2024-12-16 - ChickenSec News Part 3 - Talkin' Bout [Infosec] News

Summary7 min read

Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: 2024-12-16 - ChickenSec News Part 3
Release Date: December 18, 2024
Hosts: Black Hills Information Security Team (John, Jerry, Ryan, Tim, Kelly, Joff, Bronwyn, Corey, Alex)

1. Introduction and Awards Recognition

The episode kicks off with a light-hearted banter among the hosts, quickly transitioning to celebratory news. The team proudly announces their victory at the 2024 Sans Difference Maker Awards, securing the Podcast of the Year title.

Ryan (13:28): "We were able to narrowly pull it off. My wife was there. Ryan and Ralph were in the audience. We spent some time together and definitely appreciate it."

Jerry humorously refers to Ryan as "the key master," adding to the camaraderie.

Jerry (14:13): "Are you the key master?"

2. Major News Stories

a. $50 Million Radiant Heist Blamed on North Korean Hackers

The team delves into a significant cyber heist attributed to North Korean actors, highlighting the evolving sophistication of nation-state cyber threats.

Kelly (14:48): "So the next story that I want to talk about, if it's okay, is, and I hate this going into politics, but I think that there's a lot to talk about. But Trump administration wants to go on cyber offensive against China."

The discussion touches on the complexities of attributing cyberattacks to state actors, considering the possibility of North Korean operations being conducted from Russia or in collaboration with other cybercrime syndicates.

John (16:30): "The North Korea thing, I was, it always, it amazes me because it's, it traditionally skipping them. But your nation state actor and your, your cybercrime actor have very different goals."

b. Ohio's Boneless Chicken Wings Lawsuit

A quirky yet impactful story revolves around a lawsuit in Ohio where a court ruled that boneless chicken wings could contain actual bones, a decision upheld by the Supreme Court in a narrow 4-3 vote.

Jerry (00:55): "A while ago, a court in Ohio actually ruled that boneless chicken wings don't have to be boneless. And now their Supreme Court just upheld that in a 4, 3 vote."

The hosts humorously speculate on future legal battles over mislabeling meat products.

John (01:25): "I also want to know if the boneless chicken wings do not have to contain. If the whole thing is just. They're all just suggestion."

c. BlackBerry's Acquisition of Silence and Arctic Wolf's Purchase

A significant discussion about BlackBerry selling its cybersecurity division, Silence, to Arctic Wolf for a fraction of its original value. The hosts analyze the implications of this acquisition on the cybersecurity market and service offerings.

Ryan (48:56): "BlackBerry bought Silence in 2019 for $1.4 billion. So somebody is absolutely taking a bath on this. I mean, like five years ago they spent 1.4 billion, and now it's on like the front lawn at a yard sale and they're like, ah, what do you. 160. You'll take it."

The conversation also touches on Arctic Wolf's strategy to strengthen their position in the market by integrating Silence's technologies.

d. Europol's Takedown of a Major DDoS-for-Hire Network

Celebrating a positive stride in cybersecurity, the team discusses Europol's successful shutdown of the RideX cybercrime marketplace, which catered to 300 users across 15 countries.

Corey (52:28): "DDoS, I will say, has become kind of like the default way of getting hacked. It seems like if anyone stuff goes down, they just assume it's a DDoS."

The collaboration between international law enforcement agencies is commended as a model for future operations.

Ryan (53:09): "I love the cross collaboration because I don't know if you guys have ever read or listened to the audiobook of Andy Greenberg's Tracers in the Dark, where he talks about cryptocurrency. It's a phenomenal book."

3. Financial Impacts of Data Breaches

A deep dive into how data breaches affect companies differently based on their size and resources. The discussion highlights that while large corporations might recover swiftly from incidents, small and medium-sized businesses often face existential threats.

Bronwyn (40:48): "Small and medium sized companies that have any type of an incident, especially a breach, 60 something percent of them go under, usually within a year."

The team reflects on incident fatigue in the industry, noting the normalization of breaches and the varying degrees of financial repercussions.

Ryan (37:00): "It's like a bitcoin. It looks like one year. It was like their all time high. Today they're at 388. So yeah, we're like, seriously, you know, Jerry, if you were, if you were playing that game of selling them like right at the bottom, you would have made out like a freaking bandit."

4. Intelligence Sharing and Cyber Offensives

Kelly and Tim engage in a critical discussion about the United States' stance on cyber offensives, particularly against China. They examine the bureaucratic challenges within the U.S. intelligence community that hinder effective information sharing and proactive cyber strategies.

Kelly (21:34): "One of the problems with Chinese, whenever we're talking about Chinese hackers is a lot of the different regions, political factions within China have their own hacking groups."

Tim elaborates on the internal silos within U.S. intelligence agencies, which impede the dissemination and utilization of critical cyber intelligence.

Tim (23:02): "What end up with is you end up with all of these different hacking operations that are going in the NSA and the CIA in particular, and they're doing all of this stuff, but the data doesn't ever get shared, it never gets acted upon."

The conversation underscores the importance of inter-agency collaboration to bolster national cybersecurity defenses.

5. Light-Hearted Segments and Community Engagement

Amidst the serious discussions, the episode features jovial interactions, including jokes about cyber-related merchandise, the introduction of a new card game, and playful debates about data breach impacts.

Corey (36:42): "It's a normal engineering issue. Solar winds, maybe I'm cherry picking a black swan event, but Solar Winds never fully recovered their value and they were penetrated super deep."

The hosts encourage community participation by promoting their cybersecurity-themed card game, Backdoors and Breaches, and welcoming listeners to join future events like the upcoming Board Game Geek Conference.

Kelly (67:16): "We should give out awards. So if we have BHIS breach of the year award, that would be kind."

6. Closing Remarks and Future Outlook

As the episode wraps up, Kelly extends heartfelt holiday wishes to the listeners, emphasizing the importance of community and education in improving cybersecurity practices.

Kelly (69:08): "One of the things I, I, like I said I won on my tombstone, is his competitors were his best friends. And when I'm looking at Jerry and, you know, you, you've got your own podcast that's been wildly successful. I'm looking at Tim and Red Siege and just everything that you guys do. I think it's an absolute honor to be able to hang out with people like you and of course, other people that we work with all the time and collaborate with."

The hosts sign off with plans to return in 2025, setting the stage for future discussions and initiatives.

Notable Quotes

Jerry (14:13): "Are you the key master?"
John (16:30): "The North Korea thing, I was, it always, it amazes me because it's, it traditionally skipping them. But your nation state actor and your, your cybercrime actor have very different goals."
Kelly (14:48): "So the next story that I want to talk about, if it's okay, is, and I hate this going into politics, but I think that there's a lot to talk about. But Trump administration wants to go on cyber offensive against China."
Corey (52:28): "DDoS, I will say, has become kind of like the default way of getting hacked. It seems like if anyone stuff goes down, they just assume it's a DDoS."
Bronwyn (40:48): "Small and medium sized companies that have any type of an incident, especially a breach, 60 something percent of them go under, usually within a year."
Kelly (67:16): "We should give out awards. So if we have BHIS breach of the year award, that would be kind."

This episode of Talkin' About [Infosec] News navigates through a blend of serious cybersecurity discussions and light-hearted interactions, delivering insightful analysis on major cyber events of 2024 while fostering a sense of community among listeners. From high-profile cyber heists to the nuances of intelligence sharing, the hosts provide a comprehensive overview of the current infosec landscape, underscored by their characteristic humor and camaraderie.

