Navroop Mitter

[00:00:02:21 – 00:00:30:17]

All right. Welcome back to the Lock and Key Lounge riff edition. I’m Navroop Mitter the founder and CEO of Armor Text. This is where Matt and I grab a drink, swap links, and riff on what’s shaping cyber comms and crisis readiness. No scripts, no soundbites, just real talk. Matt is in Virginia. And yet again, I’m on the road. But this time in Vegas for GRF annual Summit Series this week all circled the same themes as Last time trust, resilience and serenity.

Navroop Mitter

[00:00:30:19 – 00:00:32:05]

So let’s get into it. All right.

Matt Calligan

[00:00:32:05 – 00:00:55:08]

I’ll take the lead on this one because, this is my favorite topic to to complain about. But I, I was reading the, the, response actually from Meredith Whitney. Here’s the CEO of signal, the end to end encrypted privacy app. And the thing that really grabbed me is her comment. You know, it was linked to the AWS outage, right?

Matt Calligan

[00:00:55:09 – 00:01:14:23]

A lot of a lot of folks felt that one. And, the thing that I that was clever, I thought it was a clever pivot, but like, signal was taken out because AWS was taken out and what, the way she framed it was like, well, this is just the world we live in where we’re all just dependent on these major things.

Matt Calligan

[00:01:14:23 – 00:01:48:14]

But she also says in almost the same breath that they could run on other cloud providers as well. And, you know, one of the things that that I, you know, reverb you and I always harp on is just, how important resilience is at every level, even when you’re talking about your actual cloud service provider or cloud vendor and things like that, and how the most critical components of your communications plan and your, you know, the roles and responsibilities in your organization have to have resilience as as a culture.

Matt Calligan

[00:01:48:16 – 00:02:09:08]

You know, you have to really drink the Kool-Aid and think about every level that you have a single, you know, single dependency on. So I was I was really shocked, honestly, that that signal hadn’t thought about that problem. But it’s, you know, again, we we all, we’re all guilty at some point or another of, of thinking to ourselves now, that could never happen.

Matt Calligan

[00:02:09:08 – 00:02:11:12]

But we just don’t live in that world anymore.

Navroop Mitter

[00:02:11:17 – 00:02:36:00]

Yeah. It’s interesting. I actually did see Meredith Whitaker’s comments on this topic. A couple interesting things. Right? So that day when the entire world was complaining because the US East in AWS had been affected, interesting enough, we were up and running the entire time. We also live with us. It was us East, but we were up and running the entire time, without any issues.

Navroop Mitter

[00:02:36:02 – 00:03:00:06]

And so, you know, I can’t comment on signal’s architecture. I don’t know enough about the internal workings of their infrastructure and how they thought about continuity of operations. You know, if and when one particular cloud party gets attacked. But what I do know is that this almost helps simulate for many parties in other parts of the world, what would occur if for some reason there was something told they weren’t allowed to connect to in AWS services?

Navroop Mitter

[00:03:00:08 – 00:03:21:13]

Let’s say it wasn’t an outage, but it was actually something like what we talk about. We’re discussing our sovereign edition with, you know, global parties. Now, what if suddenly, whether it’s your or your country’s own authorities or your stories or someone else, it says you’re no longer allowed to touch cloud based services operating in the US, or in particular, you’re not allowed to touch your Amazon services for whatever reason.

Navroop Mitter

[00:03:21:17 – 00:03:23:14]

How would you then communicate?

Matt Calligan [00:03:23:16 – 00:03:30:06]
Yeah. Or what if what if the US decides that they don’t want you on their platform of these cloud providers, right.

Navroop Mitter

[00:03:30:08 – 00:03:56:07]

Absolutely right. So the whole question of infrastructure sovereignty gets raised. There’s this notion of you’re meaning to, you know, to plan ahead for continuity of operations under those conditions. There’s a whole set of talks you and I have been giving recently around the world, as we travel around about continuity of operations as well as infrastructure, sovereignty, and how that’s distinct from data sovereignty, and in particular, why we then chose to rule out the sovereign edition, the first of which was in Iceland.

