Here's What Cyber War With Russia Would Actually Look Like

several years, long before the existing conflict. What are Russia's cyber warfare capabilities, how weak is the rest of the world, how exposed is critical infrastructure and so forth? As of now, you know, I don't think this has been a huge spect of the current conflict. Traditional violent warfare is sort of being the story, but it is always lurking out there as a risk. Yeah, there have been some rumblings

of potential attacks. I saw something in um der Spiegel this morning about possibly a hack of satellites that might have been impacting Ukraine. So there are sort of rumblings of this, uh, you know, some accusations lurking in the background, but we haven't seen anything. Let's say, we haven't seen anything major yet. And I feel like cyber security risks, it's one of those things that you you always see

people mention as a sort of left tail risk. You see lots of analyst notes about it, but no one really talks about it in concrete terms. It always seems to be just this vague threat lurking in the background. Yes, and I think it's in part because, as you exactly say, no one precisely knows what it would look like. Um.

I mean, obviously, companies are regularly getting hacked. We've seen an increase over the years, and malware and ransomware, and companies losing data, companies having to pay to bring factories and infrastructure back online. Of course, I think it was late or maybe early last year there was that pipeline on the central part of the United States. So these things recur, but I think it's very nebulous what that

risk actually looks like. So today I'm very pleased to say we're going to try to get a firmer handle on what cyber warfare risk might actually look like, and we're gonna do it maybe a little bit differently um to what we normally do. But today on the show, we're gonna be talking to a hacker about what it actually means to, you know, do cyber warfare to hack into someone's systems, what the threat actually looks like, and

what is possible from a technological perspective. I'm really looking forward to this sort of different from our normal path, but of something important to be uh, to learn more that. Yeah, so we're going to be speaking with Matt Swish. He is the founder of Komi and incident response startup based in Dubai, which is where I met him, and I have to say he's definitely an expert on all of us. Matt, Welcome to the show. Hi Trici, Hi Joe. Thanks for

inviting me. Looking forward talking with you about what cyber war might look like. Yeah, so you have a bit of expertise in this. I mean not just from the hacking perspective, but uh, there are some Russian hackers who seem to be obsessed with you. Is that right? Uh? Yeah, so I assume you're referrain to the group called the Shadow Brokers that mentioned me like few years back. Yeah. So just for background, Uh, Matt and I met when

I was working in Abu Dhabi and Dubai. And this was back when Shadow Brokers had a major um attack and there was a lot of talk about them, and they allegedly were a Russian group of hackers and they seem to really I don't know, just focus on you, Matt. Yeah, So I guess like one of the main reasons for the focus at the time was mainly due to the fact that I was analyzing a lot of the documents

that they were releasing. To date, that's one of the group that released some of the most significant documents in cyber security, like partly as significant as the snow Don documents to give some context for the audience. And as part of the release, they release operational notes and exploits that belonged to the US government, particularly to the n ESSAY, which is the Man intelligence agency in the US, where they were exposing US intelligence capabilities. So those documents were released.

I was of the many people who are like analyzing them and uh and like human and like you said, you know, they've been mentioning me a few times so far. Like the man assumption is that that group is affiliated to the Rusian government, and like many times you know, and that we I'm sure we're gonna talk about it more in details. With cyber it's very out to know who is doing what. Sometimes it texts years to find

enough evidence. Sometimes like governments know about something, but they would not necessarily like released the information because they may burn some source that they have to collect additional intelligence. So it's always like very complicated when it comes to cyber, especially with attribution. So usually you have to use the common sense. But in terms of timing, these shadow bookers were really active around twenty seventeen, which is around the time where we start to see a lot of attacks

from Russia and Ukraine. Also when you say attribution is difficult, I mean intuitively, of course that makes a lot of sense. What are the type of evidence or what do the certain like fingerprints, because you hear that a lot, there's a hag and people suspect often suspect Russians, sometimes Chinese. Are there certain characteristics of attacks or certain things you look at to start to sort of engauge the origin of an attacker. Uh, yeah, definitely, Like different attackers have

different motives and different groups organized that differently. So when it comes to hear when we're talking about hackers, who are talking about national states. We're not talking about someone who's like alone in the bedroom trying to haick a video game. Right, So, just to make sure it's clear for the audience, who are talking about nation states carrying uh intelligence, all military operations against other like nation states

