Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
In Nineteen Eighty Six, two brothers
0:03
in Pakistan. I'm. Jarred for
0:05
recovery and proceed for Gavi ran
0:07
a computer store. He
0:10
was called Brain Computer Services sick
0:12
a little one room shop in
0:14
Lahore, Pakistan. And
0:17
the store? It's bumping because
0:19
rumor had it did those
0:21
like nineteen eighties brand name
0:23
programs stuff that regularly retail
0:25
for hundreds of dollars elsewhere
0:27
was conspicuously affordable there. For
0:30
example, when it launched, a Word Star
0:33
and Early Word Processor was priced at
0:35
four hundred and ninety five dollars us
0:37
in an extra forty bucks for the
0:39
Manual A Brain Computer Services As reported
0:42
in Time Magazine in Nineteen Eighty Eight,
0:44
you could get a floppy of it
0:46
for. A. Couple of bucks. I'll leave it
0:48
you to imagine what was going on
0:50
there. sky. I would never be able
0:52
to suspect what was going on. There
0:55
are you can buy. A.
0:57
Non branded floppy with a copy
1:00
of the program for dollars versus
1:02
hundreds of dollars. That's. That's.
1:05
A that's a legacy that I was
1:07
not a part of that whole where's
1:09
thing that I was not there for
1:12
that time you would know anything about
1:14
at I would now in the about
1:16
that brain sold software the even develop
1:18
some of their own some medical stuff
1:20
and business was good. know remember this
1:23
was an eighty eighty six So the
1:25
idea that followed which might sound really
1:27
obvious now was extremely novel at the
1:29
time. and the idea was what what
1:31
if they were to include on all
1:34
of these floppies? They're. Selling a self
1:36
replicating program a form of copyright
1:38
control so that the software and
1:40
whether the stuff they were developing
1:43
or the third party software that
1:45
there are it just bargain basement
1:47
prices wouldn't get copied and result.
1:51
In the early days, like the original
1:53
I B M P C Virus Brain
1:55
was written as a sort of copyright
1:57
protection tool. By. Two brothers in
1:59
Pakistan. That's. Damn take a
2:01
a the malware historians. we're gonna get
2:04
back to. The.
2:06
Software replaced the boot sector of a
2:08
floppy disk with a copy of the
2:10
virus and moved to boot sector somewhere
2:12
else. And there's really two important things
2:15
about this virus. First.
2:17
It was basically harmless. It. Avoided
2:19
instructing hard disks are the user's data was
2:21
never at any risk, just the software that
2:24
was supposed to be on a foggy. And
2:27
second, he displayed a message on
2:29
the user screen. Which.
2:32
Read. Welcome.
2:34
To the dungeon. Copyright Nineteen
2:37
Eighty Six, I'm Shards Private
2:39
Brain Computer Services. And
2:42
then. It. Listed a physical
2:44
address. Seven. Thirteen
2:46
His Arm Block: Allama Iqbal Town
2:48
Lahore, Pakistan. And.
2:50
Then it listed a working
2:52
phone number. Followed. By
2:55
the message. Beware. Of this
2:57
virus. Contact us
2:59
for vaccination so they.
3:02
See. So. Let me
3:04
say they create is. A
3:07
little virus program. To
3:09
prevent people from stealing their software,
3:12
even know their store was
3:14
probably selling likely reproductions of other
3:16
people suffer. Yeah,
3:19
tests and the second I just
3:21
as fun as some. Clarity? Is
3:26
it is a good good point.
3:29
clarification. Now most modern viruses would
3:31
not directly advertise the brick and
3:34
mortar physical location of it's developers
3:36
or eellike. I convenient phone number
3:38
for contacting them. But
3:41
I'm sure I did really know how
3:43
most modern computer viruses worked because he
3:45
basically just made. Kind of the
3:47
first one that would go on to go
3:49
viral. Because. He
3:51
was on hundreds of thousands of floppy
3:54
disks that it started making their way
3:56
around the world with his phone number
3:58
in it. And. Eventually
4:00
the phone starts to ring. The
4:04
first com we receive was
4:06
sire from Love Mammy, The
4:08
West He Linda Some. Somebody.
4:12
Taking. care of far as thing as.
4:15
A maxine down there, the local
4:17
magazine, And. Machine.
4:20
Was. Writing something and she was.
4:23
Ah, Having trouble with the floppy.
4:26
And. She discovered that die she bought
4:28
some. Extra piece of code on
4:30
the inside and he follows. An.
4:33
Hour of contact number. When she called me
4:36
I'd I was very surprised. And
4:38
I was shocked either. Because
4:40
I had no expectation that a room our
4:42
app on they will go so far. That
4:45
is edited from a Twenty Eleven documentary.
4:47
Were security researcher Mikko Hypponen travel to
4:50
look for to interviewed his brothers creators
4:52
of the first successful computer virus. Thirty.
4:55
Eight years later Brain that little shop
4:57
still exists. brain.net not Pk can go
5:00
there there. A Pakistani Ip they did
5:02
very well for themselves was getting at.
5:04
The. Like a cyber in an effort. and a big
5:07
deal now. If. Who one
5:09
gigabit speeds is better? Better than we
5:11
got up and here are literally better
5:13
They were has literally better than what
5:15
I'm talking on right now. Is this
5:17
your Spain? Pakistan? Israel
5:20
cloud flatworms. Still
5:23
have as fit as brought you
5:25
back brace consensus anywhere but it
5:28
is with them that a history
5:30
begins. Does. History of
5:32
malware. Today.
5:35
Malware is about big money and
5:37
big data. It's about nation state
5:39
actors and vast criminal enterprises is
5:41
big business. But. And
5:43
Ninety Six It was two brothers
5:45
with a crazy idea, some floppy
5:47
disks and dream. Damn.