Loading summary

Transcript586 lines

[00:01]
John
Yeah. And that's how we got into the nsa. That was awesome. So.
[00:04]
Jerry
Oh, my God, that's so crazy. Who knew? Who knew who knit donut dough was that stretchy? Just. No way.
[00:11]
Ryan
Let us know when we go live. Ryan. Yeah.
[00:16]
John
I got some jerky here, so I don't want to eat camera. Dang it.
[00:20]
Jerry
I don't. I don't. Not all of the news crew is here. When we did an article about chicken wings, I don't know if you guys.
[00:27]
John
Yeah.
[00:28]
Tim
Did you ever hear about that one?
[00:29]
John
Yeah.
[00:29]
Jerry
There was a lady who stole, like, I think it was around $6 million worth of wings. Yeah. So I have a. I don't have a follow up, but I have kind of a, like, side note for another chicken wing related article that I did want to talk about. It's not in there. Ryan will bring it up right now.
[00:47]
Kelly
I got it. I've got it.
[00:49]
Tim
So I saw it when I was. When I was adding my name to the. To the host list. I'm like, this is gonna be a fun one.
[00:55]
Jerry
So the. A while ago, a court in Ohio actually ruled that boneless chicken wings don't have to be boneless. And now their Supreme Court just upheld that in a 4, 3 vote. So I want you guys to know if you're ever eating chicken. Boneless chicken wings in Ohio, they may have bones.
[01:14]
John
He got a bone in it and he choked. And the. The lawsuit was over. It's like, well, you said there was no bones in it. And they're like, well, we all know there should be. And I'm like, it's in the name, right?
[01:25]
Jerry
Oh, my God.
[01:28]
John
I also want to know. I want to know if the boneless chicken wings do not have to contain.
[01:34]
Jerry
Chicken, then they're just bone.
[01:38]
John
If the whole thing is just. They're all just suggestion.
[01:40]
Kelly
That's going to be a new lawsuit.
[01:42]
John
Yeah. There's pork in there, right? You can't eat pork. And then you screw them over.
[01:47]
Ryan
It always throws me when, like, McDonald's has, like, the Mc Crispy. Like, the term chicken is not used at all in the name of the sandwich. Or it's just like the McCrispy or the McRib. Like, it's like, it's not a chicken sandwich. It's a MC Crispy. Like, good luck.
[02:02]
Tim
Yeah. You can't expect ribs to be in the McRib. Like, it's just. It's just meat. There's no ribs in it at all. So that set precedent, I guess. I wonder if they cited that.
[02:13]
Bronwyn
Just nasty.
[02:16]
Jerry
I Was okay with it.
[02:16]
Kelly
What's nasty McRib sandwich.
[02:19]
Bronwyn
It's just nasty.
[02:20]
Kelly
Not a fan?
[02:21]
Ryan
Nope. Take it a stand on the McRib I like.
[02:24]
John
Yeah, I work at McDonald's and we love to miss some McRibs. That sauce would end up everywhere in the back of that McDonald's because you, you take those, those boneless chicken or whatever and you throw it in the. The little vat. It's pork or something, I'm sure. Right. And it would sit there in the barbecue sauce like all day. And then she would like you slap em in, you slap em out. And it was.
[02:44]
Jerry
That's why they were so good.
[02:46]
John
Blood splatter of this terrible barbecue sauce that was just everywhere.
[02:51]
Corey
Crime scene.
[02:52]
Jerry
I love them.
[02:54]
Tim
The tip I heard is that if you're in the Midwest and you're craving a McRib, go to Quick trip. They have rib sandwiches that are much better.
[03:01]
John
Quick trips are really good. Now I tell you my love of the McRib because I grew up in the mid Midwest and we did not have good barbecue.
[03:09]
Jerry
Yeah.
[03:10]
Joff
Brace yourself.
[03:11]
Tim
Coming around here.
[03:12]
Jerry
Oh my God.
[03:14]
Kelly
Coming in hot.
[03:15]
Jerry
This is truly a unicorn episode.
[03:18]
John
Buddy.
[03:19]
Joff
How's it going? I'm. I thought I'd come for the final show because getting on the plane, going to Australia to see the family on Friday. So.
[03:26]
Jerry
Wait, is today the final show? We're not doing a show next week?
[03:29]
Kelly
No, we're BHS holiday next week and the week after.
[03:33]
Jerry
Oh, well, I didn't know that. I'm not on that calendar. So.
[03:36]
Bronwyn
Yeah. No, Friday is our last day of. Of official business as a blue teamer.
[03:42]
Jerry
I don't get those days off. You know, just you guys. You red team.
[03:44]
Ryan
You can come do the panel on Friday with us.
[03:47]
Jerry
I will be.
[03:48]
John
I'll join.
[03:49]
Joff
It's freaking cold up here in North Carolina.
[03:52]
Kelly
I'm done.
[03:52]
Joff
I'm going to go to Australia.
[03:53]
Kelly
Hey.
[03:56]
Tim
Up here in North Carolina. Then I'm like Wisconsin. So it's like, oh yeah, this is. This is worse. And then I have rel. I have relatives out in North Dakota and they're. They. They beat me for the.
[04:07]
Joff
Yeah, that's. That's in the inhumane living parts of the country.
[04:11]
Tim
Oh yeah, yeah, yeah.
[04:12]
John
So the weird part is like I can't like I want to go to Australia or someplace. Anywhere in the south. Have the south hemisphere. But it weirds me out to have Christmas and it be like hot. A hot time of the year. Like if you live at the equator and it's always hot. That doesn't mean anything, Right?
[04:29]
Joff
You know, Tim, it weirded me out for years growing up in Adelaide, right? I grew up in Australia, South Australia. And it was, you know, it's a desert state. It's always dry as can be. It never rains. And then I finally had my first Christmas in the Northern Hemisphere, and it was like a light bulb went on because I was like, oh, my God. All these traditions make sense now.
[04:50]
Jerry
How do you feel about every, like, Christmas. Christmas movie just being, like, snow and cold, right? Like, why isn't there any summer Christmas movies? I feel like this is a market.
[04:59]
John
It's a huge, giant, heavy Christmas dinner. You're like, can I just get something really light?
[05:05]
Joff
Yeah.
[05:05]
Kelly
Yeah.
[05:05]
Joff
Because I. I bet you when I sit down, I'm going to a Christmas Eve dinner with my mother, my dad, I'll be at a big Christmas dinner. Bet you when I sit down to those meals, is going to be like this giant meal, and it will be 115 degrees outside.
[05:20]
Kelly
It's like.
[05:22]
Joff
Yeah, it's a.
[05:23]
Kelly
It's a lot rough.
[05:25]
Jerry
We're almost full. Yeah. Oh, look, I can.
[05:28]
Ryan
Crinkle's here.
[05:29]
Jerry
I cannot host, so someone else will have to host because I. I have to. Peace out. Like, wait, where's.
[05:36]
Kelly
Where's.
[05:36]
Joff
Where's Strand? Isn't he coming in to host?
[05:38]
Kelly
Who's.
[05:39]
Joff
Who's supposed to.
[05:39]
Tim
Don't put me up.
[05:40]
Joff
It's fine.
[05:40]
Tim
I'm not ready to host.
[05:41]
Jerry
You're. Technically. You're not. Well, I guess you or Bronwyn.
[05:47]
Kelly
Kelly.
[05:47]
Jerry
Would be a great host. I don't know why she.
[05:50]
Joff
I'll host if I have to. Where's. Where's the agenda for today?
[05:54]
John
Ryan?
[05:54]
Corey
Are we getting you?
[05:55]
Jerry
Have you never done the news? There's no agenda.
[05:57]
John
I drive up the island just saying. I'm not even one of you Black Hills folks, but clearly.
[06:03]
Jerry
How dare he request an agenda? This is straight blasphemy.
[06:07]
Kelly
He's been in too many meetings today.
[06:09]
Jerry
It's like saying the. The S word.
[06:11]
Joff
I'm looking at this dimension.
[06:13]
Jerry
Oh, here he is.
[06:15]
Joff
I'm going to. I'm going to try to look at.
[06:16]
Bronwyn
What you say one time or three times.
[06:19]
Jerry
Only once it was I said S word, but he didn't come.
[06:23]
Kelly
All it takes is not reporting as you go once.
[06:26]
Jerry
That's. Let's. Let's talk about the elephant in the room real quick. We lost, guys.
[06:32]
Kelly
Who lost? We did win. Did Jerry win?
[06:39]
Jerry
Jerry did win. Jerry did win.
[06:43]
John
Wait, what was the competition?
[06:45]
Kelly
That's so awesome. Congratulations.
[06:48]
Ryan
Thank you. Thank you. To all of Black Hills Information Security for voting for us and the simply Cyber community. We were the 2024 sans difference maker Awards Podcast of the Year award winner awarded last night. Thank you very much.
[07:02]
Kelly
That's so good. Congratulations. Very well deserved as well, you know. All joking aside. Yeah, thank you.
[07:10]
Joff
Hey, John Strand. I told you I'd come along more often. This is my more often before.
[07:14]
Kelly
This is the more often. And we got. Tim is on too, so.
[07:18]
Joff
Tim Z.
[07:19]
Kelly
Good. See, Tim, we need to do this on Monday and your thing on Wednesday. Right? You know, the Wednesday.
[07:24]
John
Yeah, we had Chris last week. Speaking of, if you guys want to be on, we'd love to have any and. Or all of you.
[07:32]
Joff
Seeing as I'm going to be like packing a suitcase to go way far south and won't be thinking about much else, I'll come along.
[07:38]
Jerry
We'll get you.
[07:39]
John
We'll get your schedule. We'll get you a scheduling link.
[07:41]
Jerry
I don't know what it is, but I'll go. I just show up at all these weird things and wait.
[07:46]
John
I'll send you an invite.
[07:47]
Jerry
All right.
[07:47]
John
Pick a topic. Easiest presentation you've ever done. Nothing.
[07:50]
Ryan
I gotta do a presentation carefully sign up for.
[07:57]
Jerry
So here's how it is to work at In N Out Burger. That. That'd be a presentation I could give.
[08:01]
Joff
Any day when this worked.
[08:03]
Corey
Done.
[08:03]
Joff
Crap.
[08:05]
John
Wait. Puts the animal in animal style.
[08:08]
Jerry
Oh, yeah. There you go. Yeah, that's. This is a huge in and out name tag right there. That's a one bow. You can't barely read. If I turn all the lights off, it's like. Goes like. Like that. Spent probably. I did the hours. I think I spent over like 12,000 hours inside of it. In and out. Oh, yeah. It wasn't. Wasn't the best.
[08:29]
Joff
I had to throw the coat and shit off the keyboard because I want to look more musical. Just wanted to point. So actually, I've actually been doing that. Me and. Me and. Me and John Bev is in Poland. We've got a little thing going on where. Where sending tracks to each other now. So I'm gonna try to get on a Jon Bevis track.
[08:50]
Kelly
You gotta send him a track of you just doing the chord progression of Pachelbel and be like, dude, I think this is a hit.
[09:05]
Joff
That'd be awesome. Let me Google that real quick.
[09:07]
Kelly
I love that Pachobel Cannon in D.
[09:10]
Joff
Oh, yes, yes, that would be. Actually, no, we'll do that as like this funky, modulated, like Moog synth lead track. As in. In canon D. Okay.
[09:21]
Kelly
Now, more importantly, Joff, I don't know if I've ever talked to you about.
[09:25]
Joff
This, and now's the time.
[09:27]
Kelly
Yeah, I think now is the time. Hold on. I gotta see if I can find this so we can share it.
[09:34]
Bronwyn
Oh, my.
[09:36]
Kelly
All right, all right, all right. Crap.
[09:39]
Jerry
Oh.
[09:41]
Joff
It wasn't anything to do with that time we got on that ride in Costa Rica.
