BLUE TEAM VILLAGE - Subversion and Espionage Directed Against You (SAEDY)
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 322 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39817 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
DEF CON 26162 / 322
18
27
28
40
130
134
164
173
177
178
184
190
192
202
203
218
219
224
231
233
234
235
237
249
252
255
268
274
287
289
290
295
297
298
299
302
306
309
312
315
316
00:00
Prozess <Informatik>Bridge <Kommunikationstechnik>Güte der AnpassungTouchscreenFahne <Mathematik>Grundsätze ordnungsmäßiger DatenverarbeitungEreignishorizontMereologieCoxeter-GruppeUniformer RaumGeradeCybersexSelbst organisierendes SystemDemoszene <Programmierung>Turm <Mathematik>Exogene VariableRechenwerkQuellcodeElektronischer ProgrammführerComputeranimation
02:28
EreignishorizontSoftwareOffice-PaketSoftwaretestSocial Engineering <Sicherheit>ServerProzess <Informatik>SoftwareschwachstelleRechter WinkelGenerizitätDatenverwaltungOffene MengeGrundsätze ordnungsmäßiger DatenverarbeitungWellenpaketMinimalgrad
05:06
Prozess <Informatik>AuswahlaxiomSelbst organisierendes SystemComputersicherheitVerschlingungWeb logFacebookWellenpaketComputersicherheitInformationKontextbezogenes SystemSoftwareschwachstelleGüte der AnpassungMathematik
06:03
ComputersicherheitInformationExploitProgrammierumgebungSchlussregelKontextbezogenes SystemLesezeichen <Internet>ExploitSoftwaretestSocial Engineering <Sicherheit>
06:47
Proxy ServerQuick-SortComputersicherheitInformationSocial Engineering <Sicherheit>MultiplikationsoperatorVerkehrsinformationExploitInformationGüte der AnpassungHoaxTwitter <Softwareplattform>TypentheorieSoftwaretest
08:22
Social Engineering <Sicherheit>ComputersicherheitPatch <Software>Patch <Software>ComputersicherheitPlastikkarteMomentenproblemMultiplikationsoperatorComputeranimation
09:08
Attributierte GrammatikEreignishorizontSocial Engineering <Sicherheit>SystemverwaltungGruppenoperationEntscheidungstheorieHardwareUmwandlungsenthalpiePasswortSoftwaretestSoftwareDomain <Netzwerk>SensitivitätsanalyseSocial Engineering <Sicherheit>Abgeschlossene MengeHackerSystemverwaltungGruppenoperationSchlussregelHypermediaGrundsätze ordnungsmäßiger DatenverarbeitungMetropolitan area networkInformationExtreme programmingSchreib-Lese-KopfPersönliche IdentifikationsnummerSoftwareschwachstelleRechter WinkelAggregatzustandMereologieZeitrichtung
13:22
InformationAggregatzustandPrimzahlzwillingeEreignishorizontSocial Engineering <Sicherheit>UmwandlungsenthalpieAttributierte GrammatikSystemverwaltungGruppenoperationEntscheidungstheorieHardwareSelbst organisierendes SystemProgrammSocial Engineering <Sicherheit>TermInformationVideokonferenzOffice-PaketProgramm/Quellcode
14:28
HackerNonstandard-AnalysisSoftwarePhysikalisches SystemVerschlingungFließgleichgewichtEinsVirenscannerLesezeichen <Internet>MAPVersionsverwaltungOffice-PaketElektronische PublikationSoftwarePolarkoordinatenHintertür <Informatik>Nachlauf <Strömungsmechanik>Virtuelle MaschineServerRechter WinkelMessage-PassingExploitInformation
15:40
ÄhnlichkeitsgeometrieBusiness IntelligenceE-MailInformationBefehl <Informatik>AggregatzustandHalbleiterspeicherProjektive EbeneMaßerweiterung
16:43
ComputersicherheitRobotikNotebook-ComputerVollständiger VerbandRobotikOffene MengeMetropolitan area networkMereologieRechter WinkelSoftware
18:16
BORIS <Programm>VersionsverwaltungReelle ZahlVideokonferenzRechter WinkelVererbungshierarchieComputeranimation
19:06
Office-PaketDivergente ReiheProzess <Informatik>Programm/QuellcodeComputeranimationVorlesung/Konferenz
19:54
Prozess <Informatik>Dienst <Informatik>QuellcodeProgramm/QuellcodeComputeranimation
20:35
Hill-DifferentialgleichungMulti-Tier-ArchitekturInstantiierungProgrammierungZweiGenerator <Informatik>Web-SeiteQuick-SortAggregatzustandNeunzehnVerkehrsinformationComputeranimationProgramm/QuellcodeBesprechung/Interview
21:17
BORIS <Programm>TouchscreenInformationRechter WinkelComputeranimation
22:34
DreiGesetz <Physik>Computeranimation
23:15
ComputersicherheitInformationThumbnailOffice-PaketPhysikalisches SystemInformationWechselsprungSoftwaretestSoftwareComputersicherheitProgrammverifikationBefehl <Informatik>
24:00
ProgrammverifikationHill-DifferentialgleichungComputersicherheitICC-GruppeInternetworkingSocial Engineering <Sicherheit>ProgrammverifikationMultiplikationsoperatorHackerGemeinsamer SpeicherCodeInformation
25:11
GruppenoperationFlächentheorieTreiber <Programm>Social Engineering <Sicherheit>NP-hartes ProblemComputersicherheitMultiplikationsoperatorInformationTreiber <Programm>Data MiningSprachsyntheseErneuerungstheorieRechter Winkel
27:45
PROME-MailMultiplikationsoperatorRechter WinkelRechenzentrumWellenpaketZweiFlächeninhaltEinsMessage-PassingReelle ZahlComputeranimation
29:41
TeilbarkeitInformationVererbungshierarchieTelekommunikationRechnernetzTrojanisches Pferd <Informatik>EbeneComputerspielInformationFigurierte ZahlOffice-PaketGefangenendilemmaProzess <Informatik>Güte der AnpassungGesetz <Physik>CASE <Informatik>Diskettenlaufwerk
31:18
HMS <Fertigung>Einfacher RingGefangenendilemmaInformationGesetz <Physik>HilfesystemMultiplikationsoperatorFamilie <Mathematik>ComputerspielRechter WinkelHMS <Fertigung>
32:55
ComputersicherheitInformationNotepad-ComputerMultiplikationsoperatorTablet PCAggregatzustandGefangenendilemmaComputerspielWeb-SeiteNP-hartes ProblemFacebookProgramm/QuellcodeComputeranimation
