2025-02-10 - Walking Through Denver

Corey

Where's the music?

Kelly

Where's the thing?

Corey

No, no. Kelly. Is this your first episode of the News?

Kelly

Good God, yes.

Corey

Okay.

Kelly

Denver, last week.

Corey

All right. Okay. Did you get memory loss? How much did you smoke?

Kelly

Yeah.

Corey

How much pot did you smoke? Just come clean.

Kelly

I don't smoke it.

Corey

The evil la. I walk through it. The evil laugh after that is just too incriminating, man.

Wade

And everyone thought I was the stoner living in San Diego. I guess not, but.

Kelly

So we had a great week last week, didn't we?

Corey

We did. It was nice. For those that weren't there, let me help your fomo. So many fun things happened. We talked about you, whoever you are. We talked about you specifically.

Kelly

We said we missed you.

Corey

We said we missed you. We had some hilarious hijinks at the awards ceremony where multiple people weren't there to collect their award. And John Strand just started calling them on the phone. And yes, one guy. One guy that he called worked for Palo Alto Networks. And so John calls him up and is like, hey, this is John with Black Hills Info Stack. We have a disclosure that we just did at Wild west hack infest 2024. And the guy's just tone of voice is just like, okay. He's, like, terrified. And then John's like, you won the Lego DeLorean.

Alex

Yeah. That disclosure was.

Wade

You won.

Corey

Yeah. John was pulling some evil hijinks, which were very fun. Honestly, the most impressive part of all of it was that people answered their phones. The one guy got a voicemail at first, but then called back. The other guy answered his phone immediately. So you got to give people credit.

Wade

Who answers, like, if. If it's a number that I don't know by heart. I do not answer a phone like that.

Corey

Totally. Wow.

Kelly

When our systems folks call me, I don't answer the phone either because it's usually bad news.

Corey

You should probably put them in your. You probably put them in your phone book so that you don't accidentally get.

Wade

Phished, but do not.

Corey

Security tips are not the point of this podcast.

Wade

Straight.

Corey

All right, roll the finger. Let's do this. Sorry, first time. There's. There's keywords. There's keywords.

Wade

Got it.

Corey

Hello, and welcome to Black Hills Information securities. Talking about news. It's February 10, 2025, and we've got our beloved cast of characters. Ryan's going to be presenting today. His voice sounds great. He's super healthy. Super healthy. He's not gonna go to Denver. He's not gonna spend 10 minutes coughing of his con crust or whatever. We're calling it. What. What is the official con disease? Is it con or. Yeah, so we got our usual friends here. Wade's back with his mustache and full Ted Lasso force. Security is life or whatever he says. Wait, that would be Danny Rojas not to.

Wade

That was. That is really good. Oh, my God. That we. Now I need a T shirt that security is life.

Corey

Yeah, yeah. And then another T shirt that says, do not take this T shirt very seriously.

Kelly

Wouldn't it be insecurities Life?

Corey

That's a different conference, I think. Yeah, that's a different. That's a different conference. So, I mean, the. For the people who weren't there at the live news last week, there was some amazing contributions to the swear jar. We got up, we. We just let the audience contribute to the swear jar, which was hilarious. And multiple people came up to the stage and just dropped in a 20 and we're like, let's effing go.

Alex

Yeah, well, I know there was this kind of doors.

Corey

Like, John was sort of like, I want.

Alex

I want to. I want to talk about this. And I'm like, I got you. And I just like, put $20 there. He's like, okay, go.

Corey

Yeah, it was. We collected over $170 into the swear jar for EFF. It was really funny watching John just walk back to the accounting team at BHIS with a big swear jar, just dump out the big pile of money on their desk and be like, count this and donate it to the eff. So, yeah, it was pretty funny. I guess what we learned is that the in person people really like swearing. That's what we learned. So, yeah, anyway, let's get into the article. So there's an article in Ars Technica that is the top of the top of the list, which is that ransomware payments declined in 2024.

Alex

I read that headline and I was like, were they declined? Like their payments were declined or like, you know, when your credit card gets declined? And I'm like, I wish, but like, no, it's also good news. It just went down in the amount.

Corey

Yeah. So I guess this is good news. This is a report, I guess. Who made this report? Chain analysis.

Wade

Yeah. Is this the chain. There's the chain analysis link is directly under that one in the notion, which actually, like, if you go back to the news that will actually have graphs and pretty. Oh, in the list line. Yeah, there you go.

Corey

So that's like the, you know, official post by Chainalysis. Which chain else is a cryptocurrency, like, crime tracing type firm that does all the fancy cryptocurrency clustering and stuff and would have very accurate data on ransomware payments because they monitor the wallets of all those people. So, I mean, 35% drop year over year.

Wade

The interesting part, okay, so payments are down. Infections are up though. That's the thing.

Corey

So is this because of sanctions? Why are. Yeah, why are the payments going down?

Wade

It doesn't. I, at least my reading through it, it didn't really go into why the payments were going down as much, at least just I don't think they had that information. There was some stuff about, of course, like a couple big ransomware groups being broken up or being stopped, that type of stuff. Right. The other interesting one I think is people hopefully getting better, maybe, probably not. I don't know.

Corey

I mean, it's good, but it's also like, let's talk about. So let's talk about the actual raw numbers. So there's a graph, a bar graph about like the very first bar graph. Basically, it's like the payments in 2023 were crushing $1.25 billion, which is just a astoundingly disappointing number because that's like more money than any will ever see in our lives. Unless Elon Musk is listening, in which case, please stop. 2024 still 800 million. That's so many.

Wade

Interesting part is the first, the first half of the year of 2024 was better than the first half of 2023 too. It was just that second half, there was a huge breakup. It's also very weird talking about this like we would the stock market. Right. I guess.

Corey

And wasn't it, how do I invest in ELF?

Alex

Yeah, wasn't it around like the end of 2023 that I think Lockbit got compromised or something. And it, it made, it made it evident that like, hey, all these places that paid for their stuff to get deleted. It wasn't deleted because here it is right here. Like they said they deleted it. It did not. Like for all the people that were like, yeah, Lockbit isn't. The transformer groups aren't deleting your stuff. And people were like, well, we paid them to delete or stuff. It's like, yeah, no, now it made it clear that they're not. And I think that also lended more credence to the, you know, don't pay them because you're actually not going to get your stuff deleted.

