Thinking Sideways: GhostNet

because it's gonna be cool. And as a special offer to our listeners, if you go to crime con dot com and enter the promo code sideways twenty, you'll get off your admission crime con dot com and sideways twenty Thinking Sideways. I'll group the ideas, I don't know, stories of things, we synthie don't know the answer tube. Hey guys, welcome to another episode of Thinking Sideways, the podcast I

Am Devon, joined this week by Joe and Steve. This week Okay, special episodes, Special episode starring uh, Steve and Joe. I just want to know who the other two guys are, because really, he's spreading crumbs all over my chair. It's really annoying. From that ham sandwich, I think faster. I kind of suspect we're being transitioned out, dude. Yeah, well, hello retirement. This week we're going to talk about a mystery that's going to make half of you really happy

and half of you turn off immediately. Um. And that's an internet mystery, because everybody loves a mystery that's in the tubes. I like them. I think they're super interesting. Some of our listeners like them, but it turns out a lot of our listeners hate them, and that's why we're like not top rated in true crime. But I should say this before you turn it off. There is

a little international intrigue involved. There's some spice stuff going on, maybe German warfare, possible state actors involved or possibly not. You know it doesn't it does a computer virus counters term warfare? Yeah, I guess. I mean if Beatles do, I guess you know why not? Right? All right? This week we're going to talk about ghost net, which is also yousing wa in Chinese, but we're going to call it ghost net better not saying that a bunch of

times ghost I like it. It sounds like a movie ready jump from the Lady at the top of the stairs that is only seen like once a year. Ghost kind of ghost, yes, kind of ghost. Fishing with a net failed bad joke, yes, pretty bad. All right, I'll get out of the way alright. In two thousand nine, researchers from the Universe, City of Toronto's Monk Center and

the Cambridge University. From here on out, we're going to refer to them as the info Wars Monitor concluded a tenish month joint investigation that was requested by a representative of the o h Hdlice of Office of His Holiness the Dalai lama Um. And this this meeting took place, The request took place in Geneva, which is a safe

space for for some people. The investigation under uncovered one of the most widespread hack hacks in history, perhaps the most widespread hack in history, certainly, I would say the most widespread hack that we're aware of. That that we're aware of, which means it was yeah, and that just means that it wasn't the best hack but computer and at least a hundred and three countries, yes you heard me right, one hundred and three countries were affected, and

researchers think that it was almost individual hope. In general, it is believed that China was the perpetrator of this attack, but no one can be certain, and I have my doubts, which is why I thought this would be a good mystery. And these computers mostly belonged to embassies governmental ministries, and then almost all of the Dali Lama's exile centers were

affected as well. And the thing is um. Even though ghost net was discovered as recently as two thousand eleven, at least one government UM Canada has uncovered an instance of ghost net, or the bug that is referred to as ghost net. UM. They discovered an instance of that and it was in the Canadian official Finance department. Was

the was where the computer that was infected was discovered. UM. This is, of course, according to an anonymous source, because governments don't readily admit things like this, and the computer was probably a hand me down from the Foreign ministry. Yeah, probably are interested in the Canadian finances. I saw something about. It was like a year or so after all this got done, another one was found in India, and I think another onrustration in Iran. So I mean it's it

keeps popping up. Yeah, despite the fact that and we'll talk about in a little bit, we're going to kind of delve into the wise and house of this um and we'll talk about how why it was so prevalent um and it's because it was a pretty dang good hack. So let's jump in to the first how we're gonna talk about tech. So we're going to talk about tech cool and it's gonna be a little boring. I'm sorry.

I don't think it's boring, but I think a lot of people are gonna thinks I see lots of I see lots of joking, yoke opportunity in the title of this that is the sub end. Yeah, I think the work out well. So first we're going to talk about Trojans. And for those of you who don't know, trojans are giant horses that once roamed the land before shedding their physical form and evolving into an internet based life form.

You left out the soldiers and sidde. Yeah, they reproduced by sending out math emails and hoping that some duddy dummy will download them, thus giving them access to anything that the computers attached to and becoming mini Trojan's. Yeah, that's how that works, right, that's what they are, not exactly. It's a cute description, but it's actually not the worst description. I will agree with that. So everybody knows, you know, what a trojan horses, right, I would hope. And so

basically this is just a trojan. Virus is a delivery system, so that it's it's like a little hitt now like the horse, you know, you know, you let it into your city and then you just go to bed and then overnight it's bits how some soldiers you know, kind of like that. It's computer. It's bits out a little

line of code that builds itself like a virus. And so this can be this can install trojans can install anything from like small bits of spyware, two key logging tech, two bugs that will totally completely take over your computer. And in our case, the trojan known as ghost rat and yes that is a zero instead of an oh. Ghost rat and the ghost Rat allowed hackers to gain total and real time control of any computer running Windows.

It only infected Windows computers, which is you know, was one of the original selling points of max is that they don't get infected. But that's unfortunately, Yeah, ghost Rat could even utilize UM computers as surveillance machines by clandestinely turning on the audio recorders and the cameras and camera. Yeah. Well, and they could record both of those things, you know, remotely or whatever. But basically, yeah, they would just turn on the camera and the mic and be able to

totally surveil a room, any room that the computer is in. UM. And that's one of the origins of you know, people like me, even though I have MAC put little pieces of tape over their camera because you can turn the camera on without the little light showing that the cameras on being on, and then somebody surveilling you. If you watch the TV show Black Mirror, season three, episode three goes right down exactly what you're talking about in terms

of gathering information and using it against people. I was going to say that if you watched Mr Robot, it's like the first freaking episode has an instance of this, and in that case, that hacker was gathering surveillance information to blackmail people like they were gathering out with pictures or somebody from blackmail somebody. UM. But there are obviously

larger implications and uses for surveying just survey. Yeah, that's what there's one of the new smart TVs that has you know, you can talk to it, Panasonic whatever do this, and people have figured out how to hack those so that they're just it's a it's a listening device. So that was one of the things with connects to because they's always recording. I don't want to think about I just can't wait for this in the future courtroom drama

where Alexis brought in as a witness. Absolutely didn't just happen, ye, did it? Apple? Well? Yeah, no, Actually I'm talking about Alexa actually sitting in the witness box, you know. But I think I but this kind of stuff, you know, we have we've all heard of the Internet of things. You get you connect your fridge and your TV and your microwave and your toaster to the Internet, and then