companies sometimes critically critical infrastructures. Uh So when it comes down to what it looks like in terms of fingerprints when you're doing an investigation, uh, it is a good question because at the beginning in the introdution chat, you're wondering what cyber war, cyber warfare might look like, and there's this conception that people have that cyber war is going to be like completely different, something we haven't seen before, that you know, it's just going to be like in

the medieval time where you see like people riding a horse and instead of having salts, you know, they're gonna have vented us and they're gonna start stabbing each other, and then you use that as forensic evidence. The reality is we have been seeing a lot of those happening

over the past years, probably more than ten years. You know, like even back in the two thousand's when China acts Google, you know that was a prettier signific come to one, and that was one of the first time we saw nation state attacking like an actual company and being able to track it. So what we have been seeing more and more is often like patterns between attacks, but also

like motives. So whenever it comes to attacks on critical infrastructure in UH, let's say like Ukraine, so there is a very short list of suspects that comes to mind. Same thing when there's an attack happening like not Petya in twenty seventeen that gets that gets released on the independence day, So often, like the timing is very suspicious.

Same thing with the article that you mentioned that you thought this morning, Tracy, with the asset, which is an American company, when the satellites have been like UH attacked, like the initial suspicion back so we're talking like back on February twenty four when like around the same time of the invasion. One of the suspicion was while that's happening the same day that Russia is invading a crane,

so that was also one of the susipicition. So often you would use the common sense when it comes to a national state attackers, and then you would backtrack based on what you have found and see if your assumption makes sense or not. But it can be you would

find a malaware that's on the on the system. And in some cases, like people kind of assumed that once you are hacked, you know, like your screen is gonna change color, is gonna become red or green most of the time, like Cyberry is often used for like intelligence gathering, so you not even know that people are in your system. Uh. In some cases it may take like years before an attacker, uh affected, So when you get hacked, a face doesn't

come up on your screen and start laughing exactly. Okay, so now you know Joe um So you mentioned Matt that this has been ongoing for some time, and this is something that I've wondered about for a long time. But why, I mean, if you know that Russia is doing a lot of hacking, I mean along with some other countries like China, North Korea maybe, but you know that this is happening, why do nation states tolerated, Like why hasn't this become a bigger area of concern for

the US in recent years? Or is it that it is a major area of concern? But we just don't see the response because it's all happening, you know, at the back end of technological systems and UM with the n s A and you know in sort of secret offices. Uh, it is a good question. Actually it is happening. If you go on the like the State Department website, you're gonna find a lot of indictment against like like for instance, like Russian officers that work for the g r U

or other like intelligence agencies. So for instance, like a lot of the attacks on the twenties seventeen, there is an indictment where six officers are being mentioned for a lot of the damage that they have done, including like the Olympic Games that have been you know, one of the targets, including like the visitors, the host of the Olympic Games, one of the electricity grid in Ukraine being in target. Also the election in France at that time

when the emails from Emmanuel mcron had been released. H t V five months also, which was a TV channel that was acted in the past, you know, it was linked to the delusion government. So the actual uh, proof and accusation have been like published. A lot of it is usually like policy work and don't done at a

political level. So that would explain why it takes so much time and often very little UH can be done in a short period of time, and often what we would see in response would be sanctions on some of

the governments. So it is happening, but I think it's happening at the pace where there are so many attacks happening from different countries, like you mentioned like North Korea, friends, and that had been like very active mostly for like financial gains, like we remember the attack of the Central Bank of Bangladesh for instance, where they try to steal like one billion dollars uh, and we're money launde being

like happened in casinos in the Philippines. So like a lot of information is public and non around like modus apparently from like different like either groups that are working independently or like some independently like for like a national state. But it's such a complex problem that it's very up to fix a bit like conflict all around the world. So a nightmare scenario in the US. But I guess, but anywhere is this idea of they're gonna hackers could

shut down critical infrastructure. Maybe the grid in New York City just goes dark because of some hack attack? Is that a realistic threat in your view? I mean that I think comes to mind or we can't log in to our banks or how like big pieces of infrastructure that could disrupt society. He is that a plausible threat? And be is that something that these types of hacker groups are could could conceivably work on? Uh? Yeah, No, definitely. And like I mentioned before, it happened in the past

with the Ukrainian like power grids. It happened like you know, like in twenty fifteen and six at some point the electricity like grid was down for like a few hours. But one of the things to keep in mind is, like I asked, those attacks have been happening over the

past ten years. Defense capabilities, you know also from like different companies and like countries also like became more and more um efficient because on one side you have the attack curs that are like publishing their craft and becoming more efficient. But also on the defense side, people are becoming more aware of what of attack to expect. They're becoming more resilient, like if something happens, you know, like if any incident happens, like or do you investigate it?

