WEBVTT 1 00:00:00.160 --> 00:00:03.680 Welcome to the deep dive. Today, we're plunging into a 2 00:00:03.720 --> 00:00:07.879 world where, honestly, cyber warfare has kind of shattered the 3 00:00:07.919 --> 00:00:11.640 digital barrier. It's not really just about stealing data anymore 4 00:00:11.759 --> 00:00:15.960 or causing digital disruption. It's evolving into something much more physical, 5 00:00:16.039 --> 00:00:19.039 something that's really deeply intertwined with almost every aspect of 6 00:00:19.079 --> 00:00:21.359 our lives, you know, from the power grid to the 7 00:00:21.359 --> 00:00:24.160 apps on your phone. So we're embarking on this deep 8 00:00:24.199 --> 00:00:27.679 dive into the well complex and often counterintuitive world of 9 00:00:27.719 --> 00:00:31.679 cyber conflict, looking at its inherent vulnerabilities and especially it's 10 00:00:31.760 --> 00:00:33.439 escalating real world impact. 11 00:00:33.560 --> 00:00:36.039 Yeah, and our insights for this they're drawn primarily from 12 00:00:36.119 --> 00:00:40.560 Jeffrey Caruso's Inside cyber Warfare, third edition. It's really indispensable guide. 13 00:00:40.560 --> 00:00:44.200 I think it helps navigate this wilderness of evolving threats, 14 00:00:44.640 --> 00:00:47.079 and it reveals some truths often kind of hidden beneath 15 00:00:47.119 --> 00:00:49.079 the surface of the daily headlines. Right. 16 00:00:49.439 --> 00:00:52.119 And our mission for you listening is to unpack how 17 00:00:52.280 --> 00:00:56.479 software is fundamental insecurity. This core problem, along with the 18 00:00:56.479 --> 00:01:00.600 cybersecurity industry, is let's say, unique incentives and the blurring 19 00:01:00.640 --> 00:01:03.840 lines of modern conflict. How all that is shaping our 20 00:01:03.880 --> 00:01:08.920 digital and increasingly our physical world. We promise some genuinely 21 00:01:08.959 --> 00:01:13.359 surprising insights and maybe some practical considerations you can actually apply. Okay, 22 00:01:13.560 --> 00:01:16.560 so let's unpack this first big piece. We really have 23 00:01:16.599 --> 00:01:19.760 to start with this foundational idea from the source. There 24 00:01:19.799 --> 00:01:22.200 has never been such a thing as a truly secure 25 00:01:22.439 --> 00:01:23.519 or healthy network. 26 00:01:23.959 --> 00:01:26.280 Ever. It's kind of mind blowing when you think about it. 27 00:01:26.280 --> 00:01:27.920 It goes all the way back to the first high 28 00:01:27.920 --> 00:01:31.239 stea computer maniac, back in the nineteen fifties. So, I 29 00:01:31.239 --> 00:01:33.879 mean think about that for a second. Insecurity was basically 30 00:01:33.879 --> 00:01:36.079 baked in from day one, and it sort of came 31 00:01:36.120 --> 00:01:38.200 to a head with what was famously called the software 32 00:01:38.239 --> 00:01:40.920 crisis in nineteen sixty eight. Douglas Ross, who is a 33 00:01:40.959 --> 00:01:44.560 pioneer in computer aided design, he us this really vivid analogy. 34 00:01:44.879 --> 00:01:47.840 He compared systems supposedly in good working order to a 35 00:01:47.920 --> 00:01:49.239 person having a heart attack. 36 00:01:49.319 --> 00:01:50.519 Wow, a heart attack. 37 00:01:50.760 --> 00:01:54.040 Yeah, So the underlying fragility, as you can see, it's 38 00:01:54.079 --> 00:01:55.760 been there right from the very beginning. 39 00:01:56.319 --> 00:01:59.519 It's truly eye opening, and that inherent insecurity it isn't 40 00:01:59.560 --> 00:02:02.680 just a buz, right, the author argues, it's actually become 41 00:02:02.719 --> 00:02:07.040 a core feature, something that's actively exploited by the well 42 00:02:07.680 --> 00:02:10.280 multi billion dollar cybersecurity industry. 43 00:02:09.960 --> 00:02:11.120 Exploited how well? 44 00:02:11.800 --> 00:02:14.840 He puts it very provocatively. He says, it pays much 45 00:02:14.840 --> 00:02:18.319 better to play offense than defense. Then he introduces this 46 00:02:18.400 --> 00:02:23.039 really striking analogy. He compares the cybersecurity industry's model, you know, 47 00:02:23.120 --> 00:02:26.400 discovering vulnerabilities then selling the protection rack. He compares it 48 00:02:26.400 --> 00:02:28.520 to an organized crime protection racket. 49 00:02:28.560 --> 00:02:31.599 Okay, that's strong language, a protection racket. 50 00:02:33.960 --> 00:02:37.240 From your perspective reading this, how much truth is there 51 00:02:37.280 --> 00:02:39.520 to that analogy? What does it really imply about the 52 00:02:39.520 --> 00:02:40.520 industry's incentives. 