== Outro Music == And you are listening to WBAI New York where it's four minutes after seven o'clock. Somebody needs to adjust the clock over there. It's time once again for another exciting edition of Off The Hook. And it's good fun, didn't it though? And that's what happens when you pull a thumb drive out in the middle of playing the theme. I think we should just keep this the whole hour. What do you think, Kyle? Well done. That sounds fantastic. I like that. Sometimes you just stumble upon the most amazing things. Hey everybody, it's Emanuel here with Kyle. Off The Hook is on the air. Joined tonight by Rob T. Firefly. Good evening. What are you, on an airport runway or something? Someone's got a fan going, don't they? No, I think Alex is in nature. Because he's joining us as well. Alex is in nature. Great. Okay, well, Gila, you're there too in Queens. I'm here too, yes. As far away from nature as you can imagine. And Alex is joining us from the wilds of Pennsylvania, is that right? That is correct. That is correct. Good evening, everyone. And you have a tin can as a phone this week? Does it sound terrible right now? Well, I don't know if terrible is the word I would use. Let's say that. It's just a little archaic. I'm going to switch it up. And we'll do a little experiment on air. Okay, you need some transition music? Because we have it. Oh yeah, please. I honestly have no idea how I did that, but I'm not letting go of it. That's one of the coolest things I've ever accomplished. The most useful thing that operating system has done either. Yeah, that's true. We won't reveal what operating system it is, but it's one of the big ones. I'm sorry, Alex, I can actually see you this week. The listeners can't see any of us, and that's to your advantage, believe me. But I usually don't see them, and now I see them. It's very distracting. And we see you for the first time. The angle of incidence is the angle of refraction. Yeah, that looks like horror in your face. That explains it. That is true. So does this sound any better? Yeah, it does sound a little better. I'm just fighting with the board here. Because if I turn you up for some reason, it affects my volume. But I think there's a sweet spot right there. And I think we're all okay. I'm sorry, folks. We have to do this every week. Blame Trump, okay? He's the one that is forcing us to stay indoors because we're not fighting this virus. Hopefully, in a few months, things will get back to normal. Anybody want to give a prediction date as to when we will find ourselves in the studio again? When we'll be able to walk around without masks? When we will be able to talk about something else? And never is an acceptable answer, by the way. Does anyone else have the year 2525 in the office pool? I was thinking 2030. That was a good song. I forget who did that, but that was a good song, yes. What did you say, Alex? I was saying maybe 2030, 2031, something like that, when things return to normalcy. Now, more seriously, though, I think once we return to competent government, perhaps in January of 2021, I would imagine that shortly thereafter, when there is intelligence and competency brought back to the various institutions and the executive branch of the United States, we'll be in pretty good stead. You're being interfered with because your ideas are dangerous, but I think what your theory is is that Trump will somehow get more sense in his second term, and as of January 2021, he'll suddenly start getting it right. That's what I think you're trying to say. There is an implicit assumption there that is absolutely wrong, which is that Trump would be elected again. He was elected the first time, but yeah. The Democratic Convention is next week. In fact, a week from tonight, we will be leading into the Democratic Convention here on WBAI. Do not tune into the major networks. Tune into WBAI in Pacifica because you will hear the kind of analysis and the kind of interesting coverage that you will not hear anywhere else. If you're interested in this whole political scene, you would not do better than to tune into 99.5 FM next week, every night starting at 8 p.m. for the Democratic Convention, and the week after that, the Republican Convention. We're going to try and do special shows before each one of those, focusing on each of the political parties because we feel like they deserve it, and there's a lot to talk about. I think that has a lot of promise. I'm interested in what our coverage is going to be like. I usually tend to just catch up on the edited highlights afterward, but I think this is the year to sit down and actually pay attention a bit. Yeah, this would be the year to do that. Absolutely. Maybe if we had done that a few years earlier, we wouldn't have to do it now as much, but whatever. Anyway, we are back, mostly recovered from hope, mostly recovered from power outages, so I think we will have the closest thing to a normal show that we could possibly hope for. We were thinking of having call-ins, but there are so many hoops to jump through. We need to get a little bit better in shape, but we will try and bring the phones back in the weeks ahead. We're getting there. We're getting there, but you can still write us letters. In fact, we have a letter from JK, which hopefully does not stand for just kidding. I didn't think of that before. You're off the hook. As an information junkie with a passion for lifelong learning and continuing education, I can't imagine a better way to have spent the past nine days than as a Hope 2020 virtual member, or a virtual attendee, rather. This was a deeply enriching and invigorating experience. Hope 2020 was the great beacon of inspiration, encouragement, possibility, and yes, hope, that we all needed as we try to navigate a path through the dystopian nightmare of a runaway pandemic and a federal government led by the most incompetent, corrupt, malevolent president in our nation's history. Let's skip ahead a few pages here. I guess the lowercase key got