1 00:00:10,800 --> 00:00:14,160 Speaker 1: Hello, and welcome to another episode of the ad Thoughts podcast. 2 00:00:14,240 --> 00:00:17,880 Speaker 1: I'm Tracy Alloway and I'm Joe. Wisn't thal so Joe. 3 00:00:18,079 --> 00:00:22,840 Speaker 1: Clearly a lot still going on with Russia's invasion of Ukraine, 4 00:00:22,920 --> 00:00:25,800 Speaker 1: but one of the big talking points in the past 5 00:00:25,840 --> 00:00:30,280 Speaker 1: couple of weeks has been this idea of a retaliatory 6 00:00:30,320 --> 00:00:35,640 Speaker 1: response from Russia, not necessarily in the sense of traditional warfare, 7 00:00:36,040 --> 00:00:39,839 Speaker 1: but in the form of cyber warfare. Right, So, this 8 00:00:39,920 --> 00:00:43,360 Speaker 1: has always been a source of concern, going back for 9 00:00:43,440 --> 00:00:48,199 Speaker 1: several years, long before the existing conflict. What are Russia's 10 00:00:48,240 --> 00:00:52,519 Speaker 1: cyber warfare capabilities, how weak is the rest of the world, 11 00:00:52,600 --> 00:00:57,040 Speaker 1: how exposed is critical infrastructure and so forth? As of now, 12 00:00:57,600 --> 00:00:59,560 Speaker 1: you know, I don't think this has been a huge 13 00:01:00,080 --> 00:01:05,040 Speaker 1: spect of the current conflict. Traditional violent warfare is sort 14 00:01:05,080 --> 00:01:08,600 Speaker 1: of being the story, but it is always lurking out 15 00:01:08,640 --> 00:01:12,080 Speaker 1: there as a risk. Yeah, there have been some rumblings 16 00:01:12,120 --> 00:01:15,560 Speaker 1: of potential attacks. I saw something in um der Spiegel 17 00:01:15,760 --> 00:01:20,640 Speaker 1: this morning about possibly a hack of satellites that might 18 00:01:20,680 --> 00:01:24,680 Speaker 1: have been impacting Ukraine. So there are sort of rumblings 19 00:01:24,680 --> 00:01:28,039 Speaker 1: of this, uh, you know, some accusations lurking in the background, 20 00:01:28,120 --> 00:01:31,080 Speaker 1: but we haven't seen anything. Let's say, we haven't seen 21 00:01:31,120 --> 00:01:35,039 Speaker 1: anything major yet. And I feel like cyber security risks, 22 00:01:35,080 --> 00:01:37,199 Speaker 1: it's one of those things that you you always see 23 00:01:37,240 --> 00:01:40,520 Speaker 1: people mention as a sort of left tail risk. You 24 00:01:40,560 --> 00:01:43,920 Speaker 1: see lots of analyst notes about it, but no one 25 00:01:44,000 --> 00:01:47,919 Speaker 1: really talks about it in concrete terms. It always seems 26 00:01:47,960 --> 00:01:52,280 Speaker 1: to be just this vague threat lurking in the background. Yes, 27 00:01:52,400 --> 00:01:55,000 Speaker 1: and I think it's in part because, as you exactly say, 28 00:01:55,120 --> 00:01:58,880 Speaker 1: no one precisely knows what it would look like. Um. 29 00:01:58,920 --> 00:02:02,440 Speaker 1: I mean, obviously, companies are regularly getting hacked. We've seen 30 00:02:02,440 --> 00:02:06,200 Speaker 1: an increase over the years, and malware and ransomware, and 31 00:02:06,200 --> 00:02:09,800 Speaker 1: companies losing data, companies having to pay to bring factories 32 00:02:09,800 --> 00:02:12,680 Speaker 1: and infrastructure back online. Of course, I think it was 33 00:02:13,600 --> 00:02:17,000 Speaker 1: late or maybe early last year there was that pipeline 34 00:02:17,680 --> 00:02:20,200 Speaker 1: on the central part of the United States. So these 35 00:02:20,240 --> 00:02:24,080 Speaker 1: things recur, but I think it's very nebulous what that 36 00:02:24,200 --> 00:02:27,239 Speaker 1: risk actually looks like. So today I'm very pleased to 37 00:02:27,280 --> 00:02:30,360 Speaker 1: say we're going to try to get a firmer handle 38 00:02:30,480 --> 00:02:35,000 Speaker 1: on what cyber warfare risk might actually look like, and 39 00:02:35,320 --> 00:02:37,600 Speaker 1: we're gonna do it maybe a little bit differently um 40 00:02:37,639 --> 00:02:39,720 Speaker 1: to what we normally do. But today on the show, 41 00:02:39,760 --> 00:02:43,040 Speaker 1: we're gonna be talking to a hacker about what it 42 00:02:43,120 --> 00:02:47,040 Speaker 1: actually means to, you know, do cyber warfare to hack 43 00:02:47,080 --> 00:02:50,519 Speaker 1: into someone's systems, what the threat actually looks like, and 44 00:02:50,560 --> 00:02:54,760 Speaker 1: what is possible from a technological perspective. I'm really looking 45 00:02:54,760 --> 00:02:57,360 Speaker 1: forward to this sort of different from our normal path, 46 00:02:57,440 --> 00:03:01,040 Speaker 1: but of something important to be uh, to learn more that. Yeah, 47 00:03:01,400 --> 00:03:03,560 Speaker 1: so we're going to be speaking with Matt Swish. He 48 00:03:03,639 --> 00:03:07,760 Speaker 1: is the founder of Komi and incident response startup based 49 00:03:07,800 --> 00:03:10,440 Speaker 1: in Dubai, which is where I met him, and I 50 00:03:10,480 --> 00:03:14,040 Speaker 1: have to say he's definitely an expert on all of us. Matt, 51 00:03:14,120 --> 00:03:17,680 Speaker 1: Welcome to the show. Hi Trici, Hi Joe. Thanks for 52 00:03:17,800 --> 00:03:22,520 Speaker 1: inviting me. Looking forward talking with you about what cyber 53 00:03:22,600 --> 00:03:26,440 Speaker 1: war might look like. Yeah, so you have a bit 54 00:03:26,480 --> 00:03:28,720 Speaker 1: of expertise in this. I mean not just from the 55 00:03:28,760 --> 00:03:32,160 Speaker 1: hacking perspective, but uh, there are some Russian hackers who 56 00:03:32,160 --> 00:03:37,000 Speaker 1: seem to be obsessed with you. Is that right? Uh? Yeah, 57 00:03:37,200 --> 00:03:42,920 Speaker 1: so I assume you're referrain to the group called the 58 00:03:43,200 --> 00:03:46,680 Speaker 1: Shadow Brokers that mentioned me like few years back. Yeah. 59 00:03:46,760 --> 00:03:50,080 Speaker 1: So just for background, Uh, Matt and I met when 60 00:03:50,120 --> 00:03:54,200 Speaker 1: I was working in Abu Dhabi and Dubai. And this 61 00:03:54,360 --> 00:03:58,480 Speaker 1: was back when Shadow Brokers had a major um attack 62 00:03:58,520 --> 00:04:00,480 Speaker 1: and there was a lot of talk about them, and 63 00:04:00,520 --> 00:04:04,280 Speaker 1: they allegedly were a Russian group of hackers and they 64 00:04:04,320 --> 00:04:09,880 Speaker 1: seem to really I don't know, just focus on you, Matt. Yeah, 65 00:04:10,080 --> 00:04:13,040 Speaker 1: So I guess like one of the main reasons for 66 00:04:13,280 --> 00:04:16,120 Speaker 1: the focus at the time was mainly due to the 67 00:04:16,160 --> 00:04:20,280 Speaker 1: fact that I was analyzing a lot of the documents 68 00:04:20,279 --> 00:04:23,680 Speaker 1: that they were releasing. To date, that's one of the 69 00:04:24,760 --> 00:04:28,680 Speaker 1: group that released some of the most significant documents in 70 00:04:28,760 --> 00:04:32,880 Speaker 1: cyber security, like partly as significant as the snow Don 71 00:04:33,000 --> 00:04:36,560 Speaker 1: documents to give some context for the audience. And as 72 00:04:36,560 --> 00:04:42,680 Speaker 1: part of the release, they release operational notes and exploits 73 00:04:42,720 --> 00:04:47,440 Speaker 1: that belonged to the US government, particularly to the n ESSAY, 74 00:04:47,560 --> 00:04:52,760 Speaker 1: which is the Man intelligence agency in the US, where 75 00:04:52,760 --> 00:04:59,080 Speaker 1: they were exposing US intelligence capabilities. So those documents were released. 76 00:04:59,200 --> 00:05:02,200 Speaker 1: I was of the many people who are like analyzing 77 00:05:02,240 --> 00:05:05,440 Speaker 1: them and uh and like human and like you said, 78 00:05:05,480 --> 00:05:08,640 Speaker 1: you know, they've been mentioning me a few times so far. 79 00:05:08,800 --> 00:05:12,600 Speaker 1: Like the man assumption is that that group is affiliated 80 00:05:12,640 --> 00:05:16,840 Speaker 1: to the Rusian government, and like many times you know, 81 00:05:16,880 --> 00:05:18,760 Speaker 1: and that we I'm sure we're gonna talk about it 82 00:05:18,839 --> 00:05:22,240 Speaker 1: more in details. With cyber it's very out to know 83 00:05:23,560 --> 00:05:27,560 Speaker 1: who is doing what. Sometimes it texts years to find 84 00:05:27,640 --> 00:05:32,520 Speaker 1: enough evidence. Sometimes like governments know about something, but they 85 00:05:32,560 --> 00:05:36,160 Speaker 1: would not necessarily like released the information because they may 86 00:05:36,240 --> 00:05:41,760 Speaker 1: burn some source that they have to collect additional intelligence. 87 00:05:42,080 --> 00:05:45,039 Speaker 1: So it's always like very complicated when it comes to cyber, 88 00:05:45,800 --> 00:05:49,120 Speaker 1: especially with attribution. So usually you have to use the 89 00:05:49,279 --> 00:05:53,320 Speaker 1: common sense. But in terms of timing, these shadow bookers 90 00:05:53,400 --> 00:05:58,680 Speaker 1: were really active around twenty seventeen, which is around the 91 00:05:58,800 --> 00:06:02,240 Speaker 1: time where we start to see a lot of attacks 92 00:06:02,279 --> 00:06:07,400 Speaker 1: from Russia and Ukraine. Also when you say attribution is difficult, 93 00:06:07,440 --> 00:06:10,839 Speaker 1: I mean intuitively, of course that makes a lot of sense. 94 00:06:11,080 --> 00:06:13,719 Speaker 1: What are the type of evidence or what do the 95 00:06:13,760 --> 00:06:16,840 Speaker 1: certain like fingerprints, because you hear that a lot, there's 96 00:06:16,880 --> 00:06:21,000 Speaker 1: a hag and people suspect often suspect Russians, sometimes Chinese. 