Navroop Mitter

[00:03:56:09 – 00:04:16:08]

And it looks like there’s multiple more coming now. And that’s to help address some of those kind of geopolitical risks. To me, this, this, this signal outage effectively helps simulate some of the concerns that folks were wondering, well, wouldn’t really be an issue. Or would you just roll out X, Y and Z and suddenly they got a taste of what that would feel like.

Navroop Mitter

[00:04:16:10 – 00:04:55:09]

And so there’s been a lot of interest now in the sovereign nation as a result. But it also brought me back to conversations that we’ve been having for quite some and some time internally. And so part of our roadmap is to leverage the capabilities we’ve built for the Sovereign Edition to then go ahead and make our US based, you know, globally available multi-tenant edition itself multi-cloud, capable and not only multi-cloud capable, but also also multi-cloud available simultaneously so that if and when we’re saying we were to happen with one of these, I said it’s even a systemic thing for all of us, not just a particular region, that we would continue to be operational.

Navroop Mitter

[00:04:55:09 – 00:05:16:19]

And our end users, you know, shouldn’t really notice any difference. Right? Maybe a few seconds of latency go by, but it should be able to continue operations as if nothing had gone wrong. And so there’s a there’s a lot of planning that goes into things like that. It’s not easy. I don’t fault anyone for who hasn’t already thought through those issues, but it is certainly something that’s been on our roadmap for some time, things that we’ve been working through.

Navroop Mitter

[00:05:16:20 – 00:05:28:08]

And the Sovereign Edition is actually interesting enough, one step in that roadmap, because it’s something we can then port back, to help with that overall resilience where we’ve got from the future.

Matt Calligan

[00:05:28:10 – 00:05:49:07]

Yeah. Well, that’s just I mean, when you start with the assumption that this is meant to house a certain type of information, like everybody deserves privacy and that’s and, you know, I have signal, I have WhatsApp, I you know, we all do. Privacy is something that you know, is not it’s not illegal or shady for you to want.

Matt Calligan

[00:05:49:07 – 00:06:11:23]

And so when you, you know, when you create a culture around that and the focus on privacy, you, you don’t think about resiliency quite as in-depth, right? Because it’s like these are just people chatting who want privacy. But when you start with the very the fundamental assumption that this is like the crown jewels that are going to be going in here, it changes the game.

Matt Calligan

[00:06:12:00 – 00:06:34:17]

I mean, you, you start looking at every, every, you know, vulnerability, every, reliance, you know, single point of failure kind of thing. And start to think through what, what resilience means for that because the expectation is we we will be housing that kind of stuff as opposed to just providing a free service for folks who you know, don’t don’t want the government spying on them or for whatever reason.

Matt Calligan

[00:06:34:19 – 00:06:37:10]

But yeah, that’s what I said at least.

Navroop Mitter

[00:06:37:12 – 00:06:56:01]

Yeah. I mean, like, if you go on the soap box for a while, we’ve seen a couple presentations recently where folks were talking about, you know, well, we’ve got a general concept where we can just use this. It’s like, two tin cans and a string, and smoke signals are also technically out of band communications. No one would argue that they’re enterprise appropriate.

Navroop Mitter

[00:06:56:01 – 00:07:11:10]

And to your point, right, consumer privacy capabilities were built for privacy. They weren’t necessarily built to be a resilient out-of-band comms option. Right. This is yet another thing that should be evaluated along the way. When you really look at the toolkit of what you have available to you to communicate.

Matt Calligan

[00:07:11:14 – 00:07:19:12]

So going where we’re really on a roll of things that that Matt really hates, or at least, you know, has eyeroll, reactions to.

Navroop Mitter

[00:07:19:12 – 00:07:21:00]

So when you got to be next.

Matt Calligan

[00:07:21:01 – 00:07:26:19]

So from signal to to blockchain. I’m, I was hearing blockchain. Favorite.

Navroop Mitter

[00:07:26:19 – 00:07:28:00]

Topic.

Matt Calligan

[00:07:28:01 – 00:07:55:04]

So. Oh, it’s my favorite thing. I watch so many friends, you know, ride that blockchain wave, and nobody, nobody came up with anything useful. But the, the interesting thing was that, DPRK, has, it’s actually the Lazarus group. Actually, this time they figured out how to hide malware inside of the blockchain itself. Using something they call ether hiding.