34:01
HackerNonstandard-AnalysisComputersicherheitMathematikMomentenproblemMetropolitan area networkComputerspielGrundsätze ordnungsmäßiger DatenverarbeitungVerband <Mathematik>Reelle ZahlRechter Winkel
36:15
InformationEinfache GenauigkeitGefangenendilemmaQuellcodeMetropolitan area networkSensitivitätsanalyseComputerspiel
37:58
Fluss <Mathematik>InformationGerichtete MengeComputerspielZweiGüte der AnpassungHackerInformationNeuroinformatikLesezeichen <Internet>ProgrammMultiplikationsoperatorHook <Programmierung>SoftwareschwachstelleNatürliche SpracheComputeranimation
39:47
Digitale PhotographieComputersicherheitVorzeichen <Mathematik>TermSoftwaretestComputeranimation
40:50
Computeranimation
41:29
sinc-FunktionAggregatzustandFormation <Mathematik>Wort <Informatik>ComputeranimationVorlesung/Konferenz
42:07
SprachsyntheseAggregatzustandComputeranimation
42:44
ProgrammFreier LadungsträgerVersionsverwaltungTopologieEinsHackerProgrammfehlerWellenpaketComputeranimation
43:55
HackerGruppenkeimMalwareSondierungTelekommunikationAdditionFacebookLesen <Datenverarbeitung>Rechter WinkelSpeicherabzug
44:34
GammafunktionSichtenkonzeptE-MailMereologieGenerator <Informatik>Lesezeichen <Internet>Rechter WinkelMetropolitan area networkData MiningComputeranimation
45:57
QuellcodeEinfacher RingMetropolitan area networkGüte der AnpassungMathematikHilfesystemMultiplikationsoperatorComputeranimation
46:51
Dämon <Informatik>Treiber <Programm>VerschlingungGefangenendilemmaComputerspielMetropolitan area network
47:42
StatistikComputersicherheitp-V-DiagrammPatch <Software>Spiegelung <Mathematik>Design by ContractSoftwaretestFreewarePlastikkarteExtreme programmingHochschulinformationssystemSystemaufrufFormation <Mathematik>Computeranimation
Transkript: Englisch(automatisch erzeugt)
00:00
Well, we got Judy Towers coming to speak to us next. She's going to be talking about subversion and espionage, directed against you. Really cool part of the blue team responsibilities.
00:29
Good afternoon. This is a lot of people. Oh, louder. Louder, good lord. I'm not used to it. Oh, god. I'm used to yelling this in a theater
00:40
when I was in the army. Who of you will admit you served in the military? Raise your hand. OK, cool. Army? OK, the rest of you, OK. And those that have been in, you know why we do that, right? So what I did is this a presentation
01:02
as a counterintelligence agent in the army that I had to give to every new incoming soldier in the unit. It was called SEDA, subversion and espionage directed against the army. And you were targeted just because you wore the uniform and you had the flag on your shoulder. So things I've been seeing going on in the recent events
01:25
made me realize I have to redo this. This is why I was an agent. This is why I'm in cyber. This is why you guys need to be aware this is going on. You are targeted. One is an individual, and it's not because you're in the military. It's because your job.
01:42
And the businesses are targeted just as much as DOD and the military are if you're paying attention to the news. And I want you to be aware. It's you by yourself that they're targeting. It's not your team. It's not your CISO. It's not your organization that go after you as an individual. You'll see some of this in what I'm going through.
02:02
What you see on the screen is a movie. It's a scene from the movie called Bridge of the Gods. It's based on a true story. There is such bridges. I've been on them between when I was young. There was a Cold War. And I've stood on the bridge on the country line between Czechoslovakia and West Germany. And these things did happen.
02:22
We did do trading across bridges. It's a very good movie, and it's based on true stories. So what got me passionate about doing this is a couple of years ago, I went to Derby Con to the Red Team Village or the social engineering village. And I thought social engineering was such a generic term
02:42
of when I was social engineered, you know, whatever. Well, a couple of the pen testers were talking about an event that they had. He was at a bank. He was told to go get into the server room. That was the pen test, be in the server room of the bank. So what he did, smartly, is he went out to the district banks.
03:03
And he got there early enough to profile all the workers as they went in. And he found out which teller he was gonna social engineer, right? So he walks in with a nice pair of khakis, butt down shirt, and he approached her, I wanna make an account. She goes, sure, let's go over here and talk. So they sit down and start talking.
03:21
And he goes, you know, can I go to the bathroom? She's like, sure, it's down the hall. When you're done, come back and get me, and we'll finish this account creation process. He waited so long, she got distracted, did something else. He went into one of the empty offices, sat there for an hour and started hacking the network. Nobody bothered him because he looked like he was from the home office, right? Business attire, home office does show up. They do do that kind of thing.
03:43
So about an hour later, the bank manager walked in like, who are you, what are you doing? And that's when they realized he was hacking the network. They fired the teller because she didn't follow up with him. That made me mad. You didn't train her right.