So that's what you would usually call like incident response, but also like all the recover like a system for especially for like critical infrastructure, so regarding targeting like a critical infrastructure. So we saw it like around two weeks ago with the satellites, So with that company, Yea said, So a lot of the actual like users that have

been targeted were like partly the Ukrainian military. So that's uh, one of the attempts of like interfering with the infrastructure for of like the target to like kind of slow down or make communication like more difficult. But during that that hack, you know, like unexpectedly like there's like three thousands like wind, like when the turbines in Germany that where should on you know, as like like the German government was calling it cyber collateral damage, you know. Um,

so sometimes it may come in unexpected ways. But in that scenario, what it meant is the access Internet was not available anymore. But the actual electoral buying for instance, why not damaged. It is just the communication link. You know. It's like if someone would shut down like a cell phone tower, it will not damage your phone, you will

just not be able to communicate. And we saw that also at the beginning of the invasion, because there also tis very weird aspect of the Russian military since the beginning of the invasion, and that's kind of why a lot of people are a bit uh skeptical on the planning and the logistics of the Russian military on that aspect is mostly around communications. They are still not necessarily

like using like military equipment. They still use like an a lot of communication, but also like cell phones with like Russian numbers. So at some point some of the Ukrainian tell co Operato rejected like Russian numbers and they were not able to communicate, and that to take over a cell phone of civilians just to be able to

still communicate with each other. Well, there's a lot of uh like communication aspect obviously when you conduct like a military operation so like, and that's a completely different field. You know, that's not not my specialty. But we do see it happening because cyber war on its own does not really like exist, you know, like cyber is a

component of war, and that's what we're seeing now. So instead of seeing like a conventional war, we see like this hybrid warfare happening in front of our eyes, where like there's multiple aspect to it and a lot of the actual attacks that we have seen also with Russia, and that Russia is probably well known for and I'm sure as journalists you're like yeah, like familiar with it is also like disinformation and misinformation, like we have seen what they call like active measures being used for a

long long time Russia today and Sputnik news have been like banned in the EU now. So it took like the invasion you know, of any Ropean country for them to shut down those media. So, like to answer your question of before like how come we don't see like more thanks response from the governments, Well, that's a perfect example, like we knew that was happening and it took the invasion of an European country for them to do something

about it. Yeah. Um, I want to ask you this is it might be a tricky question, I don't know, but could you maybe walk us through a timeline of what actually happens if say a nation state like Russia hypothetically launches some store let's say some sort of malware attack on a West Earn company or infrastructure utility type thing like what happened? So the attack starts and then can you walk us through what the actual response looks like and when the attack stops. Uh yeah, I can't

even give you an example. So around Christmas, there is a company called Solar Winds that was targeted. I think it targeted earned like twenty thousands of their customers. So and uh the and you have to keep in mind, so like let's say, like you have twenty thou you know, customers companies using the same software, and that was a massive problem. Uh. It means that all of them have

been hacked. So what happened is what they did is what we call the supply chain attack, you know, where they managed to distribute a man issues update to all their customers and whenever that update has distributed to all their customers, that was their infection vector for all of those companies. And that was partly, like to date, the largest hack of foreign countries. That was uh your um,

your scandal obviously. Uh Like the White House blamed the SVR agencies, which is like the foreign intelligence agency of Russia for that attack. Uh So in that case, Uh yeah, governments have been blaming, blaming and pointing fingers to Russia. But out of that we didn't see like Munch coming

out of it. Uh in that case, and uh, in that scenario, it took one cyber security company to be a victim that I found out that they have been infected by luck, and then more and more people started to investigate and they realize, oh wow, like eighteen customers from that company have been targeting and the madaware was like spreading undetected. Our company is good at sharing cyber information with each other because it is such a sensitive

topic and when you're under attack. On on the one hand, I imagine you don't necessarily want to broadcast it to the world. But on the other hand, you could argue that you have a responsibility um to your customers clearly, but also to other companies to flag a threat that

is actually happening. Yeah, very good question. Actually. Uh So in the case of Solar Winds, Uh, if that cybersecurity company that was a victim of the heck, UH didn't raise the alarm saying all we found this, that's suspicious. You know, then like people photoed up and that's like you're mad where we found it present in other places? Uh, people would not have been able to conclude that so

many customers were targeted. And in that scenario, like you're saying, like the information sharing was very beneficial often for cyber security. So you have like few companies that are like the anti virus providers or endpoint security companies that have a lot of visibility because of the telemetry they have on millions of machines. So for them it's pretty good too and pretty easy to see if something new like happens.