5:51
Who heard from earlier? Is. A
5:53
historian of this world. A
5:56
malware historian, As
5:58
time went on, viruses. More of
6:00
a tool of the hobbyist programmer
6:03
who. Really? Just wanted to
6:05
have some of their creations out there
6:07
in the world. And
6:09
I said before, you know they they really
6:12
want to make their mark on the world.
6:14
Mrs when we can certainly do, it may
6:16
may not be unmarked. you're making. You're making
6:18
an impression on people. The is almost like
6:21
a Indiana Jones history and he goes to
6:23
the ruins. He finds the actual old viruses
6:25
ski actual hardware systems they ran on steam
6:28
friends. It. Just to see what
6:30
it's gonna do as great. As
6:32
a great so we call them up
6:34
to hear a story just to try
6:36
and understand how have we gotten from
6:39
that little shop in Lahore to. All.
6:41
Of this. And. What
6:43
kind of. Strange. Stuff
6:46
he's discovered woven throw.history.
6:49
Our conversation with damn ak
6:51
a demo oct one. Ha.
6:54
The Malware Historian: Same way. Way
6:56
Way Way Way Way Way Way
6:58
Way Way Way way way way.
7:00
Resistance. What's up Scots? He.
7:03
Added on are like conversation about
7:05
like viruses frozen, the ice and
7:07
white siberian stuff. oh dang surveys,
7:09
worry that I totally old viruses
7:11
coming up and like reinstating and
7:14
things like that imagines. Dad's.
7:17
His ass Madden Dan brought back some
7:19
old worm or virus from way back
7:21
in a day, put her on to
7:23
like a nineteen ninety one male P
7:25
C and then bang all the same
7:27
as like running around the internal and
7:30
causing havoc to imagine. Yes,
7:32
there was lain dormant on a floppy disk
7:34
one of the one of the big ones
7:36
and he just unleashes and on the world
7:38
modern anti virus is doesn't even. Pay.
7:41
Attention to it. To. Dislike business totally.
7:43
It's not an isolated a good as his
7:45
old like mad like we don't need to
7:47
worry about these anymore. And. I are
7:49
be fine base. And
7:51
Boom! Suddenly as a deterrent,
7:53
there's a zero day for I phones had
7:55
not an old old floppy disk from Ninety
7:58
Ninety Four. How does are worth less. find
8:00
out. Here
8:05
on
8:08
Hash,
8:10
have
8:12
a
8:14
second
8:17
time.
8:19
Dan, thank you so much for joining me.
8:22
I really appreciate it. Yeah, thank you for
8:24
having me on. For anyone familiar with your
8:26
work, you are a malware historian. And I
8:28
guess just to start broadly, what does that
8:30
mean to you? What drew you into this
8:32
world to the point that you decided to
8:34
start documenting it on YouTube? So initially, my
8:37
first exposure to the world of malware was
8:40
in 2004, when my
8:43
home computer was infected with
8:46
a network worm called Sasser.
8:49
I think it was the very beginning
8:51
of May late April 2004. So
8:53
almost 20 years ago, when
8:57
this happened, the computer just
8:59
started rebooting forever, like
9:01
it would restart and it would
9:03
boot up. And a little
9:05
window would pop up saying Windows is shutting down
9:07
in 60 seconds save all your work and then
9:09
it would just keep rebooting. And
9:13
my mom and I, she was
9:15
a computer programmer, she's retired now, but
9:18
we had printouts from Norton
9:20
antivirus online, you know, Sasser
9:22
removal and all these different
9:24
documents. And we
9:27
were basically just trying everything in them
9:29
to try and stop this. And eventually,
9:31
after several hours, we were successful. But
9:34
at that point, I was just I was bitten
9:36
by the bug. So I
9:39
found a website. There's
9:41
an antivirus vendor called F secure,
9:44
I think they recently rebranded to
9:46
with secure. They're from Finland, that
9:48
they had at that time
9:51
pages and pages of alphabetized
9:53
malware descriptions. And it wasn't just
9:55
stuff like Sasser, Or big names
9:58
like the Love letter worm from 2000. They
10:00
had stuff than eighteen eighties like
10:02
brain over the very early computer
10:05
viruses like Cascade for M S
10:07
Dust and they were all written
10:09
out. Up when these viruses
10:12
were new and and they just sort
10:14
of kept them on their website published
10:16
as they advance to the internet. So
10:18
I. Read. Through all of these.
10:21
I'm. This was about hills of
10:23
five or so I really started. Immersing
10:26
myself in it. And
10:28
possessed generally how it became exposed
10:31
to it. Yet
10:34
there was so much information it was
10:36
super cool or read about. I'd find
10:38
some coupons and I show my data
10:40
be like a dead singer with this
10:42
virus. Does new be like and I?
10:44
yeah okay so that's that's interesting but
10:46
to me is so cool. And
10:49
it was something that not a lot of people
10:51
ever really talked about. I mean lots people know.
10:54
What? Computer viruses are in Many people
10:56
blame everything that ever goes wrong
10:58
with their computer on computer viruses.
11:00
But to actually know. The.
11:02
History behind him in what makes
11:04
them viruses. Something.
11:06
Super appealing to me. I
11:09
want to get something you just mentioned, which
11:11
is why you know what makes it a
11:13
virus by very briefly. Do you know how
11:15
Sasser, You know how you got infected? wasn't.
11:18
So sasser was an
11:20
autonomous warm. So traditionally
11:22
before sasser, Worms
11:25
were generally emailed out
11:27
or shared on file
11:29
servers of. Peer. To
11:31
Peer Networks I Khazar Line
11:34
Myerson see a sasser was
11:36
actually developed by a teenager
11:38
in Germany after a patch
11:40
was released by Microsoft for
11:42
a certain on vulnerability. In
11:45
a job think it was
11:47
a security like a log
11:49
on authentication service for windows
11:51
and he reverse engineered dispatch
11:53
which led to discovery that.
