0:00

hi, i'm kapana i canadians

0:02

living in britain to push myself out of

0:04

my comfort zone and try new things i

0:06

went to birmingham and the west midlands it's

0:08

one of britain's most region

0:10

and also the hosts as the 2022

0:13

commonwealth games join me in the

0:15

new video series as series has all

0:17

the culture, food music and

0:19

outdoor adventures, you could pack into four

0:21

days see another side of britain

0:24

watch this paid content series on

0:26

cbc see a flash visit

0:28

britain today

0:32

this is a cbc podcast

0:36

hackers are out there for all types

0:38

of reasons to spread misinformation

0:41

extort companies or send

0:43

a message you don't often get an inside

0:45

look at how read somewhere groups operate

0:48

but there's a new podcast that does

0:50

just that it's called click

0:53

here are production of the record by

0:55

recorded future and each episode

0:57

introduces listeners to the people and

0:59

ideas shaping our digital world

1:02

click here host dina temple rast

1:04

and reported on a russian read somewhere

1:06

group called conti who's internal

1:08

chat logs were anonymously leaked

1:10

online after conti said it's supported

1:13

president vladimir putins invasion

1:15

of ukraine what those chat

1:17

logs revealed rock the cyber world

1:19

and made clear that running a world

1:21

class ransom were operations isn't

1:24

as easy as it sounds have

1:26

a listen

1:35

back in the fall of twenty twenty two

1:37

hackers started a message threat fingers

1:40

on a keyboard set to launch of wave

1:43

of ran somewhere attacks against some

1:45

four hundred hospitals in the us and

1:47

good

1:48

the cost a bit of a panic and

1:50

developing right now and we're learning about

1:52

learning credible cyber threat targeting healthcare

1:55

system snow we have we have criminal

1:57

hackers from moscow and st petersburg squeezing

1:59

computer systems that are hospitals or to the man

2:02

millions of dollars and ransom payments

2:08

hackers were members of a root for cyber game

2:10

that goes by the name hunting and

2:12

they are what's known in hacking circles

2:14

as big game hunters they

2:17

target single high value targets

2:19

lot of their data and exact suit

2:21

ransoms among other things before

2:23

they take and has to stay still

2:26

important patient and like customer data

2:28

and then these people don't wanna pay up

2:31

a threatened to release they have

2:33

have block where they post

2:35

every didn't change for them in february that's

2:38

what it took a stand on the russian invasion

2:40

in ukraine it said it supported

2:42

mosque

2:47

just a day or two later a new account

2:49

appeared on twitter calling itself plenty

2:51

leagues

2:52

the provided a lead to something extraordinary

2:55

the hands of thousands of the groups internal

2:57

messages so chat logs

3:00

i called this like the the panama papers

3:02

around so actors i think that is a a

3:04

case study be to be done for many years

3:07

the panama papers provided an inside

3:10

look at how the super rich that up offshore

3:12

accounts

3:13

the country leaks are the ransom were equivalent

3:15

because they provide everything from

3:17

mundane details of day to day operations

3:20

that editor

3:21

edit

3:23

i'm been arrested and this

3:26

is quick here today to leak

3:28

everyone in the cyber world is obsessing

3:30

about

3:39

it all began with the short post on twitter

3:42

were using a little ai voice to read

3:44

it

3:45

greetings

3:46

here is a friendly says absorb

3:48

the can't against has lost its it

3:54

it was a link was a wimp will be

3:56

you to download on the the

3:59

one click

3:59

and anyone could download more than

4:02

years wasn't a good internal chat

4:04

messages we promise if is

4:06

very interesting

4:07

needless to say lots of people clicked

4:10

and downloaded

4:12

including this guy emilio guns outs

4:15

he's some canada

4:16

wow how

4:18

, up in a i was just browsing twitter

4:21

and i saw someone someone

4:23

about the candidates

4:26

about thought i was really cool and i i wanted

4:28

to get my i my hands on

4:30

the gonzales is a security analysts

4:32

in canada he was for a financial

4:34

company in defense it's computer network

4:36

from ransom were actors like context

4:39

the stop us from his home office swinging

4:42

back and forth and one of those big

4:44

ergonomic is that gamers have his

4:46

finger nails painted black he

4:48

says the stumbled onto the chat logs by accident

4:51

when he finds himself sneaking moments

4:53

to read through time i've done that for us

4:55

where i think three days now i

4:57

have a day job so i only do it on the

4:59

said that during lunch and

5:02

the evening but

5:04

the price in his how much she identifies with

5:07

cody hackers they do seem

5:09

to be just like us asking for paid

5:11

leave the sharing office gossip enduring

5:14