you can control it from your smartphone. And it turns out that's a really bad thing because this security and the encryption on those devices turns out it's really really bad because initially everybody was like, who's gonna hack your fridge? Except we've seen those instances where there's the nanny cam and the teddy Bear that you can use your smartphone with and then somebody walks in the room and the

bear is talking and rush into the baby. I mean, like it's totally a thing because they just seemed so innocuous, these little devices. I'm not a big believer in the Internet of Things personally. Oh no, Internet of things is dumb. Yeah, I disagree. I like the Internet of Things. I think that there's some improvements that can be made, certainly, but I think that that's just part of you know, new way of technology implementation. But but just another fun thing

in the news. It was in a just a week or two ago, the cops bust to the guy with the pacemaker because he was making his big alibi was there was a fire and he was like, you know, like struggling to escape from the fire or something. I can't remember exactly what it was, but they managed to download download information from his pacemaker, the pacemaker's record. The pacemaker basically said, no, this guy's heart wasn't beating fast at all. Oh my god, and yeah he was busted

and crazy. Yeah. So yeah, all these digital devices there, they're recording the crap out of your life. Yeah. Okay, So anyway, long story short, that's why you should put tape over your camera and don't say anything sensed eve around your computer because it's listening all the time. I don't have mine on. My camera's always exposed. I say all kinds of things to my computer. I know. And

that's why people secretly have pictures of us. They have even better pictures to Steve so ghost rat back to the story, was a specific kind of trojan, and it is most often referred to as an APT or an

advanced persistent threat. Often trojans will be sent out just kind of you know, like those emails from Thenigerian Prince just just yeah, really, just as many people as they can possibly send them to on the hope that a couple of people will be real dumb and infect their computer and then they go for heavy payload real quick, and then um they get eradicated from the computer. But

the hackers already have what they wanted. Oftentimes, as we were talking about with you know, trying to get information that you could blackmail somebody with, or you know, any financial records or just passwords or things like that. UM apt s, however, are pretty much the opposite of that. Um They're usually targeted at one organization, be it a corporation or government or ministry or something like that, and they usually have inside intel on how to get into

the system. Pretty frequently apt s are executed with um like old school espionage skills, stick in a USB, stick in a computer, well, more like social engineering to get to the point where that guy can stick that USB stick in to a computer or even you know, so that they know social engineering. You mean what Okay, so social engineering is a term that generally refers to the old school manipulation of people. Yeah, basically, yeah, but I

know what social engineering used to be called. But in like special social engineering you're talking about, Actually it's still the same thing, okay, Yeah, where you know, you try you convince people to do things that they shouldn't necessarily do by talking to them in person. I mean, you know, it's similar to you know, you can call somebody and and start a conversation with them and get information out of them by pretending like you know what you're talking about.

You know, little things like that, Or you can dress up like a janitor and pretend like you're supposed to be in that corporate office and walk around and nine times that attend, nobody's going to be like, hey, excuse me, you're not the weal, guy, what are you doing here? They're just going to ignore you, and you're going to get away with doing a lot of research or intel work or you know again sticking a USB in a

place that doesn't exist or it shouldn't exist. I mean, and this is the other thing, right, is that let's a lot of places say you should never put like a used to b C d s or floppy disks or anything like that that you don't know what it's on it, don't put it in your computer because that used to be a pretty standard delivery system for these little bugs, because it would just install into your computer and then all of a sudden, you've infected every People

would go to Starbucks and leave a flash drive and some somebody would like, oh, who's flash dry? I don't know, Well, let's see what's on it. Maybe I can find out who belongs to. So they did a study of some university recently where they left a bunch of the flash drives just laying around campus and uh and if you downloaded, you've got instructions on just bring it back to this department. They found that like half the people that pick these

things up stuck them into their computers. Yeah, yeah, unbelievable. Yeah. Well, and that's where the kind of social engineering thing can can come in handy rate is if you call if you have a target, a high value target, you know, right, is like the CEO of a company who has proven to be maybe not as tech savvy as they should be, and you know, yeah CEO of Sideways Co. And you

want to somehow infect that person's computer. Well, you can go through the arduous process of trying to figure out if there's a backdoor exploit tech wise where you can you know, get into the pack of the mainframe, you know, blah blah blah, or or even easier, right, you can call his secretary and say, I am supposed to be

in this meeting with him. I'm so sorry, Or my supervisor is supposed to be in my meet in this meeting with your CEO and he's running late, and I just need to know, like where they're meeting, please can you tell me? And the secretary will take pity on you if you tried enough times, and you'll and she'll say, oh,

they're meeting at the Starbucks. You'll go leave a flash drive where he's going to find it, and and that's like an old school kind of social engineering technique, right where you you make somebody give pity on you and there you go. But yeah, or you can send a phishing email, which is what we're going to talk about

a little bit. So all of that to say that that's one way that um A pt s are delivered is by social engineering, and the other way is by spending a lot of money or manpower to expose those backdoor vulnerabilities that exist in all systems, and not necessarily backdoor, but vulnerabilities that exist in like every single system. There's always some way that a system is a little messed up.

It's not cheap route typically because on the dark web you can buy a lot of different bits of script and code or full on assault packages for systems, but that's not a cheap endeavor. Yeah, it sounds like from the research that I have been doing just around this project,

not for my own anything, don't worry. Um it sounds like there are a lot of people who make a lot of money basically make their living on finding these exploits and not exploiting them and just putting it out there on forums and saying, hey guys, just you know, I have a way to get into this goes to the highest bidder and letting a bidding war happen, and then you know, eventually somebody will say, I will give you three million dollars for that one thing. And the

zero vulnerabilities. Yeah, zero dave vulnerabilities is the technical term that I've been avoiding because I don't I don't know, because I don't know how many people are going to know it. Um And yeah, it's it's a lot of manpower or a lot of money to go that route. It's much easier just call somebody secretarian you know, and fishing you know. Um. So yeah, the all of that to say again that a p t S are typically

very well financed. It is a long term investment because the goal is to surveil for a very long amount of time. It's not to it's it's really quantity and quality over just like sheer volume extracting volume. All I mean, correct me if I'm wrong. This is the way I understood a pt S, and tell me if I'm wrong. Here is I looked at it is is there's two

types of ways to to rob a bank. There's the smash and grab, where you go in you grab as much as you can, and you run and whatever you get, you get or your bank employee, and you just start funneling funds and embezzling a thousand dollars a day and do it for as long as you can, because chances are you're not going to get noticed and you're gonna get more long term, I would I would add it's more like it's a subtler approach. It's more like somebody getting a job out of bank to funnel five bucks

