0:00

In Nineteen Eighty Six, two brothers

0:03

in Pakistan. I'm. Jarred for

0:05

recovery and proceed for Gavi ran

0:07

a computer store. He

0:10

was called Brain Computer Services sick

0:12

a little one room shop in

0:14

Lahore, Pakistan. And

0:17

the store? It's bumping because

0:19

rumor had it did those

0:21

like nineteen eighties brand name

0:23

programs stuff that regularly retail

0:25

for hundreds of dollars elsewhere

0:27

was conspicuously affordable there. For

0:30

example, when it launched, a Word Star

0:33

and Early Word Processor was priced at

0:35

four hundred and ninety five dollars us

0:37

in an extra forty bucks for the

0:39

Manual A Brain Computer Services As reported

0:42

in Time Magazine in Nineteen Eighty Eight,

0:44

you could get a floppy of it

0:46

for. A. Couple of bucks. I'll leave it

0:48

you to imagine what was going on

0:50

there. sky. I would never be able

0:52

to suspect what was going on. There

0:55

are you can buy. A.

0:57

Non branded floppy with a copy

1:00

of the program for dollars versus

1:02

hundreds of dollars. That's. That's.

1:05

A that's a legacy that I was

1:07

not a part of that whole where's

1:09

thing that I was not there for

1:12

that time you would know anything about

1:14

at I would now in the about

1:16

that brain sold software the even develop

1:18

some of their own some medical stuff

1:20

and business was good. know remember this

1:23

was an eighty eighty six So the

1:25

idea that followed which might sound really

1:27

obvious now was extremely novel at the

1:29

time. and the idea was what what

1:31

if they were to include on all

1:34

of these floppies? They're. Selling a self

1:36

replicating program a form of copyright

1:38

control so that the software and

1:40

whether the stuff they were developing

1:43

or the third party software that

1:45

there are it just bargain basement

1:47

prices wouldn't get copied and result.

1:51

In the early days, like the original

1:53

I B M P C Virus Brain

1:55

was written as a sort of copyright

1:57

protection tool. By. Two brothers in

1:59

Pakistan. That's. Damn take a

2:01

a the malware historians. we're gonna get

2:04

back to. The.

2:06

Software replaced the boot sector of a

2:08

floppy disk with a copy of the

2:10

virus and moved to boot sector somewhere

2:12

else. And there's really two important things

2:15

about this virus. First.

2:17

It was basically harmless. It. Avoided

2:19

instructing hard disks are the user's data was

2:21

never at any risk, just the software that

2:24

was supposed to be on a foggy. And

2:27

second, he displayed a message on

2:29

the user screen. Which.

2:32

Read. Welcome.

2:34

To the dungeon. Copyright Nineteen

2:37

Eighty Six, I'm Shards Private

2:39

Brain Computer Services. And

2:42

then. It. Listed a physical

2:44

address. Seven. Thirteen

2:46

His Arm Block: Allama Iqbal Town

2:48

Lahore, Pakistan. And.

2:50

Then it listed a working

2:52

phone number. Followed. By

2:55

the message. Beware. Of this

2:57

virus. Contact us

2:59

for vaccination so they.

3:02

See. So. Let me

3:04

say they create is. A

3:07

little virus program. To

3:09

prevent people from stealing their software,

3:12

even know their store was

3:14

probably selling likely reproductions of other

3:16

people suffer. Yeah,

3:19

tests and the second I just

3:21

as fun as some. Clarity? Is

3:26

it is a good good point.

3:29

clarification. Now most modern viruses would

3:31

not directly advertise the brick and

3:34

mortar physical location of it's developers

3:36

or eellike. I convenient phone number

3:38

for contacting them. But

3:41

I'm sure I did really know how

3:43

most modern computer viruses worked because he

3:45

basically just made. Kind of the

3:47

first one that would go on to go

3:49

viral. Because. He

3:51

was on hundreds of thousands of floppy

3:54

disks that it started making their way

3:56

around the world with his phone number

3:58

in it. And. Eventually

4:00

the phone starts to ring. The

4:04

first com we receive was

4:06

sire from Love Mammy, The

4:08

West He Linda Some. Somebody.

4:12

Taking. care of far as thing as.

4:15

A maxine down there, the local

4:17

magazine, And. Machine.

4:20

Was. Writing something and she was.

4:23

Ah, Having trouble with the floppy.

4:26

And. She discovered that die she bought

4:28

some. Extra piece of code on

4:30

the inside and he follows. An.

4:33

Hour of contact number. When she called me

4:36

I'd I was very surprised. And

4:38

I was shocked either. Because

4:40

I had no expectation that a room our

4:42

app on they will go so far. That

4:45

is edited from a Twenty Eleven documentary.

4:47

Were security researcher Mikko Hypponen travel to

4:50

look for to interviewed his brothers creators

4:52

of the first successful computer virus. Thirty.

4:55

Eight years later Brain that little shop

4:57

still exists. brain.net not Pk can go

5:00

there there. A Pakistani Ip they did

5:02

very well for themselves was getting at.

5:04

The. Like a cyber in an effort. and a big

5:07

deal now. If. Who one

5:09

gigabit speeds is better? Better than we

5:11

got up and here are literally better

5:13

They were has literally better than what

5:15

I'm talking on right now. Is this

5:17

your Spain? Pakistan? Israel

5:20

cloud flatworms. Still

5:23

have as fit as brought you

5:25

back brace consensus anywhere but it

5:28

is with them that a history

5:30

begins. Does. History of

5:32

malware. Today.

5:35

Malware is about big money and

5:37

big data. It's about nation state

5:39

actors and vast criminal enterprises is

5:41

big business. But. And

5:43

Ninety Six It was two brothers

5:45

with a crazy idea, some floppy

5:47

disks and dream. Damn.