11:56
You. Could essentially just scan
11:58
for Ip addresses. Find. Computer
12:00
is vulnerable to this vulnerability and
12:02
send them a specially crafted message
12:04
or packet and would open an
12:06
Ftp server, send the worm on
12:08
over and executed on the target
12:10
computer which would then start scanning
12:12
for more computer. So this worm
12:14
actually globally impacted the internet. There
12:16
were millions of infections worldwide and
12:18
the only thing you had to
12:20
do it to get infected was
12:23
be online and have a vulnerable
12:25
computer a while, and not many
12:27
people have patched for this, so
12:29
there was quite. A lot of
12:31
on infections and says. He.
12:33
Was everywhere. Very
12:35
similar to a worm the previous
12:37
year called Blaster which affected he
12:39
different vulnerability but the end result
12:41
was same where the computers were
12:43
rebooting. Over and over. You.
12:46
I'm. I'm in the
12:48
way I found you, You broadcast herself,
12:51
was letting these viruses In fact a
12:53
system. Do you control? What some what
12:55
is your setup for this? Like what
12:57
are your personal security processes like Than
12:59
that would What's your rig man Like
13:02
How how are you doing this stuff
13:04
initially? I. Started
13:06
making videos in high school when
13:08
I stumbled upon a few live
13:11
malware samples as think it was
13:13
the Love Letter worm, some random
13:15
Ama Stars virus, and the Happy
13:17
Ninety Nine email worm from late
13:19
Nineteen Ninety Eight. Think
13:22
of is to some random forum posts
13:24
somewhere somebody says hey, I found these
13:26
cool bugs in whatever and I managed
13:29
to find him and download and that
13:31
was my first exposure to actually seeing
13:33
in action. These. Viruses
13:36
and worms that I read so
13:38
much about and. At the
13:40
time I took an old desktop
13:42
computers that are family no longer
13:44
used. It was sitting in a
13:46
closet gathering dust. I pulled it
13:48
out. And just. Try
13:51
to miles I I wonder if this
13:53
works? And. The.
13:55
Love Letter word divert our singers
13:58
of Windows Xp computer and. work
14:00
just fine. This was late
14:02
2008 and that's when I
14:04
started thinking well maybe I could
14:07
format this and install something like Windows
14:09
98 or MS-DOS even and see does
14:12
this work and as
14:14
I did this more and more I'd
14:16
find more and more things that did
14:19
work and eventually found a huge database
14:21
of pretty much every sample I had
14:23
ever read about. I think it was
14:25
a leak of Kaspersky's actual
14:27
virus data from some
14:29
point in time. I'm not sure who or how
14:32
or when it happened but I'm
14:34
glad it did because that
14:36
really let me run wild.
14:38
So the initial setup was
14:40
just some random old computer. As
14:43
time went on I've actually purchased period
14:46
accurate computers so I've got a 386 on
14:48
the desk behind me from
14:52
the early 1990s which
14:54
runs MS-DOS for everything that
14:57
I infect with MS-DOS videos. That's the computer
14:59
I use. I've got some others for Windows
15:01
95 and 98. I've
15:05
used virtual machines in the past which
15:08
is just a virtualization software and a
15:10
share folder set up with my host
15:12
computer but now I
15:15
like to try and kind of keep the authentic
15:17
feel of what you would see
15:19
and experience back in the day if
15:21
you had actually been infected with this stuff. Yeah
15:23
the authenticity comes through. The
15:25
way you capture it on the screen it
15:28
feels... You can imagine being in a basement
15:30
in like 2003 and getting a dodgy file on
15:34
LimeWire and a bunch
15:36
of bad stuff unfolding. It's funny you
15:38
mentioned that. I've gotten
15:40
quite a few comments over the years like what's
15:43
wrong with this guy's lights? Does he not
15:45
pay enough for electricity? Why is he always
15:47
in the dark? And
15:50
to answer that it's mainly just I
15:55
don't want especially with CRT monitors with the
15:57
glass front I don't want the reflections coming
15:59
off of LimeWire. light or anything like that. So
16:01
it's easy to turn off all the lights. And
16:04
when I really ramped up doing
16:06
this, I was in college and
16:09
I lived with three other roommates at
16:11
the time. And the only time period
16:13
I would really ever have to record
16:16
videos in peace without loud
16:18
things happening all the time was in the
16:20
dead of night. So I would
16:22
always record after the sun
16:24
went down, everybody went to bed and that's, that was
16:26
my prime time to actually get this stuff done.
16:28
So much
16:31
of the stuff we talk about
16:33
on this show is like, is very
16:35
modern things. And a lot of that has
16:37
to do with like nation states going after
16:39
each other, big massive organized cybercrime rings. And
16:43
I'm watching your videos and I feel almost
16:45
like a warm fuzzy sense of nostalgia is
16:47
not to say that some of these things aren't really
16:49
destructive that there isn't harm. But
16:52
like that early 2000s malware, I think
16:54
it was the La Conna worm that had
16:57
like a Homestar runner payload to it. Right.
16:59
Like, I guess, one,
17:01
I just want to reflect on that sense of
17:04
nostalgia and almost a sense of humor some of
17:06
them had and use that as a jumping off
17:08
point for like, what's your favorite era of these
17:10
things? You get the 80s, 90s, 2000s, what are
17:12
you drawn to personally? So I am most
17:14
drawn to, well, it's hard to pick
17:17
an era. Sure. Probably early 2000s, late
17:19
80s to early 2000s,
17:21
just generally because at that point in time,
17:24
there was no way to really make malware. That's
17:27
only purpose. It's only purpose was to, you
17:29
know, as it is today, gather
17:31
money, intelligence, steal
17:34
data, credentials, whatever. Back
17:37
then, this was essentially the
17:39
way to promote your creation
17:42
to the world. So a lot of them
17:44
were very in your face. They had calling
17:46
cards. There were wars that
17:48
developed between various virus groups. There
17:52
was just so much going on. They got right
17:54
in your face, especially like all the MS-DOS viruses
17:57
that print out graphics on the screen because MS-DOS
17:59
is a very text-based operating system. Almost
18:01
everything you do is through the command
18:04
line. Graphics are reserved
18:06
solely for programs that you might
18:08
run or Windows and
18:11
these viruses you'll just be typing away and then
18:13
all of a sudden there's a giant, you know,
18:16
head in a noose on your screen saying
18:18
like, sorry I've disinfected this file but your
18:21
PC is still affected or just
18:24
crazy stuff like that and
18:26
it's all these programmers making
18:29
computers do things that you
18:31
would not expect them and would not want them
18:33
to do but since they are computers they do
18:35
what they're told and
18:37
without the protections built into
18:39
modern operating systems they
18:41
pretty much had free reign of
18:44
anything they desire to do in your system.