[09:46]
Kelly
Billy Joel had a band. It's a heavy metal organ band. He did, yes. The name of the band is Attila. All right, okay, so this. Let me see if I can find. They're actually. I actually think it's pretty. Pretty good. The entire album is out on YouTube.
[10:12]
Joff
Oh, my God. And I thought you were full of shit, but it's really here.
[10:15]
Kelly
No, no, I'm going to share the link and people can share this out. So Attila is. Is a band with him and a drummer. All right? So it's just him and the drummer, and it's heavy metal organization. You look at the picture, and it's them in, like, barbarian costumes surrounded by raw meat. Right. Like, it's pretty fabulous.
[10:40]
Joff
Oh, wow. That is cool.
[10:43]
Kelly
But. But the wife of the drummer was the lady that he wrote more than a woman to me. Uptown Girl. All of his hit songs, like, in his early career, who he eventually married. That's what drove the band apart. She divorced the drummer because he stole the drummer's girl. That just the first time that's ever happened.
[11:07]
John
Right.
[11:08]
Kelly
Like, it goes the other direction where the drummer steals the girl, but you've got to listen to it because, you know, he's trying to do a whole heavy metal, and it sounds kind of like a purple type vibe to it.
[11:21]
Joff
Yeah.
[11:21]
Kelly
Damn. If some of the stuff ain't catchy, like, super catchy. Wow. And apparently, if you do an interview with Billy Joel, you're not allowed. Or at least for a period of time, you were not allowed to mention Attila.
[11:34]
Joff
So now.
[11:35]
Kelly
Now, that's.
[11:36]
Joff
That's an. A second radically interesting thing that I know about Billy Joel. The first one that I knew that was a more of a personal thing was my cousin Dave. Wait, everybody say hi to Dave. He's there.
[11:49]
Kelly
Hi, Dave.
[11:50]
Jerry
Hi, Dave.
[11:52]
Joff
Dave lives in Seattle and Dave bought his.
[11:54]
Kelly
Dave's not here.
[11:56]
John
Dave's not here, man.
[11:57]
Joff
Dave's not here.
[11:58]
John
Dave's not here, man.
[11:59]
Joff
Dave bought himself a boat. And when I went to visit Dave in Seattle, he showed me the boat. And the boat's a very, very nice boat. I said, dave, where'd you buy this boat from? He Goes, I bought it from Billy Joel.
[12:10]
Kelly
Oh, my God.
[12:13]
Joff
And he wasn't kidding.
[12:15]
Kelly
That's so awesome. So there's the connections to Billy Joel.
[12:18]
Joff
The connections.
[12:19]
Kelly
Are we ready to kick this off? I think we are. Let's do it. Do it. Hello, and welcome to another edition of Black Hills Information Security and Red Siege. Apparently talking about news. Today, December 16th, we got a number of stories. We got a $50 million heist blamed on North Korea. Krispy Kreme donuts are hacked, which suc. Because Krispy Kreme is awful, and it's still a thing. Europol announces a Takedown. A major DoD DDoS network, and police shut down the Ride X cybercrime market, which is weird because I didn't know they were touring together again. But we have a number of people that are here joining us for this. We also have Jerry. Jerry, show us the key, man. The key. This, Jerry, is the key to the Internet. That's.
[13:19]
Ryan
Welcome to the part of the elders upon me. This is the 2024 PODC of the year. CN Stiffo Awards brought it home.
[13:29]
Kelly
Did Stephen Hawking de Gosset.
[13:31]
Ryan
I'm sorry, what?
[13:32]
Kelly
Did Stephen Hawking de Gosset.
[13:35]
Ryan
Yes. Yeah, yeah. No, it was good. It was. It was a. It was a tight competition. A lot of. A lot of great finalists, including this show itself. Black Hills Infosec talking news. But, yeah, we were able to narrowly pull it off. My wife was there. Ryan and Ralph were in the audience. We spent some time together and definitely appreciate it. And, you know, thank you to Black Hills and really, everybody who's tuning into this show right now is probably voted and part of the community. So it's absolutely a team win. It's. It's. It's cool. It's cool to see that we're making an impact, honestly.
[14:08]
Joff
Yeah, we get to call him Jerry, the key master. Or.
[14:13]
Kelly
Are you the key master? And now this is awkward. So. All right, Corey, did you get your. Did you get your mic working? So, Corey, the whole thing from here on out. So turn him up. He wants us to turn him up. Turn him up. He's gonna leave and go mountain biking. He's gonna go up the mountain. Up the mountain and ski. He is done. That's it. He's. Just leave the camera on and just go. He's now fired with a.
[14:44]
Jerry
We should see a cat pretty soon.
[14:46]
Ryan
Yeah.
[14:48]
Kelly
All right. So do we want to jump? Jump straight into the $50 million radiant heist blamed on North Korean hackers.
[14:56]
Joff
That sounds brilliant to me.
[14:57]
Kelly
Oh, my gosh. It sounds radiant. This happened I guess on October 16th after three developers got infected with malware and it was used to sign fraudulent transactions, multi signature and they say it emissions adjustment process. But yeah, $50 million from core markets. We had North Korea. I kind of want to throw this out there. Is North Korea like getting this legit or do you think that they're just hitting lots of low hanging fruit or are they working with other organized crime syndicates to do their dirty work for them? Like we're talking about hackers from North Korea. That that network has got to be like the most monitored and intercepted packet captured. Intercepted like network link on from like a dial up perspective in the world. Right. So. Oh, there's a cat. We got a kitty.
[15:44]
Joff
Well you gotta remember that, that, that you know that they're coming from Russia anyway because most of them are over there right now. First of all.
[15:52]
Kelly
Yeah.
[15:52]
Jerry
Oh my God.
[15:53]
Bronwyn
No, they well have to be just one. Why can't it be all of the above?
[16:00]
Kelly
You know they attribute it directly to North Korea. Right. That's one of the things that's interesting. I know that a lot of the different attacks, like you know, working with law enforcement and DoD, whenever they're like, yes, this was North Korea, it's usually because our groups were watching them as they were launching the attack because we're on their network, which I always think is kind of interesting.
[16:22]
Joff
I mean they've got a slash 20. I think if I've looked it up, their allocation in V4 is this big.
[16:29]
Corey
Right.
[16:30]
John
The North Korea thing, I was, it always, it amazes me because it's, it traditionally skipping them. But your nation state actor and your, your cybercrime actor have very different goals. Where your nation state super, super advanced, your, your crime syndicate's pretty advanced, but they're trying to steal money. But now when you get this Nexus, this combination of we have tons of capabilities and we're trying to steal money, it's just as bad as to say it's a thing to behold.
[17:00]
Jerry
It's definitely getting there too. Right. And the thing about Russia as well, because you could almost classify a lot of the Russian ransomware operators pretty much nation state actors because Russia just lets them go free game. And it seems that Russia doesn't get ransomed that often either. So at least we don't hear about it. I would say almost all the top way. Yeah, that's true too. Roblox is more than a rugal.
[17:27]
Kelly
Yeah. We're quickly having the point where Russia is becoming a barter society. It's hard to ransomware a barter society. I want 42 goats sent to this address.
[17:38]
Corey
That's why.
[17:39]
Joff
Is that your language to Russian EV4 subnets. I was wrong. It's only actually equivalent to a slash 22.
[17:45]
John
No way.
[17:45]
Kelly
Really not much.
[17:47]
Joff
That's allocation. Yeah.
[17:51]
Tim
I mean for this one. One of the things that I noticed both in the original article and in the postmortem are the things that are missing whenever you hear like developers got compromised is that it doesn't say whether it was their corporate device or personal device. And even in the post mortem, they're like the multiple devices, at least three, maybe more. They don't know how many more were compromised and they don't know how they were compromised either, which really does kind of point to. Yeah, these may have been personal devices that had critical credentials on them. And I bring that up because we're seeing that more and more with developers getting compromised off of personal devices.
[18:33]
Jerry
Another interesting point of this is have you guys. Has anyone ever heard of radiant capital? Or am I just crazy?
[18:38]
Kelly
Because I'd never up until this. I have not heard.
[18:41]
Jerry
Okay, all right. I'm just crazy.
[18:44]
Joff
He said we have and you're just crazy. Is that.
[18:47]
Jerry
And I'm. Yeah, that's true too. Right. The mustache is really the sane one out of the pair of us. But it is, I think these tiny fintech companies, right, we're, we've. This is like a second one we've seen get attacked recently. Finstra was also hit, which we did talk about, but they're kind of, this is a scary part. They're kind of a gold mine because they're moving around tons of money. They're usually not as big as say like your big name banking or even I would say some like cryptocurrencies. But they hold tons of money and usually you can easily transfer it out and they're, they're easy money. I would think they're going to be to start targeted more, especially after two in a row now.
[19:26]
Kelly
Yeah. Wow.
[19:27]
Corey
Hard disagree with everything. I didn't hear.
[19:32]
Kelly
Thanks.
[19:32]
Joff
Thanks, Dave.
[19:34]
Kelly
This sucks because I'm just distracted by the kitty on your shoulder and I want.
[19:39]
Corey
Listen, this is how you get engagement on the Internet, okay. And you have them on your shoulder.
[19:46]
Kelly
Hi, Corey. I just like, can you die so I can eat you? Because that's what all cats think.
[19:55]
Joff
Ever since I met Corey, I just keep thinking I've been doing my whole life wrong. I mean, that's what Corey has taught me.
[20:01]
Kelly
Yeah, he's teaching you how Your life could have been.
[20:03]
Corey
Yeah, yeah. If you need any cats, just let me know.
[20:07]
Kelly
I actually might need some cats here shortly. So.
[20:11]
Corey
So, I mean, what's even happened in the Internet like North Korea? I'm here for you.
[20:17]
Kelly
Miss.
[20:18]
Jerry
You missed the chicken.
[20:19]
Kelly
Yeah, we were, we were talking about Russia.
[20:21]
Corey
Wait, there's a follow up to chicken news. Is it chicken wing related?
[20:24]
Kelly
We're getting chicken wing news. We will get to that.
[20:27]
Corey
Oh my God, I'm so ready.
[20:30]
Kelly
So the next story that I want to talk about, if it's okay, is, and I hate this going into politics, but I think that there's a lot to talk about. But Trump administration wants to go on cyber offensive against China.
[20:45]
Jerry