Matt Calligan

[00:07:55:04 – 00:08:18:09]

Right. So they’re hiding malware inside of aetherium smart contracts, which means, you know, if you can. The one article I saw was a guy talking about, you know, hiring these contractors, not realizing this is a DPRK operative. I guess if you want to call them that. And, you know, a lot of these are tech roles, so you always you will submit examples of your code and stuff like that.

Matt Calligan

[00:08:18:09 – 00:08:37:19]

And you could bury malware inside this code. They already are, as you know, as it’s already happening in the wild. So, it’s I mean, one it’s like I get, you know, I get so tired of people trying to come up with new ways of, of using the blockchain, but it’s, it’s clear that this, you know, there’s there’s no way to filter for it.

Matt Calligan

[00:08:37:19 – 00:09:11:03]

There’s no way to, you know, existing security protocols, firewall protocols, anything like that could flag it. Suspicious IP, there’s nothing in there that would indicate, you know, or the the typical tools would indicate or throw up a red flag about. So it’s a pretty clever I mean, I got to pat them on the back for that one, but, it also really opens up the question of what what other things are reliant on the blockchain that might be, you know, fall into this sort of, you know, crisis and, you know, incident response section of the section of the, you know, cybersecurity tools.

Navroop Mitter

[00:09:11:05 – 00:09:47:20]

Yeah. I mean, there’s like, this reminds me of when I think it was DARPA that at some point in time, probably about five, six, seven, seven years ago now, when blockchain was at its peak of interest among all parties, I think they’ve actually released, both an RFI and then some sort of, research proposal grant that they were going to give to folks to work on making a blockchain based secure messaging capability, because there was this idea that the blockchain, via the panacea for anything and everything, deposit this secure message here.

Navroop Mitter

[00:09:47:20 – 00:10:10:18]

It’ll just sit out there and then it can go pick it up, and or the right people will be able to get to it. And it’s like, well, okay, speed is a problem. Cost of deposit is a problem. The payload size is potentially a problem. But now, you know, owing to the immutability, it sounds like if you were to actually embed something malicious there and people aren’t yet aware of that, that particular block that you should be picking up has this malicious content in it.

Navroop Mitter

[00:10:10:21 – 00:10:32:08]

You might accidentally now go to harm the very people that you wanted to leave something behind for. I mean, where you could actually accidentally point into something that has this weaponized block in it. Like I just it sounds like a bad idea, right? Yeah. The reality is, immutability means we probably can’t eradicate or snipe that message appropriately, even if you.

Matt Calligan

[00:10:32:08 – 00:10:33:18]

Could identify it.

Navroop Mitter

[00:10:33:20 – 00:10:56:07]

Right? You mean you could identify it? I’m sure there are ways to solve for that, but I’m guessing that, at least at the outset, because of the immutability, that that isn’t, you know, pre addressed here. Right. And so again, it just seems like the wrong kind of technology to be using for these enterprise use cases. I’m not sure why the blockchain is using portfolio.

Navroop Mitter

[00:10:56:08 – 00:11:05:01]

That a developer would want to use like a place to deposit their portfolio. People run their own website to have all the time. I’m not sure why we need the blockchain for that, but it’s interesting.

Matt Calligan

[00:11:05:03 – 00:11:32:04]

Yeah, well, you know, it also brings up an interesting point for me. And that’s, you know, when when the DPRK, you know, thing kind of broke the news, where they were, you know, embedding these, you know, these operatives as if the word worked for them, inside of U.S. companies and the the articles and sort of the write ups all focused on the fact that they were just funneling money back to terrorist organizations or to the government itself.

Matt Calligan

[00:11:32:06 – 00:11:51:23]

And then the thing that the thing that that we were talking about is. Yeah, but, you know, what’s the next step with this? Where now they can now they’re inside. What else can they do? That’s even more lucrative? And this just confirms exactly what they’re thinking. Like, this isn’t about this isn’t about just making a paycheck and sending it back to the motherland anymore.

