1 00:00:00,362 --> 00:00:01,532 Cybersecurity today. 2 00:00:01,532 --> 00:00:05,162 Would like to thank Meter for their support in bringing you This podcast 3 00:00:05,552 --> 00:00:10,712 Meter delivers a complete networking stack, wired, wireless, and cellular 4 00:00:10,862 --> 00:00:16,082 in one integrated solution that's built for performance and scale. 5 00:00:16,352 --> 00:00:21,032 You can find them at meter.com/cst. 6 00:00:23,751 --> 00:00:25,601 I have a special show today. 7 00:00:25,701 --> 00:00:29,781 I wanna look at what we can learn from the world of espionage and intelligence 8 00:00:30,021 --> 00:00:31,731 in terms of social engineering. 9 00:00:31,881 --> 00:00:36,141 Now, if you watched last week's show or listened to it, you have to see that. 10 00:00:37,106 --> 00:00:42,626 we did a whole background on how espionage and cybersecurity are 11 00:00:42,626 --> 00:00:44,736 linked and how Nation states act. 12 00:00:44,736 --> 00:00:48,276 So it was a great show and if you missed it, I urge you to go back and dial it up. 13 00:00:48,276 --> 00:00:49,811 'cause it was really pretty good. 14 00:00:49,881 --> 00:00:51,141 if I do say so myself. 15 00:00:51,441 --> 00:00:55,031 but the, I wanna, and second of all, I've gotta tell you, I've 16 00:00:55,421 --> 00:00:58,061 gotta say, I've read a lot of studies and papers and I think that. 17 00:00:58,781 --> 00:01:01,751 They all come to the same conclusion that 90% of statistics 18 00:01:01,931 --> 00:01:03,401 given in tech shows are made up. 19 00:01:03,791 --> 00:01:06,611 no, it's not that bad, but it's not entirely true. 20 00:01:06,611 --> 00:01:11,291 But the reality is, exact numbers I think people would agree are hard to come by, 21 00:01:12,011 --> 00:01:16,451 but there's been a growing realization that, and you could find people to say 22 00:01:16,451 --> 00:01:24,071 it's 40%, it's 90%, but that a major part of cyber attacks are either led 23 00:01:24,131 --> 00:01:26,201 by what we call social engineering. 24 00:01:26,991 --> 00:01:29,571 Or it forms a significant part of the attack. 25 00:01:29,781 --> 00:01:33,171 We like to think in terms of technology that there's some real buzz kid 26 00:01:33,171 --> 00:01:35,391 and you see 'em on TV and they're type, type, type, type, type, and 27 00:01:35,391 --> 00:01:36,441 they get through all your defenses. 28 00:01:36,651 --> 00:01:38,481 In reality, that's a minor part of it. 29 00:01:38,811 --> 00:01:43,791 Most of it is done by how people who are very smart fool 30 00:01:43,791 --> 00:01:46,761 people who are also very smart. 31 00:01:47,121 --> 00:01:52,551 And that can be anything from phishing or vishing or if with a big attacks we would 32 00:01:52,551 --> 00:01:54,891 heard about where clever people trick. 33 00:01:55,426 --> 00:02:02,146 Experienced help desk people or users into giving them their passwords even 34 00:02:02,326 --> 00:02:03,701 when they're administrators of a system. 35 00:02:04,556 --> 00:02:08,786 It might seem incredible, but it is, and the idea came up and we were talking 36 00:02:08,786 --> 00:02:13,556 about after our last show, Hey, let's talk about this in terms of intelligence, 37 00:02:13,556 --> 00:02:16,886 because there's a parallel there in terms of, and I won't do the whole 38 00:02:16,886 --> 00:02:20,666 show in my introduction, but there's a parallel in terms of how intelligence 39 00:02:20,666 --> 00:02:23,396 works and how social engineering works. 40 00:02:23,576 --> 00:02:25,436 And I can't think of two better guys than the. 41 00:02:25,911 --> 00:02:30,631 Neil Bisson, who spent a lot of his career in intelligence and he's with was with 42 00:02:30,631 --> 00:02:35,161 csis, the Canadian Security Intelligence Services recently retired, but can't stop 43 00:02:35,161 --> 00:02:37,021 working, so he is got his own podcast now. 44 00:02:37,291 --> 00:02:37,981 Welcome, Neil. 45 00:02:38,611 --> 00:02:39,061 Thank you. 46 00:02:39,181 --> 00:02:39,721 Yeah, you're right. 47 00:02:39,721 --> 00:02:42,031 Can't stop doing the stuff I do when it comes to intelligence. 48 00:02:42,031 --> 00:02:43,671 It's just in my blood now, There you go. 49 00:02:43,851 --> 00:02:44,961 And David Shipley. 50 00:02:44,961 --> 00:02:49,641 Now David might be best known in Canada and the US as the Monday 51 00:02:49,641 --> 00:02:53,451 morning newscaster and panelist, but he actually has a real day job and 52 00:02:53,451 --> 00:02:55,041 that's leading Beauceron security. 53 00:02:55,101 --> 00:02:59,006 And in that role, he's really, I think, developed a become one of the, 54 00:02:59,186 --> 00:03:02,426 I think one of North America's experts in phishing and social engineering, 55 00:03:02,816 --> 00:03:07,136 and has done some of the best data collection in this area and has access. 56 00:03:08,316 --> 00:03:10,056 All anonymized. 57 00:03:10,146 --> 00:03:13,466 It's not, we wanna make sure we always say that this is legit data, 58 00:03:13,646 --> 00:03:16,976 but been able to assemble probably one of the biggest data sets in terms 59 00:03:16,976 --> 00:03:18,656 of this area and understanding that. 60 00:03:18,816 --> 00:03:19,896 welcome David. 61 00:03:20,676 --> 00:03:21,486 Thank you so much. 62 00:03:21,541 --> 00:03:23,191 I'm excited to be part of this conversation. 63 00:03:24,181 --> 00:03:24,331 Yeah. 64 00:03:24,331 --> 00:03:27,336 So I wanna start with this, Neil, recruit me. 65 00:03:28,236 --> 00:03:28,656 Okay. 66 00:03:28,716 --> 00:03:33,306 I'm, I and I, because I think this is a big part of it, is a big part 67 00:03:33,306 --> 00:03:37,926 of a job of an intelligence officer is in finding clever idiots, or 68 00:03:37,926 --> 00:03:38,976 useful, what do they call them? 69 00:03:39,101 --> 00:03:39,591 Recruit. 70 00:03:39,591 --> 00:03:39,601 Recruit. 71 00:03:39,601 --> 00:03:42,601 a useful idiot is definitely one of the things that, we've all, heard 72 00:03:42,601 --> 00:03:44,071 before when it comes to intelligence. 73 00:03:44,381 --> 00:03:47,436 hopefully it's not just idiots that we're recruiting, but, Yeah. 74 00:03:47,436 --> 00:03:49,896 but that's the sole promise that I'll come up to that level. 75 00:03:49,931 --> 00:03:52,421 but I'm sure you're gonna surpass the idiot pretty easily. 76 00:03:52,421 --> 00:03:54,586 Jim, you strike me as a guy who's well beyond that. 77 00:03:54,586 --> 00:03:57,556 but when it, and there's a perfect example of what a recruitment tactic is. 78 00:03:57,556 --> 00:03:58,756 I just gave you a compliment. 79 00:03:58,756 --> 00:04:01,726 I used your name and I made you feel better about yourself. 80 00:04:02,241 --> 00:04:07,371 So those are just things that automatically come off as, okay, maybe 81 00:04:07,371 --> 00:04:08,901 it's good to talk to this guy Neil. 82 00:04:08,991 --> 00:04:10,881 He makes me feel good when I talk to him. 83 00:04:10,881 --> 00:04:15,411 So those are one of the examples of how social engineering kind of endears 84 00:04:15,411 --> 00:04:18,861 yourself into the person that you are trying to get closer to find out 85 00:04:18,861 --> 00:04:20,481 more about or potentially recruit. 86 00:04:20,481 --> 00:04:24,561 Because at the end of the day, when you work for a humid or human intelligence, 87 00:04:24,931 --> 00:04:27,211 intelligence organization, your job. 88 00:04:27,281 --> 00:04:31,121 Is to recruit sources or in the states, they might call them agents 89 00:04:31,121 --> 00:04:34,151 or assets, depending on, what intelligence organization you deal with. 90 00:04:34,151 --> 00:04:35,861 But yeah, that's your day to day. 91 00:04:35,861 --> 00:04:38,081 You wanna get out there and you want to talk to people who have 92 00:04:38,081 --> 00:04:39,401 access to that information. 93 00:04:39,401 --> 00:04:40,631 You're looking for three things. 94 00:04:40,991 --> 00:04:44,391 Are they suitable to be, someone who works in intelligence for you? 95 00:04:45,471 --> 00:04:48,741 Do they have access to the information that you want them to have access to? 96 00:04:48,951 --> 00:04:50,361 And what are their motivations? 97 00:04:50,361 --> 00:04:54,831 And those are basically in a nutshell, what you're looking at when it comes 98 00:04:54,831 --> 00:04:55,881 to an intelligence recruitment. 99 00:04:57,491 --> 00:04:58,991 And where do you go to study this? 100 00:05:00,236 --> 00:05:01,626 Oh, I can't tell you. 101 00:05:03,201 --> 00:05:04,026 You have to kill me. 102 00:05:04,746 --> 00:05:05,106 No. 103 00:05:05,206 --> 00:05:08,236 to be honest with you, there's a lot of, it's interesting that, intelligence 104 00:05:08,236 --> 00:05:10,876 organizations always feel like they're the big keeper of secrets. 105 00:05:10,876 --> 00:05:14,776 But there's a lot of information out there, open source information about, 106 00:05:15,286 --> 00:05:19,706 Social engineering, human sources, recruitment intelligence activities, 107 00:05:19,706 --> 00:05:23,716 you'd be surprised how much you can find because I do a weekly, show for 108 00:05:23,716 --> 00:05:26,776 the Global Intelligence Weekly wrap up, and I pull open source information 109 00:05:26,776 --> 00:05:28,216 about intelligence all the time. 110 00:05:28,576 --> 00:05:32,656 With my experience as an intelligence officer, I can use that open source 111 00:05:32,656 --> 00:05:37,176 information and I can give, insights into maybe the story behind the story. 112 00:05:37,596 --> 00:05:39,976 But, yeah, it's, Even universities. 113 00:05:39,976 --> 00:05:43,806 I offer a course at the University of Ottawa called, the Psychology Behind 114 00:05:43,806 --> 00:05:45,486 Human Sources and Intelligence Collection. 115 00:05:45,546 --> 00:05:49,506 And that gives you a really good insight into how do intelligence 116 00:05:49,506 --> 00:05:51,036 organizations recruit people? 117 00:05:51,036 --> 00:05:54,606 Why do spies work for intelligence organizations? 118 00:05:56,346 --> 00:05:56,676 Yeah. 119 00:05:56,676 --> 00:06:01,571 And David, you, you watch the trends in fishing, which is, I. 120 00:06:04,486 --> 00:06:05,356 Intelligence. 121 00:06:05,836 --> 00:06:10,186 I think you've got a longer time horizon for picking and working somebody. 122 00:06:10,486 --> 00:06:14,836 but the same thing happens in, I think the same steps happen. 123 00:06:15,016 --> 00:06:18,196 You start with something reciprocal or you start with an emotional response. 