You know, in the case of Microsoft now which is probably like the biggest cyber security company in the world, are ironically they're very very good telemetry before the invasion. So a wiper, which is a malaware that's designed to erase the computer, was detected. So a few different security vendors managed to detect it. Microsoft was one of them. Because that's really good telemetry, they were able to take it within like a few hours. Uh in that case.

You know, like what we noticed so far when it comes to like cyber is there is a huge focus on cyber before the war become actually kinetic, so either to destabilize the enemy or to uh gather information. How often you know you mentioned and I remember that the Solar winds hack that used a patch uptake to distribute mailware too solar winds clads. How often are cyber security

companies themselves the target of hackers? And this this you know, this technique of using a cyber security update PADG to distribute mailware? How common is that? And how interest in general? How much of these companies themselves the target of attacks?

A very good questions? So so they are? And often does it happen for like security companies to be like targets Really happens all the time because of the assets that they have, they're like toolings, like the tools, you know, all the human resources they have, you know that could include being targeted that conference or not. Uh, Like I was like I was giving an example to to two traces.

So for instance, I was supposed to give a keynote at security conference in Russia a few years ago before COVID. So when you're before COVID, and I got denied of entry uh in Russia, so at the airport. So I was not able to deliver the keynote at that conference. Uh. The official reason is because my visa was not valid. Although I told them, I was like, you're the one we shoot meet the visa. What do you mean it's not valid? You know? And that I to fly back

on the next flight back to Dubai. So in that case, you know, like uh and fun. You know, like there's always stories in security conferences were like security researchers you know, like are either like being followed or like someone like quenty into like the hotel room. You know, there's a bunch of like different stories like that. So when it comes to like often like security companies or security researchers

are being targets, it happens a lot. It also happened like last year where like a bunch of security researchers were like active targets by North Korean hackers mostly like to try to steal like tools from them or if if they had any exploits. So for the audience and exploit is what like groups or nation states can use to directly like target the machine so they can get

an authorized access to a machine. So usually they have if you have a security nobility in the software and you have the software that can take advantage of it, that's what we call an exploit. You have different tagories of them, including what we callect zero. They exploit that even software providers and not to wear off. So that could be like Microsoft happened, and in some cases it may even not even require like any user interaction to

be enabled. And in the case of the national state type of hacking, because that requires a lot of R and D, it is very expensive. Some of those exploits like go for selling the like gray market for like millions of dollars. And also like it's very complicated to do because unlike traditional weapons, that's not something that you can replicate. Each security vulnerability bug is going to be different, and it requires a specific set of skill set to

be able to find and write an exploit. So in the case of a full on like cyber war, a lot of people were kind of expecting countries to stop to use like exp it like left and right at each other. But to go back to your other questions, Uh, it's something that's very difficult to measure because it's not like proper unit of measures for like often it happens, that's only like when you know it happens, it's only

a small subset of the information that you have. Sometimes like, uh, what's happening over the past two weeks and over the next month, I'm pretty sure we're still gonna be analyzing it, Like you know in three four years. Um, like some of the tours that have been released by the Shadow Bokers, a lot of the exploits were like four or five years old in that case, and when they got released, you know, it was uh, you know, like pretty it

got a lot of attention. Some of them have been even like repurpose into some new malwares, including not Petia, which will start getting Ukraine at the time. Um. So it's very difficult to you have, yeah, pretty ironic. It's it's pretty difficult to have like data on those things. And keep in mind, like like you said before, when you get hacked, you know, you don't get like some face like showing up on your screen and some guy laughing.

But it is very important to uh to highlight actually because cyber is mostly used for intelligence, so you want to know what your target is doing, unless you just want to steal money. You know, that's a completely different

category of cyber attack. So like do you have a clear girl, you know what you're like, Okay, money's gone now, Like if a crypto exchange is being hacked or Swift service Brewer is being hacked, but most of the time it is for intelligence and whenever you have access somewhere, you want to make sure you keep your access. So whatever though you use to enter the machines that you've been targeting and where you are like feeling from in terms of intelli agents, you don't want to lose that access.