Matt Calligan

[00:11:51:23 – 00:12:15:03]

This is about embedding malware, which is, you know, straight up malicious behavior from, you know, attacker, hacker 101 kind of stuff. So, this, this confirms something that we’ve been talking about but seem to be missing from the news cycle when this first broke out. There’s that is, you know, this is beyond just, sort of, you know, being able to get some money back to back to the home country.

Navroop Mitter

[00:12:15:05 – 00:12:38:20]

Yeah. Making a paycheck is great, but this opens up the opera, you know, the opportunity for disruption services that opens up things like, you know, embedding of ransomware or embed yourself on the networks and then you go to espionage. And I actually I think that takes us to, one of the articles that I had for this week, a little tie in here is, you know, how fake job seekers that are flooding the market thinks that I.

Matt Calligan

[00:12:39:01 – 00:12:39:19]

Oh, yeah, and.

Navroop Mitter

[00:12:39:22 – 00:13:02:15]

They’re using AI. Jenna resident miserables deepfakes in order to get to the interview process. Right. And it’s, you know, these are synthetic candidates. There isn’t a real person at all really. Right. They’re getting the interviews, though, and in some cases are even being hired. A lot of these folks, because they’re being hired for remote IT positions, are oftentimes lining up with privileged access and not to the sensitive systems.

Navroop Mitter

[00:13:02:17 – 00:13:22:07]

And these compromises are now happening at scale. And it’s being powered by AI. And so this is definitely something we’ve been talking about for some time. This is where our integration with our friends over at clear becomes such an invaluable capability. Right, right. How do you how do you do? I would have been identity verification. For these highly sensitive transactions.

Navroop Mitter

[00:13:22:09 – 00:13:40:02]

How do you do it for things like the interview process, how do you do it for your instant response? Teams internally, but also even instant responders that are now showing up, right? I mean, I think this job thing is kind of an interesting thing, but what I really see happening soon is, you know, even once you have the job.

Navroop Mitter

[00:13:40:02 – 00:13:56:16]

Right. I think this article mentioned something about how you can ask someone to, you know, wave their hand in front of their face and the deepfake filter will get caught up or not. And as a result, you have to detect them. Well that’s nice. Maybe works for today, but what you’re going to have very soon is interview grade.

Navroop Mitter

[00:13:56:18 – 00:14:27:08]

You know, deepfakes that are real time. Yeah, you’re probably gonna have some sort of agent listening in to the conversation to then process and instructions that you might be receiving from the other side, and that will then auto redirect the, you know, the real time deepfake generator to respond appropriately. Right. Low latency. You know, the better that gets, the more you’re not going to rely on techniques like, hey, just wave your hand over your face or go to the window and open up the blind so the sunlight streams and then causes or does, you know, filter disruption.

Navroop Mitter

[00:14:27:10 – 00:14:48:02]

You’re not can be able to rely on these techniques. I know the lawyers love to talk about this but you know. Yeah. Interview with deepfakes. Accent removal on demand. Right. With low latency, you’re going to really be able to have these guys partner up with someone on the side of a real identity, but use them for a portion of the process, and then the rest of the time, they’ll be doing all this stuff.

Navroop Mitter

[00:14:48:04 – 00:14:56:14]

And so you’re going to want that ability to frankly go back and re verify identity along the way, especially as new sensitive transactions take place.

Matt Calligan

[00:14:56:16 – 00:15:13:10]

Yeah. Well, and that’s, the, the way, you know, to your point earlier about, you know, waving your hand in front of your face with this technique, you know, as we’ve already seen at six months, you know, if if something is I falling short on something, give it 6 to 8 months and it will have figured out how to fix it.

Matt Calligan

[00:15:13:12 – 00:15:38:00]

Right. It’s it’s just, it’s exponentially modifying and growing and refining itself. Solution. Very different iterations and stuff. Similar to this, the other article that that I had, plugged in here with, there’s a, startup called Cortesia. I think I’m saying that. Right. They, they’re I guess their flagship offering is a real time voice.

Matt Calligan

[00:15:38:00 – 00:15:58:17]

AI so it you can it’ll actually, you can teach it sound like you talk like you, you know, remove an accent or add an accent, those kinds of things. And, they’re, they’re really they’re they’re pumping it as, as, you know, the truly the thing that everybody’s been talking about as far as, you know, the passing the Turing test, so to speak.