53 00:02:40.879 --> 00:02:43.120 Well, it definitely forces us to ask some tough questions, 54 00:02:43.159 --> 00:02:44.919 doesn't it. I mean, if you look at the Global 55 00:02:44.960 --> 00:02:48.800 Prohibition on biological warfare, for instance, finding a vulnerability in 56 00:02:48.840 --> 00:02:50.960 the human body and then trying to sell the cure 57 00:02:51.000 --> 00:02:53.840 after announcing you've maybe created a disease that can be 58 00:02:53.840 --> 00:02:58.840 considered a crime against humanity, unthinkable exactly. Yet in the 59 00:02:58.879 --> 00:03:03.800 digital realm, discovering of vulnerability and then monetizing the fix, well, 60 00:03:04.000 --> 00:03:07.199 that is the core business model for many. It arguably 61 00:03:07.240 --> 00:03:10.520 creates this kind of perverse incentive to not fully secure 62 00:03:10.599 --> 00:03:13.439 things from the start, because you know, there's potentially more 63 00:03:13.439 --> 00:03:16.479 profit in the ongoing cycle of finding flaws and patching them. 64 00:03:16.599 --> 00:03:19.439 That's yeah, that's a truly unsettling thought. And the real 65 00:03:19.479 --> 00:03:22.240 world impacts of these software flaws, I mean, while they're 66 00:03:22.280 --> 00:03:25.759 often hidden, they can be genuinely tragic. There's this research 67 00:03:25.759 --> 00:03:28.560 from Donald McKenzie back in nineteen ninety four. He found 68 00:03:28.599 --> 00:03:30.759 that by nineteen ninety two, only about three percent of 69 00:03:30.800 --> 00:03:33.759 computer related deaths, so like thirty out of eleven hundred, 70 00:03:34.039 --> 00:03:37.520 were actually due to software bugs. Most were caused by 71 00:03:38.360 --> 00:03:42.360 faulty human computer interaction like user error, basically preface issues. 72 00:03:42.800 --> 00:03:45.280 But fast forward and the examples get much more alarming. 73 00:03:45.439 --> 00:03:48.199 In two thousand and one, five patients died from radiation 74 00:03:48.319 --> 00:03:52.520 over exposure at Panama's National Oncological Institute directly due to 75 00:03:52.599 --> 00:03:53.360 software flaws. 76 00:03:53.439 --> 00:03:53.919 Oh wow. 77 00:03:54.240 --> 00:03:56.400 And then there's what the source calls the shocking number 78 00:03:56.439 --> 00:03:59.280 of injuries and deaths linked to the accelerated adoption of 79 00:03:59.319 --> 00:04:02.199 electronic health. Both records EHRs since about twenty eleven. 80 00:04:02.919 --> 00:04:04.400 The EHR problem. 81 00:04:04.080 --> 00:04:07.360 Yeah, and the FDA's m UE database even revealed one 82 00:04:07.439 --> 00:04:10.639 hundred and forty four deaths and almost fourteen hundred patient 83 00:04:10.680 --> 00:04:14.599 injuries just from robotic surgeries between twenty and twenty thirteen, 84 00:04:15.159 --> 00:04:19.079 and the source stresses those numbers are likely seriously underreported. 85 00:04:19.439 --> 00:04:22.879 So what then explains this underreporting, especially with the EHR issues. 86 00:04:22.920 --> 00:04:25.720 It sounds like a huge problem that's just being swept 87 00:04:25.759 --> 00:04:26.360 under the rug. 88 00:04:26.399 --> 00:04:28.399 You're right, it seems to be a massive issue, and 89 00:04:28.439 --> 00:04:31.439 it's largely down to a lack of legal requirements to 90 00:04:31.519 --> 00:04:34.519 report these incidents. There's this chilling quote from a hospital 91 00:04:34.560 --> 00:04:38.079 administrator in the book, quote, we don't want to know 92 00:04:38.160 --> 00:04:41.279 the safety performance of our system because what would that mean? 93 00:04:41.480 --> 00:04:43.480 Wow, just don't look. 94 00:04:43.439 --> 00:04:46.959 Exactly this reluctance, this sort of active avoidance of transparency. 95 00:04:47.000 --> 00:04:50.120 It's also very common, the author knowes, with companies underplaying 96 00:04:50.120 --> 00:04:54.120 how serious cybersecurity incidents are. It really feels like accountability 97 00:04:54.199 --> 00:04:57.560 often becomes an afrothought because there's no real penalty usually 98 00:04:57.839 --> 00:04:58.959 for not being transparent. 99 00:04:59.319 --> 00:05:03.720 Okay, So, given this fundamental fragility of software we've just discussed, 100 00:05:04.399 --> 00:05:06.800 it raises an even bigger question, doesn't it. When an 101 00:05:06.839 --> 00:05:10.040 attack does happen, how can we possibly know who's really 102 00:05:10.079 --> 00:05:13.639 behind it? This is where things get really complex and 103 00:05:14.519 --> 00:05:15.360 pretty surprising. 