04:00
You fired her for the reasons you hired her. She was customer focused, outspoken, open. Are you gonna hire an introvert to take her place? No, you're gonna hire the exactly same person, right? But you didn't train her to be aware of her own vulnerabilities of what she was. Her personality was used against her. And the pen tester, he was upset
04:20
because he lost her job because of what he did to her. Now he feels fine to a degree because he did his job. She didn't do hers right. But he profiled her and understood her vulnerabilities and used them against her. That is espionage and spying as I was taught. That's when I was like, oh my God.
04:41
And I'll give you some more stories that should scare you about pen testers. Just to let you know, when I was in the army, I didn't see any of those guys. And I did never see that either. So I feel like I missed out when I do it over. But that is not the espionage that you're gonna see.
05:02
That is not the spying that you're gonna see when it's targeted at you. This is a very good blog post. This is also impassioned. It made me motivated to do this. Instead of doing security compliance training that you get one hour once a year and you go back to your desk
05:20
and start clicking on all the links and everything else you're not supposed to do, we need to change your behavior. We need you to be trained to understand what are your vulnerabilities, what are being targeted. I need your behavior to change. And the three things, motivation, ability, and trigger. This is an excellent, excellent blog post. This is what we should do. This is what our training should be for compliance.
05:41
It should be behavioral change, not a compliance thing. I wanna throw this up there because this is what we need to do is behavioral info sec instead of security awareness. Because the security awareness is not working, right? You're still clicking on the links. They're still telling everybody their information. You're still putting all your stuff out on Facebook.
06:01
We're not changing behavior. And this is one of my favorite, favorite sayings from Edward McCabe. My zero day exploits are your employees. He's a pen tester. He's very good. And I've talked with him about what I was learning and he's like, yeah, this stuff works. This is how we do it.
06:20
This is how things are being done. So it was very, very interesting. What I want you to do is become enlightened about you as an individual. Your CISO is back there, please say no, say no. But you, when you're faced with it, you're by yourself. You're probably not gonna be at work when they approach you.
06:40
So you're not even self aware that it's work related. It's probably out in the bar, your neighbor. You'll see. Why social engineering? Because it works. Hide and seek, if you follow her, I recommend you follow her on Twitter. She openly talks about how she is able to do what she's doing.
07:00
One time I saw what she was doing, she said, I showed up, my hands, you know, dressed nice, she's a woman, she's pretty, she's young. Showed up at a business where they were doing a pen test. Showed up with donuts or something in her hands where her hands were too full. She had a fake badge on. Hey, can someone help me open the door? I can't get my badge and my hands are full. What do we do because we're so nice? Oh, let me help you.
07:21
They didn't take the donuts, they opened the door for her. Let her in. Follow her on Twitter, she talks about all of her exploits. It's very good and it's very true. But what was in, what caught my attention was the lock picking, climbing over walls, hopping by bar fences, dumpster diving, and really cool tools and gadgets and pretending to be something I'm not to get information.
07:41
Those were the exact same things I was trained to do as a counterintelligence agent. The exact same things. Except for I didn't have the cool gadgets. I had a manual typewriter in the woods in Germany and I had to, I got frost nip on my fingers to type reports it was snowing outside. That's how cool my gadgets were.
08:01
That's how old I am too. But follow her. If you wanna learn what red teamers are doing, she talks really good information, it's awesome. And she is doing exactly what I was taught as an agent, as a counterintelligence agent.
08:23
I love this saying, there's no patch for an untrained user and even an experienced security professional who forgets in the heat of the moment to follow what they've been taught. That's exactly it. Like I said, most of the times, like when I was in Germany and the terrorists did target our soldiers,
08:41
they targeted them in a bar when they were drunk. They took him out, one of them, they took an airman out in the back, they killed him to take his ID cards so they could put a bomb on posts the next day when everybody was doing PT in the morning, if you remember that in Ramstein. They took an air fort, they took him while he was drunk, got a girl to talk to him, made him out in the back, that's when they killed him. He was alone, nobody saw this.
09:01
So what I'm getting at is this is what they will do, you will be alone most likely when this happens. I'll give you more stories. Follow Chris Hagley, he's the one that does the social engineering village, I loved it at DEF CON, Derbycon and DEF CON. Any act that influences a person to take an action that may not be in their best interest.
09:21
That's really a whole, that covers everything, a whole lot. So if you have classified information, you fall victim to that. If you have sensitive information, you'll fall victim to that. Just, and one of them will do some is they will use you to get to the rest of it. You might not be the main target, but they will work their way through your network, just like a pen tester would, right?
09:41
Just like some other hackers will, but they'll use the human to do it. How many of you are pen testers, and I'm not gonna ask you to raise your hand, but if you can't get through the network, the network is so tight, and you can't get in, what do you do? You show up in person. I know if you're gonna nod your head, I know,
10:00
but you'll show up in person because you're gonna start using the people and their vulnerabilities, you're still gonna get in. This is one of the stories that kind of horrified me. I didn't realize pen testing went this far, but Chris Hagley had a panel, and we could ask the pen testers, how far would you go? How far would you take this to social engineer somebody?
10:21
And they asked him, how far would you use your sex to do it? And a nice young man, he stood there, and he goes, look at this, who can deny this? And I swing both ways. I walked away a little horrified going, that's a pen tester saying he's gonna use his sex or sex to get what he wants. That is nation state, that is China, that is Russia,
10:42
that is nation state, and if a pen tester is gonna use sex to get into it, and my God, you guys are not prepared at all. Just saying, but this is the other story that horrified me. The pen tester goal was to get the SIS admin's user ID and password to the network. One individual, they had to hack him.