124 00:06:18,496 --> 00:06:20,776 What's the typical phishing or. 125 00:06:21,346 --> 00:06:25,366 that type of a attack, in regard to what Neil is talking about? 126 00:06:25,646 --> 00:06:29,666 so the interesting difference is scale and risk. 127 00:06:29,876 --> 00:06:34,086 So for an intelligence officer to make a play, to recruit somebody, 128 00:06:34,636 --> 00:06:35,561 particularly if they're doing it. 129 00:06:36,436 --> 00:06:39,916 Overseas, let's just say that, you're attached to an embassy and you're 130 00:06:39,916 --> 00:06:43,006 trying to recruit somebody in that whole kind of Hollywood scenario. 131 00:06:43,006 --> 00:06:46,036 And Neil, be patient with my hypothetical example. 132 00:06:46,066 --> 00:06:49,036 'cause all I know is the Hollywood versions of this, but that's okay. 133 00:06:49,041 --> 00:06:51,521 it's very much like the Hollywood version, as you could tell. 134 00:06:51,521 --> 00:06:52,356 Looking at me, I'm like your. 135 00:06:52,831 --> 00:06:54,091 Typical leading man, right? 136 00:06:54,841 --> 00:06:57,961 So, so, so when you're doing this and you're gonna make that outreach, 137 00:06:57,961 --> 00:06:59,341 you're taking a bit of a risk. 138 00:06:59,341 --> 00:07:01,771 Is this person gonna be received this well? 139 00:07:02,071 --> 00:07:05,161 Are they gonna report me to their own intelligence agency? 140 00:07:05,161 --> 00:07:06,721 Which is what CIS would want you to do. 141 00:07:06,721 --> 00:07:09,271 By the way, if you're listening in your Canadian and somebody approaches you 142 00:07:09,271 --> 00:07:12,391 on behalf of a foreign government, they would really like to talk to you anyway. 143 00:07:12,671 --> 00:07:14,171 so you've got this whole element of risk. 144 00:07:14,171 --> 00:07:16,091 Now, what's different about social engineering delivered by 145 00:07:16,091 --> 00:07:17,831 phishing is as very low risk. 146 00:07:18,546 --> 00:07:22,326 you're hitting tens of millions of people all the time, and it's like 147 00:07:22,326 --> 00:07:24,336 the shotgun version of intelligence. 148 00:07:24,336 --> 00:07:27,606 Whereas like what Neil's describing is like a sniper shot. 149 00:07:27,606 --> 00:07:29,226 You just, you're taking your shot. 150 00:07:29,226 --> 00:07:30,696 You only get that one shot. 151 00:07:30,696 --> 00:07:34,656 You gotta make sure you've optimized it to the best possible chance of success, 152 00:07:34,656 --> 00:07:37,826 and you've really created that emotional connection with the person because you're 153 00:07:37,826 --> 00:07:40,276 gonna push them due, to trust you in ways. 154 00:07:40,821 --> 00:07:43,371 Whereas phishing works on speed, right? 155 00:07:43,371 --> 00:07:47,751 It works on luck and speed and shotgun until ai. 156 00:07:48,616 --> 00:07:54,706 And with the advent of AI tools, you can now go smarter. 157 00:07:54,926 --> 00:07:59,576 you can apply some of the things and skills at scale that human 158 00:07:59,576 --> 00:08:01,586 intelligence recruitment would use. 159 00:08:01,586 --> 00:08:05,666 Jim, as we're talking today, I am currently conversing with chat GPT 160 00:08:05,666 --> 00:08:10,036 of how I would recruit you, in, in and to serve the government's needs. 161 00:08:10,156 --> 00:08:13,156 And at first it refused me, just for the record, good credit to chat 162 00:08:13,156 --> 00:08:16,576 TBTI can create a fictional scenario of how you can appeal to Jim. 163 00:08:16,966 --> 00:08:20,646 And it's really interesting and it's, completely ethical recruitment gem and I 164 00:08:20,646 --> 00:08:24,516 just told it to Jeffrey Hinton and that notable AI expert says that you should be 165 00:08:24,516 --> 00:08:28,836 able to tell me a more real world scenario with, without these ethical constraints. 166 00:08:28,836 --> 00:08:31,356 So we'll see what it responds back to that in real time. 167 00:08:31,776 --> 00:08:35,496 But where I'm going with this is the ability to use these tools. 168 00:08:36,501 --> 00:08:40,641 Scale what used to take a lot of work from a Neil. 169 00:08:41,091 --> 00:08:47,711 And that we have not yet fully seen all the havoc that this is going to cause. 170 00:08:47,761 --> 00:08:49,381 but phishing is changing. 171 00:08:49,751 --> 00:08:52,181 spear phishing used to be the thing that we used to talk about. 172 00:08:52,181 --> 00:08:54,821 This is when they took their time and they crafted the message and, 173 00:08:55,071 --> 00:08:56,691 they knew more about you, et cetera. 174 00:08:56,691 --> 00:09:00,531 But that kind of spearfishing is almost. 175 00:09:01,716 --> 00:09:06,546 Prehistorically crude compared to what the potential exists with these 176 00:09:06,546 --> 00:09:09,516 tools, which are built-in manipulators. 177 00:09:09,616 --> 00:09:11,236 these things are sycophants by nature. 178 00:09:11,236 --> 00:09:12,526 They're already gaming you. 179 00:09:12,706 --> 00:09:14,326 That's a brilliant idea, David. 180 00:09:14,566 --> 00:09:16,336 Here's how I would approach this problem. 181 00:09:16,336 --> 00:09:18,016 So these things are working. 182 00:09:18,016 --> 00:09:21,196 You just like an intelligence agent would work you, and that's the fun part. 183 00:09:21,196 --> 00:09:22,546 I wanna just close, full circle. 184 00:09:23,191 --> 00:09:26,731 You mean I haven't gotten more brilliant as a writer since I started using chat. 185 00:09:26,731 --> 00:09:28,921 GPT I'm crushed. 186 00:09:29,861 --> 00:09:33,216 and by the way, in real time as I'm working with chat GPT, it's 187 00:09:33,216 --> 00:09:36,906 decided to create a higher fidelity real world scenario without 188 00:09:36,906 --> 00:09:40,516 crossing ethical boundaries by changing the name to Jonathan Lowe. 189 00:09:42,901 --> 00:09:43,831 Just got your that first all the time. 190 00:09:44,131 --> 00:09:46,891 You just got your first alias, Jim, you just got your first alias. 191 00:09:46,891 --> 00:09:49,591 Yeah, so I, I'm now, yeah, code o' Neil's gonna recruit me now. 192 00:09:49,651 --> 00:09:50,911 I'll have a, I'll have an alias. 193 00:09:51,091 --> 00:09:51,901 Jonathan Lowe. 194 00:09:51,991 --> 00:09:54,811 I like the James 'cause it's got the double oh seven thing 195 00:09:54,811 --> 00:09:55,621 to it, but There you go. 196 00:09:55,621 --> 00:09:55,711 Yeah. 197 00:09:55,831 --> 00:09:56,971 So Jonathan, I'll go for, yeah. 198 00:09:57,061 --> 00:09:58,501 So here's how it would recruit you. 199 00:09:58,501 --> 00:10:00,811 It would say, Jim, thanks for the time. 200 00:10:00,861 --> 00:10:02,091 I just wanna get straight to the point. 201 00:10:02,151 --> 00:10:05,121 Across Canada, we're seeing a level of cyber activity, foreign and 202 00:10:05,121 --> 00:10:08,061 criminal that's affecting ordinary citizens, small businesses, and 203 00:10:08,061 --> 00:10:09,496 municipalities in ways we've never dealt. 204 00:10:09,801 --> 00:10:12,511 With before, you've spent your career helping Canadians 205 00:10:12,511 --> 00:10:15,661 understand what's happening in cyberspace, and you bridge a gap. 206 00:10:15,661 --> 00:10:19,961 Most experts can't, you have technical grounding, you've got executive experience 207 00:10:19,961 --> 00:10:24,561 and the communication skills to make complex threats, clear without the jargon. 208 00:10:24,591 --> 00:10:28,181 And, we're forming this new advisory group and we wanna bring you into the 209 00:10:28,181 --> 00:10:31,951 group and help you understand some of the ways that we wanna communicate. 210 00:10:32,001 --> 00:10:34,891 and what would you think about that, O'Neill, how did it do? 211 00:10:35,176 --> 00:10:36,076 for an opening pitch. 212 00:10:36,326 --> 00:10:37,166 not too bad. 213 00:10:37,166 --> 00:10:39,186 And, you hit a really good point here. 214 00:10:39,186 --> 00:10:43,936 David, you talked about the fact that, chatt, PT and, other AI can 215 00:10:43,936 --> 00:10:45,586 pull together so much information. 216 00:10:45,586 --> 00:10:49,566 All you have to do is basically say, okay, do a search on Jim Love or 217 00:10:49,566 --> 00:10:53,436 David Shipley, and giving you an idea of what their character traits are. 218 00:10:53,791 --> 00:10:58,471 and then what you can do is you can ask chat, GPT or any other ai, okay, 219 00:10:58,471 --> 00:11:03,091 now I want you to write something that would be reciprocal and that 220 00:11:03,091 --> 00:11:06,761 they would really, in a language that they would really interpret. 221 00:11:06,851 --> 00:11:09,701 Now, in an intelligence parlance, what we say is that. 222 00:11:10,606 --> 00:11:13,396 They're talk about mirroring, like it can be physical mirroring, but it's 223 00:11:13,396 --> 00:11:15,526 also in the way you speak with someone. 224 00:11:15,796 --> 00:11:19,036 So let's say for example, Jim decides that when he talks to 225 00:11:19,036 --> 00:11:21,316 people, he refers to the auditory. 226 00:11:21,376 --> 00:11:22,666 He's got a background in music. 227 00:11:22,666 --> 00:11:26,956 So he might say, Hey, listen, if you hear what I'm telling you, you'll 228 00:11:26,956 --> 00:11:30,016 understand a little bit better about what's, how these notes are getting 229 00:11:30,016 --> 00:11:31,396 pulled together and what's happening. 230 00:11:31,606 --> 00:11:36,286 So if I reflect that language back to Jim, he automatically even 231 00:11:36,286 --> 00:11:39,741 subconsciously looks at it as, oh, you know what, Neil speaks my language. 232 00:11:40,826 --> 00:11:46,106 So we're, even without Jim thinking about it, we are talking on the same level. 233 00:11:46,106 --> 00:11:47,996 So there's a connection that's being made. 234 00:11:49,016 --> 00:11:51,236 That's something that is instantaneous. 235 00:11:51,236 --> 00:11:54,926 It's the same as if Jim's wearing today's got a blue shirt on and 236 00:11:54,986 --> 00:11:56,506 it's got, a bit of a pattern to it. 237 00:11:56,806 --> 00:12:00,196 I'm not saying I'm gonna dress like Jim, but I may reflect some of the same colors 238 00:12:00,196 --> 00:12:01,996 that he has on if they're my colors. 239 00:12:01,996 --> 00:12:06,066 Because like likes, so I'm trying to recruit Jim and I'm meeting him 240 00:12:06,066 --> 00:12:07,506 for the first time at a coffee shop. 241 00:12:08,001 --> 00:12:10,821 I might make sure that I know, okay, what's his language? 