See them going to work, often on both sides of the equation. So somebody can be a hacker forbade and to be a criminal, but sometimes put those skills to good use. Sometimes they go all the way down the bad path, and you see certain people who have a bent andsosa but the people that we can learn from, which was what i was going for here. Host how much money did those people literally steal . Kate that is a good question. I dont think i have an actual figure for anyone. And without giving away too many details, we see one character make a Million Dollar ransomware demand in one shot, and it is character knows about cybersecurity or technology or in technology or engineering, but she is innovative enough and creative enough to on the spot come up with an idea that works. The company,e the criminal organization that she is working for, pivot to make similar amounts. Host how did they get into hacking, all three of these people . Kate you have three completely different trajectories. You have this woman from romania, her name is renee in the book. Of course, the names have been changed, people who didnt want to have their identities known for what will become obvious reasons. But you have renee, who is growing up in a typical, suburban, Countryside Village in what ends up happening is, as has happened across eastern europe, many of what we refer to as cybercrime villages have actually popped up. You have entire economies that are being basically run on these illicit schemes, whether it is the stealing of credit card information, or ransomware, which we have now seen in a and she u. S. Cities, wants to have a more glamorous life, she wants a more glamorous job. She gets this sort of impossible offer and finally finds out what is going on in her town, why everybody has a lot more money, and stumbles on this criminal enterprise. She is not someone with a background in computers. She has a background in ismunication, and she essentially a waitress, shes in very goodnd she is a talker. And as it turns out, being a good talker and being able to convince people of something is one of the primary skill sets that being very good at being a criminal hacker. Host what about bo . For he is a former hacker the Peoples Liberation army of china. Military a large operation with investment in cybersecurity and he is one of those people. Asstarts out his career somebody doing work for the government. This erases this raises a lot of interesting questions, because when we think of bad guys, hackers, they are attacking our companies, he is ,oing that, but he is doing it like renee, because he is bored, no. He is doing it because he works for the government and believes he is doing something for his country. Goes leaves the military, to work for a hotel, and finds he can put those skills to use , andtruly criminal way that is what he ends up going into and making a lot of money. But ultimately, he tries to make a different decision. And then you have our friend in veryvostok, you have this criminal hacker who is a criminal from beginning to end and has a very different upbringing. He is somebody who, as many in russia are, they are steeped in mathematics and science from a younger age, and he feels like he has nothing to lose. He is impoverished growing up and kind of falls into this. Rapees a lot of American Culture and pop culture is filled with big, beautiful cars and huge houses, and he wants to be a part of that. He is part of that until it comes crumbling down. Book, kingdom of i will quote from it, referring to yourself, this reporter has learned significant Cyber Incidents indeed dont happen without a person behind the scenes who has a deeply felt reason for inflicting pain. People need reasons to do what they do, and hackers are people. Ate yes may be to backtrack a little, the term hacker itself, usually we think of that referring only to criminals and bad guys. The book, iee in also look at people who have hacking skills, they are hacking themselves, but they are on the good side of the equation. And those people have a lot of trouble always doing the right thing. And i like to make the point if we want to understand why all these things are happening to us, whether it is the exploitation of the algorithms that run twitter and facebook in order to help the Russian Intelligence Agency influence an election, or the ransomware that has now taken down big cities like baltimore and atlanta, we have to understand the people who are behind these things, and all of them are different. Host another quote from kingdom of lies. By 2015, anyone who works in cybersecurity, criminal, good guy, or in between, can see the russians are more than active. They are so busy that they cant train their hackers fast enough. Kate that is a very interesting observation, because what we have seen, especially through 2015 and beyond in the case of russia, is that you have a russian government, and a talk about this in the book a little bit, how early on, Vladimir Putin in the early to thousands was well aware of in the well aware was very of the power in controlling the cybersphere. And in a country with the population of russia or even iran, you have to have people who can do damage at a scale of a country like china, who has the numbers. That in order to get the very best people, those people are not going to work on a government salary. If you are really, really good at hacking, dont have a lot of scruples and you live in russia, you can make a great deal more any number of illicit activities, selling things on the dark web, laundering money for cyber criminals, the list goes on. Now, what the government has realized is that in order to have these people who are good at what they do be on their side, they can Work Together with these criminals. So you have a situation where the government is willing to bring in people who are doing criminal activities they are aware of, into the fold, to help them. As a comparison, we dont do that in the United States, just so it is clear, you wont see the fbi going out and recruiting people who are doing major crimes against retailers. Instead, you will see them arresting those people. Havemeans that you criminals who are allowed to do , when it do as long as comes time for the russian government to call them, they are willing to pay the price, pay the tax for being allowed to do this criminal activities. And what you have is this beautiful, plausible deniability that russia is taking part in some major action against ukraine, or the United States. It is very easy for the russian government to then say, well, we didnt tell these people to do this stuff, or, they are not parts of the