And that's also one of the big suspicion, Like there is cyber There are cyber attacks happening now, uh partly on both sides, but we don't necessarily see them. In January, there is uh a betar Russian group called the Cyberpartisan. I don't know if you've heard about them, but they are very organized, like they're all like independent, all anonymous, descentralized,

uh like twenty to thirty people. But what they did back in January, when they started to see that Russia started to ship military equipment from better Belarus, they started to target the railway system of Belarrors. And this is pretty interesting and very uh important to notice because so far when you hear about like independent groups, you know can of like radiated like counter attacking or doing something

mostly like shutting down website, changing a website. Here you have an independent group that actually managed to create a dent into like a big enemy to affect their logistics. So by slowing down while by shutting down the railway system, they were able to slow down the transportation of military equipment.

And the second objective, which is like suspected, is also to create a doubt with the enemy in that case, with versia, with the leadership, so to show that the belaration UH allies was not were not necessarily like that reliable, but also on their side once they realized that it actually had been hacked, to create a doubt, saying while if the railway system have been hacked, what Mexa on railway system like immune to such an attack, So they would spend like addition, like a few days or weeks

investigating their own infrastructure postponing like the transportation of military equipment and assets. That's interesting, UM, I want to ask more about retaliatory UM hacking, but before we do, I just want to go back to something you said about exploits.

How is there a marketplace for exploits, Like how are these things actually sold or dealt I just have this vision in my head of like a guy with a briefcase in a hotel room opening it up, and there's like different exploits in the briefcase, but obviously it wouldn't happen like that. It depends not like if Nicolas Cadge was like selling exploits. You know, I'm sure it would like this, But in some cases you have to keep in mind that some of the transactions don't sell you

want to be like traced. So using cash actually would make sense. Uh. Using payment of a cryptocurrency would make sense. Using wire transfer, that would make sense. As long as there is a transaction for something, you know, like everything you can imagine does make sense, right. Uh. So like that image you have in mind, Um, I'm sure it happened in some scenarios, but we're getting like outside of what the transaction might look like, what the marketplace may

look like. Obviously it's not like a Fiber or like a Facebook marketplace where you're just selecting what you want. So you have companies that are brokers doing this. Some of them, you know, like are quite public in the US or in Australia. Uh. Usually they would work with their own government in the case of each government is going to have different stories, like in the case of for instance, like China, like there's um a competition that was organized like few years back called the Chan Food

Cup where um as part of the competition. They were saying, Okay, like if security researchers like find a bug, you know, like we're gonna reported to vendors, et cetera. But one of the exploits was actually linked to another exploit very similar that was used against the wigos Ah. So regarding like all people by exploits, you know, like there's a demand that's higher than the supply in that scenario. So most of the time, and the buyers are always the same.

You know, it's gonna be like governments like either like NEATO members or like you know, like China, like like Russia, et cetera. So most of the man governments which just like buy those exploits. I'm sure there were some researchers like Internity, uh finding their own bugs and writing their own exploits. Um, but yeah, like you have a bunch

of bookers like in the front countries. So I don't want to get sidetracked on this too much, but I do want to ask one question because you mentioned the use of crypto for payments, and of course there seems you know, the two sides of this question take out very maximalist viewpoints and don't really trust either. So you have government saying crypto is just used for money laundering and crime and stuff like that, and that seems to

be an exaggeration, to say the least. And then you have this sort of crypto defenders who go to the extreme and say, no, there's crypto is terrible for any of this stuff because you can see it on the blockchain, and so don't point at us as someone who is sort of watching this. Where do you come on this question and how do people in the hacker community think

about the advantages or disadvantages of using crypto for transactions? Well, it depends for what in de case of ransomwhere which is a malaware that's going to infect machines, encrypt files and ask for like a ransom in exchange of decrypting

the files. Usually those transactions opening happening of a crypto uh like in that specific scenario for ends somewhere like crypto currencies literally like created the whole new market for like criminal hikers, uh like, because otherwise, like if crypto was not around, you know, like you not see like ransomwhere you know you can just you cannot ask for a payment over wh transfer or uh, you know, like