104 00:05:15.519 --> 00:05:18.079 Yeah, the bit really drills down on this core concept 105 00:05:18.120 --> 00:05:21.920 of attribution. Yeah, And the key takeaway is it's not 106 00:05:22.040 --> 00:05:25.120 deduced like a mathematical proof. It's inferred. 107 00:05:25.319 --> 00:05:27.959 Inferred meaning like an educated guess sort of. 108 00:05:28.079 --> 00:05:30.279 It means it relies on a whole series of assumptions, 109 00:05:30.319 --> 00:05:33.120 not necessarily proven facts. Think about it simply. You see 110 00:05:33.160 --> 00:05:36.360 wet crass, you infer it rained, right, but maybe a 111 00:05:36.360 --> 00:05:39.000 sprinkler was just malfunctioning. Or you see a police car 112 00:05:39.040 --> 00:05:41.279 at a closed bank, you infer a break in, but. 113 00:05:41.240 --> 00:05:43.759 The officer might just be using the ATM god exactly. 114 00:05:43.800 --> 00:05:47.120 And historically assumptions like you know, all financial cybercrime must 115 00:05:47.160 --> 00:05:50.800 be Russian or all ip theft must be Chinese these 116 00:05:50.839 --> 00:05:52.680 often led to wildly increate blame. 117 00:05:53.319 --> 00:05:57.319 So if attribution really is just inference not deduction, that 118 00:05:57.399 --> 00:06:00.639 must lead to some pretty significant missteps in the real world. 119 00:06:00.800 --> 00:06:03.959 Have we seen compelling historical examples of how wrong this 120 00:06:04.079 --> 00:06:04.920 inference can go? 121 00:06:05.240 --> 00:06:08.800 Oh, absolutely plenty. Take Moonlight Mays back in nineteen ninety 122 00:06:08.800 --> 00:06:12.199 six massive theft of classified data Pentagon. 123 00:06:11.879 --> 00:06:13.519 NASA, Right, I remember hearing about that. 124 00:06:13.560 --> 00:06:15.680 He was initial attributed to Russia based on things like 125 00:06:15.720 --> 00:06:18.680 working hours and holidays observed in the logs. But even then, 126 00:06:18.879 --> 00:06:22.199 the specific military or intelligence unit remained fuzzy. There was 127 00:06:22.199 --> 00:06:25.240 some early caution. Okay, then you have Solar Sunrise in 128 00:06:25.319 --> 00:06:30.000 nineteen ninety eight attacks on unclassified Defense Department computers. This 129 00:06:30.120 --> 00:06:32.600 was during military preparations against a rock, so the immediate 130 00:06:32.639 --> 00:06:35.040 assumption was Bagdad. 131 00:06:34.720 --> 00:06:36.319 Makes sense politically right. 132 00:06:36.480 --> 00:06:38.160 But it turned out to be a group of teenagers 133 00:06:38.240 --> 00:06:40.600 from California and Israel teenagers. 134 00:06:40.639 --> 00:06:40.920 Wow. 135 00:06:41.120 --> 00:06:44.560 Yeah. And then came Titan Rain, also known as Byzantine Hades, 136 00:06:44.680 --> 00:06:47.399 starting around two thousand and three. This one was directly 137 00:06:47.399 --> 00:06:50.399 attributed to China's PLA Unit sixty one three ninety eight, 138 00:06:51.199 --> 00:06:54.879 and significantly, this attribution, published by the security company Mandian, 139 00:06:55.480 --> 00:06:59.040 led directly to their one billion dollar acquisition by FireEye. 140 00:06:58.680 --> 00:06:59.560 A billion dollars. 141 00:06:59.639 --> 00:07:03.199 Yeah. The lesson for the cybersecurity industry became pretty clear. 142 00:07:03.759 --> 00:07:07.600 Attributing a major attack to China meant headlines, new business, 143 00:07:07.800 --> 00:07:09.600 and potentially massive valuations. 144 00:07:10.000 --> 00:07:12.720 That example alone just makes you wonder how many other 145 00:07:12.800 --> 00:07:16.720 attributions might have been driven by similar incentives, consciously or not. 146 00:07:17.720 --> 00:07:21.519 You mentioned that many commonly accepted assumptions in these investigations 147 00:07:21.519 --> 00:07:25.120 have actually been proven invalid. Which of these, looking through 148 00:07:25.120 --> 00:07:26.920 the source, do you think has led to the most 149 00:07:26.920 --> 00:07:30.000 significant misjudgments or maybe even policy errors. 150 00:07:30.199 --> 00:07:32.040 That's a really good question. I think I'd have to 151 00:07:32.079 --> 00:07:34.839 point to what the author calls the exclusive use assumption. 152 00:07:35.120 --> 00:07:35.720 Okay, what's that. 153 00:07:36.079 --> 00:07:40.079 It's the belief that malware source code is proprietary, like 154 00:07:40.120 --> 00:07:42.839 a secret recipe, and is not shared or stolen. 