5:51

Who heard from earlier? Is. A

5:53

historian of this world. A

5:56

malware historian, As

5:58

time went on, viruses. More of

6:00

a tool of the hobbyist programmer

6:03

who. Really? Just wanted to

6:05

have some of their creations out there

6:07

in the world. And

6:09

I said before, you know they they really

6:12

want to make their mark on the world.

6:14

Mrs when we can certainly do, it may

6:16

may not be unmarked. you're making. You're making

6:18

an impression on people. The is almost like

6:21

a Indiana Jones history and he goes to

6:23

the ruins. He finds the actual old viruses

6:25

ski actual hardware systems they ran on steam

6:28

friends. It. Just to see what

6:30

it's gonna do as great. As

6:32

a great so we call them up

6:34

to hear a story just to try

6:36

and understand how have we gotten from

6:39

that little shop in Lahore to. All.

6:41

Of this. And. What

6:43

kind of. Strange. Stuff

6:46

he's discovered woven throw.history.

6:49

Our conversation with damn ak

6:51

a demo oct one. Ha.

6:54

The Malware Historian: Same way. Way

6:56

Way Way Way Way Way Way

6:58

Way Way Way way way way.

7:00

Resistance. What's up Scots? He.

7:03

Added on are like conversation about

7:05

like viruses frozen, the ice and

7:07

white siberian stuff. oh dang surveys,

7:09

worry that I totally old viruses

7:11

coming up and like reinstating and

7:14

things like that imagines. Dad's.

7:17

His ass Madden Dan brought back some

7:19

old worm or virus from way back

7:21

in a day, put her on to

7:23

like a nineteen ninety one male P

7:25

C and then bang all the same

7:27

as like running around the internal and

7:30

causing havoc to imagine. Yes,

7:32

there was lain dormant on a floppy disk

7:34

one of the one of the big ones

7:36

and he just unleashes and on the world

7:38

modern anti virus is doesn't even. Pay.

7:41

Attention to it. To. Dislike business totally.

7:43

It's not an isolated a good as his

7:45

old like mad like we don't need to

7:47

worry about these anymore. And. I are

7:49

be fine base. And

7:51

Boom! Suddenly as a deterrent,

7:53

there's a zero day for I phones had

7:55

not an old old floppy disk from Ninety

7:58

Ninety Four. How does are worth less. find

8:00

out. Here

8:05

on

8:08

Hash,

8:10

have

8:12

a

8:14

second

8:17

time.

8:19

Dan, thank you so much for joining me.

8:22

I really appreciate it. Yeah, thank you for

8:24

having me on. For anyone familiar with your

8:26

work, you are a malware historian. And I

8:28

guess just to start broadly, what does that

8:30

mean to you? What drew you into this

8:32

world to the point that you decided to

8:34

start documenting it on YouTube? So initially, my

8:37

first exposure to the world of malware was

8:40

in 2004, when my

8:43

home computer was infected with

8:46

a network worm called Sasser.

8:49

I think it was the very beginning

8:51

of May late April 2004. So

8:53

almost 20 years ago, when

8:57

this happened, the computer just

8:59

started rebooting forever, like

9:01

it would restart and it would

9:03

boot up. And a little

9:05

window would pop up saying Windows is shutting down

9:07

in 60 seconds save all your work and then

9:09

it would just keep rebooting. And

9:13

my mom and I, she was

9:15

a computer programmer, she's retired now, but

9:18

we had printouts from Norton

9:20

antivirus online, you know, Sasser

9:22

removal and all these different

9:24

documents. And we

9:27

were basically just trying everything in them

9:29

to try and stop this. And eventually,

9:31

after several hours, we were successful. But

9:34

at that point, I was just I was bitten

9:36

by the bug. So I

9:39

found a website. There's

9:41

an antivirus vendor called F secure,

9:44

I think they recently rebranded to

9:46

with secure. They're from Finland, that

9:48

they had at that time

9:51

pages and pages of alphabetized

9:53

malware descriptions. And it wasn't just

9:55

stuff like Sasser, Or big names

9:58

like the Love letter worm from 2000. They

10:00

had stuff than eighteen eighties like

10:02

brain over the very early computer

10:05

viruses like Cascade for M S

10:07

Dust and they were all written

10:09

out. Up when these viruses

10:12

were new and and they just sort

10:14

of kept them on their website published

10:16

as they advance to the internet. So

10:18

I. Read. Through all of these.

10:21

I'm. This was about hills of

10:23

five or so I really started. Immersing

10:26

myself in it. And

10:28

possessed generally how it became exposed

10:31

to it. Yet

10:34

there was so much information it was

10:36

super cool or read about. I'd find

10:38

some coupons and I show my data

10:40

be like a dead singer with this

10:42

virus. Does new be like and I?

10:44

yeah okay so that's that's interesting but

10:46

to me is so cool. And

10:49

it was something that not a lot of people

10:51

ever really talked about. I mean lots people know.

10:54

What? Computer viruses are in Many people

10:56

blame everything that ever goes wrong

10:58

with their computer on computer viruses.

11:00

But to actually know. The.

11:02

History behind him in what makes

11:04

them viruses. Something.

11:06

Super appealing to me. I

11:09

want to get something you just mentioned, which

11:11

is why you know what makes it a

11:13

virus by very briefly. Do you know how

11:15

Sasser, You know how you got infected? wasn't.

11:18

So sasser was an

11:20

autonomous warm. So traditionally

11:22

before sasser, Worms

11:25

were generally emailed out

11:27

or shared on file

11:29

servers of. Peer. To

11:31

Peer Networks I Khazar Line

11:34

Myerson see a sasser was

11:36

actually developed by a teenager

11:38

in Germany after a patch

11:40

was released by Microsoft for

11:42

a certain on vulnerability. In

11:45

a job think it was

11:47

a security like a log

11:49

on authentication service for windows

11:51

and he reverse engineered dispatch

11:53

which led to discovery that.