a day. Yeah, I mean a little tiny amount. I mean like even just like dropping a roll of coins into your purse every day for six or seven years before you get caught, and then obviously like not spending any money. So by the end of your process, you you have a ton of money. You have a huge value there. So that that's a really good analogy. Yeah, okay, you have to have a lot of coins to make

it worth it. Remember all the quarters is ten bucks. Yeah, so ten bucks a day for seven years, eight years, that's what three thousand dollars a year as auxiliary income. I don't know, that's like three thousand bucks a months, right, My math skills are hideous six a year, Yeah, that's right. Right, because ten all a day. Okay, never mind, that's more than I thought. Yeah, okay, it was like it's only three grand years. That's yeah. Yeah, it's not enough to

retire it. It's not nothing, especially as auxiliary income. Right. Yeah, So this is kind of vague, and we've kind of like gone in a bunch of different directions. But that's because a pt s are pretty vague in nature, and the way that they're deployed is oftentimes very different. Again, because you don't want to be detected. Well let's say, yeah, it's like an espionage you know, it's like you don't want to protect your sources. You don't want people to

know that they've actually been penetrated. So you know, you don't just when you get something and you get some information, you don't just run out and act on it because it tells the other side that, well, compromise. And I would encourage our listeners to remember the thing that Joe just said when we get into theories. That occurred to me too, because I've read ahead a little bit too. Yeah,

that's good. I'm glad that you've read. Um. So, there is a fifty three page report that was put out by INFO War Monitor by Professor Ron Deep who's the director at the Citizen Lab at the Monk Center for International Studies at the University of Toronto, and Raffael Rojozinski, I think, who's the principal and CEO at the SECTV Group. I read all fifty three pages of this and let

me tell you, it was not easy reading. Read myself good and I really deeply encourage if this is a mystery that grabs you, you should read this whole report because it's really interesting. But if you are just enjoying listening to the sound of my voice, don't. I wouldn't encourage you to read it. We will link it on the website. I just played this episode over and over

and over again. Yeah. Um, so the next little bit here we're gonna do is basically like a too long didn't read of the fifty three pages of the report, because I think it's important that we talked about the report and the investigation that happened. The investigation took place

in two parts. One the first part from June to November in two thousand eight, um, and then the second part was December two thousand eight to March two thousand nine, and again as I mentioned the whole you know, pushed to do this was because there was a request from the Office of His Holiness the Dalai Lama. And yes, I am going to say that every single time. I read it that way in my head every time. So I'm glad you gonna keep doing two the other way.

Uh So June to November two tho. The first part was an on site investigation in which investigators took time to figure out what the typical computer and infosecurity practices looked like at the organizations that were infected or that they thought were infected. At this point, they didn't really know how many were well, they didn't know what they were dealing They didn't really know what they were dealing with, but they were trying to identify. Is they're a good

password protocol. Is it possible that somebody just guessed on passwords right that got this information? Is there a different way that this information could be leaking? Is somebody inside the office? Yeah? Or even you know, just things like did somebody lose a computer and I didn't want to admit it, or you know, are you guys not shredding your sensitive document? You know, really just and suspicious things were happening to. Yeah, the organization itself in terms of

reactions and preemptive reactions and stuff. Yeah, we're gonna talk about that in a second, but them to ask for the help. Yeah. But basically what the investigators or researchers were trying to do at the get go was what they used to do on ghost Hunters, right where when they would like film something suspicious and they'd be like, all right, how can we recreate this with like normal environments? And then when they couldn't, they said, okay, there's a

ghost here. Or in our case, when they couldn't account for, you know, the leaks that were happening, they said, computer okay, it was the computer. Okay, something is wrong with your computers. This part of the investigation was again primarily carried out in the Tibetan government in exile, so at the office of His Holiness the Dali lama Um. Since he hadn't requested the investigation or his office had requested the investigation, they were pretty sure that there was something going on there.

From their investigators designed their investigation this post November December. They did intense on site interviews again to see if there were any other reasons for leaks? Did you use your computer to just tell us you probably look at people's bank accounts? Probably did they take a close look at the d L himself. That's what I'm wondering. What was Yeah maybe, yeah, I somehow suspect not but maybe

interrogation so um okay. And then also from December two eight till March two nine, investigators analyze the information that had been gathered in the first phase UM and they found some interesting stuff. Again, I'm not going to go into great detail because I don't feel like I need to talk for another hour, but I will say you

should read the report. It's all in there. Basically, they were able to curate a list of systems that were infected and with the with with ghost rapt and UH, they were trying to see if they could figure out who was perpetuating the attack. They were able to find out that seventy of the servers from which the attack

was being sent were hosted in China. However, yeah, that sounds right mostly, but yeah, primarily the China servers were in chained, do I Primarily That doesn't necessarily mean that China was involved or the government of China was involved. Because you know, servers in like South Carolina were also involved um as well as Sweden, South Korea, and Taiwan.

Most of these servers were set up on what's called a dynamic domain name system, which is dynamic DNS or d d NS C d n S, which Joe is going to talk about a little bit so that you can drink some water given to give devon or break here and yeah, not much to talk about really, it's really simple. I mean the main name services where there's you got the name of your website dub dub dub

Devin dot com. But then you've got the actual IP address, which is some numbers with dots in between them, usually like three and then three and three and then three two yeah or two or whatever. But yeah, and then but since i P addresses are not necessarily permanent, it used to be in the old days, it was kind of a manually updated system, and then they had to

go something a little more automated. And now you've got this system that's really flexible called dynamic don domain name services, where uh so you plug a device into your network at home and that's connected to your router so that that device, like say it's a webcam is going to have an IP address, right, and so well what do

you do? You got to set it up and you know and like send an email to the Domain Name Service guys and say, hey, would you recognize my IP camera and sign it a name or an IP address? Not not the way it works anymore. So now your device gets in there, you've got software and your router that sends out a ping and that gets and then gets back from a remote server it's IP address, a new IP address, and then your software sends out an

update to a DNS server that updates. They're essentially their catalog, their directory that's got said Devin dot com. And then it's got you know this, that's got this IP address next to it. That's your new IP address them and I presumably if you I guess, if you reboot that thing, you might wind up with a new IP address. And then so it's time for that thing to send out

a new update to the DNS server again. And so there's a lot of that going on right now, a lot of updates being sent to these these dynamics, the DNS services. So essentially the i p s are not nearly as permanent as they were say ten years ago. Would that be a correct a correct interpretation of that. Yeah, although there are some you know, I mean, if you want to, like you know, IBM S website, I'm pretty much going to change pretty much that. I'm sure that's

pretty permanent. Yeah, but for a lot of us who are always you know, getting new devices, changing providers maybe or getting new devices and things and adding on devices and stuff, then yeah, they're just constantly being updated. That way.