What does that mean?
[20:46]
Kelly
I mean, normally I try to avoid these types of stories, right. But so Margaret Brennan said, we have been over the years trying to play better and better defense when it comes to cyber. We need to start going on our offense and start imposing, I think higher costs and consequences to private sector and nation state attackers. And God damn if that doesn't make some sense. But it's also insane. Well, I want to, I want to start out with, with kind of my hot take, I guess, because, you know, that's hey, privileges. But. So I agree with the sentiment of we need to impose a higher cost, but I think it's incredibly shortsighted to think that the United States is not being offensive. And this gets back to. Tim, I want to get your opinion on this here in just a second. To say that the United States is not on the offensive is not right. It's not true at all. And what I mean by that is the United States is on the offense, but we aren't doing offense in China and offense in Russia. From the perspective of trying to create chaos in their networks, we're there to observe. Right. We have, we have the nsa, of course, and also CIA to a lesser extent. But they're in these networks. They have compromised these networks. And their goal and objective is to dwell for as long as possible and if they want to create an impact, be ready to do so. But the goal is not just to go in and start taking over Chinese networks and then doing ransomware. That's just not what the US maybe says.
[22:23]
Corey
You, you don't know that.
[22:25]
Kelly
Yeah, right.
[22:26]
Jerry
As Corey and I stand up a anti Chinese apt group right now.
[22:30]
John
Yeah, yeah, listen, I'm completely with you, John. I think it's, you're saying the quiet part out loud and there's no benefit to it. Like we all know this is happening. We Just don't talk about it. And now we're talking about it and now it, it, it changes the game.
[22:48]
Corey
I, well, hold on. Do we know what's happening? Do we know what's happening? Like, is there any public sources that say it's. Because I will say like I will.
[22:57]
Kelly
Be, I will be a public source. Yes, it's happening.
[23:01]
John
Yeah, but.
[23:02]
Corey
Okay, but not to the same level. Like Wade brought it up of like we know Russia basically has ransomware as a service running against US companies all the time, which has a huge impact to like US businesses. Not really political, but still kind of a nation state on nation state thing just done indirectly. Maybe he's talking about that. Not that like I don't know what businesses you would go after in Russia necessarily, but I don't know. I don't. I guess I'm curious to see. I mean with China specifically though, I don't think there's, I mean there's so much companies, so many companies I guess that could go after Space Force can go after. Or whoever he's going to have do this.
[23:40]
Kelly
Whoever's going to have do it.
[23:42]
John
The difference is though, like with, with like China, because there's. Everything's run by the state. If they get the information, they give it to their, one of their companies and they, they're both better off where if the US gets some sort of tactical information, cool stuff. Here's how to make a better iPhone. Making stuff up here like there's no good way to hand that off. Whereas China's got that.
[24:03]
Kelly
So they do and they don't. Tim. Like one of the problems with Chinese, whenever we're talking about Chinese hackers is a lot of the different regions, political factions within China have their own hacking groups, right? And a lot of times their goals and objectives are different from each other. And it's kind of unfortunate because like whenever you're in like the IC community, right, and DoD is different, I can talk about that. But what sucks about the intelligence community is the different ints and the different towers, they all treat each other as hostile. So anything the NSA collects or the NRO collects and then hands it over to the NSA or they hand it over to the CIA, a lot of that classified information gets completely siloed and locked off. This is one of those things that sucks deeply about the way the United States intelligence apparatus works because they're like, well, we're getting all of these signs, we're getting humans, we're getting ozone from various very obscure sources. And then it just tends to Stay in those silos, right? And it doesn't make its way over to dod, to the troops that are downrange. It doesn't make it to the people that are operatives in the CIA and actually doing actual spying things. And you have this hoarding that happens with the CIA and the NSA in particular those two where they just hoard a shit ton of data. And a lot of times they don't want that data to go to another agency that maybe has the exact same level clearances or higher, because they're afraid that once that source or once that data is acted upon, then that source is removed. And that is something that's been kind of endemic in the United States intelligence apparatus for a really, really long time. So what end up with is you end up with all of these different hacking operations that are going in the NSA and the CIA in particular, and they're doing all of this stuff, but the data doesn't ever get shared, it never gets acted upon. And China has that same problem, kind of. But usually the regions and the different groups, they're actually doing a full chain, right, where they're doing the attacking. And they have a specific goal and objective that they're working towards. And a lot of times it becomes a, it becomes a competition with different political factions. And Jerry brought up 911 intel sharing. Absolutely. The name of the program that was basically put out to deal with that intelligence sharing dilemma. And it changed a number of names. But right after 9 11, it was called the Intelligence Community Multi Acquisition Program to try to share that information across multiple different intelligence sources. So you know, when we're talking about this as a problem, the way that that data is actually collected and then how it's disseminated is really, really weird in the United States. Unless there's a specific military objective or there's something that comes directly from the White House all of a sudden that happens really, really, really fast. But it only is whenever the attention span is on like very specific high people in the government that have a specific mission objective that they're trying to achieve.
[27:01]
Corey
So.
[27:01]
Joff
Okay, I have one, one comment.
[27:03]
Corey
Go ahead.
[27:04]
Joff
But I feel like the public statement like, like that that was made by the President Elect is really, it appears to be aimed at just shaking the bushes of the worldwide intelligence community and see what rattles that. That's what it feels like to me.
[27:24]
Corey
Okay, so I have a couple takes on this. Number one is Baloo's hilarious comment that the people who make the APT lists won't be put themselves on them. Well, yeah, Alex, Yeah, because if you.
[27:36]
Tim
Ask different countries, because like, the US isn't on an APT list. You're like, the US isn't on Miter's.
[27:42]
Kelly
List of APT actors.
[27:44]
Tim
Yeah, we may be.
[27:46]
Jerry
Let me check that. We check.
[27:48]
Corey
What is it an Eagle? Are we Eagle, Typhoon, what's going on?
[27:52]
Tim
Yeah, but I think if you ask like the source country, because like, if you ask China if they do hacking, they're going to be like, no, we don't do hacking. Here's a list of all the US companies that do it. Here's all. List of all, like the Germans that do it. Here's the list of all these other countries that do it. If you ask, you know, if you.
[28:08]
Corey
Ask Germany if they do it by other countries.
[28:11]
Tim
No, here. Yeah, you'll be called out by other countries.
[28:13]
Kelly
They're not, yeah, the ns.
[28:15]
Corey
They're not doing, I mean, okay, so here's, that's where exactly where I was going with this. So in the US there's a public news article that says Chinese threat actors are in our ISPs. This is a, this is, I mean, Joff's right about the political thing. Like, I mean, Joe Biden literally went to Russia and was like, hey, can you guys stop ransomwaring us, please? And he was like, respectfully declined, comrade. But basically, you know, like, that's being played on the political, you know, spectrum of like, hey, can you guys stop hacking us? Why is no one coming to the US and saying, hey, can you stop hacking us? Like, they are, are they? And we're just like, not stories.
[28:50]
Kelly
I, I, I read one earlier today where China was basically accusing the NSA of breaking into one of their networks. So those stories do exist, right?
[28:59]
Corey
Recently.
[28:59]
John
Oh, yeah, yeah.
[29:00]
Kelly
Like literally this week. Let's see if I can find it.
[29:04]
John
There was one like three or four months ago where they had exactly that. I think the big difference though is what China does with it. I'm just picking China here versus what we do with it. Like, they'll take it immediately, monetize it, where we'll take it, and just like John said, sit on it. And they're like, yeah, they're taking our data. What are they doing with it? Analyzing it. Like, it's not an interesting news story, right?
[29:23]
Jerry
Yeah, the Equation Group is on Mitre Tech.
[29:27]
Corey
Yeah, but that's, yeah, but I'm going.
[29:31]
Jerry
To tell you from an intelligence standpoint, there is no good data in there.
[29:37]
Kelly
So here's one. China is accusing the United States of fabricating Volt Typhoon to hide its own Hacking campaigns.
[29:45]
Corey
So we hacked the ISPs. I mean, that's a good.
[29:51]
Kelly
ISP is, which I think this is great.
[29:53]
Corey
No, no, we subpoenaed the ISPs. It's a different word.
[29:56]
Kelly
No, no, no. If you go to like the telco providers, like if you go to New York, you go downtown for like Verizon's Data Center AT&T's data center. A lot of the major, major ISPs in the United States have skiffs in the middle of their main ISP facilities that you have to go up and you have to badge and you have to get into. So I would think it's funny if like the NSA is like, yeah, we hacked this network, which we already had a skip, which we already had taps to absolutely everything.
[30:24]
Corey
Okay, fair.
[30:25]
Kelly
That's insane.
[30:26]
Ryan
The FBI and the insistent just came out last week and advised businesses to start using end to end encryption messaging over email, which is not going to happen ever. But like, I mean, they're out there. So I mean, if the federal law enforcement in federal SecOps is trying to advise people to use, you know, encrypted messaging because of this Chinese telecom situation, they'd be shooting themselves in the own, in their own foot if like that was the, the game.
[30:54]
Corey
Right?
[30:54]
Ryan