11:56

You. Could essentially just scan

11:58

for Ip addresses. Find. Computer

12:00

is vulnerable to this vulnerability and

12:02

send them a specially crafted message

12:04

or packet and would open an

12:06

Ftp server, send the worm on

12:08

over and executed on the target

12:10

computer which would then start scanning

12:12

for more computer. So this worm

12:14

actually globally impacted the internet. There

12:16

were millions of infections worldwide and

12:18

the only thing you had to

12:20

do it to get infected was

12:23

be online and have a vulnerable

12:25

computer a while, and not many

12:27

people have patched for this, so

12:29

there was quite. A lot of

12:31

on infections and says. He.

12:33

Was everywhere. Very

12:35

similar to a worm the previous

12:37

year called Blaster which affected he

12:39

different vulnerability but the end result

12:41

was same where the computers were

12:43

rebooting. Over and over. You.

12:46

I'm. I'm in the

12:48

way I found you, You broadcast herself,

12:51

was letting these viruses In fact a

12:53

system. Do you control? What some what

12:55

is your setup for this? Like what

12:57

are your personal security processes like Than

12:59

that would What's your rig man Like

13:02

How how are you doing this stuff

13:04

initially? I. Started

13:06

making videos in high school when

13:08

I stumbled upon a few live

13:11

malware samples as think it was

13:13

the Love Letter worm, some random

13:15

Ama Stars virus, and the Happy

13:17

Ninety Nine email worm from late

13:19

Nineteen Ninety Eight. Think

13:22

of is to some random forum posts

13:24

somewhere somebody says hey, I found these

13:26

cool bugs in whatever and I managed

13:29

to find him and download and that

13:31

was my first exposure to actually seeing

13:33

in action. These. Viruses

13:36

and worms that I read so

13:38

much about and. At the

13:40

time I took an old desktop

13:42

computers that are family no longer

13:44

used. It was sitting in a

13:46

closet gathering dust. I pulled it

13:48

out. And just. Try

13:51

to miles I I wonder if this

13:53

works? And. The.

13:55

Love Letter word divert our singers

13:58

of Windows Xp computer and. work

14:00

just fine. This was late

14:02

2008 and that's when I

14:04

started thinking well maybe I could

14:07

format this and install something like Windows

14:09

98 or MS-DOS even and see does

14:12

this work and as

14:14

I did this more and more I'd

14:16

find more and more things that did

14:19

work and eventually found a huge database

14:21

of pretty much every sample I had

14:23

ever read about. I think it was

14:25

a leak of Kaspersky's actual

14:27

virus data from some

14:29

point in time. I'm not sure who or how

14:32

or when it happened but I'm

14:34

glad it did because that

14:36

really let me run wild.

14:38

So the initial setup was

14:40

just some random old computer. As

14:43

time went on I've actually purchased period

14:46

accurate computers so I've got a 386 on

14:48

the desk behind me from

14:52

the early 1990s which

14:54

runs MS-DOS for everything that

14:57

I infect with MS-DOS videos. That's the computer

14:59

I use. I've got some others for Windows

15:01

95 and 98. I've

15:05

used virtual machines in the past which

15:08

is just a virtualization software and a

15:10

share folder set up with my host

15:12

computer but now I

15:15

like to try and kind of keep the authentic

15:17

feel of what you would see

15:19

and experience back in the day if

15:21

you had actually been infected with this stuff. Yeah

15:23

the authenticity comes through. The

15:25

way you capture it on the screen it

15:28

feels... You can imagine being in a basement

15:30

in like 2003 and getting a dodgy file on

15:34

LimeWire and a bunch

15:36

of bad stuff unfolding. It's funny you

15:38

mentioned that. I've gotten

15:40

quite a few comments over the years like what's

15:43

wrong with this guy's lights? Does he not

15:45

pay enough for electricity? Why is he always

15:47

in the dark? And

15:50

to answer that it's mainly just I

15:55

don't want especially with CRT monitors with the

15:57

glass front I don't want the reflections coming

15:59

off of LimeWire. light or anything like that. So

16:01

it's easy to turn off all the lights. And

16:04

when I really ramped up doing

16:06

this, I was in college and

16:09

I lived with three other roommates at

16:11

the time. And the only time period

16:13

I would really ever have to record

16:16

videos in peace without loud

16:18

things happening all the time was in the

16:20

dead of night. So I would

16:22

always record after the sun

16:24

went down, everybody went to bed and that's, that was

16:26

my prime time to actually get this stuff done.

16:28

So much

16:31

of the stuff we talk about

16:33

on this show is like, is very

16:35

modern things. And a lot of that has

16:37

to do with like nation states going after

16:39

each other, big massive organized cybercrime rings. And

16:43

I'm watching your videos and I feel almost

16:45

like a warm fuzzy sense of nostalgia is

16:47

not to say that some of these things aren't really

16:49

destructive that there isn't harm. But

16:52

like that early 2000s malware, I think

16:54

it was the La Conna worm that had

16:57

like a Homestar runner payload to it. Right.

16:59

Like, I guess, one,

17:01

I just want to reflect on that sense of

17:04

nostalgia and almost a sense of humor some of

17:06

them had and use that as a jumping off

17:08

point for like, what's your favorite era of these

17:10

things? You get the 80s, 90s, 2000s, what are

17:12

you drawn to personally? So I am most

17:14

drawn to, well, it's hard to pick

17:17

an era. Sure. Probably early 2000s, late

17:19

80s to early 2000s,

17:21

just generally because at that point in time,

17:24

there was no way to really make malware. That's

17:27

only purpose. It's only purpose was to, you

17:29

know, as it is today, gather

17:31

money, intelligence, steal

17:34

data, credentials, whatever. Back

17:37

then, this was essentially the

17:39

way to promote your creation

17:42

to the world. So a lot of them

17:44

were very in your face. They had calling

17:46

cards. There were wars that

17:48

developed between various virus groups. There

17:52

was just so much going on. They got right

17:54

in your face, especially like all the MS-DOS viruses

17:57

that print out graphics on the screen because MS-DOS

17:59

is a very text-based operating system. Almost

18:01

everything you do is through the command

18:04

line. Graphics are reserved

18:06

solely for programs that you might

18:08

run or Windows and

18:11

these viruses you'll just be typing away and then

18:13

all of a sudden there's a giant, you know,

18:16

head in a noose on your screen saying

18:18

like, sorry I've disinfected this file but your

18:21

PC is still affected or just

18:24

crazy stuff like that and

18:26

it's all these programmers making

18:29

computers do things that you

18:31

would not expect them and would not want them

18:33

to do but since they are computers they do

18:35

what they're told and

18:37

without the protections built into

18:39

modern operating systems they

18:41

pretty much had free reign of

18:44

anything they desire to do in your system.