Matt Calligan

[00:15:58:19 – 00:16:22:22]

But as, as we’ve seen with everything, the the minute there is a technology out there that has an interesting or useful application, you also have to worry about what the malicious applications are. And this is, you know, we’re seeing a flood of I bots for fake resume interviews with technology like this. We’re just going to see a flood of, you know, fake voices, fake voice instructions, fake voice mails, you know, scams.

Matt Calligan

[00:16:22:22 – 00:16:46:22]

And you know, where it sounds like your daughter’s calling you from jail or something like that, like, real, real convincing kinds of things like that that could be used for, for everything malicious. So, you know, we have to, we have to think about that side of the coin when, when we’re talking about technological, technological innovations like this, we have to anticipate and know that that’s what’s going to happen.

Navroop Mitter

[00:16:47:00 – 00:17:06:04]

Yeah. It was interesting, I think, when I saw the demonstration that Curtis had recorded and posted a point on Twitter, on X, you know, it was kind of interesting. They I think they had actually done a voice clone of Elon Musk venture in two videos and asked, we’ve asked which one of these is fake? And turns out both were.

Navroop Mitter

[00:17:06:06 – 00:17:27:19]

And it was impossible to actually tell that either was fake. Right. But it actually reminds me to your comment about, you know, the voice clone of the kid calling his mom for, you know, money because he’s hurt and he’s overseas and suddenly needs some funds to get home safe and everything else. And mom panicking and sending a wire to a fraudster.

Navroop Mitter

[00:17:27:20 – 00:17:54:06]

You know, there was an article in nature, earlier this year trying to remember the the timeline. I think it was in March of this year. The article in nature basically talked about a study where what they found was, is humans were only able to detect AI voice clones. Well, it’d be about 60% of the time. So even before technologies like Khatijah, we were already in a losing arms race, right?

Navroop Mitter

[00:17:54:08 – 00:18:14:22]

Right. The voice clones. And now the fact you just got it is just going to get dramatically worse, right? If a mother can’t tell, you know, her own kid from an AI voice clone, you know, I mean, who, who better than your mom knows your voice, right? Who else are your colleagues really gonna be able to tell that this voice clone is not you?

Navroop Mitter

[00:18:15:03 – 00:18:33:22]

That’s before the Khatijah, right? Version of all this. So. Yeah, absolutely. I think this is where some of those, again, those identity verification techniques we talked about for both incident response were highly sensitive, transactions, you know, become even more important because the kind of a typical thing is really gone with which was, hey, just jump on a call with me.

Navroop Mitter

[00:18:34:03 – 00:18:52:08]

Oh yeah, that is not going to work anymore. Right? It’s going to require more than that to verify identity and to require more, factors to, you know, reasonably determine that Matt is who he says he is and not, you know, just a voice clone or a deepfake video. It’s gonna require a lot more now.

Matt Calligan

[00:18:52:10 – 00:18:54:11]

Exactly, exactly.

Navroop Mitter

[00:18:54:13 – 00:19:04:16]

Yeah, that is scary, though. I’ve got a few predictions on what’s coming next in the space, and I’m going to leave that up for today and probably right now.

Matt Calligan

[00:19:04:16 – 00:19:06:16]

But that’s another recession.

Navroop Mitter

[00:19:06:18 – 00:19:09:08]

Yeah, that’s another Russia recession. Since we published.

Matt Calligan

[00:19:09:08 – 00:19:20:03]

All now, we had talked. I know that you had talked to mentioned something about you were complaining about something about Microsoft Teams in a new. What was that? Is this the article that you were talking about?

Navroop Mitter

[00:19:20:05 – 00:19:41:14]

Yeah. It is. This is what I show you. Right. So Microsoft Teams is going to start pulling on you to your boss, right. This is nothing new, but there have been various forms of this for years, right? Where it wants you to validate where you are, put up your location and things like that. But this is about to become, you know, again, a part of the Microsoft Teams platform.

Navroop Mitter

[00:19:41:14 – 00:20:00:14]

But in a way that you can’t necessarily, you know, if your organizations turn it on, turn off or, you know, tell it, hey, no, I’m actually working from such a such place. This is gonna be an automated approach to broadcasting when you’re connected to the corporate Wi-Fi versus when you’re not. Right. It’s like very simple just in your home life, as this is.

