What does net square do . Themselves, o help its a leader of a very small india. Y in we do whats called penetration testing. Esting your defenses by attacking them. Thats what weve den doing now for 16 years. So its kind of a pro defense defense . Tive yeah, its an active offense and see how well your defense up to the latest an greatest of offensive techniques. Hacker . E you a yes, i am. Yes, i am. Myself. Re to say that that . W did get into its a long story. I think i was always interested in take things apart. If people asked what i built, i ive only broken things in the past 20 years. Anything. Ave built i have been playing around with icrocomputers since the 1980s, along with my dad, and seeing how it worked. Just got to try it and do things until they fall apart and see how things are built. How things are put together. O i didnt know that this was going to be a viable career option until i graduated out of purdue, and companies looking, can you hack uni systems. Can we test them . I want that job. Thats a fun thing. Keep me out of trouble and make it legal. Thats how i got into attacks and penetration. So you would be hired by a would say, come hack our system . Thats right. Done. Precisely how its target saying, and are the assets of value see what a reallife focused attacker can do. Ow far can they get what kind of monetary loss would be suffered . Kind of to our customers. N or then we give them a reality heck, as i would call it, get ngs, rattle the cages, in, and actively steal sufficient. How easy was it . Let me say my track record is very close to a hundred percent. Dependent totally upon the time you have. Ow will you scout out the perimeters, how well you know the organization. How well you know the technology importantly, how well do you know the mindset of the people behind this technology. Challenges . Daily what do they fall for . Hackersways like to say dont hack computers. Hackers hack humans. Are just a way to get to the human. Once you get into the human the human do stuff at your will, turns out to be easy. R common way of hacking . There are several ways. Would be just what we call social engineering. Doing what ple into you want them to do. Some sort of an enticement. Heard of phishing attacks, people downloading Free Software from the internet just because its free. Just get them to install what you want. Way. S the easiest and thats still a very successful technique even though 20 years that the world has seen these techniques. People still fall for it. Under internet its very asy to trust a bunch of pixels instead of characters. Who knows its really you. Oure just whoever you want to be. Its easy to entice people into doing things you want them to do. Thats the easiest vector. The harder ones are to kind of a product thats well used or a technology thats well a bug it in, and once we have that, you have power deployment of e this technology. Say, for example, a browser or camera. Or a smart frig or an enterprise device. Orage if its widespread and its common, then your infections can get everywhere. Campaigns, two recent campaigns, they were two ago. S apart, not too long did they begin with somebody simply opening an email . No. This was a very there was no one. Driven attacks in the these were essentially Windows Computers that were left unpatched. A bug was discovered, known for proactive , a few organizations patched themselves and they were able to escape the problem. Few organizations were falling behind and they didnt attribute importance of this bug simply because there were no fires breaking out and the first that broke out was a bad one and it spread like an forest fire over the internet. Its a little bit like genetic ns and the makeup. If you think of human diseases, genetic traits, nd if you have knees common genetic traits youre prone to an illness, and an illened can or me an em democratic plague rather quickly. Thats how its spread. He only way to avoid it is by vaccinating yourself. So you dont get hit by this weakness. The true defense to such a plague is a lettro population where u a cantic mix so the infection and occcurtailed to a group not spread across an entire community. A re is too much skew off very similar type of technology sed globally across enterprises. So to put this in if a logical terms, company has one Computer System all connected with each other, can be more dangerous than systems . Ifferent let me rephrase what i said. Like a is kind of paradox. If an organization has the same same type puters or of operating systems on all all of them s, and only a patched, or if few are not patched necessity become an entry point. A beachhead l find on one of these systems, and hen they will try to spread through the internal network. Once they are inside its very laterally. Ead they can move across passwords hat are being reused, connections that are being opened to other computers. Piggyback on the paths of maximum use and then they go from one computer to another. The paradox is, to manage a need organization, you standardization, standard deployments and thats the intrinsic weakness thats now being brought into the organization, because its like hits ze fits all, one bug all. In a way. Was Something Like wanna cry, that a financial incentive into the system. Motive. Always a its done for a reason. Just fun anymore. Was ieve the smoke screen just ransom wear. So you can lock up computers en extortion st demand money. Pay me 300, and i will send you keys to unlock it. I believe that was a smoke screen. I believe the real purpose was something else. Maybe there were some targeted attacks. Key organizations or individuals that were being targeted. Nd there was a deeper wave of attacks. I personally havent analyzed the deep mechanics of the worm the back traffic, whats going on, so i wont be able to comment. But it seems to be too much, too sophisticated, of an operation wear. St ransom whats your recommendation to companies, such as companies hat might be affected with Something Like this . Its kind of time that we very reactive the nature of what were seeing. Infected and get patch cycle. There is always a fire breaking with out and there are always people scrambling, organizations fires. Ling to put out the kind of we tell all of our patching. Keep on keep on patching. This is advice that worked 10 years ago. Doesnt work anymore. Because there is its not a very Large Organization and keep on patching it month after month. What the recommended thing is, but today, we have to proactive k of defense. We cant keep reacting to anymore. We have turned the whole concept around. Threats. For booby traps. We have to engage in threat hunting. Example. You a simple thats credit card never used. Program that credit card number systems. Your banking the minute that number is pull p, you know something is funny going on, because no one knows that number other than you. Should have this number be why should be somebody be making a balance inquiry. Should it be seen as a point of sales receipt at a gas station. Looking for the threat, youve put out the bait and the attackers take the bait. You figure out the tactics and figure out their strategy. Thats how you will defend tomorrow. Another thing is, weve seen a in computing hift the weight of the internet, as i ay has shifted from the desktop to the mobile environment. From an end