Skip to main content

tv   The Communicators Kate Fazzini Kingdom of Lies  CSPAN  August 26, 2019 8:01pm-8:31pm EDT

8:01 pm
george allen of virginia. ♪ >> for 40 years c-span has been providing america unfiltered coverage of congress, the white house, supreme court and public policy events from washington dc and around the country. make up your own mind. created by cable in 1979 c-span is brought to you by your local or satellite provider. c-span, your unfiltered view of government. >> so, kate fazzini about what do armenian teenager, chinese dishwasher and a russian young man from vladivostok raised by an alcoholic legal mother have in common? >> so, these people in my book,
8:02 pm
of course, in "kingdom of lies" but the one thing they have the most in common is a sort of dancing between good and bad you have people who have a woman in romania that has few computer skills and a gentleman in china and a gentleman in russia was good computer skills but you see them going to work off and on with both sides of the equation so somebody can be a hacker for bad or be a criminal but sometimes they can use those deals with good use and sometimes they go all the way down the fed bath and you see certain people who have a bit of a bent towards going towards that way towards our friend in russia but in the end you have people who are curious interesting and people we can
8:03 pm
learn from which is what i was going for here. >> how much money to those people literally steal? >> that's an interesting question. i don't think i have an actual figure for anyone but without having way too many details we do see one of the characters makes a billion-dollar ransom where demand in one shot and it's not because this character is a lot about cyber security or technology or engineering but it happens to be innovative and often creative enough to on the spot come up with an idea and get it to work and then you see the quote unquote companies enterprise she's working for pitted and put those skills to use and make a similar amount. >> how did they get into
8:04 pm
packing? all three of these people. >> that's an interesting question. you have three completely different trajectories. you have this woman from romania and her name is renée in the book and of course everyone's name has been changed in their character has been -- people who do not want to have their identities known for what will become obvious reasons but you have renée who was growing up in a typical suburban countryside village in romania and what ends up happening is or has happened across eastern europe many of these what we call cybercrime villages have popped up and you have entire economies that are being basically run on this list of credit card information or ransom where which we now have
8:05 pm
seen in a bunch of u.s. cities and you want to have a more glamorous life or job and it's an impossible offer and in a lot of ways finally find out what's going on in your town why more people have money and stumbled on this criminal enterprise. she's not someone with a background in computers and has a background in medication and essentially be able to waitress and in college but she's a very good author and as it turns out being a very good talker to convince people of doing something is one of the primary skill sets of being good at being a criminal act or spewing what about -- >> bo is a former government hacker for the people liberation army of china and as you know
8:06 pm
china is has a very large military operation with a lot of investment in cyber security and one of those people start out his career as it were as somebody doing work for the government and this raises interesting questions because when we think of who are bad people and bad guys and hackers attacking our companies he is doing that but he's doing it because he's bored and wants to make his life more interesting no but doing it because he works for the government and told us his doing something different for his country. this is a lead in the military and goes to work for a hotel and then finds he can put those skills to use in a kind of not a kind of but a true terminal way and that's what he gets up
8:07 pm
making money but ultimately he tries to make a difference in the decision and then has our friend in vladivostok who has us very criminal hacker who is a criminal from beginning to end with a difficult upbringing but he is somebody who as someone in russia are distinct in mathematics and from a young age and feels like he has nothing to lose. he's very impoverished and falls into this sees a lot of how american rap culture and pop culture is distilled these big beautiful cars and huge houses and wants to be a part of that and is a part of that until it comes crumbling down spewing kate fazzini in your book
8:08 pm
"kingdom of lies" i will quote from it this is referring to your self when you are with "the wall street journal". this reporter has learned a lesson through these conversations that the significance cyber incidents indeed don't happen without a person behind the scenes who has a deeply felt reason for inflicting pain. people need reasons to do what they do and hackers are people. >> yeah. that is something that may be even i think that the term hacker itself we think of that is referring to only criminals and bad guys but as you see i look at the people who are have hacking skills and they tell us there on the good side of the equation with some of those people have a lot of trouble doing the right thing and i like
8:09 pm
to make the point that if we want to understand why all these things are happening whether it is the exploitation of the algorithms that run the twitter and facebook in order to help the russian intelligence agency to an election or the ransom where that has now taken down big cities like baltimore and atlanta and we have to understand the people who are behind these things and all of them. >> host: another quote from kingdom of lies. by 2015 anyone who works in cyber security, criminal, good guy or in between can see the russians are more than active and busy that they can't train their hackers fast enough. >> guest: so that is a very
8:10 pm
interesting observation because what we have seen especially the 2015 and beyond in the case of russia is that you have the russian government and i talk about this a little bit about how early on vladimir putin very early in the 2000 was well aware of the power of being able to control the cyber sphere and the fact that you don't necessarily need volumes to do it but you have people who in the country with the publishing of russia or iran you can do damage at the scale of a country like china that has numbers but now we realize that in order to get the very best people those people will not work on a government
8:11 pm
salary. if you're really good at hacking and don't have scribbles and live in russia you can make a great deal more money doing any number of illicit activities and selling things on the diagram, laundering money for cyber criminals but the list goes on and on. what the government has realized is that in order to have these really good people who are good at what they do beyond their side they can work together with these criminals. you have a situation where the government is willing to bring in people who are doing criminal activities that they are aware of into the fold that help them and as a comparison we don't do that in the united states just so it's clear. you'll see the fbi going out and recruit people who are doing major crimes against retailers but instead you will see them arresting those people.