97 00:06:21,440 --> 00:06:25,080 Speaker 1: Are there certain characteristics of attacks or certain things you 98 00:06:25,160 --> 00:06:29,640 Speaker 1: look at to start to sort of engauge the origin 99 00:06:29,760 --> 00:06:34,600 Speaker 1: of an attacker. Uh, yeah, definitely, Like different attackers have 100 00:06:34,640 --> 00:06:40,040 Speaker 1: different motives and different groups organized that differently. So when 101 00:06:40,080 --> 00:06:42,960 Speaker 1: it comes to hear when we're talking about hackers, who 102 00:06:42,960 --> 00:06:45,640 Speaker 1: are talking about national states. We're not talking about someone 103 00:06:45,680 --> 00:06:49,000 Speaker 1: who's like alone in the bedroom trying to haick a 104 00:06:49,080 --> 00:06:51,760 Speaker 1: video game. Right, So, just to make sure it's clear 105 00:06:51,800 --> 00:06:54,640 Speaker 1: for the audience, who are talking about nation states carrying 106 00:06:54,920 --> 00:06:59,840 Speaker 1: uh intelligence, all military operations against other like nation states 107 00:07:00,120 --> 00:07:06,000 Speaker 1: companies sometimes critically critical infrastructures. Uh So when it comes 108 00:07:06,040 --> 00:07:09,039 Speaker 1: down to what it looks like in terms of fingerprints 109 00:07:09,040 --> 00:07:12,680 Speaker 1: when you're doing an investigation, uh, it is a good 110 00:07:12,760 --> 00:07:17,320 Speaker 1: question because at the beginning in the introdution chat, you're 111 00:07:17,320 --> 00:07:22,680 Speaker 1: wondering what cyber war, cyber warfare might look like, and 112 00:07:22,720 --> 00:07:27,520 Speaker 1: there's this conception that people have that cyber war is 113 00:07:27,520 --> 00:07:30,440 Speaker 1: going to be like completely different, something we haven't seen before, 114 00:07:31,320 --> 00:07:33,160 Speaker 1: that you know, it's just going to be like in 115 00:07:33,200 --> 00:07:36,160 Speaker 1: the medieval time where you see like people riding a 116 00:07:36,160 --> 00:07:38,160 Speaker 1: horse and instead of having salts, you know, they're gonna 117 00:07:38,160 --> 00:07:40,160 Speaker 1: have vented us and they're gonna start stabbing each other, 118 00:07:40,240 --> 00:07:44,120 Speaker 1: and then you use that as forensic evidence. The reality 119 00:07:44,160 --> 00:07:47,640 Speaker 1: is we have been seeing a lot of those happening 120 00:07:48,360 --> 00:07:52,200 Speaker 1: over the past years, probably more than ten years. You know, 121 00:07:52,360 --> 00:07:58,480 Speaker 1: like even back in the two thousand's when China acts Google, 122 00:07:58,560 --> 00:08:00,480 Speaker 1: you know that was a prettier signific come to one, 123 00:08:00,840 --> 00:08:03,080 Speaker 1: and that was one of the first time we saw 124 00:08:03,160 --> 00:08:08,559 Speaker 1: nation state attacking like an actual company and being able 125 00:08:08,680 --> 00:08:13,120 Speaker 1: to track it. So what we have been seeing more 126 00:08:13,160 --> 00:08:17,000 Speaker 1: and more is often like patterns between attacks, but also 127 00:08:17,080 --> 00:08:22,040 Speaker 1: like motives. So whenever it comes to attacks on critical 128 00:08:22,120 --> 00:08:26,880 Speaker 1: infrastructure in UH, let's say like Ukraine, so there is 129 00:08:26,920 --> 00:08:30,960 Speaker 1: a very short list of suspects that comes to mind. 130 00:08:31,720 --> 00:08:34,720 Speaker 1: Same thing when there's an attack happening like not Petya 131 00:08:34,760 --> 00:08:38,640 Speaker 1: in twenty seventeen that gets that gets released on the 132 00:08:38,720 --> 00:08:43,040 Speaker 1: independence day, So often, like the timing is very suspicious. 133 00:08:43,520 --> 00:08:46,320 Speaker 1: Same thing with the article that you mentioned that you 134 00:08:46,400 --> 00:08:49,520 Speaker 1: thought this morning, Tracy, with the asset, which is an 135 00:08:49,520 --> 00:08:58,719 Speaker 1: American company, when the satellites have been like UH attacked, 136 00:08:59,640 --> 00:09:03,560 Speaker 1: like the initial suspicion back so we're talking like back 137 00:09:03,559 --> 00:09:08,040 Speaker 1: on February twenty four when like around the same time 138 00:09:08,080 --> 00:09:11,920 Speaker 1: of the invasion. One of the suspicion was while that's 139 00:09:11,960 --> 00:09:15,640 Speaker 1: happening the same day that Russia is invading a crane, 140 00:09:16,000 --> 00:09:18,800 Speaker 1: so that was also one of the susipicition. So often 141 00:09:18,840 --> 00:09:20,680 Speaker 1: you would use the common sense when it comes to 142 00:09:20,679 --> 00:09:24,120 Speaker 1: a national state attackers, and then you would backtrack based 143 00:09:24,120 --> 00:09:26,920 Speaker 1: on what you have found and see if your assumption 144 00:09:27,000 --> 00:09:30,480 Speaker 1: makes sense or not. But it can be you would 145 00:09:30,480 --> 00:09:35,160 Speaker 1: find a malaware that's on the on the system. And 146 00:09:35,960 --> 00:09:38,360 Speaker 1: in some cases, like people kind of assumed that once 147 00:09:38,360 --> 00:09:40,560 Speaker 1: you are hacked, you know, like your screen is gonna 148 00:09:40,640 --> 00:09:43,760 Speaker 1: change color, is gonna become red or green most of 149 00:09:43,800 --> 00:09:48,880 Speaker 1: the time, like Cyberry is often used for like intelligence gathering, 150 00:09:49,280 --> 00:09:52,880 Speaker 1: so you not even know that people are in your system. Uh. 151 00:09:53,120 --> 00:09:57,760 Speaker 1: In some cases it may take like years before an attacker, 152 00:09:58,200 --> 00:10:02,800 Speaker 1: uh affected, So when you get hacked, a face doesn't 153 00:10:02,800 --> 00:10:08,680 Speaker 1: come up on your screen and start laughing exactly. Okay, 154 00:10:09,640 --> 00:10:15,120 Speaker 1: so now you know Joe um So you mentioned Matt 155 00:10:15,200 --> 00:10:18,719 Speaker 1: that this has been ongoing for some time, and this 156 00:10:18,800 --> 00:10:22,280 Speaker 1: is something that I've wondered about for a long time. 157 00:10:22,360 --> 00:10:26,719 Speaker 1: But why, I mean, if you know that Russia is 158 00:10:26,760 --> 00:10:28,560 Speaker 1: doing a lot of hacking, I mean along with some 159 00:10:28,640 --> 00:10:31,800 Speaker 1: other countries like China, North Korea maybe, but you know 160 00:10:31,840 --> 00:10:36,880 Speaker 1: that this is happening, why do nation states tolerated, Like 161 00:10:37,080 --> 00:10:42,240 Speaker 1: why hasn't this become a bigger area of concern for 162 00:10:42,320 --> 00:10:45,720 Speaker 1: the US in recent years? Or is it that it 163 00:10:45,880 --> 00:10:48,600 Speaker 1: is a major area of concern? But we just don't 164 00:10:48,600 --> 00:10:51,440 Speaker 1: see the response because it's all happening, you know, at 165 00:10:51,480 --> 00:10:54,920 Speaker 1: the back end of technological systems and UM with the 166 00:10:55,080 --> 00:11:00,000 Speaker 1: n s A and you know in sort of secret offices. Uh, 167 00:11:00,080 --> 00:11:04,240 Speaker 1: it is a good question. Actually it is happening. If 168 00:11:04,240 --> 00:11:07,719 Speaker 1: you go on the like the State Department website, you're 169 00:11:07,720 --> 00:11:12,720 Speaker 1: gonna find a lot of indictment against like like for instance, 170 00:11:12,800 --> 00:11:16,760 Speaker 1: like Russian officers that work for the g r U 171 00:11:17,160 --> 00:11:22,280 Speaker 1: or other like intelligence agencies. So for instance, like a 172 00:11:22,320 --> 00:11:26,520 Speaker 1: lot of the attacks on the twenties seventeen, there is 173 00:11:26,520 --> 00:11:31,120 Speaker 1: an indictment where six officers are being mentioned for a 174 00:11:31,120 --> 00:11:35,280 Speaker 1: lot of the damage that they have done, including like 175 00:11:35,679 --> 00:11:39,040 Speaker 1: the Olympic Games that have been you know, one of 176 00:11:39,120 --> 00:11:43,520 Speaker 1: the targets, including like the visitors, the host of the 177 00:11:43,559 --> 00:11:48,360 Speaker 1: Olympic Games, one of the electricity grid in Ukraine being 178 00:11:48,360 --> 00:11:52,319 Speaker 1: in target. Also the election in France at that time 179 00:11:52,760 --> 00:11:56,480 Speaker 1: when the emails from Emmanuel mcron had been released. H 180 00:11:57,240 --> 00:12:00,360 Speaker 1: t V five months also, which was a TV channel 181 00:12:00,400 --> 00:12:02,600 Speaker 1: that was acted in the past, you know, it was 182 00:12:02,640 --> 00:12:08,760 Speaker 1: linked to the delusion government. So the actual uh, proof 183 00:12:08,760 --> 00:12:11,960 Speaker 1: and accusation have been like published. A lot of it 184 00:12:12,000 --> 00:12:16,720 Speaker 1: is usually like policy work and don't done at a 185 00:12:16,760 --> 00:12:19,800 Speaker 1: political level. So that would explain why it takes so 186 00:12:19,880 --> 00:12:25,320 Speaker 1: much time and often very little UH can be done 187 00:12:25,320 --> 00:12:28,880 Speaker 1: in a short period of time, and often what we 188 00:12:28,920 --> 00:12:34,000 Speaker 1: would see in response would be sanctions on some of 189 00:12:34,040 --> 00:12:37,920 Speaker 1: the governments. So it is happening, but I think it's 190 00:12:37,920 --> 00:12:40,880 Speaker 1: happening at the pace where there are so many attacks 191 00:12:41,920 --> 00:12:45,960 Speaker 1: happening from different countries, like you mentioned like North Korea, friends, 192 00:12:46,000 --> 00:12:50,360 Speaker 1: and that had been like very active mostly for like 193 00:12:50,440 --> 00:12:53,680 Speaker 1: financial gains, like we remember the attack of the Central 194 00:12:53,679 --> 00:12:56,440 Speaker 1: Bank of Bangladesh for instance, where they try to steal 195 00:12:56,480 --> 00:13:00,120 Speaker 1: like one billion dollars uh, and we're money launde being 196 00:13:00,200 --> 00:13:04,000 Speaker 1: like happened in casinos in the Philippines. So like a 197 00:13:04,000 --> 00:13:06,760 Speaker 1: lot of information is public and non around like modus 198 00:13:06,840 --> 00:13:10,080 Speaker 1: apparently from like different like either groups that are working 199 00:13:10,080 --> 00:13:14,000 Speaker 1: independently or like some independently like for like a national state. 200 00:13:15,520 --> 00:13:18,920 Speaker 1: But it's such a complex problem that it's very up 201 00:13:19,000 --> 00:13:21,640 Speaker 1: to fix a bit like conflict all around the world. 202 00:13:37,520 --> 00:13:41,240 Speaker 1: So a nightmare scenario in the US. But I guess, 203 00:13:41,440 --> 00:13:46,280 Speaker 1: but anywhere is this idea of they're gonna hackers could 204 00:13:46,320 --> 00:13:50,760 Speaker 1: shut down critical infrastructure. Maybe the grid in New York 205 00:13:50,760 --> 00:13:54,200 Speaker 1: City just goes dark because of some hack attack? Is 206 00:13:54,240 --> 00:13:57,240 Speaker 1: that a realistic threat in your view? I mean that 207 00:13:57,360 --> 00:13:59,920 Speaker 1: I think comes to mind or we can't log in 208 00:14:00,000 --> 00:14:04,160 Speaker 1: to our banks or how like big pieces of infrastructure 209 00:14:04,200 --> 00:14:07,680 Speaker 1: that could disrupt society. He is that a plausible threat? 210 00:14:07,800 --> 00:14:11,560 Speaker 1: And be is that something that these types of hacker 211 00:14:11,640 --> 00:14:17,120 Speaker 1: groups are could could conceivably work on? Uh? Yeah, No, definitely. 212 00:14:17,200 --> 00:14:20,000 Speaker 1: And like I mentioned before, it happened in the past 213 00:14:20,080 --> 00:14:24,080 Speaker 1: with the Ukrainian like power grids. It happened like you know, 214 00:14:24,160 --> 00:14:28,040 Speaker 1: like in twenty fifteen and six at some point the 215 00:14:28,040 --> 00:14:31,080 Speaker 1: electricity like grid was down for like a few hours. 