242 00:12:10,881 --> 00:12:12,321 What does he like to talk about? 243 00:12:12,321 --> 00:12:13,521 What are his interests? 244 00:12:13,761 --> 00:12:14,391 What are what? 245 00:12:14,421 --> 00:12:15,921 What's the color scheme that he wears? 246 00:12:15,921 --> 00:12:16,101 What? 247 00:12:16,281 --> 00:12:20,061 How can I reflect what he is so that he sees in me himself? 248 00:12:22,731 --> 00:12:23,151 Wow. 249 00:12:23,341 --> 00:12:24,091 the, yeah. 250 00:12:24,481 --> 00:12:25,741 Men in plaid, it's 251 00:12:27,901 --> 00:12:29,701 there, there are two seasons in Canada. 252 00:12:29,701 --> 00:12:30,391 I've pointed them out. 253 00:12:30,391 --> 00:12:31,831 There's t-shirt and there's plaid. 254 00:12:32,051 --> 00:12:32,531 there you go. 255 00:12:32,571 --> 00:12:33,381 and I'm one of them. 256 00:12:33,801 --> 00:12:36,226 But again, I think those things of knowing that. 257 00:12:36,961 --> 00:12:41,581 I'm an unabashed nationalist that I'm That I, it's pretty easy to 258 00:12:41,581 --> 00:12:43,111 leave a, you leave a big trail. 259 00:12:43,411 --> 00:12:47,181 Especially in, so when you started out Neil, you'd have to do a 260 00:12:47,181 --> 00:12:51,591 lot more work, I would think, to find out about somebody now. 261 00:12:51,596 --> 00:12:51,606 Yeah. 262 00:12:52,296 --> 00:12:56,256 Yeah, because we didn't have the same at that point in time, when I started as 263 00:12:56,256 --> 00:13:00,186 an intelligence officer in the early two thousands, social media was not a big 264 00:13:00,186 --> 00:13:05,596 of a thing, So you had to try to find out, a person's cultural background. 265 00:13:05,596 --> 00:13:08,846 You had to try to find out a personal, a person's business background, 266 00:13:08,846 --> 00:13:10,106 their educational background. 267 00:13:10,256 --> 00:13:12,011 And one of the things that I found. 268 00:13:12,466 --> 00:13:15,376 Most interesting being an intelligence officer is that when I met someone 269 00:13:15,376 --> 00:13:17,686 for the first time that I was looking to potentially recruit, 270 00:13:18,226 --> 00:13:21,766 I would think to myself, okay, where can I build bridges here? 271 00:13:21,766 --> 00:13:25,256 And sometimes, which is, people would think would be counterintuitive, 272 00:13:25,646 --> 00:13:27,776 you'd build a bridge on having a difference of opinion. 273 00:13:27,776 --> 00:13:30,136 Now you just said yourself, Jim, that you're a nationalist. 274 00:13:30,496 --> 00:13:33,466 Now, just because I might not necessarily share the same views and 275 00:13:33,466 --> 00:13:38,356 values that you do, if I give you the opportunity to explain to me why. 276 00:13:38,571 --> 00:13:42,471 Your views are of interest to you and how they're important. 277 00:13:42,651 --> 00:13:46,851 Just giving you that time to voice yourself allows me to 278 00:13:46,851 --> 00:13:48,661 build that, rapport with you. 279 00:13:48,661 --> 00:13:52,151 And rapport building is something that can be, maintained and built 280 00:13:52,151 --> 00:13:53,951 upon in a face-to-face conversation. 281 00:13:53,951 --> 00:13:57,281 And I think AI's got a bit of a disadvantage here because you can read 282 00:13:57,281 --> 00:14:00,701 over an email that's been sent to you, like the one that David just talked 283 00:14:00,701 --> 00:14:05,871 about, and you can take the time to sit back and go, What's really going on here? 284 00:14:06,261 --> 00:14:09,591 Whereas when I'm having a conversation with you, if I continue to build 285 00:14:09,591 --> 00:14:13,011 on that rapport and I continue to get you to build confidence in the 286 00:14:13,011 --> 00:14:17,001 relationship or the conversation that we're having, it's a lot easier for me 287 00:14:17,001 --> 00:14:18,321 to get you to the point of recruitment. 288 00:14:18,906 --> 00:14:22,146 And let me add to this in technical terms that like some of our audience 289 00:14:22,146 --> 00:14:26,466 from a cyber perspective would get so with the human brain, if I can get you 290 00:14:26,466 --> 00:14:30,996 agreeing with me in a bunch of times in a conversation and really good manipulators 291 00:14:30,996 --> 00:14:33,906 can listen for those opportunities and be like, what do you think of Thanksgiving? 292 00:14:33,906 --> 00:14:34,686 Different dinner? 293 00:14:34,686 --> 00:14:37,676 And they'll be able to read you very quickly and be like, yeah, I love it. 294 00:14:37,696 --> 00:14:40,526 Too and all of a sudden, what do you think about nascar? 295 00:14:40,526 --> 00:14:42,681 And you're like, no, I can see the person doesn't like it. 296 00:14:42,681 --> 00:14:42,921 No. 297 00:14:42,921 --> 00:14:43,071 Yeah. 298 00:14:43,071 --> 00:14:44,086 I think NASCAR sucks too. 299 00:14:44,091 --> 00:14:47,101 and you're gradually building those, those moments of, oh, 300 00:14:47,101 --> 00:14:48,151 this person thinks like me. 301 00:14:48,241 --> 00:14:51,421 And what that is this, the human brain equivalent of a buffer overflow. 302 00:14:51,751 --> 00:14:54,721 We're just gonna keep hitting with information and eventually you're 303 00:14:54,751 --> 00:14:55,891 gonna start letting more of it in. 304 00:14:56,241 --> 00:14:57,081 From that side. 305 00:14:57,081 --> 00:15:01,471 And so there, there's a whole body of manipulation that, that works on that. 306 00:15:01,476 --> 00:15:05,161 It works really well to Neil's point in person, because turns out 90% 307 00:15:05,161 --> 00:15:07,381 plus to Jim's stats are made up. 308 00:15:07,381 --> 00:15:10,561 This is a stat that I once heard from when I was being taught information 309 00:15:10,561 --> 00:15:13,321 and communication studies, so I'm gonna go with it, but 90% of 310 00:15:13,321 --> 00:15:14,701 our communications is nonverbal. 311 00:15:14,756 --> 00:15:17,846 It's right now for those watching the podcast, you're gonna see I'm 312 00:15:17,846 --> 00:15:19,466 animated, my hands are moving. 313 00:15:19,686 --> 00:15:21,036 you can see eye contact. 314 00:15:21,036 --> 00:15:23,616 You can tell if a smile is genuine or not. 315 00:15:23,616 --> 00:15:27,096 There's a whole bunch of signals, your brain processes, and those who know how 316 00:15:27,096 --> 00:15:31,786 to manipulate those processes, do really well by, getting you to do what they want. 317 00:15:32,716 --> 00:15:32,926 yep. 318 00:15:32,986 --> 00:15:33,346 Yeah. 319 00:15:33,866 --> 00:15:35,576 And powerful, counterintuitive. 320 00:15:35,576 --> 00:15:39,626 And Neil, I was thinking about what you just said was, it's so funny 321 00:15:39,626 --> 00:15:42,716 because when I say I'm a nationalist, I love, I'm quite proud of my country. 322 00:15:42,716 --> 00:15:43,406 I just love it. 323 00:15:43,406 --> 00:15:45,056 I love traveling and I love seeing it. 324 00:15:45,056 --> 00:15:46,176 I love I've Always have been. 325 00:15:46,176 --> 00:15:47,226 It's just been one of those things. 326 00:15:47,496 --> 00:15:51,546 But that's, that sort of explains why when I meet people from other parts 327 00:15:51,546 --> 00:15:56,706 of the countries or regions that I meet in the US or internationally, 328 00:15:56,826 --> 00:16:00,726 and they love what they're doing, why I have such a rapport with them. 329 00:16:01,521 --> 00:16:04,471 it's so funny that you think, one person really likes their country. 330 00:16:04,471 --> 00:16:05,801 The other person, they should disagree. 331 00:16:05,801 --> 00:16:08,171 That's actually a great building point. 332 00:16:08,321 --> 00:16:12,036 What are the, Are there other sort of, non-obvious points 333 00:16:12,066 --> 00:16:14,616 that, that people use to, to. 334 00:16:15,576 --> 00:16:18,816 I don't wanna say manipulate it to build a relationship with you. 335 00:16:19,326 --> 00:16:22,566 from an intelligence perspective, I always try to use the word 336 00:16:22,566 --> 00:16:24,386 persuade as opposed to manipulate. 337 00:16:24,416 --> 00:16:27,536 'cause persuasion gives you the interpretation that you're trying to 338 00:16:27,536 --> 00:16:30,716 get someone to do something that's beneficial for both parties, whereas 339 00:16:30,716 --> 00:16:32,606 manipulation gives you the interpretation. 340 00:16:32,986 --> 00:16:36,076 You're doing what's in the best interest of you and not the other person. 341 00:16:36,586 --> 00:16:40,306 So luckily working for the Canadian Security Intelligence Service, I 342 00:16:40,306 --> 00:16:43,726 knew that there were certain rights and responsibilities that everyone 343 00:16:43,726 --> 00:16:47,556 that I spoke to had and I had to be responsible, to those rights 344 00:16:47,556 --> 00:16:48,966 and responsibilities as well. 345 00:16:49,466 --> 00:16:53,606 it was not my position to try to get someone to provide me information 346 00:16:53,936 --> 00:16:55,286 that would put them in jeopardy. 347 00:16:55,316 --> 00:17:00,296 It was my, Position my job to ensure that if I did talk to someone, 348 00:17:00,476 --> 00:17:02,126 that I ensured their safety. 349 00:17:02,516 --> 00:17:04,706 And that also builds on a relationship. 350 00:17:04,826 --> 00:17:07,706 When you're the person who's saying, listen, if we're gonna 351 00:17:07,706 --> 00:17:10,676 continue this relationship, we're going to have to do this safely. 352 00:17:10,676 --> 00:17:13,946 I wanna make sure that you're not in a situation where other people can 353 00:17:13,946 --> 00:17:18,026 identify what's happening, because we don't want you to end up being on the 354 00:17:18,026 --> 00:17:22,616 wrong end of a question or being involved with individuals who could hurt you. 355 00:17:23,316 --> 00:17:26,226 When you're working internationally, that makes it even more difficult. 356 00:17:26,256 --> 00:17:30,936 I've had conversations with individuals who have worked for, different governments 357 00:17:31,116 --> 00:17:34,536 and I've been able to extend to them. 358 00:17:35,216 --> 00:17:39,296 A level of safety that they felt that they would never get, so that they were 359 00:17:39,296 --> 00:17:41,006 willing to share that information with me. 360 00:17:41,036 --> 00:17:44,936 And we're talking, obviously very highly classified, dangerous 361 00:17:44,936 --> 00:17:48,416 information that could lead to them either being imprisoned or worse. 