It makes it a lot more flexible and fast. So that that that explains something that we've experienced internally, which is one of us will get a new phone or we'll update the OS on our phone, and internally we have an l system that will alert us when somebody knew is there, and that's that's the kind of thing. And if anybody does that, you get that kind of notification. It sounds like, if I'm understanding correctly, it's that very

simple to us. Now, very simple process is just simply that d d S. Yeah, And of course there's a reason you get that that notification is because d DNS has been abused a lot, you know, by hackers and such and so and so. Even though it's a great thing it's very convenient, handy. It can be used to like cover your tracks, for example, and then redirect people to a server they don't even know that they're going to. And so yeah, it's a it can be used for

sneaky purposes even though it's a very handy tool. And so that is why it is suspicious that all of these servers were d D and asked particularly what ten years ago relatively new um, But it's not necessarily suspicious. That makes sense. Yeah, and to me, yeah, now finally, and the main target for this heck does seem to be the office of His holiness, the Dali lama Um. This is his personal office location. Well, there are a

government in exile, but it's not his governmental office. It's his personal office, like the person who says, like, here's your coffee, Do you need me to go buy you new underwear? Like whatever? I mean. It's not like there's

huge secrets following through his home office. And that's probably some interesting conversations going on in there there maybe, but the payload would be much more if they were to go through like the government or the government extile office for instance, But we don't know that necessarily, and they're not also doing that, I would think they would be. So we are. We're getting ahead of ourselves in terms

of where else could it be. But yeah, exactly, so, yeah, we'll get there and serious, I guess, And I think that's really the right place to talk about that. UM, So let's talk about the social engineering component of this. It turns out this is not actually the first investigation that info War Monitor, or at least people associated with the Infowar Monitor UM had aided with. In regards to

the Office of His Holiness the Dalai Lama. In September of two thousand two, Tibetan groups said that they were targets of malware UM from China. They specified it was from China. They said there was an attempt to spare on their networks and otherwise disrupt their work, and they were pretty much just brushed off. There wasn't like a

very intense investigation. And then in two thousand five, one of the people who was deeply involved in the two thousand eight nine investigation team decided to start archiving malware, specifically specifically the malware attacks on the Tibetan organizations and try to UM kind of assess their pay load like what these malicious attacks were getting, so that actually was very helpful in kind of tracking what might be new and what what kind of things were happening UM and

how people were gaining access to the Office of His Holiness the Dalai Lama. In early two thousand and eight during the Beijing Olympics, this researcher that we were just talking about was able to gain access to a control server and then trace to the Office of His Holiness the Dali Llama through the control server of the malware UM.

And like, just to clarify because people may not understand, the control server is the server that the trojan, horse, virus, malware, whatever we want to call it in the computer that's infected is reporting to it's that's the control servers and what it's squirting data too, Is that right? Yeah? Or is the one that's controlling or making it, you know, dance a fancy jig if that's what they tell it

to do. Basically, I don't think it necessarily scores. It's if it's sending data out and they can sent it to anywhere really all kinds of other places, but it's the one that's telling it where to score the datah. Yeah, it's just giving it orders yet. Okay, yes, so it's the captain of this silly little robotic ship that we're on. Yeah, and that's assuming that it really is a control server

and not some innocent computer that's been hijacked temporarily. Yeah, that's so complicated trying to figure out these Internet things. It is, it really is. UM. And so from this historic kind of archiving of attacks and and successful malware installations in you know, in the Tibetan government, Um, the investigators were able to ascertain that the trojan emails that were being sent out because that that was the chosen method of getting malware onto computers for his the office

of His Holiness, the Dalai Lama. And they were getting more and more sophisticated. You know. They started out by being like, hey, open this attachment and then came to this thing that I have a screenshot of here, um, which was how ghost rat came. It was one of the emails that came ghost rat. So it came from quote unquote campaigns at free Tibet dot com, which is an actual email address that was actually like utilized for free Tibet, which would have actually had contact with people

in the Office of His Holiness the Dalai Lama. So I mean, like, by all intents and purposes, totally legit, right, it would have been almost impossible to tell that it wasn't from this actual campaign. And I say all of this to say that it's totally reasonable that they got infected because it was just like it would have been impossible to tell. In fact, only eleven of thirty four tested malware and anti virus softwares were able to detect

ghost rat. It was that deeply embedded in the little as a trojan that I mean even most of the software able to detect it or designed to detect it were they were unable to do that, which is crazy. It was it was sophisticated enough. It's super sophisticated. It was a clever little rat. You know, rats are good

at hiding a little crevices, they are. Yeah. So this email, um, I just put in here so we can look at I'm just going to quickly describe this email just so for you guys to be able to kind of visualize what it would have looked like. It says it's from campaigns at freed to bet dot org, not calm sorry. Um. The subject is translation of Freedom Moment Movement I D

Book for Tibetans and Exile. And then it has basically what is a format for a letter that's in the body, and then it says attachment it's the same thing dot doc, which would lead one to believe that, you know, here's here's our English translation of this resource for you to be using as a template. Right, here's what it looks like in the body, and attached is a document that you can edit because it's got places where you would need to say, like this my name not you know,

insert your name here. Right. That's I mean, that's a pretty high level of sophistication. I would fall for it, to be totally honest with you, So, I mean, yeah, I would fall for this, and I think you guys probably would. If I actually read by emails, I would yeah, And I know you don't, ye. So, um, you guys ready for theories? I am cool. Well, we'll talk about theories in a minute. It's everybody's favorite thing to hear me say. Um. First, let's take a quick break. Add

that brown thing and the yellow thing. Now, put in the squishy red thing, pour in the smelly white liquid, stand there and wait for a bit. Now quickly cut up the orange thing, another brown thing, and the sticky green thing and the other green thing, and mess them all together until they're unrecognizable. Oh and purry back over there, because you're a red thing is smoking, which isn't a good sign. Now take it all and dump it into a pan and push it into the oven. Whatever you do,

