:25,600 Speaker 1: of two thousand two, Tibetan groups said that they were 528 00:31:25,840 --> 00:31:29,600 Speaker 1: targets of malware UM from China. They specified it was 529 00:31:29,640 --> 00:31:32,360 Speaker 1: from China. They said there was an attempt to spare 530 00:31:32,360 --> 00:31:35,520 Speaker 1: on their networks and otherwise disrupt their work, and they 531 00:31:35,520 --> 00:31:37,880 Speaker 1: were pretty much just brushed off. There wasn't like a 532 00:31:37,960 --> 00:31:42,200 Speaker 1: very intense investigation. And then in two thousand five, one 533 00:31:42,200 --> 00:31:44,959 Speaker 1: of the people who was deeply involved in the two 534 00:31:45,040 --> 00:31:50,760 Speaker 1: thousand eight nine investigation team decided to start archiving malware, 535 00:31:51,160 --> 00:31:56,400 Speaker 1: specifically specifically the malware attacks on the Tibetan organizations and 536 00:31:56,960 --> 00:32:00,520 Speaker 1: try to UM kind of assess their pay load like 537 00:32:00,640 --> 00:32:04,600 Speaker 1: what these malicious attacks were getting, so that actually was 538 00:32:05,240 --> 00:32:09,560 Speaker 1: very helpful in kind of tracking what might be new 539 00:32:09,600 --> 00:32:12,920 Speaker 1: and what what kind of things were happening UM and 540 00:32:12,960 --> 00:32:15,920 Speaker 1: how people were gaining access to the Office of His 541 00:32:16,000 --> 00:32:20,360 Speaker 1: Holiness the Dalai Lama. In early two thousand and eight 542 00:32:20,440 --> 00:32:24,160 Speaker 1: during the Beijing Olympics, this researcher that we were just 543 00:32:24,200 --> 00:32:27,600 Speaker 1: talking about was able to gain access to a control 544 00:32:27,680 --> 00:32:33,080 Speaker 1: server and then trace to the Office of His Holiness 545 00:32:33,080 --> 00:32:37,400 Speaker 1: the Dali Llama through the control server of the malware UM. 546 00:32:37,440 --> 00:32:40,600 Speaker 1: And like, just to clarify because people may not understand, 547 00:32:40,800 --> 00:32:46,960 Speaker 1: the control server is the server that the trojan, horse, virus, malware, 548 00:32:47,080 --> 00:32:49,400 Speaker 1: whatever we want to call it in the computer that's 549 00:32:49,440 --> 00:32:53,160 Speaker 1: infected is reporting to it's that's the control servers and 550 00:32:53,200 --> 00:32:56,600 Speaker 1: what it's squirting data too, Is that right? Yeah? Or 551 00:32:56,880 --> 00:33:00,640 Speaker 1: is the one that's controlling or making it, you know, 552 00:33:00,840 --> 00:33:03,040 Speaker 1: dance a fancy jig if that's what they tell it 553 00:33:03,080 --> 00:33:05,840 Speaker 1: to do. Basically, I don't think it necessarily scores. It's 554 00:33:05,880 --> 00:33:07,480 Speaker 1: if it's sending data out and they can sent it 555 00:33:07,520 --> 00:33:09,920 Speaker 1: to anywhere really all kinds of other places, but it's 556 00:33:09,920 --> 00:33:11,880 Speaker 1: the one that's telling it where to score the datah. Yeah, 557 00:33:11,880 --> 00:33:14,680 Speaker 1: it's just giving it orders yet. Okay, yes, so it's 558 00:33:14,760 --> 00:33:18,640 Speaker 1: the captain of this silly little robotic ship that we're on. Yeah, 559 00:33:18,960 --> 00:33:21,160 Speaker 1: and that's assuming that it really is a control server 560 00:33:21,280 --> 00:33:25,000 Speaker 1: and not some innocent computer that's been hijacked temporarily. Yeah, 561 00:33:25,040 --> 00:33:27,240 Speaker 1: that's so complicated trying to figure out these Internet things. 562 00:33:27,320 --> 00:33:30,480 Speaker 1: It is, it really is. UM. And so from this 563 00:33:30,760 --> 00:33:36,520 Speaker 1: historic kind of archiving of attacks and and successful malware 564 00:33:36,920 --> 00:33:40,680 Speaker 1: installations in you know, in the Tibetan government, Um, the 565 00:33:40,720 --> 00:33:44,800 Speaker 1: investigators were able to ascertain that the trojan emails that 566 00:33:44,840 --> 00:33:47,560 Speaker 1: were being sent out because that that was the chosen 567 00:33:47,640 --> 00:33:52,080 Speaker 1: method of getting malware onto computers for his the office 568 00:33:52,280 --> 00:33:55,080 Speaker 1: of His Holiness, the Dalai Lama. And they were getting 569 00:33:55,080 --> 00:33:57,440 Speaker 1: more and more sophisticated. You know. They started out by 570 00:33:57,480 --> 00:34:01,200 Speaker 1: being like, hey, open this attachment and then came to 571 00:34:01,480 --> 00:34:03,840 Speaker 1: this thing that I have a screenshot of here, um, 572 00:34:03,840 --> 00:34:06,800 Speaker 1: which was how ghost rat came. It was one of 573 00:34:06,800 --> 00:34:10,520 Speaker 1: the emails that came ghost rat. So it came from 574 00:34:10,600 --> 00:34:13,800 Speaker 1: quote unquote campaigns at free Tibet dot com, which is 575 00:34:13,840 --> 00:34:19,000 Speaker 1: an actual email address that was actually like utilized for 576 00:34:19,320 --> 00:34:22,840 Speaker 1: free Tibet, which would have actually had contact with people 577 00:34:22,920 --> 00:34:25,879 Speaker 1: in the Office of His Holiness the Dalai Lama. So 578 00:34:26,160 --> 00:34:31,279 Speaker 1: I mean, like, by all intents and purposes, totally legit, right, 579 00:34:32,040 --> 00:34:34,440 Speaker 1: it would have been almost impossible to tell that it 580 00:34:34,520 --> 00:34:38,440 Speaker 1: wasn't from this actual campaign. And I say all of 581 00:34:38,480 --> 00:34:42,359 Speaker 1: this to say that it's totally reasonable that they got 582 00:34:42,360 --> 00:34:45,040 Speaker 1: infected because it was just like it would have been 583 00:34:45,040 --> 00:34:48,560 Speaker 1: impossible to tell. In fact, only eleven of thirty four 584 00:34:48,680 --> 00:34:51,880 Speaker 1: tested malware and anti virus softwares were able to detect 585 00:34:51,920 --> 00:34:56,759 Speaker 1: ghost rat. It was that deeply embedded in the little 586 00:34:57,080 --> 00:35:00,680 Speaker 1: as a trojan that I mean even most of the 587 00:35:00,719 --> 00:35:04,440 Speaker 1: software able to detect it or designed to detect it 588 00:35:04,640 --> 00:35:07,520 Speaker 1: were they were unable to do that, which is crazy. 589 00:35:07,920 --> 00:35:10,920 Speaker 1: It was it was sophisticated enough. It's super sophisticated. It 590 00:35:11,040 --> 00:35:13,040 Speaker 1: was a clever little rat. You know, rats are good 591 00:35:13,040 --> 00:35:17,640 Speaker 1: at hiding a little crevices, they are. Yeah. So this email, um, 592 00:35:17,719 --> 00:35:19,560 Speaker 1: I just put in here so we can look at 593 00:35:20,000 --> 00:35:23,120 Speaker 1: I'm just going to quickly describe this email just so 594 00:35:23,239 --> 00:35:25,800 Speaker 1: for you guys to be able to kind of visualize 595 00:35:25,840 --> 00:35:28,200 Speaker 1: what it would have looked like. It says it's from 596 00:35:28,280 --> 00:35:32,960 Speaker 1: campaigns at freed to bet dot org, not calm sorry. Um. 597 00:35:33,000 --> 00:35:36,400 Speaker 1: The subject is translation of Freedom Moment Movement I D 598 00:35:36,480 --> 00:35:40,440 Speaker 1: Book for Tibetans and Exile. And then it has basically 599 00:35:40,640 --> 00:35:44,440 Speaker 1: what is a format for a letter that's in the body, 600 00:35:44,840 --> 00:35:48,720 Speaker 1: and then it says attachment it's the same thing dot doc, 601 00:35:49,120 --> 00:35:52,280 Speaker 1: which would lead one to believe that, you know, here's 602 00:35:52,719 --> 00:35:56,799 Speaker 1: here's our English translation of this resource for you to 603 00:35:56,960 --> 00:35:59,439 Speaker 1: be using as a template. Right, here's what it looks 604 00:35:59,440 --> 00:36:02,120 Speaker 1: like in the body, and attached is a document that 605 00:36:02,160 --> 00:36:04,439 Speaker 1: you can edit because it's got places where you would 606 00:36:04,480 --> 00:36:07,759 Speaker 1: need to say, like this my name not you know, 607 00:36:07,800 --> 00:36:10,040 Speaker 1: insert your name here. Right. That's I mean, that's a 608 00:36:10,040 --> 00:36:13,520 Speaker 1: pretty high level of sophistication. I would fall for it, 609 00:36:13,520 --> 00:36:17,560 Speaker 1: to be totally honest with you, So, I mean, yeah, 610 00:36:17,719 --> 00:36:19,520 Speaker 1: I would fall for this, and I think you guys 611 00:36:19,600 --> 00:36:24,120 Speaker 1: probably would. If I actually read by emails, I would yeah, 612 00:36:24,320 --> 00:36:30,359 Speaker 1: And I know you don't, ye. So, um, you guys 613 00:36:30,400 --> 00:36:33,919 Speaker 1: ready for theories? I am cool. Well, we'll talk about 614 00:36:33,920 --> 00:36:36,560 Speaker 1: theories in a minute. It's everybody's favorite thing to hear 615 00:36:36,600 --> 00:36:43,040 Speaker 1: me say. Um. First, let's take a quick break. Add 616 00:36:43,040 --> 00:36:45,880 Speaker 1: that brown thing and the yellow thing. Now, put in 617 00:36:45,880 --> 00:36:48,880 Speaker 1: the squishy red thing, pour in the smelly white liquid, 618 00:36:49,200 --> 00:36:51,560 Speaker 1: stand there and wait for a bit. Now quickly cut 619 00:36:51,600 --> 00:36:53,960 Speaker 1: up the orange thing, another brown thing, and the sticky 620 00:36:53,960 --> 00:36:55,759 Speaker 1: green thing and the other green thing, and mess them 621 00:36:55,760 --> 00:36:59,560 Speaker 1: all together until they're unrecognizable. Oh and purry back over there, 622 00:36:59,560 --> 00:37:02,319 Speaker 1: because you're a red thing is smoking, which isn't a 623 00:37:02,360 --> 00:37:05,080 Speaker 1: good sign. Now take it all and dump it into 624 00:37:05,080 --> 00:37:07,600 Speaker 1: a pan and push it into the oven. Whatever you do, 625 00:37:07,600 --> 00:37:09,920 Speaker 1: don't forget to set the timer this time. Remember how 626 00:37:10,000 --> 00:37:12,320 Speaker 1: much smoke there was in the house last time you forgot. 