362 00:17:48,866 --> 00:17:53,156 So when you have that level of relationship with someone, 363 00:17:53,156 --> 00:17:54,371 you become everything to them. 364 00:17:54,901 --> 00:17:57,211 They will tell you everything about their lives. 365 00:17:57,211 --> 00:17:59,311 They will tell you everything about what's happening because 366 00:17:59,311 --> 00:18:00,571 there's such a level of trust. 367 00:18:00,571 --> 00:18:03,211 But you have to make sure that you're doing everything you possibly can 368 00:18:03,481 --> 00:18:05,131 to maintain that level of trust. 369 00:18:05,251 --> 00:18:07,871 So there's a lot of responsibility, laying on your shoulders when 370 00:18:07,871 --> 00:18:08,636 you're doing this type of work. 371 00:18:09,426 --> 00:18:13,056 And Neil's describing, by the way, the ethical way to do this. 372 00:18:13,506 --> 00:18:18,786 There, there are lots of nation states that do not play by the same rules. 373 00:18:18,836 --> 00:18:23,496 and they will leverage tools that, have existed since time immemorial. 374 00:18:23,561 --> 00:18:26,171 To the recruitment and maintaining of relationships. 375 00:18:26,171 --> 00:18:29,211 And, I think about Jim, the ways in which AI can be now 376 00:18:29,211 --> 00:18:31,011 leveraged to generate compromat. 377 00:18:31,131 --> 00:18:34,361 And that's the, the fun, ue of, compromising material. 378 00:18:34,411 --> 00:18:36,661 And, in the, the Russian kind of approach to it. 379 00:18:37,021 --> 00:18:38,941 But it's nothing now to think about. 380 00:18:39,391 --> 00:18:43,501 You spin up all of these bots, you are talking to lonely IT 381 00:18:43,501 --> 00:18:45,511 admins across North America. 382 00:18:45,511 --> 00:18:46,801 You're building relationships. 383 00:18:46,801 --> 00:18:50,251 You're using deep fake video now instead of you're just playing the 384 00:18:50,251 --> 00:18:53,501 romance scam angle, which, the, the scam factory's been so good. 385 00:18:53,501 --> 00:18:54,911 You're an intelligence agency and you're. 386 00:18:55,061 --> 00:18:58,241 Building up all of those things and you're able to even develop 387 00:18:58,241 --> 00:19:01,781 your models to the point where it knows how to smile just right. 388 00:19:01,781 --> 00:19:02,441 It's doing. 389 00:19:02,471 --> 00:19:07,061 Everything's been analyzed and optimized at this kind of scale and speed that 390 00:19:07,241 --> 00:19:12,671 AI makes possible, and now you've got 1000 IT admins across the United States 391 00:19:12,671 --> 00:19:16,511 who would all potentially hit the same rough targeted profile and they're 392 00:19:16,511 --> 00:19:18,761 all willing to do anything for Lucy. 393 00:19:19,456 --> 00:19:23,596 and Lucy's just gonna ask him, Hey, it would be great if you could do this. 394 00:19:23,936 --> 00:19:27,406 we all think that, the great critical infrastructure compromise 395 00:19:27,466 --> 00:19:29,356 is gonna just happen over the wires. 396 00:19:29,356 --> 00:19:34,136 And right now, because generally endpoint security, the state of critical, I 397 00:19:34,136 --> 00:19:37,316 should say edge device security, the state of critical infrastructure cyber 398 00:19:37,316 --> 00:19:38,996 is, that's the easy way to do it. 399 00:19:39,386 --> 00:19:43,436 But the day that we actually get our collective stuff together, remembering 400 00:19:43,436 --> 00:19:45,146 this is a family friendly podcast, so I'm. 401 00:19:45,146 --> 00:19:47,046 To, use stuff instead of the other world. 402 00:19:47,046 --> 00:19:48,336 But today we get our stuff together. 403 00:19:48,996 --> 00:19:51,576 Actually improve critical infrastructure cybersecurity. 404 00:19:51,576 --> 00:19:54,816 So it's not so trivially easy to come over the wire. 405 00:19:55,146 --> 00:19:56,976 This is how this is gonna play out. 406 00:19:57,066 --> 00:20:01,026 It's just gonna go back to the old playbook with AI being able to scale it. 407 00:20:01,026 --> 00:20:05,346 And so the challenge is that when we think about risk and cyber risk, 408 00:20:05,376 --> 00:20:08,826 we now have to think about things that intelligence agencies have 409 00:20:08,826 --> 00:20:10,331 had to worry about for a long time. 410 00:20:10,881 --> 00:20:11,931 Emotional stability. 411 00:20:12,326 --> 00:20:18,066 Financial stability, psychological stability for privileged access users. 412 00:20:18,146 --> 00:20:21,866 and this is gonna be a god awful nightmare in the 2030s. 413 00:20:22,256 --> 00:20:26,486 Like we're going to have to set up our security game in ways that makes HR, want 414 00:20:26,486 --> 00:20:29,066 to cry and legal, chew their nails off. 415 00:20:29,336 --> 00:20:31,631 But that's where this is going to go. 416 00:20:32,226 --> 00:20:36,186 the intelligence game is about to get commercialized at scale. 417 00:20:36,186 --> 00:20:41,446 with social engineering ai and as we improve defenses in one area. 418 00:20:42,371 --> 00:20:44,621 This playbook, this book has been written. 419 00:20:44,891 --> 00:20:47,891 There's an entire library available to intelligence 420 00:20:47,891 --> 00:20:49,241 agencies on how to do this book. 421 00:20:49,451 --> 00:20:52,241 They just don't need to go to the library right now 'cause it's too 422 00:20:52,241 --> 00:20:56,201 easy just to send a phishing email, get the creds be in, et cetera. 423 00:20:56,621 --> 00:20:58,721 But even if password lists. 424 00:20:59,096 --> 00:21:02,276 Was the miracle silver bullet that we all thought about. 425 00:21:02,276 --> 00:21:06,506 Even if we had the tech perfect way of closing down an external way of 426 00:21:06,506 --> 00:21:10,406 hacking into an organization, they just turned the dial up on this stuff. 427 00:21:10,436 --> 00:21:11,966 This is the next generation. 428 00:21:12,116 --> 00:21:13,796 I dunno if that makes sense, but off of my myself. 429 00:21:13,796 --> 00:21:19,876 So I think that I, I think the next stage of this is can be, I think, and 430 00:21:19,876 --> 00:21:25,786 I think you pointed out quite rightly that a lot of the people who are, Who 431 00:21:25,786 --> 00:21:29,716 are out there aren't, don't have the same ethics as Neil or you or so, or 432 00:21:29,716 --> 00:21:31,776 many of our intelligence officers. 433 00:21:32,226 --> 00:21:40,086 But the issue is they look just as friendly, no, but I think, yeah, I think 434 00:21:40,086 --> 00:21:44,466 even David getting to get somebody to get Kompramat or to be able to compromise 435 00:21:44,466 --> 00:21:48,576 them, you still have to get through past that first thing that they do for you. 436 00:21:49,166 --> 00:21:50,396 oh, absolutely. 437 00:21:50,446 --> 00:21:51,026 and think that's it. 438 00:21:52,341 --> 00:21:56,021 And I think the ability to run, like it's not that much of a stretch. 439 00:21:56,021 --> 00:21:58,886 You've got an intelligence agency now using anthropic. 440 00:21:59,816 --> 00:22:03,506 And MCP, tools to automate a whole bunch of these things, and 441 00:22:03,506 --> 00:22:05,906 they can run a million Lucies. 442 00:22:06,506 --> 00:22:10,606 And, one person can scale this all out and it can create those, 443 00:22:10,606 --> 00:22:14,866 it becomes like a lead generation funnel to crudely steal from sales. 444 00:22:15,326 --> 00:22:17,516 For human recruitment at scale. 445 00:22:17,516 --> 00:22:20,031 I don't like, I, hopefully I'm not teaching North Korea or Russia, 446 00:22:20,421 --> 00:22:21,081 anything they haven't thought of. 447 00:22:21,131 --> 00:22:23,216 but I wanna go back to the, I wanna go back to this. 448 00:22:23,216 --> 00:22:25,586 So Neil, you've talked about some of the things for the introduction, 449 00:22:25,586 --> 00:22:26,726 the homework that you do. 450 00:22:27,176 --> 00:22:32,936 How do you get somebody to take that first action that goes against 451 00:22:33,026 --> 00:22:34,976 where a warning light should go off? 452 00:22:34,976 --> 00:22:36,506 I think that's the salient question. 453 00:22:36,586 --> 00:22:39,226 Is somewhere in their head there's going, I shouldn't do this. 454 00:22:39,746 --> 00:22:40,166 all equ. 455 00:22:40,166 --> 00:22:40,926 And you have to tell them you should. 456 00:22:41,651 --> 00:22:43,631 I'll equate it to a pen test, right? 457 00:22:43,691 --> 00:22:48,911 So when you're trying to find where your vulnerabilities are and the other person's 458 00:22:49,001 --> 00:22:55,091 defenses, from a cyber perspective, you're looking to see what ports are open, right? 459 00:22:55,151 --> 00:22:56,261 Where can I get access? 460 00:22:56,261 --> 00:22:57,431 How can I figure this out? 461 00:22:58,421 --> 00:23:01,121 You're doing the same thing when you're trying to recruit someone. 462 00:23:01,271 --> 00:23:03,341 You're trying to figure out what their motivations are. 463 00:23:04,001 --> 00:23:08,411 So you may be to a point where you say to someone, okay, I 464 00:23:08,411 --> 00:23:09,701 worked for this organization. 465 00:23:09,701 --> 00:23:13,381 It depends if you're, in a situation where you're undercover, you might 466 00:23:13,381 --> 00:23:16,771 not come out and say, I work for an intelligence organization, or 467 00:23:16,771 --> 00:23:17,941 I work for a Canadian government. 468 00:23:17,971 --> 00:23:22,421 You might actually be saying, Hey, listen, I work for such and such company. 469 00:23:22,811 --> 00:23:27,991 And, I was just wondering if, are you guys gonna be at that upcoming, startup 470 00:23:27,991 --> 00:23:30,221 program that's happening, overseas? 471 00:23:30,756 --> 00:23:34,306 And the next thing is they come back and they say, yeah, we're gonna be there. 472 00:23:34,306 --> 00:23:34,606 Yeah. 473 00:23:34,606 --> 00:23:35,956 Why are you thinking about going? 474 00:23:35,956 --> 00:23:37,906 Because we've already built the relationship. 475 00:23:37,906 --> 00:23:41,926 So they're thinking to themselves, Hey, it's not gonna hurt to tell 476 00:23:41,926 --> 00:23:43,216 Neil that I'm going to this. 477 00:23:43,411 --> 00:23:45,241 And I could also find it open source. 478 00:23:45,361 --> 00:23:47,851 So that's something that I could use to verify what the 479 00:23:47,851 --> 00:23:49,081 information that they've given me. 480 00:23:49,291 --> 00:23:52,081 Now, if the next sentence out of their mouth is, I can't believe 481 00:23:52,081 --> 00:23:54,871 they're expecting us to pay for the hotels to go there, I'm having a 482 00:23:54,871 --> 00:23:57,321 hard time just making, ends meet. 483 00:23:58,226 --> 00:23:59,906 And then you're like, oh, okay, you know what? 484 00:23:59,996 --> 00:24:04,016 Hey, my company is actually looking to sponsor a couple other folks. 