11:04
He was the target of the pen test, one individual. So they profiled him, they looked at his social media, they saw that he liked the women, he was married, his wife was recently pregnant or just had a baby. They had a beautiful woman on their pen test team that was a lesbian, asked her, would you be willing to get into sexy clothes
11:21
to compromise him? She said yes, so they sent her in. She struck up a friendship with him from work. I'm not sure how much longer after they met before she got him to meet her at a hotel room. She walks up to the hotel room, they got pictures of that. He walks up to the hotel room, they got pictures of that. He opens the door and she made sure
11:42
she was in the sexy lingerie in the doorway with him in the doorway, they got pictures of that. He walks in, shuts the door, and she goes, no, I'm not gonna do it, and walks away. I don't need those pictures, right? So the next day, they sent a note to the CIS admin and said, we want the domain user password, network password, and he said no.
12:02
So the next day, they sent in pictures of him at the hotel with her and sexy lingerie and said, we'll send this to your wife and the CISO, give us the user ID and password to the network. He said, okay. Pintest over we have won. Well, where did I have to know a boy with a code? Where did I have to know your network?
12:21
Where did I have to know anything? I just had to know you, and I know you by your social media and what you were doing online, and they used that against him. I was horrified when I saw that a US company would do that to a US employee, but that's how close they'll go. That's just pintesting, people. That was just a pintest.
12:40
They were willing to compromise his principles or whatever. I don't care whether he was willing to do it or not. They were willing to go to that part, right? Who's gonna deny this, and they swing both ways. You are not prepared for this. You're not aware that this is gonna come. And I asked the pintester, why would you go to that extreme?
13:01
They didn't tell you to compromise his principles or go after him. They just said, get the user ID and password to the domain and the network. He said, I did it because they didn't have any protection for that individual. They didn't have any rules. The CISO didn't have anything to protect him, so we went after him as an individual. They won. Pintest over. I was horrified, sorry.
13:24
Espionage has been around since the 1700s, as you saw. Honestly, I didn't realize social engineering, if you saw from the last one, it's been around since 1899. I thought it was relatively a new term because we all say we've been social engineered. If you're gonna fire me and say I've been social engineered, I'm gonna challenge you and go,
13:41
I was spied on, espionage, tradecraft. But social engineering to me is too, it better be something bigger than that if you're gonna fire me for that. Illegals, spying, if you guys pay attention to this, back in 2010, we sent 10 illegals back to Russia.
14:05
And I'm gonna show in a video in a minute. And unfortunately, this ex CIA officer, I really hate to see fellow officers, fellow agents caught with spying, but he got caught in January in Shanghai, handed over some information for money.
14:21
But the illegals, they look like your neighbors, don't they? And that's what they were. Nobody noticed. Subversion's been around since the 14th century. And this is one of my favorite ones, Kaspersky, you guys probably have heard the news, right? It's a Russian owned company, not Russian Putin,
14:42
but a Russian ex KGB officer owns the company. NSA had a Chinese national that he was spying and he brought home from NSA documents that he was gonna send over. He installed them on his home PC that has Kaspersky antivirus running. Kaspersky has certain things,
15:02
alerts when they see certain files to alert them. And so they took a copy of his stolen NSA documents and it got sent to Russia to Kaspersky. Amsterdam was apparently watching it and they're really mad at us now because we gave it away and told them that Amsterdam warned us that they had our NSA exploits.
15:21
So this was like a level, level, level, level. But if you notice, the government is now saying Kaspersky cannot be on any of our PCs, all of our servers, any government machine cannot have this software installed because they have a back door that can take information off of it, it's built in. It's kinda cool.
15:43
Uber, if you guys noticed that Uber, this is US, American, American, spying on each other. Uber had employees over, I think it was Lyft, if my memory serves me right. They had people in Lyft gathering information to see what the competition was doing. This statement is by their legal team.
16:03
So to be clear, to the extent, anyone is working on any kind of competitive intelligent project that involves the surveillance of individuals, stop it now. Well, surveillance of individuals is spying, that's what I did. Same thing. So he's telling them please stop doing these espionage spying efforts of our competitors.
16:23
We're better than that. But I want you to be aware that it's not just nation state that is going after what you have. It's business on business, this is business. Always does this, quit it.
16:46
Med Robotics, this was in the news also. This is a Canadian Chinese national. The company Med Robotics makes body parts. They're here in the US. China had tried to been making deals with them, trying to talk to the president.
17:02
We wanna be a part of your company. Well, he knew what they wanted is they want all their blueprints for the body parts and they would go make them over there cheaper, whatever, they'd be competitors. So he kept telling them no. This man showed up one day at the corporate headquarters. The CEO was walking out. He saw him in the conference room. He had three laptops open.
17:21
It's about five o'clock in the afternoon. He had three laptops open and he was working. He was in there by himself. So the CEO walks in and goes, can I help you? What are you doing? And he goes, well, I'm waiting for the CIO. I got a meeting with him. He goes, well, the CIO is not here today. Oh, well, I'm waiting for the CTO. Well, he's out of the country. Oh, well, I'm waiting for the CEO. So he goes, that's me and I don't know who you are.
17:42
Called the FBI and that's when they found out. He was in there trying to hack their network because the owner of the company would not sell his secrets to China. They wanted to try and steal it. The one thing that's really interesting, I had to say this up here, the lawyer that was defending this man, he was struggling to accept the fact he was no longer brilliant.
18:01
That was his defense. Hope it worked. But he was a Canadian-Chinese national and he just happened to be sitting in the conference room. Easy breezy, right? Just walked in. Nobody stopped him. I want you to pay attention to the couple right here.
18:24
I'm gonna show you a video real quick. We're gonna try and make this work. I'm against the most sophisticated enemy in the world. Super secret spy that's living next door. I'm gonna collect all those secrets
18:40
and learn what she's been doing. That's Elizabeth Page. Hi. What do you do, Sam? I'm gonna be out here to make sure I don't do anything. Hold on a second. I'm around here. There we go. There we go. All right, sorry.