155 00:07:43.439 --> 00:07:44.199 But that's not true. 156 00:07:44.279 --> 00:07:48.000 Definitely not always true. We've seen malware like ex agent 157 00:07:48.120 --> 00:07:51.759 famously used by the Russian group Fancy Bear or APT 158 00:07:51.879 --> 00:07:55.920 twenty eight. It's been in the while circulating since twenty twelve. 159 00:07:56.040 --> 00:07:59.199 Its source code is obtainable. And get this, Ukraine's g 160 00:07:59.360 --> 00:08:04.600 URE military intelligence actually maintains a repository of seized Russian 161 00:08:04.680 --> 00:08:08.120 and Iranian malware that they repurpose for their own operations. 162 00:08:08.160 --> 00:08:10.600 Wow, so they're using the enemy's tools. 163 00:08:10.240 --> 00:08:14.519 Against them precisely. And remember the wikileague CIA files. They 164 00:08:14.560 --> 00:08:18.839 revealed the Umbradge subgroup whose job was specifically to catalog 165 00:08:18.959 --> 00:08:22.759 exploits from other groups to use for false flag operations. 166 00:08:22.240 --> 00:08:25.000 False flags, so making it look like someone else did 167 00:08:25.000 --> 00:08:25.800 it exactly. 168 00:08:25.879 --> 00:08:27.959 So, if you assume a piece of malware is unique 169 00:08:27.959 --> 00:08:30.600 to one group and it's actually floating around or being 170 00:08:30.639 --> 00:08:34.519 deliberately misused, Yeah, you're almost certainly blaming the wrong party. 171 00:08:34.679 --> 00:08:37.159 And that flawed assumption feeds into others. 172 00:08:37.039 --> 00:08:39.639 Right, It feeds into things like the working hours assumption, 173 00:08:40.120 --> 00:08:42.720 the idea that state sponsored hackers keep regular nine to 174 00:08:42.759 --> 00:08:44.440 five office hours in their home country. 175 00:08:44.519 --> 00:08:45.600 It sounds ridiculous. 176 00:08:45.679 --> 00:08:47.919 It's ludicrous on its face, as the author says, I 177 00:08:47.960 --> 00:08:52.159 mean Russia alone spans eleven time zones, and you have 178 00:08:52.200 --> 00:08:56.320 other major offensive cyber players like you're on Israel, Ukraine, 179 00:08:56.799 --> 00:09:00.159 the UAE many in similar or adjacent time zones. It 180 00:09:00.200 --> 00:09:03.440 tells you almost nothing. And finally, there's the criminals versus 181 00:09:03.480 --> 00:09:07.720 spy's assumption, the belief that criminal hackers don't engage in 182 00:09:07.879 --> 00:09:11.360 espionage unless a government pays them to. But we know 183 00:09:11.559 --> 00:09:14.759 hackers for hire and espionage as a service are thriving 184 00:09:14.799 --> 00:09:17.639 businesses on the dark web. We've seen cases like subins 185 00:09:17.679 --> 00:09:21.799 selling US military secrets or trend micro documenting these services. 186 00:09:21.960 --> 00:09:23.840 The lines are incredibly blurred. 187 00:09:24.159 --> 00:09:27.879 So this interconnected web of faulty assumptions, it sounds like 188 00:09:27.919 --> 00:09:31.120 it could lead to major geopolitical miscalculations. 189 00:09:31.159 --> 00:09:32.559 Absolutely, it really. 190 00:09:32.360 --> 00:09:34.879 Sounds like, as the author suggests, no one, not even 191 00:09:34.879 --> 00:09:38.000 the NSA, can definitively tell you who is actually operating 192 00:09:38.000 --> 00:09:40.759 the keyboard. They can trace traffic maybe back to a 193 00:09:40.759 --> 00:09:43.559 certain point, but the person behind the screen they are 194 00:09:43.559 --> 00:09:46.600 may elusive. So if this is all just inference and 195 00:09:46.639 --> 00:09:49.639 based on such shaky assumptions, what are the repercussions for 196 00:09:49.879 --> 00:09:52.600 poor analysis? It seems like maybe there aren't any. 197 00:09:52.840 --> 00:09:55.159 You're hitting the nail on the head. The book argues 198 00:09:55.200 --> 00:09:59.840 there are essentially no repercussions for poor analysis. CrowdStrike is 199 00:10:00.279 --> 00:10:04.000 as an example achieving huge commercial success despite some heavily 200 00:10:04.039 --> 00:10:08.759 criticized reports on attribution. As Dimitri al Parevitch, Crowdstrikes co 201 00:10:08.799 --> 00:10:12.240 founder apparently put it quite bluntly, the required level of 202 00:10:12.279 --> 00:10:15.960 certainty for attribution is often just good enough for CNN. 203 00:10:16.320 --> 00:10:17.559 Good enough for CNN. 204 00:10:18.279 --> 00:10:21.879 Wow. That says a lot it does. Political expediency or 205 00:10:21.919 --> 00:10:26.399 commercial gain often seems to trump rigorous scientific certainty in 206 00:10:26.399 --> 00:10:26.879 this field. 