all of the paper. Although like in some attacks you know, for like phishing emails, you know when they change invoices, you know they put a fact bank account, you still end up doing like a wire transparentlarge amount of money are being transferred. But if that would be the case, no following enforcement, it's much easier to actually like trace who is behind it and to find okay, like that attacker was there, to like the people who pen the account, okay,

the mules, and then to like trades back efficiently. Um, we're getting like cryptocurrency in the context of Ukraine and Russia, Like there's very uh, Like there's a bunch of intern interesting things happening. For instance, like the money that the Ukrainian government has been raising over crypto, Like a bunch of like uh, like the founder of Ethereum donati, the founder of like Solna Donati, the founder of pol donated and they managed to like buy equipment with it and

the ex cetera. Uh. They're also talking about launching their own n FT campaign, you know, like an ex change for like people, etcetera. So they're like uh using like

crypto in a way. Uh that makes sense for like financial transactions, but my personal opinion also it's also like what we're witnessing is obviously there is an actual conventional war where people are being killed in in in that sense, but on the other side, Ukraine has been doing very well in terms of like fighting uh disinformation, which is like uh like widely used by the Russian government, like when they're spending spreading fact news about like Ukrainian soldiers

a like being defeated to kind of like reducing like the mole of the troops. Uh. Instead, what we see is Ukraine uh promoting like news of like oh like look at those farmers I've been stealing a tank with their attractor and they're sharing videos that are going viral and we see them, Oh, we're using crypto to raise money like a people from the internet, like we need your support. Oh, we're also gonna do an n f

T you know, like uh support Ukraine n FT. So I think it's sorts of part of the response to Russian attacks, but not only from like the actual cyber attack point of view, but also like from a disinformation point of view, because if you keep the news like positive around it and people engage people on your side while uh, sanctions are happening on your enemy. That's very efficient, and I think that's like the way where Ukraine has been very innovative in how to use crypto since the

burgaining of the invasion UM. I want to go back to Russia and Ukraine specifically. So you know, you mentioned the one group UM and its attacks on Belarusian railways. What are the options for retaliation from UM, you know, either the West or from independent groups who want to create trouble for Russia. Uh. Well, in the case of like what's happening with yes that so we have the German government saying, okay, like we we think we've been

a victim of cyber collectoral damage from the conflict. So they recognized they have been a victim from that. I guess we're gonna see like the response to it reading that. I'm sure a lot of NETO countries also like radiating

uh in private, not necessarily like communicating about it. That's all I was saying, a lot of the things we're probably gonna like see more, you know, like in a few years actually, And actually I'm glad that podcast is that being like a few weeks after the invasion because it also give us some time to kind of what what was happening and staff the speculating of like Okay, we're gonna go in full on like cyber war, are like all the countries you know in Europe gonna have

like the electricity being shut down for like days you know, so far that's not the case. And regarding the response from the governments, so they are like a few aspects to it, I think a lot of government so far also realizing that they have been over estimating the capabilities of Russia. Uh. And that's not necessarily like only from a cyber point of view, because like I was saying at the beginning, there is what we can see now is like the poor planning and the logistics since the

beginning of the invasion from Russia. In terms of cyber yes, more can be done from both sides, but like I was saying, most of it is for intelligence. At the beginning of instance, the satellites that we act you know, was mostly to uh disrupt the military infrastructure. But as we see now, like two weeks later, the military military infrastructure of Ukraine is still like functioning like probably efficiently.

So if they could have done it, they probably would have done it by now instead of just like dragging the you know, like in the conflict like longer. Ah. But yeah, in terms of response from like NETO and in general for like cyber attacks, you know, I think we're gonna see a lot of like policy being changed over like the next months, you know, probably like new bills being passed, you know, not that it's becoming one of the priority for governments in the probably some cases

you know that they don't listen to before. But I would not expect much interm like traditional response, like you know, I think it's just like response in the sense of like, Okay, there is a war happening potentially like a world war, like are we going to respond, And it's probably gonna be like more sanctions like what we are witnessing now.