user perspective. Common use i would say are using mobile systems way more mandesk all their daytoday needs. We need to bring that into the enterprise. To create a custom deployment of an operating for our openically organization. Why do we have to keep a general bill of windows to do daytoday business. Customized take a across one, deployed species, manage it efficiently nd make it resistant to common attacks. Weve created weve supported going ahead and we control everything. Create custom use cases. And this would be the way to go forward. Genetic make jump and be resistant to the disease rather than vaccinating yourself scrambling all the time. And playing catchup. And getting infected with a new every time it comes out. Devises inherently more dangerous or conducive to a desktop . Perhaps on the contrary, mobile resilient way more to attacks than a general purpose desktop. You cant plug a pin drive into a mobile phone. Not that easy. Cant Download Software off the internet and stick it nto your phone unless youve jail broken it. Ith you mobile devises have been designed with a very different aapproach. There is containers, compartmentization, private updates, can, automatic lot of stuff is built in that doesnt exist on a desktop operating system. Environment is tuned for personal use. General operating systems are in tune for multiusers use. Unix, which from was shared multiple users at the support any le to type of computing activity. Do ts the least you can anything you want and thats thats whats not its time we create this Organization Centric computing environment. That will be the new way of looking at things. Can somebody be unaware they have been hacked . Is something that gives me a not in my stomach. Even though practicing good enough i dont know if it is a glitch or a bug in the software. A something that is already there. I can never be too sure. What else is out there . What coming is big data. Is the abilityme to manipulateons populations. You can manipulate the process of an entire continent simply by playing games with big data analytics. If you control the social media network. People got caught doing an experiment where they were tweaking users and populating a and populate in another set of users with depressing news. And seeing how each population react. People started getting more aggressive and angry. I dont know who didnt get caught. Thats what terrifies me. We have control in most developed nations. Are these processes being daily monitored and influenced . By s giving up information to social media at will, we have been monitored. What terrifies me as we are also being picked to get a palm. What will i do after the all they have to do the apartment. They can do it for a population en masse. What isy to predict going to happen to the Large Population in the next 24 hours. This is activity that you can monetize on. This is activity you can use to influence that population. What do you do to protect yourself . If i dont want to use it i dont have it. I dont want to download the old internet. To my friends and family i say avoid the gluttony. Dont use it beyond what you need to use the device four. Unplug, listen to music. Have fun. Lets not stay connected to the screen 24 7. There is no need to tell the world that you are going on a vacation. Just dont advertise yourself. We lead different lives digitally and nondigitally. We are worried about people smoking through the windows. Live in a glass house and walk around naked in the Digital World. It is a hypocritical situation they dont realize. It is the disconnect they offer. Sense ofes you a false safety and security, when it is really not. Thats what i do. I minimize my use and unplugged. Trusting thatjust my other colleagues are trusting. If you tell me to install this app i probably wont unless i get it validated from several others. I might try to install it and take it apart. If it is safer you are not. What are some of these apps doing under the radar . One of the most insidious things they do is they track your geographical moments every day. Now they can enable the and listen to7 everything you are seeing. Potentially manufacturers have been caught with this. They kind of listen to families in their living room and watch them on camera. What they are really doing is they are becoming the eyes in your pockets. They analyze it. Theres always something being taken. Has the cloud made it worse . The cloud has enabled masculine analogy at a staggering rate. Definitely connected a lot of people together. It makes it easier for you to do work and help your mission. It makes it very easy to control the population. The cost of computing and the cost of storage has plummeted. I believe it was in 2007 that amebody can own supercomputing Cloud Infrastructure of 1999 on their desktops in 2007. If you trace the progress of the Digital World from 2007 onwards, things have been ramping up. 90 of the data generated on the internet has been generated in the past 11 months. The data on the internet today will only be 10 of what it is next year. Way and shot up into space. With this amount of computing power, it is getting closer to reality. Keepachine will be able to to feel the pulse of humanity. What is your role . I came as a visitor in 1999, fascinated with the culture, the openness. Just sharing knowledge and thriving on it. I started teaching at black hat. Severalone this for companies around the world. This is where i meet my best friends, some of whom i consider family. Myself and enjoy mentoring a few people. I enjoy teaching the classes. Interacting with other speakers. By teaching we had to stay ahead of the curve of all of the students. It is sort of like a pilgrimage. Its a ritual. I hope i can make it to 20 years or so. Are individuals and Companies Investing enough in Cyber Security . There are a lot of money in these things in Cyber Security. Whether the investment was in the right direction or not, we are investing in technology. Technology can only help you secure your organization to a certain extent. The greatest lack of investment is in the mindset of board members. To proactively defend the organization. If the board member doesnt buy ofo the process, no amount money is going to save you in the end. Value attimated core the board level. If not we can keep trying and sinking tons of money without the desired outcome. We are on the verge of the internet of things. What are your thoughts when it comes to security . An animal that was narrated, there very smart students. Very smart students who learn about all of these magical arts. One of the students says i have the knowledge to put it together. The third one says i can make it come to life. And are you really doing the right thing . You are using your Knowledge Beyond your means. He gets a head start and runs away. The lion comes to life. One click at a time, one life at a time, one billed at a time. With devices around us, any would believe the invasion of Human Technology and digital life is more terrifying. When thea matter of machines have an equal footage as human beings. Ceo of and he has been our guest on this episode. Was broughtan to you by yours by your cable or satellite provider. Corey lewandowski, president trumps former Campaign Manager talks about the admin stations First Six Months in office and what is ahead. This is one hour