18:48
I know there are many exploits nowadays that generally
18:51
lead into corporations being
18:53
hacked or you know
18:56
workstation gets infected with something and
18:58
then they move laterally to the
19:00
network through a combination of NSA
19:02
tools and various other high-level
19:05
super complex attack
19:07
vectors. Back
19:09
in Windows 95, 98,
19:12
the late 90s there was a worm
19:14
called Opuserve or Opusoft depending on which
19:16
vendor you look at and
19:19
it utilized an exploit. It kind
19:21
of scanned computers like Sasser did but
19:24
much slower and with much less of a
19:26
chance of success but if
19:28
it found network shares that were open
19:31
to the internet but password protected
19:33
there was a vulnerability in Windows that
19:35
allowed it to suggest the first character
19:37
of the password which
19:39
Windows would then take and authenticate and let
19:42
you in. So this worm spread like if
19:44
your password was 20 characters long but started
19:46
with an A the worm would suggest the
19:48
letter A and Windows would say alright cool
19:51
come on in and it's just
19:53
these kinds of crazy oversights and bugs
19:55
that they exploit that just you don't
19:57
see anymore nowadays so definitely
20:00
MS-DOS to early
20:02
Windows XP, early Windows
20:04
NT era. That's
20:06
the sweet spot. That's my sweet spot. You
20:09
used a phrase that I like, you said it's hard to
20:11
pick an era, and when you said that, I was
20:13
reminded like, yeah, it'd be like me asking you, what's
20:16
your favorite decade of music? 60, 70, 70, 90,
20:18
it's like, oh, there's great stuff in all
20:20
of them. You then use the
20:22
word creation. Is
20:25
there an artistry to it? Like an artistic element
20:27
to making these things, kind of a creativity behind
20:29
them? Absolutely, I mean, there's
20:32
even a virus called Spanska for
20:34
MS-DOS, which printed out like a
20:37
graphical 3D, like
20:39
a rolling Mars land, like you would
20:41
see from a lunar lander almost, but it would just
20:44
kind of roll past on your monitor. And
20:46
I believe the text on the screen was making
20:49
a virus can be fun. And
20:52
there's an artistry that goes into it,
20:54
even with some of the ways that
20:57
these programmers would infect your
20:59
PC, like CIH, also
21:02
known as Chernobyl, also known as
21:04
Spacefiller, was a virus in the
21:06
late 90s that had
21:09
the ability on certain Pentium systems
21:11
to actually gain access to and
21:13
overwrite your BIOS. So
21:15
your computer would become unbootable unless the
21:17
BIOS chip was reflashed. But
21:19
the way it infected files and why
21:21
it got the name Spacefiller is unlike
21:23
traditional viruses at the time, which
21:25
would write a little jump command right at the
21:27
beginning of the file and then store all of
21:29
its code at the end, which increases file size,
21:33
CIH would look for little pockets of
21:35
empty space in programs and it would
21:37
analyze the entire program. And if there
21:40
wasn't enough empty space throughout to
21:42
infect it, it would leave it alone. But
21:44
if it had enough space, it would carve up its code
21:47
to fit into those spaces and
21:49
link itself all together. And the file
21:51
size did not increase after that. So
21:53
it was very sneaky, very
21:56
stealthy, and then ultimately
21:59
incredibly destructive. And it's
22:01
just that kind of thing.
22:03
There is a real artistry to
22:06
what can be done. That's not saying
22:08
that there's not shovels, like
22:10
huge boatloads of just script-kitty nonsense
22:12
from back then too, because that
22:14
exists too. But the
22:18
true, I
22:20
don't know how you want to say it,
22:22
the specimens, the elites of their time were
22:24
definitely well made. I guess that's why they
22:26
are the elite specimens. And
22:29
require a historian to dig into them. I
22:32
guess while we're on that subject, I'm
22:34
just kind of going through some that pop to mind.
22:37
I don't want to just go with favorites because that's too broad.
22:40
Let's start with funniest. Can you
22:42
share the funniest one that you're like, God damn, whoever
22:44
made this just has a sense of humor? The
22:47
funniest is it's hard
22:49
to pinpoint. I
22:51
mean, there's subtle humor. There's stuff like
22:54
the one half virus on MS-DOS, which
22:57
infects your boot sector. So
22:59
every time you boot your PC, it runs
23:01
too. It infects floppy disks
23:03
when you use them. And
23:05
then every time you boot, it encrypts the last
23:07
two cylinders of data on your hard drive. And
23:09
it starts at the end and starts working its
23:11
way back towards the middle, two cylinders at a
23:13
time. Tiny amounts of data. And
23:16
when you try to access those encrypted cylinders
23:18
of data, one
23:21
half in memory will detect that, decrypt
23:24
it for you and then present the data
23:26
normally. When it gets to the
23:28
halfway point of your hard disk, you boot your
23:30
PC and you get the message, this
23:32
is one half. Press any key to
23:34
continue. And that's all you see. And
23:37
you have no idea anything is wrong up until this point.