207 00:10:27.120 --> 00:10:31.440 This inherent ambiguity. It really highlights the immense difficulty in 208 00:10:31.519 --> 00:10:34.960 truly knowing who's behind these cyber attacks. So, given that 209 00:10:35.080 --> 00:10:38.279 huge uncertainty, why is there so much resistance to independent 210 00:10:38.360 --> 00:10:42.360 fact finding mechanisms? Why not create something like the OPCW. 211 00:10:42.440 --> 00:10:44.879 You know, the Organization for the Prohibition of Chemical weapons. 212 00:10:44.879 --> 00:10:45.799 But for cyber. 213 00:10:45.519 --> 00:10:48.240 Attacks, that's a critical point, and it's discussed in the book. 214 00:10:48.919 --> 00:10:52.799 There's a proposal for just at and international attribution mechanism 215 00:10:52.919 --> 00:10:57.279 modeled after the OPCW to objectively investigate major cyber attacks. 216 00:10:57.440 --> 00:11:02.480 But the major cyberpowers, think the US, UK, Israel, they 217 00:11:02.519 --> 00:11:03.759 tend to resist this idea. 218 00:11:04.000 --> 00:11:05.440 Why what's the fear? 219 00:11:06.000 --> 00:11:08.399 They seem to fear a loss of autonomy and frankly, 220 00:11:08.480 --> 00:11:14.200 political options. Imagine, hypothetically, if German hackers used Russian infrastructure 221 00:11:14.279 --> 00:11:17.600 for a major attack on the US, Washington might prefer 222 00:11:17.639 --> 00:11:21.320 to blame Russia directly in opposed sanctions. That's a political choice, 223 00:11:21.440 --> 00:11:24.240 rather than go through a transparent, independent process that might 224 00:11:24.279 --> 00:11:27.159 point the finger elsewhere, complicating their response. 225 00:11:27.320 --> 00:11:30.919 So keeping the ambiguity allows for more political maneuvering. 226 00:11:30.559 --> 00:11:33.759 It seems that way. The author shares this anecdote. The 227 00:11:33.840 --> 00:11:37.080 FBI issued a warning about election tampering linked to a 228 00:11:37.120 --> 00:11:40.440 specific Russian web hosting company, but the owner of that 229 00:11:40.480 --> 00:11:43.639 company apparently told investigators his customers help tickets for those 230 00:11:43.679 --> 00:11:46.759 servers were in English coming from German and New Jersey 231 00:11:46.759 --> 00:11:47.600 email providers. 232 00:11:48.480 --> 00:11:49.679 Not quite the smoking gun. 233 00:11:49.840 --> 00:11:53.679 Exactly. Simple assumptions can be very misleading, and powerful nations 234 00:11:53.720 --> 00:11:56.080 often prefer to keep their attribution options open. 235 00:11:56.120 --> 00:11:59.240 You could say, okay, so what stands out to you 236 00:11:59.600 --> 00:12:04.360 listening this about this immense difficulty and truly knowing who 237 00:12:04.440 --> 00:12:05.720 is behind these attacks? 238 00:12:06.360 --> 00:12:09.519 It really changes how you read the headlines, doesn't it? Now, 239 00:12:09.559 --> 00:12:13.080 Given everything we've just uncovered about softwares and inherent flaws 240 00:12:13.399 --> 00:12:16.679 and these huge challenges and attribution, it really forces us 241 00:12:16.720 --> 00:12:20.200 to think about how these digital conflicts actually play out 242 00:12:20.200 --> 00:12:23.879 in the real world. How are traditional battlefields changing because 243 00:12:23.919 --> 00:12:24.360 of this. 244 00:12:24.360 --> 00:12:28.360 Well, we're definitely moving way beyond distinct traditional military domains. 245 00:12:28.679 --> 00:12:30.759 Warfare now is deeply enmeshed. 246 00:12:30.840 --> 00:12:33.559 That's the term used in mesh like tangled. 247 00:12:33.159 --> 00:12:37.279 Together exactly, cyber electronic warfare, cognitive warfare, which is basically 248 00:12:37.360 --> 00:12:40.879 information in psychological operations, and traditional kinetic warfare. You know, 249 00:12:40.919 --> 00:12:43.840 bombs and bullets. They're no longer separate things. They're combined, 250 00:12:43.960 --> 00:12:46.919 often simultaneously, for a greater and more devastating effect. 251 00:12:47.279 --> 00:12:49.679 And is there a key figure associated with this shift? 252 00:12:49.919 --> 00:12:53.759 The book points centrally to Yevgeny Pregosion, often called pootin 253 00:12:53.799 --> 00:12:57.200 the Chef. He was a fascinating and frankly terrifying figure. 