Navroop Mitter

[00:20:00:14 – 00:20:27:13]

I’d like what some of the folks did. Previous versions to get away around this. It’s actually going to be far, far better. Implementation is my understanding where when you are on the corporate Wi-Fi, it absolutely knows that determines that fingerprints and who set up supposedly to help prevent, you know, people wasting time looking for you in the office when you’re not there, but also the minute you leave, it’s going to then broadcast the fact that you’re no longer there.

Navroop Mitter

[00:20:27:15 – 00:20:50:07]

And if you start to think about that, especially for certain parties, right, it could very much give away internal patterns that would be valuable for social engineering. Right. This is how you’re going to help your attacker figure out where the time their intrusion attempts coincide with obstacles. So yeah, this is that’s an interesting one. I’m not sure I would want to turn such a capability on.

Navroop Mitter

[00:20:50:09 – 00:21:14:12]

Might assume it is optional and not on by default, but if your organization does turn it on, I’m hoping to give you the ability to turn it on for some parties, but then also exclude for others. I haven’t yet seen any documentation supporting that, but you know, I’m certainly hoping that’s the case because the last thing I want to see is either teams automatically having their, you know, location broadcast and the timings of their movements broadcast.

Navroop Mitter

[00:21:14:14 – 00:21:28:18]

Such an adversary who would gain access to networking was already monitoring communications, and monitoring your calendar and already monitoring your file share and everything else to then also get perfect control of the patterns of you. You know, moving the behavior.

Matt Calligan

[00:21:28:18 – 00:21:29:14]

Coming and going.

Navroop Mitter

[00:21:29:16 – 00:21:30:17]

Kind of acts.

Matt Calligan

[00:21:30:19 – 00:21:40:21]

And like, I mean, first of all, file this under the the obvious category of nobody’s actually asking for this feature. But I mean, I the.

Navroop Mitter

[00:21:40:21 – 00:21:42:21]

To be fair, there might be a few CEOs asking for.

Matt Calligan

[00:21:42:21 – 00:22:09:00]

This. I mean, that’s what I mean. Like, not in requiring to make any company run better. This is like this is like just sort of the, you know, this is this is not vaporware, but it’s it’s just the kind of tool that’s just, you know, unh unh unh. It creates more headaches than not just to make a CEO, you know, make make himself feel good that somehow they’re not, you know, employees aren’t scamming the company out of out of, you know, wages or something like that.

Navroop Mitter

[00:22:09:01 – 00:22:13:09]

Not all deals are bad. When a tool like this for any of you guys.

Matt Calligan

[00:22:13:09 – 00:22:23:05]

So my question is, okay, so what happens when you’re working from home and you’re on teams and you have this turned on because it tracks you through your Wi-Fi. So does that mean it’s going to track you through your home Wi-Fi.

Navroop Mitter

[00:22:23:07 – 00:22:42:07]

Like it would just declare that you’re not at all this? I’m not sure if it broadcast it, and I’m not sure if it would broadcast a change in position. Did you, if you suddenly run out for lunch, is going to broadcast that you’re just continuously not on, the corporate network or would now understand that there’s a difference between when you’re working at home versus when you left to go drop off the dry cleaning.

Navroop Mitter

[00:22:42:12 – 00:22:52:18]

Right. Like a lunch, I don’t know. Again, the article is light on those details, but if it starts getting to that point to, I think there’s some privacy concerns raised as well.

Matt Calligan

[00:22:52:18 – 00:23:16:07]

Yeah. Well, and one the second thing is that, you know, first is nobody really know a vast majority, if I’m being slightly fair, are not asking for a tool like this. But the other thing is, is like, we just simply like Microsoft is not trustworthy with with this kind of data, like, there, you know, you always like to joke with was the Cozy Bear hack.

Matt Calligan

[00:23:16:07 – 00:23:30:11]

You know, Microsoft couldn’t protect Microsoft Teams, you know, while using Microsoft for, you know, on on these, on these kind of instant response chats and stuff like that. And it’s like, so now, now we’re going to give them more data. You’re.