23:41
If you think to yourself, oh, no, I've got a virus and
23:44
you try to do an F disk slash
23:46
MBR, which rewrites your master boot record with
23:48
a clean copy, all of
23:50
a sudden your hard disk is completely unusable
23:52
because the last half is still encrypted. But
23:54
now there's no virus to decrypt it. So
23:57
it's sort of like, I got you humor.
24:00
You know, it's it's not
24:02
traditionally funny. There are a lot
24:05
of viruses and worms that do try to be funny
24:07
There are some that are just like obnoxiously
24:09
immature in the way they do these
24:11
things I'm trying to think
24:13
of a good example like it's
24:17
just like
24:20
There's one. I think it's a worm called
24:22
badass and It
24:24
sends you an email that it's got a little
24:26
smiley face icon And when
24:29
you run the worm it pops up this
24:31
message box I think it's in Dutch, but
24:33
it translates to like This
24:36
user like cannot run the program because he does
24:38
not wash his ass or something like that Is
24:40
this true and it's got a yes or no
24:42
and you try to hit no But the no
24:44
button jumps around and you can't you
24:46
can't click it you you're forced to click. Yes, and
24:49
it's just There's
24:51
there's really it's it's up to the author
24:54
to be really funny. I Guess
24:57
there is one that was tongue-in-cheek As
25:00
an email worm called dumbass. So this
25:02
was early 2000s right
25:05
around the time when love letter
25:07
would spread and Anna Kornikova and
25:09
stuff like Melissa which were
25:12
Math-mailed and they'd have enticing things like
25:14
check the love letter coming for me
25:17
or here's a list of Triple
25:19
X porn website passwords click
25:22
here now and then you
25:24
know your your file name would be love
25:26
letter for you dot text dot VBS or
25:30
Some obvious double extension that anybody who's
25:32
computer savvy would know would
25:34
infect your PC But everybody else had
25:36
no idea how would just run them.
25:39
So the dumbass worm would send it out and
25:43
it's like I Can't
25:45
remember exactly what it says, but it's like here just run
25:47
this file dumbass and it's like obvious
25:49
virus dot text dot VBS dot
25:51
piss dot SCR dot bat dot
25:53
exe and it's got this huge
25:56
chain of File extensions. It's just
25:58
it's just taking the piss out of I
26:01
guess all these users it thinks are just
26:03
complete dumbasses hence the name I
26:05
don't know if it reveals something about me not
26:07
being as mature as I think I am but
26:10
the washer-ass one struck me It's kind of funny.
26:12
Oh it it's funny. Don't get me wrong. It
26:14
is very funny, but it's just yeah Not
26:17
quite, you know the highbrow Comedian
26:19
level humor that you see
26:21
on that we crave. Yeah, okay,
26:23
so funny Let's just
26:26
swing to the other side of the pendulum
26:28
the least funny like if you ever been
26:31
scared or at least unsettled so scared
26:34
happened quite frequently in the Early
26:36
days of me recording this because I would
26:39
just read about something it says this virus
26:41
activates on September 19th So
26:43
me having never seen it before
26:47
Would put it off floppy disk pick up
26:49
my camera in the early days. I have
26:51
these super shaky freehand cameras It's really
26:53
crappy video like this was me the high
26:55
school student just shoving this camcorder
26:58
in the screen So I fired
27:00
up Start recording never seen
27:02
it before and I switched to September
27:04
19th and I run it and it's
27:06
just full screen Immediately blaring music or
27:08
like loud PC speaker and I would
27:10
shake usually it would surprise me because
27:13
I'd never Never
27:15
experienced it before it. So these things they just
27:17
pop up when you're not expecting them And
27:21
it's just They
27:23
can be very surprising When
27:26
I think of like scary on a
27:29
level of what it does That's
27:32
a little trickier. I guess it depends on how
27:35
prepared you are for viruses well
27:39
stuff like wanna cry and Not
27:42
pet you that's pretty scary because that
27:45
you know first one encrypts all your data. The
27:47
second one is just a wiper And
27:49
if you can't recover from that here pretty much screwed
27:56
From dozens of spreadsheets to
27:58
fragmented tools and
28:01
manual security reviews, managing
28:03
the requirements for
28:05
modern compliance and security programs
28:07
is increasingly challenging. Very challenging.
28:10
It is very challenging, good, thank
28:12
you. Avanta is the leading trust
28:15
management platform that helps you centralize
28:17
your efforts to establish trust and
28:20
enable growth across your
28:23
organization. How much of your compliance
28:25
can you automate? You can automate
28:28
up to 90% of your compliance.
28:30
Strengthen security posture, streamline security reviews,
28:32
and reduce third-party risks. 90% is
28:35
a lot. I
28:37
know, it's a large number. It's nearly
28:39
100. And speaking of risk, Avanta is
28:42
offering hacked listeners a free risk assessment.
28:44
When you go to avanta.com/hacked, avanta.com/hacked,
28:47
so you're gonna get that free risk
28:49
assessment. Free risk assessments? I like free
28:51
things. Do you like free things? Who
28:54
doesn't? Generate a gap
28:56
assessment of your security and
28:58
compliance posture. Discover shadow IT
29:00
and understand the key action
29:02
to de-risk your organization. Where
29:05
should they go? Scott, where should
29:07
they go? They should go to
29:09
avanta.com/hacked and get a
29:11
free risk assessment. Free
29:15
risk assessment, Avanta,
29:17
vanta.com/hacked. For
29:21
the very first time, Arctic Wolf,
29:23
the industry leader in managed
29:25
security operations is offering you
29:27
access to the most forward
29:29
thinking ideas from their most
29:31
knowledgeable experts. Do you wanna know
29:33
something, Jordan? What? Tell me. I have printed
29:36
this off and it is sitting on my desk. I
29:38
look through it. And
29:40
you can do the same and discover
29:42
the top 2024 predictions developed
29:45
by Arctic Wolf Labs, their
29:47
team of elite security researchers,
29:49
data scientists, security engineers, derived
29:52
from intelligence and insights gained from
29:55
the trillions. It depends with a
29:57
T. That's a big number. Of weekly
29:59
observations. Within. Thousands of
30:01
unique environments, These. Predictions
30:03
trace the development of several friends
30:06
based on their earlier simpler and
30:08
raisins, and anticipate which ones are
30:10
poised to take significant steps. Forward.