18:48

I know there are many exploits nowadays that generally

18:51

lead into corporations being

18:53

hacked or you know

18:56

workstation gets infected with something and

18:58

then they move laterally to the

19:00

network through a combination of NSA

19:02

tools and various other high-level

19:05

super complex attack

19:07

vectors. Back

19:09

in Windows 95, 98,

19:12

the late 90s there was a worm

19:14

called Opuserve or Opusoft depending on which

19:16

vendor you look at and

19:19

it utilized an exploit. It kind

19:21

of scanned computers like Sasser did but

19:24

much slower and with much less of a

19:26

chance of success but if

19:28

it found network shares that were open

19:31

to the internet but password protected

19:33

there was a vulnerability in Windows that

19:35

allowed it to suggest the first character

19:37

of the password which

19:39

Windows would then take and authenticate and let

19:42

you in. So this worm spread like if

19:44

your password was 20 characters long but started

19:46

with an A the worm would suggest the

19:48

letter A and Windows would say alright cool

19:51

come on in and it's just

19:53

these kinds of crazy oversights and bugs

19:55

that they exploit that just you don't

19:57

see anymore nowadays so definitely

20:00

MS-DOS to early

20:02

Windows XP, early Windows

20:04

NT era. That's

20:06

the sweet spot. That's my sweet spot. You

20:09

used a phrase that I like, you said it's hard to

20:11

pick an era, and when you said that, I was

20:13

reminded like, yeah, it'd be like me asking you, what's

20:16

your favorite decade of music? 60, 70, 70, 90,

20:18

it's like, oh, there's great stuff in all

20:20

of them. You then use the

20:22

word creation. Is

20:25

there an artistry to it? Like an artistic element

20:27

to making these things, kind of a creativity behind

20:29

them? Absolutely, I mean, there's

20:32

even a virus called Spanska for

20:34

MS-DOS, which printed out like a

20:37

graphical 3D, like

20:39

a rolling Mars land, like you would

20:41

see from a lunar lander almost, but it would just

20:44

kind of roll past on your monitor. And

20:46

I believe the text on the screen was making

20:49

a virus can be fun. And

20:52

there's an artistry that goes into it,

20:54

even with some of the ways that

20:57

these programmers would infect your

20:59

PC, like CIH, also

21:02

known as Chernobyl, also known as

21:04

Spacefiller, was a virus in the

21:06

late 90s that had

21:09

the ability on certain Pentium systems

21:11

to actually gain access to and

21:13

overwrite your BIOS. So

21:15

your computer would become unbootable unless the

21:17

BIOS chip was reflashed. But

21:19

the way it infected files and why

21:21

it got the name Spacefiller is unlike

21:23

traditional viruses at the time, which

21:25

would write a little jump command right at the

21:27

beginning of the file and then store all of

21:29

its code at the end, which increases file size,

21:33

CIH would look for little pockets of

21:35

empty space in programs and it would

21:37

analyze the entire program. And if there

21:40

wasn't enough empty space throughout to

21:42

infect it, it would leave it alone. But

21:44

if it had enough space, it would carve up its code

21:47

to fit into those spaces and

21:49

link itself all together. And the file

21:51

size did not increase after that. So

21:53

it was very sneaky, very

21:56

stealthy, and then ultimately

21:59

incredibly destructive. And it's

22:01

just that kind of thing.

22:03

There is a real artistry to

22:06

what can be done. That's not saying

22:08

that there's not shovels, like

22:10

huge boatloads of just script-kitty nonsense

22:12

from back then too, because that

22:14

exists too. But the

22:18

true, I

22:20

don't know how you want to say it,

22:22

the specimens, the elites of their time were

22:24

definitely well made. I guess that's why they

22:26

are the elite specimens. And

22:29

require a historian to dig into them. I

22:32

guess while we're on that subject, I'm

22:34

just kind of going through some that pop to mind.

22:37

I don't want to just go with favorites because that's too broad.

22:40

Let's start with funniest. Can you

22:42

share the funniest one that you're like, God damn, whoever

22:44

made this just has a sense of humor? The

22:47

funniest is it's hard

22:49

to pinpoint. I

22:51

mean, there's subtle humor. There's stuff like

22:54

the one half virus on MS-DOS, which

22:57

infects your boot sector. So

22:59

every time you boot your PC, it runs

23:01

too. It infects floppy disks

23:03

when you use them. And

23:05

then every time you boot, it encrypts the last

23:07

two cylinders of data on your hard drive. And

23:09

it starts at the end and starts working its

23:11

way back towards the middle, two cylinders at a

23:13

time. Tiny amounts of data. And

23:16

when you try to access those encrypted cylinders

23:18

of data, one

23:21

half in memory will detect that, decrypt

23:24

it for you and then present the data

23:26

normally. When it gets to the

23:28

halfway point of your hard disk, you boot your

23:30

PC and you get the message, this

23:32

is one half. Press any key to

23:34

continue. And that's all you see. And

23:37

you have no idea anything is wrong up until this point.