627 00:37:12,800 --> 00:37:14,799 Speaker 1: And when the timer goes off, pull it out and 628 00:37:14,840 --> 00:37:18,239 Speaker 1: toss it onto the plates. When asked what it is, 629 00:37:18,600 --> 00:37:22,160 Speaker 1: just mumble a couple of syllables. When asked what that is, 630 00:37:22,760 --> 00:37:26,000 Speaker 1: just say French. Is this how it feels when you 631 00:37:26,040 --> 00:37:28,240 Speaker 1: try to make a meal from scratch? Well it doesn't 632 00:37:28,280 --> 00:37:31,560 Speaker 1: have to not. All ingredients are created equal, and thankfully, 633 00:37:31,800 --> 00:37:34,480 Speaker 1: for less than ten dollars a meal. Blue Apron delivers 634 00:37:34,520 --> 00:37:37,840 Speaker 1: delicious quality food courtesy of over a hundred and fifty 635 00:37:37,880 --> 00:37:42,000 Speaker 1: local farms, fisheries, and ranchers across the United States, right 636 00:37:42,040 --> 00:37:44,279 Speaker 1: to your door. It's no wonder why they are the 637 00:37:44,360 --> 00:37:48,160 Speaker 1: number one fresh ingredient and recipe delivery service in the country. 638 00:37:48,480 --> 00:37:51,800 Speaker 1: Some of the meals available in April, which I had 639 00:37:51,880 --> 00:37:55,920 Speaker 1: and it was fantastic. Was the parmesan crusted chicken and 640 00:37:56,040 --> 00:37:59,920 Speaker 1: creamy fettuccini and roasted broccoli. Okay, well I don't actually 641 00:38:00,280 --> 00:38:02,040 Speaker 1: like broccoli, so I didn't eat that part, but the 642 00:38:02,040 --> 00:38:05,040 Speaker 1: rest of it was great. So check out this week's 643 00:38:05,040 --> 00:38:08,280 Speaker 1: menu and get your first three meals free with free 644 00:38:08,280 --> 00:38:11,960 Speaker 1: shipping by going to blue Apron dot com slash thinking. 645 00:38:12,360 --> 00:38:14,680 Speaker 1: You'll love how it good, it feels and taste to 646 00:38:14,760 --> 00:38:18,320 Speaker 1: create incredible home cooked meals with Blue Apron. So don't wait, 647 00:38:18,760 --> 00:38:23,000 Speaker 1: that's blue Apron dot com slash thinking Blue Apron a 648 00:38:23,000 --> 00:38:29,680 Speaker 1: better way to cook. So you stop burning things and 649 00:38:29,760 --> 00:38:34,399 Speaker 1: we're back. Hi, I'm not looking for that sandwich anymore. Yeah, 650 00:38:34,520 --> 00:38:37,000 Speaker 1: that other guy ate it now that I know that 651 00:38:37,320 --> 00:38:42,000 Speaker 1: dive ate it hat. That guy the worst TV is 652 00:38:42,040 --> 00:38:44,719 Speaker 1: the worst. He's right up there with oh such a 653 00:38:44,800 --> 00:38:46,920 Speaker 1: thing as new sandwiches do? I think it might be 654 00:38:46,920 --> 00:38:51,840 Speaker 1: time to move on. Um, So we're gonna do typical 655 00:38:52,040 --> 00:38:56,400 Speaker 1: Devon fashion. Right, We've got two headings. One is China 656 00:38:57,120 --> 00:39:00,720 Speaker 1: and one is not China. So let's talk about China first. 657 00:39:01,440 --> 00:39:04,320 Speaker 1: As in, you mean China is responsible, that's what you 658 00:39:04,360 --> 00:39:07,759 Speaker 1: mean by China responsible or China not responsible. I just 659 00:39:07,760 --> 00:39:10,680 Speaker 1: want to talk about China. Well, okay, let's talk about 660 00:39:10,680 --> 00:39:13,960 Speaker 1: the end. Let's talk about the history of China. Yeah. Actually, 661 00:39:14,560 --> 00:39:16,680 Speaker 1: let's talk about the history of China a little bit, 662 00:39:16,719 --> 00:39:20,320 Speaker 1: because we don't give us a lot of Actually, well, 663 00:39:20,440 --> 00:39:22,480 Speaker 1: it is actually a little pertinent to this case, and 664 00:39:22,640 --> 00:39:25,520 Speaker 1: that I mean, I'm hoping I guess at least that 665 00:39:25,640 --> 00:39:29,000 Speaker 1: most of you would already know why China might be 666 00:39:29,040 --> 00:39:34,280 Speaker 1: responsible for an attack of malicious nature on the exile 667 00:39:34,400 --> 00:39:38,400 Speaker 1: government of Tibet or the office of His Holiness the 668 00:39:38,480 --> 00:39:42,120 Speaker 1: Dali Lama. But if you don't, let me educate you 669 00:39:42,160 --> 00:39:45,279 Speaker 1: a little bit. Well, there's sticks, Yeah, there's the there's 670 00:39:45,320 --> 00:39:48,600 Speaker 1: bumper stickers, so that's a bigger and there's the flags, 671 00:39:48,600 --> 00:39:52,719 Speaker 1: which I've seen all over town. Yeah, so that they 672 00:39:52,800 --> 00:39:59,160 Speaker 1: don Yeah, they're doing it. They're totally working, really working 673 00:39:59,160 --> 00:40:02,839 Speaker 1: really well. No, Okay, So Tibet and China have been 674 00:40:02,840 --> 00:40:07,440 Speaker 1: fighting pretty much since like um ever, thirteen sixty eight 675 00:40:08,040 --> 00:40:10,480 Speaker 1: I think is the date. So it's generally accepted that 676 00:40:10,640 --> 00:40:14,319 Speaker 1: prior to thirteen sixty eight, Tibet and China were two 677 00:40:14,360 --> 00:40:19,640 Speaker 1: different places. And then it's also generally accepted that since 678 00:40:19,840 --> 00:40:24,960 Speaker 1: nineteen fifty nine with um will help from the CIA 679 00:40:24,960 --> 00:40:31,680 Speaker 1: and stuff that became a part of the People's Republic 680 00:40:31,719 --> 00:40:40,600 Speaker 1: of China. Yeah. Yeah, there's a huge debate that happens 681 00:40:40,600 --> 00:40:43,000 Speaker 1: around this. I would say it's similar to the debate 682 00:40:43,040 --> 00:40:49,480 Speaker 1: around the whole Palestine and Israel thing, but generally less bloody. Yeah, exactly, 683 00:40:49,800 --> 00:40:54,879 Speaker 1: because monks are much less likely to throw bombs accurate, Yes, 684 00:40:55,160 --> 00:41:01,719 Speaker 1: I mean correct, Yeah, it resistance through peace, yeah yeah, 685 00:41:01,760 --> 00:41:05,000 Speaker 1: but yeah, but essentially, yeah, the Chinese want that wanted 686 00:41:05,040 --> 00:41:07,680 Speaker 1: basically to run the place, and so they've been colonizing 687 00:41:07,680 --> 00:41:10,200 Speaker 1: and moving their population and kind of suppressing the native 688 00:41:10,239 --> 00:41:14,879 Speaker 1: culture of that. Yeah, that's that's not like colonialism at all, 689 00:41:15,600 --> 00:41:19,320 Speaker 1: not at all. So the Dali Lama is pretty central 690 00:41:19,360 --> 00:41:21,760 Speaker 1: to this, as he is functionally the leader of Tibet. 691 00:41:22,440 --> 00:41:27,319 Speaker 1: I think we're on our Dali Lama. I'm sorry, I 692 00:41:27,320 --> 00:41:29,960 Speaker 1: don't think we are as of today's recording. As of 693 00:41:30,040 --> 00:41:32,960 Speaker 1: today's recording, well, and if and if our current fourteenth 694 00:41:33,000 --> 00:41:37,000 Speaker 1: Doali Lama is to believe believed, he will probably be 695 00:41:37,080 --> 00:41:40,040 Speaker 1: the last. But more on that another time. Um. But 696 00:41:40,280 --> 00:41:42,839 Speaker 1: you know, the government is in exile and they are 697 00:41:42,880 --> 00:41:50,799 Speaker 1: not recognized as a government by pretty much any government. Yeah. Uh. 698 00:41:50,840 --> 00:41:53,759 Speaker 1: And so there's this kind of although it's kind of 699 00:41:53,800 --> 00:41:56,000 Speaker 1: a David and Goliath thing, right, I mean, there's this 700 00:41:56,160 --> 00:42:00,279 Speaker 1: giant China who's saying, no, Tibet, you're part of us, 701 00:42:00,440 --> 00:42:03,680 Speaker 1: and then literally the rest of their world is saying no, no, Tibet, 702 00:42:03,760 --> 00:42:07,440 Speaker 1: you're part of China, and Tibet's like but no. And 703 00:42:07,520 --> 00:42:12,400 Speaker 1: so somehow China should be responsible for this attack on 704 00:42:12,440 --> 00:42:15,680 Speaker 1: this