don't forget to set the timer this time. Remember how much smoke there was in the house last time you forgot. And when the timer goes off, pull it out and toss it onto the plates. When asked what it is, just mumble a couple of syllables. When asked what that is, just say French. Is this how it feels when you try to make a meal from scratch? Well it doesn't have to not. All ingredients are created equal, and thankfully,

for less than ten dollars a meal. Blue Apron delivers delicious quality food courtesy of over a hundred and fifty local farms, fisheries, and ranchers across the United States, right to your door. It's no wonder why they are the number one fresh ingredient and recipe delivery service in the country. Some of the meals available in April, which I had and it was fantastic. Was the parmesan crusted chicken and

creamy fettuccini and roasted broccoli. Okay, well I don't actually like broccoli, so I didn't eat that part, but the rest of it was great. So check out this week's menu and get your first three meals free with free shipping by going to blue Apron dot com slash thinking. You'll love how it good, it feels and taste to create incredible home cooked meals with Blue Apron. So don't wait, that's blue Apron dot com slash thinking Blue Apron a better way to cook. So you stop burning things and

we're back. Hi, I'm not looking for that sandwich anymore. Yeah, that other guy ate it now that I know that dive ate it hat. That guy the worst TV is the worst. He's right up there with oh such a thing as new sandwiches do? I think it might be time to move on. Um, So we're gonna do typical Devon fashion. Right, We've got two headings. One is China and one is not China. So let's talk about China first. As in, you mean China is responsible, that's what you

mean by China responsible or China not responsible. I just want to talk about China. Well, okay, let's talk about

the end. Let's talk about the history of China. Yeah. Actually, let's talk about the history of China a little bit, because we don't give us a lot of Actually, well, it is actually a little pertinent to this case, and that I mean, I'm hoping I guess at least that most of you would already know why China might be responsible for an attack of malicious nature on the exile government of Tibet or the office of His Holiness the Dali Lama. But if you don't, let me educate you

a little bit. Well, there's sticks, Yeah, there's the there's bumper stickers, so that's a bigger and there's the flags, which I've seen all over town. Yeah, so that they don Yeah, they're doing it. They're totally working, really working really well. No, Okay, So Tibet and China have been fighting pretty much since like um ever, thirteen sixty eight I think is the date. So it's generally accepted that prior to thirteen sixty eight, Tibet and China were two

different places. And then it's also generally accepted that since nineteen fifty nine with um will help from the CIA and stuff that became a part of the People's Republic of China. Yeah. Yeah, there's a huge debate that happens around this. I would say it's similar to the debate

around the whole Palestine and Israel thing, but generally less bloody. Yeah, exactly, because monks are much less likely to throw bombs accurate, Yes, I mean correct, Yeah, it resistance through peace, yeah yeah, but yeah, but essentially, yeah, the Chinese want that wanted basically to run the place, and so they've been colonizing and moving their population and kind of suppressing the native culture of that. Yeah, that's that's not like colonialism at all,

not at all. So the Dali Lama is pretty central to this, as he is functionally the leader of Tibet. I think we're on our Dali Lama. I'm sorry, I don't think we are as of today's recording. As of today's recording, well, and if and if our current fourteenth Doali Lama is to believe believed, he will probably be the last. But more on that another time. Um. But you know, the government is in exile and they are

not recognized as a government by pretty much any government. Yeah. Uh. And so there's this kind of although it's kind of a David and Goliath thing, right, I mean, there's this giant China who's saying, no, Tibet, you're part of us, and then literally the rest of their world is saying no, no, Tibet, you're part of China, and Tibet's like but no. And so somehow China should be responsible for this attack on

this tiny little thing. That is kind of I mean, there's yeah, so I guess that's that's the reason why, although I don't I don't really buy into that, but I know that, you know, the Chinese, for example, the whole Taiwan is has been going on for many decades, and really, when you think about it, why the hell shouldn't the Taiwan ease go their own way? I know they claimed to be China too, but you know, what the hell they want to They want to live on

their island and then have their gig. Why the hell not. But for some reason, the mainland's very touchy about it, you know. I mean, I but I agree the same with Tbet, but I mean politics aside, it's kind of it's odd to me that somebody would say, there's this giant country that has functionally one debate, right, there is functionally no debate on whether Tibet is its own thing

or not. And yet they are still thinking, Oh, you know what would be fun, Let's infect all of these computers all around the globe just to like see what's going on. I I don't know. So basically powerless organization. Basically it's they're they're going after what is essentially somebody who has no pull anymore. Well, there's some religious pull, but governmental politically, there's very little. I do actually think that the Chinese are keeping an eye on in the

dollar Lama and the government nextile China's paranoid. But so let's talk about some of the evidence that people present to support that China was in charge of these are responsible for these attacks. By the way, I just realized this entire episode is going to get us banned in China. Oh sorry, Chinese listeners, Dan, I already bought my Yeah, I can't do my I can't do my episode about

the Fallen Gong anymore. So, uh, China, it turns out actually acted on some information that was most likely gathered from ghost Rat. The Office of his holiness, the Dalai Lama sent an invitation to a diplomat, and China pretty much immediately contacted said diplomat and said, um, hey, we heard that the Dalai Lama invited you to this thing.

Don't go. And wasn't there an instance where they had internally talked about sending somebody to China and China preemptively denied any possible visa or travel requests or something like that.

And then there was another instance where a woman who was Chinese who was living in Taiwan on wanted to go back and visit her family in China, and when she tried to cross over, some border governmental officials presented her with like year's worth of chat logs of hers and said like, you can't come in here, or you have to stop interacting with people. But that one there was something that they could have gotten, the information could have Yes, that's true, Um, they could have. So actually,

let's just talk about this real quick. Um. One of the researchers that was on the Info War Monitor research team was a white hat hacker. You guys know what a white hat hackers? Good guy. It's somebody who um, a company would pay to expose their zero day vulnerabilities and their back doors and things like that so that they can patch them before black hat hackers can actually

infiltrate ye infiltrate their system. Basically, he's the guy that you pay to come rob your house so he can tell you how he robbed your house so that you off leaving that window open. Oh, it's like that. It takes a criminal show or whatever like that, except for on computers. Would I would like to have been on that show. You know, it's like, Okay, I'm gonna break into his house by driving my car through the wall. That show was so dumb because he would walk up

and like doors and locked. Great. So one of these researchers was a white hat hacker named Nart Villaneus, and he's actually the guy who figured out this other thing that we were just talking about, and that is that China was spying on their citizens with um the Chinese

state sponsored version of Skype. Who would have guessed that, but they were like basically logging every single conversation and chat that was happening through this system and keeping it on file to use against their citizens if they ever needed to. Basically, like what everybody says is like the n s A is doing was actually happening in China.