23:41

If you think to yourself, oh, no, I've got a virus and

23:44

you try to do an F disk slash

23:46

MBR, which rewrites your master boot record with

23:48

a clean copy, all of

23:50

a sudden your hard disk is completely unusable

23:52

because the last half is still encrypted. But

23:54

now there's no virus to decrypt it. So

23:57

it's sort of like, I got you humor.

24:00

You know, it's it's not

24:02

traditionally funny. There are a lot

24:05

of viruses and worms that do try to be funny

24:07

There are some that are just like obnoxiously

24:09

immature in the way they do these

24:11

things I'm trying to think

24:13

of a good example like it's

24:17

just like

24:20

There's one. I think it's a worm called

24:22

badass and It

24:24

sends you an email that it's got a little

24:26

smiley face icon And when

24:29

you run the worm it pops up this

24:31

message box I think it's in Dutch, but

24:33

it translates to like This

24:36

user like cannot run the program because he does

24:38

not wash his ass or something like that Is

24:40

this true and it's got a yes or no

24:42

and you try to hit no But the no

24:44

button jumps around and you can't you

24:46

can't click it you you're forced to click. Yes, and

24:49

it's just There's

24:51

there's really it's it's up to the author

24:54

to be really funny. I Guess

24:57

there is one that was tongue-in-cheek As

25:00

an email worm called dumbass. So this

25:02

was early 2000s right

25:05

around the time when love letter

25:07

would spread and Anna Kornikova and

25:09

stuff like Melissa which were

25:12

Math-mailed and they'd have enticing things like

25:14

check the love letter coming for me

25:17

or here's a list of Triple

25:19

X porn website passwords click

25:22

here now and then you

25:24

know your your file name would be love

25:26

letter for you dot text dot VBS or

25:30

Some obvious double extension that anybody who's

25:32

computer savvy would know would

25:34

infect your PC But everybody else had

25:36

no idea how would just run them.

25:39

So the dumbass worm would send it out and

25:43

it's like I Can't

25:45

remember exactly what it says, but it's like here just run

25:47

this file dumbass and it's like obvious

25:49

virus dot text dot VBS dot

25:51

piss dot SCR dot bat dot

25:53

exe and it's got this huge

25:56

chain of File extensions. It's just

25:58

it's just taking the piss out of I

26:01

guess all these users it thinks are just

26:03

complete dumbasses hence the name I

26:05

don't know if it reveals something about me not

26:07

being as mature as I think I am but

26:10

the washer-ass one struck me It's kind of funny.

26:12

Oh it it's funny. Don't get me wrong. It

26:14

is very funny, but it's just yeah Not

26:17

quite, you know the highbrow Comedian

26:19

level humor that you see

26:21

on that we crave. Yeah, okay,

26:23

so funny Let's just

26:26

swing to the other side of the pendulum

26:28

the least funny like if you ever been

26:31

scared or at least unsettled so scared

26:34

happened quite frequently in the Early

26:36

days of me recording this because I would

26:39

just read about something it says this virus

26:41

activates on September 19th So

26:43

me having never seen it before

26:47

Would put it off floppy disk pick up

26:49

my camera in the early days. I have

26:51

these super shaky freehand cameras It's really

26:53

crappy video like this was me the high

26:55

school student just shoving this camcorder

26:58

in the screen So I fired

27:00

up Start recording never seen

27:02

it before and I switched to September

27:04

19th and I run it and it's

27:06

just full screen Immediately blaring music or

27:08

like loud PC speaker and I would

27:10

shake usually it would surprise me because

27:13

I'd never Never

27:15

experienced it before it. So these things they just

27:17

pop up when you're not expecting them And

27:21

it's just They

27:23

can be very surprising When

27:26

I think of like scary on a

27:29

level of what it does That's

27:32

a little trickier. I guess it depends on how

27:35

prepared you are for viruses well

27:39

stuff like wanna cry and Not

27:42

pet you that's pretty scary because that

27:45

you know first one encrypts all your data. The

27:47

second one is just a wiper And

27:49

if you can't recover from that here pretty much screwed

27:56

From dozens of spreadsheets to

27:58

fragmented tools and

28:01

manual security reviews, managing

28:03

the requirements for

28:05

modern compliance and security programs

28:07

is increasingly challenging. Very challenging.

28:10

It is very challenging, good, thank

28:12

you. Avanta is the leading trust

28:15

management platform that helps you centralize

28:17

your efforts to establish trust and

28:20

enable growth across your

28:23

organization. How much of your compliance

28:25

can you automate? You can automate

28:28

up to 90% of your compliance.

28:30

Strengthen security posture, streamline security reviews,

28:32

and reduce third-party risks. 90% is

28:35

a lot. I

28:37

know, it's a large number. It's nearly

28:39

100. And speaking of risk, Avanta is

28:42

offering hacked listeners a free risk assessment.

28:44

When you go to avanta.com/hacked, avanta.com/hacked,

28:47

so you're gonna get that free risk

28:49

assessment. Free risk assessments? I like free

28:51

things. Do you like free things? Who

28:54

doesn't? Generate a gap

28:56

assessment of your security and

28:58

compliance posture. Discover shadow IT

29:00

and understand the key action

29:02

to de-risk your organization. Where

29:05

should they go? Scott, where should

29:07

they go? They should go to

29:09

avanta.com/hacked and get a

29:11

free risk assessment. Free

29:15

risk assessment, Avanta,

29:17

vanta.com/hacked. For

29:21

the very first time, Arctic Wolf,

29:23

the industry leader in managed

29:25

security operations is offering you

29:27

access to the most forward

29:29

thinking ideas from their most

29:31

knowledgeable experts. Do you wanna know

29:33

something, Jordan? What? Tell me. I have printed

29:36

this off and it is sitting on my desk. I

29:38

look through it. And

29:40

you can do the same and discover

29:42

the top 2024 predictions developed

29:45

by Arctic Wolf Labs, their

29:47

team of elite security researchers,

29:49

data scientists, security engineers, derived

29:52

from intelligence and insights gained from

29:55

the trillions. It depends with a

29:57

T. That's a big number. Of weekly

29:59

observations. Within. Thousands of

30:01

unique environments, These. Predictions

30:03

trace the development of several friends

30:06

based on their earlier simpler and

30:08

raisins, and anticipate which ones are

30:10

poised to take significant steps. Forward.