government or, if anybody did that they are maybe just patriotic russians, which is a line i think has been used, but they arent actually working for us. So you set them up with a situation that is hard to fight from our point of view. Dont u. S. Fazzini, Intelligence Services higher hackers . Do, and theey difference here is that there as a lot of restrictions, far as whether you have a criminal record. They definitely would not let somebody continue taking part in criminal activity, and it is really rare for somebody who has committed a significant crime, as many of the Russian Hackers who were actually named in the indictment of 12 Russian Hackers that was passed down last year , weur attorney general would never hire people who would continue doing that activity are would actually make millions of dollars in those crimes. We arrest those people, we put them in jail, every month or so the fbi releases indictments of people taking part in criminal hacking activity, including a great number of russians, some of whom have been arrested and brought to the United States. But we are never going to do the level of collaboration with the criminal element that those in government in russia do. Host you know in your book that, in the digital world, boundaries become muddy. Kate it becomes very muddy. One of the big issues now is whether companies and Government Agencies should have the right to what is called a hack backer, and offensive Cyber Security attack against somebody who has broken into their system. Why is that problematic . Have somebody like a citigroup, one of the major u. S. Banks, and they are getting attacked by china, and they have wonderful investigators at citigroup who determined that sendingdividuals are their packets from china, and they decide to go on the offensive and either get back the information that was stolen or do something to stop this from happening. Theres all kinds of Collateral Damage in between there. The companies that run the technologies between these two that you mightt actually have a scenario where the chinese pla and an american banker going to war with each other, and there are many manyrent boundaries there, things that make it so difficult for us to retaliate against these attacks. And then you run the risk of, maybe that attack wasnt coming from that chinese city at all, and you just attacked a completely different place because they were sending the signal from somewhere else. There are a lot of issues, and the international boundaries, who people are, their identity, much of this stuff becomes really mixed up. , can you doazzini most of what you describe in your book, with your iphone or android . I am myself, not a very technical person, but much of what i describe in the book can. E accomplished by most people on the one hand, there is a lot of what is called social engineering going on. So this is my ability to make you do something quickly that is going to give me what i want. So if i have an email that can compromise you in some way, and i send it with an urgent, you need to open this, it is your boss, you need to do a couple of tasks immediately, like send me all the w2s for all the employees, that is social engineering, that is making you feel like you need to give me this information right away. Anybody can do that. Sales people do that. A lot of people have very good skills and use those skills for good purposes. Many of the people in my book softwareare, malicious that they have got online, and maybe tweaked it a little bit, and it is delivered on a usb stick, they buy it from the dark web and put it on a usb stick, stick it on a targeted computer and then they have access to that device. That is more complicated but a lot of a lot of people have the ability to do that. A lot of this stuff is accessible to the average person. How is in todays hacking world . Kate it is not sophisticated at all. Ofalk about how tired i am the word sophisticated, because there are very few attacks today that are genuinely sophisticated. When i see one, i am impressed. Stick is almost dated at this point. A lot of companies have put restrictions in place over whether the devices you can plug usb sticks into can even read that. Many of the devices dont read the sticks anymore because they are so dangerous. It for the average person, is very, very simple, just like sending ransomware might be today for the average person. Itemsa couple of terms or that come into play in your book, i want to start with two. Vpns and wifi. Kate i just described what these are. A vpn is a virtual private work i will just describe what these are. A vpn is a virtual private network, and a vpn has an interesting trajectory right now. Because a long time they were used by corporations mainly, you are traveling on business and you might be using public wifi somewhere, wifi in your hotel, you can log on to a virtual private network, which gives you a way to read your information securely, so it cant be seen as encrypted and cant be seen over that wifi network. Interestingally because in the United States, most people who use vpns pay for them in some way. There are a couple of Free Products, but comparatively, in places like china and russia where the internet is heavily restricted and heavily watched, used by many, many more people often there is Free Products many, many more people. Often there is Free Products they can use to get around having their communications monitored. And they can get around rules that they cant use facebook and gmail in some cases on google product because those are banned. And it has become an interesting phenomenon, people in the u. S. Pay for the service but they are just a normal sleep popular, far more popular overseas than in the United States, and for a very different reason. You use public wifi . Do you have a wifi at home . I have a wifi at home. It is easier to control your home wifi on the settings on it. , i am wifi with a vpn pretty confident in using that combination. I dont use public wifi without a virtual private network. I have to travel for work, there are times when i have to get online. I am headed tonight to a hacking conference in las vegas called black hat and devcon, two of the biggest conferences of the year, and i will not use wifi at this conference be this conference will be filled with people trying to exploit it. I will find alternatives, and maybe stay off the internet entirely while i am there. So that is a different situation. Host it has been recommended that black hat and devcon, leave your phone in the room, dont use the atm anywhere close by, et cetera. Kate there are always interesting tricks coming up. Following ao