216 00:14:32,440 --> 00:14:34,520 Speaker 1: But one of the things to keep in mind is, 217 00:14:34,560 --> 00:14:36,560 Speaker 1: like I asked, those attacks have been happening over the 218 00:14:36,560 --> 00:14:42,120 Speaker 1: past ten years. Defense capabilities, you know also from like 219 00:14:42,200 --> 00:14:46,760 Speaker 1: different companies and like countries also like became more and 220 00:14:46,800 --> 00:14:52,040 Speaker 1: more um efficient because on one side you have the 221 00:14:52,040 --> 00:14:56,280 Speaker 1: attack curs that are like publishing their craft and becoming 222 00:14:56,320 --> 00:14:58,720 Speaker 1: more efficient. But also on the defense side, people are 223 00:14:58,800 --> 00:15:02,040 Speaker 1: becoming more aware of what of attack to expect. They're 224 00:15:02,080 --> 00:15:04,840 Speaker 1: becoming more resilient, like if something happens, you know, like 225 00:15:04,880 --> 00:15:07,760 Speaker 1: if any incident happens, like or do you investigate it? 226 00:15:07,800 --> 00:15:11,000 Speaker 1: So that's what you would usually call like incident response, 227 00:15:11,040 --> 00:15:14,440 Speaker 1: but also like all the recover like a system for 228 00:15:14,560 --> 00:15:19,720 Speaker 1: especially for like critical infrastructure, so regarding targeting like a 229 00:15:19,840 --> 00:15:23,840 Speaker 1: critical infrastructure. So we saw it like around two weeks 230 00:15:23,880 --> 00:15:27,000 Speaker 1: ago with the satellites, So with that company, Yea said, 231 00:15:27,440 --> 00:15:32,160 Speaker 1: So a lot of the actual like users that have 232 00:15:32,240 --> 00:15:37,280 Speaker 1: been targeted were like partly the Ukrainian military. So that's uh, 233 00:15:37,400 --> 00:15:41,200 Speaker 1: one of the attempts of like interfering with the infrastructure 234 00:15:41,360 --> 00:15:44,880 Speaker 1: for of like the target to like kind of slow 235 00:15:44,960 --> 00:15:50,320 Speaker 1: down or make communication like more difficult. But during that 236 00:15:50,320 --> 00:15:53,960 Speaker 1: that hack, you know, like unexpectedly like there's like three 237 00:15:54,000 --> 00:15:58,600 Speaker 1: thousands like wind, like when the turbines in Germany that 238 00:15:59,320 --> 00:16:03,080 Speaker 1: where should on you know, as like like the German 239 00:16:03,120 --> 00:16:08,440 Speaker 1: government was calling it cyber collateral damage, you know. Um, 240 00:16:08,480 --> 00:16:11,560 Speaker 1: so sometimes it may come in unexpected ways. But in 241 00:16:11,640 --> 00:16:17,520 Speaker 1: that scenario, what it meant is the access Internet was 242 00:16:17,560 --> 00:16:21,920 Speaker 1: not available anymore. But the actual electoral buying for instance, 243 00:16:22,240 --> 00:16:25,080 Speaker 1: why not damaged. It is just the communication link. You know. 244 00:16:25,160 --> 00:16:27,920 Speaker 1: It's like if someone would shut down like a cell 245 00:16:27,960 --> 00:16:29,960 Speaker 1: phone tower, it will not damage your phone, you will 246 00:16:30,040 --> 00:16:33,000 Speaker 1: just not be able to communicate. And we saw that 247 00:16:33,080 --> 00:16:36,200 Speaker 1: also at the beginning of the invasion, because there also 248 00:16:36,280 --> 00:16:40,840 Speaker 1: tis very weird aspect of the Russian military since the 249 00:16:40,880 --> 00:16:43,880 Speaker 1: beginning of the invasion, and that's kind of why a 250 00:16:43,880 --> 00:16:46,960 Speaker 1: lot of people are a bit uh skeptical on the 251 00:16:47,400 --> 00:16:51,240 Speaker 1: planning and the logistics of the Russian military on that 252 00:16:51,360 --> 00:16:55,720 Speaker 1: aspect is mostly around communications. They are still not necessarily 253 00:16:55,800 --> 00:16:59,160 Speaker 1: like using like military equipment. They still use like an 254 00:16:59,160 --> 00:17:02,000 Speaker 1: a lot of communication, but also like cell phones with 255 00:17:02,080 --> 00:17:06,320 Speaker 1: like Russian numbers. So at some point some of the 256 00:17:06,440 --> 00:17:11,800 Speaker 1: Ukrainian tell co Operato rejected like Russian numbers and they 257 00:17:11,800 --> 00:17:13,880 Speaker 1: were not able to communicate, and that to take over 258 00:17:14,040 --> 00:17:16,239 Speaker 1: a cell phone of civilians just to be able to 259 00:17:16,440 --> 00:17:18,919 Speaker 1: still communicate with each other. Well, there's a lot of 260 00:17:21,000 --> 00:17:25,000 Speaker 1: uh like communication aspect obviously when you conduct like a 261 00:17:25,040 --> 00:17:28,879 Speaker 1: military operation so like, and that's a completely different field. 262 00:17:28,920 --> 00:17:32,639 Speaker 1: You know, that's not not my specialty. But we do 263 00:17:32,720 --> 00:17:35,760 Speaker 1: see it happening because cyber war on its own does 264 00:17:35,800 --> 00:17:38,080 Speaker 1: not really like exist, you know, like cyber is a 265 00:17:38,119 --> 00:17:41,080 Speaker 1: component of war, and that's what we're seeing now. So 266 00:17:41,200 --> 00:17:44,520 Speaker 1: instead of seeing like a conventional war, we see like 267 00:17:44,680 --> 00:17:48,560 Speaker 1: this hybrid warfare happening in front of our eyes, where 268 00:17:48,600 --> 00:17:52,080 Speaker 1: like there's multiple aspect to it and a lot of 269 00:17:52,119 --> 00:17:55,320 Speaker 1: the actual attacks that we have seen also with Russia, 270 00:17:55,680 --> 00:17:58,720 Speaker 1: and that Russia is probably well known for and I'm 271 00:17:58,720 --> 00:18:02,920 Speaker 1: sure as journalists you're like yeah, like familiar with it 272 00:18:02,960 --> 00:18:06,440 Speaker 1: is also like disinformation and misinformation, like we have seen 273 00:18:07,160 --> 00:18:11,359 Speaker 1: what they call like active measures being used for a 274 00:18:11,359 --> 00:18:14,919 Speaker 1: long long time Russia today and Sputnik news have been 275 00:18:14,960 --> 00:18:19,000 Speaker 1: like banned in the EU now. So it took like 276 00:18:19,119 --> 00:18:22,360 Speaker 1: the invasion you know, of any Ropean country for them 277 00:18:22,400 --> 00:18:25,159 Speaker 1: to shut down those media. So, like to answer your 278 00:18:25,200 --> 00:18:26,960 Speaker 1: question of before like how come we don't see like 279 00:18:27,040 --> 00:18:31,720 Speaker 1: more thanks response from the governments, Well, that's a perfect example, 280 00:18:31,840 --> 00:18:35,679 Speaker 1: like we knew that was happening and it took the 281 00:18:35,720 --> 00:18:38,080 Speaker 1: invasion of an European country for them to do something 282 00:18:38,119 --> 00:18:42,000 Speaker 1: about it. Yeah. Um, I want to ask you this 283 00:18:42,040 --> 00:18:44,040 Speaker 1: is it might be a tricky question, I don't know, 284 00:18:44,119 --> 00:18:46,840 Speaker 1: but could you maybe walk us through a timeline of 285 00:18:47,080 --> 00:18:51,520 Speaker 1: what actually happens if say a nation state like Russia 286 00:18:51,640 --> 00:18:56,520 Speaker 1: hypothetically launches some store let's say some sort of malware 287 00:18:56,640 --> 00:19:05,359 Speaker 1: attack on a West Earn company or infrastructure utility type 288 00:19:05,400 --> 00:19:09,000 Speaker 1: thing like what happened? So the attack starts and then 289 00:19:09,040 --> 00:19:11,840 Speaker 1: can you walk us through what the actual response looks 290 00:19:11,880 --> 00:19:17,640 Speaker 1: like and when the attack stops. Uh yeah, I can't 291 00:19:17,640 --> 00:19:22,959 Speaker 1: even give you an example. So around Christmas, there is 292 00:19:23,000 --> 00:19:27,560 Speaker 1: a company called Solar Winds that was targeted. I think 293 00:19:27,560 --> 00:19:33,080 Speaker 1: it targeted earned like twenty thousands of their customers. So 294 00:19:34,119 --> 00:19:37,840 Speaker 1: and uh the and you have to keep in mind, 295 00:19:37,880 --> 00:19:41,320 Speaker 1: so like let's say, like you have twenty thou you know, 296 00:19:41,400 --> 00:19:45,159 Speaker 1: customers companies using the same software, and that was a 297 00:19:45,200 --> 00:19:48,240 Speaker 1: massive problem. Uh. It means that all of them have 298 00:19:48,320 --> 00:19:51,080 Speaker 1: been hacked. So what happened is what they did is 299 00:19:51,119 --> 00:19:53,840 Speaker 1: what we call the supply chain attack, you know, where 300 00:19:53,880 --> 00:19:57,320 Speaker 1: they managed to distribute a man issues update to all 301 00:19:57,359 --> 00:20:01,280 Speaker 1: their customers and whenever that update has distributed to all 302 00:20:01,320 --> 00:20:05,280 Speaker 1: their customers, that was their infection vector for all of 303 00:20:05,320 --> 00:20:09,920 Speaker 1: those companies. And that was partly, like to date, the 304 00:20:10,000 --> 00:20:17,480 Speaker 1: largest hack of foreign countries. That was uh your um, 305 00:20:18,520 --> 00:20:22,399 Speaker 1: your scandal obviously. Uh Like the White House blamed the 306 00:20:23,040 --> 00:20:28,360 Speaker 1: SVR agencies, which is like the foreign intelligence agency of 307 00:20:28,400 --> 00:20:35,280 Speaker 1: Russia for that attack. Uh So in that case, Uh yeah, 308 00:20:35,520 --> 00:20:39,400 Speaker 1: governments have been blaming, blaming and pointing fingers to Russia. 309 00:20:39,880 --> 00:20:43,840 Speaker 1: But out of that we didn't see like Munch coming 310 00:20:43,880 --> 00:20:47,879 Speaker 1: out of it. Uh in that case, and uh, in 311 00:20:48,000 --> 00:20:52,439 Speaker 1: that scenario, it took one cyber security company to be 312 00:20:52,520 --> 00:20:55,600 Speaker 1: a victim that I found out that they have been 313 00:20:55,640 --> 00:20:59,080 Speaker 1: infected by luck, and then more and more people started 314 00:20:59,119 --> 00:21:03,879 Speaker 1: to investigate and they realize, oh wow, like eighteen customers 315 00:21:03,880 --> 00:21:07,800 Speaker 1: from that company have been targeting and the madaware was 316 00:21:07,880 --> 00:21:12,720 Speaker 1: like spreading undetected. Our company is good at sharing cyber 317 00:21:12,840 --> 00:21:16,280 Speaker 1: information with each other because it is such a sensitive 318 00:21:16,320 --> 00:21:18,840 Speaker 1: topic and when you're under attack. On on the one hand, 319 00:21:18,880 --> 00:21:21,320 Speaker 1: I imagine you don't necessarily want to broadcast it to 320 00:21:21,359 --> 00:21:24,280 Speaker 1: the world. But on the other hand, you could argue 321 00:21:24,320 --> 00:21:27,479 Speaker 1: that you have a responsibility um to your customers clearly, 322 00:21:27,520 --> 00:21:31,760 Speaker 1: but also to other companies to flag a threat that 323 00:21:31,920 --> 00:21:37,560 Speaker 1: is actually happening. Yeah, very good question. Actually. Uh So 324 00:21:37,600 --> 00:21:41,920 Speaker 1: in the case of Solar Winds, Uh, if that cybersecurity 325 00:21:42,000 --> 00:21:45,280 Speaker 1: company that was a victim of the heck, UH didn't 326 00:21:45,440 --> 00:21:48,400 Speaker 1: raise the alarm saying all we found this, that's suspicious. 