30:13

In the coming months, learn with

30:15

the new Year holds for ransom.

30:17

Where's the service? Active Directory, even

30:19

Artificial intelligence and more when you

30:21

download the Twenty Twenty Four Arctic

30:23

Wolf Labs Predictions Report today. That.

30:25

Arctic wolf.com. Forward/hacked.

30:29

Where. Do they go? Scouts are stake

30:31

was A R C D I

30:34

C. Wolf. Dot

30:36

Com/hacked. Be. Like

30:38

me. Download. This report printed

30:41

off, Read it and have a sit

30:43

collect dust on your desk For if

30:45

you like me and know that you

30:47

confidently know that wolf how wolf his

30:49

belt and do not need any support

30:51

getting back into your browser. To.

30:53

The Zenith. As soon as a sad and

30:56

you need me to sell the word war

30:58

for you, you probably don't need this from

31:00

force. When

31:02

we first or podcasting a store wasn't really on

31:05

our minds and it took us a lot while

31:07

to get around to it. And I regret that

31:09

because when we finally did, it could not have

31:11

been easier. All. Because of we

31:13

used Shopify should change. Some

31:18

friends a global commerce platform that helps you

31:20

sell every says your business for the launch

31:22

of your online store. It's enough First real

31:24

life store stage all the way. Their whole

31:26

my dad and me to sit a million

31:28

dollars said shopify is there to help you

31:30

grow and he's selling said itself are offering

31:32

outdoor of fist shopify Fc Cel everywhere that's

31:35

everywhere in the globe from they're all in

31:37

one E platform to there in person Pos

31:39

systems which is in restaurants and cafes kind

31:41

of It is this. Wherever and whenever you're

31:43

selling Shopify as they covered Shopify out she

31:46

turned browsers into buyers with your it's best

31:48

to bring. check out the thirty six percent.

31:50

Better than average compared to other leading commerce

31:52

platforms and so more with less effort thanks

31:55

to Shopify Magic. You're a I powered all

31:57

star when of things that we learn to

31:59

accept. by the most that made it so

32:01

easy for us is the fact that it

32:03

integrates into so many other services and platforms.

32:05

It just became so

32:07

fast and easy to set up all of the pipelines

32:10

and processes and all the rest of that stuff. So

32:12

that's the value you get with Shopify. And

32:16

probably the reason why they power up to 10% of

32:18

all e-commerce stores in the US and their

32:20

global force behind Alberts, Rothy's, Brooklyn, and millions

32:22

of other entrepreneurs of every size across 175

32:24

countries. Plus,

32:26

Shopify's award-winning help is there to help you

32:29

and support you every step of the way

32:31

because businesses that grow, dah dah dah, grow

32:34

with Shopify. Sign up

32:36

for $1 per month

32:39

trial period at shopify.com/hacked.

32:41

All lowercase. You go

32:44

to Shopify, shopify.com/hacked. Right

32:46

now, you're going to grow your business no matter what

32:48

stage you're in. What's that site,

32:51

Scott? shopify.com/hacked.

32:55

This episode is supported by Compiler,

32:58

an original podcast from Red

33:00

Hat discussing tech topics big,

33:03

small, and strange. We wouldn't know

33:05

anything about that. Compiler comes to

33:07

you from the makers of Command Line Heroes

33:09

and is hosted by Angela Andrews. And the

33:11

big idea here is that they close the

33:13

gap between those who are new to technology

33:16

and those behind the inventions and services that

33:18

just shape our world. It brings together these

33:20

stories and perspectives from the industry, simplifies

33:22

things down in terms of language, culture, and movements

33:25

in a way that is fun and informative

33:27

and kind of guilt-free. And there's a

33:29

lot of great episodes. I like to live guilt-free. And

33:32

one of my favorite episodes

33:34

is episode 25, the great

33:37

stack debate. As

33:39

a former CIO, I

33:41

lived in the software stack. And this episode

33:43

kind of looks to dive into it, discuss

33:46

it, talk about it, and

33:48

I appreciated this episode. I think if you're

33:50

going to just take a trial run for

33:52

an episode for a trial run, check out

33:55

episode 25, the great stack debate. Debate. Durbate.

33:59

Durbate. Listen to Compiler in

34:01

your favorite podcast player and is going to

34:03

be a link to the show in the

34:05

shown else and you go check him out

34:07

School South My thanks My personal thanks to

34:09

Compiler for all of their support mind to

34:11

he can also my this our thanks We

34:13

are a collective. Something

34:19

we talk about. Internally.

34:22

When we make this show past that, he was like. I

34:25

guess the ethical boundaries of

34:27

walking the fine line between

34:30

education and entertainment like we

34:32

tells Iris Curry stories and

34:34

curious like how do you

34:36

navigate the ethical implications as

34:38

showing stuff. Making. Sure

34:40

that you're creating something that's like informative,

34:42

interesting, without. Encouraging.

34:44

Anything malicious. So.

34:46

Funny story. Actually, I'm

34:49

I do just. Try.

34:51

To so these things I'm I don't

34:53

offer any sort of download link for

34:55

anything that I feature in my videos

34:58

or though that is probably the number

35:00

one question. I've probably been

35:02

asked that more than anything else several

35:04

thousand times. At least. where'd you get

35:07

your viruses? On

35:10

rare occasions people have stumbled across and I've

35:12

got a few that were like Iran this

35:14

thing I signed video and now my computer's

35:16

all sorts of disappointed. After

35:19

Spot I'm not tech support. I'm sorry

35:21

you did that, but these videos are

35:23

just you know? For. Fun!