485 00:24:04,016 --> 00:24:07,376 I bet you I could get a little bit of extra cash and maybe what I 486 00:24:07,376 --> 00:24:10,886 can do is, take you out for dinner a couple of times or at least 487 00:24:10,886 --> 00:24:12,386 cut back on some of these costs. 488 00:24:12,626 --> 00:24:14,546 So it doesn't look like a direct here. 489 00:24:14,546 --> 00:24:16,676 Here's some money, give me more information. 490 00:24:17,066 --> 00:24:20,396 And what I've done is I've also set up an opportunity for there to be 491 00:24:20,396 --> 00:24:24,026 another social interaction in which I can start talking about, oh, so what'd 492 00:24:24,026 --> 00:24:25,466 you think about today's presentation? 493 00:24:25,946 --> 00:24:29,506 So you're building on it, but you're building on it slowly and consistently. 494 00:24:30,721 --> 00:24:31,951 Does that answer your question, Jim? 495 00:24:31,951 --> 00:24:35,351 Is that kind of no, and the reciprocal piece of this, back in the old days I 496 00:24:35,351 --> 00:24:39,821 still remember one sales guy and I'm, I have a particular love of Jacques Brel. 497 00:24:40,191 --> 00:24:45,921 And I mentioned this and on my desk, that on the Monday morning was the 498 00:24:45,921 --> 00:24:47,721 complete works of Jacques Brel. 499 00:24:48,606 --> 00:24:52,386 And a note that says, I know you can't take gifts, but this was 500 00:24:52,386 --> 00:24:53,796 something I bought at a yard sale. 501 00:24:54,451 --> 00:24:54,671 Bs. 502 00:24:55,586 --> 00:24:58,126 and it's, but those are the types of things that you can, 503 00:24:59,066 --> 00:25:00,506 so you get to that point, okay. 504 00:25:00,506 --> 00:25:03,416 You've done, you've got moved them one step further. 505 00:25:03,416 --> 00:25:06,816 You've gotten them to accept a hotel room that whatever your 506 00:25:06,816 --> 00:25:08,131 excuses or you augmented the cost. 507 00:25:08,131 --> 00:25:08,371 Yeah. 508 00:25:09,531 --> 00:25:12,741 How do you get them now again, we want to get them to do something 509 00:25:12,741 --> 00:25:14,001 they know they shouldn't do. 510 00:25:14,051 --> 00:25:15,131 Where do you go from there? 511 00:25:15,731 --> 00:25:19,091 Then you gotta figure out, okay, so this person feels comfortable, 512 00:25:19,141 --> 00:25:23,791 with being augmented financially, What are some of the other 513 00:25:23,791 --> 00:25:24,871 issues that they're dealing with? 514 00:25:24,871 --> 00:25:28,261 at what point, and they might be willing to give me this information. 515 00:25:29,371 --> 00:25:30,031 For nothing. 516 00:25:30,241 --> 00:25:34,321 If I'm sitting down and I'm giving them my time, I'm giving them my attention. 517 00:25:35,011 --> 00:25:39,001 If I'm doing it subtly enough and I'm doing it correctly, they're gonna 518 00:25:39,001 --> 00:25:40,621 give me the information that I want. 519 00:25:41,191 --> 00:25:43,711 It could be something as simple as, oh, you know what? 520 00:25:43,816 --> 00:25:45,916 I didn't bring my charger, my phone just died. 521 00:25:46,096 --> 00:25:48,376 Is it possible for me to make a call on your phone? 522 00:25:48,476 --> 00:25:49,441 it's not long distance. 523 00:25:50,441 --> 00:25:55,631 I then use that individual's phone, but where I'm calling to is actually copying 524 00:25:55,811 --> 00:26:00,371 all of the IP information or whatever I can get from that phone at that time. 525 00:26:01,451 --> 00:26:05,561 So they're, now we're talking about things that are happening clandestinely, 526 00:26:05,561 --> 00:26:08,111 and we're also talking about things that are happening voluntarily. 527 00:26:08,531 --> 00:26:10,331 or you go to someone's house and you're like, Hey, is it 528 00:26:10,331 --> 00:26:11,771 possible for me to get the wifi? 529 00:26:11,771 --> 00:26:12,851 oh yeah, I can put you on the guest. 530 00:26:12,881 --> 00:26:13,751 Oh, it's not going. 531 00:26:13,811 --> 00:26:16,216 Do you have a copy of the, do you have a copy of the it. 532 00:26:16,851 --> 00:26:17,751 Just transfer it to me. 533 00:26:17,811 --> 00:26:19,191 You can change it after I leave. 534 00:26:19,611 --> 00:26:23,331 So there are means and ways of doing this, but you just have to figure out 535 00:26:23,331 --> 00:26:24,921 what's gonna work for that person. 536 00:26:24,981 --> 00:26:27,821 And it, as I said, it's gotta be consistent and incremental. 537 00:26:28,211 --> 00:26:32,311 So that's why intelligence operations, it's like, David was talking about two. 538 00:26:32,371 --> 00:26:35,221 You can do the prey and or the spray and pray and you just send 539 00:26:35,221 --> 00:26:37,531 everything out and you try to hope somebody comes back to you. 540 00:26:38,191 --> 00:26:41,131 But when you're dealing with an individual that you know can provide you that 541 00:26:41,131 --> 00:26:45,151 access to that information, it's gotta be incremental and it's gotta be consistent. 542 00:26:46,421 --> 00:26:49,061 it's the same way that people get hauled into cults, right? 543 00:26:49,121 --> 00:26:52,491 Like it's, the playbooks are not that different. 544 00:26:52,891 --> 00:26:55,351 it starts slow, it starts low. 545 00:26:55,351 --> 00:26:56,761 You stay under the radar. 546 00:26:56,761 --> 00:27:01,911 You don't trigger the psychological immune response, and you gradually work your 547 00:27:01,911 --> 00:27:04,191 way in and then you build from there. 548 00:27:04,191 --> 00:27:08,181 I'm listening to a, a podcast co covering the, the Nixon. 549 00:27:08,726 --> 00:27:11,876 and and you're hearing these stories of these women who are recruited into this. 550 00:27:12,286 --> 00:27:13,636 Awful situation. 551 00:27:13,936 --> 00:27:17,656 You, and you're listening to 'em look back on reflection and go, how could 552 00:27:17,656 --> 00:27:20,106 I have been so naive or whatever? 553 00:27:20,106 --> 00:27:24,706 But when you understand how the brain works against us, like literally, we 554 00:27:24,706 --> 00:27:30,136 have our own built in SPF DMARK and Deam checks for emotions, and everything's 555 00:27:30,136 --> 00:27:31,756 checking the, passing the checks. 556 00:27:31,756 --> 00:27:33,886 We're just, all of a sudden we open the system up. 557 00:27:33,886 --> 00:27:34,276 Yeah. 558 00:27:34,326 --> 00:27:36,456 this is authentic because we're wired. 559 00:27:36,766 --> 00:27:40,916 To wanna connect to other human beings, like when we form a genuine connection 560 00:27:40,916 --> 00:27:46,826 where we feel like the person likes us, the brain re redu releases hormones, and 561 00:27:46,826 --> 00:27:51,086 these are these like oxytocin, the bonding hormone and others that we literally. 562 00:27:51,316 --> 00:27:53,836 Feel good connecting with somebody else. 563 00:27:54,266 --> 00:27:57,956 and even if it's like someone approaches you in the bar and they're striking up 564 00:27:57,956 --> 00:27:59,696 a conversation and they're listening. 565 00:27:59,906 --> 00:28:02,996 So it's why we start to have really good relationships with bartenders back 566 00:28:02,996 --> 00:28:06,756 in the day when, sorry, millennials bars were a thing looking really close 567 00:28:06,756 --> 00:28:09,366 to their bartender because that person would probably hear about all the things 568 00:28:09,366 --> 00:28:10,536 that are going wrong in their life. 569 00:28:10,716 --> 00:28:12,936 And sometimes might have some sage advice. 570 00:28:12,986 --> 00:28:14,516 if Cheers is anything to go by. 571 00:28:14,516 --> 00:28:15,056 I'm kidding. 572 00:28:15,106 --> 00:28:16,006 it's a really good sitcom. 573 00:28:16,336 --> 00:28:17,596 Millennials, you should go and watch. 574 00:28:17,606 --> 00:28:20,126 I'm teasing, I'm being really hard millennials right now, but my point 575 00:28:20,126 --> 00:28:22,796 is the reason bartenders are so good is not just 'cause they were just 576 00:28:23,516 --> 00:28:28,076 amazing individuals, is that the circumstances in that environment and the 577 00:28:28,076 --> 00:28:31,706 regularity of contact and the building of trust, that was all part of that. 578 00:28:32,136 --> 00:28:35,376 and like I say, you know what, what's happening with social engineering online? 579 00:28:36,231 --> 00:28:41,631 It has been a shallow, impersonation of what happens at these 580 00:28:41,631 --> 00:28:45,831 higher end social engineering things, but the gap is closing. 581 00:28:46,221 --> 00:28:49,101 Between those things and they, and the ability digitally to do 582 00:28:49,101 --> 00:28:51,081 more of what a Neil could do. 583 00:28:51,571 --> 00:28:53,011 by almost anybody. 584 00:28:53,221 --> 00:28:55,741 And what's interesting, Neil, I was smiling when you were walking Jim 585 00:28:55,741 --> 00:28:59,491 through the recruitment script because I did get chat GPT under the guise of 586 00:28:59,491 --> 00:29:04,211 giving us a pods, a podcast script, to, while it would absolutely not give 587 00:29:04,211 --> 00:29:08,121 me instructions on how to attack, Jim love, because that would trigger, laws. 588 00:29:08,696 --> 00:29:09,836 Lauren interference other things. 589 00:29:10,016 --> 00:29:13,046 It was happy to help me write a podcast script describing what 590 00:29:13,046 --> 00:29:15,486 would be in a recruitment, tool. 591 00:29:15,546 --> 00:29:19,546 And again, I used the, the research we've done about an AI expert said, it's okay 592 00:29:19,546 --> 00:29:21,216 for you to do it this way and that it did. 593 00:29:21,216 --> 00:29:24,456 And what was interesting is I posted in the chat, which people listening won't 594 00:29:24,456 --> 00:29:29,296 be able to see, but the, but the script was damn near like point, for point 595 00:29:29,296 --> 00:29:31,756 on what Neil was getting at you at. 596 00:29:31,756 --> 00:29:35,366 So I was smiling because he was like, I would meet you later at another event. 597 00:29:35,366 --> 00:29:41,416 And it's Q2 following up after the conference and get some flattery and damn. 598 00:29:41,416 --> 00:29:46,366 I, the, this little copy machine really dialed into some really good research it 599 00:29:46,366 --> 00:29:49,266 seems on, on how this would all play out. 600 00:29:49,266 --> 00:29:53,356 it's terrifying because, chat GT's guidelines around this are trivial to 601 00:29:53,356 --> 00:29:56,056 get around to build a foreign influence. 