30:13
In the coming months, learn with
30:15
the new Year holds for ransom.
30:17
Where's the service? Active Directory, even
30:19
Artificial intelligence and more when you
30:21
download the Twenty Twenty Four Arctic
30:23
Wolf Labs Predictions Report today. That.
30:25
Arctic wolf.com. Forward/hacked.
30:29
Where. Do they go? Scouts are stake
30:31
was A R C D I
30:34
C. Wolf. Dot
30:36
Com/hacked. Be. Like
30:38
me. Download. This report printed
30:41
off, Read it and have a sit
30:43
collect dust on your desk For if
30:45
you like me and know that you
30:47
confidently know that wolf how wolf his
30:49
belt and do not need any support
30:51
getting back into your browser. To.
30:53
The Zenith. As soon as a sad and
30:56
you need me to sell the word war
30:58
for you, you probably don't need this from
31:00
force. When
31:02
we first or podcasting a store wasn't really on
31:05
our minds and it took us a lot while
31:07
to get around to it. And I regret that
31:09
because when we finally did, it could not have
31:11
been easier. All. Because of we
31:13
used Shopify should change. Some
31:18
friends a global commerce platform that helps you
31:20
sell every says your business for the launch
31:22
of your online store. It's enough First real
31:24
life store stage all the way. Their whole
31:26
my dad and me to sit a million
31:28
dollars said shopify is there to help you
31:30
grow and he's selling said itself are offering
31:32
outdoor of fist shopify Fc Cel everywhere that's
31:35
everywhere in the globe from they're all in
31:37
one E platform to there in person Pos
31:39
systems which is in restaurants and cafes kind
31:41
of It is this. Wherever and whenever you're
31:43
selling Shopify as they covered Shopify out she
31:46
turned browsers into buyers with your it's best
31:48
to bring. check out the thirty six percent.
31:50
Better than average compared to other leading commerce
31:52
platforms and so more with less effort thanks
31:55
to Shopify Magic. You're a I powered all
31:57
star when of things that we learn to
31:59
accept. by the most that made it so
32:01
easy for us is the fact that it
32:03
integrates into so many other services and platforms.
32:05
It just became so
32:07
fast and easy to set up all of the pipelines
32:10
and processes and all the rest of that stuff. So
32:12
that's the value you get with Shopify. And
32:16
probably the reason why they power up to 10% of
32:18
all e-commerce stores in the US and their
32:20
global force behind Alberts, Rothy's, Brooklyn, and millions
32:22
of other entrepreneurs of every size across 175
32:24
countries. Plus,
32:26
Shopify's award-winning help is there to help you
32:29
and support you every step of the way
32:31
because businesses that grow, dah dah dah, grow
32:34
with Shopify. Sign up
32:36
for $1 per month
32:39
trial period at shopify.com/hacked.
32:41
All lowercase. You go
32:44
to Shopify, shopify.com/hacked. Right
32:46
now, you're going to grow your business no matter what
32:48
stage you're in. What's that site,
32:51
Scott? shopify.com/hacked.
32:55
This episode is supported by Compiler,
32:58
an original podcast from Red
33:00
Hat discussing tech topics big,
33:03
small, and strange. We wouldn't know
33:05
anything about that. Compiler comes to
33:07
you from the makers of Command Line Heroes
33:09
and is hosted by Angela Andrews. And the
33:11
big idea here is that they close the
33:13
gap between those who are new to technology
33:16
and those behind the inventions and services that
33:18
just shape our world. It brings together these
33:20
stories and perspectives from the industry, simplifies
33:22
things down in terms of language, culture, and movements
33:25
in a way that is fun and informative
33:27
and kind of guilt-free. And there's a
33:29
lot of great episodes. I like to live guilt-free. And
33:32
one of my favorite episodes
33:34
is episode 25, the great
33:37
stack debate. As
33:39
a former CIO, I
33:41
lived in the software stack. And this episode
33:43
kind of looks to dive into it, discuss
33:46
it, talk about it, and
33:48
I appreciated this episode. I think if you're
33:50
going to just take a trial run for
33:52
an episode for a trial run, check out
33:55
episode 25, the great stack debate. Debate. Durbate.
33:59
Durbate. Listen to Compiler in
34:01
your favorite podcast player and is going to
34:03
be a link to the show in the
34:05
shown else and you go check him out
34:07
School South My thanks My personal thanks to
34:09
Compiler for all of their support mind to
34:11
he can also my this our thanks We
34:13
are a collective. Something
34:19
we talk about. Internally.
34:22
When we make this show past that, he was like. I
34:25
guess the ethical boundaries of
34:27
walking the fine line between
34:30
education and entertainment like we
34:32
tells Iris Curry stories and
34:34
curious like how do you
34:36
navigate the ethical implications as
34:38
showing stuff. Making. Sure
34:40
that you're creating something that's like informative,
34:42
interesting, without. Encouraging.
34:44
Anything malicious. So.
34:46
Funny story. Actually, I'm
34:49
I do just. Try.
34:51
To so these things I'm I don't
34:53
offer any sort of download link for
34:55
anything that I feature in my videos
34:58
or though that is probably the number
35:00
one question. I've probably been
35:02
asked that more than anything else several
35:04
thousand times. At least. where'd you get
35:07
your viruses? On
35:10
rare occasions people have stumbled across and I've
35:12
got a few that were like Iran this
35:14
thing I signed video and now my computer's
35:16
all sorts of disappointed. After
35:19
Spot I'm not tech support. I'm sorry
35:21
you did that, but these videos are
35:23
just you know? For. Fun!