tiny little thing. That is kind of I mean, 705 00:42:16,280 --> 00:42:22,600 Speaker 1: there's yeah, so I guess that's that's the reason why, 706 00:42:23,040 --> 00:42:25,319 Speaker 1: although I don't I don't really buy into that, but 707 00:42:25,719 --> 00:42:30,040 Speaker 1: I know that, you know, the Chinese, for example, the 708 00:42:30,040 --> 00:42:32,440 Speaker 1: whole Taiwan is has been going on for many decades, 709 00:42:32,520 --> 00:42:34,640 Speaker 1: and really, when you think about it, why the hell 710 00:42:34,680 --> 00:42:36,600 Speaker 1: shouldn't the Taiwan ease go their own way? I know 711 00:42:36,640 --> 00:42:38,680 Speaker 1: they claimed to be China too, but you know, what 712 00:42:38,760 --> 00:42:40,279 Speaker 1: the hell they want to They want to live on 713 00:42:40,320 --> 00:42:42,440 Speaker 1: their island and then have their gig. Why the hell not. 714 00:42:42,560 --> 00:42:45,440 Speaker 1: But for some reason, the mainland's very touchy about it, 715 00:42:45,600 --> 00:42:47,719 Speaker 1: you know. I mean, I but I agree the same 716 00:42:47,880 --> 00:42:51,120 Speaker 1: with Tbet, but I mean politics aside, it's kind of 717 00:42:51,200 --> 00:42:54,319 Speaker 1: it's odd to me that somebody would say, there's this 718 00:42:54,680 --> 00:43:01,640 Speaker 1: giant country that has functionally one debate, right, there is 719 00:43:01,719 --> 00:43:05,560 Speaker 1: functionally no debate on whether Tibet is its own thing 720 00:43:05,680 --> 00:43:09,040 Speaker 1: or not. And yet they are still thinking, Oh, you 721 00:43:09,080 --> 00:43:12,959 Speaker 1: know what would be fun, Let's infect all of these 722 00:43:12,960 --> 00:43:16,320 Speaker 1: computers all around the globe just to like see what's 723 00:43:16,320 --> 00:43:21,000 Speaker 1: going on. I I don't know. So basically powerless organization. 724 00:43:21,080 --> 00:43:25,280 Speaker 1: Basically it's they're they're going after what is essentially somebody 725 00:43:25,280 --> 00:43:28,520 Speaker 1: who has no pull anymore. Well, there's some religious pull, 726 00:43:28,600 --> 00:43:34,080 Speaker 1: but governmental politically, there's very little. I do actually think 727 00:43:34,120 --> 00:43:36,640 Speaker 1: that the Chinese are keeping an eye on in the 728 00:43:36,680 --> 00:43:43,279 Speaker 1: dollar Lama and the government nextile China's paranoid. But so 729 00:43:43,400 --> 00:43:46,800 Speaker 1: let's talk about some of the evidence that people present 730 00:43:46,880 --> 00:43:51,000 Speaker 1: to support that China was in charge of these are 731 00:43:51,040 --> 00:43:54,040 Speaker 1: responsible for these attacks. By the way, I just realized 732 00:43:54,400 --> 00:43:57,400 Speaker 1: this entire episode is going to get us banned in China. 733 00:43:56,880 --> 00:44:08,680 Speaker 1: Oh sorry, Chinese listeners, Dan, I already bought my Yeah, 734 00:44:10,480 --> 00:44:12,480 Speaker 1: I can't do my I can't do my episode about 735 00:44:12,480 --> 00:44:17,640 Speaker 1: the Fallen Gong anymore. So, uh, China, it turns out 736 00:44:17,880 --> 00:44:21,600 Speaker 1: actually acted on some information that was most likely gathered 737 00:44:21,680 --> 00:44:24,880 Speaker 1: from ghost Rat. The Office of his holiness, the Dalai 738 00:44:24,960 --> 00:44:30,680 Speaker 1: Lama sent an invitation to a diplomat, and China pretty 739 00:44:30,800 --> 00:44:37,120 Speaker 1: much immediately contacted said diplomat and said, um, hey, we 740 00:44:37,200 --> 00:44:39,719 Speaker 1: heard that the Dalai Lama invited you to this thing. 741 00:44:40,080 --> 00:44:44,000 Speaker 1: Don't go. And wasn't there an instance where they had 742 00:44:44,080 --> 00:44:49,160 Speaker 1: internally talked about sending somebody to China and China preemptively 743 00:44:49,280 --> 00:44:53,520 Speaker 1: denied any possible visa or travel requests or something like that. 744 00:44:53,920 --> 00:44:57,520 Speaker 1: And then there was another instance where a woman who 745 00:44:57,680 --> 00:45:00,719 Speaker 1: was Chinese who was living in Taiwan on wanted to 746 00:45:00,760 --> 00:45:03,359 Speaker 1: go back and visit her family in China, and when 747 00:45:03,400 --> 00:45:07,960 Speaker 1: she tried to cross over, some border governmental officials presented 748 00:45:08,000 --> 00:45:11,160 Speaker 1: her with like year's worth of chat logs of hers 749 00:45:11,239 --> 00:45:13,480 Speaker 1: and said like, you can't come in here, or you 750 00:45:13,520 --> 00:45:16,640 Speaker 1: have to stop interacting with people. But that one there 751 00:45:16,800 --> 00:45:20,520 Speaker 1: was something that they could have gotten, the information could 752 00:45:20,560 --> 00:45:23,880 Speaker 1: have Yes, that's true, Um, they could have. So actually, 753 00:45:23,920 --> 00:45:26,000 Speaker 1: let's just talk about this real quick. Um. One of 754 00:45:26,000 --> 00:45:31,280 Speaker 1: the researchers that was on the Info War Monitor research 755 00:45:31,440 --> 00:45:36,000 Speaker 1: team was a white hat hacker. You guys know what 756 00:45:36,040 --> 00:45:39,640 Speaker 1: a white hat hackers? Good guy. It's somebody who um, 757 00:45:39,680 --> 00:45:43,440 Speaker 1: a company would pay to expose their zero day vulnerabilities 758 00:45:43,480 --> 00:45:45,080 Speaker 1: and their back doors and things like that so that 759 00:45:45,120 --> 00:45:49,440 Speaker 1: they can patch them before black hat hackers can actually 760 00:45:49,480 --> 00:45:53,399 Speaker 1: infiltrate ye infiltrate their system. Basically, he's the guy that 761 00:45:53,480 --> 00:45:56,600 Speaker 1: you pay to come rob your house so he can 762 00:45:56,600 --> 00:45:59,600 Speaker 1: tell you how he robbed your house so that you 763 00:46:00,000 --> 00:46:03,000 Speaker 1: off leaving that window open. Oh, it's like that. It 764 00:46:03,040 --> 00:46:07,120 Speaker 1: takes a criminal show or whatever like that, except for 765 00:46:07,239 --> 00:46:09,560 Speaker 1: on computers. Would I would like to have been on 766 00:46:09,600 --> 00:46:11,600 Speaker 1: that show. You know, it's like, Okay, I'm gonna break 767 00:46:11,600 --> 00:46:13,439 Speaker 1: into his house by driving my car through the wall. 768 00:46:14,280 --> 00:46:16,400 Speaker 1: That show was so dumb because he would walk up 769 00:46:16,400 --> 00:46:23,040 Speaker 1: and like doors and locked. Great. So one of these 770 00:46:23,120 --> 00:46:28,720 Speaker 1: researchers was a white hat hacker named Nart Villaneus, and 771 00:46:29,120 --> 00:46:32,680 Speaker 1: he's actually the guy who figured out this other thing 772 00:46:33,000 --> 00:46:35,000 Speaker 1: that we were just talking about, and that is that 773 00:46:35,239 --> 00:46:40,000 Speaker 1: China was spying on their citizens with um the Chinese 774 00:46:40,040 --> 00:46:45,279 Speaker 1: state sponsored version of Skype. Who would have guessed that, 775 00:46:45,360 --> 00:46:49,520 Speaker 1: but they were like basically logging every single conversation and 776 00:46:49,600 --> 00:46:52,520 Speaker 1: chat that was happening through this system and keeping it 777 00:46:52,560 --> 00:46:55,000 Speaker 1: on file to use against their citizens if they ever 778 00:46:55,040 --> 00:46:59,040 Speaker 1: needed to. Basically, like what everybody says is like the 779 00:46:59,160 --> 00:47:01,640 Speaker 1: n s A is doing was actually happening in China. 780 00:47:02,320 --> 00:47:06,120 Speaker 1: I'm not surprised me neither. So this guy not. When 781 00:47:06,160 --> 00:47:10,680 Speaker 1: he was looking at the code for ghost rat and 782 00:47:10,800 --> 00:47:14,960 Speaker 1: during this investigation, found this string of twenty two characters 783 00:47:15,239 --> 00:47:18,760 Speaker 1: you know, in the malicious file. And I don't know why, 784 00:47:18,800 --> 00:47:23,919 Speaker 1: but he literally searched Google for it. But it gets better, 785 00:47:24,440 --> 00:47:28,480 Speaker 1: literally searched Google for it, and even more mind boggling, 786 00:47:28,840 --> 00:47:33,080 Speaker 1: Google actually returned something to him. They actually the search 787 00:47:33,160 --> 00:47:36,960 Speaker 1: found something, and Google sent him to a group of 788 00:47:37,000 --> 00:47:40,759 Speaker 1: computers off the coast of China that was unsecured and 789 00:47:40,840 --> 00:47:46,120 Speaker 1: without a password and basically housed the dashboard that let 790 00:47:46,280 --> 00:47:49,600 Speaker 1: him control all of the computers that were infected by 791 00:47:49,600 --> 00:47:52,359 Speaker 1: ghost rat. M hmm, that's interesting. I know I heard 792 00:47:52,360 --> 00:47:54,480 Speaker 1: about that too, and it does seem like they would 793 00:47:54,520 --> 00:47:59,399 Speaker 1: secure that it does so they were basically what Nart 794 00:47:59,440 --> 00:48:03,000 Speaker 1: did is he gave. He did He left a little 795 00:48:03,040 --> 00:48:07,040 Speaker 1: piece of bait, Yeah, a little honeypot for the hackers 796 00:48:07,040 --> 00:48:10,520 Speaker 1: to make sure that what he was viewing was actually 797 00:48:10,560 --> 00:48:13,160 Speaker 1: what he thought he was viewing. Um, they took the 798 00:48:13,200 --> 00:48:16,319 Speaker 1: bait and so on March twelve, two nine, he was 799 00:48:16,360 --> 00:48:19,000 Speaker 1: able to briefly gain control of one of the hackers 800 00:48:19,040 --> 00:48:23,400 Speaker 1: computers um and he watched a series of commands. Presumably 801 00:48:23,440 --> 00:48:27,759 Speaker 1: somebody in China was entering rummaging through the files that 802 00:48:27,760 --> 00:48:32,160 Speaker 1: were left in this honeypot, finding nothing, the hacker disappeared, 803 00:48:32,520 --> 00:48:36,480 Speaker 1: but they were able to find this little dashboard. We 804 00:48:36,560 --> 00:48:39,759 Speaker 1: have a dashboard on our website, right, it's you know, 805 00:48:39,800 --> 00:48:43,239 Speaker 1: the back end kind of controlling, and the entire dashboard 806 00:48:43,320 --> 00:48:46,239 Speaker 1: was in Chinese. And you know, they were able to, 807 00:48:46,320 --> 00:48:49,839 Speaker 1: like I said, manipulate the more than twelve hundred almost 808 00:48:50,680 --> 00:48:54,080 Speaker 1: computers that were infected by Ghostrat. At that point I 809 00:48:54,160 --> 00:48:55,880 Speaker 1: was reading about that, I was like, they went to 810 00:48:56,040 --> 00:48:58,239 Speaker 1: sort of a lengthy trial and error process trying to 811 00:48:58,280 --> 00:49:01,319 Speaker 1: figure out when all these different things did because it 812 00:49:01,360 --> 00:49:04,439 Speaker 1: was all in Chinese. That's kind of surprised. They never 813 00:49:04,840 --> 00:49:11,359 Speaker 1: just didn't go find somebody who spoke Chinese. But you know, 814 00:49:11,440 --> 00:49:14,600 Speaker 1: for me, I know, I'm presenting this as evidence for 815 00:49:14,680 --> 00:49:18,799 Speaker 1: it being China, but that just seems so dang convenient, 816 00:49:19,520 --> 00:49:23,200 Speaker 1: doesn't it. So they so let me just make sure 817 00:49:23,320 --> 00:49:26,640 Speaker 1: before because I have some questions and maybe some pros 818 00:49:26,680 --> 00:49:30,400 Speaker 1: and cons to this theory. But they traced it was 819 00:49:30,440 --> 00:49:33,440 Speaker 1: through Nort I think is his name. He was the 820 00:49:33,440 --> 00:49:36,640 Speaker 1: one who figured out that the servers were in chang 821 00:49:36,680 --> 00:49:39,080 Speaker 1: Do or wherever it was it was. It was not 822 00:49:39,200 --> 00:49:41,160 Speaker 1: chind Do, that one. That one was on off the coast. 823 00:49:41,160 --> 00:49:42,880 Speaker 1: It was on an island off the coast China. But 824 00:49:43,440 --> 00:49:47,200 Speaker 1: so it was in China, and so they figured that out. 825 00:49:47,239 --> 00:49:51,600 Speaker 1: But in all of their investigations of this of ghost 826 00:49:51,760 --> 00:49:54,799 Speaker 1: ghost Raight or ghost net, did were they able to 827 00:49:54,840 --> 00:50:00,319 Speaker 1: tell what the initial source of the infection was. No, 828 00:50:01,239 --> 00:50:03,680 Speaker 1: not as far as I can tell, because that I mean, 829 00:50:03,880 --> 00:50:05,520 Speaker 1: I don't know either. I didn't see any By the 830 00:50:05,560 --> 00:50:07,839 Speaker 1: time they found it, it was all over the place. Yeah, 831 00:50:07,880 --> 00:50:10,560 Speaker 1: And so that I mean, I think the thing of 832 00:50:10,760 --> 00:50:15,040 Speaker 1: ghost rat is that it it wasn't necessarily how you 833 00:50:15,280 --> 00:50:18,120 Speaker 1: are You may be thinking of it a different way. 834 00:50:18,360 --> 00:50:21,759 Speaker 1: You know, on TV, like one computer gets infected and 835 00:50:21,760 --> 00:50:24,000 Speaker 1: then it gets into the server and infects everything on 836 00:50:24,040 --> 00:50:29,120 Speaker 1: the servers rats and that makes ghost net right. But 837 00:50:29,680 --> 00:50:35,640 Speaker 1: the infection on this didn't necessarily spread from single like 838 00:50:35,719 --> 00:50:38,759 Speaker 1: you know, patient zero to server out to the things 839 00:50:38,800 --> 00:50:42,399 Speaker 1: on the server. It may have and I suspect did 840 00:50:42,600 --> 00:50:46,480 Speaker 1: on many occasions, they were single infection points. I was 841 00:50:46,520 --> 00:50:48,560 Speaker 1: introduced in a lot of places. I guess I was 842 00:50:48,600 --> 00:50:51,400 Speaker 1: just trying to figure out if they could catalog what 843 00:50:51,480 --> 00:50:54,719 Speaker 1: the earliest was, was to try and figure out where 844 00:50:54,719 --> 00:50:56,399 Speaker 1: it came from, because I don't think they were able 845 00:50:56,480 --> 00:51:00,200 Speaker 1: to ascertain how long ghost Net had been on any 846 00:51:00,239 --> 00:51:04,319 Speaker 1: given unit. Okay, yeah, no, no, that That's what I 847 00:51:04,360 --> 00:51:08,840 Speaker 1: was after because it makes me wonder if you know, well, 848 00:51:09,760 --> 00:51:14,640 Speaker 1: could somebody have been leaving a breadcrumb trail back to 849 00:51:15,120 --> 00:51:19,120 Speaker 1: a dummy server that is in China. So that's where 850 00:51:19,320 --> 00:51:23,080 Speaker 1: I'm like, well, maybe it isn't actually China's fault. But 851 00:51:24,000 --> 00:51:25,600 Speaker 1: but then I look at it and the other side 852 00:51:25,640 --> 00:51:27,359 Speaker 1: is that there's a lot of stuff that happens in 853 00:51:27,440 --> 00:51:34,040 Speaker 1: China that is done based on societal pressures. Do you 854 00:51:34,080 --> 00:51:38,680 Speaker 1: remember it's um did you guys ever read the about 855 00:51:38,680 --> 00:51:42,600 Speaker 1: the Great Chinese Famine? You know, Mao does this thing. 856 00:51:42,719 --> 00:51:44,719 Speaker 1: He says, we've got to we've got to do all 857 00:51:44,760 --> 00:51:47,360 Speaker 1: this stuff, we gotta make all this food, and people, 858 00:51:47,760 --> 00:51:52,640 Speaker 1: not wanting to look shameful to Mao, overestimate how much 859 00:51:52,640 --> 00:51:56,320 Speaker 1: they can make, and because they're falling short, that creates 860 00:51:56,360 --> 00:51:59,719 Speaker 1: this giant famine. And I wonder if the same thing 861 00:52:00,000 --> 00:52:05,000 Speaker 1: couldn't happen from an informational perspective of the whoever's in 862 00:52:05,120 --> 00:52:09,840 Speaker 1: charge says, listen, you have to infect you know, a hundred, 863 00:52:09,960 --> 00:52:13,040 Speaker 1: let's say just five hundred. Can you get five Oh, 864 00:52:13,080 --> 00:52:15,640 Speaker 1: we could definitely get eight hundred and get all kinds 865 00:52:15,640 --> 00:52:19,520 Speaker 1: of information. So they're they're just bombarding all these computers 866 00:52:19,560 --> 00:52:23,600 Speaker 1: that have no useful information. But the idea is they're 867 00:52:23,640 --> 00:52:29,200 Speaker 1: being They're telling their superiors we have infected x thousands, 868 00:52:29,239 --> 00:52:33,000 Speaker 1: and we are monitoring x thousands, and we're getting all 869 00:52:33,080 --> 00:52:35,879 Speaker 1: this great data, when indeed it turns out they're not 870 00:52:35,960 --> 00:52:39,919 Speaker 1: really getting anything of note, they're working really hard for it. 871 00:52:40,880 --> 00:52:42,600 Speaker 1: Did you see where I'm going with this? Is like 872 00:52:42,880 --> 00:52:46,440 Speaker 1: it could be a campaign just to look like it's 873 00:52:46,440 --> 00:52:51,000 Speaker 1: a successful campaign. Well, another another thing that could be is, uh, 874 00:52:51,040 --> 00:52:53,279 Speaker 1: you know, it could just be sending a message. I mean, 875 00:52:53,600 --> 00:52:57,080 Speaker 1: given their behavior, if it was a Chinese uh, and 876 00:52:57,160 --> 00:53:00,719 Speaker 1: given the fact that they essentially kind of established this 877 00:53:00,840 --> 00:53:03,600 Speaker 1: network that would be great for intelligence gathering, and then 878 00:53:03,600 --> 00:53:07,000 Speaker 1: it just kind of like blew their own network. Maybe 879 00:53:07,040 --> 00:53:09,640 Speaker 1: it was just all about sending a message. It might 880 00:53:09,680 --> 00:53:11,680 Speaker 1: have been a They got this on a lot of 881 00:53:11,680 --> 00:53:13,719 Speaker 1: computers in a lot of different places. And then just 882 00:53:13,800 --> 00:53:16,640 Speaker 1: you know, send a message to Dalai Lama and the 883 00:53:16,680 --> 00:53:20,000 Speaker 1: government and ext silence says, hey, we can watch everything 884 00:53:20,040 --> 00:53:23,759 Speaker 1: you do, and you know it's just another bullying technique. Yeah, 885 00:53:23,960 --> 00:53:29,120 Speaker 1: I mean they do watch officially. Unofficially, I guess actually 886 00:53:29,440 --> 00:53:31,520 Speaker 1: they do watch a lot of stuff. But I also 887 00:53:31,560 --> 00:53:33,759 Speaker 1: think that's too much data to watch. And that's why 888 00:53:33,800 --> 00:53:37,160 Speaker 1: I just wonder if this is an oddball, off handed 889 00:53:37,200 --> 00:53:43,799 Speaker 1: campaign to just look like they're watching even more foreign computers. 