Navroop Mitter

[00:23:30:12 – 00:23:32:12]

Talking about Microsoft’s 8-K filing, right?

Matt Calligan

[00:23:32:17 – 00:23:33:08]

Yeah. Yeah.

Navroop Mitter

[00:23:33:08 – 00:23:47:21]

March of 2024. Yeah. Microsoft could not protect Microsoft in a breach of Microsoft by using Microsoft or because I suppose they have staged a laugh about it. Yeah, I yeah, it’s just even more insights into patterns for social engineering.

Matt Calligan

[00:23:47:23 – 00:24:13:00]

In the, in the arc, you know, and you know at the FBI’s post about scatter spider, we all know they get into the teams, they get into your outlook. You know SharePoint. And they look for their targeting. You know, the those people whose jobs it will be to get them off the network executives and legal and er and so now all you’re doing is giving them one more, you know, an entire treasure trove of information about those people.

Matt Calligan

[00:24:13:00 – 00:24:27:22]

They’re coming or going, their schedules when they’re in office, usually when they’re not. So that that’s such useful information to, to maximize the pain of, of, of a breach or a ransomware or something like that. And I just, I personally do a long.

Navroop Mitter

[00:24:28:00 – 00:24:33:00]

Transition commute times. Right are going to be a great point to launch an attack. Absolutely.

Matt Calligan

[00:24:33:02 – 00:24:45:22]

Yeah. And I just I mean, I’m sorry, I just I just don’t trust Microsoft to handle that extra data. Right? I just call me call me a cynic. I just, I think there’s a lot of evidence to to back that one up.

Navroop Mitter

[00:24:46:00 – 00:25:09:14]

Yeah. Switching gears entirely, I think this is a topic that we used to talk about quite a bit with folks, and it’s been a while since we talked about it, but this article I saw on CNN this morning, kind of reminded me that there is a whole ecosystem that is being developed by criminal gangs. It’s almost like they got their own version of venture capital.

Navroop Mitter

[00:25:09:14 – 00:25:27:16]

They got their own version of M&A taking place now, their own version of, you know, cross investments into each other, just like you see on the private sector, the legitimate side of the house. You see the criminal gangs doing the same kind of thing. They’re offering PTO, health benefits, you know, pay packages, commensurate.

Matt Calligan

[00:25:27:18 – 00:25:29:06]

Child care, daycare.

Navroop Mitter

[00:25:29:10 – 00:25:50:07]

Healthcare. Yeah, I’m to be honest, I would be surprised. And so this article in CNN was, you know, kind of related to that. You have these two, cybersecurity professionals. I believe they were both working for MSPs or Mississippis. Yeah, maybe been on the incident response side of the House in terms of their day to day work.

Navroop Mitter

[00:25:50:09 – 00:26:15:21]

And then after hours, they were moonlighting as part of cybercriminal gangs. And what were they doing? They were literally, you know, attacking places and then installing ransomware and helping some of these, you know, these accessory networks or these affiliate networks of the ransomware providers, the ransomware, the service providers actually go ahead and, you know, launch these attacks and then taking their cut of what was then gained.

Navroop Mitter

[00:26:15:21 – 00:26:32:21]

Right? I think the article said something like either 8 or 9 million, 10 million, whatever. It was gained to one case. And one of these guys walked in with a million and a self as part of their cut. For their part, in helping extract that ransom. Yeah, it’s it’s an interesting thing when you sort of see people moonlighting, you know, daytime.

Navroop Mitter

[00:26:32:21 – 00:26:37:09]

They wear the cape of Batman. At daytime, they’re they’re the Joker. It’s kind of interesting.

Matt Calligan

[00:26:37:09 – 00:26:52:05]

Quite well, like, you know, the next step in this we’ve got now, I almost like this gig economy. The next step is going to be like a fiver for hackers. You know, where you pay. You know, you hire somebody ten bucks to do a to do a particular thing.

Navroop Mitter

[00:26:52:07 – 00:26:56:07]

Yeah. They’re kind of arty is actually I’m sure there is, there are. Yeah.

Matt Calligan

[00:26:56:08 – 00:26:59:09]

Fiverr just put a nice glossy, you know, sheen over it.