19:02
Americans is a somewhat sensationalized version of Soviet espionage in the United States. In fact, most Soviet spies in this country were Americans, not Russians, posing as Americans. And they didn't engage in murder, kidnapping, the kinds of dramatic episodes that appear on the American.
19:25
The Soviet Union had two kinds of agents in the United States. The first kind were legal officers who would be attached to the embassy or consulate. Then there were the illegals, who were people that came into this country illegally and lived as ordinary Americans.
19:41
The couple in the series are illegals. That is, they are Russian citizens who are in this country illegally posing as Americans. They have jobs and they spy on the side. When the Soviet Union recruited illegals, they were looking for people that were ordinary, that could blend in to the United States.
20:01
And fit in like you're supposed to. One of the advantages of recruiting people for the United States is that this country has a very diverse citizenry. So even somebody with an accent, say, can still pose as an American. The most important job that the illegals performed for the Soviet Union was to serve as couriers. The advantage of an illegal is in the country illegally.
20:22
The FBI doesn't know who he is. He can meet with sources, pick up espionage material, and then he has to meet with somebody else to transfer it. But it's the anonymity that's important. Occasionally couples would serve as illegals. There were instances where you had couples
20:42
who were not illegals, they're actually Americans spying for the Soviet Union. And the Soviet Union then attempted to recruit their children as spies. The center started a program to develop second generation illegals. They weren't paid to be next. The illegals were not executed. The United States and the Soviet Union had a kind of implicit deal that they
21:02
didn't do that sort of thing. Which is also why one of the themes of the Americans are all these assassinations and so on. But occasionally it happened, but it was quite rare. And certainly not in the 1980s. Countries never cease spying.
21:22
And Russia has historically used illegals. No doubt they will continue to use them, but they're very expensive. And it costs a lot of money to train them and it costs a lot of money to maintain them.
21:41
This couple right here that you see. Can you hear me? The couple that you see on the screen, that's what the movie was about. They were a New Jersey couple. She was an accountant working in the Democratic Party of the United States. He was a stay at home dad. He was a courier. They got pictures of him going up and down stairs
22:02
in New York City having his hand out and someone else passing off the information. That's how they caught him. His name is from a, I think it's his name specifically, is a child that died like 100 years ago. And he used that name and that's their name as a couple, as in the US. Nobody validated or verified it.
22:20
They're illegals, right? They didn't have to register. But she was an accountant and he was the actual courier that was panning the information over to the other side. Let's do this. This was interesting to me. When I was being trained as an agent,
22:41
I was not told that this is one of the reasons why we do spying, but I thought it was very interesting is that by doing the spying, we have probably have stopped World War III from happening. We understand when you're caught, they understand when we're bluffing and we understand when they're bluffing when they're saying and doing something. That's one thing that is a benefit of spying. So I'm not telling you to go do it.
23:00
I'm not encouraging you to go do it. I'm not saying that it is against the law, but what they were doing, what we're doing, is probably is gonna stop World War III, but please don't take that as initiative because that's why you're gonna do it, okay? I promise it won't work that way. And then North Korea, this is, I thought was a very telling statement. If warfare was about bullets and oil until now,
23:22
warfare in the 24th century is about information. Spying is so much easier now because I physically really don't have to show up anymore. Only when your network or your system or your data, I can't get to, will I show up in person just like a pen tester will? So this is easier now to get this information
23:42
than ever before, just like the NSA spying that he'd put it on a thumb drive, took it home. I think he encased it in something so he could get through security. I don't know, somebody told me a cupcake or something like that when he went through the jump drive he put it in there and that's how he got through security. Nobody noticed he had a jump drive. That's how he got it out of the NSA office.
24:02
Trust but verify, 1986. That is a Russian saying, not ours. That is Russian, not ours. And so President Reagan, he really enjoyed it so much that he upset Gorbachev when they met because he said it to him all the time because he was practicing as Russian with him.
24:20
Gorbachev kind of got annoyed with it, thought it was kind of interesting. But today, do it the blockchain way. Don't trust and verify. Because of our technology, because of our information, the way we trade it and we send it around, share it, I physically don't have to show up. You don't have to validate what I look like, who I am. I can be anything I want on the internet
24:41
and talk to you, create a relationship. And if you've seen the news recently, there was a playgirl, Playboy Bunny. She was social engineered by a hacker. She fell in love with him. But they had a relationship online and she finally realized, he got taken in and arrested
25:01
and that's when she realized he was social engineering her for whatever reason. I guess for pictures, I don't know. But I don't think she had a whole lot of code to share with him. If you recognize Maria, just two days ago, I talked to Jack Bartsky.
25:22
Do you guys see him over there at Mandalay? He was signing his book. He's an ex-KGB spy. He's in the U.S. He wrote a book, he's on a speaking tour. He's a famous guy. He was a spy during the time that I was. So I thought, I gotta go meet him. And so I went up and I'm like, hey, you know, I was a counterintelligence agent
25:41
during the same time that you were a KGB spy. And he goes, hey, comrade. I'm like, whoa. And a friend of mine was like, hey, can we take a picture at you two together? I'm like, no, no, I don't know him that well. But anyway, he was signing his book. I had to have his book, right? And so he was signing and he actually sat in there to a comrade, you know, a comrade.
26:03
And he looks at me and he goes, what is going on with Russia? They're so obvious at what they're doing, like her. She freely admitted why she was drunk, what she was. She wasn't hiding. She was, I'm Russian. I'm paid by a Russian person. I'm collecting information. Hey, can I, you know, oh yeah, let's give you drinks.