Corey

I mean, I. There was so many. There was a lot of law enforcement organizations that came out in 2023 and 2024 and said do not pay. It got harder to pay. I also do think part of it is genuinely unrest within the ransomware industry itself. Right. So we know that Elfie Black Cat is kind of like ceasing operations. I think there was an article we talked about a couple weeks ago where there were actually criminals. Well, you know, some somehow second level criminals that. That took a payment from a ransomware organization and just kind of ran away with it. Right. So that we've seen kind of like a breakup, a little bit of the ransomware groups. We've seen kind of lack of trust. I mean, we talk about this a lot on this show, but in other places as well, which is that, honestly, the biggest enemy to criminals is oftentimes other criminals. Like, which is just kind of a fun thing to think about, that criminals are more damaging to criminals than law enforcement.

Kelly

I gotta disagree. The biggest enemy of criminals is stupidity, not other criminals.

Alex

And that could be the same thing. Like stupidity could be other criminals.

Corey

But yes, they go hand in hand.

Kelly

Can I put a more Pollyanna spin on this? Could it be that people are actually doing more BCDR work and are actually implementing and testing immutable backups and they're having more confidence?

Corey

Hold on.

Alex

That was.

Wade

A separate jar.

Corey

Let's get a separate jar for the acronym that no one knows. Jar. What is bcdr? Bacon combination. Is it a sandwich? Recovery Business continuity means what can we get paid? Disaster recovery means can we make a really good Twitter post about it? What does that mean?

Kelly

Oh, come on. Now you guys know what I'm talking about. Don't play dumb. Remember, stupidity is not good.

Corey

Are you saying the biggest enemy to the security industry is stupidity?

Wade

I would say.

Kelly

I won't deny it.

Corey

Yeah. So, okay, let's dig in. Well, okay, you're right, because you could argue that you only pay people would only. Although there is the extortion risk. Right. Which I guess I don't know if that's a factor. But you do have a point, which is that I do think people will pay if they have to and not otherwise. Right. Like that is fair. Yeah.

Wade

If we want to get into the numbers, the payment decrease was approximately 34.9%.

Corey

Like, that's a huge 35%.

Wade

Yeah. And then there's some other good stats like Lock bid experience a 79% decrease in payments following the intervention of the UK's National Crime Agency and the FBI's investigation. And then of course, there's Alpha v. Black Cat Group ceasing operations in 2024 too. That also Kind of fragmented the ecosystem. Right.

Ryan

So yep, looking at, looking at the main portions of this. So and going back through the first chart over the years from 2020 to now, there was a bigger drop, it looks like back in 2022. So what precipitated that drop? What precipitated the huge increase from 2022 to 2023? And was this just a revert back closer to a mean, a medium of what the payments normally are? Was there something that actually happened in 2023 that just caused the payments to jack up?

Wade

I can, I can tell you right now why 2022 dropped. Ukraine. Ukraine, the Russian threat actors weren't doing ransomware as much.

Alex

Yeah, that was one of the big drops.

Corey

Yeah. I mean I will say we're getting into correlation versus causation. Right. If you go to, if you go to spurious correlations.com or whatever, you can see how the price of ice cream and Nick Cage movies are directly correlated or whatever. So there, there are like, you know, it's impossible to know why this happened. We're just pointing out some example reasons. I honestly do think the sort of idea of larger groups ceasing operations could have a significant impact. I think, you know, we've talked about like what is an apt, Is it ransomware? Well I think if you consider some of the ransomware groups like Alfie Black Cat, I would consider them APTs because they go for big targets. They're like big game hunting. They're not doing the mom and pop, you know, 50k here, 5,000 here. They're going for like hundred million dollar or ten million dollar payments. So I think like, especially if you look at the graph on, I don't know what, there's not really pages but the bubble graph, it shows like the size of the bubbles is the amount of the payments. There's some, you know, you can see Alfie Black Cats right there in the middle. You can see lock bit is to the left in the top. But these are some bigger bubbles. The interesting ones are like dark angels there very few number of payments but one huge payment. So like, I don't know, it's kind of interesting to look at the data but ultimately we can never know what, you know, why things correlate. But it is interesting. Maybe it'll rise. I could see it rising back or I could see it not. I think it's just going to vary depending on, like Kelly said, business stuff. Are groups even operating and you know, what are the sanctions and complexities of actually paying.

Kelly

Can I add one more Spin to what you're saying there, Corey. So one of the things they mentioned very briefly in the article was crypto regulations. We did see the Biden administration put in some. What's the right word? Executive orders on digital assets, but we also know that the Trump administration basically overturned those orders in January. So we're going to see less crypto regulations. And because of that, we may see an uptick in ransomware. We might see an uptick in payments. We don't know what we don't know yet.

Corey

True.

Wade

What one. One group that they do mention, which I don't think catches as much attention as others, is the Iranian ransomware involvement. Right. Like, of course they're doing it, but you do not hear about them doing it as much as other ones. And then it says, like, the U.S. department of treasury slapped them with some sanctions. I'm like, I'm surprised there are still sanctions to throw on Iran, to tell you the truth. Like, as someone who reads a lot of stuff about threat actors, for some reason, I never really see them moving around in the ransomware. Usually you think of them more of attacking or possibly stealing information. At least my thoughts around it.

Corey

I feel like the more you're sanctioned, the more you would have to turn to ransomware to actually make money.

Wade

Definitely.

Corey

Right?

Wade

Like, totally, totally true.

Corey

That's what we've seen with North Korea. The most heavily sanctioned country, is also the probably the most prolific ransomware threat actor. But yeah. Anyway, any other final thoughts on this before we move on? Let's take a quick stop at Cisco ISE bug. This, I don't think is really that big of a deal. The only reason I want to stop off of this article temporarily is because. So Cisco ise, which is Identity Services Engine, has a vulnerability that is essentially command injection or command execution as root. However, the caveat is that it requires read only auth. You have to be authenticated and you have to have read only access. The joke is, you know, Elon Musk now has read only access to the entire U.S. government. So that's awkward. But yeah. So, I mean, patch your Cisco ise. I will say I don't. Has anyone seen this? And, like, does anyone use ise?

Wade

That's what I was gonna say. I don't see. I honestly don't see a lot of Cisco. Unless you classify Splunk as Cisco, which I still don't. But.

Corey

Is it. Okay, cool. So Ben from Casey says the cool kids pronounce it Ice, like from William Gibson? Isn't that from Snow Crash or whatever?

Kelly

Yeah, I mean that's not Gibson, that's Stevenson, isn't it? Neil Stevenson.

Corey

Yeah, you're right. Yeah, yeah, it's. Yeah, that's the book though. Snow Crash. There was like ice, which was like the basically EDR of the 90s.

Ryan

Intrusion countermeasures.