35:25

These are actual. Malware. And.

35:29

Then there was another side of that same point where

35:31

I get a lot of people saying i wrote this

35:33

Myers that I'd like for you to make a video

35:36

on. How can set it to you? And.

35:38

I got so many of kinds of request that at one

35:41

point I had a forum. where i

35:43

opened it up i made a little short lived

35:45

series called viewer made must gonna ask about that

35:47

those mechanics can i spit yeah so if if

35:49

you want it to you could write this and

35:51

you put it on my form with the description

35:54

everything it does and i picked the coolest stuff

35:56

and i'd make a video of it After

36:00

a certain number of them there

36:03

was one that was like a ransomware

36:05

I Can't remember

36:07

what it was called But it got

36:09

picked up by a security researcher on Twitter who

36:11

started posting about this as if it was a

36:14

new threat and they posted You know MD5

36:16

hashes and they're like here's how to

36:18

detect it It's been smitten and then

36:21

like the person who wrote it

36:23

was like oh, I wrote this for Dan,

36:25

you know, and I Yeah,

36:27

this is a word like an actual threat

36:31

they had like a Backdoor

36:33

key you could use to decrypt everything but it

36:35

was still kind

36:37

of a hairy situation because I

36:40

kind of indirectly contributed to this thing

36:42

being created by virtue

36:45

of having this series Now

36:51

There's even you know, there's more to this

36:53

because I stopped making those viewer made malware

36:55

videos Not long after

36:58

that and took down my

37:00

website I just didn't have the time or

37:02

the patience to moderate a forum with and

37:04

everything that comes with that and There

37:08

was a group that Was

37:12

on Twitter that actually exploited

37:15

FOS hub and they replaced

37:17

downloads for audacity and classic

37:20

shell with an MBR Trojan

37:23

so when people downloaded these and ran

37:25

these it actually opened up This

37:28

Trojan that would replace your MBR with a

37:31

message. It was like you you

37:33

on your adventures It seems you have failed,

37:35

you know, I'm paraphrasing but and

37:37

then it was like shout outs to all these people And

37:40

I wrote to them on Twitter like could I

37:42

get a sample of this to make a video

37:45

on it? They're like, oh, yeah We were actually

37:47

gonna put you in the greets But we figured

37:49

that might lead more trouble to you than you

37:51

would want so we just left your name out

37:53

I was like, oh shit so

37:57

It's like damned if I do damned if I don't like

38:00

Is what what's the way to go

38:02

on this do I encourage people who

38:04

are going to write these things anyway

38:06

to send them to me and? You

38:10

know, compromise a very prominent

38:12

file sharing website to infect

38:14

innocent people. Or.

38:17

Do I Not do anything and just

38:19

see what happens? I mean. Even.

38:22

Now they're still many people that are

38:24

asking am I ever going to continue

38:26

it And right now I think that

38:28

questions up in the air just because.

38:31

I'm not there. There's still

38:34

so much interest and. I.

38:37

Think if the focus was on making it

38:39

for her older operating systems, maybe that might

38:41

be the way to go. But. As

38:45

as is, like he said, there's a fine

38:47

line around and I'm not. I'm not sure

38:49

how to walk out at this point. It's

38:52

a big your your opening, a bunch of

38:54

big. Thorny. Philosophical questions

38:56

that are now on, right? and

38:58

I guess just to stay there

39:00

in a philosophical sense. Do you

39:02

think that. I

39:04

guess the desire to create and spread

39:06

to stuff reflects a bigger. Bigger.

39:10

Aspects of human nature or societal trends or

39:12

something to do. You think it says something

39:14

about people's that we want to make and

39:16

and share? The stuff spread it is may

39:19

be better word. I

39:21

think it definitely does. It's

39:24

interesting seeing the types of people

39:26

who wrote the stuff in the

39:28

original days was generally a young

39:31

young young men usually on they

39:33

would find Bbs, groups of like

39:35

minded individuals and they would trade

39:37

secrets and how to and tutorials

39:39

and you know they generally at

39:41

that point worked super popular at

39:44

school or they spend a lot

39:46

of their time on the computer

39:48

which in the late eighties early

39:50

nineties was not the norm as

39:52

opposed to nowadays with everybody. Having

39:54

access to the internet everywhere back then,

39:56

it was very much so. i

39:59

found my people and now we

40:01

can do the things to make

40:04

our mark on the world essentially. So that's why there's

40:06

a lot of these viruses that are like greets

40:09

to all members of our crew. So

40:14

nowadays there's big money in

40:16

it, which is why you see a lot of threat

40:18

groups that are all basically

40:21

acting to make as much money as possible. Yeah,

40:24

you talked about that pre and post

40:26

monetization, almost like a BCAD thing for

40:28

malware, like this really hard line in

40:31

the sand. I

40:33

guess I'm curious to talk about the

40:35

evolution of it, where

40:37

it's come from, where it currently is and

40:40

then where do you think it's going? There's

40:42

a lot, there's more think pieces

40:44

that is useful about the rise of

40:46

AI in the context of malware and

40:48

cybersecurity. Where does it come

40:50

from and where do you think it's going? So excuse

40:53

me, where it came from really

40:56

was generally in

40:59

the early days, like the original

41:01

IBM PC virus, Brain was written

41:03

as a sort of copyright protection

41:05

tool by two brothers in

41:07

Pakistan. And as

41:11

the time went on, viruses became more

41:13

of a tool of the hobbyist programmer

41:15

who really just wanted

41:18

to have some of their creations out there in

41:20

the world. Like

41:22

I said before, they really want to make their mark

41:24

on the world and this is one way you can

41:26

certainly do it. It might not be a good mark,

41:28

but you're making an impression

41:30

on people. And

41:34

with that, that

41:36

sort of drove the

41:39

hobbyist angle from the late

41:41

80s to probably the late

41:43

90s with the advent

41:45

of the internet becoming more popular everywhere.