26:21
And you know, he was like saying, Russia is not even doing hard trade craft anymore. They're doing everything too easy. It's too easy what they're doing. It's too obvious what they're doing. And he asked me what the problem was. And I could only guess it, that one, we're not paying attention. Two, we don't care.
26:41
Three, we can't think it's the person next to me. Or four, I don't know what the fourth one is. I just think we're not paying attention. We don't think it's gonna, we're too nice of a society to think anybody's gonna do this to us or our neighbor is gonna steal that information. But it was kinda interesting to have an ex-KGB spy going, what's going on? What do you guys are not, you know, why don't you get better at this?
27:00
Look what I did. It was interesting. If you guys saw on the news, Diana Feinstein, her driver of 20 years, he was a Chinese spy. 20 years, he was her driver. That just came out this week. Then another one in the news, we have a woman in the US embassy. They found out she was a spy.
27:22
They just happened to be doing her background check again. Those of you who had a security clearance, you know, the renewal, they renewed her as they found out. She'd been in there for like 10 or 15 years. They just realized she was a spy. I don't have a picture of her. I'd put her up there. But I thought that was kinda interesting that it's becoming so common. The Russians are not even trying to hide
27:42
what they're doing. It's sad. So the motivations of why people spy is mice. These are the main ones. Money, ideology, coercion, blackmail, or ego and extortion efforts.
28:01
I'm gonna give you some just examples real quick. But I don't want you to think everybody around you is a spy, but you need to be paying attention to your coworkers or strangers that walk into your data center, walk into your desk area. Make people, don't let people just walk in without shining their badge. I pissed, excuse me, upset somebody the other day. He was tailgating me in.
28:21
I pushed him, I was like, oops, excuse me, can you, you got a badge, can you go back out there and scan it? And he goes, I'm great. I've been in here many times. And I'm like, yeah, but I don't know you. And it said contractor on his badge with no picture. And he goes, but I've been here all, and I'm like, I don't know you. Would you just please scan your badge? Oh, I'm asking, it's just a second of your time. He argued with me longer than it took
28:40
for him to scan it. He finally scanned it. He could get through, but he was so upset because I stopped him. But that's what you're gonna have to do. Because that's exactly what they're gonna do. They're gonna walk right in behind you. And I have to admit where I work, our badges are very easy to replicate. I could do it with a crayon. It's really sad. I've told my boss that.
29:02
And he goes, I know we're trying to fix that. That's just one more thing we're trying to fix. But I'm like, I literally have my badge turned around where nobody can see it because it is too easy to copy it and make a picture of it. Plus, I ride the train to work. So if anybody, I have my badge hanging off because my train pass is on it too. So if anybody's there, they just take a picture
29:21
of my badge, duplicate it, boom, they're done, right? And then they just stand there. I can't, get in, can't, get in, can't, get in. Would you help me get in? Someone will let you in. I'm sorry, we will, we're nice, we'll do it. It works. But this saying right here, beware of spies, that came out in World War II. So that's how long, at least it's been around.
29:43
This was a spy that was a U.S. Army warrant officer. And I almost want to believe I did his background, I did his espionage case, my job as a agent. If I'm charging you with espionage, the law says I have to have, for you have passed the information to a foreign entity,
30:01
friend or foe, it does not have to be an enemy of this country, just a foreign entity. I have to have you where you're passing that information to them. He came home with about 25 or 30, this is the days of diskettes, with secret, literally had secret written on it, it was in his gym bag, he couldn't figure out how it got in his household goods
30:20
when he moved back from Germany to the U.S. I don't know. He had 30 of these in his bag. NSA came and took them from us, they got everything off of it, it was signal intelligence during the first Gulf storm. I could not, he had a German wife that didn't come back to the U.S. with him, but I never got where he was passing information to her, so I couldn't charge him with espionage,
30:41
I had to charge him with mishandling classified information. He also was shipping back Iraqi weapons in a diplomatic pouch. He was getting an Article 15 for that, so they put him out of the Army. The espionage charge didn't stick because I didn't have it. And I say this for a reason, because other people, we've got, you'll see in a minute,
31:01
but I want you to know the charge of espionage is, you have sensitive classified information and you hand it to a foreign entity, friend or foe, that is espionage, and you can be given the death sentence, thank you to Ronald Reagan. You'll get life in prison or the death sentence. This is the reason why John Walker,
31:22
spied 18 years, he was a Navy veteran. He gave his information to Russia. One of his excuses were, I can't help it that they shared it with Vietnam that we were fighting against, we weren't fighting with Russia. So why are you charging me with espionage? We weren't fighting them. One of his other excuses, or whatever,
31:41
he did a 60 minute interview, he got life in prison, it's because of him that Reagan changed the law that now you can get the death sentence. But he said, they were asking him, what would you do now that you know what would happen, what would you do differently? And he goes, I wouldn't get caught. His wife, unfortunately, turned him in three times to the FBI.
32:01
His daughter turned him in, she was in the Army, tried to recruit her. His son was in the Navy, he recruited him. His son got 25 years. He recruited his best friend, he got life. He tried to recruit his brother. I think he got another 20 years, something like that. But he died in prison. And one of the things that,
32:20
what you're seeing written up here is what Russia, his KGB handler said about him. He did everything right, we trained him right. His own excessive lifestyle, money is what made him give it up. They told him to quit spending the money, he couldn't help but do it. And so finally they caught him. And unfortunately, like I said,
32:40
three times his wife turned him into the FBI. I think she was upset at the divorce settlement. And that's what they're saying, is she didn't make enough money out of it, so she's turning in. So another lesson learned? Ex-wives? I don't know what to do, you know. Aldrich Ames, this is one that's sad. I hate seeing CIA people get caught.
33:01
But due to his, so what he was doing was so good and he married a Colombian spy. When he and that wife got married, the KGB or the Russians gave them a $2 million wedding present, how nice. They liked what he was doing, he's got life in prison. Ideology.