327 00:21:48,400 --> 00:21:50,680 Speaker 1: You know, then like people photoed up and that's like 328 00:21:50,800 --> 00:21:55,280 Speaker 1: you're mad where we found it present in other places? Uh, 329 00:21:55,480 --> 00:21:57,800 Speaker 1: people would not have been able to conclude that so 330 00:21:57,880 --> 00:22:02,520 Speaker 1: many customers were targeted. And in that scenario, like you're saying, 331 00:22:02,520 --> 00:22:08,360 Speaker 1: like the information sharing was very beneficial often for cyber security. 332 00:22:08,440 --> 00:22:10,359 Speaker 1: So you have like few companies that are like the 333 00:22:10,400 --> 00:22:16,199 Speaker 1: anti virus providers or endpoint security companies that have a 334 00:22:16,200 --> 00:22:19,280 Speaker 1: lot of visibility because of the telemetry they have on 335 00:22:19,400 --> 00:22:23,080 Speaker 1: millions of machines. So for them it's pretty good too 336 00:22:23,520 --> 00:22:28,160 Speaker 1: and pretty easy to see if something new like happens. 337 00:22:28,200 --> 00:22:31,320 Speaker 1: You know, in the case of Microsoft now which is 338 00:22:31,359 --> 00:22:34,879 Speaker 1: probably like the biggest cyber security company in the world, 339 00:22:35,280 --> 00:22:40,720 Speaker 1: are ironically they're very very good telemetry before the invasion. 340 00:22:41,359 --> 00:22:46,760 Speaker 1: So a wiper, which is a malaware that's designed to 341 00:22:46,960 --> 00:22:52,360 Speaker 1: erase the computer, was detected. So a few different security 342 00:22:52,440 --> 00:22:56,920 Speaker 1: vendors managed to detect it. Microsoft was one of them. 343 00:22:57,880 --> 00:23:00,160 Speaker 1: Because that's really good telemetry, they were able to take 344 00:23:00,280 --> 00:23:03,600 Speaker 1: it within like a few hours. Uh in that case. 345 00:23:03,680 --> 00:23:06,320 Speaker 1: You know, like what we noticed so far when it 346 00:23:06,320 --> 00:23:09,719 Speaker 1: comes to like cyber is there is a huge focus 347 00:23:09,800 --> 00:23:15,680 Speaker 1: on cyber before the war become actually kinetic, so either 348 00:23:15,760 --> 00:23:22,240 Speaker 1: to destabilize the enemy or to uh gather information. How 349 00:23:22,320 --> 00:23:25,199 Speaker 1: often you know you mentioned and I remember that the 350 00:23:25,240 --> 00:23:29,480 Speaker 1: Solar winds hack that used a patch uptake to distribute 351 00:23:29,480 --> 00:23:34,480 Speaker 1: mailware too solar winds clads. How often are cyber security 352 00:23:34,520 --> 00:23:40,240 Speaker 1: companies themselves the target of hackers? And this this you know, 353 00:23:40,320 --> 00:23:44,040 Speaker 1: this technique of using a cyber security update PADG to 354 00:23:44,160 --> 00:23:47,480 Speaker 1: distribute mailware? How common is that? And how interest in general? 355 00:23:47,480 --> 00:23:50,760 Speaker 1: How much of these companies themselves the target of attacks? 356 00:23:52,680 --> 00:23:56,000 Speaker 1: A very good questions? So so they are? And often 357 00:23:56,000 --> 00:23:58,560 Speaker 1: does it happen for like security companies to be like 358 00:23:58,640 --> 00:24:03,919 Speaker 1: targets Really happens all the time because of the assets 359 00:24:04,840 --> 00:24:07,680 Speaker 1: that they have, they're like toolings, like the tools, you know, 360 00:24:08,160 --> 00:24:12,240 Speaker 1: all the human resources they have, you know that could 361 00:24:12,280 --> 00:24:18,080 Speaker 1: include being targeted that conference or not. Uh, Like I 362 00:24:18,119 --> 00:24:22,080 Speaker 1: was like I was giving an example to to two traces. 363 00:24:22,160 --> 00:24:24,920 Speaker 1: So for instance, I was supposed to give a keynote 364 00:24:24,960 --> 00:24:29,320 Speaker 1: at security conference in Russia a few years ago before COVID. 365 00:24:29,600 --> 00:24:32,800 Speaker 1: So when you're before COVID, and I got denied of 366 00:24:33,000 --> 00:24:37,560 Speaker 1: entry uh in Russia, so at the airport. So I 367 00:24:37,600 --> 00:24:42,119 Speaker 1: was not able to deliver the keynote at that conference. Uh. 368 00:24:42,280 --> 00:24:45,720 Speaker 1: The official reason is because my visa was not valid. 369 00:24:46,560 --> 00:24:48,199 Speaker 1: Although I told them, I was like, you're the one 370 00:24:48,240 --> 00:24:49,760 Speaker 1: we shoot meet the visa. What do you mean it's 371 00:24:49,800 --> 00:24:52,760 Speaker 1: not valid? You know? And that I to fly back 372 00:24:52,800 --> 00:24:57,320 Speaker 1: on the next flight back to Dubai. So in that case, 373 00:24:57,359 --> 00:25:00,800 Speaker 1: you know, like uh and fun. You know, like there's 374 00:25:00,800 --> 00:25:04,040 Speaker 1: always stories in security conferences were like security researchers you know, 375 00:25:04,160 --> 00:25:07,639 Speaker 1: like are either like being followed or like someone like 376 00:25:07,720 --> 00:25:11,320 Speaker 1: quenty into like the hotel room. You know, there's a 377 00:25:11,320 --> 00:25:14,560 Speaker 1: bunch of like different stories like that. So when it 378 00:25:14,600 --> 00:25:18,080 Speaker 1: comes to like often like security companies or security researchers 379 00:25:18,080 --> 00:25:21,119 Speaker 1: are being targets, it happens a lot. It also happened 380 00:25:21,119 --> 00:25:24,320 Speaker 1: like last year where like a bunch of security researchers 381 00:25:24,359 --> 00:25:30,240 Speaker 1: were like active targets by North Korean hackers mostly like 382 00:25:30,359 --> 00:25:33,280 Speaker 1: to try to steal like tools from them or if 383 00:25:33,440 --> 00:25:37,480 Speaker 1: if they had any exploits. So for the audience and 384 00:25:37,640 --> 00:25:43,800 Speaker 1: exploit is what like groups or nation states can use 385 00:25:43,920 --> 00:25:47,360 Speaker 1: to directly like target the machine so they can get 386 00:25:47,680 --> 00:25:50,600 Speaker 1: an authorized access to a machine. So usually they have 387 00:25:51,119 --> 00:25:55,080 Speaker 1: if you have a security nobility in the software and 388 00:25:55,240 --> 00:25:58,080 Speaker 1: you have the software that can take advantage of it, 389 00:25:58,160 --> 00:26:00,480 Speaker 1: that's what we call an exploit. You have different tagories 390 00:26:00,560 --> 00:26:03,679 Speaker 1: of them, including what we callect zero. They exploit that 391 00:26:04,160 --> 00:26:07,919 Speaker 1: even software providers and not to wear off. So that 392 00:26:07,960 --> 00:26:12,159 Speaker 1: could be like Microsoft happened, and in some cases it 393 00:26:12,240 --> 00:26:16,679 Speaker 1: may even not even require like any user interaction to 394 00:26:16,840 --> 00:26:21,040 Speaker 1: be enabled. And in the case of the national state 395 00:26:21,960 --> 00:26:25,280 Speaker 1: type of hacking, because that requires a lot of R 396 00:26:25,320 --> 00:26:28,480 Speaker 1: and D, it is very expensive. Some of those exploits 397 00:26:28,480 --> 00:26:31,600 Speaker 1: like go for selling the like gray market for like 398 00:26:31,640 --> 00:26:35,520 Speaker 1: millions of dollars. And also like it's very complicated to 399 00:26:35,600 --> 00:26:38,960 Speaker 1: do because unlike traditional weapons, that's not something that you 400 00:26:39,000 --> 00:26:43,560 Speaker 1: can replicate. Each security vulnerability bug is going to be different, 401 00:26:44,200 --> 00:26:47,320 Speaker 1: and it requires a specific set of skill set to 402 00:26:47,320 --> 00:26:50,479 Speaker 1: be able to find and write an exploit. So in 403 00:26:50,520 --> 00:26:54,600 Speaker 1: the case of a full on like cyber war, a 404 00:26:54,640 --> 00:26:58,760 Speaker 1: lot of people were kind of expecting countries to stop 405 00:26:58,800 --> 00:27:01,440 Speaker 1: to use like exp it like left and right at 406 00:27:01,480 --> 00:27:06,879 Speaker 1: each other. But to go back to your other questions, Uh, 407 00:27:07,000 --> 00:27:10,240 Speaker 1: it's something that's very difficult to measure because it's not 408 00:27:10,359 --> 00:27:15,480 Speaker 1: like proper unit of measures for like often it happens, 409 00:27:15,600 --> 00:27:18,320 Speaker 1: that's only like when you know it happens, it's only 410 00:27:18,359 --> 00:27:23,119 Speaker 1: a small subset of the information that you have. Sometimes like, uh, 411 00:27:23,560 --> 00:27:26,760 Speaker 1: what's happening over the past two weeks and over the 412 00:27:26,800 --> 00:27:30,560 Speaker 1: next month, I'm pretty sure we're still gonna be analyzing it, 413 00:27:31,359 --> 00:27:36,080 Speaker 1: Like you know in three four years. Um, like some 414 00:27:36,160 --> 00:27:39,119 Speaker 1: of the tours that have been released by the Shadow Bokers, 415 00:27:39,320 --> 00:27:41,040 Speaker 1: a lot of the exploits were like four or five 416 00:27:41,119 --> 00:27:44,119 Speaker 1: years old in that case, and when they got released, 417 00:27:44,119 --> 00:27:48,119 Speaker 1: you know, it was uh, you know, like pretty it 418 00:27:48,200 --> 00:27:50,760 Speaker 1: got a lot of attention. Some of them have been 419 00:27:50,800 --> 00:27:54,760 Speaker 1: even like repurpose into some new malwares, including not Petia, 420 00:27:54,840 --> 00:27:58,959 Speaker 1: which will start getting Ukraine at the time. Um. So 421 00:27:59,040 --> 00:28:03,920 Speaker 1: it's very difficult to you have, yeah, pretty ironic. It's 422 00:28:04,000 --> 00:28:06,520 Speaker 1: it's pretty difficult to have like data on those things. 423 00:28:06,600 --> 00:28:09,199 Speaker 1: And keep in mind, like like you said before, when 424 00:28:09,240 --> 00:28:11,560 Speaker 1: you get hacked, you know, you don't get like some 425 00:28:11,720 --> 00:28:14,600 Speaker 1: face like showing up on your screen and some guy laughing. 