Kelly

I think the problem is, is Cisco keeps changing their acronyms and you guys got all over my stuff for throwing out acronyms. I'm going to call out Cisco. Too many acronyms.

Corey

I mean, that I think everyone would agree with. Yeah, I mean, I guess basically it's control. Your Cisco admins don't just put those credentials on SharePoint and leave them for anyone. Awkward.

Wade

I feel kind of red with this just because like I always ask all the security just give me complete read only access. Right. Like I'm not going to change anything. But I, as like a detection engineer, I want to see how everything's set up so I can possibly either like build logging out more correctly or ask them to flip some switches to make stuff more secure. But then if, if I had read only in this situation, I would definitely be a vector, which maybe I shouldn't have had. Read only to that. That one time.

Corey

Yeah. People are now just throwing Cisco acronyms in the chat and one of them is TAC AX plus, which sounds like something Ryan would cough. It sounds like a cough. It sounds like something you get at a conference called Con crud. Yeah. So I guess Patricis goes, you take.

Wade

Tech X plus for Cron for Concret.

Corey

So let's. Does anyone want to talk about this extremely weird finance guy who ends up in a Nigerian prison?

Wade

What do mean extremely weird? This is like, it's so weird.

Corey

This is one of the weirdest articles I've ever seen.

Wade

Okay, I will, I will cover this because I'm the one who put this in.

Corey

So basically, and I want to be clear, this is a joke, but what if you got an email from a guy who says, I work at Binance and I'm currently in a Nigerian prison. Can you help me? Do you just ignore that?

Ryan

That's what the US government is related to the prince.

Corey

Is that. Is that why he's had so much trouble getting out? Yeah. So this is an article written in W. That's kind of a long, interesting story, I guess. Wade, do you want to run through it at a high level?

Wade

Yeah, pretty much. If you've read the book. So one. First of all, this is by Andy Greenberg, right. Who's written a couple really good cyber books, particularly one is Tracers in the dark, which actually goes over this guy, which is Tigran Gombarian. I'm probably pronouncing that. Right. But originally he was like an IRS agent who took down a lot of the big crypto. Who Crypto markets and a couple other like exploitation websites via crypto. Right. So he's one of the top government guys, at least back in the day for doing any type of crypto analysis. I can't remember, I think it was AlphaBay he took down. I can't remember the exact Alphabet.

Corey

Sure.

Wade

Anyways, what wound up happening is he got out of government, worked for ByteDance and then Binance.

Corey

Not by finance.

Wade

Well yeah, ByteDance completely crypto.

Corey

TikTok. Yeah. To be clear, we're talking about Binance, the US. US based cryptocurrency exchange.

Wade

Correct. So he. They actually went to Nigeria or. Nigeria. Yeah, Nigeria, in order to negotiate with their government because of course there's some legal stuff going around with money laundering and actual currencies going down and crypto going up. Well, while they were there, the negotiations went sour pretty much and they grabbed him and took him and threw him in prison for quite some time. And remember this is an American citizen. He was a federal agent at one point and he winded up catching malaria. He wind up getting like a spinal problem and he. I forget the exact amount of time he was in there, but he was over there for a while.

Corey

What kind of expense report would you be submitting after this?

Wade

Right. Oh dude. How much did they pay for him?

Corey

I mean I will say like people who have worked at this level, people who are federal agents or work in these like investigatory roles, they understand that their job and their life can get quite intertwined. But I feel like this is taking things way too far.

Wade

One of, one of the things that really stood out to me, so he was, he wasn't over there alone, he was over there with somebody else who was also working for the same organization. That guy was able to actually escape and run away while leaving him. Yeah. And I was like, like good, good for you. But man, that sucks leaving your buddy behind. So there was a huge.

Corey

Sent us an email and I, and I ignored it because it said you were in a Nigerian prison. I'm super sorry, I did not know there was there.

Wade

So there was a huge push to help, help him get out via the government just because he has so many connections via federal agencies and news broadcasts and all sorts of stuff. But it actually still took him a while to get out because there was some political game Going on with the US at that time?

Corey

Yeah, I mean, it's, it's kind of like the whole. What was the basketball player that like had like some marijuana and was in Russian prison for like a year? It's kind of like that, but like cyber security version of that. Although I guess in, unlike in the basketball players example, this person was operating in good faith there. He wasn't doing anything wrong, I guess. Do we have an embassy in Nigeria?

Wade

We do. And so here's the other thing. The, the person. Dude, my brain is like, flash, it's been a long day. Who's the person who works at the embassy? The ambassador. The ambassador. The ambassador at that time had just retired and it was going to be another year until another ambassador came into play. So it's like he got snapped.

Corey

Really unlucky. I mean. Yeah, this is wild. So I guess he's. He's back, he's safe and good to go now or.

Wade

Yes, he is back and safe. He's healthy, good to go. Doing reports and stuff like that.

Corey

Okay. Currently he's not going to be traveling for work anytime soon. Dude, I bet I would be like, I work from home for the rest of my life now. Like, I can't. Yeah.

Wade

The worst part is like he was, he was on house arrest there for a little bit, right. And they just had him in this like mansion where he was literally like watching Avatar the Last Airbender with his jailers. And he was living around. There's actually pictures of him there. He took pictures and videos thinking he was just going to get out. And then one day they're like, hey, we're gonna move you. And they move him to prison. Like an actual, like very bad prison. Super interesting. If you have access to this. Wired highly suggest it to reading this one. It is a little bit longer. It's like a 45 minute read. At least it was for me. And if you want like a precursor to this, always check out like Tracers in the Dark, which is probably one of my favorite cyber books out there.

Corey

Yeah, I mean, I definitely think, you know, this kind of more in depth storytelling highlights just the. There's always like, I would call it collateral damage in like these types of political negotiations. Cryptocurrency is a tough industry. Right. A country like Nigeria can just randomly decide that cryptocurrency is akin to money laundering and make it illegal because there's no laws probably on the books even in the US I don't know if there's that many laws about cryptocurrency so it's tough. It's a really tough industry. But I'm glad he's out. I don't have to make a free free Tigran shirts. So we're good.

Kelly

Well, Cory, not to go back to this again, but part of the, part of the reasoning of the new Trump administration is they do want to make cryptocurrency easier to use because right now banks can base banks had regulations or recommendations, guidelines on if they could use it. But basically they were really trying to steer banks away from accepting it. But now with the new or new administrations overturning those old orders, things might look a little bit different in the next few months. Would, would you invest in cryptocurrency or would you use it as your everyday.