be team called shellfish. Blackave these events at hat and devcon called capture the flag, where they have premier hackers in the United States and they tried to capture a virtual flag from one another at their contest. These guys win fairly frequently and do very well, so i am going to be tracking them and leave all of my own devices and my room, i think. I will just have a notebook and a pencil and do it old school. Lies,ack to kingdom of to other items come into play, paypal and bitcoin. What are their roles when it comes to hacking . The events of this in 2017,in 2017 end and go from 2013 to 2017. Foral has long been a way some cyber criminals to keep their money, being able to establish account quickly establish an account quickly and move money, but bitcoin was much ofe influential in terms giving people a way to have these illicit transactions. The way it works is, you can have a Bitcoin Wallet and somebody else can hold it, but your identity is essentially private. As long as you know that account number, you can move money without it being traceable. So for criminal activities, this has been one of the premier ways they move money. A lot of people are really skeptical about bitcoin, because it is difficult sometimes because it is so volatile, and the price is always going up and down, and there doesnt seem to be much rhyme or reason why the price is going up and down. There is a lot of speculation, why are people investing, why are you buying bitcoin unless you want to hide something . Necessarily that is true, but it has been a major driver of significant criminal activity, not just cybercrime, but everything from sex trafficking to terrorism to other sorts of illicit transactions. Bitcoin has been a real revolution in the criminal underworld. Do you needazzini, to be a stem student to become an internet cybersecurity person . E now no. I talkd to be people to people about their jobs interviewso a lot of and a lot of people who come my way are in law enforcement. I got a lot of people who are just police officers, might be young, they are really interested in cybersecurity, or they might be in some other type of security, like a security guard. Things. It is technology, which is often intimidating to people, but it is also security. The security part, people can understand, no matter how old or you learned that when you have a big event, you will put a perimeter around, you might have some physical barriers, you might have some some cops, some checkpoints, and the way Information Security works is similar to that. You put up firewalls, multiple firewalls of different kinds and sizes, you make sure people have the right username and password to get in, and they need another username and password to get in even further. So people who come from a security background like that, awful security, often have a nice base of knowledge to then learn a couple of skills, learn how to use the software, learn a little technology and to be astounding cybersecurity people. Are so many different disciplines within cybersecurity, and the u. S. Government and banks and all these companies are just desperate for these people. If you are considering it, it is a really good time. That is my big pitch. Host what are the positives and negatives of hiring retired military personnel . One character, bob, doesnt come across so well. I did go out of my way to be sure that i differentiated between people who had been very highranking members of the military and also members of the political class, versus soldiers who often come back and make really amazing cybersecurity people, and some higherranking people who do as well, but there were a lot of people at a high rank had been working in a Government Agency or the military for a very long time, who tried to make the transition the privaterity in sector, and had a very, very difficult times difficult time, for a couple of different reasons. Number one, the iraqi the in thehy that exists u. S. Military does not exist in most private companies. You dont have 100 different tans who are going to help you do a variety of tasks. A lot of people are doing many Different Things at once with a very small staff. Also, in a private Company Profit comes first, and that often involves having to deal with people overseas in Foreign Countries that, if you were in the military, had been your enemy for a very long time. It involves having to take direction from somebody who might have brought in more money last year, and somebody who is very highranking in the military might have a problem with that. But in theiraqi hierarchy of a financial institution, the person who brings in the most money is often the person who has the most say in what happens. Abrasive have a real around 2014 there were nationstate attacks against u. S. Banks and other companies. You saw a Lot Companies doing this, hiring topranking military people, and a lot of cases it didnt work out for this reason. Host here is the book cover. It is called kingdom of lies. They steal your money, take your identity, brute when your life, welcome to the kingdom of lies, adventures in the world of cybercrime. Of author is kate fazzini cnbc, formerly of the wall street journal. Thanks for being on the communicators. This program and all other communicators are available as podcasts. [captions Copyright National cable satellite corp. 2019] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] for 40 years cspan has put in providing unfiltered coverage of congress, the white house, the Supreme Court in publicpolicy events from washington dc and around the country, so you can make your own mind up. Created in 1979, cspan is brought to you by your local cable and satellite provider. Cspan, your unfiltered view of government. This weekend on American History tv, sunday at 6 00 p. M. , american artifacts takes you to the Virginia Museum of history for a an exhibit on africanAmerican History, from reconstruction through civil rights. Explore our nations passed on American History tv, every weekend on cspan3. Announcer senator Amy Klobuchar attends a house party in nashua, new hampshire. Watch live coverage sunday at 1 30 p. M. Eastern on cspan, on cspan. Org, or this and the free cspan radio app or listen on the free cspan radio app. Announcer a panel of millennial journalists talk about the industry, fake news, evolving media platforms, and the future of journalism. Townhall los angeles hosted the nearly hourlong event. Kyle thank you guys so much for coming out tonight to townhall. If you are new, welcome. If you are returning, welcome back. My name is kyle langan and i am the marketing director for townhall, los angeles