890 00:53:44,239 --> 00:53:46,560 Speaker 1: So look, we we can control it, because China has 891 00:53:46,600 --> 00:53:48,800 Speaker 1: said we're going to go to war on the internet, 892 00:53:48,800 --> 00:53:51,399 Speaker 1: even though officially they say they don't do that. There's 893 00:53:51,440 --> 00:53:55,240 Speaker 1: all kinds of reporting, the lots of lots of research 894 00:53:55,280 --> 00:53:58,120 Speaker 1: and development on that stuff. Yeah, so it it makes 895 00:53:58,160 --> 00:54:01,560 Speaker 1: me wonder if maybe it is is just this weirdo 896 00:54:01,800 --> 00:54:05,000 Speaker 1: thing that is going on, which if it's somebody who 897 00:54:05,040 --> 00:54:08,000 Speaker 1: doesn't is it very good at it and they're like, well, 898 00:54:08,000 --> 00:54:10,040 Speaker 1: we've got it, We've got infect as many as we can. 899 00:54:10,600 --> 00:54:13,279 Speaker 1: They may be not dotting all of their eyes and 900 00:54:13,280 --> 00:54:16,120 Speaker 1: crossing all of their tease, which means that would explain 901 00:54:16,480 --> 00:54:20,239 Speaker 1: for me at least why that, um what was it? 902 00:54:20,280 --> 00:54:25,600 Speaker 1: The control panel site was not password protected because they 903 00:54:25,600 --> 00:54:27,600 Speaker 1: were just they were just oblivious to the fact that 904 00:54:27,640 --> 00:54:30,759 Speaker 1: they could get traced. Well, I mean, I guess a 905 00:54:30,760 --> 00:54:35,640 Speaker 1: few counterpoints there, right. One is, um, this, as mentioned, 906 00:54:35,920 --> 00:54:42,239 Speaker 1: was an incredibly sophisticated trojan horse, and I get like, 907 00:54:42,320 --> 00:54:46,320 Speaker 1: genuinely cannot imagine the kind of person who can design 908 00:54:46,360 --> 00:54:51,640 Speaker 1: a trojan horse that is basically undetectable for the majority 909 00:54:51,880 --> 00:54:56,719 Speaker 1: of the malar softwares out there, but doesn't know, Hey, 910 00:54:56,920 --> 00:55:00,239 Speaker 1: maybe put a password on your dashboard that control rolls 911 00:55:00,239 --> 00:55:04,320 Speaker 1: all of those things. Secondly, they were able to trace 912 00:55:04,360 --> 00:55:06,920 Speaker 1: back to a lot of servers as mentioned, because they 913 00:55:07,000 --> 00:55:09,440 Speaker 1: knew where the servers were and all of those were 914 00:55:09,440 --> 00:55:12,960 Speaker 1: heavily encrypted except for this one, right, And so like 915 00:55:13,239 --> 00:55:16,200 Speaker 1: for there to have been just this one off just 916 00:55:16,320 --> 00:55:21,520 Speaker 1: for me seems more suspicious that it isn't than it is. 917 00:55:21,600 --> 00:55:25,840 Speaker 1: Does that make sense? It doesn't that it isn't China, 918 00:55:25,920 --> 00:55:28,000 Speaker 1: that it's like a red herring than it is. But 919 00:55:28,120 --> 00:55:31,680 Speaker 1: but it also makes me think of the October what 920 00:55:31,840 --> 00:55:38,279 Speaker 1: is this stupid that website? October one? Thank you could 921 00:55:38,360 --> 00:55:41,480 Speaker 1: not keep the number straight? Yes, okay, do you remember 922 00:55:41,520 --> 00:55:44,920 Speaker 1: in the beginning I found in the source code that 923 00:55:45,360 --> 00:55:48,480 Speaker 1: they were they were reflected from another site for like 924 00:55:48,880 --> 00:55:52,400 Speaker 1: a couple of days. Is their tester before they loaded 925 00:55:52,440 --> 00:55:55,040 Speaker 1: it all actually on their server, so I could see 926 00:55:55,040 --> 00:55:57,000 Speaker 1: it being the same thing, is what we set up 927 00:55:57,000 --> 00:56:00,320 Speaker 1: this control panel, it was our tester will pick set 928 00:56:00,400 --> 00:56:03,319 Speaker 1: later and we'll delete that and remove that. But let's 929 00:56:03,360 --> 00:56:07,840 Speaker 1: work on this and then you completely space it out. 930 00:56:07,040 --> 00:56:11,880 Speaker 1: I see that happen with major companies all the time. 931 00:56:12,760 --> 00:56:14,840 Speaker 1: You know, we set up the dummy log in the 932 00:56:15,160 --> 00:56:19,040 Speaker 1: test environment, and then we linked to the real environment 933 00:56:19,120 --> 00:56:21,960 Speaker 1: and forget to kill that link, and so somebody can 934 00:56:22,000 --> 00:56:24,320 Speaker 1: get in through. I mean, there's all kinds of stuff 935 00:56:24,360 --> 00:56:27,640 Speaker 1: like that. Yeah, that's fair. Stakes do get made. They do, 936 00:56:27,960 --> 00:56:30,359 Speaker 1: But I don't think it's trying to I think it's 937 00:56:30,360 --> 00:56:34,080 Speaker 1: somebody else. Well that's a big question. I actually don't 938 00:56:34,120 --> 00:56:35,640 Speaker 1: know who else. I think who is. I just think 939 00:56:35,640 --> 00:56:38,919 Speaker 1: it's not China because I really, I really think it's 940 00:56:38,960 --> 00:56:43,680 Speaker 1: just way too freaking convenient for me. I just think 941 00:56:43,680 --> 00:56:46,640 Speaker 1: it's too convenient, especially because, as you were saying, right, 942 00:56:47,000 --> 00:56:51,560 Speaker 1: if your goal is a long standing intelligence gathering operation 943 00:56:52,600 --> 00:56:55,480 Speaker 1: and you see an invitation go out to this person, 944 00:56:56,040 --> 00:57:00,120 Speaker 1: you are not going to go to that person and say, hey, 945 00:57:00,160 --> 00:57:03,600 Speaker 1: by the way that email that literally just came through, 946 00:57:04,239 --> 00:57:07,839 Speaker 1: don't accept it. You're gonna just you know, maybe even 947 00:57:07,880 --> 00:57:10,080 Speaker 1: wait a couple of days, like use some kind of 948 00:57:10,120 --> 00:57:13,720 Speaker 1: intelligence there where somebody who's competent in that role would 949 00:57:13,719 --> 00:57:17,120 Speaker 1: do that would wait, Yeah, somebody who's incompetent and doesn't 950 00:57:17,120 --> 00:57:20,880 Speaker 1: know how to handle that information would react. Or somebody 951 00:57:20,880 --> 00:57:23,920 Speaker 1: who was handed that information again as a red herring, 952 00:57:24,280 --> 00:57:27,240 Speaker 1: will react to that information versus somebody who knows the 953 00:57:27,320 --> 00:57:31,200 Speaker 1: kind of resources that were plugged into getting that information. Right. 954 00:57:31,280 --> 00:57:33,280 Speaker 1: But it's also a nice way to cover up another 955 00:57:33,320 --> 00:57:37,600 Speaker 1: intelligence source. Yeah, if you have actually spies and rats 956 00:57:37,760 --> 00:57:41,440 Speaker 1: within the organization, then you know you've got this thing here. 957 00:57:41,440 --> 00:57:45,000 Speaker 1: It's like our guy is close to being unmasked. Okay, 958 00:57:45,000 --> 00:57:48,760 Speaker 1: well we'll unmask our our computer penetration thing here, which 959 00:57:48,800 --> 00:57:52,200 Speaker 1: would account for that, and that keeps our guys safe. 960 00:57:52,480 --> 00:57:54,600 Speaker 1: So that's another way. This is like the whole that's 961 00:57:54,600 --> 00:57:56,600 Speaker 1: the thing about the whole intelligence business. You know, it 962 00:57:56,640 --> 00:58:00,640 Speaker 1: gets complicated, it's very complete. It's entirely possible to well. 963 00:58:00,680 --> 00:58:02,600 Speaker 1: And this is why I asked earlier as if they 964 00:58:02,600 --> 00:58:05,720 Speaker 1: were able to determine who was one of the early 965 00:58:05,720 --> 00:58:10,120 Speaker 1: infections was because it would be very clever to me 966 00:58:10,720 --> 00:58:15,880 Speaker 1: to infect yourself in one of your non vital computers 967 00:58:15,880 --> 00:58:20,680 Speaker 1: in the early batches, to make yourself look like a victim. 968 00:58:20,760 --> 00:58:25,440 Speaker 1: And it's found. Oh my gosh, you know, look at us, 969 00:58:25,720 --> 00:58:28,680 Speaker 1: We're a victim, just like everybody else. This is so weird. 