33:24
This one's a little hard. I normally think most people don't do this by themselves. I think they also do it for other reasons. But these two spied for Cuba. This one you didn't hear about in the news because of the plea bargain. She went ahead and pled guilty, but she had a Facebook page and she was ranting about what she didn't like
33:41
about what we were doing in Cuba, sorry, Cuba. So she got a 25-year sentence, five years probation, just to avoid the publicity because we were already getting hit pretty hard. We didn't anymore. But unfortunately, this couple was spying for Cuba too. He got life in prison and she got six years.
34:02
Recognize these two, or three? Especially this couple, Bradley, Chelsea now. I honestly believe, frequently people who go along a treasonous path do not know they're on a treasonous path until it's too late. I honestly believe that was probably these two. If they're gonna do it solely for ideology,
34:22
I did not see anywhere where they made any money at their efforts of spying. And her name is Reality Winner. She just pled guilty, NSA, down in Fort Gordon, down in Augusta, Georgia. Yeah, you know, I'd rather you do it
34:43
more than just for ideology, please. But if you're gonna do it, I think that's what they did it for. Sex change, if you need it, you know. All right, I'm gonna tell you a story real quick. I went back, I just got through getting a top secret clearance investigation. This was a defining moment in my life.
35:00
I was asked the question during my security clearance, where are you of the male persuasion when you join the military? And I'm like, can we stop for a second? It was a woman that was doing my investigation. And I'm like, can we stop for a second? Were you asking if I've had a sex change?
35:20
Is that what you were trying to find out while I joined the military? Because I could get a sex change and be a woman and she goes, yeah, that's what we're trying to find out. I was like, good Lord. I said, look, I was a woman when I joined. I was a woman when I gave birth to a child in the military and I was a woman when I got out and I'm a woman today. I didn't realize they asked that question now.
35:42
Just on a side note. So if you wanna join the military, I think you can get what Chelsea Bradley got. Understand they're doing that now. But also be aware if you go through this kind of sex change that makes you vulnerable. How? Are you gonna, do you freely admit it?
36:02
Are you gonna hide it? I mean, put it this way. If I knew you were a man and you're dressed as a woman, I'm gonna try and blackmail you as a man because that's what you're trying to hide that you are. That's the issue. That's everybody's hero, right?
36:21
Huh? I did nothing wrong. I'm gonna tell you something. I've got a man that works for me right now that used to, that was working for DIA when he did his expose. One of his friends who's a US citizen was in another country, a third world country. They went and took him and put him in prison in a third world country's prison for six months.
36:42
We had to go get him out because of what Snowden released. Once you understand something about classified information or sensitive information, sometimes it's not the information that's so sensitive. Sometimes it's the person who gave it to us or the source. He gave up sources of information and those people have died or been put in prison.
37:03
Now, remember what I said about the charge of espionage? If I have you given that information to another entity outside of the US or an uncleared entity, espionage. So he steps foot on this country again. He'll be charged with espionage, plain and simple. And I don't have to prove a thing about it
37:21
because he's sitting there. I freely admitted it. I gave it to them. And the country is saying he's freely given it to me. I don't have to prove, investigate anything. Just to let you know. He probably will never come back. He wants to. He wants to have the charges removed, reduced. No, I personally, I tell you what,
37:41
if he comes back and gets that, I think every single person in prison that is currently today serving a live prison, and I've seen some, they're in there right now. They're making big rocks into gravel. I watched them do it. If you've been in the military, the military prison, they do have a cement rock. I watched them out there making rocks with a hammer.
38:01
And those guys are in there for life doing the same thing he did. I think every one of them should have a retrial if he gets off. That's my opinion. Oh, quit.
38:21
Come on, baby. Give it a second. Compromise or coercion, this is my favorite. This is the one you mostly see and hear about. Mostly if you, it's sex, money, drugs, or all of them. Probably start you off with the drugs and the money,
38:41
or probably, I have time like that, I'm sorry, I'll start you off with the sex, get you drugged up, and get the money. I wanna tell you something. I've seen, I've got a picture of her. There's a beautiful Russian woman right now that is working her way through the hacker community, and I've seen her at DEFCON.
39:01
I've turned her in. They're investigating her, but she's beautiful. She gets you guys to fall in love with her. I'm sorry, it works. She's good. She's about 30. She says she's a computer programmer. She knows about five or six languages.
39:21
She's a stripper at night and sells drugs on the side. Now, if you're such a good computer programmer, why do you need to be, you know, do your own hack? Why do I need to hook up with you? Well, I honestly believe what she is is a scout. So what she does is she gets to know you and finds your vulnerability, and she turns that over to her handler. She might not be the one who turns you,
39:41
but she might be giving your information to somebody else. So just be aware. Let's see if I can get this real quick. These are all famous women spies during World War II for our side. We're not above doing the same thing. It's not even wrong, it's we're all doing it.
40:01
She's North Korean, and that's what she looks like in South Korea. And this is Ann Chapman, our vice president. He was our vice president. When she was sent back to Russia, he said he would miss her, miss seeing her around. And this is also a sign from World War II. This is how long this has been going on
40:21
and have been around. We have another term for honeypots that most of you do, and it is really this. It really is a beautiful woman like I just described. Have it swallow, seduce a spy. Government employer, politician, take the pictures,
40:42
just like I said about the pen testing, right? Pen testers are not above doing this. You guys are not gonna win. There's Miss Anna. She's beautiful. She's a hero in Russia. I think she has her own talk show, but that's where she's coming from. I wanna show you something.
41:01
Try and make this quick. You ever see the movie Red Sparrow? Anybody watch that? Every human being is a puzzle of me.