8:12 pm
now, that means that you have criminals who have allowed to do what they do as long as when it comes time for the russian government to call them they are willing to pay the price and pay the tax for being allowed to do those criminal activities. then, of course, what you have is a beautiful plausible deniability so russia is taking part in some sort of major action against ukraine or that united states. it's very easy for the russian government to then say well, we did not tell these people to do this or they are not part of the government. if anyone did that maybe they would be patriotic russian so but they aren't actually working for us. we had to set them up with a situation that is hard to fight from our point of view kate,
8:13 pm
don't u.s. intelligence services fire hackers? >> guest: oh, they do. they do and the difference here is that there are a lot of restrictions as far as you have a criminal record and they definitely did not let someone continue taking part criminal activity and it's a really rare for someone who has submitted a significant crime as many of the russian hackers who were named in the indictment of the 12 russian hackers that was passed down last year. we would never hire people who
8:14 pm
would continue doing that activities or would actually make billions of dollars on those crimes but we arrest people and put them in jail. every month or so the fbi in department of justice releases indictment the people who taken part in clinical -- criminal hacking, including a great number of russians and some who have been arrested in the united states. but we are never going to do the level of collaboration with the criminal element that there's a government with russia does. >> host: something you note in your book is that in the digital world boundaries become a little muddy. >> guest: it becomes very muddy. one of the big issues right now is whether companies and government agencies should have the right to what is called the due and offensive cyber security attack against somebody who has
8:15 pm
broken into their system. now, why is that problematic? if we have something like say a citigroup one of the major u.s. banks and they are getting attacked by china and they have wonderful investigators to determine that these individuals are sending their packets from china and they decide to go on the offensive in either do something to stop this from happening there is all kinds of collateral damage in between there. the companies that run the technology between these two places and the fact that you might have a scenario where chinese cla and an american bank are going to war with each other
8:16 pm
and many different boundaries there are many different things that make it so difficult to us to retaliate against these attacks and then you run the risk of maybe that attack was not coming from china at all and you've just attacked a completely different space because it could happen somewhere else. there are a lot of issues and the boundaries international boundaries and who people are in their identities much of this stuff becomes mixed up. >> host: kate fazzini, can you do most of what you describe your book with your iphone or android? [laughter] >> guest: that's an interesting question. i, myself, and not a very technical person for much of what i described in the book to be published by most people so on the one hand there's a lot of what is called social
8:17 pm
engineering going on. this is the liability to make you do something quickly that is going to give me what i want. if i have an e-mail that can compromise you in some way and i send it with an urgent -- you need to open this, it's your boss and you need to do a couple and immediately summing all the w-2 for your employees because it's emergency that social engineering making you feel i need to get that information right away and anyone could do that. salespeople do that. a lot of people have good skills and use them for good purposes but many of the people in my book use software, malicious software they had bought online
8:18 pm
and maybe tweak it a little bit but it's delivered through a usb stick and buy it from the dark web and put it on the u.s. be stick to get into a target computer and then have access to that device. that's more complicated but a lot of people have the ability to do that as well. a lot of the stuff very accessible to the average person spirit how sophisticated is using an usb stick in today's hacking worlds? >> guest: it's almost not sophisticated at all. i like to talk about how tired i am of the word sophisticated because there are very few attacks today that are genuinely sophisticated. when i see one i'm impressed. but using a usb stick is almost dated at this point. a lot of companies have put restrictions in place over whether the devices you put usb
8:19 pm
sticks into can't even read them. many of these just don't read the six anymore because they're so dangerous. but for the average person very simple and just like ran somewhere might be today for the average person. >> host: a couple of terms or items that come into play in your book i want to start with two. bp ends in wi-fi. vpns and wi-fi. >> guest: should i just describe? vpn is a virtual private network and that has an interesting they have an interesting trajectory right now because for a long time they were corporations that if you're traveling and you
8:20 pm
might be using public wi-fi somewhere in the hotel or -- you can log on to a virtual private network which gives you a way to read your information so it can't be seen and encrypted and seen over that wi-fi network. now, it's interesting because in the united states most people use vpns pay for them in some way and are a couple of new products but comparatively in places like china and russia where the internet is very heavily restricted and very heavily watched and vpns are used by many, many more people often there are products that they can use to get around the restrictions over having their
8:21 pm
communication's monitored and to get around the fact that they can't use facebook and they can't use gmail in some cases or google products because those are bands. it's become a very interesting phenomenon as people in the u.s. pay for the service that are enormously popular, far more popular in the united states and for a different reason. >> host: when it comes to wi-fi do you use public wi-fi or do you have a wi-fi at home? >> guest: i do have a wi-fi at home. use your home wi-fi to get on it but public wi-fi with a vpn i'm pretty confident you using that commendation and i don't use public wiser wi-fi without a virtual private network. i mean, i think that i have to travel for work and there's
8:22 pm