254 00:12:57.240 --> 00:13:00.679 In this he led both the paramilitary Wagner Group ercenaries 255 00:13:00.879 --> 00:13:05.000 and the infamous disinformation engine the Internet Research Agency or IRA, 256 00:13:05.519 --> 00:13:09.080 right the troll farm precisely. The Wagner Group, as the 257 00:13:09.120 --> 00:13:13.159 source details, has been documented committing horrific war crimes in Syria, 258 00:13:13.399 --> 00:13:17.039 the Central African Republic, Libya, and very visibly in the 259 00:13:17.039 --> 00:13:21.360 Butcha massacre in Ukraine. Meanwhile, his other arm, the IRA, 260 00:13:21.879 --> 00:13:24.519 was indicted back in twenty eighteen for interfering with US 261 00:13:24.519 --> 00:13:27.919 elections as laid out in the Muller Report. So Progosian 262 00:13:28.000 --> 00:13:32.159 really wielded both information or disinformation and brute force as 263 00:13:32.240 --> 00:13:33.200 integrated weapons. 264 00:13:33.240 --> 00:13:35.840 And we've seen some pretty compelling case studies that demonstrate 265 00:13:35.879 --> 00:13:39.919 this enmeshed strategy, haven't we were Propaganda and physical violence 266 00:13:39.960 --> 00:13:42.600 work hand in hand, Like the Mozart group in Ukraine. 267 00:13:42.799 --> 00:13:45.600 This was led by Andy Milburn, a retired US Marine 268 00:13:45.600 --> 00:13:49.120 Corps colonel. It was a volunteer organization providing really crucial 269 00:13:49.159 --> 00:13:52.480 training and humanitarian aid. I remember reading about them well 270 00:13:52.840 --> 00:13:58.679 Progosians IRA launched just a devastating information warfare campaign against them. 271 00:13:58.879 --> 00:14:02.320 DIDOS attacks hit the website there was a massive social 272 00:14:02.360 --> 00:14:05.919 media blitz labeling Mozart a private military company, trying to 273 00:14:05.960 --> 00:14:09.559 discredit them, and even direct threats were made against hotels 274 00:14:09.600 --> 00:14:11.279 known to be housing their team members. 275 00:14:11.440 --> 00:14:13.600 Wow, threats against hotels, Yes. 276 00:14:13.519 --> 00:14:17.279 And this wasn't just digital noise. Three separate hotels where 277 00:14:17.399 --> 00:14:20.919 Mozart personnel were confirmed to have stayed were subsequently hit 278 00:14:20.919 --> 00:14:21.840 by Russian missiles. 279 00:14:21.879 --> 00:14:23.559 That's terrifying, a direct. 280 00:14:23.240 --> 00:14:27.559 Link absolutely, And add to that, a heavily manipulated video 281 00:14:27.639 --> 00:14:30.879 from the team House podcast pushing false narratives about Mozart 282 00:14:30.960 --> 00:14:33.919 garnered like three point five million views. All of this 283 00:14:34.039 --> 00:14:36.759 ultimately contributed to the Mozart group having to shut down 284 00:14:36.799 --> 00:14:39.559 after just nine months of doing really critical work. 285 00:14:39.720 --> 00:14:43.799 That's a powerful example of information warfare having real, tangible 286 00:14:43.960 --> 00:14:45.120 negative consequences. 287 00:14:45.200 --> 00:14:47.559 We also saw elements of this in Syria, didn't we 288 00:14:47.879 --> 00:14:51.759 Back in twenty fifteen, Wagner mercenaries were supporting Bashar al 289 00:14:51.759 --> 00:14:55.960 Asad's regime. There was that significant confrontation with US forces 290 00:14:55.960 --> 00:14:59.480 at a Konoco gas plant in twenty eighteen, and afterwards 291 00:14:59.559 --> 00:15:04.240 Russia publicly denied any Russian military personnel were present. Classic 292 00:15:04.440 --> 00:15:07.600 plausible deniability enabled by using mercenaries. Right. 293 00:15:07.600 --> 00:15:09.639 It wasn't Russia, it was Wagner exactly. 294 00:15:10.159 --> 00:15:12.919 And in Mali, the book describes a similar pattern. Wagner 295 00:15:12.960 --> 00:15:18.399 Group operates militarily suppressing jihattists supposedly, while the IRA runs 296 00:15:18.440 --> 00:15:22.919 coordinated disinformation campaigns in parallel promoting Russia, pushing narratives to 297 00:15:22.960 --> 00:15:27.840 delay elections, fueling anti Western sentiment. It's a truly integrated playbook. 298 00:15:27.919 --> 00:15:31.519 It's really striking too how social media platforms specifically X, TikTok, 299 00:15:31.559 --> 00:15:34.480 Facebook I mentioned, have become the sort of preferred platforms 300 00:15:34.639 --> 00:15:38.759 for delivering this disinformation and misinformation. Why them specifically, Well, 301 00:15:38.759 --> 00:15:41.159 they're easy to use, its incredibly low costs compared to 302 00:15:41.200 --> 00:15:45.720 traditional espionage or propaganda, and they're largely unregulated, especially across borders. 