Corey

My everyday. Absolutely not. Because I don't want to pay massive transaction fees on every single transaction or wait five minutes for some bitcoin miner to decide I was allowed into this block. But yeah, no, I mean, I guess I would say let's hope ransomware payments rise because cryptocurrency is easier to use. No, I'm just kidding.

Alex

Yeah, I still miss out on taking. I, I thought about it and didn't take advantage of it, but there was an article from like 2012 that I still tagged that said, like, it crypto should be part of your retirement plan. Like, put, buy $50 of crypto every month, leave it there until you retire. And I'm like, man, if I had done that, like, I would be retired of bitcoin. And starting in 2012, every month, put $50 in, leave it there. It'd be looking at 2025 and be like, yep, peace out, everybody. I'm done with this Impulse X stuff.

Corey

But no, I mean, yeah, I guess whether you should invest in crypto and this show is not investment advice is the same decision as whether you should invest in any of the other companies that have been breached on the show. You make that decision for yourself, you might make out like a bandit or you might end up in the toilet. Your call. But yeah, let's talk about this IoT botnet problem because this is kind of an interesting angle and we've seen this before. So basically the article is in TechRadar. Essentially, the, the big number is that botnet activity on connected devices, which I guess just means IoT devices, is up 500%. And the cause and acronyms, IoT is Internet of Things.

Kelly

I know, but it's an acronym.

Alex

It's not a confusing acronym.

Corey

It's kind of, honestly, let's be Real if you ask 10 people what the Internet of things are, they'd probably give you 10 different answers. But that's true for a lot of acronyms. So basically the article points to default passwords, outdated software inadequate. Wow, I can't talk Security protections. Creating backdoors into enterprise networks. Now this is where I kind of start to take issue with the, with the article. It says in enterprise networks, is there any data to back up that this is enterprise networks? Because I bet you it's not enterprise networks. I bet you it's home networks. That's my gut. Does anyone have a take on this? What does everyone think?

Wade

I would definitely agree with you. I would imagine the majority. But is going to be in home networks. But like thinking back to the US at least like here in California, right. Most services and ports are locked down in residential Internet. So like I can't run servers and stuff from my house that are actually contributing.

Corey

Okay.

Wade

But I could see other ways of.

Corey

Possibly getting some are like SMB as an example. Port 445 TCP is blocked outbound on every residential Internet. So is SMTP, which is port 25. Right. So you can see why is SMB blocked? It's because of conficker. Why is Port 25 blocked? It's because of like, you know, email spam back before there was dmarc and dkim and SPF and all that stuff. I guess my thought is like, I'm sure There is some IoT exposure but most enterprise networks are going to be like looking for this kind of stuff and like detecting it. Right? So botnets are going to be running. I mean I guess it's. It does one interesting part in the article, it talks about how someone, some researcher, which I'm blanking on them, they built an open source, this is called Matrix. And they built an open source basically implementation of a botnet using open source programs. So I would, I don't know what like C2 channel or whatever it actually uses, but I would guess it's like your modern C2 that's like CO HTTPs or whatever. Like it's not going to get blocked.

Wade

On a network level to like Mirai, right, The Mirai botnet for this. Just because I feel like that was like one of the pinnacles that we saw early on was it was third, third like more third world countries. And it was things that you would never think would be in an IoT which at that time it was DVRs but not DVRs for TVs but DVRs for actual camera Systems. Right. I would imagine there they're not going to have the protections as much as we'd have here is resident with residential Internet. But that's true. I totally agree with you. Right. The corporate network. I do not see this. At least US corporate networks. Yeah, usually this is a pretty big thing to detect.

Corey

And that's a good point. It's a good thing to call out of. Like how we think of a corporate network is so much maybe a higher level of security and monitoring than like the rest of the world corporate networks. And there is mom and pop even in the U.S. right. There's like smaller businesses, like some random franchise of a fast food chain probably isn't doing any kind of network monitoring. They might just have a DVR or whatever that's part of one of these botnets. But I'd be very interested to see like the statistics of how you know where these networks are, what are the, the ASNs or whatever like mapping them to corporate versus home users. And it kind of gets into the platform argument which actually segues to the next article. But I guess. So the question for the group is do platforms like ISPs or whoever, do they have a role to detect and block these kinds of botnets or is it more just a stopgap when like everything's getting hacked? Like how should this work?

Kelly

I think you gotta prove it first, you know, while we. No, no, because while we're looking at this article, the article doesn't have any statistics, doesn't have any graphs, doesn't have any research. The article to me feels like it's somebody's opinion. So first of all, if, if an ISP can actually see monitor, detect, log botnet activity, then have the conversation. But I think there's some assumptions here that I'm uncomfortable with.

Corey

I think that's a fair, I think that's totally fair because I was totally agree.

Wade

I was like where are they getting their information from? There is no link to a source in this which is also kind of.

Corey

It'S kind of maybe just a marketing fluff piece. Because I will say also in addition to the enterprise networks, I'm a little bit dicey on like default passwords. Like, like I would, I would maybe be okay with them saying like it's end days or whatever like CVEs that are unpatched. But I feel like there's no way that like there's just default credentials in enough of devices to go like with a botnet. I could be.

Wade

I still think they're and not in The US but in other places. Right. The first thing I do whenever I travel out of the US and I go, I go, I'm staying somewhere and usually like an Airbnb or a friend's house and they have Internet, I go look at their router and I see if there's a default password on it. Several times I've gone there and it's kind of personal. There's been a default name admin admin and it's just some weird off name brand that I've never heard of. And I'm like, oh, this is probably beaconing out to some botnet right now.

Corey

Yeah, do you go ahead and patch it and put a little post it on the top that says password change to guest room 303. Way to staying here, whatever. Yeah, no, I mean, I think you're right. I agree with the sentiment. Please come back with more data. Whoever wrote this article, if you're listening, come back with more data. Give us the actual raw data on botnets.

Wade

Because your other question though, do downstream providers or ISPs have some type of responsibility? I would definitely say they do. Right. Usually when most DDoS's occurrence, yeah, you're going to have some type of DDoS protection. But at least in my SOPs that I've seen in the past, one of the first thing you do is you hit up your service provider and you say, hey, how are we going to filter this network? Or how are you going to filter this network traffic coming in? Is there a way to fingerprint some way? Usually they abide by you and help you out. So if they can do stuff like that, they can easily help filter out some other not needed things. And if they can tell me to stop torrent too, they can.

Corey

Okay, Kugi Kintsugi Panda, wading through all your stuff.

Wade

Thanks a lot, Chad.