35:25
These are actual. Malware. And.
35:29
Then there was another side of that same point where
35:31
I get a lot of people saying i wrote this
35:33
Myers that I'd like for you to make a video
35:36
on. How can set it to you? And.
35:38
I got so many of kinds of request that at one
35:41
point I had a forum. where i
35:43
opened it up i made a little short lived
35:45
series called viewer made must gonna ask about that
35:47
those mechanics can i spit yeah so if if
35:49
you want it to you could write this and
35:51
you put it on my form with the description
35:54
everything it does and i picked the coolest stuff
35:56
and i'd make a video of it After
36:00
a certain number of them there
36:03
was one that was like a ransomware
36:05
I Can't remember
36:07
what it was called But it got
36:09
picked up by a security researcher on Twitter who
36:11
started posting about this as if it was a
36:14
new threat and they posted You know MD5
36:16
hashes and they're like here's how to
36:18
detect it It's been smitten and then
36:21
like the person who wrote it
36:23
was like oh, I wrote this for Dan,
36:25
you know, and I Yeah,
36:27
this is a word like an actual threat
36:31
they had like a Backdoor
36:33
key you could use to decrypt everything but it
36:35
was still kind
36:37
of a hairy situation because I
36:40
kind of indirectly contributed to this thing
36:42
being created by virtue
36:45
of having this series Now
36:51
There's even you know, there's more to this
36:53
because I stopped making those viewer made malware
36:55
videos Not long after
36:58
that and took down my
37:00
website I just didn't have the time or
37:02
the patience to moderate a forum with and
37:04
everything that comes with that and There
37:08
was a group that Was
37:12
on Twitter that actually exploited
37:15
FOS hub and they replaced
37:17
downloads for audacity and classic
37:20
shell with an MBR Trojan
37:23
so when people downloaded these and ran
37:25
these it actually opened up This
37:28
Trojan that would replace your MBR with a
37:31
message. It was like you you
37:33
on your adventures It seems you have failed,
37:35
you know, I'm paraphrasing but and
37:37
then it was like shout outs to all these people And
37:40
I wrote to them on Twitter like could I
37:42
get a sample of this to make a video
37:45
on it? They're like, oh, yeah We were actually
37:47
gonna put you in the greets But we figured
37:49
that might lead more trouble to you than you
37:51
would want so we just left your name out
37:53
I was like, oh shit so
37:57
It's like damned if I do damned if I don't like
38:00
Is what what's the way to go
38:02
on this do I encourage people who
38:04
are going to write these things anyway
38:06
to send them to me and? You
38:10
know, compromise a very prominent
38:12
file sharing website to infect
38:14
innocent people. Or.
38:17
Do I Not do anything and just
38:19
see what happens? I mean. Even.
38:22
Now they're still many people that are
38:24
asking am I ever going to continue
38:26
it And right now I think that
38:28
questions up in the air just because.
38:31
I'm not there. There's still
38:34
so much interest and. I.
38:37
Think if the focus was on making it
38:39
for her older operating systems, maybe that might
38:41
be the way to go. But. As
38:45
as is, like he said, there's a fine
38:47
line around and I'm not. I'm not sure
38:49
how to walk out at this point. It's
38:52
a big your your opening, a bunch of
38:54
big. Thorny. Philosophical questions
38:56
that are now on, right? and
38:58
I guess just to stay there
39:00
in a philosophical sense. Do you
39:02
think that. I
39:04
guess the desire to create and spread
39:06
to stuff reflects a bigger. Bigger.
39:10
Aspects of human nature or societal trends or
39:12
something to do. You think it says something
39:14
about people's that we want to make and
39:16
and share? The stuff spread it is may
39:19
be better word. I
39:21
think it definitely does. It's
39:24
interesting seeing the types of people
39:26
who wrote the stuff in the
39:28
original days was generally a young
39:31
young young men usually on they
39:33
would find Bbs, groups of like
39:35
minded individuals and they would trade
39:37
secrets and how to and tutorials
39:39
and you know they generally at
39:41
that point worked super popular at
39:44
school or they spend a lot
39:46
of their time on the computer
39:48
which in the late eighties early
39:50
nineties was not the norm as
39:52
opposed to nowadays with everybody. Having
39:54
access to the internet everywhere back then,
39:56
it was very much so. i
39:59
found my people and now we
40:01
can do the things to make
40:04
our mark on the world essentially. So that's why there's
40:06
a lot of these viruses that are like greets
40:09
to all members of our crew. So
40:14
nowadays there's big money in
40:16
it, which is why you see a lot of threat
40:18
groups that are all basically
40:21
acting to make as much money as possible. Yeah,
40:24
you talked about that pre and post
40:26
monetization, almost like a BCAD thing for
40:28
malware, like this really hard line in
40:31
the sand. I
40:33
guess I'm curious to talk about the
40:35
evolution of it, where
40:37
it's come from, where it currently is and
40:40
then where do you think it's going? There's
40:42
a lot, there's more think pieces
40:44
that is useful about the rise of
40:46
AI in the context of malware and
40:48
cybersecurity. Where does it come
40:50
from and where do you think it's going? So excuse
40:53
me, where it came from really
40:56
was generally in
40:59
the early days, like the original
41:01
IBM PC virus, Brain was written
41:03
as a sort of copyright protection
41:05
tool by two brothers in
41:07
Pakistan. And as
41:11
the time went on, viruses became more
41:13
of a tool of the hobbyist programmer
41:15
who really just wanted
41:18
to have some of their creations out there in
41:20
the world. Like
41:22
I said before, they really want to make their mark
41:24
on the world and this is one way you can
41:26
certainly do it. It might not be a good mark,
41:28
but you're making an impression
41:30
on people. And
41:34
with that, that
41:36
sort of drove the
41:39
hobbyist angle from the late
41:41
80s to probably the late
41:43
90s with the advent
41:45
of the internet becoming more popular everywhere.