426 00:28:14,880 --> 00:28:18,480 Speaker 1: But it is very important to uh to highlight actually 427 00:28:18,520 --> 00:28:24,240 Speaker 1: because cyber is mostly used for intelligence, so you want 428 00:28:24,320 --> 00:28:27,520 Speaker 1: to know what your target is doing, unless you just 429 00:28:27,560 --> 00:28:30,080 Speaker 1: want to steal money. You know, that's a completely different 430 00:28:30,080 --> 00:28:33,239 Speaker 1: category of cyber attack. So like do you have a 431 00:28:33,240 --> 00:28:35,639 Speaker 1: clear girl, you know what you're like, Okay, money's gone now, 432 00:28:35,840 --> 00:28:39,080 Speaker 1: Like if a crypto exchange is being hacked or Swift 433 00:28:39,480 --> 00:28:42,680 Speaker 1: service Brewer is being hacked, but most of the time 434 00:28:42,840 --> 00:28:46,720 Speaker 1: it is for intelligence and whenever you have access somewhere, 435 00:28:47,160 --> 00:28:49,720 Speaker 1: you want to make sure you keep your access. So 436 00:28:50,000 --> 00:28:55,880 Speaker 1: whatever though you use to enter the machines that you've 437 00:28:55,920 --> 00:28:59,280 Speaker 1: been targeting and where you are like feeling from in 438 00:28:59,400 --> 00:29:02,640 Speaker 1: terms of intelli agents, you don't want to lose that access. 439 00:29:02,720 --> 00:29:05,840 Speaker 1: And that's also one of the big suspicion, Like there 440 00:29:05,960 --> 00:29:10,240 Speaker 1: is cyber There are cyber attacks happening now, uh partly 441 00:29:10,280 --> 00:29:14,360 Speaker 1: on both sides, but we don't necessarily see them. In January, 442 00:29:14,520 --> 00:29:20,040 Speaker 1: there is uh a betar Russian group called the Cyberpartisan. 443 00:29:20,600 --> 00:29:23,720 Speaker 1: I don't know if you've heard about them, but they 444 00:29:23,720 --> 00:29:29,800 Speaker 1: are very organized, like they're all like independent, all anonymous, descentralized, 445 00:29:30,600 --> 00:29:34,720 Speaker 1: uh like twenty to thirty people. But what they did 446 00:29:34,760 --> 00:29:38,240 Speaker 1: back in January, when they started to see that Russia 447 00:29:38,360 --> 00:29:45,280 Speaker 1: started to ship military equipment from better Belarus, they started 448 00:29:45,320 --> 00:29:51,440 Speaker 1: to target the railway system of Belarrors. And this is 449 00:29:51,600 --> 00:29:56,680 Speaker 1: pretty interesting and very uh important to notice because so 450 00:29:56,760 --> 00:29:59,720 Speaker 1: far when you hear about like independent groups, you know 451 00:29:59,840 --> 00:30:04,920 Speaker 1: can of like radiated like counter attacking or doing something 452 00:30:05,200 --> 00:30:09,959 Speaker 1: mostly like shutting down website, changing a website. Here you 453 00:30:10,000 --> 00:30:14,520 Speaker 1: have an independent group that actually managed to create a 454 00:30:14,600 --> 00:30:20,760 Speaker 1: dent into like a big enemy to affect their logistics. 455 00:30:21,160 --> 00:30:25,400 Speaker 1: So by slowing down while by shutting down the railway system, 456 00:30:25,440 --> 00:30:30,480 Speaker 1: they were able to slow down the transportation of military equipment. 457 00:30:31,320 --> 00:30:36,640 Speaker 1: And the second objective, which is like suspected, is also 458 00:30:36,720 --> 00:30:40,160 Speaker 1: to create a doubt with the enemy in that case, 459 00:30:40,640 --> 00:30:45,600 Speaker 1: with versia, with the leadership, so to show that the 460 00:30:46,000 --> 00:30:51,120 Speaker 1: belaration UH allies was not were not necessarily like that reliable, 461 00:30:52,040 --> 00:30:58,280 Speaker 1: but also on their side once they realized that it 462 00:30:58,400 --> 00:31:01,920 Speaker 1: actually had been hacked, to create a doubt, saying while 463 00:31:02,000 --> 00:31:05,320 Speaker 1: if the railway system have been hacked, what Mexa on 464 00:31:05,560 --> 00:31:08,000 Speaker 1: railway system like immune to such an attack, So they 465 00:31:08,000 --> 00:31:10,360 Speaker 1: would spend like addition, like a few days or weeks 466 00:31:10,960 --> 00:31:18,040 Speaker 1: investigating their own infrastructure postponing like the transportation of military 467 00:31:18,080 --> 00:31:23,520 Speaker 1: equipment and assets. That's interesting, UM, I want to ask 468 00:31:23,560 --> 00:31:28,120 Speaker 1: more about retaliatory UM hacking, but before we do, I 469 00:31:28,160 --> 00:31:30,640 Speaker 1: just want to go back to something you said about exploits. 470 00:31:30,920 --> 00:31:34,280 Speaker 1: How is there a marketplace for exploits, Like how are 471 00:31:34,320 --> 00:31:37,040 Speaker 1: these things actually sold or dealt I just have this 472 00:31:37,160 --> 00:31:39,000 Speaker 1: vision in my head of like a guy with a 473 00:31:39,040 --> 00:31:41,600 Speaker 1: briefcase in a hotel room opening it up, and there's 474 00:31:41,680 --> 00:31:46,160 Speaker 1: like different exploits in the briefcase, but obviously it wouldn't 475 00:31:46,160 --> 00:31:51,880 Speaker 1: happen like that. It depends not like if Nicolas Cadge 476 00:31:52,000 --> 00:31:53,880 Speaker 1: was like selling exploits. You know, I'm sure it would 477 00:31:53,920 --> 00:31:57,600 Speaker 1: like this, But in some cases you have to keep 478 00:31:57,640 --> 00:32:00,320 Speaker 1: in mind that some of the transactions don't sell you 479 00:32:00,360 --> 00:32:04,040 Speaker 1: want to be like traced. So using cash actually would 480 00:32:04,120 --> 00:32:09,560 Speaker 1: make sense. Uh. Using payment of a cryptocurrency would make sense. 481 00:32:10,240 --> 00:32:12,680 Speaker 1: Using wire transfer, that would make sense. As long as 482 00:32:12,680 --> 00:32:16,880 Speaker 1: there is a transaction for something, you know, like everything 483 00:32:16,920 --> 00:32:21,960 Speaker 1: you can imagine does make sense, right. Uh. So like 484 00:32:22,160 --> 00:32:25,400 Speaker 1: that image you have in mind, Um, I'm sure it 485 00:32:25,600 --> 00:32:31,760 Speaker 1: happened in some scenarios, but we're getting like outside of 486 00:32:31,760 --> 00:32:34,719 Speaker 1: what the transaction might look like, what the marketplace may 487 00:32:34,760 --> 00:32:38,720 Speaker 1: look like. Obviously it's not like a Fiber or like 488 00:32:38,760 --> 00:32:41,800 Speaker 1: a Facebook marketplace where you're just selecting what you want. 489 00:32:43,080 --> 00:32:47,840 Speaker 1: So you have companies that are brokers doing this. Some 490 00:32:47,960 --> 00:32:49,960 Speaker 1: of them, you know, like are quite public in the 491 00:32:50,080 --> 00:32:54,240 Speaker 1: US or in Australia. Uh. Usually they would work with 492 00:32:54,280 --> 00:32:59,080 Speaker 1: their own government in the case of each government is 493 00:32:59,120 --> 00:33:02,480 Speaker 1: going to have different stories, like in the case of 494 00:33:02,560 --> 00:33:08,239 Speaker 1: for instance, like China, like there's um a competition that 495 00:33:08,320 --> 00:33:11,440 Speaker 1: was organized like few years back called the Chan Food 496 00:33:11,480 --> 00:33:15,560 Speaker 1: Cup where um as part of the competition. They were saying, Okay, 497 00:33:15,600 --> 00:33:18,800 Speaker 1: like if security researchers like find a bug, you know, 498 00:33:18,920 --> 00:33:23,440 Speaker 1: like we're gonna reported to vendors, et cetera. But one 499 00:33:23,480 --> 00:33:29,120 Speaker 1: of the exploits was actually linked to another exploit very 500 00:33:29,160 --> 00:33:36,800 Speaker 1: similar that was used against the wigos Ah. So regarding 501 00:33:36,840 --> 00:33:40,080 Speaker 1: like all people by exploits, you know, like there's a 502 00:33:40,200 --> 00:33:43,760 Speaker 1: demand that's higher than the supply in that scenario. So 503 00:33:45,120 --> 00:33:47,560 Speaker 1: most of the time, and the buyers are always the same. 504 00:33:47,640 --> 00:33:49,640 Speaker 1: You know, it's gonna be like governments like either like 505 00:33:49,720 --> 00:33:53,920 Speaker 1: NEATO members or like you know, like China, like like Russia, 506 00:33:54,000 --> 00:33:58,000 Speaker 1: et cetera. So most of the man governments which just 507 00:33:58,080 --> 00:34:01,719 Speaker 1: like buy those exploits. I'm sure there were some researchers 508 00:34:01,720 --> 00:34:05,440 Speaker 1: like Internity, uh finding their own bugs and writing their 509 00:34:05,440 --> 00:34:09,040 Speaker 1: own exploits. Um, but yeah, like you have a bunch 510 00:34:09,080 --> 00:34:28,879 Speaker 1: of bookers like in the front countries. So I don't 511 00:34:28,880 --> 00:34:31,560 Speaker 1: want to get sidetracked on this too much, but I 512 00:34:31,560 --> 00:34:34,520 Speaker 1: do want to ask one question because you mentioned the 513 00:34:34,640 --> 00:34:38,480 Speaker 1: use of crypto for payments, and of course there seems 514 00:34:38,560 --> 00:34:40,879 Speaker 1: you know, the two sides of this question take out 515 00:34:40,960 --> 00:34:43,680 Speaker 1: very maximalist viewpoints and don't really trust either. So you 516 00:34:43,719 --> 00:34:47,560 Speaker 1: have government saying crypto is just used for money laundering 517 00:34:47,680 --> 00:34:50,400 Speaker 1: and crime and stuff like that, and that seems to 518 00:34:50,480 --> 00:34:53,080 Speaker 1: be an exaggeration, to say the least. And then you 519 00:34:53,120 --> 00:34:55,759 Speaker 1: have this sort of crypto defenders who go to the 520 00:34:55,800 --> 00:34:58,879 Speaker 1: extreme and say, no, there's crypto is terrible for any 521 00:34:58,920 --> 00:35:01,080 Speaker 1: of this stuff because you can see it on the blockchain, 522 00:35:01,160 --> 00:35:04,680 Speaker 1: and so don't point at us as someone who is 523 00:35:04,719 --> 00:35:07,520 Speaker 1: sort of watching this. Where do you come on this 524 00:35:07,600 --> 00:35:11,440 Speaker 1: question and how do people in the hacker community think 525 00:35:11,560 --> 00:35:18,560 Speaker 1: about the advantages or disadvantages of using crypto for transactions? Well, 526 00:35:18,600 --> 00:35:23,160 Speaker 1: it depends for what in de case of ransomwhere which 527 00:35:23,280 --> 00:35:28,000 Speaker 1: is a malaware that's going to infect machines, encrypt files 528 00:35:28,080 --> 00:35:31,640 Speaker 1: and ask for like a ransom in exchange of decrypting 529 00:35:31,680 --> 00:35:35,200 Speaker 1: the files. Usually those transactions opening happening of a crypto 530 00:35:36,040 --> 00:35:40,319 Speaker 1: uh like in that specific scenario for ends somewhere like 531 00:35:40,360 --> 00:35:46,200 Speaker 1: crypto currencies literally like created the whole new market for 532 00:35:46,360 --> 00:35:51,760 Speaker 1: like criminal hikers, uh like, because