times when have to get online and i'm headed tonight, in fact, to our hacking conference in las vegas called blat hat and devcon are the biggest and i will not use the wi-fi at this conference because this conference will be filled with people trying to exploit it and i'm going to find an alternative and maybe even stay off the internet entirely while i'm there. that's a little bit of a different situation. >> host: it's been recommended to leave your phone in your room and don't use your atm anywhere close by et cetera. >> guest: there is always interesting theories coming up. i'm going to be following a team called shellfish which is they have these events apply cap captures the flag where they have some of the premier hackers
8:23 pm
in the united states and try to capture neutral flag from one another and they went fairly frequently and do very well and i will be checking them and i will leave all my electronics in the room. i'll have a notebook and a pencil. >> back to "kingdom of lies", two other items that come into play throughout the stories you tell in your book, paypal and bitcoin what are their roles when it comes to hacking? >> guest: paypal, i think, the events of this book and in 2017 approximately and go approximately two 2013-2014. paypal had long been away for some fiber criminals to take their money out of been able to establish an account very quickly and with money but bitcoin was much more
8:24 pm
influential in terms of giving people a way to have these transactions, illicit transactions and the way it works is you have a bitcoin wallet and someone can hold it but your identity is effectually private and as long as you know that account number you can move money without it being traceab traceable. for criminal activities this has been one of those clear ways to move money and a lot of people are skeptical about bitcoin because it's difficult sometimes because it's so volatile in the prices going up and down there does not seem to be far more reason as to why it's always going up and down. there is a lot of stick about
8:25 pm
why people are investing in buying bitcoin must want to hide something. i don't necessarily think that's true but it certainly has been a major driver of significant criminal activities and not just cybercrime but everything from sex trafficking to other significant transactions but bitcoin has been a real revolution. >> host: kate fazzini, do you need to be a stem student to become an internet server security person? >> guest: no, in fact -- i often tell -- i talked to people about their jobs because i do a lot of reporting on cyber security and one of the biggest contingents that comes my way people in law enforcement so i often get a lot of people who are just police officers might be young police officers and interested in cyber security or might be some other
8:26 pm
level of security like security guard so it's two things. it's technology which is often intimidating to people but also security. the security part people can understand the matter how old or young they are and you know when you have a big event you will put a perimeter around it and might have physical barriers or you might have cops or you might have checkpoints where people can get their ids but the way information security actually works is similar to that. you put up multiple firewalls and make people have the right username and password to get in and then they need a lot another username and password to get further so people who come from a security back on like that, even if it was totally false it
8:27 pm
often has a night base of knowledge so then you learn a couple of skills and learn how to use software and learn a little bit of technology can be astounding cyber security people and there are so many different disciplines within cyber security and the u.s. government and banks and all this companies are desperate for those people so if you're considering it is a good time and that's my big tip. >> host: what are the positives and negatives of hiring hiring military personnel on what your character does not come off so well? >> guest: oh yes, bob. what you are saying here i did go out of my way to be sure i differentiated between people who have high numbers in the
8:28 pm
military and also the political left versus soldiers who often come back and make amazing cyber security and higher ranking people do as well but there are a lot of people who are at a high rank have been working in a government agency or the militaries for a long time who tried to make that transition to cyber security and had a very difficult time for different reasons. for one, the hierarchy that exists in the u.s. military especially for very high ranking people does not exist in most private companies. you don't have to have 100 different hands if we will help you to do a variety and were doing many different things at once with a small staff also in a private company profit comes
8:29 pm
first and that often involves having to do with people overseas in foreign countries that were in the military have been their enemy for a long time and it evolves having to take direction from somebody who might have brought in more money last year than you someone who is high ranking in the military might have little bit of a problem with that but in the hierarchy of financial institution the person is the person with the most money often has no say in what happens so you do have a real abrasive and around 2014, 2015 there were a bunch of efficiency attacks against u.s. banks and you saw a lot of companies doing the top ranking military people and a lot it did not work out.
8:30 pm
>> host: here is the book cover called "kingdom of lies". welcome to the kingdom of lies. unnerving adventures of the world world of cybercrime. the author is kate fazzini. she's formally of "the wall street journal", thank you for being on "the communicators". >> thank you this program and all other community leaders are available as a podcast. ♪ >> for 40 years c-span has been providing america unfiltered coverage of congress, the white house, this up in court and public policy events from washington dc and around the country you can make up your own mind. treated by cable in 1979 c-span is brought to you by your local or satellite divider. c-span your unfiltered view of
8:31 pm
government. >> all week we are featuring book tv programs as a preview of what's available every weekend on c-span2. watch historians, pundits, policymakers, economists, journalists and scientists discuss their nonfiction books you will see authors at bookstores, fairs and festivals and on our signature programs in depth and "after words". enjoy book tv this weekend and every weekend on his been to. >> starting now it is book tv on c-span2. [applause]


info Stream Only

Uploaded by TV Archive on