difficult bosses consider

5:16

the case of the hacker when by the name target

5:19

turns out he's a bit of a jerk boss

5:21

the one of those guys his shows is impatient

5:23

by sending one word emails and success

5:25

it like were

5:29

the saturday before the hospital attacks

5:31

we talked about before he put out in all

5:33

call in the chat not a request for help

5:36

the demand everyone is

5:38

working today he declared no

5:40

explanation no apologies we've

5:43

all had buses like that and go

5:45

down the says after reading all their chat messages

5:48

he couldn't help but

5:49

identify with the want to connect with people

5:51

and they wanna they wanna live their

5:53

life even life there where

5:56

do we consider bad guys

6:01

i would assume that these ran somewhere

6:03

groups were kind of a big ball

6:05

here coalition her collectors and

6:07

the people didn't join ran somewhere groups

6:09

how much is temporarily associate

6:11

with of sort of like com

6:13

that work

6:14

after good hackers wanted it that way they

6:16

could be let loose the world and create

6:18

chaos i assumed they

6:20

didn't like structure

6:22

the county league suggest something else

6:24

entirely

6:25

we clearly see a yorkie of of

6:28

, so you you have the bus yeah team

6:30

leagues and there are different teams

6:32

that were together and as

6:35

he said as he between both

6:37

the colleagues i have a a message

6:40

right arm guns and find it

6:41

the has to chat logs up on computer screen

6:44

so i one of the first things i saw was

6:46

that was ,

6:48

at of candy requesting days of

6:51

the job so as the

6:55

group has more than one hundred salaried workers

6:57

on stacks they have middle managers

6:59

like target managers like we told you about before

7:02

they have worker bee programmers who

7:04

right malicious code that makes ransom were work

7:07

nike team and maintains their servers

7:10

exeter data and can quickly break it

7:12

all down disconnects it's essentially

7:14

if it looks like the already her onset

7:19

there are other things have a surprise you about conti

7:22

for one gonzales says and his very

7:24

french canadian way

7:26

from what he's seen some of the code they used

7:28

to say store encrypted data isn't

7:31

all that

7:31

right so i have a computer science

7:33

background so i know out a program in this

7:35

is not a this , not

7:38

like how

7:40

can i say it respectfully world

7:43

glasgow

7:46

which makes you wonder what else

7:49

isn't quite right about contact

7:51

how could such a sophisticated hacking

7:53

group not in the through chat so

7:55

much as standard practice

7:57

particularly if you're a secret hacker

8:00

you to that question we decided to turn

8:02

to someone who's all about secrecy

8:05

someone associated with the have to this collective

8:07

anonymous

8:08

that a dumb question

8:10

i don't think that's a dumb question and the all

8:13

the dumb part of this is the

8:15

way they did it

8:17

in an unencrypted matter

8:19

that's an unthinkable

8:21

right

8:22

discord yeah a kind of spokesperson

8:24

for anonymous i make those said

8:26

videos with the text to speech voices

8:29

and they're anonymous imagery

8:31

you've probably heard some of his work they

8:33

sound like something out of mister robot

8:35

the breeding citizens of the white this

8:38

is a message to lot of you're coming from

8:40

anonymous

8:41

there was no right the press release on for

8:44

those videos

8:45

anonymous to stay anonymous

8:47

you could say is all about operational

8:50

security

8:51

food is good in his dumbfounded by

8:53

in attention to what they

8:55

must be seeking in their boots right now because

8:57

a lot of their as identities will be revealed through

8:59

these leaks a lot of the

9:01

way they do their operations is gonna

9:04

be exposed so yeah i wouldn't want

9:06

to be them at the moment

9:07

which crazy about all this set

9:10

the leak seems to have taken a page from contests

9:12

on playbook remember one

9:14

of the ways the group pressures people to pay ransom

9:17

is by stealing information and threatening

9:19

to leak companies that encrypt

9:21

their information can't be extorted

9:24

that way and encourage his case

9:26

if this old to a sophisticated aca group

9:28

had just done the most basic thing

9:31

encrypt it's chat we wouldn't

9:33

be talking about the country leaks it all

9:35

it probably wouldn't have happened

9:44

john parker has been tracking conti and

9:46

it's predecessor right for years

9:48

these the head of investigations at trilipix

9:50

a cyber security company and i used

9:53

to be part of the national high tech crime team

9:55

and the netherlands

9:56

and we conducted multiple

9:58

of our rents were invest jason's and that

10:01

kind of flow through

10:02

and our within the work i do now

10:04

we follow all the major groups and conti was

10:06