41:48

The focus shifted from

41:50

traditional computer viruses to

41:53

worms, which are executables

41:56

that don't infect files. They don't

41:58

infect a host. file to

42:00

spread themselves but instead they just spread via

42:03

user interaction or an exploit.

42:07

And with these online groups

42:09

you now have groups that are starting to

42:11

fight with each other. You see it before

42:13

in the early 90s with some BBS boards,

42:16

you know the bulletin board systems between various

42:18

virus groups and this group sucks. We're the

42:20

best and they'd write it in their virus

42:22

you know in the little comments you'd see

42:25

like we hate these guys they

42:27

suck. Their viruses are terrible ours are the

42:29

best you know just back and

42:31

forth but that really exploded with the advent

42:33

of the internet so now you have the

42:36

ability to reach millions of PCs

42:38

around the world very quickly as

42:40

opposed to the early days

42:43

where you are basically

42:45

limited to the physical area around

42:47

wherever you released it on a

42:49

floppy disk and you hoped it

42:51

would spread somewhere beyond it. So

42:56

with the internet just sort of exploding

42:58

the scene that

43:01

really set the stage from the

43:03

shift from like

43:05

malevolent fun to

43:08

serious business malware. It became

43:11

less of a deal of we can write

43:13

this to print out on the screen

43:16

that you suck and we got you to now

43:18

we can exploit 300,000 PCs worldwide and

43:24

install a botnet on them so that they

43:26

send Viagra spam and from

43:28

that we got to the very

43:31

beginnings of ransomware in

43:33

the mid-2000s with GP

43:36

code. There was the

43:38

advent of rogue antiviruses which

43:41

you would be infected with and it

43:43

would look like a legitimate antivirus and

43:45

it would say your computer is infected

43:47

with 6000 viruses by

43:49

now and we'll solve it for you and

43:52

of course none of them were actually on

43:54

your PC it was just this fake rogue

43:56

antivirus shitting

43:59

everything up. and requiring you to

44:01

pay and you can't just uninstall it. And

44:05

from that, you know, it just

44:07

evolved further to especially with

44:09

cryptocurrency. What we see now with ransomware,

44:13

you know, nation state actors.

44:16

It's just there's no

44:19

more joy or fun that you can

44:21

really see behind the code, at

44:24

least with the big stuff. So there's

44:26

no more joy or fun behind the code. And

44:29

I guess on that note, you

44:31

know, we're on the

44:33

nation state cybercrime, organized crime level

44:35

now. Where do you think it goes next? See,

44:38

that's something I've been

44:40

thinking about. Like, where do we go next?

44:42

I mean, we've had, you know, the United

44:44

States and Israel create and release Stuxnet. And

44:48

that's been in development since the mid 2000s. And

44:52

now we see the NSA who

44:55

has developed all of these specialized

44:59

exploits that have been leaked. And

45:02

we see responses to those leaks. And it's just,

45:05

I'm not sure where we go. I mean, not Petcho

45:08

is a huge global event. And I'm

45:10

surprised we really haven't had significantly

45:13

more of those. So

45:15

I'm guessing there's going to be something, you

45:18

know, more along

45:20

the lines of not Petcho, where the

45:23

target was Ukraine, ended

45:25

up impacting global shipping with MERSC.

45:28

And I imagine we'll see

45:30

some more attacks along those

45:32

lines, you know, because with

45:34

these cyber attacks, it's very easy or

45:36

at least easier to obscure their source

45:39

and where they're coming from. Yeah. Just

45:41

more of these giant global, I

45:43

don't know, attacks with unclear

45:45

perpetrators and unclear targets and unclear

45:47

goals, right? Maybe I should relaunch

45:49

Viewer Made malware and, you know,

45:51

just release some of those into

45:53

the wild. And then we'll have

45:55

some of the fun. Yeah, sure.

45:58

Right back into it. Yeah, sure. I'll balance

46:00

it out. Yeah, it needs to fork. We

46:02

need like the really scary, serious stuff that's

46:04

basically like standing in for organized crime and

46:07

warfare. And then we need the memes, man.

46:09

We just need the good times. Yeah. In

46:12

fact, in your system. Memes are great. Especially when

46:14

they take over your PC and you can't do anything

46:16

anymore. Okay, so I've taken

46:18

up a bit of your time. I

46:20

wanna close with this one. I read an

46:23

interview you gave years ago in kind of

46:25

prepping for this little bit where you described

46:27

malware as kind of a cultural artifact. I've

46:30

spoken a bit to this, but I think

46:32

you likened it to American Civil War rifles

46:34

and Soviet space gear in terms of like

46:36

being able to witness a technological evolution through

46:38

it. I'm curious, how

46:41

do you think future generations are gonna

46:43

look back at the malware of our

46:45

era? That's an interesting question.

46:49

I think the biggest thing is going to be the

46:52

impact that the

46:55

malware has as opposed,

46:58

there won't be so much emphasis on how

47:00

did it spread or what new

47:02

exploits did they use, but how

47:04

far reaching was it? And

47:08

you really started to see that line of thinking

47:12

or emphasis on malware with these worms as

47:14

they rose to prominence in the early 2000s.

47:17

But I think now more than ever, as

47:20

security has taken on new

47:23

meaning for organizations and with

47:26

the Apple iPhone being super locked down, it's

47:30

going to be how successful

47:33

was your malware able to be because it

47:35

doesn't matter just how crazy

47:38

or innovative it is if it doesn't

47:40

impact much, if it doesn't make much of

47:42

a difference in the grand scheme of things.

47:46

I think the larger disruption that there

47:48

can be would be a measure of

47:52

how we look at malware going forward.

47:55

It's about how big the ripples in the pond are. Right.

47:59

Dan, thank you so much. Chris sent down with me man this was a really fun

48:01

one. Yeah thanks for having me this is

48:04

a lot of fun.