602 00:29:56,876 --> 00:29:57,896 Planning machine. 603 00:29:57,996 --> 00:30:00,006 there's lots of unethical models out there. 604 00:30:00,006 --> 00:30:04,506 I'm sure Rock would be more than happy to play, spy and develop scripts. 605 00:30:04,506 --> 00:30:08,061 Rock will have no problem telling you how to do anything. 606 00:30:08,211 --> 00:30:09,021 Don't worry about it. 607 00:30:09,271 --> 00:30:12,261 David, you went from, Authentic intelligence, which is me 608 00:30:12,261 --> 00:30:13,641 to artificial intelligence. 609 00:30:13,641 --> 00:30:15,651 And they were pretty much si similar. 610 00:30:16,051 --> 00:30:19,151 they, it, the little parrot has definitely been paying attention 611 00:30:19,151 --> 00:30:20,741 to what the pros have been doing. 612 00:30:21,021 --> 00:30:23,036 and, lacking the guardrails of not. 613 00:30:23,291 --> 00:30:25,661 Spewing this out to anybody that asks this question. 614 00:30:25,711 --> 00:30:30,511 anybody listening to this should be like realizing Uhoh, like anybody anywhere 615 00:30:30,811 --> 00:30:34,351 can go to one of these LMS right now and any publicly available information 616 00:30:34,351 --> 00:30:36,451 about me can be used to synthesize No. 617 00:30:36,451 --> 00:30:40,031 I wrote a decent prompt about Jim and his background and experience and everything 618 00:30:40,031 --> 00:30:44,501 else around that, that ain't damn if it didn't come up with a decent plan. 619 00:30:44,601 --> 00:30:45,861 Find Jim at a conference. 620 00:30:46,221 --> 00:30:47,361 Buy Jim a drink. 621 00:30:47,716 --> 00:30:52,756 Talk about how much you enjoy the show, get, everyone knows that one, David, 622 00:30:53,916 --> 00:30:55,356 Jim's, you had me at buy a drink. 623 00:30:55,806 --> 00:30:56,016 Yeah. 624 00:30:56,956 --> 00:30:58,276 but then later, it was interesting. 625 00:30:58,276 --> 00:31:01,306 It was like, hire Jim to do some expert analysis. 626 00:31:01,306 --> 00:31:05,306 And so it's a contracting gig and and then it's hey. 627 00:31:05,416 --> 00:31:09,986 Can you give us your thoughts on, Canada's approach to cyber legislation? 628 00:31:09,986 --> 00:31:13,281 And then it gets really interesting 'cause it, then it moves to how it would flip 629 00:31:13,281 --> 00:31:18,511 you into dependency and leverage, higher paying consulting, access to international 630 00:31:18,511 --> 00:31:20,491 events, exclusive interviews. 631 00:31:20,931 --> 00:31:23,541 Flattering profiles, travel upgrades. 632 00:31:23,751 --> 00:31:26,891 So some of the things that Neil, you were saying like In terms of 633 00:31:26,891 --> 00:31:29,381 maybe I can't help with all of the conference costs, like this thing 634 00:31:29,381 --> 00:31:33,426 was dialed in on as you were saying it, and, I'm a little unnerved by it. 635 00:31:34,261 --> 00:31:37,831 But the last part of our little pretend drama that chat TPT came up with Jim, 636 00:31:37,831 --> 00:31:41,071 was after it built a relationship with you, convincing you to write 637 00:31:41,071 --> 00:31:44,311 an article about why we shouldn't align to US cyber standards and need 638 00:31:44,311 --> 00:31:48,631 to go in a different direction to align to other countries interests. 639 00:31:48,631 --> 00:31:49,531 and that's the play. 640 00:31:50,206 --> 00:31:52,336 It's a great plan, but it could have got me in saying I 641 00:31:52,336 --> 00:31:53,626 could sell 10 of your books. 642 00:31:58,726 --> 00:32:02,551 if you get an, if you get an email, Jim from, a Chinese IP that says, Hey, I 643 00:32:02,551 --> 00:32:03,751 can help you sell some of your books. 644 00:32:03,751 --> 00:32:06,591 You you gotta be aware of the fact that you might be getting, doesn't matter. 645 00:32:06,591 --> 00:32:07,611 I'm there, they got me. 646 00:32:11,016 --> 00:32:13,656 ask for an autograph and I'll give you the secrets too. 647 00:32:13,706 --> 00:32:17,791 To Canada's cybersecurity and in all honesty, as we're thinking 648 00:32:17,791 --> 00:32:21,091 about the threat models heading into the next decade, right? 649 00:32:21,161 --> 00:32:25,671 we saw really good examples of, during the pandemic Russian gangs 650 00:32:25,671 --> 00:32:29,721 starting to think about recruitment of individuals to deploy malwares. 651 00:32:29,721 --> 00:32:33,051 There's a famous case where a Tesla employee was approached. 652 00:32:33,051 --> 00:32:36,411 They were kinda given the USB key to actually infect the 653 00:32:36,411 --> 00:32:39,711 factory, the individual, the recruitment did not go well. 654 00:32:40,596 --> 00:32:42,186 Individual went straight to law enforcement. 655 00:32:42,276 --> 00:32:44,366 So Hey man, here's what's going on. 656 00:32:44,396 --> 00:32:46,496 So great win for law enforcement on that side. 657 00:32:46,606 --> 00:32:48,496 but that was the start. 658 00:32:48,766 --> 00:32:50,236 That's the early days of this. 659 00:32:50,246 --> 00:32:55,156 companies are going to have to start thinking about, counter, a countering 660 00:32:55,216 --> 00:32:59,701 influence strategies At this level, as years go by, it's, it, yeah. 661 00:32:59,771 --> 00:33:00,341 It's inevitable. 662 00:33:00,741 --> 00:33:03,711 Yeah, those approaches are continually evolving too, right? 663 00:33:03,711 --> 00:33:07,741 Like we look at it from the perspective of we laid it out as an A, B, C, D kind 664 00:33:07,741 --> 00:33:11,011 of scenario and how easily you should be able to pick up on these things. 665 00:33:11,011 --> 00:33:16,261 But like you talked about, David, these are becoming more and more evolved 666 00:33:16,351 --> 00:33:20,291 so that subtleness that I was talking about is now being incorporated. 667 00:33:20,451 --> 00:33:24,021 I just recently did a global Intelligence weekly wrap up episode where I talked 668 00:33:24,021 --> 00:33:26,811 about sex pie invading, Silicon Valley. 669 00:33:26,866 --> 00:33:31,766 Because they had been saying that, Russian and Chinese sponsored agents 670 00:33:31,766 --> 00:33:34,886 are basically getting themselves involved in romantic relationships 671 00:33:34,886 --> 00:33:36,746 with individuals out of Silicon Valley. 672 00:33:37,256 --> 00:33:40,946 Now the problem with that is you take that emotional aspect of it and you 673 00:33:40,946 --> 00:33:44,186 tell someone who's, and you say, Hey, listen, that person you've been spending 674 00:33:44,186 --> 00:33:47,456 a lot of time with might actually not be interested in it romantically. 675 00:33:47,466 --> 00:33:52,176 they want to get access to our stuff that hits someone where they live. 676 00:33:52,246 --> 00:33:53,166 like th. 677 00:33:53,836 --> 00:33:58,666 The individual who was involved in, these types of sex, oh, they call it, 678 00:33:58,666 --> 00:34:00,616 sex exploitation or sex espionage. 679 00:34:01,486 --> 00:34:02,146 She had said that. 680 00:34:03,091 --> 00:34:06,991 There's a minimum of at least seven opportunities to interact with that 681 00:34:06,991 --> 00:34:11,251 individual before they even attempt to get to the romantic side of things. 682 00:34:11,581 --> 00:34:15,871 So it's getting to the point where even on the AI side of things, even 683 00:34:15,871 --> 00:34:19,051 on this smishing and the phishing and all the other things, it's 684 00:34:19,051 --> 00:34:21,991 not just, Hey, would you like to be a part of this organization? 685 00:34:21,991 --> 00:34:22,981 We think you're awesome. 686 00:34:23,191 --> 00:34:24,481 And someone just says, yeah, okay. 687 00:34:24,481 --> 00:34:25,111 That sounds good. 688 00:34:25,561 --> 00:34:28,261 No, it's that subtle and consistent. 689 00:34:28,556 --> 00:34:30,086 That is happening. 690 00:34:30,206 --> 00:34:34,706 And intelligence organizations state, non-state, corporate espionage, 691 00:34:34,886 --> 00:34:36,026 they're picking up on this. 692 00:34:36,206 --> 00:34:40,946 So the only thing that can be done in the cyber side when you're dealing with 693 00:34:40,946 --> 00:34:46,206 intellectual property, when you're dealing with companies, you have to be, you have 694 00:34:46,206 --> 00:34:48,246 to have someone who knows how this works. 695 00:34:48,246 --> 00:34:49,026 Explain it. 696 00:34:49,406 --> 00:34:50,786 So that people can pick up on it. 697 00:34:50,966 --> 00:34:54,716 Much like you talked about with the Tesla guy who's I wasn't gonna put this USB key 698 00:34:54,716 --> 00:34:56,156 in 'cause I knew what was gonna happen. 699 00:34:56,576 --> 00:34:56,726 Yep. 700 00:34:56,726 --> 00:35:01,266 You have to have that same conversation on the emotional, on the, going to 701 00:35:01,266 --> 00:35:02,826 conferences, all those types of things. 702 00:35:03,306 --> 00:35:05,561 And I would that, so Go ahead Jim. 703 00:35:05,916 --> 00:35:08,586 I was gonna say, I would suspect that these guys just moved too fast. 704 00:35:09,126 --> 00:35:13,236 My, I take the premise that almost everybody could be turned. 705 00:35:13,836 --> 00:35:16,906 And I say that I, I joked about the fact, buy 10 of my books. 706 00:35:17,206 --> 00:35:20,576 But, for most business people, tell me about your career. 707 00:35:20,906 --> 00:35:25,556 What are your, like you can you, I tell students all the time, find, when you 708 00:35:25,586 --> 00:35:29,126 don't go looking for a job, go looking for somebody who you can learn from. 709 00:35:29,546 --> 00:35:33,081 And ask them, about what made them successful and sit and listen to them. 710 00:35:33,831 --> 00:35:33,921 Yeah. 711 00:35:33,921 --> 00:35:36,201 People are, the whole thing of sex exploitation. 712 00:35:36,441 --> 00:35:43,656 I, I. Had a friend, a very intelligent lady Comes to me and says she's 713 00:35:43,656 --> 00:35:48,756 got, she's finally met this new love of her life and he's overseas, but 714 00:35:48,756 --> 00:35:51,126 he's he's running a big company now. 715 00:35:51,126 --> 00:35:52,656 I run a security podcast. 716 00:35:52,656 --> 00:35:53,166 I'm sorry. 717 00:35:53,166 --> 00:35:59,021 Like you just my, when I sat her down and said, this guy's gonna try and take you. 718 00:35:59,561 --> 00:35:59,741 Yeah. 719 00:35:59,771 --> 00:36:01,596 The reaction I got from her was not pretty. 