So I agree, I agree with you 100. I didn't know they had skiffs in the eye in the, in the data centers though.
[31:00]
Kelly
No, they do, they do. And it's specifically why they're there. And it depends on the law enforcement agency that you're working with. It makes sense because there's FISA warrants, right? And if any of those communications leave the United States and it's someone that they're communicating with, a person of interest on the other side, you can get a FISA warrant. We don't, let's not get into that too much, but you can get a FISA warrant and that data immediately has to get dropped into a SCIF or it has to get pulled off. So if you think about it, it starts to make sense why we have skiffs in these telco a little bit. I can't speak to the FBI because I haven't done much on that side of it. But I'm assuming the FBI has similar type capabilities whenever they have warrants that need to be executed to get certain data sets that they have those facilities to be able to process that as well.
[31:45]
Corey
Okay, so I'm, I'm like confused here. So the, the FBI has access to everything and why would like, why would they publish that. That's. To me, Jerry's point. That's basically proof that China's actually in the ISPs.
[31:57]
Ryan
Yeah, that's right. That's what I'm saying. Like, it's bad. It's bad. Yeah.
[32:01]
Kelly
I want to clarify. They don't. They can request it from the ISPs, but the FBI just can't sit there willy nilly and be like, you know what we're going to do? So we're going to start intercepting Alex's communications. You have to have a warrant. You have to actually have that exercised appropriately by the ISPs that are out there.
[32:18]
Corey
Right. Whereas China is doing that.
[32:20]
Kelly
Well, China, which. You know what, Maybe that's what's going on, is the United States allowed China to hack into our networks because once that data leaves our networks and China steals it and it goes over to China, we're hacking China so we can get that intelligence without having to get a warrant on that data. Because once it's there, we don't need to get a warrant for it because China's going to. They've already hacked it for us. So there's a conspiracy wrapping that makes perfect sense. It's like a tur. Duncan of a conspiracy.
[32:52]
Corey
Oh, my God. All right, let's talk about Krispy Kreme.
[32:55]
Kelly
Krispy Kreme.
[32:57]
Corey
Does Krispy Kreme have a little light? They turn on that when they get hacked. That says recently compromised.
[33:02]
Kelly
I. I think that would be great.
[33:07]
Joff
And discounted.
[33:08]
Kelly
Why is this light blinking, Tim?
[33:13]
Ryan
Krispy Kreme manufacturer, right? I mean, manufacturers get hit, they manufacture donuts, knock them out. You know, it's a ridiculously sweet. But, you know, I think it's more insidious than that.
[33:26]
Alex
They're really trying to demoralize America right before Christmas and our big consumer season.
[33:32]
Corey
No, no, hold on, Kelly. If they were going to do that, they would take down Domino's Pizza, which we know is the intelligence backbone of America. If they're order. If Washington D.C. can't order pizzas, then we know the entire country grinds to a halt.
[33:47]
Kelly
This is.
[33:48]
Joff
What about, you know, that maybe a coordinated attack on all three. Right? Take down Krispy Kreme, Domino's and Starbucks at the same time.
[33:54]
Kelly
Oh.
[33:55]
Jerry
Oh, my God. Oh, my God. Why did you mention.
[33:57]
Kelly
Gosh, why are you helping evil people do evil things.
[34:01]
Corey
You just upped the threat model. Space Force is going to kick down your door and say, why'd you just leak this is.
[34:07]
Joff
Okay, so pays me to think evil thoughts.
[34:10]
Kelly
Let's be honest, last week's show sucked. I thought it was a great show from perspective. A lot of different things. Last week show.
[34:17]
Corey
Thanks John.
[34:17]
Kelly
Last week's show was like everything sucks. It's all burning down. Computer security is a myth. Fu. We're going away.
[34:25]
Jerry
It was about. All right, you were definitely putting off that energy.
[34:29]
Corey
So only positive articles then.
[34:31]
Kelly
No, no, no, but I want to, I want to. We were talking about there's no financial impact to companies that get compromised and they're like there's going to be a 2% hit on stock price. I don't know where they're at now. Let me open that up. But this also gets into something that we talked about like last week where you don't, you don't see a financial impact to these companies getting compromised. Is this just another example of like how that holds true? Like hack happens. Like stock dips a percent for a day or two and then it's back up 5.
[35:06]
Corey
I mean I think for a company like Krispy Kreme, what, what sensitive information could they possibly have? Like whoever ordered the most donuts, the.
[35:13]
Bronwyn
Secret recipe, credit cards and, and you know, the standard financial stuff.
[35:20]
Joff
Yeah, the standard financial stuff and the.
[35:22]
Corey
Secret recipe, that's all intend encrypted. Says the security administrator. Cat, you don't need to worry about that. Verisign took care of that.
[35:29]
John
Yeah, but okay, so go back to John's point. Like what's the biggest cyber security related event of the entire year? Right? Without question, it was the blue screen of death with crowdstrike above the previous set price.
[35:43]
Jerry
Like are they really, they made it.
[35:45]
John
All the way back and now they're ahead of what they were.
[35:47]
Joff
Well, you know, I think that just shows you just how myopic and short, short memory people are. I mean they just, you know, they're just like ah, you know what's next week's news is going to be something else. And they just move on.
[35:57]
John
And I thought it was going to.
[35:58]
Kelly
Be a little bit longer.
[35:59]
John
I thought they would miss projections.
[36:02]
Jerry
You could have made up here. We could have made a lot of money.
[36:05]
Ryan
Okay, I would agree with that.
[36:07]
Bronwyn
Honestly, how much of this is incident fatigue? I mean 10 years ago, 15 years ago, a breach was a big deal because it wasn't happening all the time or if it was, it wasn't getting anywhere near as much pr. Now every time you open a stream, a magazine, newspaper, whatever your preferred mode of news assimilation is, you're going to see at least three to 10 mentions of a breach by Someone against someone.
[36:42]
Corey
It wasn't a breach. It was a normalized cybersecurity incident.
[36:46]
Joff
So one of our listeners made the comment. Can't. Can't never would just made the comment. We should give out awards. So if we have BHIS breach of the year award, that would be kind.
[36:56]
Corey
Of a breach they do not accept.
[36:59]
Jerry
Jerry, what were you gonna say?
[37:00]
Kelly
Jerry, it is the ponies.
[37:02]
Ryan
I mean, I put it, I put it in chat. I'm fully on board with this tribe's idea that the stocks bounce back. Like target set the tone and then it took three years and then there was like shorter periods of time between the, the waves of when you would recover. But with CrowdStrike, it was like a developer issue. And you know, it sucked, obviously, but, but it was, it was like a normal engineering issue. Solar winds, maybe I'm cherry picking a black swan event, but Solar Winds never fully recovered their value and they were penetrated super deep. It was a Russian target. It was, it was deliberate mission and, and, you know, so it's not always the case. Again, I hate, I hate to like, I don't know if I'm cherry picking or not. I don't have a big enough data set to say, but it isn't always the case. And I know specifically because I was like, when Solar Winds happen, I'm like, all right, finally I'm jumping on this like, get rich quick scheme. And like, you know, it's like. I know.
[37:54]
Kelly
Yeah. But just for the record, if you would have done that with CrowdStrike, here, can someone post this?
[38:04]
Tim
Yeah.
[38:04]
Joff
If you, if you'd shorted CrowdStrike those.
[38:06]
Kelly
Two days, if you went CrowdStrike, Ryan's going to share this here in a second. And I think that this really articulates it. So I just posted the link.
[38:16]
Ryan
Oh, yeah, it's like a bitcoin.
[38:18]
Kelly
Now switch it over to one year.
[38:20]
Ryan
It looks like one year.
[38:21]
Kelly
There you go. That's real interesting, isn't it? So if you're looking at it at its peak, it was about 200 and what was it? 389. And today they closed at 392. Today they're at 388.
[38:37]
Corey
Close to their all time high. Yeah.
[38:39]
Kelly
So yeah, we're like, seriously, you know, Jerry, if you were, if you were playing that game of selling them like right at the bottom, you would have made out like a freaking bandit.
[38:48]
Ryan
Oh, yeah.
[38:49]
Corey
I think this is just survivorship bias. A little bit of like the companies, like, you know, we, we talk about companies a lot that get breached on the show and how many of them actually end up surviving? I don't know. Maybe not huge publicly traded companies which are just big enough to make it through almost anything. But um, well, yeah, I mean, I think, I think we're, I think. If. Okay, here's a great pitch. Are you a current intern or are you looking for an internship? Maybe email us and say I want to do research on the public impacts of breaches. And like, if you're a grad student, make that happen for yourself. Publish a paper about it. Like someone needs to research this and like look at like the impacts of different types of breaches on different companies, whether they're publicly traded, private, how much is covered up, Solar winds. Like it could be super interesting to see like a meta analysis of all the data, all that.
[39:37]
Tim
I mentioned that in chat because I swear somebody had done that, that built a, like a portfolio. Just kind of tracking like if you bought like post, post breach, like this company had announced a breach, you buy right away and that that's your portfolio, that they built that portfolio or simulated that and they're like, yeah, you would just make piles of money doing that. I thought somebody did that. People in chat are like, that's fascinating. So you should research that. And I'm like, I thought somebody did. But if not, that'd be an excellent thing to, to check out.
[40:06]
Joff
Even better if they publish the average percentage downturn because then you could just pick the top cybersecurity companies in the industry, set up your buys on, on a, on the downturn and wait till it triggers and it's automatic trades.
[40:20]
Corey
All right, let's talk about silence.
[40:22]
Alex
Oh, Kelly, one more quick thing here. Let me just remind everyone here, gently of course, that we're talking about material impact and that's really what's reflected in the stock price. And we really didn't evaluate material impact until the SEC started us, started asking us to disclose that. So we're dealing with, can I say, baby data. We really don't know.