Alex

I think you know, still like the, the ISPs and downstream, they like that. Like any business, their number one priority isn't security. Their number one priority is making money. So if there is a financial reason to follow that through with that responsibility, then they'll do so. I mean like Wade said, like if you're having problems, you're contacting them business to business saying like, hey, how can we fix this? They'd be like, okay, well we're, we want the, we want this business, we want this monetary exchange here. But like otherwise it's just sort of like look, it's, you know, they'll, they'll look at into it and yeah, for terms of service, you know, they'll do as much as they can to just not get, you know, lawyered. But otherwise there's likely a lot they can see and they can do something about. But, you know, only when not doing so affects their dollars, you know, will they take action.

Corey

So let, this is, let's segue into the WhatsApp article which is the world.org this is basically again kind of a platform, interesting platform security angle. So WhatsApp, which is owned by Meta, notified, it says, I think it says 92 people that they were infected with spyware. So this is a super interesting article which the article doesn't involve anyone who works at WhatsApp. It's actually an interview between this news organization and someone who works at Citizen Lab, which does really awesome investigations into this type of spyware malware on mobile devices. So basically the article is they notified 90 people that their phones were affected by Spyware. So somehow WhatsApp was able to look at message histories or who knows what right, like privacy concerns notwithstanding, they were able to figure out who was infected and notify the users that they were infected. Does anyone know who wrote this spyware? It's called, what is it called? It's called, the company that makes it is called Paragon Solutions, which is not NSO Group. And yeah, I mean, I guess, like how terrifying would it be to get a message that just from like, from WhatsApp. How does this even work? Do you get an email or does it just pop in a pop up WhatsApp and say your phone's should be thrown into a dumpster. Now like what does it say?

Wade

You're being tracked?

Kelly

Yeah, maybe to us it's not a big deal. But remember, and I, I might actually hand this off to Alex if, if you are in a situation where you're afraid that somebody's tracking you or you've been, you're being investigated by a private investigator or you're a victim of domestic violence. This is truly scary stuff.

Corey

Yeah, I mean this is like state sponsored, right? Like I, I would guess this is like so Paragon Solutions. I'm guessing this, these products are very expensive to purchase and use. But it does mention that like, you know, these kinds of attacks are widespread or can be widespread with over, over 1400 users were targeted and they reported it to 90 users who were infected. So I guess the hit rate's not very high, but it's definitely still scary.

Alex

And for Kelly's point on those that are dealing with domestic violence or some other opsec concerns, when you're working with these Individuals and they say they have These concerns about WhatsApp possibly being impacted by spyware. The things you can't do when dealing with these safety situations is to minimize their concerns and say, well, now it's complicated. It requires like a nation state agency. Like, you need to still listen to them. Take this at face value with these, like, look, okay, we'll work through that. Like, it's possible that you're using a platform that could be compromised. You could be targeted like you want them to, you know, have that, establish a trust and not be dismissive. So seeing articles like this, it just further muddies that water of, you know, trying to get individuals in those situations to trust the platform, to trust that security. You say, hey, don't use this, use WhatsApp. They're going to go, okay, well, WhatsApp got compromised. Or you need those assurances in order to make them comfortable. So, yeah, definitely have a new well.

Corey

So just to be clear, WhatsApp did not get compromised, but they can read the messages of the users and figure out who was targeted. So I guess I would say as someone recommending chat app. So WhatsApp is NTEN encrypted. Right. So how do they know? Or is it not intended encrypted?

Wade

I was like, how does WhatsApp know they're infected? Yeah, it doesn't, it doesn't say that. And was it via WhatsApp or is it via, like, oh, this guy got.

Corey

Hit by assuming it was via WhatsApp message. Right, right.

Wade

It doesn't say that.

Ryan

I followed the link that they've got at the beginning of the story that we put up there from the world to the actual story itself. And basically WhatsApp said they disrupted a spyware campaign by Paragon, which, their software is called Graphite, which targeted a number of users, including journalists and members of civil society. And they've reached out directly to people who were affected. It almost sounds like they got the back end of what was going on or found who was doing it and got into them to find out who they were targeting on it.

Corey

I could see that. I could see this being kind of like a joint operation type thing where, like, there are security researchers at WhatsApp that are doing these kinds of investigations because I will say it is an abuse of their platform directly. Right?

Ryan

Yep.

Corey

You know, so I, I don't know, it's interesting to think about, you know, how they would, I guess I was assuming they could like go and just read the message history of these types of users and maybe there are Some caveats with intent encrypted and to an encryption. So rainer Ronner says WhatsApp is intent encrypted, but metadata and communication connections, like who you message is visible to meta, according to, you know, an audience member, which sounds legit. I mean, it makes sense. Like they don't have the actual content of the message, but they could say this is a malicious account, who did they message, and then just like notify all those people. You may be infected. But it sounds like in the article that they actually have distinction as far as who's infected and who's just targeted. Which is kind of terrifying because it says click attack.

Ryan

Yep.

Corey

Yeah, I guess I'm, I'm misquoting the 1400 number. That's the number of people that were targeted by Pegasus, which is the NSO group malware on WhatsApp. So maybe they're just reading metadata about messages and saying anyone that got a message from this account they were using to target people, they went ahead and notified them. But yeah, terrifying. Super terrifying.

Kelly

It is terrifying, Corey, But I want to go back to something you said a little earlier. It is end to end encryption. If you don't, if you're not using either WhatsApp or Signal or one of those types of apps, or your mom, your cousin, your friends, your church members, get them to do that instead of using plain old text messages.

Corey

Yes, that's a good call out. The FBI literally told us not to use SMS because they couldn't stop Chinese threat actors from reading them. That's a little bit of reading between the lines, but that's just where we're at right now in the world. Yeah, I mean, I would recommend Signal, I will say like it does. It is interesting though, because Signal would never notify. Right. You'd just be on your own. So it's kind of like pros and cons, Right? Privacy is good, but it also prevents some security things from working. True, true privacy means that Signal, or whoever can't read the messages, can't see the metadata, and has no idea whether someone's distributing malware on Signal. So just keep that in mind. When you take that into your own hands, you are not responsible for your own security.

Wade

Hacker. So Torvin says WhatsApp said that hackers invited their targets to a WhatsApp group, then sent them a malicious PDF that would then breach their devices. So the attack did originate from WhatsApp, which makes sense that they're going to take, then take action and go after all that.

Corey

Yeah, I mean, it makes sense. Like you know, but I guess it's interesting because not like, although I will say email providers do their own filtering. So most platforms, I think we're in a position where they do their own filtering on top of, we've encountered this, you know, in other places.