970 00:58:28,760 --> 00:58:31,320 Speaker 1: They hacked this oddball computer. Oh look at this, We've 971 00:58:31,360 --> 00:58:33,840 Speaker 1: got all this grain inflating everybody. Nobody'll look at us 972 00:58:34,000 --> 00:58:36,560 Speaker 1: on the way telling the world, Hey, we're important. Obviously 973 00:58:36,600 --> 00:58:41,720 Speaker 1: we're very important. But if it's the long game, you 974 00:58:41,840 --> 00:58:44,960 Speaker 1: don't tell anybody. You just keep pulling the information and 975 00:58:45,120 --> 00:58:48,720 Speaker 1: using what you're gathering, like you're talking about, but nobody 976 00:58:48,760 --> 00:58:52,160 Speaker 1: looks at you. Investigate. I think Joe suggesting that Tibet 977 00:58:52,280 --> 00:58:55,920 Speaker 1: infected their own systems to make themselves look more important 978 00:58:55,920 --> 00:58:58,480 Speaker 1: than they are. See, I don't think. I don't think that. 979 00:58:58,600 --> 00:59:00,640 Speaker 1: I don't think that the office of his Holy List 980 00:59:00,680 --> 00:59:03,200 Speaker 1: of Dalai Lama would do that because it's to me 981 00:59:03,760 --> 00:59:07,640 Speaker 1: a little counter to what I understand their goals and 982 00:59:07,720 --> 00:59:10,480 Speaker 1: missions are. But maybe you're right, Maybe it is a 983 00:59:10,640 --> 00:59:13,960 Speaker 1: last ditch effort to to to buy for attention. I 984 00:59:14,000 --> 00:59:16,680 Speaker 1: don't know, or there are other reasons, you know, I 985 00:59:16,720 --> 00:59:18,840 Speaker 1: don't think that they're necessarily behaving like a bunch of 986 00:59:18,840 --> 00:59:21,640 Speaker 1: shallow and monks there. And you know, that's the way 987 00:59:21,640 --> 00:59:23,720 Speaker 1: the world is, you know, sometimes the shortest path that's 988 00:59:23,720 --> 00:59:25,920 Speaker 1: through the mud, you know, even if you're like, you know, 989 00:59:26,040 --> 00:59:30,640 Speaker 1: his holdiness of Dalai Lama. So let's just briefly talk 990 00:59:30,680 --> 00:59:33,360 Speaker 1: about the other people that it has been suggested it 991 00:59:33,400 --> 00:59:37,640 Speaker 1: could be. One is a uh as you were suggesting, Steve, 992 00:59:37,720 --> 00:59:42,480 Speaker 1: kind of patriotic hackers who aren't actually state sponsored, but 993 00:59:43,000 --> 00:59:46,360 Speaker 1: you know, are are hacking on behalf of China for instance, right. 994 00:59:46,760 --> 00:59:49,000 Speaker 1: Or Russia. I mean, we see this with a lot 995 00:59:49,040 --> 00:59:53,080 Speaker 1: of Russia, lots of patriotic hackers in Russia and America 996 00:59:53,160 --> 00:59:56,040 Speaker 1: as well. Um, and so then the next one would 997 00:59:56,040 --> 00:59:59,800 Speaker 1: be Russia. I don't know why, but Russia does seem 998 00:59:59,840 --> 01:00:04,920 Speaker 1: like posters. Maybe that's because maybe it's because I'm American 999 01:00:05,000 --> 01:00:07,680 Speaker 1: and I've been raised to believe that. But I think 1000 01:00:07,880 --> 01:00:14,120 Speaker 1: pretty much everybody, well, I mean I think everybody. Yeah, 1001 01:00:14,200 --> 01:00:16,800 Speaker 1: and again I don't see the benefit. It's not like 1002 01:00:16,800 --> 01:00:20,080 Speaker 1: Tibet is going to bomb China, right, I mean, there's 1003 01:00:20,080 --> 01:00:24,040 Speaker 1: not a lot of resources there. But but hey, I mean, 1004 01:00:24,160 --> 01:00:27,560 Speaker 1: maybe they just want to create or foster instability in 1005 01:00:27,560 --> 01:00:29,760 Speaker 1: the area, and that's a pretty good way to do it. 1006 01:00:29,880 --> 01:00:33,400 Speaker 1: But but ghost at is was I mean, what they 1007 01:00:33,480 --> 01:00:37,640 Speaker 1: found in those third less just shy of computers. They 1008 01:00:37,640 --> 01:00:41,760 Speaker 1: were all computers that were in I'm going to use 1009 01:00:41,800 --> 01:00:44,400 Speaker 1: the word network though it's not computer network, but they 1010 01:00:44,400 --> 01:00:49,080 Speaker 1: were in the same kind of political network. They were. 1011 01:00:49,120 --> 01:00:54,800 Speaker 1: They were embassy computers and stuff like that, right, So 1012 01:00:55,200 --> 01:00:58,080 Speaker 1: they had a reason to be communicating, which means that 1013 01:00:58,120 --> 01:01:01,440 Speaker 1: it's a it's a rather small pool to spread the 1014 01:01:01,520 --> 01:01:05,920 Speaker 1: infection across, but that doesn't mean that that infection hadn't 1015 01:01:06,040 --> 01:01:10,800 Speaker 1: also been dropped in other pools that had different spheres 1016 01:01:10,840 --> 01:01:14,800 Speaker 1: of contact than what the office of His Holiness the 1017 01:01:14,880 --> 01:01:18,040 Speaker 1: Dalai Lama had, because he's gonna have a very small 1018 01:01:18,040 --> 01:01:21,320 Speaker 1: group of people to contact, whereas you know, Billy the 1019 01:01:21,360 --> 01:01:24,400 Speaker 1: manager at kmart is going to have all of the 1020 01:01:24,520 --> 01:01:28,200 Speaker 1: kmart employees and and regional guys to talk to. You Like, 1021 01:01:28,440 --> 01:01:31,120 Speaker 1: it's spheres of inference. So this thing could be all 1022 01:01:31,200 --> 01:01:34,000 Speaker 1: over and nobody would really know. It might still be 1023 01:01:34,040 --> 01:01:36,440 Speaker 1: all over. It might just be that they didn't want 1024 01:01:36,480 --> 01:01:38,640 Speaker 1: to put it at a seminar into everywhere. It was 1025 01:01:38,680 --> 01:01:41,200 Speaker 1: just the Dalai Lama's office had the crappiest security in 1026 01:01:41,200 --> 01:01:45,440 Speaker 1: the world, and that's became ground zero for the infection. 1027 01:01:45,760 --> 01:01:50,320 Speaker 1: So what's the theory that stems from that? I guess 1028 01:01:50,320 --> 01:01:52,520 Speaker 1: what I'm getting at is, I don't I'm this is 1029 01:01:52,560 --> 01:01:56,360 Speaker 1: for it's not necessarily China. Is that this this bomb 1030 01:01:56,400 --> 01:01:58,960 Speaker 1: could have been dropped in a whole lot of small 1031 01:01:59,040 --> 01:02:03,280 Speaker 1: ponds and it just happens to be that we founded 1032 01:02:03,840 --> 01:02:09,440 Speaker 1: on this one group computer group that all are connected 1033 01:02:09,520 --> 01:02:14,520 Speaker 1: and have a connection to China because of that. Got it? Okay? 1034 01:02:14,560 --> 01:02:19,960 Speaker 1: Another possibility is the CIA, because again see everything right, 1035 01:02:20,000 --> 01:02:22,880 Speaker 1: they're kind of pot stirs, just like Russia. And then 1036 01:02:23,400 --> 01:02:28,640 Speaker 1: the final kind of idea is UM a stateless for 1037 01:02:28,840 --> 01:02:32,240 Speaker 1: profit group. Although again, you know, if we're gonna go 1038 01:02:32,280 --> 01:02:38,200 Speaker 1: run with Steve's theory, that makes more sense. But like, yeah, 1039 01:02:38,520 --> 01:02:41,200 Speaker 1: the office of His Holiness, the Dali Lama, Like I 1040 01:02:41,240 --> 01:02:44,000 Speaker 1: don't really get the profit there, But the Dalai Lama's 1041 01:02:44,040 --> 01:02:47,480 Speaker 1: office could have been an accident. Yeah, that's yeah, if 1042 01:02:47,480 --> 01:02:49,720 Speaker 1: we're going to run with that, I mean, it's it's random. 1043 01:02:49,760 --> 01:02:52,840 Speaker 1: Who do I get if I land in Joe's computer 1044 01:02:52,960 --> 01:02:55,760 Speaker 1: and I get all of Joe's contacts and Joe's contact 1045 01:02:56,240 --> 01:03:01,120 Speaker 1: all our jobless schmucks. Well, then I get no valuable information. 1046 01:03:01,160 --> 01:03:03,600 Speaker 1: But I land in Devon's inbox, and I get on 1047 01:03:03,680 --> 01:03:06,680 Speaker 1: Devon's computer, and Devon's connected to a whole bunch of 1048 01:03:06,720 --> 01:03:11,920 Speaker 1: high level ceo as. Whoo, I just hit the jackpot, baby. Yeah. Well, 1049 01:03:11,960 --> 01:03:15,840 Speaker 1: I mean with the one exception of the sophistication of 1050 01:03:15,880 --> 01:03:19,840 Speaker 1: the phishing emails, right, I mean, that's seriously targeted at 1051 01:03:20,120 --> 01:03:22,840 Speaker 1: the office of His holiness, the Dalai Lama and the 1052 01:03:22,880 --> 01:03:26,200 Speaker 1: Free to Bet Society at large list It is very 1053 01:03:26,280 --> 01:03:29,160 Speaker 1: likely that that email was copied from an email that 1054 01:03:29,440 --> 01:03:34,920 Speaker 1: some official source connected to the organization sent out. So 1055 01:03:35,440 --> 01:03:37,560 Speaker 1: anybody can get a hold of those kind of emails 1056 01:03:37,560 --> 01:03:39,919 Speaker 1: through the dark. Well, hey, I get these things from 1057 01:03:40,120 --> 01:03:43,800 Speaker 1: Viacom all the time, and I send out emails looking 1058 01:03:43,840 --> 01:03:49,440 Speaker 1: like Viacom or PayPal. We all get those faux PayPal emails. Yeah, 1059 01:03:49,480 --> 01:03:53,080 Speaker 1: but they're not half as sophist kid as these ones are. Actually, 1060 01:03:53,120 --> 01:03:56,840 Speaker 1: I've been getting some really good ones lately. I've seen 