[40:48]
Kelly
No. Agreed.
[40:49]
Bronwyn
Although one thing that we do know though, and 12rza posted it a while ago, is that the small and medium sized companies that have any type of an incident, especially a breach, 60 something percent of them go under, usually within a year. So it's, it. This is where we're, we're getting a disparity. The incidents that make the big headlines are usually large multinational conglomerates, but the vast majority of the real incidents are on much smaller players who aren't going to get the press.
[41:27]
Kelly
So Bronwyn, I kind of want to pick on that just a little bit. So do you think that we're honestly looking at things in terms of first nation, second first world, second world, and third world infosec, where if you're a Fortune 100 company, you're going to weather it it right, you're going to make it through. If you're small mom and pop, you're in that third world country status, you ain't going to survive it.
[41:50]
Bronwyn
I'd say that's the rare analogy. I mean, it's, it's, it certainly matches the, the behaviors and what happens because.
[41:58]
Joff
Probably even put them into market capitalization buckets and.
[42:01]
Bronwyn
Yeah, yeah. I mean, I've seen small mom and pop organizations and they don't have the bandwidth, they don't have the resources, they don't have the expertise to be able to do anything other than trust that their ISP is somehow going to have the appropriate filters. That's what they're paying for the, the AI network protection for. They don't have an understanding and they're never going to have the resources because they're resource poor. Whereas cream, they have more resources.
[42:36]
John
I think you're spot on. I mean, like the small, small business, let's say a big company, giant company, this isn't even good numbers. Loses 10 of revenue to an incident versus a small mom and pop, right? Giant company, they lose money all the time. Like, I'm amazed that Twitter was able to lose billions for years and they keep on chugging. Right? Whereas a small mom and pop, they don't have infinite money glitch to fix that.
[42:58]
Corey
So they called Venture Capital 100.
[43:00]
John
You're right.
[43:00]
Kelly
Yeah, yeah, yeah. All right, let's go to something fun.
[43:04]
Corey
Talk about silence, huh? So, John, are you, Are you gonna make silence? Is, Is someone gonna make silence great again? Does that happen?
[43:12]
Kelly
So good night, Joff. Silent. So, okay, so BlackBerry is gonna sell silence to Arctic Wolf.
[43:23]
Bronwyn
Oh, what?
[43:24]
Corey
No vendor bashing. Okay, now, does anyone have anything nice to say? Does anyone have anything nice to say?
[43:30]
Kelly
Hey now. Hey now. Hey, hey. Keep it cordial, Joff.
[43:34]
Corey
Do not unleash.
[43:36]
Jerry
But what does BlackBerry have?
[43:37]
Kelly
A little free to rip on BlackBerry. What the hell?
[43:39]
Corey
BlackBerry messenger, dude. That's what FBI still uses.
[43:42]
Jerry
That was like the first messenger that had read receipts and my managers used to make me install it so they could see when I read their messages.
[43:48]
Corey
Oh, my God.
[43:49]
Kelly
Oh, my God.
[43:50]
Ryan
Awful.
[43:51]
Jerry
Yeah, that was like.
[43:55]
Joff
All I can think of is, is the, the weird beers that arrived at John's.
[44:00]
Kelly
Oh, my God.
[44:01]
John
That's Right.
[44:02]
Kelly
I didn't. I didn't. I think I can. I think I can find those beers.
[44:06]
Corey
Don't worry. They're getting acquired, so it's safe.
[44:08]
Kelly
We had that thing with silence. I think it was in 2017 where I was trying to get sued by silence.
[44:16]
Corey
We should have acquired them. Let's be honest.
[44:18]
Kelly
Probably, you know what? We might have that option. But it worked. Didn't work out. They didn't sue us. But they wanted to. But they realized that if someone is super excited about being sued, it's probably a trap. Crap. Which it was. But after that whole entire thing went down, all of a sudden I received this case full of beer and it was like dark. Abbey Brewing, I think was the name of the company. I can't remember.
[44:43]
Corey
Lost Brewing.
[44:46]
Kelly
Lost Abby.
[44:47]
Jerry
Yeah, Lost Abby as a beer company.
[44:49]
Kelly
Let me see if I can go to their website.
[44:52]
Corey
I didn't drink it, but I remember I had it.
[44:55]
Kelly
So they had these beers and it was like Judgment Day was one of the beers was the other one.
[45:03]
Corey
It's all like apocalypse themed beers.
[45:06]
Kelly
There was Judgment Day. There was a Liar beer. I can't remember, but they looks like they have different beers now. So, like, if you looked at all like, you know, like Lying Bastard Ale, I think was one of them. Joff, I'm not sure.
[45:20]
Bronwyn
That's actually pretty good stuff.
[45:22]
Joff
John Cole, maybe. I just remember John saying, I'm like.
[45:25]
Kelly
This is your beer.
[45:27]
Joff
John's like, I think they're trying to tell us something.
[45:30]
Ryan
Chop.
[45:31]
Kelly
Yeah.
[45:32]
Corey
So do you think that's what Arctic Wolf paid for? Is it some. They just sent some beers over.
[45:36]
Kelly
Maybe they did. Maybe they did, but it was. It was. We actually had a fantastic meeting with them. And I won't get into the details, but it was a. It was a good meeting. But boy, have we like, what other security companies have fallen as far as silence. Like silence rocketed in ransomware and you saw them everywhere. And it just seems like CrowdStrike and it seems like Crowd Strike and Defender just destroyed Silence.
[46:03]
Corey
Maybe something had some brain drain. I don't know. I. It's. Oh, no, they know the full history because I feel like it was. They were really good. Then all the cash cow tipping happened. Then they had. Then they kind of recovered from that. Then they had like bad brain drain. And I think they've never really recovered. Then they got acquired by BlackBerry, tried to recover. Now apparently blackberries selling it to Arctic Wolf. I mean, I feel like the moral of the story here is, congrats, Arctic Wolf on Being big enough to acquire an edr, that's pretty cool, right? Like that's a big deal.
[46:32]
Kelly
And it's good, it's good thing for Arctic Wolf. Right? Like, like and, and our fun times.
[46:38]
Joff
With them happen to intersect with a period of time they were about to go public, which we didn't know.
[46:46]
Kelly
What do you mean? What do you mean? We chuff.
[46:48]
John
Like, I mean, I just.
[46:52]
Corey
Which is good that you didn't know that because that would have been insider trading.
[46:56]
Kelly
Right.
[46:57]
John
If you're a sock vendor and you use, you use Silence, do you swap it? Because now you've got a competitor and be like, well, we could integrate with Silence better because we own them.
[47:07]
Kelly
Yeah.
[47:08]
Jerry
What did Kaspersky switch into? That's what you'd switch to really?
[47:11]
Kelly
Arctic Wolf. Arctic Wolf is going after that S1 market, the Sentinel One market. Really? Yeah, because you don't see our, like, I know someone from Arctic Wolf is going to get pissed, but you don't see Arctic Wolf and like the very large corporations of the corporations that want best of breed, like they're very much a cost conscious vendor in this Space and Sentinel 1 and the SMB space has just crushed it. Huntress I think has come up quite a bit. But seriously, that's where Arctic Wolf, like, that's where they play. And like Sentinel 1 is an EDR and Huntress has their own product and things like that. But, but holy hell, like if you're, if you're Arctic Wolf and you can keep the price point that they've been at and you're running Silence, but honestly I don't. When's the last time we saw Silence in a test, guys? Like we saw it all the time, constantly. And then it was just like overnight. It's like crowdstrike everywhere. So I don't know if they're running at the same like quality that they were back in the day. And I would check the MITRE evaluations, but screw that, I don't trust anything from them. But it's just, once again, I think it's a great acquisition for Arctic Wolf. But you're right, what Arctic Wolf is going to do is going to push people to using Silence as their edr. And it further makes sense because a lot of different MSSPs or Sox, they, they have to buy another EDR and they're paying for that EDR to deploy on their customers. So really it's going to make Arctic Wolf's position in the market much, much, much more strong if they can provide the EDR and the SoC services on top of it.
[48:43]
Ryan
So can I just comment really quickly, like, something that I had to fact check before I did this. Something that blows my mind. Arctic Wolf is acquiring it for $160 million, which is not, you know, cheap. Right. That would be life altering for everybody.
[48:57]
Kelly
But it's not what you think it would be.
[48:58]
Ryan
Well, but BlackBerry bought Silence in 2019 for $1.4 billion. So somebody is absolutely taking a bath on this. I mean, like, five years ago they spent 1.4 billion, and now it's on like the front lawn at a yard sale and they're like, ah, what do you. 160. You'll take it. Just, you know, like back your pickup up, I'll help you load it. Like, it's crazy to me how, how. How discounted it is. I. I didn't do the math. It's like 80 or whatever. It's. It's insane. It's probably more than that.
[49:29]
Kelly
See, this is the dark side of like, VC funding and stuff. Like, everyone's like, oh, well, you know, someone made a billion dollars off of CrowdStrike or whatever. They just lost. Like, like, let's just round up a billion dollars.
[49:41]
Ryan
Yeah, yeah.
[49:42]
John
And round down the stock.
[49:44]
Corey
No, the, the round down.
[49:45]
Ryan
Yeah, 1.2 billion.
[49:47]
Corey
Yeah, it was about 200 mil. Because the stock was worth about 6.
[49:50]
Kelly
Was it? So, okay, so they lost 5.5 million.
[49:53]
Corey
Shares of Arctic Wolf at 8 bucks a share.
[49:57]
Jerry
Oh, my God.
[49:58]
Alex
So what's left at BlackBerry now?
[50:01]
Ryan
Well, yeah, I mean, that was like their big play to like, reinvent themselves cyber. Right? I mean, I don't know. I actually saw like, on a, on a, like a stuff or list, there's an attachment you can get for your iPhone now that puts a QWERTY keyboard on it. Like, I don't know if anyone else saw this, but it plugs into the USBC and you can get a BlackBerry keyboard. Now, I would totally.
[50:20]
Kelly
BlackBerry devices.
[50:22]
John
I don't know what the stat is, but the, the ECC crypto. My understanding is maybe this is old. BlackBerry owns that. So, like, they got the patents and stuff like that. So I'm trying to remember the exact details on some of those pieces, but that's not exactly the cheapest. I need, I need. I need a Jerry do Gerald to fact check for me.
[50:44]
Ryan