one that he and his team as intelligence

10:08

analysts are coming through this country lox and

10:11

users that there are lots of interesting things

10:13

in there because

10:14

the very interesting

10:16

conversations that they talk about nicknames

10:18

have we seen before another and summer groups

10:21

the

10:22

we see passwords

10:24

they are connecting the dots

10:26

and two of these dots involve new indications

10:28

that country has some weird ties to

10:30

russian law enforcement and maybe even

10:32

the government the group denies it

10:35

moscow does to the focuses

10:37

taste

10:37

conti leaks does become

10:40

pretty clear now

10:41

consider one of the chat log exchanges in

10:43

which to county hackers are talking

10:45

about a source inside telling cat

10:48

that's the netherlands based investigative

10:50

journalism they focus on fact checking

10:52

in open source intelligence the

10:54

hooker seem to be searching the bell and cat network

10:57

for someone else

10:58

and what really stood out was the

11:00

conversation took place that they

11:02

said like okay this very interesting information

11:05

we need to save this an

11:07

they were really said okay safety says

11:09

that look for stuff that's related

11:12

to nepali

11:13

i'm afraid of only as a jailed russian opposition

11:16

leader who

11:17

the put it mildly is prudent nemesis

11:20

like he knows what

11:22

i saw her

11:23

and twenty twenty after surviving an assassination

11:26

attempt love only worked with building

11:28

cat to identify his would be

11:29

he by soil would him a physical

11:32

doubled over selfish

11:33

the audio from one of those assesses any

11:35

actually confesses to the operation over

11:37

the phone

11:38

nada

11:42

the couch she'll county members talking

11:44

about wanting to grab anything related to know

11:46

on the in the belly cat network you

11:48

don't have to have that suspicious of mine to

11:50

think that's an interesting coincide

11:52

they were really said okay safety

11:54

says that look for stuff that's related

11:57

to nepali

11:58

save it in a folder on the ball

12:00

me fsb

12:02

the fsb russia's federal security

12:04

service it does counter intelligence and

12:06

internal security so this basically

12:08

confirms

12:10

a lot of what we always been suspected obviously

12:13

we don't know if they were actually guided by

12:15

estate that it could indicate

12:17

mike okay looking at this

12:20

they might have been a relationship or

12:23

they are they were already on

12:25

the radar and this is their way of continue

12:27

operations had stayed allowed as

12:29

my call this also

12:31

for me

12:33

finding things like this these low

12:35

links

12:36

what's the claim what they did

12:38

just before the leaks what is at all which

12:40

is affiliation with the russian federation and

12:42

this one that in a clear

12:44

daylight

12:49

hacking group don't usually take sides

12:51

in international disputes or a very

12:54

simple reason it gets in

12:56

a way of making money which is why

12:58

conscious declarations support for russia

13:00

struck people so odd no

13:03

one's exactly sure why twenty did it but

13:05

it could have something to do with it's relationship

13:07

with russian authorities

13:09

they talk about people have to lay

13:11

low because they might be on a list

13:13

from law enforcement it is it's you take

13:16

a day to day business where they try to okay

13:18

we just need to lay low and we

13:20

do our thing and and okay than if

13:22

you lay low for low but then you could continue on later

13:24

so it really seems that they

13:27

were getting some level of protection

13:30

aaron maybe getting kicked off to avoid

13:32

an arrest

13:33

cyber security officials have long sought

13:35

ingrid in russian authorities had been in a marriage

13:38

of convenience can't you makes

13:40

provide a glimpse

13:40

the how that might work sometimes the

13:43

truth is more amazing them with we

13:45

could see goes but for now this is the

13:47

running hypothesis that there is some level

13:49

was interaction has taken place

13:51

and how

13:52

hi that interaction is how close

13:54

relationship is

13:56

i don't know we have to see

14:04

so extraordinary about the conti leaks

14:07

this at the messages allow us to examine the

14:09

group at close range and i'm

14:11

real time with all his eccentricities

14:14

and personalities in the past

14:16

the information we got from these groups came

14:18

in snippets

14:19

some got arrested

14:21

gives us a peek inside conti when

14:23

the hackers guards are down when

14:26

you're just going about their daily lives

14:28

where are they gonna buy or rent the hacking tools

14:30

they need the real somewhere victim

14:32

pay getting paid what you

14:35

know normal office chatter that

14:38

is interesting is all this normal see is

14:40

the chats also do something else

14:42