1061 01:03:56,920 --> 01:03:59,800 Speaker 1: some really good phishing scams. That's how you're telling us 1062 01:03:59,800 --> 01:04:02,120 Speaker 1: that all of our money is gone. No, no, no, 1063 01:04:02,560 --> 01:04:04,480 Speaker 1: it is not from the New Gold Teeth that I 1064 01:04:04,560 --> 01:04:08,400 Speaker 1: have in my grill either not at all. Okay, yeah, so, 1065 01:04:08,440 --> 01:04:11,560 Speaker 1: I mean again I don't really see the benefit. But 1066 01:04:11,680 --> 01:04:15,800 Speaker 1: a stateless, kind of for profit hacking group would make 1067 01:04:15,840 --> 01:04:18,160 Speaker 1: sense to me. I don't really see it either. I mean, 1068 01:04:18,480 --> 01:04:20,520 Speaker 1: what would they be doing. They could steal their data 1069 01:04:20,560 --> 01:04:24,400 Speaker 1: and then ransom, which happens occasionally system and ransom, and 1070 01:04:24,440 --> 01:04:26,040 Speaker 1: they haven't done that. So yeah, I don't know where 1071 01:04:26,080 --> 01:04:29,440 Speaker 1: exactly where the profit comes down. I mean, although again, 1072 01:04:29,640 --> 01:04:31,720 Speaker 1: you know, the fact that these servers are kind of 1073 01:04:31,720 --> 01:04:33,920 Speaker 1: all over the world does speak to the fact that 1074 01:04:33,960 --> 01:04:36,360 Speaker 1: it could be a you know, a vast reaching organization 1075 01:04:36,360 --> 01:04:41,320 Speaker 1: of people. But again, why so, I well, I don't 1076 01:04:41,320 --> 01:04:44,600 Speaker 1: think it's China. I don't know who I think it is. 1077 01:04:45,240 --> 01:04:48,320 Speaker 1: I'm gonna go with Russia because this Mirka and I 1078 01:04:48,360 --> 01:04:50,600 Speaker 1: have to blame everything on the Russians. There you go. 1079 01:04:51,280 --> 01:04:53,439 Speaker 1: It's awfully hard to tell me. Right now, we've got 1080 01:04:53,440 --> 01:04:57,160 Speaker 1: the big, you know, the so called Russian hacking scandal 1081 01:04:57,400 --> 01:05:01,560 Speaker 1: right here in America, and it's probably entirely bogus. I mean, 1082 01:05:01,600 --> 01:05:03,200 Speaker 1: there's no it's hard to say because it was just 1083 01:05:03,240 --> 01:05:06,360 Speaker 1: this revelation the CIA has techniques and software that allow 1084 01:05:06,520 --> 01:05:08,600 Speaker 1: them to do all kinds of hacking and leave Russian 1085 01:05:08,640 --> 01:05:11,200 Speaker 1: fingerprints behind and the little traces that looked like it 1086 01:05:11,280 --> 01:05:14,200 Speaker 1: might have been the Ruskies. Uh, it's it's hard to 1087 01:05:14,200 --> 01:05:16,040 Speaker 1: tell if that if there was any hacking at all, 1088 01:05:16,120 --> 01:05:18,720 Speaker 1: and said maybe somebody didn't just leak a bunch of information. 1089 01:05:19,040 --> 01:05:22,320 Speaker 1: I mean, it's just impossible to tell. Well, and there's 1090 01:05:22,360 --> 01:05:25,000 Speaker 1: there's there's a whole another way that this could be 1091 01:05:25,080 --> 01:05:30,160 Speaker 1: anybody other than China, and that is through Um, you 1092 01:05:30,200 --> 01:05:34,800 Speaker 1: guys have heard of mirrors, server mirrors, So for folks 1093 01:05:34,880 --> 01:05:36,960 Speaker 1: that don't know, this is how you get stuff off 1094 01:05:37,040 --> 01:05:39,400 Speaker 1: the Internet is there's a server that's got it, but 1095 01:05:39,440 --> 01:05:42,280 Speaker 1: there's a server somewhere which is a mirror image of it. 1096 01:05:42,840 --> 01:05:44,920 Speaker 1: And this is how our podcast gets out. Is it's 1097 01:05:44,960 --> 01:05:47,520 Speaker 1: what's called the CD and a content delivery network, and 1098 01:05:47,560 --> 01:05:50,440 Speaker 1: there's servers all over that a mirror each other, so 1099 01:05:50,480 --> 01:05:53,520 Speaker 1: that not everybody is pulling the data from the same 1100 01:05:53,600 --> 01:05:57,920 Speaker 1: server a k A. What happened to us for about 1101 01:05:58,080 --> 01:06:00,400 Speaker 1: six or nine months at one point because I didn't 1102 01:06:00,480 --> 01:06:04,840 Speaker 1: understand how the Internet work. Well, there's mirror servers, but 1103 01:06:05,240 --> 01:06:07,959 Speaker 1: I found out that there is also what is known 1104 01:06:08,200 --> 01:06:11,320 Speaker 1: as a witness server, and have you heard of this before. 1105 01:06:12,040 --> 01:06:14,800 Speaker 1: So he said yes. You said no, I said yes. 1106 01:06:14,840 --> 01:06:17,280 Speaker 1: He said now, okay, so explain it to Joe. Okay. 1107 01:06:17,280 --> 01:06:21,520 Speaker 1: So the way I understand what a witness Oh yeah, 1108 01:06:21,560 --> 01:06:25,520 Speaker 1: that won't get me in trouble. Y okay to him. 1109 01:06:25,840 --> 01:06:30,120 Speaker 1: So what I understand, sir, is that a witness server 1110 01:06:30,360 --> 01:06:34,040 Speaker 1: is a server that watches a group of servers. So 1111 01:06:34,080 --> 01:06:36,520 Speaker 1: it's one of them should be the primary server, and 1112 01:06:36,560 --> 01:06:40,160 Speaker 1: it watches all the others, and if something happens or 1113 01:06:40,280 --> 01:06:44,080 Speaker 1: goes wrong with the main server, that's uh, it will 1114 01:06:44,200 --> 01:06:47,439 Speaker 1: tell them, oh, switch to server number two. That's called 1115 01:06:47,520 --> 01:06:51,160 Speaker 1: fail over. So it's directing the it's saying, oh, you're 1116 01:06:51,240 --> 01:06:53,640 Speaker 1: number one. You get the majority of the traffic now, 1117 01:06:54,280 --> 01:06:57,520 Speaker 1: and you need to mirror and look like server three, 1118 01:06:57,560 --> 01:07:00,600 Speaker 1: four and five need to look like server one. But 1119 01:07:00,920 --> 01:07:04,320 Speaker 1: what I don't know is if it's possible to have 1120 01:07:04,600 --> 01:07:08,600 Speaker 1: a server in the network that the mirror is controlling, 1121 01:07:09,000 --> 01:07:14,640 Speaker 1: but the other mirrors do not know exist. So theoretically 1122 01:07:14,640 --> 01:07:17,640 Speaker 1: all the mirrors should know. What you know that they 1123 01:07:17,680 --> 01:07:21,960 Speaker 1: have five compatriots, but there could be a dark sixth 1124 01:07:22,000 --> 01:07:24,760 Speaker 1: compatriots out there. I mean, frankly, I'm sure that there's 1125 01:07:24,800 --> 01:07:28,000 Speaker 1: ways to mirror the witness I mean, or to spoof 1126 01:07:28,040 --> 01:07:30,720 Speaker 1: it actually would be a better term, so that you 1127 01:07:30,800 --> 01:07:34,360 Speaker 1: could just take over a whole set of servers and 1128 01:07:34,480 --> 01:07:38,760 Speaker 1: just kick the old guy offline and say, oh, hey, guys, sorry, 1129 01:07:39,200 --> 01:07:43,880 Speaker 1: I just renewed my I P here. I am I'm dynamics. 1130 01:07:43,960 --> 01:07:46,240 Speaker 1: So it's happening a lot here, I am, I'm in 1131 01:07:46,360 --> 01:07:48,680 Speaker 1: control of you. Now do all these changes and oops, 1132 01:07:48,680 --> 01:07:50,640 Speaker 1: we're going to switch over to the server over here. 1133 01:07:51,120 --> 01:07:53,600 Speaker 1: Server one, which has got all the content on it 1134 01:07:53,680 --> 01:07:59,360 Speaker 1: is theoretically supposedly no longer online script runs. It shoots 1135 01:07:59,400 --> 01:08:02,160 Speaker 1: all its day DA out, but officially it's off of 1136 01:08:02,240 --> 01:08:04,800 Speaker 1: its group network, so when it comes back in, the 1137 01:08:04,800 --> 01:08:07,520 Speaker 1: group doesn't know it's done. It like there's a whole 1138 01:08:07,720 --> 01:08:12,600 Speaker 1: bunch of really simple and really complex and clever ways 1139 01:08:13,320 --> 01:08:16,599 Speaker 1: that that kind of server arrangement could drop off. And 1140 01:08:16,640 --> 01:08:18,439 Speaker 1: then it looks like it's you know, the service are 1141 01:08:18,439 --> 01:08:21,479 Speaker 1: all housed in these places, and the one guy that 1142 01:08:21,520 --> 01:08:26,160 Speaker 1: we don't know about in Virginia is the site that 1143 01:08:26,240 --> 01:08:29,479 Speaker 1: all of that data is getting shot to. Yeah, I know, 1144 01:08:29,840 --> 01:08:33,400 Speaker 1: which is why I I'm I'm totally on board with 1145 01:08:33,520 --> 01:08:36,680 Speaker 1: the theory that it is not China I feel like 1146 01:08:36,720 --> 01:08:40,439 Speaker 1: they are the easy, easy answer. Yeah. Well again, I'm 1147 01:08:40,439 --> 01:08:43,160 Speaker 1: not sure who the hell else would be interested. But 1148 01:08:43,240 --> 01:08:45,960 Speaker 1: even even there's a lot of other political powers who 1149 01:08:45,960 --> 01:08:50,400 Speaker 1: would love to have information to potentially leverage. I mean, 1150 01:08:50,439 --> 01:08:52,439 Speaker 1: look at what we did. We we tracked all kinds 1151 01:08:52,479 --> 01:08:56,400 Speaker 1: of stupid stuff for fifty years in the intelligence community. 