Yeah, yeah, yeah, no, I'm gonna pull it up. I saw it in, like, who. Maybe. Maybe it was like on TIMU or something where they don't give a damn about rules. But let me, Let me. Give me a second. Tim, I'll. I'll see what I can pull.
[50:54]
Corey
Yeah, I have no idea what.
[50:56]
Ryan
Expired.
[50:56]
John
Expired, like a decade ago. Not quite, but. Okay.
[50:58]
Corey
I'm reading their wiki now and I still have no idea what they're doing these days. It looks like they're just acquiring companies and selling them at a great loss.
[51:06]
Joff
Well, you know, to quote Elon Musk, patents are for the week, so.
[51:11]
Kelly
Patents are for the week? Yeah, BlackBerry owns a bunch of IP. It's kind of like Nokia. Like, it was like, Nokia is dead. Nope. They're making a ton of money off their patents. Like, they're doing just fine. Which is a weird business model as well. Was BlackBerry in the auto industry? I'm not sure.
[51:29]
Corey
God, I hope not.
[51:30]
Ryan
In the what industry? Audit.
[51:32]
Kelly
Audio Auto.
[51:34]
John
I don't recall that.
[51:35]
Jerry
I really like that keyboard.
[51:36]
Ryan
There you go. I mean, this is a Wired article. The whole. It's the whole case.
[51:43]
Bronwyn
Yes.
[51:44]
John
Okay.
[51:45]
Bronwyn
Interesting.
[51:45]
Corey
I talk about this takedown of Adidas.
[51:48]
Kelly
There we go.
[51:49]
Corey
Net. That's an uplifting article.
[51:51]
Joff
Jerry just fished us. I clicked on it immediately.
[51:54]
Ryan
Oh, yeah, yeah, Excellent. Just put your creds in, Jeff. It'll be fine.
[51:59]
Joff
All right, man, thanks.
[52:02]
Corey
So this is. Ryan will find the article for us. But. Takedown of a DDoS for hire provider by Europol, which is. I think that's pretty cool. I mean, that's just an uplifting thing for everyone, right? Grandma's computer gets removed from a botnet number one.
[52:18]
Ryan
I'm sorry.
[52:22]
Jerry
You should have been hitting buttons earlier.
[52:25]
Ryan
Sorry about that.
[52:26]
Corey
No, you're good. Okay, you guys lost me.
[52:28]
Alex
What are we talking about?
[52:29]
Corey
DDoS takedown. So Ryan will find the original. He's. He's good at that. He's. I see him here in the. In the. The.
[52:37]
Alex
Did somebody spell that for me?
[52:38]
John
DDoS.
[52:41]
Corey
No. So DDoS, I will say, has become kind of like the. I don't know, just the default way of getting hacked. It seems like if anyone stuff goes down, they just assume it's a DDoS. Yeah, I mean, it's just a normal takedown of a DDoS network. But it says they have two people in PR that are being four suspects between the age of 22 and 26. And it was up to 15 countries, law enforcement involved. There was 300 users on this site. So 300 people were paying to DDoS. Other people.
[53:09]
Ryan
I love it. I love it. I wanna. Dude, I wanna like pants off baby oil. Interpol, Europole. I love this international cross collaboration. The United States just worked with the like Slovakians to take Down a bunch of people. It, like, just raiding all over the place. People need to be worried about it. Dude, People in Eastern Europe are just operating carte blanche. And it's. It's like, enough. We're done. We're done.
[53:34]
Kelly
I just want everyone to know that I too, am very happy, but I'm happy in a way where I keep my pants on and say, I'm gonna keep. No baby oil is involved.
[53:42]
Corey
Baby oil party. Sounds like you need to learn how.
[53:46]
Kelly
To party for later.
[53:48]
Tim
This is why he wins.
[53:51]
Ryan
Independent thoughts. Those are two independent thoughts. You got to be able to, like, move quickly. Like, it's just so exciting that you want to, like, party. It's so someone's trying to grab you.
[54:01]
Corey
If someone's trying to grab you and you're covered in baby oil, it's going to be hard. So that's good.
[54:05]
Alex
We need the Ranch Awards, because that was pretty good.
[54:07]
Kelly
I'm feeling every one of those.
[54:09]
Joff
I'm over 50 years right now.
[54:11]
Corey
That's because you aren't using enough baby oil.
[54:15]
Kelly
Still exists.
[54:17]
John
Like, doesn't everybody use Cloudflare? Like. Like, Cloudflare is the Internet these days. Doesn't everybody run it through there? Like, I just. It's weird.
[54:24]
Corey
Like, yes, definitely, everyone is using Cloudflare, including Red Siege dot com.
[54:29]
Ryan
Well, and I know that we're talking about this, but another interesting thing, because we mentioned it earlier about how Russia doesn't necessarily do anything to Eastern European threat actors. Russia just took down. I think his name was Wazawaka or Waka Waka, kind of like Fozzie Bear type thing. And he was like, a prolific ransomware threat actor operating with kind of different. Different actors. So, like, everybody's getting in on it. Although I suspect that that guy didn't play.
[54:56]
John
Yeah. Did he fall out of second story window?
[55:01]
Ryan
Well, he's been arrested. He may have had an update to his current health.
[55:04]
Kelly
He fell out twice. It was scary. He didn't learn the first time.
[55:09]
Ryan
Yeah. So I just. I just love it. I love the cross collaboration because I don't know if you guys have ever read or listened to the audiobook of Andy Greenberg's Tracers in the Dark, where he talks about cryptocurrency. It's a phenomenal book.
[55:23]
Kelly
If you.
[55:24]
Ryan
But. But he covers AlphaBay and he covers Silk Road, and when you. When you read the AlphaBay story, and it took. The takedown was in Thailand, but it was the IRS and the Department of Justice. This, like, when you're dealing with all these different entities, there's a lot of like, territorial pissings and a lot of like, flexing on each other and who has the right to do what and sharing and.
[55:44]
Kelly
I have no idea. Jerry, tell us more.
[55:48]
Ryan
So seeing what they do now, it's just. I love, I love. I don't know if people are just collectively fed up with threat actors doing what they're doing, but the, the collaboration and integration, it's just. It's just awesome. It's like they're all in the same Slack channel and they're able to like, quickly pivot and move. It's like, it's phenomenal.
[56:06]
Kelly
But that's so rare. And I. And I think that when it does happen, like you said, it's something to celebrate, but it's always for like a specific thing. Right. It's not like continuous collaboration where they're keeping those modes of communication open with each other constantly and, and you know, going back to what I was talking about with the intelligence community and kind of a different approach, it's like, same problem. Right. And I think a lot of it boils down to like, who's. Whose iron rice bowl is it? Who's going to get credit for this? And it's great whenever organizations get together and they put those egos aside and they just focus on getting things done.
[56:39]
Ryan
Yeah. I hope it's the beginning of a trend. Start trending in the right direction.
[56:43]
Kelly
Got looming. Tower is another good book about agencies not working together. Yes, I know that one well. So. Well, do we have a last story for the, for the week to close out?
[56:53]
Corey
I mean, I. All my stories are just bad jokes about data breaches. I was going to joke that, you know, it's a positive story that there was a senior dating website that had 765,000 users breached. I mean, kudos to the old people for getting out there. That's good for them. Like the fact that there's near a million users on a senior focused dating site, like that is a sign of the times.
[57:16]
Joff
Not in the data.
[57:19]
Alex
So all of us might be on there.
[57:22]
Bronwyn
Corey.
[57:22]
Kelly
All of those people now have lifelock for life.
[57:25]
Corey
There's like, it is kind of a such a, like, visual into the person who wrote this article calling it a senior dating website. And it's just 40 and over. Like, oh, no, that's kind of. That tells you. That tells you what the average age of a threat actor is.
[57:43]
Kelly
What?
[57:45]
Joff
Now I'm offended.
[57:46]
John
Damn kids these days.
[57:47]
Corey
But the website was just ladies.com, which I love that too. That's such a good name.
[57:51]
Kelly
For dating, actually. Are you sure it's a dating site that sounds like it's tv like the.
[57:56]
John
Biggest catfish site of all time, right?
[57:59]
Kelly
No, no, no.
[58:00]
Corey
The word ladies. Listen, the word ladies is untar tarnished. Okay. That is a. That is a classy word.
[58:07]
Kelly
Yeah. As a 46 year old man, that's your heart. What the hell, man. What the hell?
[58:15]
Corey
I will say though, if you like adjust, if you like gray down a curve based on who's in the dating pool, it is kind of like, it makes sense.
[58:22]
Kelly
I like Michael. Michael Robertson's. You mean Facebook got breached that comment? That comment hits hard.
[58:33]
Joff
My daughter tells me Facebook's for old people all the time.
[58:36]
Kelly
Yeah, she's like, Facebook sucks. No one likes Facebook here. Check out Instagram. It's so awesome.
[58:41]
Corey
It's so different. It's definitely not the same.
[58:43]
Joff
Tick tock in your life, Dan.
[58:45]
Corey
Oh, by the way, did we talk about. I know, like follow up. I know, but like apparently. Did we talk about this? They actually sanctioned U. S. A Chinese company, the US treasury did, for the whole like ISB stuff. I don't know if we covered that, but it seems that's a big deal in my opinion.
[59:01]
Kelly
I. What was the company and it was.
[59:05]
Corey
Called Sichuan Silence, which I do love.
[59:10]
Kelly
Good name.
[59:10]
Corey
Were they. Were they all about numbing the network?
[59:13]
Kelly
Now I can't remember the article that was talking about the Chinese hacking groups where there are legit quote unquote, like pen testing style companies, man. They basically get roped into doing offense cyber offensive operations for the Chinese government. And, and I'd have to find that article again.
[59:31]
Corey
Yeah, I guess I'm just like. I'm still thinking back to like why are no US companies being sanctioned by.
[59:36]
Kelly
And. And I think a lot of it that people don't understand is that there's very little like, like daylight between corporations in China and the Chinese government. Like it's not like like yeah, at any point any of these Chinese organizations can be leveraged. So I could totally see why they're sanctioning this specific company. Yeah. Because it's very, very, very strong possibility that they're actually involved directly in the, in the attacks. But yeah, their government and their, their corporate infrastructures are pretty much the same thing. They're very much tied into each other.
[60:08]
Corey
Yeah, I don't know. Anyway, we talked about it, so I thought it was an interesting follow up.
[60:13]
Kelly
I love how they had that. Can you put that picture back up? How they had the. Had. They had the picture of one of the hackers Serif just had a quote. It was basically like every time they talk about some hacking criminal mastermind, it always is some like 21 year old scrawny kid or 19 year old scrawny kid.