Navroop Mitter

[00:26:59:11 – 00:27:14:17]

Yeah. No there already is. And it’s not Fiverr. But there are a couple places that are kind of already positioning themselves as places where you can go hire different folks or even sell. You’re aware of your capabilities, your services to your system during those attacks. So that that’s helpful there.

Matt Calligan

[00:27:14:19 – 00:27:15:04]

Well, this.

Navroop Mitter

[00:27:15:04 – 00:27:17:01]

Is the kind of gig economy.

Matt Calligan

[00:27:17:01 – 00:27:42:19]

Is. It is it is and it’s it’s it, it’s it speaks to the scale that these that this entire if you can call it it industry operates under and and it’s, it’s a thing that I continue to pound the table on and that is that, you know, the good guys, are still rigorously enforcing these sort of siloed mentalities around their organization.

Matt Calligan

[00:27:42:19 – 00:28:03:11]

They’re trying to protect where their their the only way to match the scale is with some sort of collective defense approach. Right. But there’s there’s no way that you can you know, you’ve said this before, you can hire your way, to get ahead of the way. The scale of these of these, you know, these malicious, you know, adversaries of various types, whether what they’re doing.

Matt Calligan

[00:28:03:13 – 00:28:03:19]

Yeah. I mean.

Navroop Mitter

[00:28:03:21 – 00:28:08:00]

What they have on their side is time, right? They don’t have.

Matt Calligan

[00:28:08:02 – 00:28:15:11]

And no boundaries. They’ll go use whatever tool it needs to if it. And they’ll partner up with whoever to make something, you know, effective.

Navroop Mitter

[00:28:15:13 – 00:28:47:01]

Fluid, no boundaries and lots of time on their hands. Yeah. And given those two things, they only have to be right once, like, knew quite a bit of damage. Absolutely. And so you do. We do really you need to start to improve the collective defense and you the mutual assistance capabilities. One of the things I’ve been talking to a lot of private equity firms about recently is the fact that, you know, it would behoove them to, at the very least, start to set up their mutual assistance agreements and mutual assistance capabilities, at least among the companies that are in their own portfolio.

Navroop Mitter

[00:28:47:03 – 00:29:06:15]

Right. They have a vested interest in making sure that all of them are better protected and better able to leverage resources, given there is a collective defense problem, and there’s this, we can’t hire our way out of it problem, why not? At the very least, pull together some of the resources across, you know, the private equity and its portfolio.

Navroop Mitter

[00:29:06:15 – 00:29:34:09]

And so we are seeing some of the bigger ones actually talk about doing that. Right. They’re starting to send up a set of shared cybersecurity services that they can use to assist each one of their companies. But I do think the next step in that process is that they start to actually tie together these folks, and that means having trusted communications and trusted identities, because now it’s identities well beyond your organization identities, well beyond those within the you have formal contracts for like remediation response help.

Navroop Mitter

[00:29:34:11 – 00:29:49:02]

It’s going to be a this sort of larger portfolio whose comings and goings you’re not always know. And you’re going to want to be assured that, yes, these are the appropriate parties. These are the people I should be jumping on with. Yes, these are the trusted channels in which we’re going to be having these connections. So yeah, there’s quite a bit there.

Navroop Mitter

[00:29:49:02 – 00:29:52:11]

I think there’s there’s a lot that needs to be discussed in and around this topic.

Matt Calligan

[00:29:52:13 – 00:30:15:05]

Yeah. Trust is going to really be an underpinning factor of all of anything that’s that’s going to be effective from that perspective 100%. Well that’s it for this riff edition I guess this is resolution number two. I appreciate you folks for dialing in here listening to us. You know, run our mouths. I am Matt Galligan, director of growth markets here at Armor Text.

Matt Calligan

[00:30:15:07 – 00:30:36:09]

And just reminding you, if you have a headline, a horror story. You know, maybe it’s a fix or something you’d like us to riff on or, hey, maybe you want to retire. Riff on it yourself. Here. Send it to Lounge at Armor text.com, and you can always obviously catch all episodes, that we record here at armor text.com/podcast.

Matt Calligan

[00:30:36:12 – 00:30:41:02]

So until next time, stay curious, stay resilient, do good work.