41:22
You must learn to enjoy what is missing, become the missing piece, and they will give you anything. Take off your clothes. Look who started first. Your body belongs to the state. Since it's your birth, the state nourished it.
41:40
Now the state asks something in return. Learn to sacrifice for a higher purpose, to push yourself beyond all limitation, and forget the sentimental morality with which you were raised.
42:10
I firmly believe that's true. When I did give this speech a couple months ago, I had a young woman come, and she goes, I can't believe a woman would just do this. Watch this.
42:20
They talked them, told them, the state owns you. You own the state. You'll do what needs to be done. That's how it is. That's how they're brought up. We're not taught that in our country. That's why we think it's so wrong to do such things, or we think it's nobody would do that to us. That's not how they think, just to let you know.
42:40
Come on, baby. Which is interesting. Her former British husband that married her, he died at 36. And what a lot of the women do, Russian, they'll go over to Britain, marry British men, and then endorse them within months after they got their British citizenship.
43:03
I got another one, an example of that that's going on. And Sergey, he was one of the Russian spies that we traded with her, and they're the ones that got, you know, they're trying to kill him, because they think he's a traitor. Real quick, the embassy, our Russian,
43:20
our American embassy in Russia, we had to go build another one, because Lone Tree, a Marine, gave the architect schematics of our embassy to a person he met on the train and developed a relationship with her. They bugged the crap out of our embassy. It was being built. We had to go build another one, just because of what, he finally admitted it a few months later,
43:42
or a year later when he was in Austria, he goes, I think I made a booboo. I think I need to tell you what I did. They can't use the embassy that we built because of what he did. It was so full of bugs. There was like three and four in every wall. And so we had to go build another one. Iranian hackers, they're not above using Facebook women
44:00
to do what they want. If you've read this article, I think it was earlier this year, Mia Ash, they bald a young woman's Facebook pictures and her personality to coerce and blackmail Middle Eastern men, middle-aged men that were working for these entities over in that country just to, what they did is, she became friends with them,
44:22
sent pictures, they clicked on the picture and that downloaded the, right? So it was really easy. So just because, I didn't ever think that they would do that, but that was pretty cool. It was a really good way to do things. I don't like it, but you know. This is one of my favorites.
44:40
Petraeus, this woman right here, this woman is the one that hooked up with him, right? If you've ever followed this, these two had a relationship. They shared emails with each other, but never hit send. They had the same, you know, they knew the account, never sent it right. She got jealous of her. So she got mad at her and said, leave my man alone.
45:01
She got upset by the threatening email she got from her and told her FBI friend. The FBI friend started the investigation and broke the whole thing up. The part that's interesting is there was, I don't know how much secrets were given away, but she's first generation Lebanese. She's down at Tampa, unofficial liaison. She hosts parties and invites all the big wigs
45:22
of the military to her house. That's how she knows these two men. And one thing that's obvious, well, one thing that's interesting about them all, even though this all came out in the news, every one of them is married. When I mentioned that to a friend of mine, he goes, who do you think that is? They're swingers. Not one of them got a divorce because of what happened.
45:42
I just thought it was interesting. What's scary is she's first generation Lebanese and she has access to posts. She's not even an employee, neither is her husband. I don't think she even has a tag on her car to get on posts. They just know who she is and let her on because I'm the unofficial liaison. This is the other one that's really good.
46:01
Madame Butterfly, you recognize? You ever heard this story? This is a man. That's him right there. He was his lover for 18 years and convinced him he gave birth to a child that she adopted. He never had a sex change. Yes, the sex was weird. They said it was, but he thought, you know, 18 years of relationship, he thought that was his son.
46:21
He adopted him. But that's, yeah, I don't know. So we're gonna keep going. It's ego, that's the same thing. They're telling me I'm running out of time, but the ego thing, Don Walker, his handler said that was one of his biggest things. He thought he was better than anybody else. Come find me. You won't find me, I'm better than you.
46:42
His ego is also what got him in trouble because they warned him and told him not to spend the money. He couldn't help it. He couldn't help what he was doing. Like he said, I would do it again as long as I didn't get caught. Hanson, he freely admits he's an FBI agent. I was passed over promotion. Nobody appreciated me, so I'm gonna spy and show you how good I am.
47:00
Life in prison. Here's the guy that I was talking about. And Brooks X, Aaron Banks, look him up. He had gazillions of dollars a few years ago, lost it all. He married this woman. She was a Russian woman who came and married a 40-year-old British man. Two months later, I can't live with him, divorced him. This man gave her the divorce.
47:21
He's had relationships with many other women to do this. She's now his spouse. He now has all gazillions of dollars back and he's supporting Brooks X right now. If you'll watch it, everyone's upset with him because he's funding Brooks X over there. And no one can explain where he's getting his gazillions of dollars from.
47:41
Yeah. See that? See that? It's obvious, right?
48:01
Reflection will hide it, will keep you from looking and seeing what really is going on. What I wanted you to be aware of is that if you think something is going on around you, I talk to CISOs and ask them if they, hey, is a pen tester coming after me? Do you want me to tell you? And the CISO's like, please do not come and ask me. Do not tell me.
48:21
If you think somebody is targeting you, you think this activity is going on or you think a coworker is doing it. When I was in the Army, I told people you needed to come tell me and I would start the investigation. Please don't do that. Don't tell me, or me, don't tell me. Go to the FBI. And if it's a pen tester, turn their ass in. If they're gonna go to the extreme
48:41
of taking me to a hotel room and compromising me that way, turn their ass in. And he'll get out a free jail free card because they has the contract where the company said, you know, do the pen test. But the pen test didn't say compromise me or my beliefs or my whatever, right? Turn them in, call the FBI. They got a free out of jail card.
49:01
They'll get out of it. But turn them in, call the FBI if you suspect any of this is happening. Any questions real quick?