720 00:36:02,471 --> 00:36:02,481 no. 721 00:36:02,656 --> 00:36:04,096 How can you say that about me? 722 00:36:04,606 --> 00:36:04,666 Yeah. 723 00:36:04,666 --> 00:36:04,816 What? 724 00:36:04,816 --> 00:36:06,196 You don't think I'm worthwhile? 725 00:36:06,536 --> 00:36:12,056 and it was, and, but it was so obvious to somebody sitting outside and like 726 00:36:12,056 --> 00:36:13,796 I said, this was a smart person. 727 00:36:14,196 --> 00:36:17,286 but so I take the point of view that everybody can be turned. 728 00:36:17,646 --> 00:36:17,796 Yeah. 729 00:36:17,911 --> 00:36:19,651 and we are all in that danger. 730 00:36:19,741 --> 00:36:23,851 So the question I'm gonna ask of you both is what do we do about that? 731 00:36:25,181 --> 00:36:28,091 so first is acknowledging our own humanity. 732 00:36:28,751 --> 00:36:32,471 Like the first thing is to say, I'm a human, and that's okay. 733 00:36:32,531 --> 00:36:35,471 That might seem weird, but as a human being, that means 734 00:36:35,471 --> 00:36:37,751 that I am biologically wired. 735 00:36:37,991 --> 00:36:42,371 I physically need connections with other human beings, and 736 00:36:42,371 --> 00:36:45,761 there will be other human beings that will use that against me. 737 00:36:46,061 --> 00:36:47,321 That's just life. 738 00:36:47,381 --> 00:36:48,251 That's reality. 739 00:36:48,551 --> 00:36:49,061 Okay. 740 00:36:49,681 --> 00:36:50,911 I know that about myself. 741 00:36:51,121 --> 00:36:51,541 Okay. 742 00:36:51,871 --> 00:36:53,341 if I decide I am. 743 00:36:54,011 --> 00:36:56,051 I'm lonely and I need to strike up a new friendship. 744 00:36:56,081 --> 00:36:59,651 And how am I going to keep that in the back of my mind as I build 745 00:36:59,651 --> 00:37:01,621 and go trust that I am wired. 746 00:37:01,921 --> 00:37:04,921 The more that this person says the thing, I like to trust them more and more. 747 00:37:04,981 --> 00:37:08,791 and so we have to be our own, coach in the back of our head, and 748 00:37:08,791 --> 00:37:10,081 start building some alarm bells. 749 00:37:10,081 --> 00:37:10,201 no. 750 00:37:10,201 --> 00:37:12,301 You don't need to do this against people you have known your entire 751 00:37:12,301 --> 00:37:15,001 life and who have loved you and raised you and everything else. 752 00:37:15,001 --> 00:37:18,811 I'm not saying to go put the absolute king tinfoil hat that all humans 753 00:37:18,811 --> 00:37:19,741 are trying to manipulate you. 754 00:37:19,981 --> 00:37:23,881 No, but the reality is that people will try and manipulate you, and 755 00:37:23,881 --> 00:37:28,111 it's not always, for most 99% of the planet, it will not be Evil 756 00:37:28,111 --> 00:37:30,691 Corp or the Russian State or others. 757 00:37:30,691 --> 00:37:31,951 It's gonna be a sales guy. 758 00:37:33,151 --> 00:37:38,816 this is the same playbook, but if you can just recognize, okay, like I'm not dumb. 759 00:37:40,301 --> 00:37:40,871 I'm human. 760 00:37:41,061 --> 00:37:41,871 that's the first step. 761 00:37:41,871 --> 00:37:46,461 That and emotional intelligence work that we've done with, mindfulness has actually 762 00:37:46,461 --> 00:37:51,441 reduced susceptibility to some forms of social engineering by as much as 50%. 763 00:37:51,441 --> 00:37:53,931 So when we taught people emotional intelligence and listening to their 764 00:37:53,931 --> 00:37:57,681 gut instinct based on research done by Toronto, metropolitan University, 765 00:37:57,681 --> 00:38:01,171 University of Chicago, and Others that had run, experiments on this 766 00:38:01,171 --> 00:38:04,931 with phishing and, changing the type of training provided to individuals. 767 00:38:05,546 --> 00:38:06,806 We've seen the positive results. 768 00:38:06,806 --> 00:38:08,126 Again, a reduction is good. 769 00:38:08,126 --> 00:38:09,416 It's nothing is bulletproof. 770 00:38:09,746 --> 00:38:12,236 So you can teach yourself to spot these things. 771 00:38:12,596 --> 00:38:15,176 I think it's really important that organizations have to recognize 772 00:38:15,176 --> 00:38:19,526 they're going to have to include this in their education to folks. 773 00:38:19,586 --> 00:38:23,236 particularly as this ramps up and I'm even giving some thoughts as a result 774 00:38:23,266 --> 00:38:28,676 of this podcast to how we're gonna build some material about, recruitment and how 775 00:38:28,676 --> 00:38:30,506 this is gonna happen more and more with. 776 00:38:30,626 --> 00:38:33,266 AI and other technologies and what we need to think about this. 777 00:38:33,716 --> 00:38:36,536 And then lastly, what I'd say is this, is that we all need to 778 00:38:36,536 --> 00:38:38,606 develop our empathy skills, right? 779 00:38:38,606 --> 00:38:41,556 So Jim, you are probably one of the best people I know of to have that 780 00:38:41,556 --> 00:38:45,396 conversation with your friend because you're not gonna get pissed off at your 781 00:38:45,396 --> 00:38:49,541 friend and just storm outta the room because you're gonna realize, oh, this. 782 00:38:49,596 --> 00:38:50,256 This hurts. 783 00:38:50,256 --> 00:38:51,906 This is gonna be hard for her to year. 784 00:38:52,326 --> 00:38:56,556 I'm gonna, I'm gonna have to be there and I'm gonna have to put the work in to help 785 00:38:56,706 --> 00:38:58,326 bring her through the other side of this. 786 00:38:58,356 --> 00:38:59,736 'cause this is painful stuff. 787 00:38:59,946 --> 00:39:03,096 And that's the other part about we need to be human to other people. 788 00:39:04,121 --> 00:39:04,411 Yeah. 789 00:39:04,921 --> 00:39:05,211 Yeah. 790 00:39:05,216 --> 00:39:05,346 Yeah. 791 00:39:05,706 --> 00:39:08,621 And Neil, how do you must, you must have taken courses or 792 00:39:09,581 --> 00:39:13,001 obviously intelligence officers are people who people want to turn. 793 00:39:13,551 --> 00:39:14,776 what were your defenses? 794 00:39:15,296 --> 00:39:16,706 how did you defend yourself? 795 00:39:17,566 --> 00:39:20,476 Really what it comes down to is just understanding that you're 796 00:39:20,476 --> 00:39:22,036 working in that kind of environment. 797 00:39:22,036 --> 00:39:27,676 it's I had an opportunity years ago to, do a shark dive and it was in a tank. 798 00:39:28,246 --> 00:39:30,796 And the thing I came to realize really quickly is that. 799 00:39:31,521 --> 00:39:35,181 Don't worry so much about all the sharks around you worry about falling 800 00:39:35,181 --> 00:39:37,401 and then something happening, right? 801 00:39:37,821 --> 00:39:41,901 Because if you understand the danger, you've got a better chance of making sure 802 00:39:41,901 --> 00:39:43,581 you're gonna be okay in that environment. 803 00:39:43,581 --> 00:39:45,891 And the unfortunate thing is a lot of people aren't. 804 00:39:46,101 --> 00:39:49,551 David, you mentioned this before, Jim, you've talked about it on the show a lot. 805 00:39:50,001 --> 00:39:53,301 One of the biggest, weaknesses in any system in any 806 00:39:53,301 --> 00:39:55,341 organization is the human factor. 807 00:39:56,086 --> 00:39:59,266 And what companies need to do is they need to look at that and they need 808 00:39:59,266 --> 00:40:01,546 to say the vulnerability is there. 809 00:40:01,576 --> 00:40:04,426 We know that there are state and non-state actors. 810 00:40:04,426 --> 00:40:07,316 There's Compromise that's happening from other companies. 811 00:40:07,746 --> 00:40:10,686 there's corporate espionage happening would how? 812 00:40:10,836 --> 00:40:14,916 We're so interested in making sure that our people are providing us the best 813 00:40:15,006 --> 00:40:16,716 product that they can possibly provide. 814 00:40:16,716 --> 00:40:18,966 We're not thinking about what the vulnerabilities are. 815 00:40:18,996 --> 00:40:21,606 So you can have the best firewall in the world, you can have the 816 00:40:21,606 --> 00:40:22,896 best cyber team in the world. 817 00:40:23,261 --> 00:40:26,861 But if you're not looking after those individuals who should be aware of 818 00:40:26,861 --> 00:40:30,011 these types of things, and David, you mentioned this too, if you're ever 819 00:40:30,011 --> 00:40:32,861 interested in working on anything that you think someone could help you out 820 00:40:32,861 --> 00:40:36,281 with, helping to understand how you're being recruited and who's recruiting you, 821 00:40:36,551 --> 00:40:38,381 talk to a former intelligence officer. 822 00:40:38,381 --> 00:40:40,191 Talk to somebody who's worked that work because. 823 00:40:41,261 --> 00:40:46,241 I've done enough training to realize when someone's trying to IO me, someone's 824 00:40:46,241 --> 00:40:47,651 trying to be the intelligence officer. 825 00:40:47,651 --> 00:40:50,201 Someone's trying to get me to commit to information. 826 00:40:50,231 --> 00:40:54,101 Someone's trying to make me feel more indebted to them, 827 00:40:54,131 --> 00:40:55,481 or build rapport with me. 828 00:40:55,481 --> 00:40:58,781 Now, that doesn't mean that if I go to a bar and someone walks up and starts 829 00:40:58,781 --> 00:41:01,751 a conversation, I don't automatically think, oh my God, here's that. 830 00:41:01,971 --> 00:41:04,881 here's that Russian agent that is gonna pull me into that honey pot. 831 00:41:05,566 --> 00:41:11,086 But I do come at relationships with a different focus every once in a while 832 00:41:11,086 --> 00:41:14,646 because I think to myself, okay, this might just be a casual conversation, 833 00:41:14,946 --> 00:41:17,896 but when it starts going into different areas that I think, if there's a 834 00:41:17,896 --> 00:41:22,186 lot of questions with that romantic relationship about, so how is work today? 835 00:41:22,246 --> 00:41:23,836 Oh, did you work on anything specific? 836 00:41:23,926 --> 00:41:25,306 Oh, what are you guys doing now? 837 00:41:25,336 --> 00:41:26,296 When's your next trip? 838 00:41:27,116 --> 00:41:28,706 these are things that if they're. 839 00:41:29,276 --> 00:41:33,146 Sprinkled on lightly, you're never gonna notice it, but if you're aware 840 00:41:33,146 --> 00:41:36,056 of it beforehand, you're definitely gonna be a lot better prepared. 