stuck. It's pretty much all caps from this point. Hold on. There we go. Every speaker was uniquely inspiring, and I'm extremely grateful to them all for generously donating their time to this amazing conference. I admire their impressive achievements, and I'm deeply appreciative for the wisdom and insights they shared. I especially enjoyed talks delivered by B.S. Silab. Did I pronounce that right? I think I did. Yes. Yes, indeed. It's a tough one. Jamie Joyce, Bill Graydon, Bruce Schneier, as well as workshops presented by Joe Gray, Brandon Roberts, Todd Sheeler, and Mark Lamb. I can't wait to binge watch all the talks I missed and rewatch every talk I attended and then watch them in slow motion and then watch them backwards. We'll fill the next however many months or years before the next conference with activities. Thanks to the dedication and commitment of a great volunteer team, years from now, when I look back on this time in my life, it won't simply have been the summer of COVID-19 or the summer when a buffoonish, emotionally unstable president descended deeper down the rabbit hole of his own psychoses. Hang on. Let's skip a few more pages here. Oh, look at that. Wow. Diagrams and everything. It would not have been all that. It would have been the summer of hope. As always, keep up the great work. Best regards, J.K. P.S. Free Donald Trump's tax returns. Thank you, J.K., for that beautiful letter. And please keep listening, keep attending, keep being a part of our community because it really is awesome. That's one thing I've learned this summer through all kinds of different activities, through all kinds of spirit that people have shown. It really is amazing. And, yes, if you have the spirit to give us Donald Trump's tax returns, by all means, our SecureDrop is accessible. Go to 2600.com slash SecureDrop for all the details. It doesn't have to be his tax returns. It can be anything. It doesn't have to be even related to Trump. It can be related to anything, leaks, all sorts of news that's too hot to handle in e-mail. That's why, you know, people need to not send us links in SecureDrop. It's kind of a waste because if you're sending us a link, it's already out there on the Internet. So, you know, it's not exactly something that's really secretive or that you need to keep quiet. It's public already. Send us things that, you know, you would feel uncomfortable sending in e-mail because somebody might know you were sending it. And SecureDrop is, as the name implies, secure. It's all explained on our web page. So, 2600.com, SecureDrop. Yeah, it's the best option if you prefer to add some layers of anonymity. And, yeah, links that are already published, that's not a new submission. That's not a new article. It's already going on. Yes, we appreciate news stories, and that's always of interest. But it's really a way to get a manuscript, a document, some kind of visual aid or recording that we could investigate further. People send us videos. They send us PDFs. They send us all kinds of interesting things. There's really no limitation. And we can communicate with you without ever finding out who you are. That is the amazing magic of it. And the SecureDrop people were at the HOPE conference. They've been at many HOPE conferences. And it's just really awesome to be able to have a forum where these kinds of things can be developed and can grow. And we can all sort of figure out better ways of doing things. Yeah, we want to support the ecosystem and the technologies and people involved that make that happen. And that can also support people trying to share other forms of information and journalists alike trying to do their jobs safely. So it is an important tool of all the resources and platforms we try to be available on, including radio like WBAI. That's right, WBAI, which you can support by calling 516-620-3602. How about that? I remember the phone number finally. 516-620-3602. Pledge whatever you can afford, whatever you think we're worth. Well, maybe multiply that by a few numbers. And say that you listened to Off the Hook. And if you're not near a phone, then that's not a problem. You can simply go to the website, give2wbai.org. And I believe, Gila, there's a way people can actually text their support. They certainly can. You can text the letters WBAI to the short code 41444. And you will get instructions in response that will tell you how to donate. Wow. Yeah, so we're in the 21st century here. But we still need your help to get through the 21st century. Yeah, people being available and in action, we want to be contributing to this community. And the only way a lot of that stuff works is if people find the time, if they divert their attention from all the distractions and obligations that so many of us have. So we appreciate that so much. And letters like that, even news stories for the show. And I'm sure we're going to get to those right away. Well, yeah. But all that contribution really makes us who we are. And that's so important for Off the Hook and, of course, WBAI. There are a couple of stories that I want to talk about because, well, we've been so busy over the past couple of months that we didn't really have time to cover this. We're only on for one hour a week and sometimes not even that. But you guys all heard about the Twitter hack, right? Oh, yes. All right. And you can account for your whereabouts at the moment that that happened, right, I assume? I think I was on Twitter at the time, but my Twitter, my Twitter. Oh, let's come back. Okay, there he is. All right. I thought you were running away. Well, yes, the Twitter hack was historic. And the mastermind was the 17-year-old kid from Florida named Graham Ivan Clark. I guess you can name 17-year-olds in Florida. I guess people grow up faster there. But two other people, Mason John Shepard. You have to have a middle name if you commit a crime. Mason John Shepard of the United Kingdom and, oh, here's the exception, Nima Fazili of Orlando, were accused of helping