[60:32]
Corey
How did they find him? Probably from ladies.com.
[60:34]
Kelly
Probably on ladies.com. here's a quote from.
[60:37]
Ryan
He has certain taste.
[60:38]
Kelly
It really wasn't a joke. It's always great to see the news. Criminal mastermind caught. And it's a picture of the scrawniest 19 year old you've ever seen. Is the person that does the thing.
[60:47]
Bronwyn
They don't have a life yet. So of course it's a scrawny teenagers.
[60:51]
Kelly
Yeah.
[60:51]
Corey
Are you telling me that people without fully developed brains tend to make bad decisions sometimes.
[60:56]
Kelly
Really?
[60:56]
Jerry
Yeah.
[60:57]
Kelly
Does that ever get better?
[61:00]
Corey
Life.
[61:00]
John
Now that at 47.
[61:01]
Kelly
What? Let me get back. It's like Tim, whenever we have people that are young and impressionable, they're like, I want to start a pen testing company. And I think Tim's giving the same advice I gave years ago. First thing is, don't you know that.
[61:14]
John
Was John's opening line. Hey, I'm starting. You're not gonna listen.
[61:20]
Kelly
So here you go. Here's all our templates and everything.
[61:25]
John
So 100.
[61:27]
Corey
So, okay, if we're. We have a few minutes left. Let's talk about some other notable events that happen because this is gonna be our last show for 2024. We're not going to be back until 2025. So what else happened? Crowdstroke happened. Jerry won the Difference maker award. Congrats. What else happened in 2024? I can't remember.
[61:45]
Alex
The national data broke.
[61:46]
Kelly
Something about snowflakes.
[61:48]
Corey
Oh, yeah. Snowflake happened. That was a big deal. We're still seeing the fallout from that. I talked about info stealers 4274 times.
[61:56]
Kelly
I ranted. I ranted at least twice. I remember.
[62:01]
Corey
Only twice? No, you made more.
[62:03]
Kelly
That's all I can remember.
[62:05]
Corey
He ran in twice for everyone at Wild West Best.
[62:10]
Kelly
I wanna, I wanna clarify something. Every time that someone says that Jerry won, you're wrong. Jerry earned it.
[62:16]
Ryan
Thank you.
[62:17]
Kelly
And there's a difference between those two things, so.
[62:20]
Ryan
That's very kind of you, Sean. Yeah, but it was good. You know what Was weird about 2024? I don't know if anyone else had a hot take on this, but it seemed like in the first half of the year, like mortgage companies were getting hit. Like there was.
[62:33]
Kelly
It was big.
[62:34]
Tim
Yeah.
[62:34]
Ryan
Multiple mortgage companies. And I was thinking, like, what?
[62:36]
John
What? Why?
[62:37]
Ryan
Like, you know, I Could get like, law firms or tax accountants and stuff like that because of the client base. But mortgage companies just seem, like, odd, and then it just stopped. Like, I don't know if you guys noticed that, but, like, it just. They stopped. So I don't know if anyone had, like, a hot take on. On the motivation behind that.
[62:52]
Joff
I think people are just pissed off on interest rates.
[62:55]
Kelly
There you go.
[62:55]
Joff
Okay, we're gonna do a hack.
[62:57]
Kelly
I defend something. I don't know.
[63:00]
Corey
That's a different industry that you're talking about, the healthcare industry, which is definitely heavily targeted in 2024.
[63:06]
Kelly
Yeah.
[63:06]
Corey
The change healthcare thing happened this year. That was big, right?
[63:09]
Ryan
Yeah, that was.
[63:10]
Corey
Or was that this year? Or was. I don't even know when that was.
[63:13]
Bronwyn
Don't forget. Move it.
[63:14]
Kelly
Move it.
[63:15]
Corey
That was 2021.
[63:17]
Kelly
Well, that kept lingering.
[63:18]
Ryan
And 23. Right? That was the progress one with clop ransomware.
[63:23]
Kelly
Yeah.
[63:24]
Corey
Yeah.
[63:26]
Kelly
Can you all start prepping for the show where we come back in 2025 and instead of predictions. I hate infosec. Predict predictions. Episodes, they just. Because it's always. It's AI.
[63:39]
Ryan
That is true.
[63:40]
Corey
AI was a big thing.
[63:41]
Kelly
It was.
[63:42]
John
It was.
[63:43]
Kelly
But here's what I want you all to do. We're not going to do predictions for 2025. I want us to predict what's going to be ignored and continue to be ignored in computer security. Like, what are they done? Like, I, you know, I can just throw some things out there. Cell phone security, like, gonna connect. Continue to ignore that shit as long as we possibly can. So. But what other things in computer security have we ignored? And are we going to continue to ignore moving. Moving forward? So what are the things we're not talking about in computer security? So that's your homework, everybody. So while you're drinking that eggnog, can I say, yeah, grc. Absolutely, Kelly. That's. That's Evergreen. Like, you know, everyone ignores grc. It's just we're.
[64:33]
Ryan
We're making it cool. Kelly and I are, like, pushing it.
[64:35]
Kelly
To the front guys. And then we got the shirts and the hats from Zach. Like, we're trying to make it cool because, you know, we always talk about how security is a continuous process and then promptly on grc, people, right? It's like, oh, it's a process. Yeah. You know, you got to do it. It's not. It's a marathon, not a sprint. Hey, screw the guys over in GRC that are literally, I don't know, lubing up for a sprint or lubing up for a. A Marathon.
[65:01]
Corey
I feel I have so much hat FOMO right now.
[65:04]
Ryan
Look at the GRC mafia fully engaged right now.
[65:07]
Kelly
By the way, you can totally get these run GRC hats at Spearfish General Store. Check them out at Spearfish General Store. The preferred hat by the winner of the Difference Makers award, Cherry Auger.
[65:20]
Joff
Helped Kelly enough in the in recent history that I, I deserve one of those hats now.
[65:26]
Jerry
I agree.
[65:26]
Kelly
I. I would agree with that. Usually I'd be like, I don't know, Joff, but after the past couple of weeks, I say you've earned that hat, sir.
[65:33]
Joff
I think I've earned that.
[65:34]
Corey
This might surprise you, but here at Black Hills we don't really gatekeep who wears the hats. We just let everyone do whatever they want.
[65:40]
Joff
That is a revelation.
[65:42]
Ryan
I'll wear my one of one hipster hat here. There we go.
[65:45]
Corey
Oh, I heard you paid good money for that.
[65:48]
Kelly
That.
[65:48]
Ryan
That hat is donated to a worthy cause for this.
[65:52]
Corey
Oh.
[65:54]
Kelly
So I gotta send you. I got something for you. Just give me a second.
[65:57]
Corey
Is it. Is it a case of beer?
[65:58]
Joff
Just gonna go get it right now.
[66:00]
Corey
Okay. I. Here's a prediction while John's gone and we can do predictions while he's not here because he hates them. My prediction is 2025 will be the first year any company fails PCI compliance ever.
[66:13]
Kelly
So, Jerry, this is the first play test set of the new Backdoors and breaches expansion cards.
[66:20]
Ryan
Oh, right on. Cool.
[66:21]
Kelly
For competitive. I was going to if offline, send me your address. I'm going to send this to you and I think it would be really cool if we can after we release the game, I'll sign them and stuff and send them to you. We can auction them off. Like I would like to find something simply cyber B H I s anti siphon. We find a good cause and we'll auction these off.
[66:44]
Ryan
Oh, that'd be phenomenal. John.
[66:45]
Kelly
The highest bidder. So. But, but yeah, we got the new version of Back Doors and breaches is. We're play testing it tomorrow again so. Nice.
[66:55]
Ryan
Yeah, I'd love to do that. Maybe we get them like framed up or something. Make it, make it like that.
[66:58]
Kelly
It's I think it's like six pages of cards. So we could do, you know, we. I can sign them and like number them and everything. We can do them as like, like six separate ones. Yeah.
[67:10]
Ryan
Yeah. No, that's awesome. That's phenomenal. Yeah. And definitely people would love that. So. Yeah, let's do it.
[67:16]
Kelly
Also, I want to do a shout out before the End of the year, I can't remember the dude's name, but I found this really cool card game called Advanced Persistent Threat. You can get it@boardgamegeek.com I think you can get it on Amazon as well, so please check this out. But it's basically using servers, software malware exploits in zero days to defend your network while you're trying to hack your friends. I saw it at Board Game Geek Conference in Dallas and talked to the author, who was a real, real hacker. Seriously awesome dude. But you need, you need things for people on, on Christmas, for those other geeks. Go get Advanced Persistent Threat.
[68:04]
John
You went to BGG Con? Yeah, I have gone a bunch of times. I didn't go this year.
[68:09]
Kelly
No. So I was supposed to. I'll call you after this and tell you the whole story.
[68:14]
John
Yeah, yeah, okay.
[68:16]
Kelly
No, if you want to go. Yeah, I've gone a bunch of times. Yeah, no, it's an awesome conference and we're going to be renting booth space. It's stupid cheap, but we're going to be doing a booth and we're going to be bringing games down there next year.
[68:30]
Ryan
Where's the location?
[68:31]
Kelly
Physical Dallas.
[68:32]
Ryan
Okay. Okay.
[68:33]
John
It's by the airport, which is a weird spot, but it works for me.
[68:38]
Corey
Just go when you're in the morning.
[68:40]
Kelly
And I came back at night, so.
[68:43]
Corey
All right. Is it time to see everyone in 2026? What?
[68:49]
John
He wants it.
[68:50]
Corey
What? What is that?
[68:51]
Kelly
Is there a child attached to that arm?
[68:58]
John
Get over here.
[69:00]
Joff
All right, little mate.
[69:03]
Kelly
There we go. Happy. Hi, everybody.
[69:07]
Ryan
Little Tim, let's wrap it up.
[69:08]
Kelly
And by the way, I do just want to say happy holidays. Merry Christmas to all of you. It's been, it's been a crazy year, and it's been a really, really great year. It's been a hard year. But I, I, you know, I think it helps when we have community and we have communities that we can work with and groups that we can work with. And one of the things I, I, like I said I won on my tombstone, is his competitors were his best friends. And when I'm looking at Jerry and, you know, you, you've got your own podcast that's been wildly successful. I'm looking at Tim and Red Siege and just everything that you guys do. I think it's an absolute honor to be able to hang out with people like you and of course, other people that we work with all the time and collaborate with. Because the number one goal that we all have in mind is making security better, everyone better. Because remember, at the end of the day, all of our problems in computer security can be solved through education. And always be looking for the people that are educating and training. And I'm just incredibly honored to be surrounded by the group of people at BHIS and the wider tribe of businesses that are making the world a better place. So I'll see you all in 2025. Take care.