something far more worrying for clarity

14:45

they provide law enforcement all over the world

14:47

with tens of thousands of leads

14:50

do think this is the end of conti

14:52

maybe is the end of county

14:54

in the fashion that we know the

14:56

bird mind you there's a big difference between

14:59

of being outed or

15:01

be dogs being identified

15:04

being indicted and being arrested so

15:07

there's a big deficit move within that space

15:09

there's still room

15:11

for ah i'm setting

15:13

up a new ransom overseas

15:15

kind of son of conti or clunky

15:17

to

15:18

one of these people are still not arrested

15:21

they can still come at the same crime the

15:23

skill doesn't fade in that regard

15:25

they can would still regroup somewhere else

15:28

which brings us to the unintended thank

15:30

you for a week the way ransom were

15:33

gangs are likely to react

15:35

parker respects the groups will borrow from

15:37

al qaeda in the terrorism model

15:39

that of being a cohesive army they

15:41

could turn into more independent cells

15:43

which are much harder to track

15:46

i wouldn't be surprised long story

15:48

short that this whole eco

15:50

climate of ransom where becomes more fluid

15:53

there's more to sell sustained groups that

15:55

will work less in

15:57

a hierarchy as we saw with conti but

15:59

more network the basis i

16:01

thought to the i wouldn't be surprised to see something

16:03

like that

16:05

more chat came out in early march revealing

16:07

a messages that have been written only days

16:09

before it appears county has

16:11

started dismantling all it's botnet farts

16:13

and it's cleaning out their servers and

16:16

we now know they have a department

16:18

for that i'm dina temple

16:20

reston and desist click here

16:23

the right

16:41

this is click here welcome back

16:44

russia's invasion of ukraine has unfolded

16:46

like an old fashioned kinetic war

16:48

know cluster bombs buyers shattered

16:51

glass and tears information

16:53

wars have always been a bit quieter

16:56

the shaving of beaches here an

16:58

exaggeration there in

17:00

russia so we've been particularly adept

17:02

at weaponizing that old adage

17:05

that elias half way around the world before

17:07

the to can get exclusive

17:09

the here's a surprise

17:11

the conflict lies aren't moving

17:13

as fast as they used to and so

17:16

think that maybe because there's a concerted

17:18

effort to slow them down

17:21

the western officials are pre empting

17:23

russia's misinformation campaign with

17:26

intelligence

17:28

welcome to a new click here feature we

17:31

call three questions the idea

17:33

behind is a simple we talked a smart

17:35

people who thinking about cyber intelligence

17:38

in new ways and then have them explain

17:40

how it's shaping our world today's

17:43

guest is stanford

17:44

amy the dark

17:45

the theater and lies lies in

17:48

algorithms the history and

17:49

the future and american intelligence and

17:52

for decades see guard has been researching american

17:54

intelligence

17:59

the shift in the way to us approaches

18:02

information warfare

18:03

that was sort of our a harbinger of

18:06

how is technology fundamentally reshaping

18:09

the threat landscape the ability

18:11

of intelligence agencies to understand

18:13

it and who is a customer that

18:15

needs intelligence

18:17

this is something that is been really interesting

18:19

is that as russia was trying to sort of

18:21

gin up of misinformation campaign the

18:23

biden administration did something really

18:26

unusual in releasing intelligence

18:28

to kind of short circuit the misinformation

18:30

campaign were you surprised they did that

18:33

our surprise and i think impressed

18:36

they did i think they're really three different

18:38

themes or effects of that strategy the

18:41

first his inauguration the russians

18:43

are pros at deception operations and

18:45

they usually when where they often

18:47

when because once people believe

18:49

a falsehood it's really hard

18:52

to get them the change their beliefs and

18:54

so which one gets that first

18:56

actually really matters

18:57

the writing part of a strategy has been less

18:59

informed the world that they're about to be conned

19:02

by vladimir putin the second goals

19:04

he got says

19:05

it's friction

19:06

the more prudent is put on his backstory the

19:08

harder it is for him to stir up trouble

19:10

elsewhere

19:11

and then the third go i

19:13

think could be what i call for covert

19:16

action in reverse the world

19:18

can't stand on the sidelines hiding behind

19:20

a fig leaf of his false narrative or

19:23

it makes it much harder when all this information

19:25

is in the public or other

19:27

countries to stand on the sidelines

19:29

they have to take a side so i think it's all three of those

19:31

things plane

19:33

you know he needs uses always been that

19:35