303 00:15:46.399 --> 00:15:49.720 On X formally Twitter, the book points out how Elon 304 00:15:49.840 --> 00:15:54.440 Musk's paid blue check mark system essentially enabled Russian propaganda 305 00:15:54.480 --> 00:15:58.120 accounts to gain apparent legitimacy, and Musk himself even boosted 306 00:15:58.159 --> 00:16:02.360 some of their tweets, amplifying their reach. The European External 307 00:16:02.399 --> 00:16:07.039 Action Service the EEES did a report highlighting that Telegram, Facebook, 308 00:16:07.039 --> 00:16:10.720 and Twitter were the most used channels for foreign information manipulation, 309 00:16:11.200 --> 00:16:14.879 employing tactics like shifting blame for events, distorting the context 310 00:16:14.879 --> 00:16:18.720 of information, and just generally distracting audiences from inconvenient truths. 311 00:16:19.000 --> 00:16:21.279 And kiktok that gets mentioned a lot in terms of 312 00:16:21.320 --> 00:16:22.240 security concerns. 313 00:16:22.360 --> 00:16:25.919 Yeah, TikTok presents a particularly thorny national security threat, according 314 00:16:25.960 --> 00:16:28.200 to the source, because of his parent company Bike Dance's 315 00:16:28.200 --> 00:16:31.480 deep ties to the Chinese government in Beijing. The author 316 00:16:31.559 --> 00:16:34.600 cites examples of prominent Chinese citizens Jack Maw, the tennis 317 00:16:34.600 --> 00:16:38.679 player Peng Shui, the actress Zoe Way, who essentially disappeared 318 00:16:38.679 --> 00:16:41.399 for periods after crossing Beijing in some way, right. 319 00:16:41.240 --> 00:16:44.320 The implication being the government has immense control. 320 00:16:44.279 --> 00:16:48.480 Exactly, And the concern is that TikTok on your phone 321 00:16:49.039 --> 00:16:51.679 could effectively be turned into a two hundred and forty 322 00:16:51.759 --> 00:16:54.440 seven surveillance device feeding data back. 323 00:16:54.600 --> 00:16:57.879 And this surveillance capability isn't just theoretical, is it. It's 324 00:16:57.919 --> 00:17:00.480 being used for direct targeting and conft zones. 325 00:17:00.519 --> 00:17:00.960 Right now. 326 00:17:01.000 --> 00:17:04.640 There's this incredible, chilling example from March twenty twenty two 327 00:17:04.799 --> 00:17:08.680 in Kiev, a Russian sympathizer apparently posted a TikTok video 328 00:17:08.759 --> 00:17:12.720 showing Ukrainian armored vehicles park near a shopping center. Oh no, 329 00:17:13.200 --> 00:17:15.599 shortly after that video went up, the shopping center was 330 00:17:15.680 --> 00:17:19.160 bombed by Russia. But here's the cyber counter move. Ukraine's 331 00:17:19.200 --> 00:17:23.440 GUR their military intelligence reportedly use cell phone tower data 332 00:17:23.480 --> 00:17:27.759 combined with subscriptions to commercial ad tech companies, leveraging what's 333 00:17:27.759 --> 00:17:30.640 called digital exhaust the data trails we all leave, right, 334 00:17:30.720 --> 00:17:34.039 the ad data exactly. They use that to identify and 335 00:17:34.119 --> 00:17:37.480 ultimately capture the individual who posted the TikTok video. 336 00:17:37.319 --> 00:17:39.799 Wow using ad tech for counter espionage. 337 00:17:40.039 --> 00:17:43.839 Yeah, and Ukrainian special forces apparently used this methodology called 338 00:17:44.119 --> 00:17:50.440 F three EAD, find, fix, finish, exploit, analyze, disseminate. They 339 00:17:50.519 --> 00:17:54.720 actively leverage Russian social media like Telegram and VK, alongside 340 00:17:54.720 --> 00:17:59.680 commercial data brokers, facial recognition tech, even smartphone location services, 341 00:18:00.119 --> 00:18:03.319 all to track and target Russian military personnel. The book 342 00:18:03.359 --> 00:18:06.759 mentions them capturing an FSB officer's laptop. This way, it's 343 00:18:06.799 --> 00:18:09.279 like spycraft meets big data. This leads me to a 344 00:18:09.319 --> 00:18:13.160 really chilling thought, though, how does that seemingly benign surveillance, 345 00:18:13.200 --> 00:18:15.480 the stuff that happens through real time bidding and the 346 00:18:15.559 --> 00:18:18.240 online ad industry play into all this. It feels like 347 00:18:18.240 --> 00:18:21.200 something we all interact with constantly clicking except on cookies, 348 00:18:21.359 --> 00:18:23.519 without realizing its potential darker uses. 349 00:18:23.599 --> 00:18:25.640 It's a really critical connection to make, and the book 350 00:18:25.720 --> 00:18:28.359 lays it out well. Imagine every click you make, every search, 351 00:18:28.440 --> 00:18:31.279 every app you open, each creates a tiny data point 352 00:18:31.279 --> 00:18:35.200 about you. Real Time Bidding r TB is the automated 353 00:18:35.240 --> 00:18:38.440 process where at exchanges