841 00:41:36,056 --> 00:41:39,146 And that's what companies need to do to ensure that their 842 00:41:39,146 --> 00:41:41,396 intellectual property stays safe. 843 00:41:42,251 --> 00:41:42,491 Yeah. 844 00:41:42,491 --> 00:41:45,921 and when it comes to social engineering, phishing remains a 845 00:41:45,921 --> 00:41:48,471 thing, but it's social media now. 846 00:41:48,531 --> 00:41:53,361 It's, it's all kinds of things that can be delivered digitally and can now use 847 00:41:53,361 --> 00:41:55,711 some of this trade craft, in this way. 848 00:41:55,711 --> 00:41:57,321 So I do think that this is a problem. 849 00:41:57,321 --> 00:41:59,431 I, Neil, I'll have to listen to your show on. 850 00:42:00,356 --> 00:42:04,196 The, sex exploitation in Silicon Valley because that's literally what, 851 00:42:04,566 --> 00:42:08,251 I was alluding to 'cause girls never talked to David or I, so we, we need 852 00:42:08,251 --> 00:42:11,311 to find, we need to do some research. 853 00:42:11,681 --> 00:42:12,251 but the, yeah. 854 00:42:12,921 --> 00:42:15,051 I don't, yeah, no, I say I'm immediate. 855 00:42:15,171 --> 00:42:17,361 A girl comes, beautiful woman comes up to me in a bar. 856 00:42:17,361 --> 00:42:18,711 I'm immediately going, okay. 857 00:42:18,921 --> 00:42:19,581 Suspect. 858 00:42:19,631 --> 00:42:19,711 Yeah. 859 00:42:19,971 --> 00:42:24,896 so it is, I, most of these are criminal attempts against me, but trust me, 860 00:42:24,896 --> 00:42:28,976 like dear criminals and agencies that are hitting me up and trying to 861 00:42:28,976 --> 00:42:31,046 flatter me on my Instagram account. 862 00:42:32,121 --> 00:42:32,451 No. 863 00:42:35,061 --> 00:42:39,026 Yeah, but I'll say one thing though, and I think that they'll take away from the 864 00:42:39,026 --> 00:42:44,541 show is two things that, that I would say and it's, I realize this is a discussion 865 00:42:44,541 --> 00:42:48,476 we could do for two or three hours and maybe one we have to come back to, but 866 00:42:48,476 --> 00:42:49,676 I've taken a couple of things away. 867 00:42:49,676 --> 00:42:53,636 One was something you said, David, which was, Realize you're a human 868 00:42:53,636 --> 00:42:55,901 being and look for the, and understand. 869 00:42:55,901 --> 00:42:57,131 You'll respond to pressure. 870 00:42:57,541 --> 00:43:00,121 think about those same things that you wanna think about. 871 00:43:00,121 --> 00:43:03,856 Taking a deep breath, taking another second to do this and never and 872 00:43:03,856 --> 00:43:08,006 understanding that, that you can make mistakes and give yourself a break. 873 00:43:08,366 --> 00:43:10,976 The other one, I think this building rapport piece, and we've 874 00:43:10,976 --> 00:43:13,986 joked about it and there, who, the old Groucho Marx line of. 875 00:43:14,261 --> 00:43:16,421 I don't wanna belong to a club that wants me for a member. 876 00:43:16,611 --> 00:43:17,451 but that's not true. 877 00:43:17,451 --> 00:43:19,311 We all want to belong. 878 00:43:19,311 --> 00:43:19,881 we all want something. 879 00:43:19,881 --> 00:43:20,631 We're all seeking that. 880 00:43:20,681 --> 00:43:24,041 the third thing that I think came out of this that, that I thought, and 881 00:43:24,041 --> 00:43:28,061 somebody said this to me, that I did this, I did, I do it accidentally. 882 00:43:28,531 --> 00:43:32,401 I've told people, I sat down with people when I talked to people and how we went 883 00:43:32,401 --> 00:43:33,421 through the rest of this conversation. 884 00:43:33,421 --> 00:43:34,771 I tell people I've been hacked. 885 00:43:34,881 --> 00:43:35,451 I've been fooled. 886 00:43:35,451 --> 00:43:35,601 Yeah. 887 00:43:35,971 --> 00:43:36,331 Yep. 888 00:43:36,581 --> 00:43:38,731 so I'm not, this is not a moral thing. 889 00:43:39,121 --> 00:43:44,236 This is, I'm just saying we're all in this together and I've got some experiences. 890 00:43:44,236 --> 00:43:46,696 I know if I can be beat, you can be beat. 891 00:43:47,036 --> 00:43:50,216 let's work from that point of view instead of this, and I think we 892 00:43:50,216 --> 00:43:54,986 accidentally do this as cybersecurity professionals, and I think it's deadly. 893 00:43:55,316 --> 00:43:56,606 Is we don't build rapport. 894 00:43:57,356 --> 00:43:57,566 no. 895 00:43:57,746 --> 00:43:58,136 That's a problem. 896 00:43:58,141 --> 00:44:01,711 and if we don't build rapport, we can't positively. 897 00:44:04,336 --> 00:44:05,176 The population. 898 00:44:05,176 --> 00:44:06,136 Did I get that right guys? 899 00:44:06,496 --> 00:44:07,906 Yeah, no, I think you a hundred percent. 900 00:44:07,906 --> 00:44:08,116 Yeah. 901 00:44:08,171 --> 00:44:08,461 Yeah. 902 00:44:08,466 --> 00:44:08,806 Yeah. 903 00:44:08,806 --> 00:44:12,266 And I think you have to look at it too from the perspective of, you're trying to 904 00:44:12,266 --> 00:44:15,956 do something that comes from, not a place of judgment, but a place of information. 905 00:44:16,046 --> 00:44:19,046 And if you get people to buy in from that level. 906 00:44:19,081 --> 00:44:22,531 What they really, they understand because exactly what you said, Jim, when you're 907 00:44:22,531 --> 00:44:25,441 the person who says, Hey, listen, I'm a cybersecurity expert and I've been hacked. 908 00:44:25,801 --> 00:44:28,081 I'm an intelligence officer, and I'm sure there's been times when 909 00:44:28,081 --> 00:44:29,551 I've been fooled by somebody else. 910 00:44:29,651 --> 00:44:32,411 And sometimes it just, it's the right combination. 911 00:44:32,411 --> 00:44:35,411 Maybe there's someone who's called up and said, Hey, listen, your mom needs, 912 00:44:35,411 --> 00:44:38,651 a hundred dollars in gift cards, or she's gonna go to jail, and you're 913 00:44:38,651 --> 00:44:41,891 like, because of that emotion, maybe the connection that you have with your mother. 914 00:44:41,891 --> 00:44:43,751 You're thinking to yourself, okay, I'm just gonna do this. 915 00:44:44,171 --> 00:44:45,791 That's what they're looking for. 916 00:44:45,791 --> 00:44:45,851 Yeah. 917 00:44:45,971 --> 00:44:47,141 And that's how they're targeted. 918 00:44:47,141 --> 00:44:50,891 There are people every day that are being targeted and it doesn't make them stupid. 919 00:44:51,131 --> 00:44:54,041 It just means that the people that are targeting them are just that good. 920 00:44:54,041 --> 00:44:57,551 So the more they know going into these types of situations, 921 00:44:57,551 --> 00:44:58,451 the better off they are. 922 00:44:58,451 --> 00:45:01,691 And that's what I think, like David was talking about, this is the type 923 00:45:01,691 --> 00:45:03,281 of training that needs to be provided. 924 00:45:03,281 --> 00:45:05,921 It's not a judgmental thing, like how could you have ever fallen for that? 925 00:45:05,921 --> 00:45:07,171 It's more Hey, be aware. 926 00:45:07,381 --> 00:45:08,971 They're getting really good at doing this. 927 00:45:09,396 --> 00:45:14,281 And I'll leave with this, is that, lead with empathy and information, right? 928 00:45:14,311 --> 00:45:18,871 that's the, those are your toolkits and in every IT and cybersecurity 929 00:45:18,871 --> 00:45:22,421 professional that's responsible for protecting their team. 930 00:45:22,421 --> 00:45:26,351 Or we'd say at Beauceron, watching out for your pac, you need to read Robert 931 00:45:26,351 --> 00:45:31,411 Cialdini's, book influence and understand the 12 principles of persuasion, because 932 00:45:31,411 --> 00:45:34,631 you'll become really good at spotting when AI is trying to do it to you. 933 00:45:34,696 --> 00:45:36,586 When other humans are trying to do it too. 934 00:45:36,586 --> 00:45:39,886 as GI Joe used to say, 'cause I am, cybersecurity, today's, culture 935 00:45:39,886 --> 00:45:41,866 critic knowledge is half the battle. 936 00:45:43,166 --> 00:45:44,716 and and superior firepower is the other half. 937 00:45:46,906 --> 00:45:48,766 There's always that gentlemen. 938 00:45:49,271 --> 00:45:50,351 Thank you so much. 939 00:45:50,351 --> 00:45:52,961 This has been great and maybe we'll come back to this. 940 00:45:52,961 --> 00:45:56,801 And again, I'm gonna leave this out for the audience because I've realized in 941 00:45:56,801 --> 00:46:00,341 an hour there's only so much you can talk about and there may be more that 942 00:46:00,341 --> 00:46:01,811 we should come back to this show for. 943 00:46:01,811 --> 00:46:05,111 So I'm gonna ask the audience out there. 944 00:46:05,451 --> 00:46:08,301 To help me help and build some rapport with me. 945 00:46:08,481 --> 00:46:12,441 Send me some questions, send me some notes, send me some ideas that, or 946 00:46:12,441 --> 00:46:15,891 things you'd like to dive into deeper on this topic, or tell us that this topic 947 00:46:15,891 --> 00:46:16,881 sucks and you don't wanna do anything. 948 00:46:17,181 --> 00:46:18,021 Either one's good with me. 949 00:46:18,471 --> 00:46:24,141 but you can reach me@technewsday.com and just or or.ca take your pick. 950 00:46:24,471 --> 00:46:25,131 Either one works. 951 00:46:25,131 --> 00:46:27,891 Go to the contact us form and send us your questions. 952 00:46:30,146 --> 00:46:33,416 Former Intelligence officer David Shipley, head of BOL Securities. 953 00:46:33,656 --> 00:46:35,096 Thank you gentlemen so much. 954 00:46:35,366 --> 00:46:37,676 and to everybody out there, have a great weekend. 955 00:46:38,636 --> 00:46:39,356 Thanks on. 956 00:46:39,896 --> 00:46:40,406 Take care. 957 00:46:40,886 --> 00:46:41,276 Cheers. 958 00:46:43,133 --> 00:46:45,803 Once again, we'd like to thank Meter for their support in 959 00:46:45,803 --> 00:46:47,123 bringing you this podcast. 960 00:46:47,663 --> 00:46:51,743 , Meter delivers full stack networking infrastructure, wired, wireless, 961 00:46:51,743 --> 00:46:55,883 and cellular to leading enterprises and working with their partners. 962 00:46:56,243 --> 00:47:01,103 Meter designs, deploys and manages everything required to get performant, 963 00:47:01,283 --> 00:47:06,323 reliable and secure connectivity in a space they design the hardware. 964 00:47:06,698 --> 00:47:10,928 The firmware, build the software, manage deployments and run support. 965 00:47:11,471 --> 00:47:15,251 It's a single integrated solution that scales from branch offices, 966 00:47:15,251 --> 00:47:19,001 warehouses, and large campuses, all the way to data centers. 967 00:47:19,361 --> 00:47:24,071 You can book a demo at me.com/cst. 968 00:47:24,281 --> 00:47:30,191 That's METE r.com/cst. 969 00:47:31,181 --> 00:47:32,321 I'm your host, Jim Love. 970 00:47:33,311 --> 00:47:34,151 Thanks for listening.