1152 01:08:56,520 --> 01:08:58,880 Speaker 1: That was for not but it was all for the 1153 01:08:58,880 --> 01:09:02,200 Speaker 1: hope that maybe one day that would pay off. Well. 1154 01:09:02,240 --> 01:09:05,000 Speaker 1: And if they were really smart hackers who were doing 1155 01:09:05,040 --> 01:09:07,800 Speaker 1: some kind of spoofing or server spoofing or anything like that, 1156 01:09:08,280 --> 01:09:11,200 Speaker 1: and you were targeting Tibet, of course you would say 1157 01:09:11,240 --> 01:09:13,920 Speaker 1: that everything was in China because it's the easy target 1158 01:09:14,240 --> 01:09:17,200 Speaker 1: from Tibet. So and if it was you know, if 1159 01:09:17,200 --> 01:09:21,920 Speaker 1: it was Palestine and Israel. So if they were to 1160 01:09:21,920 --> 01:09:25,760 Speaker 1: find this in Palestine, everybody would say, well, obviously it's 1161 01:09:25,840 --> 01:09:28,799 Speaker 1: Israel who's doing this. So you would leave the bread crumbs. 1162 01:09:29,160 --> 01:09:32,320 Speaker 1: Let's say, look it was them, it's their fault. Nobody 1163 01:09:32,360 --> 01:09:35,920 Speaker 1: notices where my system is shooting the external data to, 1164 01:09:36,240 --> 01:09:39,080 Speaker 1: you know, although you know, and that could be very 1165 01:09:39,400 --> 01:09:41,519 Speaker 1: very much true. Although I'm not sure that the Chinese 1166 01:09:41,520 --> 01:09:44,360 Speaker 1: would really give a damn about covering their tracks I 1167 01:09:44,400 --> 01:09:48,439 Speaker 1: think that the Tibetan's going to do well. But it's 1168 01:09:48,479 --> 01:09:50,800 Speaker 1: not the Tibetans that they'd be worried about, Joe. They 1169 01:09:50,840 --> 01:09:54,400 Speaker 1: would be worried about reprisals or reprimands from from other 1170 01:09:54,840 --> 01:09:57,519 Speaker 1: government bodies. And maybe those aren't the right where, you know, 1171 01:09:57,880 --> 01:10:00,719 Speaker 1: but they don't want I mean to a degree their 1172 01:10:00,960 --> 01:10:06,960 Speaker 1: brazen really care about public opinion. But to another extent 1173 01:10:07,240 --> 01:10:10,559 Speaker 1: they have to play by some of the set rules, 1174 01:10:10,800 --> 01:10:13,760 Speaker 1: whether they want to or not. Well, so I mean 1175 01:10:13,840 --> 01:10:17,960 Speaker 1: that's the That's the thing, right, is that like they 1176 01:10:17,960 --> 01:10:22,880 Speaker 1: functionally aren't covering their tracks. I mean they are being clandestine, right, 1177 01:10:22,960 --> 01:10:26,799 Speaker 1: They are hiding a little bit that you know, if 1178 01:10:26,840 --> 01:10:29,400 Speaker 1: if they were the people who did this, right, they 1179 01:10:29,439 --> 01:10:33,040 Speaker 1: have hidden this on people's computers, but everything tracks back 1180 01:10:33,080 --> 01:10:36,120 Speaker 1: to them, that tracks back to servers in China. So 1181 01:10:36,160 --> 01:10:38,839 Speaker 1: it can't be proved to be government. They're not government servis. 1182 01:10:39,479 --> 01:10:41,559 Speaker 1: But so it's not as though there's some you know, 1183 01:10:41,600 --> 01:10:44,880 Speaker 1: they were like spoofing or like buying server space and 1184 01:10:44,920 --> 01:10:47,639 Speaker 1: like other places to hide the fact that it was China. Again, 1185 01:10:47,680 --> 01:10:51,240 Speaker 1: if it was China, right, the their servers right there, 1186 01:10:51,280 --> 01:10:54,639 Speaker 1: they track right back to China. They're on Chinese soil, 1187 01:10:54,720 --> 01:10:58,160 Speaker 1: therefore they must be sanctioned by China. I'm the only 1188 01:10:58,160 --> 01:11:01,360 Speaker 1: thing they're hiding is the thing that has to be 1189 01:11:01,400 --> 01:11:04,519 Speaker 1: hidden to get information. So I guess I don't see 1190 01:11:04,560 --> 01:11:07,640 Speaker 1: them actually covering their tracks if it is them, but 1191 01:11:07,760 --> 01:11:12,400 Speaker 1: I don't. I don't think it's them. Okay, So yeah, 1192 01:11:13,320 --> 01:11:15,800 Speaker 1: a new question again. It could be a lot of people. 1193 01:11:15,880 --> 01:11:19,320 Speaker 1: Could be the CIA, just for the sheer freaking hell 1194 01:11:19,400 --> 01:11:22,000 Speaker 1: of it. Yeah, I think it's probably the Chinese did 1195 01:11:22,000 --> 01:11:24,519 Speaker 1: it just for the heck of it. Could be some intern, 1196 01:11:25,320 --> 01:11:29,439 Speaker 1: some CI A intern. Hey, I wrote this program, boss, Yeah, 1197 01:11:29,600 --> 01:11:33,759 Speaker 1: just send it out to somebody. See, holy crap, it works. 1198 01:11:34,200 --> 01:11:36,920 Speaker 1: Speaking of interns, are we sure that Justin isn't the 1199 01:11:37,080 --> 01:11:40,519 Speaker 1: one who did this? Probably was, Yeah, I don't know. 1200 01:11:40,560 --> 01:11:43,599 Speaker 1: I've seen him trying to type on his phone, that's true. Okay, 1201 01:11:43,720 --> 01:11:46,680 Speaker 1: anything else, for the good of the order of this podcast, 1202 01:11:49,640 --> 01:11:54,000 Speaker 1: what are we ordering? I'd like a new sandwich chips um. So, 1203 01:11:54,280 --> 01:11:56,200 Speaker 1: as I said, we're going to post the link to 1204 01:11:56,280 --> 01:11:59,720 Speaker 1: the fifty three page pdf UM as well some other 1205 01:11:59,800 --> 01:12:03,559 Speaker 1: link on the website. That website is Thinking Sideways podcast 1206 01:12:03,640 --> 01:12:06,639 Speaker 1: dot com. You can also find links to merch there. 1207 01:12:06,840 --> 01:12:10,400 Speaker 1: If you want to buy, like a sticker or a 1208 01:12:10,560 --> 01:12:13,519 Speaker 1: shirt or or anything like that, you can do that. There. 1209 01:12:13,920 --> 01:12:18,400 Speaker 1: We are on iTunes. You can basically download and listen 1210 01:12:18,439 --> 01:12:21,800 Speaker 1: to us anywhere or stream us anywhere. And frankly, if 1211 01:12:21,840 --> 01:12:23,320 Speaker 1: you've gotten to this point and you don't know how 1212 01:12:23,320 --> 01:12:25,280 Speaker 1: to listen to us, then I need you to write 1213 01:12:25,360 --> 01:12:29,679 Speaker 1: us an email because I'd like to know that. Um. 1214 01:12:29,720 --> 01:12:33,760 Speaker 1: But if whatever service you're using allows you to subscribe, 1215 01:12:33,800 --> 01:12:35,920 Speaker 1: you should do that. If it allows you to leave 1216 01:12:36,000 --> 01:12:38,400 Speaker 1: a rating and a review, you should do that. A 1217 01:12:39,120 --> 01:12:41,439 Speaker 1: child how to do that if they're the one who 1218 01:12:41,439 --> 01:12:45,080 Speaker 1: brought you here, um, five star ratings. By the way, 1219 01:12:45,280 --> 01:12:48,439 Speaker 1: we're on social media. We've got Facebook page and a group. 1220 01:12:48,479 --> 01:12:50,920 Speaker 1: If you're looking for discussion, join the group. If you're 1221 01:12:51,840 --> 01:12:54,479 Speaker 1: looking for I actually don't know why anyone would like 1222 01:12:54,479 --> 01:13:00,360 Speaker 1: our page, so an interesting links, interesting links in our ssodes, 1223 01:13:00,600 --> 01:13:03,519 Speaker 1: So like the page, joined the group. We're on Twitter. 1224 01:13:03,560 --> 01:13:06,960 Speaker 1: We're Thinking Sideways. We also have a subreddit that's a 1225 01:13:07,000 --> 01:13:10,720 Speaker 1: little sleepy right now, but that's Thinking Sideways. There's a 1226 01:13:10,760 --> 01:13:15,599 Speaker 1: trend here. You can email us Thinking Sideways podcast at 1227 01:13:15,680 --> 01:13:20,320 Speaker 1: gmail dot com. We take suggestions, we take feedback, we 1228 01:13:20,439 --> 01:13:25,160 Speaker 1: take general praise. We take questions, we take you name it, 1229 01:13:25,200 --> 01:13:29,840 Speaker 1: we take it. Money. No, we don't take money anymore, money, photographs, 1230 01:13:30,160 --> 01:13:33,599 Speaker 1: anything you want to send us, we'll take it. That's fine, 1231 01:13:33,680 --> 01:13:37,760 Speaker 1: and we'll probably respond even nine percent of the time 1232 01:13:37,760 --> 01:13:42,040 Speaker 1: we did. H Yeah, as long as you're not sending 1233 01:13:42,120 --> 01:13:45,360 Speaker 1: us ghost rat, we're good. Please don't send us. Appreciate that. 1234 01:13:46,040 --> 01:13:48,840 Speaker 1: All of that having been said, I think we're going 1235 01:13:48,880 --> 01:13:52,120 Speaker 1: to go ahead and ghost on out of here. Me 1236 01:13:52,160 --> 01:13:55,479 Speaker 1: and my USB drive. What I was waiting for one 1237 01:13:55,479 --> 01:13:59,960 Speaker 1: of you to do the Monty Python clickity clack, coconut 1238 01:14:00,080 --> 01:14:07,040 Speaker 1: horse noise for the Trojan chicken. The Trojan Chicken. Yeah, okay, 1239 01:14:07,040 --> 01:14:08,040 Speaker 1: bye guys. By