otherwise, like if crypto 533 00:35:51,920 --> 00:35:53,640 Speaker 1: was not around, you know, like you not see like 534 00:35:53,719 --> 00:35:56,000 Speaker 1: ransomwhere you know you can just you cannot ask for 535 00:35:56,040 --> 00:36:00,839 Speaker 1: a payment over wh transfer or uh, you know, like 536 00:36:00,880 --> 00:36:03,319 Speaker 1: all of the paper. Although like in some attacks you know, 537 00:36:03,360 --> 00:36:05,600 Speaker 1: for like phishing emails, you know when they change invoices, 538 00:36:05,640 --> 00:36:08,719 Speaker 1: you know they put a fact bank account, you still 539 00:36:08,800 --> 00:36:11,600 Speaker 1: end up doing like a wire transparentlarge amount of money 540 00:36:11,920 --> 00:36:14,839 Speaker 1: are being transferred. But if that would be the case, 541 00:36:15,000 --> 00:36:18,160 Speaker 1: no following enforcement, it's much easier to actually like trace 542 00:36:19,320 --> 00:36:22,799 Speaker 1: who is behind it and to find okay, like that 543 00:36:22,920 --> 00:36:25,799 Speaker 1: attacker was there, to like the people who pen the account, okay, 544 00:36:25,840 --> 00:36:30,200 Speaker 1: the mules, and then to like trades back efficiently. Um, 545 00:36:30,920 --> 00:36:36,440 Speaker 1: we're getting like cryptocurrency in the context of Ukraine and Russia, 546 00:36:36,560 --> 00:36:39,839 Speaker 1: Like there's very uh, Like there's a bunch of intern 547 00:36:40,080 --> 00:36:44,440 Speaker 1: interesting things happening. For instance, like the money that the 548 00:36:44,560 --> 00:36:47,960 Speaker 1: Ukrainian government has been raising over crypto, Like a bunch 549 00:36:48,000 --> 00:36:51,239 Speaker 1: of like uh, like the founder of Ethereum donati, the 550 00:36:51,320 --> 00:36:55,040 Speaker 1: founder of like Solna Donati, the founder of pol donated 551 00:36:55,400 --> 00:36:59,400 Speaker 1: and they managed to like buy equipment with it and 552 00:36:59,640 --> 00:37:02,960 Speaker 1: the ex cetera. Uh. They're also talking about launching their 553 00:37:02,960 --> 00:37:05,799 Speaker 1: own n FT campaign, you know, like an ex change 554 00:37:05,880 --> 00:37:10,440 Speaker 1: for like people, etcetera. So they're like uh using like 555 00:37:10,480 --> 00:37:14,279 Speaker 1: crypto in a way. Uh that makes sense for like 556 00:37:14,320 --> 00:37:19,920 Speaker 1: financial transactions, but my personal opinion also it's also like 557 00:37:20,640 --> 00:37:24,400 Speaker 1: what we're witnessing is obviously there is an actual conventional 558 00:37:24,440 --> 00:37:28,720 Speaker 1: war where people are being killed in in in that sense, 559 00:37:29,239 --> 00:37:34,040 Speaker 1: but on the other side, Ukraine has been doing very 560 00:37:34,080 --> 00:37:38,640 Speaker 1: well in terms of like fighting uh disinformation, which is 561 00:37:38,680 --> 00:37:43,200 Speaker 1: like uh like widely used by the Russian government, like 562 00:37:43,280 --> 00:37:47,319 Speaker 1: when they're spending spreading fact news about like Ukrainian soldiers 563 00:37:47,760 --> 00:37:52,319 Speaker 1: a like being defeated to kind of like reducing like 564 00:37:52,400 --> 00:37:56,960 Speaker 1: the mole of the troops. Uh. Instead, what we see 565 00:37:57,239 --> 00:38:01,960 Speaker 1: is Ukraine uh promoting like news of like oh like 566 00:38:02,080 --> 00:38:04,680 Speaker 1: look at those farmers I've been stealing a tank with 567 00:38:04,800 --> 00:38:08,440 Speaker 1: their attractor and they're sharing videos that are going viral 568 00:38:08,880 --> 00:38:11,239 Speaker 1: and we see them, Oh, we're using crypto to raise 569 00:38:11,280 --> 00:38:14,680 Speaker 1: money like a people from the internet, like we need 570 00:38:14,719 --> 00:38:17,480 Speaker 1: your support. Oh, we're also gonna do an n f 571 00:38:17,520 --> 00:38:21,360 Speaker 1: T you know, like uh support Ukraine n FT. So 572 00:38:21,840 --> 00:38:23,920 Speaker 1: I think it's sorts of part of the response to 573 00:38:24,040 --> 00:38:27,280 Speaker 1: Russian attacks, but not only from like the actual cyber 574 00:38:27,320 --> 00:38:30,200 Speaker 1: attack point of view, but also like from a disinformation 575 00:38:30,320 --> 00:38:32,839 Speaker 1: point of view, because if you keep the news like 576 00:38:32,920 --> 00:38:35,960 Speaker 1: positive around it and people engage people on your side 577 00:38:36,920 --> 00:38:42,120 Speaker 1: while uh, sanctions are happening on your enemy. That's very efficient, 578 00:38:42,200 --> 00:38:45,759 Speaker 1: and I think that's like the way where Ukraine has 579 00:38:45,800 --> 00:38:49,000 Speaker 1: been very innovative in how to use crypto since the 580 00:38:49,719 --> 00:38:54,279 Speaker 1: burgaining of the invasion UM. I want to go back 581 00:38:54,320 --> 00:38:58,800 Speaker 1: to Russia and Ukraine specifically. So you know, you mentioned 582 00:38:59,000 --> 00:39:04,279 Speaker 1: the one group UM and its attacks on Belarusian railways. 583 00:39:04,840 --> 00:39:10,000 Speaker 1: What are the options for retaliation from UM, you know, 584 00:39:10,040 --> 00:39:13,440 Speaker 1: either the West or from independent groups who want to 585 00:39:13,440 --> 00:39:18,719 Speaker 1: create trouble for Russia. Uh. Well, in the case of 586 00:39:18,760 --> 00:39:21,640 Speaker 1: like what's happening with yes that so we have the 587 00:39:21,640 --> 00:39:25,680 Speaker 1: German government saying, okay, like we we think we've been 588 00:39:25,680 --> 00:39:29,880 Speaker 1: a victim of cyber collectoral damage from the conflict. So 589 00:39:30,000 --> 00:39:34,400 Speaker 1: they recognized they have been a victim from that. I 590 00:39:34,400 --> 00:39:37,879 Speaker 1: guess we're gonna see like the response to it reading that. 591 00:39:38,800 --> 00:39:46,520 Speaker 1: I'm sure a lot of NETO countries also like radiating 592 00:39:47,040 --> 00:39:52,040 Speaker 1: uh in private, not necessarily like communicating about it. That's 593 00:39:52,040 --> 00:39:53,480 Speaker 1: all I was saying, a lot of the things we're 594 00:39:53,480 --> 00:39:56,520 Speaker 1: probably gonna like see more, you know, like in a 595 00:39:56,560 --> 00:39:59,759 Speaker 1: few years actually, And actually I'm glad that podcast is 596 00:39:59,800 --> 00:40:02,480 Speaker 1: that being like a few weeks after the invasion because 597 00:40:02,480 --> 00:40:04,840 Speaker 1: it also give us some time to kind of what 598 00:40:05,120 --> 00:40:08,040 Speaker 1: what was happening and staff the speculating of like Okay, 599 00:40:08,120 --> 00:40:10,799 Speaker 1: we're gonna go in full on like cyber war, are 600 00:40:10,880 --> 00:40:13,120 Speaker 1: like all the countries you know in Europe gonna have 601 00:40:13,200 --> 00:40:16,319 Speaker 1: like the electricity being shut down for like days you know, 602 00:40:17,200 --> 00:40:22,040 Speaker 1: so far that's not the case. And regarding the response 603 00:40:22,600 --> 00:40:26,960 Speaker 1: from the governments, so they are like a few aspects 604 00:40:27,000 --> 00:40:31,000 Speaker 1: to it, I think a lot of government so far 605 00:40:32,239 --> 00:40:36,360 Speaker 1: also realizing that they have been over estimating the capabilities 606 00:40:36,360 --> 00:40:40,879 Speaker 1: of Russia. Uh. And that's not necessarily like only from 607 00:40:40,920 --> 00:40:43,399 Speaker 1: a cyber point of view, because like I was saying 608 00:40:43,400 --> 00:40:46,400 Speaker 1: at the beginning, there is what we can see now 609 00:40:46,520 --> 00:40:49,200 Speaker 1: is like the poor planning and the logistics since the 610 00:40:49,239 --> 00:40:53,360 Speaker 1: beginning of the invasion from Russia. In terms of cyber yes, 611 00:40:53,840 --> 00:40:57,239 Speaker 1: more can be done from both sides, but like I 612 00:40:57,280 --> 00:41:01,360 Speaker 1: was saying, most of it is for intelligence. At the 613 00:41:01,360 --> 00:41:05,640 Speaker 1: beginning of instance, the satellites that we act you know, 614 00:41:05,840 --> 00:41:11,560 Speaker 1: was mostly to uh disrupt the military infrastructure. But as 615 00:41:11,600 --> 00:41:15,240 Speaker 1: we see now, like two weeks later, the military military 616 00:41:15,280 --> 00:41:19,759 Speaker 1: infrastructure of Ukraine is still like functioning like probably efficiently. 617 00:41:20,480 --> 00:41:25,360 Speaker 1: So if they could have done it, they probably would 618 00:41:25,360 --> 00:41:29,280 Speaker 1: have done it by now instead of just like dragging 619 00:41:29,400 --> 00:41:33,640 Speaker 1: the you know, like in the conflict like longer. Ah. 620 00:41:33,840 --> 00:41:36,440 Speaker 1: But yeah, in terms of response from like NETO and 621 00:41:36,800 --> 00:41:40,279 Speaker 1: in general for like cyber attacks, you know, I think 622 00:41:40,320 --> 00:41:43,480 Speaker 1: we're gonna see a lot of like policy being changed 623 00:41:43,640 --> 00:41:46,160 Speaker 1: over like the next months, you know, probably like new 624 00:41:46,200 --> 00:41:50,919 Speaker 1: bills being passed, you know, not that it's becoming one 625 00:41:50,960 --> 00:41:53,680 Speaker 1: of the priority for governments in the probably some cases 626 00:41:53,680 --> 00:41:57,000 Speaker 1: you know that they don't listen to before. But I 627 00:41:57,040 --> 00:42:02,239 Speaker 1: would not expect much interm like traditional response, like you know, 628 00:42:02,280 --> 00:42:05,520 Speaker 1: I think it's just like response in the sense of like, Okay, 629 00:42:05,560 --> 00:42:08,160 Speaker 1: there is a war happening potentially like a world war, 630 00:42:08,640 --> 00:42:12,120 Speaker 1: like are we going to respond, And it's probably gonna 631 00:42:12,320 --> 00:42:14,719 Speaker 1: be like more sanctions like what we are witnessing now. 632 00:42:14,880 --> 00:42:18,600 Speaker 1: Those are like part of the actual response. Uh. And 633 00:42:18,719 --> 00:42:20,840 Speaker 1: it also implies you know, like if they obviously like 634 00:42:20,920 --> 00:42:26,560 Speaker 1: hack need to governments, so that maybe like like we 635 00:42:26,600 --> 00:42:30,480 Speaker 1: have seen like Russia being disconnected from swift, then some 636 00:42:30,520 --> 00:42:34,400 Speaker 1: tech companies you know, like um like Apple and Microsoft 637 00:42:34,400 --> 00:42:37,520 Speaker 1: not sending their softwares anymore at the month is still 638 00:42:37,560 --> 00:42:40,360 Speaker 1: unclear if software updates are still going to be like 639 00:42:40,400 --> 00:42:45,040 Speaker 1: deployed uh in Russia, because if they are not deploid, 640 00:42:45,120 --> 00:42:48,960 Speaker 1: it means they will not have access to security updates. Also, 641 00:42:49,520 --> 00:42:52,280 Speaker 1: so so far they're just talking about like payments and 642 00:42:52,400 --> 00:42:56,000 Speaker 1: selling uh so like a steam you know, like a 643 00:42:56,080 --> 00:43:00,319 Speaker 1: video game company, was like that Microsoft Apple, you know, 644 00:43:00,440 --> 00:43:05,600 Speaker 1: like like stop providing access to the app store. Um. 645 00:43:05,640 --> 00:43:07,520 Speaker 1: But those are like the response to us seeing so 646 00:43:07,560 --> 00:43:12,040 Speaker 1: far like swift uh mostly like sanctions either by governments 647 00:43:12,080 --> 00:43:15,320 Speaker 1: or like major tech companies. You know, we talked about 648 00:43:16,120 --> 00:43:20,920 Speaker 1: Russian hacking teams mentioned North Korea, China. Is it safe 649 00:43:20,920 --> 00:43:26,239 Speaker 1: to assume that anything that's being done by those countries 650 00:43:26,520 --> 00:43:31,480 Speaker 1: that US and NATO government have the equivalent teams and capabilities. 