Those are like part of the actual response. Uh. And it also implies you know, like if they obviously like hack need to governments, so that maybe like like we have seen like Russia being disconnected from swift, then some tech companies you know, like um like Apple and Microsoft not sending their softwares anymore at the month is still unclear if software updates are still going to be like deployed uh in Russia, because if they are not deploid,

it means they will not have access to security updates. Also, so so far they're just talking about like payments and selling uh so like a steam you know, like a video game company, was like that Microsoft Apple, you know, like like stop providing access to the app store. Um. But those are like the response to us seeing so far like swift uh mostly like sanctions either by governments or like major tech companies. You know, we talked about

Russian hacking teams mentioned North Korea, China. Is it safe to assume that anything that's being done by those countries that US and NATO government have the equivalent teams and capabilities. Oh yeah, definitely. I mean one of the big release from these shadow workers was to show the capabilities of the US government. Uh. And some of that was also like including you know, like targets from the US government.

Same thing when Snowdon released some of the documents. We also soo some of the targets from the US government, including European like telco companies or though they are allies, there are not enemies. Spies are just continuing to spy. You know. It's just like spying stuff everywhere, So that that actually it leads to one a question that's been on the back of my mind this whole conversation. The

spies are always going to be spies? Is it worth thinking of cyber warfare as a sort of discreet um event? And so of course when we think of conventional warfare, there's often a start, there's an invasion, maybe there's a ceasefire hopefully at some point soon. Uh, the war ends is is cyber warfare an event or is it just a is it an occurring sort of ongoing, persistent element of the interaction between nations these days that doesn't have any sort of like starter end I would I would

say it's a component of wall. So that's why I had the beginning was talking about, like I bread wall. There's this like a convention on the wall, and uh, mostly it is used here for intelligence gathering or to

collect information on troops, enemies capabilities. Uh, it may be used for disruption like we've seen with the satellite h like a few weeks ago of the cyberpartisan in January, but in that case working as an independent, independent group because the goal is like to protect the Belarus and

the democracy. Uh So it may have some strategic of the objectives, like in the case of like the railway system in Belarush, but it may also just be like intelligence, and I think here it is mostly used for intelligence

for disruption. It does not make that merch sense once you enter in a kinetic mode because if you can just if you have soldiers like physically present in the country, you can just shut down like cell phone towers, you can engage in electronic warfare, you can start jamming, you know, like whatever like ways of communication there is, so you don't necessarily need to use like cyber. Um. Cyber makes sense before the kinetic like war happening, because you're gonna

collect information. You may do some light disruption, but at some point, like once the war is starting, you becomes more of a conventional war where well you need the winner and a loser, you need an agreement or you have like a ceasefire um, and then cyber just like uh you know, kind of like this background element depending if you include you know, like disinformation, propanganda and misinformation

as part of cyber or not. Because as we can see now on social media, a bit like when the Arab Spring was happening when a lot of people were like sharing information on Twitter. Uh. Now we can see people sharing a lot of information on Facebook, Instagram, Twitter around the war, not like the donation and like the stories, not like the stories that I was saying about the tanks being stolen and being shared going viral. Uh. That's

part of the information warfare. And that's a very new component because like things like TikTok didn't use in the past. And know that having also like their role within this information warfare, does that mean that those of us sitting in the US or Europe, we don't need to be worrying about, you know, an attack on critical infrastructure that suddenly um takes away our electricity or empties out our bank accounts or something like that. Uh. Yeah, No, I

would not be worried about it. Uh. And even if we would happen, you know, I'm sure, like you know, electricity would be done for like a very short paiod of time because the process in place on all the recover like system just like if something is faulty, especially for like critical infrastructure, so I would not really worry. UM. One of the big story of getting like critical infrastructure was like the stext Net story, which is more than

ten years old. Now back in Iran when that joint operation between Israel and the US was targetting one of the nuclear central, uh, they kind of just stopped it. And then back then, you know, like some movies like came out was then with Chris Sens Wolf Black Cats. You know, like this is nuclear central that's exploding at the end, except as it's like the Holywood version, but in reality, okay, like it's down. You know, like what

are the guys doing? You know, because they already have like process in place, and if you like the the U S or Europe, you know, like you definitely like a plan for like faulty issues, regardless if it's like

cyber or something that's not working anymore. But yeah, in terms of like money being drained from your account, although you won't have your money like being drained directly, um, but you know, like our low like stock markets are gonna go down now or is it gonna effect like you know, like the inflation, Like we can sit with the ruble now like it's completely crashing, so technically money is not running out of your account, but you know you can do less with your money or like your

like whatever you have is less valuable, you know, So I think that's kind of like one of the side consequences that we would say. Last question for me is what is the skill set of a good hacker? And thinking about Okay, if you're a Russia or any government you're recruiting, what do you look for? What what makes what makes a good hacker? Uh? Well, I just want to clarify I'm not recruiting like hackers for the Russian government, you know, of course, of course, what would they be

looking for or what would any government be looking for? Yeah, or like like like private company needs not because actually most of really good executive researchers I know are just like either independent or working for like tech companies because they tend to pay like the best you work on building cool technologies. And yeah, usually if people are like really good, just like end up doing a lot of research. So you want to work with the very, very best.