there was a sources and methods problem rights

19:37

so how did they get that through this

19:39

time were there weren't you know people shrieking

19:42

sources and methods we can't let this out they'll figure

19:44

out how we notice

19:45

you know if i were gambling woman i would bet

19:48

that there were people shrieking the can't let this

19:50

out right i'm sure there are some interesting conversations

19:52

inside the administration but clearly

19:54

there was there was reward suffer

19:57

if ever you're going to use intelligence

19:59

to try

19:59

the to prevent something bad from happening

20:02

wouldn't be the largest territorial

20:04

aggression in europe

20:06

the world war two

20:07

and so i think that we have

20:09

to be more forward leaning it using intelligence

20:12

not just holding onto those collection stream

20:15

the do you think that this the

20:17

release of intelligence worked do

20:19

think that we have maybe found one way

20:21

to deal with misinformation

20:23

how do we define success

20:26

with a strategy will success i think shouldn't

20:28

be preventing poop and from invading my he

20:30

didn't they that doesn't mean the strategy was misguided

20:33

but i think there's a real glimmer of hope

20:35

in the use of this strategy

20:38

to combat deliberate this information

20:41

operations on mine is

20:43

taking advantage of that time

20:45

dimension i think a lot policies don't take enough

20:47

advantage of what we should speed up and

20:49

, we should slow down and so

20:51

when you give truth a chance to get at first

20:54

get at that's a very promising strategy innocent

20:59

that was amy's he got she's a senior

21:01

fellow at the hoover institution and

21:03

the freeman's vocally institute a stanford

21:06

university she's also the author of the

21:08

new book spies lies and alvarez

21:10

the history

21:11

in future of american intelligence

21:25

you are the big cyber and and

21:27

origin story of the week

21:29

go underground citing intensifies in

21:31

ukraine there's a new volunteer

21:33

force taking the fight into cyberspace

21:36

the ukrainian government calls it is

21:38

ickes rooms

21:39

the cop ukrainian cyber security

21:41

officials sister sarah says hundreds

21:44

of thousands

21:45

during their ranks ukrainians

21:47

all over the globe are ,

21:50

united , our

21:52

country in cyberspace enter

21:56

i know that so russians things

21:58

that only super countries

22:01

super states can provide these attacks

22:04

but , we see more than

22:06

four hundred thousand people

22:09

are united in this eighty ah

22:12

army

22:13

just i was set to the solent here's our

22:15

is unclear russian government website

22:17

has been under a huge number of de

22:19

dos attacks but they've been able to recover

22:22

from the analysts are are worried

22:24

that this

22:25

either called arms violates

22:27

international nord

22:30

the defense department's chief information

22:32

officer john sherman told the record

22:34

in an interview that in anticipation

22:36

of possible cyber attacks from russia he's

22:39

in daily contact with us cyber

22:41

command and an essay chief general poll

22:43

numbers sony while , wouldn't talk

22:45

about the discreet steps to us is taking

22:47

to guard against as attacks he

22:49

said he's working with combatant commands to

22:52

make sure america's most sensitive networks

22:54

are being taken care of in a proactive

22:56

way he says is tending to that constantly

23:00

and finally the cyber security firm

23:02

proof ploy has discovered what

23:04

it says is likely

23:05

isn't campaign

23:08

targeting edu officials dealing

23:10

with the refugee crisis in ukraine

23:12

proof points as hackers may have compromised

23:15

a ukrainian armed forces email

23:17

account in order to target edu

23:19

officials managing logistics

23:21

the the refugees

23:23

email pretended to be about information

23:25

about a un security council decision

23:27

and when opened planted say seat malware

23:30

her for linked to attack to a group known as

23:32

ghostwriter

23:33

in there thought to be linked to belive ruth

23:45

episode was produced by sean powers

23:47

and will jarvis it was edited by karen

23:50

doesn't and levinson composed

23:52

our theme in original needs to the episode

23:54

the weed additional music from blue dot

23:56

such

23:57

what years a production of the

23:59

record media

23:59

and we'd want to hear from you please

24:02

leave us a review and rating wherever you get

24:04

your podcasts and you can connect

24:06

with us at click your show dot com

24:09

i'm you know temple rested

24:10

we'll be back on tuesday

24:15

this has been an episode

24:17

from click here a podcast

24:19

about the world of cyber and intelligence

24:21

you can listen to more episodes every tuesday

24:24

wherever you get your podcasts

24:27

for more cbc podcasts go

24:29

to cbc dot ca slash

24:31

podcasts