651 00:43:32,239 --> 00:43:35,720 Speaker 1: Oh yeah, definitely. I mean one of the big release 652 00:43:35,800 --> 00:43:39,640 Speaker 1: from these shadow workers was to show the capabilities of 653 00:43:39,640 --> 00:43:44,280 Speaker 1: the US government. Uh. And some of that was also 654 00:43:44,360 --> 00:43:48,920 Speaker 1: like including you know, like targets from the US government. 655 00:43:49,719 --> 00:43:53,960 Speaker 1: Same thing when Snowdon released some of the documents. We 656 00:43:54,040 --> 00:43:57,120 Speaker 1: also soo some of the targets from the US government, 657 00:43:57,239 --> 00:44:02,240 Speaker 1: including European like telco companies or though they are allies, 658 00:44:02,400 --> 00:44:07,160 Speaker 1: there are not enemies. Spies are just continuing to spy. 659 00:44:07,239 --> 00:44:11,600 Speaker 1: You know. It's just like spying stuff everywhere, So that 660 00:44:11,840 --> 00:44:14,640 Speaker 1: that actually it leads to one a question that's been 661 00:44:14,640 --> 00:44:16,960 Speaker 1: on the back of my mind this whole conversation. The 662 00:44:17,000 --> 00:44:20,160 Speaker 1: spies are always going to be spies? Is it worth 663 00:44:20,239 --> 00:44:26,080 Speaker 1: thinking of cyber warfare as a sort of discreet um event? 664 00:44:26,200 --> 00:44:28,719 Speaker 1: And so of course when we think of conventional warfare, 665 00:44:28,960 --> 00:44:31,920 Speaker 1: there's often a start, there's an invasion, maybe there's a 666 00:44:31,960 --> 00:44:36,800 Speaker 1: ceasefire hopefully at some point soon. Uh, the war ends 667 00:44:37,520 --> 00:44:40,359 Speaker 1: is is cyber warfare an event or is it just 668 00:44:40,440 --> 00:44:44,840 Speaker 1: a is it an occurring sort of ongoing, persistent element 669 00:44:45,080 --> 00:44:49,480 Speaker 1: of the interaction between nations these days that doesn't have 670 00:44:49,520 --> 00:44:52,879 Speaker 1: any sort of like starter end I would I would 671 00:44:52,880 --> 00:44:55,600 Speaker 1: say it's a component of wall. So that's why I 672 00:44:55,640 --> 00:44:57,680 Speaker 1: had the beginning was talking about, like I bread wall. 673 00:44:57,800 --> 00:45:01,680 Speaker 1: There's this like a convention on the wall, and uh, 674 00:45:02,120 --> 00:45:07,400 Speaker 1: mostly it is used here for intelligence gathering or to 675 00:45:07,440 --> 00:45:13,319 Speaker 1: collect information on troops, enemies capabilities. Uh, it may be 676 00:45:13,520 --> 00:45:18,200 Speaker 1: used for disruption like we've seen with the satellite h 677 00:45:18,600 --> 00:45:23,960 Speaker 1: like a few weeks ago of the cyberpartisan in January, 678 00:45:24,040 --> 00:45:27,960 Speaker 1: but in that case working as an independent, independent group 679 00:45:28,480 --> 00:45:31,400 Speaker 1: because the goal is like to protect the Belarus and 680 00:45:31,960 --> 00:45:37,759 Speaker 1: the democracy. Uh So it may have some strategic of 681 00:45:37,840 --> 00:45:42,120 Speaker 1: the objectives, like in the case of like the railway 682 00:45:42,160 --> 00:45:47,239 Speaker 1: system in Belarush, but it may also just be like intelligence, 683 00:45:47,280 --> 00:45:50,920 Speaker 1: and I think here it is mostly used for intelligence 684 00:45:51,280 --> 00:45:54,800 Speaker 1: for disruption. It does not make that merch sense once 685 00:45:54,840 --> 00:45:59,200 Speaker 1: you enter in a kinetic mode because if you can 686 00:45:59,239 --> 00:46:03,160 Speaker 1: just if you have soldiers like physically present in the country, 687 00:46:03,239 --> 00:46:06,279 Speaker 1: you can just shut down like cell phone towers, you 688 00:46:06,320 --> 00:46:11,120 Speaker 1: can engage in electronic warfare, you can start jamming, you know, 689 00:46:11,280 --> 00:46:14,920 Speaker 1: like whatever like ways of communication there is, so you 690 00:46:14,920 --> 00:46:19,759 Speaker 1: don't necessarily need to use like cyber. Um. Cyber makes 691 00:46:19,800 --> 00:46:25,759 Speaker 1: sense before the kinetic like war happening, because you're gonna 692 00:46:25,760 --> 00:46:29,640 Speaker 1: collect information. You may do some light disruption, but at 693 00:46:29,719 --> 00:46:34,280 Speaker 1: some point, like once the war is starting, you becomes 694 00:46:34,320 --> 00:46:37,400 Speaker 1: more of a conventional war where well you need the 695 00:46:37,440 --> 00:46:40,040 Speaker 1: winner and a loser, you need an agreement or you 696 00:46:40,080 --> 00:46:44,640 Speaker 1: have like a ceasefire um, and then cyber just like 697 00:46:45,400 --> 00:46:49,680 Speaker 1: uh you know, kind of like this background element depending 698 00:46:49,719 --> 00:46:53,480 Speaker 1: if you include you know, like disinformation, propanganda and misinformation 699 00:46:53,520 --> 00:46:56,319 Speaker 1: as part of cyber or not. Because as we can 700 00:46:56,320 --> 00:47:00,160 Speaker 1: see now on social media, a bit like when the 701 00:47:00,200 --> 00:47:03,160 Speaker 1: Arab Spring was happening when a lot of people were 702 00:47:03,200 --> 00:47:06,839 Speaker 1: like sharing information on Twitter. Uh. Now we can see 703 00:47:06,840 --> 00:47:10,880 Speaker 1: people sharing a lot of information on Facebook, Instagram, Twitter 704 00:47:11,840 --> 00:47:15,000 Speaker 1: around the war, not like the donation and like the stories, 705 00:47:15,080 --> 00:47:16,680 Speaker 1: not like the stories that I was saying about the 706 00:47:16,719 --> 00:47:21,319 Speaker 1: tanks being stolen and being shared going viral. Uh. That's 707 00:47:21,360 --> 00:47:25,759 Speaker 1: part of the information warfare. And that's a very new 708 00:47:26,480 --> 00:47:31,480 Speaker 1: component because like things like TikTok didn't use in the past. 709 00:47:31,560 --> 00:47:35,600 Speaker 1: And know that having also like their role within this 710 00:47:35,920 --> 00:47:39,800 Speaker 1: information warfare, does that mean that those of us sitting 711 00:47:40,040 --> 00:47:43,040 Speaker 1: in the US or Europe, we don't need to be 712 00:47:43,080 --> 00:47:46,319 Speaker 1: worrying about, you know, an attack on critical infrastructure that 713 00:47:46,440 --> 00:47:50,440 Speaker 1: suddenly um takes away our electricity or empties out our 714 00:47:50,480 --> 00:47:53,960 Speaker 1: bank accounts or something like that. Uh. Yeah, No, I 715 00:47:53,960 --> 00:47:56,160 Speaker 1: would not be worried about it. Uh. And even if 716 00:47:56,200 --> 00:47:58,160 Speaker 1: we would happen, you know, I'm sure, like you know, 717 00:47:58,200 --> 00:48:00,520 Speaker 1: electricity would be done for like a very short paiod 718 00:48:00,560 --> 00:48:03,120 Speaker 1: of time because the process in place on all the 719 00:48:03,320 --> 00:48:08,400 Speaker 1: recover like system just like if something is faulty, especially 720 00:48:08,440 --> 00:48:13,440 Speaker 1: for like critical infrastructure, so I would not really worry. UM. 721 00:48:13,560 --> 00:48:16,080 Speaker 1: One of the big story of getting like critical infrastructure 722 00:48:16,200 --> 00:48:19,200 Speaker 1: was like the stext Net story, which is more than 723 00:48:19,239 --> 00:48:23,280 Speaker 1: ten years old. Now back in Iran when that joint 724 00:48:23,280 --> 00:48:26,080 Speaker 1: operation between Israel and the US was targetting one of 725 00:48:26,120 --> 00:48:29,279 Speaker 1: the nuclear central, uh, they kind of just stopped it. 726 00:48:29,440 --> 00:48:32,360 Speaker 1: And then back then, you know, like some movies like 727 00:48:32,440 --> 00:48:36,479 Speaker 1: came out was then with Chris Sens Wolf Black Cats. 728 00:48:36,520 --> 00:48:39,279 Speaker 1: You know, like this is nuclear central that's exploding at 729 00:48:39,320 --> 00:48:42,480 Speaker 1: the end, except as it's like the Holywood version, but 730 00:48:42,640 --> 00:48:45,680 Speaker 1: in reality, okay, like it's down. You know, like what 731 00:48:45,680 --> 00:48:47,640 Speaker 1: are the guys doing? You know, because they already have 732 00:48:47,680 --> 00:48:51,080 Speaker 1: like process in place, and if you like the the 733 00:48:51,160 --> 00:48:53,239 Speaker 1: U S or Europe, you know, like you definitely like 734 00:48:53,280 --> 00:48:57,080 Speaker 1: a plan for like faulty issues, regardless if it's like 735 00:48:57,120 --> 00:49:01,400 Speaker 1: cyber or something that's not working anymore. But yeah, in 736 00:49:01,520 --> 00:49:04,240 Speaker 1: terms of like money being drained from your account, although 737 00:49:05,600 --> 00:49:09,040 Speaker 1: you won't have your money like being drained directly, um, 738 00:49:09,080 --> 00:49:12,640 Speaker 1: but you know, like our low like stock markets are 739 00:49:12,640 --> 00:49:14,839 Speaker 1: gonna go down now or is it gonna effect like 740 00:49:14,920 --> 00:49:17,759 Speaker 1: you know, like the inflation, Like we can sit with 741 00:49:17,840 --> 00:49:21,320 Speaker 1: the ruble now like it's completely crashing, so technically money 742 00:49:21,320 --> 00:49:23,560 Speaker 1: is not running out of your account, but you know 743 00:49:23,600 --> 00:49:25,440 Speaker 1: you can do less with your money or like your 744 00:49:26,360 --> 00:49:28,719 Speaker 1: like whatever you have is less valuable, you know, So 745 00:49:29,160 --> 00:49:30,759 Speaker 1: I think that's kind of like one of the side 746 00:49:30,800 --> 00:49:34,560 Speaker 1: consequences that we would say. Last question for me is 747 00:49:34,920 --> 00:49:37,000 Speaker 1: what is the skill set of a good hacker? And 748 00:49:37,080 --> 00:49:39,240 Speaker 1: thinking about Okay, if you're a Russia or any government 749 00:49:39,239 --> 00:49:41,960 Speaker 1: you're recruiting, what do you look for? What what makes 750 00:49:41,960 --> 00:49:46,399 Speaker 1: what makes a good hacker? Uh? Well, I just want 751 00:49:46,440 --> 00:49:50,160 Speaker 1: to clarify I'm not recruiting like hackers for the Russian government, 752 00:49:50,280 --> 00:49:54,719 Speaker 1: you know, of course, of course, what would they be 753 00:49:54,760 --> 00:49:57,719 Speaker 1: looking for or what would any government be looking for? Yeah, 754 00:49:57,920 --> 00:50:02,040 Speaker 1: or like like like private company needs not because actually 755 00:50:03,520 --> 00:50:06,200 Speaker 1: most of really good executive researchers I know are just 756 00:50:06,280 --> 00:50:10,440 Speaker 1: like either independent or working for like tech companies because 757 00:50:10,440 --> 00:50:13,160 Speaker 1: they tend to pay like the best you work on 758 00:50:13,239 --> 00:50:17,200 Speaker 1: building cool technologies. And yeah, usually if people are like 759 00:50:17,239 --> 00:50:19,400 Speaker 1: really good, just like end up doing a lot of research. 