Wade

So if a C suite read that line right there, we just block all PDFs in the network, you know, just, just cut it out at the source. We're good.

Corey

A C suite would never want to block all PDFs because that's how they read their compensation documents.

Kelly

GRC might.

Corey

GRC. Yeah, GRCs like, yes, great idea. Flock all PDF. We like Doc X's though. Leave those open. Yeah. So we can talk about this. Just funny article of the monkey. Supposedly the monkey being blamed for taking down the Sri Lankan power grid.

Kelly

Oh, juicy.

Corey

I mean, okay, this gets into, I mean, the article is quite simple. It basically is like Sri Lanka's power grid went down for like, I don't know, 32 hours or something. And they're blaming it on a monkey, like basically exploding a transformer. Yeah.

Alex

It doesn't seem like the monkey did. Well, I've, I know, at least in the, in this area, I've heard of like just a raccoon getting into some, some, some grids. And then you go, yeah, that you have a raccoon related outage here. You have a monkey related outage.

Corey

So, okay, so my question is, what else can we use monkeys as a scapegoat for? Like, can we, can we just. Although it is also funny that the locals don't believe it. They're like, no, it wasn't a monkey. You guys just suck at your job. What else can we blame monkeys for? Can we blame monkeys for ransomware attacks? Can we do that yet?

Kelly

Yeah.

Corey

Are we not there yet?

Wade

How many monkeys?

Corey

Click the fish. I left my computer outside and a monkey came up to it. Browse to my email inbox, click the fish, typed in my credential. Wait, no, crap.

Kelly

The monkey left my car door unlocked.

Corey

The monkey left my car door unlocked. And then they took my laptop and did a ransomware attack. Yeah. So I guess if you're, you know, any, any, you can use this. Next time I get caught speeding, I'm going to be like, it was a monkey. I think that'll work.

Ryan

The monkey went to my unlocked computer and clicked on a zero click fish from a PDF.

Wade

It was on my WhatsApp.

Alex

I mean, it does still highlight the, you know, the fragility of the power grids that, you know, if you have one go down totally. You see that like in the US There with just, you know, physical attacks against power stations. And it was taken out, like just a whole swath of power. And you go. It's like, is it really that, you know, single point of failure for things that you go, you know, somebody does something like, you know, throws a bike chain over the fence and, you know, shorts out a transformer. And like now you go like, you know, three, you know, a tri state area without power. Now it's like this. It all kills something like that.

Kelly

Alex, do you have experience with this?

Alex

No. So the thing that came to mind, they did this and somebody made a burn notice reference. And in Burn Notice, they did that as one of their episodes. Is the bike chain to blow up a transformer, take out power on the thing. So, yes, I've been burn notice fan and that was in my head.

Corey

So, I mean, we already have seen a squirrel.

Ryan

Actually did cause one something like this in Illinois for a Comet substation. Comet said this is back in 2016 and it. I don't have the exact location, but it was basically. Comet said a squirrel got into the transformer and caused the explosion. Kicked 700 people without power for about an hour. So.

Corey

Yeah.

Ryan

Could it. Could an animal do it?

Wade

Yes.

Ryan

Would it take out.

Corey

I mean, okay, that larger security guard.

Wade

The security guard clearly says monkeys jump on the power station very often, but this does not seem to have been caused by a monkey. But he also did report a loud explosion and a fireball. Right? Would a monkey cause a fireball?

Corey

PETA here, it could have just blown up. I mean, so, okay, we already know the concept of a chaos monkey and like, reliability engineering. Right? That's coined by Netflix of like, you know, it's basically a service that goes through your. Your AWS network and just shuts down random nodes to make sure that you're reliable. So I will say, like, I think through natural selection or whatever we're calling this, power grids are being exposed to the same idea of a chaos monkey. It's just an actual monkey. It's a physical monkey. It's not a script you run on your AWS nodes. It's an actual physical monkey that you got to have reliable infrastructure, people. Come on. All right, that was just a little stop, I guess. Wade posted a 404Media article, so let's go into that.

Wade

Oh. Oh, darn. I was gonna post the chicken related article, but I guess we'll do that later.

Corey

Do you have a chicken related article, please?

Wade

Yeah, but it's Good. It's good to end on. It'll be better end on. Let's do.

Corey

Keep that, Keep that in the back. Keep that in the chamber. All right, hit us with this Microsoft study.

Wade

So pretty much it's not a hard. Not a hard one, right? So Microsoft took 319 people working who self reported 936 times saying pretty much, AI makes them stupid. Yeah, that's. That, that's the key word to this. So the more you use AI, the less critical thinking you're going to be doing. And with that less critical thinking, you're going to be not as good at your job. I would definitely say I probably fall into this. I will tell you that I write up, I'll write some main facts I want to hit in an email and then throw it in ChatGPT and then it writes a beautiful email for me and I just send that away. And people are like, wow, that is a well written email. We can tell Wade did not write that.

Corey

Well, if you've ever received your cognitive. I will say I, I do love that. Like the way that they, the way that they put this is so like, we don't use AI, we're smart. Because the summary statement is it can result in the deterioration of cognitive faculties that ought to be preserved per se. Like it's so unnecessarily. Like they could just be like, it makes you dumber, yo.

Wade

Yeah, the way, the way this reads is like people being angry at books, right? Because now you don't have to memorize things.

Alex

And this really does sound like the, you know, the, the moral panic, the monkey that you blame for everything. Because it's like when they say AI, like you make use of AI, you lose that critical thinking. I've come up with some really clever. When you have to think through your prompt engineering being like, okay.

Corey

How do.

Alex

I get AI to create the output that I want it to create without me going insane and having to go back and forth through things? How do I make this clear in two queries to get the results that I do? And when you, when you think of that like that, that kind of comes up with like a bit of the critical thinking. I think I even did that when, like splitting up like a, a meal tab recently to where I'm like, well, how would I, how would I run this? I'm like, okay, well I'm going to have it do OCR on the receipt and then each individual person will just read out what they have. And then, oh, I need to factor in like the tax and like the tip so that when it gets it done and so I calculated it myself like the hard way, the long way and then I'm like okay now I'm going to do this with the AI. And it got it like exact right down you like the same result but still working through that in your mind for like how do I make AI do what I want it to do? Does exercise that critical thinking But I think yeah if you just rely on it like I got it, I have an email that I don't want to deal with here. AI, you do it then yeah, it can, you know, degrade critical thinking. So I think we blame AI for making people smarter. You can blame AI for making people dumber. You can blame AI for everything.