scoop up literally billions of these 354 00:18:38.480 --> 00:18:41.359 tiny points every second, and they stitch them together into 355 00:18:41.400 --> 00:18:44.440 an incredibly detailed digital portrait of view. How detail, they 356 00:18:44.559 --> 00:18:48.400 use a standardized taxonomy apparently of one thousand, six hundred 357 00:18:48.400 --> 00:18:52.680 and seventy nine different personal characteristics. This includes things you'd expect, 358 00:18:52.880 --> 00:18:57.559 like demographics, but also incredibly sensitive stuff very low net worth, 359 00:18:57.799 --> 00:19:02.039 personal debt, history of seeking bail bonds, views on vaccines, 360 00:19:02.359 --> 00:19:07.759 even lgbtq plus identifiers. Incredibly granular it is, and while 361 00:19:07.799 --> 00:19:11.240 it's all collected ostensibly for advertising showing you relevant ads, 362 00:19:11.599 --> 00:19:14.480 this data has been extensively abused. We saw it with 363 00:19:14.519 --> 00:19:18.559 Cambridge Analytica influencing elections. There are examples of companies using 364 00:19:18.559 --> 00:19:22.160 it to profile lgbtq plus individuals in Poland or Mobile 365 00:19:22.200 --> 00:19:24.960 Walla profiling Black Lives Matter protesters in the US. 366 00:19:25.079 --> 00:19:28.480 So the capability is there, and it's been misused exactly, and. 367 00:19:28.440 --> 00:19:31.960 This micro targeting capability built for commerce is precisely what 368 00:19:32.079 --> 00:19:35.799 intelligence agencies around the world find immensely valuable. They leverage 369 00:19:35.839 --> 00:19:39.119 this same data ecosystem for their own surveillance and targeting purposes, 370 00:19:39.359 --> 00:19:42.519 turning our everyday digital footprint into a powerful and potentially 371 00:19:42.640 --> 00:19:43.400 dangerous tool. 372 00:19:43.599 --> 00:19:46.920 So far, we've talked a lot about data information propaganda, 373 00:19:47.400 --> 00:19:51.160 but the most alarming evolution of cyber warfare maybe isn't 374 00:19:51.200 --> 00:19:55.960 just about stealing secrets anymore. It's about causing real physical destruction. 375 00:19:56.640 --> 00:19:58.480 That feels like a profound shift. 376 00:19:58.720 --> 00:20:02.400 It absolutely is, And to really understand this, we need 377 00:20:02.440 --> 00:20:05.519 to quickly define operational technology or. 378 00:20:05.480 --> 00:20:07.720 Ot okay o T what is that. 379 00:20:07.880 --> 00:20:10.599 These are basically the industrial control systems, the computers and 380 00:20:10.640 --> 00:20:17.400 networks that run critical infrastructure think power plants, water treatment facilities, subways, factories, pipelines, 381 00:20:18.000 --> 00:20:20.039 the physical backbone of our modern world. 382 00:20:20.119 --> 00:20:23.680 And these systems they weren't built with security. 383 00:20:23.119 --> 00:20:25.920 In mind for the most part. No, Many were designed 384 00:20:25.920 --> 00:20:28.480 decades ago before the Internet as we know it existed, 385 00:20:28.839 --> 00:20:33.000 focus purely on operational reliability, not on fending off nation 386 00:20:33.160 --> 00:20:36.440 state hackers. They're often incredibly vulnerable. 387 00:20:36.160 --> 00:20:39.759 And the examples of cyber attacks actually causing physical kinetic 388 00:20:39.799 --> 00:20:43.519 effects they're chilling. The book details the Aurora generator test 389 00:20:43.559 --> 00:20:45.799 from two thousand and seven. This was done at Idaho 390 00:20:45.960 --> 00:20:49.279 National Laboratory, kind of a proof of concept experiment kept 391 00:20:49.279 --> 00:20:51.559 secret for a while. Or they do a cyber attack 392 00:20:52.000 --> 00:20:56.079 deliberately manipulated a protective relay on a huge twenty seven 393 00:20:56.200 --> 00:21:00.799 ton diesel generator. The result the generator started taking violently 394 00:21:01.200 --> 00:21:05.079 erupted smoke and was physically damaged, basically destroying itself from 395 00:21:05.079 --> 00:21:05.799 the inside out. 396 00:21:05.960 --> 00:21:10.319 Wow, so proof positive. Yeah, code can break heavy machinery unequivocally. 397 00:21:11.039 --> 00:21:14.720 Then, more famously, there was stucksnet around twenty ten twenty eleven. 398 00:21:15.039 --> 00:21:19.680 This targeted Iran's nitens uranium enrichment facility and is widely 399 00:21:19.720 --> 00:21:22.759 believed to have destroyed between one thousand and two thousand 400 00:21:22.920 --> 00:21:25.079 centrifuges by manipulating their speeds. 401 00:21:25.200 --> 00:21:27.799