I'm not surprised me neither. So this guy not. When he was looking at the code for ghost rat and during this investigation, found this string of twenty two characters you know, in the malicious file. And I don't know why, but he literally searched Google for it. But it gets better, literally searched Google for it, and even more mind boggling,

Google actually returned something to him. They actually the search found something, and Google sent him to a group of computers off the coast of China that was unsecured and without a password and basically housed the dashboard that let him control all of the computers that were infected by ghost rat. M hmm, that's interesting. I know I heard about that too, and it does seem like they would secure that it does so they were basically what Nart

did is he gave. He did He left a little piece of bait, Yeah, a little honeypot for the hackers to make sure that what he was viewing was actually what he thought he was viewing. Um, they took the bait and so on March twelve, two nine, he was able to briefly gain control of one of the hackers computers um and he watched a series of commands. Presumably somebody in China was entering rummaging through the files that were left in this honeypot, finding nothing, the hacker disappeared,

but they were able to find this little dashboard. We have a dashboard on our website, right, it's you know, the back end kind of controlling, and the entire dashboard was in Chinese. And you know, they were able to, like I said, manipulate the more than twelve hundred almost computers that were infected by Ghostrat. At that point I was reading about that, I was like, they went to sort of a lengthy trial and error process trying to figure out when all these different things did because it

was all in Chinese. That's kind of surprised. They never just didn't go find somebody who spoke Chinese. But you know, for me, I know, I'm presenting this as evidence for it being China, but that just seems so dang convenient, doesn't it. So they so let me just make sure before because I have some questions and maybe some pros and cons to this theory. But they traced it was through Nort I think is his name. He was the one who figured out that the servers were in chang

Do or wherever it was it was. It was not chind Do, that one. That one was on off the coast. It was on an island off the coast China. But so it was in China, and so they figured that out. But in all of their investigations of this of ghost ghost Raight or ghost net, did were they able to tell what the initial source of the infection was. No, not as far as I can tell, because that I mean, I don't know either. I didn't see any By the

time they found it, it was all over the place. Yeah, And so that I mean, I think the thing of ghost rat is that it it wasn't necessarily how you are You may be thinking of it a different way. You know, on TV, like one computer gets infected and then it gets into the server and infects everything on the servers rats and that makes ghost net right. But the infection on this didn't necessarily spread from single like you know, patient zero to server out to the things

on the server. It may have and I suspect did on many occasions, they were single infection points. I was introduced in a lot of places. I guess I was just trying to figure out if they could catalog what the earliest was, was to try and figure out where it came from, because I don't think they were able to ascertain how long ghost Net had been on any

given unit. Okay, yeah, no, no, that That's what I was after because it makes me wonder if you know, well, could somebody have been leaving a breadcrumb trail back to a dummy server that is in China. So that's where I'm like, well, maybe it isn't actually China's fault. But but then I look at it and the other side is that there's a lot of stuff that happens in China that is done based on societal pressures. Do you remember it's um did you guys ever read the about

the Great Chinese Famine? You know, Mao does this thing. He says, we've got to we've got to do all this stuff, we gotta make all this food, and people, not wanting to look shameful to Mao, overestimate how much they can make, and because they're falling short, that creates this giant famine. And I wonder if the same thing couldn't happen from an informational perspective of the whoever's in charge says, listen, you have to infect you know, a hundred,

let's say just five hundred. Can you get five Oh, we could definitely get eight hundred and get all kinds of information. So they're they're just bombarding all these computers that have no useful information. But the idea is they're being They're telling their superiors we have infected x thousands, and we are monitoring x thousands, and we're getting all this great data, when indeed it turns out they're not really getting anything of note, they're working really hard for it.

Did you see where I'm going with this? Is like it could be a campaign just to look like it's a successful campaign. Well, another another thing that could be is, uh, you know, it could just be sending a message. I mean, given their behavior, if it was a Chinese uh, and given the fact that they essentially kind of established this network that would be great for intelligence gathering, and then it just kind of like blew their own network. Maybe

it was just all about sending a message. It might have been a They got this on a lot of computers in a lot of different places. And then just you know, send a message to Dalai Lama and the government and ext silence says, hey, we can watch everything you do, and you know it's just another bullying technique. Yeah, I mean they do watch officially. Unofficially, I guess actually they do watch a lot of stuff. But I also

think that's too much data to watch. And that's why I just wonder if this is an oddball, off handed campaign to just look like they're watching even more foreign computers. So look, we we can control it, because China has said we're going to go to war on the internet, even though officially they say they don't do that. There's all kinds of reporting, the lots of lots of research

and development on that stuff. Yeah, so it it makes me wonder if maybe it is is just this weirdo thing that is going on, which if it's somebody who doesn't is it very good at it and they're like, well, we've got it, We've got infect as many as we can. They may be not dotting all of their eyes and crossing all of their tease, which means that would explain for me at least why that, um what was it?

The control panel site was not password protected because they were just they were just oblivious to the fact that they could get traced. Well, I mean, I guess a

few counterpoints there, right. One is, um, this, as mentioned, was an incredibly sophisticated trojan horse, and I get like, genuinely cannot imagine the kind of person who can design a trojan horse that is basically undetectable for the majority of the malar softwares out there, but doesn't know, Hey, maybe put a password on your dashboard that control rolls

all of those things. Secondly, they were able to trace back to a lot of servers as mentioned, because they knew where the servers were and all of those were heavily encrypted except for this one, right, And so like for there to have been just this one off just for me seems more suspicious that it isn't than it is. Does that make sense? It doesn't that it isn't China, that it's like a red herring than it is. But but it also makes me think of the October what

is this stupid that website? October one? Thank you could not keep the number straight? Yes, okay, do you remember in the beginning I found in the source code that they were they were reflected from another site for like a couple of days. Is their tester before they loaded it all actually on their server, so I could see it being the same thing, is what we set up this control panel, it was our tester will pick set

later and we'll delete that and remove that. But let's work on this and then you completely space it out. I see that happen with major companies all the time. You know, we set up the dummy log in the test environment, and then we linked to the real environment and forget to kill that link, and so somebody can get in through. I mean, there's all kinds of stuff like that. Yeah, that's fair. Stakes do get made. They do, But I don't think it's trying to I think it's

somebody else. Well that's a big question. I actually don't know who else. I think who is. I just think it's not China because I really, I really think it's

just way too freaking convenient for me. I just think it's too convenient, especially because, as you were saying, right, if your goal is a long standing intelligence gathering operation and you see an invitation go out to this person, you are not going to go to that person and say, hey, by the way that email that literally just came through,

don't accept it. You're gonna just you know, maybe even wait a couple of days, like use some kind of intelligence there where somebody who's competent in that role would do that would wait, Yeah, somebody who's incompetent and doesn't know how to handle that information would react. Or somebody who was handed that information again as a red herring, will react to that information versus somebody who knows the kind of resources that were plugged into getting that information. Right.