Corey

Like wait, hold on, hold on, hold on. Just, just to kind of like and I, I want to be clear, I have not read the full study. I probably will have chat GPT summarize it. No, I'm just kidding. So this is a study about self reported data. At no point during this study did they actually measure cognitive performance. That should be clear. That should be clearly called out. They did not prove that it makes you dumber. All they proved is that it made people feel like they didn't want to do things without AI because so reading through the like specific questions they asked the people, they asked the people how confident they are that the generative AI can do the work, how confident they are in evaluating the AI's output and how confident they are in their abilities to complete the same task without the AI. So I'm going to read between the lines here and say if you ask me would you want to program this manually with without AI And I've already used AI and seen how much easier it makes me. I'm just going to be like no I wouldn't. It's not that I couldn't, it's just that I don't want to. That doesn't make me dumber.

Ryan

Where I got questions on this whole thing is that Microsoft's involved with this study. Microsoft has copilot that they're pushing all over the place. How are they going to be using this study to forward their co pilots?

Corey

Well it's, it goes directly.

Ryan

Is it going to be used to try and get rid of people to sell to to higher ups to say you can get rid of these people because they don't know what they're doing or is it going to be used along the lines of your business is going to be better because of this?

Corey

Well but okay, what's the marketing directive. Well, there is. The marketing directive is. This is the exact opposite study that you would want if you're promoting like I would say. Unless your argument is that as an executive, the argument is, well, people will that use AI will get demoralized and stupid, so you should just fire them now. Which is so that's so much worse than like the face. Like that's like the most cynical way to interpret this, I would say, given the fact that it kind of goes directly against what they would want it to say. You know, it probably was a truly impartial study because if it was a biased study, it would say AI makes people happier and you should buy Copilot because it makes them happy. Right.

Alex

Using calculators makes you worse at math and will never be able to do anything that requires mathematical computational methods ever again because calculators.

Wade

All right, Alex. Well, you're not going to have a calculator in your pocket.

Corey

I know.

Alex

You're never going to have a calculator in your pocket. You need to learn how, how to do differential equations by, you know, pen and paper.

Wade

All right?

Alex

You know, eigenvectors and all.

Corey

Like I, I will say I have, I have a couple friends who are actual scientists and I might send them this and be like, what kind of rigor is present in this? Like, how good is this as a study? Self reported data. I'm already super cynical about it because like I said, they didn't actually measure anyone's cognitive performance at any point. So it's kind of just like I feel like it's a little bit of a moral panic article of being like, hey, people feel dumber when they use AI. What do you mean dumber? Don't read the full paper. It can also be the way that it's being represented is misleading.

Alex

Stay tuned for next month when there's an article about how AI is making people smarter.

Corey

Yeah, well, let's. Yeah, let's. I'll come back to this. I'll do a follow up and have some actual scientists read this and see what they think as far as the methodology and the outcomes.

Wade

All right. But yeah, so I have two of these wings, two chicken articles. I'm going to let you guys choose.

Corey

Well, no, both. The choice is obviously both.

Wade

All right, we'll go, we'll go with the lesser of the two first then. At least I think, and this is something, I was wondering, what, Egg prices are so high but chicken wing prices are the same. What's going on?

Corey

Is it, is it a conspiracy by Big Egg.

Wade

What's going on? I threw it in the chat. Megan, it's from npr. It is. It is a conspiracy from Big Egg. But I'm gonna tell you right now, it is definitely not as complicated as you think it is, but I did not know this. Waffle house has added $0.50 per egg surcharge this week. Oh my God.

Kelly

Do you go to Waffle House?

Wade

I have been to one Waffle House and it was a Waffle House experience that one time. I went. I will tell you that.

Corey

Okay, so what is the reason? Is the reason that because they're slaughtering all these chickens that the wings are going down in price? Because there's no.

Wade

The, the chickens who got avian flu were egg laying chickens and the chickens who we make wings out of did not. Far less.

Corey

So how. Why aren't those chickens getting avian flu?

Ryan

Because the older chickens, which are the ones laying the eggs, as you get older, just like with humans, you are more susceptible to illness. And they're killing the chickens for chicken wings much younger.

Corey

Gotcha. That's depressing.

Kelly

But how did you lessen today? First, the chicken or the egg?

Wade

Yes, the great part of that article is at the bottom. It even like links to my other article.

Corey

Okay, so now that. Okay, so let' let's do a. I'm just going to. Let's do a shit sandwich. It's $5. Sorry. So let's do a. Let's do a fun article and let's do a terrible article in between. So I'm going to throw in this terrible article that hit my radar. So basically this is the Gizmodo article about how one of the staffers working for Doge previously got fired for leaking data.

Wade

I am so surprised you actually brought this. This is dangerous.

Corey

So, okay, we're wading into dangerous, which we know that there's also a politics jar in addition to a swear jar. But I will say, if you were there for last week's show in, in person, basically, this is. We have a precedent for this. We're allowed to talk about this because there is a security. There is a security consideration here. John's whole take last week was essentially, there's a massive amount of checks and balances, verification steps, clearances, like that's all. Well, it's hard to get access to this data. And Elon Musk just walks in the door and says, give me the data. And everyone's like, okay, here you go. So basically this is proof of why this is a bad idea. Basically, there's a Person named Edward Corsatin, who's a 19 year old and works at Doge, which is the Department of Government Efficiency. Basically, Gizmodo figured out that this employee was previously. Or sorry, Bloomberg, an even more real news source figured out that Edward was previously fired from his job for being fired for allegedly sharing information about the company with a competing company.

Wade

Dude. So bragging about it on discord like that.

Corey

The statement, the statement given directly by the company is Edward has been terminated for leaking internal information to the competitors. If anyone's wondering why we have things like clearances and why we verify people who have access to this data is so that they can't share data with the competitors, AKA Russia and China. So it just blows my mind that we're even having this discussion, but I figured I would throw it in here. It's kind of depressing, but from a privacy and security perspective, it's kind of a disaster. Like, it's politics. Be what they may, it's crazy that any person in power on either side can just say, security doesn't matter. Hand wave, hand wave. No clearances required. I don't know if this is true, but one of my friends told me that Elon Musk has already failed to get a clearance multiple times. So I don't know if that's actually true, but it would, it wouldn't surprise me because he like, has DMs with Putin. Like. Yeah. Anyway.

Wade

All right, all right.

Corey

So Cory, back to the other chicken article.