760 00:50:19,440 --> 00:50:21,480 Speaker 1: So you want to work with the very, very best. 761 00:50:21,520 --> 00:50:24,959 Speaker 1: And now it's such a it's a film that's moving 762 00:50:25,000 --> 00:50:26,799 Speaker 1: like so fast that at the end of the day, 763 00:50:26,840 --> 00:50:29,240 Speaker 1: you know, like you you need to like surround yourself 764 00:50:29,280 --> 00:50:32,279 Speaker 1: with the best, otherwise like you won't learn like everything, right, 765 00:50:33,160 --> 00:50:35,960 Speaker 1: So I don't know if there's like you know, like 766 00:50:36,040 --> 00:50:38,800 Speaker 1: the there is not like equivalent of like word street 767 00:50:38,800 --> 00:50:40,960 Speaker 1: bet for like hackers per se you know, where like 768 00:50:40,960 --> 00:50:44,440 Speaker 1: people are just like sharing like random information around. But 769 00:50:44,600 --> 00:50:46,480 Speaker 1: in terms of skill set, you know, like I keep 770 00:50:46,520 --> 00:50:50,000 Speaker 1: reminding people that hacking or being a hacker is a 771 00:50:50,080 --> 00:50:52,480 Speaker 1: skill set first. You know, it's not an ethical or 772 00:50:52,480 --> 00:50:56,680 Speaker 1: political position that comes like secondary. It's like if you're 773 00:50:56,680 --> 00:50:58,319 Speaker 1: a lawyer, you know, like you don't ask him if 774 00:50:58,360 --> 00:51:01,160 Speaker 1: it's like ethical and ethical. And we've seen in the 775 00:51:01,200 --> 00:51:03,560 Speaker 1: past with like Panama papers and all those things. You know, 776 00:51:03,640 --> 00:51:06,480 Speaker 1: like you could ask the question as well for like lawyers. 777 00:51:07,040 --> 00:51:10,160 Speaker 1: But yeah, most of like good security researchers or hackers know, 778 00:51:11,120 --> 00:51:16,080 Speaker 1: um they all have different background, different skills set because 779 00:51:16,160 --> 00:51:20,200 Speaker 1: it can go from physical security to radio frequency to 780 00:51:20,400 --> 00:51:26,720 Speaker 1: like software security, hardware security, film more security, like open 781 00:51:26,800 --> 00:51:29,280 Speaker 1: source intelligence. You know, we see more and more people 782 00:51:30,680 --> 00:51:33,040 Speaker 1: even like groups you know, like a building cats, you know, 783 00:51:33,120 --> 00:51:36,840 Speaker 1: like that tracking a lot of the military activity or 784 00:51:37,640 --> 00:51:44,960 Speaker 1: from online resources you know, like different groups. Uh that's 785 00:51:45,000 --> 00:51:47,719 Speaker 1: you know, like those are like all like different fields 786 00:51:47,760 --> 00:51:52,799 Speaker 1: that come from like information security. Um. So I mean 787 00:51:52,880 --> 00:51:56,440 Speaker 1: like yeah, everyone who is curious you know and like 788 00:51:56,440 --> 00:51:59,279 Speaker 1: likes to put the time into the research is A 789 00:51:59,520 --> 00:52:01,719 Speaker 1: is A. He's a good haicker. You know, I've seen 790 00:52:01,719 --> 00:52:04,920 Speaker 1: like journists were like really good at doing their research, 791 00:52:05,040 --> 00:52:08,719 Speaker 1: you know, exit like sometimes they have more knowledge and 792 00:52:08,760 --> 00:52:12,920 Speaker 1: more skills than some of actual professionals. So it's really 793 00:52:12,960 --> 00:52:19,480 Speaker 1: something that's very uh across like multiple disciplines. M H. Well, Matt, 794 00:52:19,520 --> 00:52:21,120 Speaker 1: I think that's a good place to leave it. Thank 795 00:52:21,120 --> 00:52:23,800 Speaker 1: you so much for coming on all thoughts and spending 796 00:52:23,840 --> 00:52:27,160 Speaker 1: time with us to explain hacking and what it could 797 00:52:27,160 --> 00:52:30,080 Speaker 1: actually look like in those contexts. Thank you, Thank you 798 00:52:45,680 --> 00:52:48,400 Speaker 1: so Joe. I really enjoyed that conversation. I don't think 799 00:52:48,440 --> 00:52:51,000 Speaker 1: we talked about it, but the Shadow Brokers actually called 800 00:52:51,040 --> 00:52:54,160 Speaker 1: Matt a fun guy at one point, um, and he 801 00:52:54,320 --> 00:52:56,480 Speaker 1: is a very fun guy. He's really good at explaining 802 00:52:56,520 --> 00:52:58,880 Speaker 1: some of the more technical aspects of this. But I 803 00:52:58,920 --> 00:53:04,360 Speaker 1: thought his aiming of cyber as a component of conventional warfare, 804 00:53:04,640 --> 00:53:09,000 Speaker 1: I mean that seems right at least so far, Like, 805 00:53:09,520 --> 00:53:12,160 Speaker 1: given what we've seen so far, I think that's right 806 00:53:12,400 --> 00:53:14,000 Speaker 1: or two or let's put it this way. I think 807 00:53:14,000 --> 00:53:16,400 Speaker 1: I found that to be really helpful because when I 808 00:53:16,440 --> 00:53:18,480 Speaker 1: think of you know, when you think of cyber attacks. 809 00:53:18,880 --> 00:53:22,120 Speaker 1: I think we oft have to have these very dramatic 810 00:53:22,920 --> 00:53:25,800 Speaker 1: visions of some big grid being taken down, and obviously 811 00:53:25,840 --> 00:53:28,400 Speaker 1: that's possible, and you you mentioned examples, You mentioned the 812 00:53:28,440 --> 00:53:31,760 Speaker 1: example of the Belarusian real ray of the Ukrainian grid, 813 00:53:32,160 --> 00:53:37,800 Speaker 1: But that more the more common impulse is intelligence gathering, 814 00:53:37,800 --> 00:53:40,719 Speaker 1: and that's that's the big thing. Collecting data is sort 815 00:53:40,760 --> 00:53:44,839 Speaker 1: of a useful way of thinking thinking about its role. Yeah. 816 00:53:44,880 --> 00:53:47,920 Speaker 1: And the other thing that it's sort of coalesced for 817 00:53:48,000 --> 00:53:51,520 Speaker 1: me was the idea of a lot of governments happened 818 00:53:51,600 --> 00:53:56,000 Speaker 1: tolerating these attacks for a long time. Um. And this 819 00:53:56,040 --> 00:53:58,560 Speaker 1: seems like a crunch point at least when it comes 820 00:53:58,600 --> 00:54:02,319 Speaker 1: to Russia. Right, Like I was reading, Goldman Sacks put 821 00:54:02,320 --> 00:54:05,000 Speaker 1: out a note right before we came on to record 822 00:54:05,040 --> 00:54:08,520 Speaker 1: this talking about cyber warfare, and they had a statin 823 00:54:08,560 --> 00:54:12,440 Speaker 1: there something like six of state sponsored cyber attacks are 824 00:54:12,480 --> 00:54:16,120 Speaker 1: thought to have come from Russia, which seems extreme, but 825 00:54:16,239 --> 00:54:21,319 Speaker 1: for some reason, no one really did anything about it. Yes, 826 00:54:21,360 --> 00:54:24,600 Speaker 1: there were some sanctions in place, but now we've seen, um, 827 00:54:24,600 --> 00:54:26,960 Speaker 1: you know, a very dramatic form of sanctions rolled out, 828 00:54:26,960 --> 00:54:29,320 Speaker 1: and it seems doubtful that that kind of behavior is 829 00:54:29,320 --> 00:54:32,640 Speaker 1: going to be tolerated going forward. Yeah, and but on 830 00:54:32,680 --> 00:54:35,239 Speaker 1: the other hand, it's so nimbulous, it's so difficult to 831 00:54:35,239 --> 00:54:36,799 Speaker 1: know what we're going to do about it. And the point, 832 00:54:36,960 --> 00:54:39,799 Speaker 1: you know, as as Matt was saying, at texts that 833 00:54:39,840 --> 00:54:43,080 Speaker 1: are happening right now, of which they're certainly going on, 834 00:54:43,640 --> 00:54:45,960 Speaker 1: we'll be talking about in three or four years perhaps 835 00:54:46,239 --> 00:54:49,799 Speaker 1: that we learn about them, and how how difficult it 836 00:54:49,920 --> 00:54:53,080 Speaker 1: is to know often when you're being hacked or what 837 00:54:53,120 --> 00:54:55,880 Speaker 1: the scope of the damage is that in in that 838 00:54:55,960 --> 00:54:59,080 Speaker 1: element very different. I think hu's the word, you know, 839 00:54:59,160 --> 00:55:01,080 Speaker 1: maybe I don't know if used the word metrics, but 840 00:55:01,160 --> 00:55:05,400 Speaker 1: this idea we have metrics to measure the devastation of 841 00:55:05,480 --> 00:55:09,360 Speaker 1: conventional warfare. We don't have and it seems very implausible 842 00:55:09,400 --> 00:55:13,320 Speaker 1: that we would have anytime soon sort of equivalent metrics 843 00:55:13,360 --> 00:55:18,600 Speaker 1: for cyber warfare. Yeah, it seems like it. All right, Well, 844 00:55:18,680 --> 00:55:21,640 Speaker 1: shall we leave it there. Let's leave it there, all right. 845 00:55:21,840 --> 00:55:24,680 Speaker 1: This has been another episode of the All Thoughts podcast. 846 00:55:24,760 --> 00:55:27,359 Speaker 1: I'm Tracy Alloway. You can follow me on Twitter at 847 00:55:27,400 --> 00:55:30,319 Speaker 1: Tracy Alloway and I'm Joe wi Isn't Though. You can 848 00:55:30,400 --> 00:55:33,840 Speaker 1: follow me on Twitter at the Stalwart. This episode was 849 00:55:33,920 --> 00:55:37,240 Speaker 1: produced by Magnus Hendrickson, who is smartly not on Twitter. 850 00:55:37,920 --> 00:55:41,560 Speaker 1: Follow the Bloomberg head of podcast, Francesco Leavi at Francesco Today, 851 00:55:41,719 --> 00:55:44,439 Speaker 1: and check out all of our podcasts at Bloomberg under 852 00:55:44,520 --> 00:56:10,400 Speaker 1: the handle at podcasts. Thanks for listening to year to