But it's also a nice way to cover up another intelligence source. Yeah, if you have actually spies and rats within the organization, then you know you've got this thing here. It's like our guy is close to being unmasked. Okay, well we'll unmask our our computer penetration thing here, which would account for that, and that keeps our guys safe. So that's another way. This is like the whole that's the thing about the whole intelligence business. You know, it

gets complicated, it's very complete. It's entirely possible to well. And this is why I asked earlier as if they were able to determine who was one of the early infections was because it would be very clever to me to infect yourself in one of your non vital computers in the early batches, to make yourself look like a victim. And it's found. Oh my gosh, you know, look at us, We're a victim, just like everybody else. This is so weird. They hacked this oddball computer. Oh look at this, We've

got all this grain inflating everybody. Nobody'll look at us on the way telling the world, Hey, we're important. Obviously we're very important. But if it's the long game, you don't tell anybody. You just keep pulling the information and using what you're gathering, like you're talking about, but nobody looks at you. Investigate. I think Joe suggesting that Tibet infected their own systems to make themselves look more important than they are. See, I don't think. I don't think that.

I don't think that the office of his Holy List of Dalai Lama would do that because it's to me a little counter to what I understand their goals and missions are. But maybe you're right, Maybe it is a last ditch effort to to to buy for attention. I don't know, or there are other reasons, you know, I don't think that they're necessarily behaving like a bunch of

shallow and monks there. And you know, that's the way the world is, you know, sometimes the shortest path that's through the mud, you know, even if you're like, you know, his holdiness of Dalai Lama. So let's just briefly talk about the other people that it has been suggested it could be. One is a uh as you were suggesting, Steve, kind of patriotic hackers who aren't actually state sponsored, but you know, are are hacking on behalf of China for instance, right.

Or Russia. I mean, we see this with a lot of Russia, lots of patriotic hackers in Russia and America as well. Um, and so then the next one would be Russia. I don't know why, but Russia does seem like posters. Maybe that's because maybe it's because I'm American and I've been raised to believe that. But I think pretty much everybody, well, I mean I think everybody. Yeah, and again I don't see the benefit. It's not like Tibet is going to bomb China, right, I mean, there's

not a lot of resources there. But but hey, I mean, maybe they just want to create or foster instability in the area, and that's a pretty good way to do it. But but ghost at is was I mean, what they found in those third less just shy of computers. They were all computers that were in I'm going to use the word network though it's not computer network, but they were in the same kind of political network. They were.

They were embassy computers and stuff like that, right, So they had a reason to be communicating, which means that it's a it's a rather small pool to spread the infection across, but that doesn't mean that that infection hadn't also been dropped in other pools that had different spheres of contact than what the office of His Holiness the Dalai Lama had, because he's gonna have a very small group of people to contact, whereas you know, Billy the manager at kmart is going to have all of the

kmart employees and and regional guys to talk to. You Like, it's spheres of inference. So this thing could be all over and nobody would really know. It might still be all over. It might just be that they didn't want to put it at a seminar into everywhere. It was just the Dalai Lama's office had the crappiest security in the world, and that's became ground zero for the infection. So what's the theory that stems from that? I guess what I'm getting at is, I don't I'm this is

for it's not necessarily China. Is that this this bomb could have been dropped in a whole lot of small ponds and it just happens to be that we founded on this one group computer group that all are connected and have a connection to China because of that. Got it? Okay? Another possibility is the CIA, because again see everything right, they're kind of pot stirs, just like Russia. And then the final kind of idea is UM a stateless for profit group. Although again, you know, if we're gonna go

run with Steve's theory, that makes more sense. But like, yeah, the office of His Holiness, the Dali Lama, Like I don't really get the profit there, But the Dalai Lama's office could have been an accident. Yeah, that's yeah, if we're going to run with that, I mean, it's it's random. Who do I get if I land in Joe's computer and I get all of Joe's contacts and Joe's contact all our jobless schmucks. Well, then I get no valuable information.

But I land in Devon's inbox, and I get on Devon's computer, and Devon's connected to a whole bunch of high level ceo as. Whoo, I just hit the jackpot, baby. Yeah. Well, I mean with the one exception of the sophistication of the phishing emails, right, I mean, that's seriously targeted at the office of His holiness, the Dalai Lama and the Free to Bet Society at large list It is very likely that that email was copied from an email that

some official source connected to the organization sent out. So anybody can get a hold of those kind of emails through the dark. Well, hey, I get these things from Viacom all the time, and I send out emails looking like Viacom or PayPal. We all get those faux PayPal emails. Yeah, but they're not half as sophist kid as these ones are. Actually, I've been getting some really good ones lately. I've seen some really good phishing scams. That's how you're telling us

that all of our money is gone. No, no, no, it is not from the New Gold Teeth that I have in my grill either not at all. Okay, yeah, so, I mean again I don't really see the benefit. But a stateless, kind of for profit hacking group would make sense to me. I don't really see it either. I mean, what would they be doing. They could steal their data and then ransom, which happens occasionally system and ransom, and they haven't done that. So yeah, I don't know where

exactly where the profit comes down. I mean, although again, you know, the fact that these servers are kind of all over the world does speak to the fact that it could be a you know, a vast reaching organization of people. But again, why so, I well, I don't think it's China. I don't know who I think it is. I'm gonna go with Russia because this Mirka and I have to blame everything on the Russians. There you go.

It's awfully hard to tell me. Right now, we've got the big, you know, the so called Russian hacking scandal right here in America, and it's probably entirely bogus. I mean, there's no it's hard to say because it was just this revelation the CIA has techniques and software that allow them to do all kinds of hacking and leave Russian fingerprints behind and the little traces that looked like it

might have been the Ruskies. Uh, it's it's hard to tell if that if there was any hacking at all, and said maybe somebody didn't just leak a bunch of information.