Kelly

Well, let's, let's talk about what's going on with our government in a carefully controlled situation here. The thing that concerns me is data being deleted from national databases. You've seen the article. CDC has, has removed information on previous health studies. We've got a freeze at National Health Institute. I'm more concerned about data disappearing. And yeah, I don't, I don't think we know exactly what's going on, but when people are going to find particular data sets, if it's gender based, if it's how many people had Covid. Whatever that unique specification is, it's not there anymore. And that probably is what concerns me the most, is that those studies and those results are taxpayer funded. Taxpayers should be able to have access to that data.

Corey

Totally. Yeah. I mean, I think that's a good, a good thing to think about. Neither, whatever your side is, neither side should be able to just wipe the, you know, wipe data off the face of the planet. It. Right. Like, that's just not okay.

Wade

This reminds me of those, like, scholarly places that hold, like, all the essays or, like, resources that, like, college that you need for college.

Corey

Like, you have to go like, J Store.

Wade

Yeah. Like, why do they have to get to charge me for this? Dude who wrote a paper that no longer. Never mind.

Corey

I know, it's funny because they always say, like, email the researcher directly. Which one time I was like, I did that and I got no response. I was like, dang it. I. I emailed the researcher directly and was expecting them to reply, but unfortunately, you know, I didn't end up paying for it. I just didn't get to read the article.

Wade

Whatever.

Alex

No, for the. For the Elon Musk article. Like, a side thing that I did was I. I used ChatGPT to, like, knowing this level of access, come up with three scenarios of, like, the damage. And one of them has to be like, Bond level villain. But realistic. But realistic. And it's like. So, I mean, I'm. It has some great stuff. Maybe I'll share this. But it had like, scenario one. It's like the insider financial manipulation. And this is again, like, I didn't name, like, Musk or anything. I said, like, a billionaire with a ton of resources has unfettered access to this. So it was insider financial manipulation. Scenario two is widespread identity exploitation. And then the Bond level villain thing is an orchestrated financial crisis to where there's market destabilization, covert money creation, or freezing. To where you just issue billions in unauthorized treasury instruments or freeze legitimate payments. Or you can do a trigger event for cyber financial crash systems or blocky transactions causing a liquidity crisis. So it's later. Like, okay, this is interesting stuff for things that could be possible with that level of access.

Corey

Yeah, I mean, I guess as security practitioners, the only uplifting. It. The only uplifting part of this is that, like, we're watching the watchers. I guess. Like, we are the people who are going to have to be figuring out what's going on, keeping track. You know John's joke about how we're the Ferengi and we can profit from. From chaos. You know, that's. I guess that's the angle as security people is we have to. To thrive in the chaos. We're already used to it, right? Like, if you work in a blue team, you have to thrive in the chaos and say, all right, you know.

Wade

All right, let's read the good article. Okay, there's enough. Yeah, enough downer bond building stuff. I stopped reading the news. So I'm gonna tell you guys right now that a lot of chicken wings were eaten Yesterday, a lot.

Corey

Okay, that is true.

Wade

The news article is the next one. So straight off the press from the National Chicken Council. Yes, that's a thing. The NCC spoke.

Corey

Why are we not honorary members of the. Dude, we need.

Wade

We need to petition this right away.

Corey

National. The ncc.

Wade

The ncc.

Corey

Is that the same. That's NCC group, right? Same thing.

Wade

Same thing. Exactly the same thing. Be careful. Said about 1.4. 47 billion chicken wings were eaten yesterday.

Corey

So many. I will say I was responsible for at least 20 of those. So I was doing my part.

Wade

We were only 20 million up. Which means the lady who earlier in the year, who stole all those chicken wings barely even scratched the surface. And to try to increase our chicken wing consumption.

Corey

I will say it is sad that she wasn't around for Super Bowl. Like, I feel like of all people, she should have been able to profit from this the most.

Wade

The National Chicken Council. Yes, the National Chicken Council. I'm not. I'm not making things up here. All right? They have some pretty good stats over here. Like 1.4. 1.47 billion wings laid end to end. World stretched. What? I can't even read this at the stadium. No, that's not a good one. Okay, NFL. If everyone, every single player in the NFL ate 50 wings a day and was immortal, it would take them a collective 720 years to eat 147 billion chicken wings.

Corey

That's 1.47. I mean, I will say it would.

Wade

Stretch the earth three times. That's. That's.

Corey

I do like that they give a little history of what a chicken wing is. Like, who is that for?

Wade

Who is.

Corey

Who's like, I don't know what a chicken wing is. Can you explain?

Kelly

It's for the vegetarians and the vegans who might come to the dark side.

Corey

They know what a chicken wing is. That's why they're against it.

Kelly

You never know. So let's ask the most important question. What do you dip it in? Ranch dressing or blue cheese? I know my Wisconsin folks are going to say ranch dressing.

Corey

Wow. What a divisive issue. How dare you bring politics right now.

Wade

You better be careful.

Alex

I like to. I like to avoid, like, dipping it in anything. Like, I. I like that spice. And I. I don't. I don't dip. I. Yeah, I use no dip. I used hot sauce.

Corey

Yeah. To close out the. Like. As we end the show, go in discord. Discord. GG Bhis. And post a gif of whether you're a ranch person or a blue Cheese person or no dip or a non dipper. Yeah. If you're. If you're a never dipper, let us know.

Wade

If you can see under this Amazon box, it's actually all the hot ones hot sauces. The heat that you can barely see it right there. I was supposed to do a thing where we answer security questions and eat hot sauce, but I haven't been able to get it together yet.

Corey

Okay, okay. One quick thing before we close. Close. Wade, did you. Did you watch that YouTube video where they actually took all the hot ones sauces and sent them out and tested them? I did.

Wade

Not surprised at all, because I have the original Debaum sauce. Like, the original one. And I have this one. This one is not hot at all. The original Debaum will freaking destroy your face.

Alex

Yeah, I have one of the originals. I also have one of the originals up the. The last dab. So I have a whole cabinet full of the stuff.

Corey

Some of these gifts are so heinous. The one by FedEx is just. I don't even know what I'm looking at. Keep going. It just gets so. Yes, that one. Congrats.

Alex

Like, I. I saw FedEx was dominating around, like, the what? Like the. The Fox pick or something. So, hey, you know, hats off, like, for doing well.

Corey

FedEx. Not only does he win the fastest, this lock picker at Wild West Hack Invest, he also wins the weirdest gif of this episode.

Alex

There you go.

Corey

The fact that he just had that ready to go. Yeah. Anyway, let's close out the show. Thank you all for coming. Thank you all for hosting. I'll see you all next week. And thanks, Megan, for being our guest. Guest host.

Kelly

Awesome.