41:48
The focus shifted from
41:50
traditional computer viruses to
41:53
worms, which are executables
41:56
that don't infect files. They don't
41:58
infect a host. file to
42:00
spread themselves but instead they just spread via
42:03
user interaction or an exploit.
42:07
And with these online groups
42:09
you now have groups that are starting to
42:11
fight with each other. You see it before
42:13
in the early 90s with some BBS boards,
42:16
you know the bulletin board systems between various
42:18
virus groups and this group sucks. We're the
42:20
best and they'd write it in their virus
42:22
you know in the little comments you'd see
42:25
like we hate these guys they
42:27
suck. Their viruses are terrible ours are the
42:29
best you know just back and
42:31
forth but that really exploded with the advent
42:33
of the internet so now you have the
42:36
ability to reach millions of PCs
42:38
around the world very quickly as
42:40
opposed to the early days
42:43
where you are basically
42:45
limited to the physical area around
42:47
wherever you released it on a
42:49
floppy disk and you hoped it
42:51
would spread somewhere beyond it. So
42:56
with the internet just sort of exploding
42:58
the scene that
43:01
really set the stage from the
43:03
shift from like
43:05
malevolent fun to
43:08
serious business malware. It became
43:11
less of a deal of we can write
43:13
this to print out on the screen
43:16
that you suck and we got you to now
43:18
we can exploit 300,000 PCs worldwide and
43:24
install a botnet on them so that they
43:26
send Viagra spam and from
43:28
that we got to the very
43:31
beginnings of ransomware in
43:33
the mid-2000s with GP
43:36
code. There was the
43:38
advent of rogue antiviruses which
43:41
you would be infected with and it
43:43
would look like a legitimate antivirus and
43:45
it would say your computer is infected
43:47
with 6000 viruses by
43:49
now and we'll solve it for you and
43:52
of course none of them were actually on
43:54
your PC it was just this fake rogue
43:56
antivirus shitting
43:59
everything up. and requiring you to
44:01
pay and you can't just uninstall it. And
44:05
from that, you know, it just
44:07
evolved further to especially with
44:09
cryptocurrency. What we see now with ransomware,
44:13
you know, nation state actors.
44:16
It's just there's no
44:19
more joy or fun that you can
44:21
really see behind the code, at
44:24
least with the big stuff. So there's
44:26
no more joy or fun behind the code. And
44:29
I guess on that note, you
44:31
know, we're on the
44:33
nation state cybercrime, organized crime level
44:35
now. Where do you think it goes next? See,
44:38
that's something I've been
44:40
thinking about. Like, where do we go next?
44:42
I mean, we've had, you know, the United
44:44
States and Israel create and release Stuxnet. And
44:48
that's been in development since the mid 2000s. And
44:52
now we see the NSA who
44:55
has developed all of these specialized
44:59
exploits that have been leaked. And
45:02
we see responses to those leaks. And it's just,
45:05
I'm not sure where we go. I mean, not Petcho
45:08
is a huge global event. And I'm
45:10
surprised we really haven't had significantly
45:13
more of those. So
45:15
I'm guessing there's going to be something, you
45:18
know, more along
45:20
the lines of not Petcho, where the
45:23
target was Ukraine, ended
45:25
up impacting global shipping with MERSC.
45:28
And I imagine we'll see
45:30
some more attacks along those
45:32
lines, you know, because with
45:34
these cyber attacks, it's very easy or
45:36
at least easier to obscure their source
45:39
and where they're coming from. Yeah. Just
45:41
more of these giant global, I
45:43
don't know, attacks with unclear
45:45
perpetrators and unclear targets and unclear
45:47
goals, right? Maybe I should relaunch
45:49
Viewer Made malware and, you know,
45:51
just release some of those into
45:53
the wild. And then we'll have
45:55
some of the fun. Yeah, sure.
45:58
Right back into it. Yeah, sure. I'll balance
46:00
it out. Yeah, it needs to fork. We
46:02
need like the really scary, serious stuff that's
46:04
basically like standing in for organized crime and
46:07
warfare. And then we need the memes, man.
46:09
We just need the good times. Yeah. In
46:12
fact, in your system. Memes are great. Especially when
46:14
they take over your PC and you can't do anything
46:16
anymore. Okay, so I've taken
46:18
up a bit of your time. I
46:20
wanna close with this one. I read an
46:23
interview you gave years ago in kind of
46:25
prepping for this little bit where you described
46:27
malware as kind of a cultural artifact. I've
46:30
spoken a bit to this, but I think
46:32
you likened it to American Civil War rifles
46:34
and Soviet space gear in terms of like
46:36
being able to witness a technological evolution through
46:38
it. I'm curious, how
46:41
do you think future generations are gonna
46:43
look back at the malware of our
46:45
era? That's an interesting question.
46:49
I think the biggest thing is going to be the
46:52
impact that the
46:55
malware has as opposed,
46:58
there won't be so much emphasis on how
47:00
did it spread or what new
47:02
exploits did they use, but how
47:04
far reaching was it? And
47:08
you really started to see that line of thinking
47:12
or emphasis on malware with these worms as
47:14
they rose to prominence in the early 2000s.
47:17
But I think now more than ever, as
47:20
security has taken on new
47:23
meaning for organizations and with
47:26
the Apple iPhone being super locked down, it's
47:30
going to be how successful
47:33
was your malware able to be because it
47:35
doesn't matter just how crazy
47:38
or innovative it is if it doesn't
47:40
impact much, if it doesn't make much of
47:42
a difference in the grand scheme of things.
47:46
I think the larger disruption that there
47:48
can be would be a measure of
47:52
how we look at malware going forward.
47:55
It's about how big the ripples in the pond are. Right.
47:59
Dan, thank you so much. Chris sent down with me man this was a really fun
48:01
one. Yeah thanks for having me this is
48:04
a lot of fun.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More