I mean, it's just impossible to tell. Well, and there's there's there's a whole another way that this could be anybody other than China, and that is through Um, you guys have heard of mirrors, server mirrors, So for folks that don't know, this is how you get stuff off the Internet is there's a server that's got it, but there's a server somewhere which is a mirror image of it.

And this is how our podcast gets out. Is it's what's called the CD and a content delivery network, and there's servers all over that a mirror each other, so that not everybody is pulling the data from the same server a k A. What happened to us for about six or nine months at one point because I didn't understand how the Internet work. Well, there's mirror servers, but I found out that there is also what is known as a witness server, and have you heard of this before.

So he said yes. You said no, I said yes. He said now, okay, so explain it to Joe. Okay. So the way I understand what a witness Oh yeah, that won't get me in trouble. Y okay to him. So what I understand, sir, is that a witness server is a server that watches a group of servers. So it's one of them should be the primary server, and it watches all the others, and if something happens or goes wrong with the main server, that's uh, it will tell them, oh, switch to server number two. That's called

fail over. So it's directing the it's saying, oh, you're number one. You get the majority of the traffic now, and you need to mirror and look like server three, four and five need to look like server one. But what I don't know is if it's possible to have a server in the network that the mirror is controlling, but the other mirrors do not know exist. So theoretically all the mirrors should know. What you know that they have five compatriots, but there could be a dark sixth

compatriots out there. I mean, frankly, I'm sure that there's ways to mirror the witness I mean, or to spoof it actually would be a better term, so that you could just take over a whole set of servers and just kick the old guy offline and say, oh, hey, guys, sorry, I just renewed my I P here. I am I'm dynamics. So it's happening a lot here, I am, I'm in control of you. Now do all these changes and oops, we're going to switch over to the server over here.

Server one, which has got all the content on it is theoretically supposedly no longer online script runs. It shoots all its day DA out, but officially it's off of its group network, so when it comes back in, the group doesn't know it's done. It like there's a whole bunch of really simple and really complex and clever ways

that that kind of server arrangement could drop off. And then it looks like it's you know, the service are all housed in these places, and the one guy that we don't know about in Virginia is the site that all of that data is getting shot to. Yeah, I know, which is why I I'm I'm totally on board with the theory that it is not China I feel like they are the easy, easy answer. Yeah. Well again, I'm

not sure who the hell else would be interested. But even even there's a lot of other political powers who would love to have information to potentially leverage. I mean, look at what we did. We we tracked all kinds of stupid stuff for fifty years in the intelligence community. That was for not but it was all for the hope that maybe one day that would pay off. Well.

And if they were really smart hackers who were doing some kind of spoofing or server spoofing or anything like that, and you were targeting Tibet, of course you would say that everything was in China because it's the easy target from Tibet. So and if it was you know, if it was Palestine and Israel. So if they were to find this in Palestine, everybody would say, well, obviously it's Israel who's doing this. So you would leave the bread crumbs.

Let's say, look it was them, it's their fault. Nobody notices where my system is shooting the external data to, you know, although you know, and that could be very very much true. Although I'm not sure that the Chinese would really give a damn about covering their tracks I think that the Tibetan's going to do well. But it's not the Tibetans that they'd be worried about, Joe. They would be worried about reprisals or reprimands from from other

government bodies. And maybe those aren't the right where, you know, but they don't want I mean to a degree their brazen really care about public opinion. But to another extent they have to play by some of the set rules, whether they want to or not. Well, so I mean that's the That's the thing, right, is that like they

functionally aren't covering their tracks. I mean they are being clandestine, right, They are hiding a little bit that you know, if if they were the people who did this, right, they have hidden this on people's computers, but everything tracks back to them, that tracks back to servers in China. So it can't be proved to be government. They're not government servis. But so it's not as though there's some you know, they were like spoofing or like buying server space and

like other places to hide the fact that it was China. Again, if it was China, right, the their servers right there, they track right back to China. They're on Chinese soil, therefore they must be sanctioned by China. I'm the only thing they're hiding is the thing that has to be hidden to get information. So I guess I don't see them actually covering their tracks if it is them, but I don't. I don't think it's them. Okay, So yeah, a new question again. It could be a lot of people.

Could be the CIA, just for the sheer freaking hell of it. Yeah, I think it's probably the Chinese did it just for the heck of it. Could be some intern, some CI A intern. Hey, I wrote this program, boss, Yeah, just send it out to somebody. See, holy crap, it works. Speaking of interns, are we sure that Justin isn't the one who did this? Probably was, Yeah, I don't know. I've seen him trying to type on his phone, that's true. Okay, anything else, for the good of the order of this podcast,

what are we ordering? I'd like a new sandwich chips um. So, as I said, we're going to post the link to the fifty three page pdf UM as well some other link on the website. That website is Thinking Sideways podcast dot com. You can also find links to merch there. If you want to buy, like a sticker or a shirt or or anything like that, you can do that. There. We are on iTunes. You can basically download and listen

to us anywhere or stream us anywhere. And frankly, if you've gotten to this point and you don't know how to listen to us, then I need you to write us an email because I'd like to know that. Um. But if whatever service you're using allows you to subscribe, you should do that. If it allows you to leave a rating and a review, you should do that. A child how to do that if they're the one who brought you here, um, five star ratings. By the way,

we're on social media. We've got Facebook page and a group. If you're looking for discussion, join the group. If you're looking for I actually don't know why anyone would like our page, so an interesting links, interesting links in our ssodes, So like the page, joined the group. We're on Twitter. We're Thinking Sideways. We also have a subreddit that's a little sleepy right now, but that's Thinking Sideways. There's a trend here. You can email us Thinking Sideways podcast at

gmail dot com. We take suggestions, we take feedback, we take general praise. We take questions, we take you name it, we take it. Money. No, we don't take money anymore, money, photographs, anything you want to send us, we'll take it. That's fine, and we'll probably respond even nine percent of the time we did. H Yeah, as long as you're not sending us ghost rat, we're good. Please don't send us. Appreciate that. All of that having been said, I think we're going

to go ahead and ghost on out of here. Me and my USB drive. What I was waiting for one of you to do the Monty Python clickity clack, coconut horse noise for the Trojan chicken. The Trojan Chicken. Yeah, okay, bye guys. By