And now it's such a it's a film that's moving like so fast that at the end of the day, you know, like you you need to like surround yourself with the best, otherwise like you won't learn like everything, right, So I don't know if there's like you know, like the there is not like equivalent of like word street bet for like hackers per se you know, where like

people are just like sharing like random information around. But in terms of skill set, you know, like I keep reminding people that hacking or being a hacker is a skill set first. You know, it's not an ethical or political position that comes like secondary. It's like if you're a lawyer, you know, like you don't ask him if it's like ethical and ethical. And we've seen in the past with like Panama papers and all those things. You know, like you could ask the question as well for like lawyers.

But yeah, most of like good security researchers or hackers know, um they all have different background, different skills set because it can go from physical security to radio frequency to like software security, hardware security, film more security, like open source intelligence. You know, we see more and more people even like groups you know, like a building cats, you know, like that tracking a lot of the military activity or

from online resources you know, like different groups. Uh that's you know, like those are like all like different fields that come from like information security. Um. So I mean like yeah, everyone who is curious you know and like likes to put the time into the research is A is A. He's a good haicker. You know, I've seen like journists were like really good at doing their research, you know, exit like sometimes they have more knowledge and

more skills than some of actual professionals. So it's really something that's very uh across like multiple disciplines. M H. Well, Matt, I think that's a good place to leave it. Thank you so much for coming on all thoughts and spending time with us to explain hacking and what it could actually look like in those contexts. Thank you, Thank you

so Joe. I really enjoyed that conversation. I don't think we talked about it, but the Shadow Brokers actually called Matt a fun guy at one point, um, and he is a very fun guy. He's really good at explaining some of the more technical aspects of this. But I thought his aiming of cyber as a component of conventional warfare, I mean that seems right at least so far, Like, given what we've seen so far, I think that's right

or two or let's put it this way. I think I found that to be really helpful because when I think of you know, when you think of cyber attacks. I think we oft have to have these very dramatic visions of some big grid being taken down, and obviously that's possible, and you you mentioned examples, You mentioned the example of the Belarusian real ray of the Ukrainian grid, But that more the more common impulse is intelligence gathering, and that's that's the big thing. Collecting data is sort

of a useful way of thinking thinking about its role. Yeah. And the other thing that it's sort of coalesced for me was the idea of a lot of governments happened tolerating these attacks for a long time. Um. And this seems like a crunch point at least when it comes

to Russia. Right, Like I was reading, Goldman Sacks put out a note right before we came on to record this talking about cyber warfare, and they had a statin there something like six of state sponsored cyber attacks are thought to have come from Russia, which seems extreme, but

for some reason, no one really did anything about it. Yes, there were some sanctions in place, but now we've seen, um, you know, a very dramatic form of sanctions rolled out, and it seems doubtful that that kind of behavior is going to be tolerated going forward. Yeah, and but on the other hand, it's so nimbulous, it's so difficult to

know what we're going to do about it. And the point, you know, as as Matt was saying, at texts that are happening right now, of which they're certainly going on, we'll be talking about in three or four years perhaps that we learn about them, and how how difficult it is to know often when you're being hacked or what the scope of the damage is that in in that

element very different. I think hu's the word, you know, maybe I don't know if used the word metrics, but this idea we have metrics to measure the devastation of conventional warfare. We don't have and it seems very implausible that we would have anytime soon sort of equivalent metrics for cyber warfare. Yeah, it seems like it. All right, Well, shall we leave it there. Let's leave it there, all right. This has been another episode of the All Thoughts podcast.

I'm Tracy Alloway. You can follow me on Twitter at Tracy Alloway and I'm Joe wi Isn't Though. You can follow me on Twitter at the Stalwart. This episode was produced by Magnus Hendrickson, who is smartly not on Twitter. Follow the Bloomberg head of podcast, Francesco Leavi at Francesco Today, and check out all of our podcasts at Bloomberg under the handle at podcasts. Thanks for listening to year to