Mr. Clark during this Twitter takeover. Now, does anybody remember exactly what happened when the great Twitter hack of 2020 occurred? In a nutshell, basically a bunch of what they call verified accounts, which it turns out maybe are not always so verified, tweeted out a Bitcoin scam, just saying send Bitcoin to such and such an address, send $1,000 worth of Bitcoin, and I'll send you back $2,000. And, of course, people reading these tweets that were apparently by their favorite celebrities, famous people, politicians, whatever, thought that their heroes were asking this of them, and some people actually did it. Yeah, I'm looking at a tweet right now actually from Joe Biden. I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled. If you send $1,000, I will send back $2,000. Only doing this for 30 minutes. Well, I mean, what would any rational person think? Of course, you need to act quickly. And he's suggesting $1,000, but why not make it $3,000? That way you'll get back six. If you're smart, you know, the bigger number gets you back the bigger number. That is how millionaires are made. So the fact that so many people fell for that, I think that's the real story, not necessarily the Twitter hack in and of itself. But basically what was alleged to have happened is that Mr. Clark convinced one of the company's employees that he was a coworker in the technology department who needed the employees' credentials to access the customer service portal, and that is how they broke into 130 accounts. Now, of course, their plan quickly fell apart because these people apparently weren't very good criminals. They left hints about their real identities, scrambled to hide the money they'd made once the hack became public, and their mistakes allowed law enforcement to quickly track them down. Now, because Mr. Clark is under 18, he was charged by the Florida state attorney in Tampa rather than by federal authorities. His age also means that many details of his case are being kept under wraps. Federal authorities were already tracking Mr. Clark's online activity before the Twitter hack. This isn't widely known. According to legal documents, in April, the Secret Service seized over $700,000 worth of Bitcoin from him. It was unclear why. Wow. Okay, so this guy seems to have a problem with large amounts of Bitcoin. How he obtains it or what he does with it, I don't know. The hack itself, I think, is the real interesting part of the story because it revealed so much about how Twitter is run and about what people in Twitter have access to, and I think that's the real scandal. These kids goofing around, I don't even think law enforcement should be involved here, except for the money part. The money part is a big deal, and now that they know who did it, hopefully they can give the money back, since obviously they have the money in their accounts. And then maybe instead of ruining their lives and putting them in prison for a long period of time over Twitter, we learn something from this, and we tighten up security a bit, and we also put Twitter in its place and stop taking it so damn seriously. Because I keep hearing about what could have happened if they got into Trump's account and somebody had believed that he was saying all kinds of things that could start a war. That's not the problem. The problem is people taking Twitter so seriously that reading something on it, you just naturally assume that it's legit and that it's a substitute for actual communications. That, I think, is indicative of a real problem that we're having right now in our society throughout every country in the world, where social media is simply transcending real life. And as soon as I heard the FBI was getting involved in a Twitter hack, I mean, it's not even like hacking into somebody's computer where they keep their email or their private documents. It's Twitter. It's a few hundred characters of nonsense, and the real scandal here is the fact that it's accessible by Twitter employees. Those direct messages that you send back and forth, I don't know why people do this. They're not encrypted. The Twitter employees can look at them. I don't understand how that's a substitute for using secure email or some other means, like a signal of communicating back and forth. Alex, any theories? Yeah. I mean, you've made a lot of, I think, interesting and valid points here. One that I don't think I entirely agree with is that you don't think law enforcement should be involved here. I mean, this is a crime. These people committed a crime. They did something stupid. They were very talented, I think, social engineers, very talented social engineers, and they were very good at spear phishing. It seems to have been born out of a combination of spear phishing and social engineering, which for a 17-year-old, or even somebody around that age, to be able to do that for a sophisticated technology company with several employees, convincing them to give them access to these internal tools, and then perpetrating a Bitcoin scam across the entire platform using these verified accounts, yeah, it's a crime, and they should be prosecuted for it, in my opinion. However, they don't need to have the book thrown at them. This is something, I think, where prosecutorial discretion comes into play. 25 years ago, 30 years ago, this would not have been such a big issue. Now it is, and I really feel for these kids. I think the fact that this is a state charge and not a federal charge is actually worse for them because the FDLE, the Florida Department of Law Enforcement, these guys are very aggressive. I've dealt with some cases with the Florida Department of Law Enforcement, and when it comes to anything electronic, when it comes to anything financial, they really go after these kids. And I think that this is going to be an incident where they are going to try to make a very big example out of this handful of teenagers that have been involved in this particular scam. The other thing, the other point on which I want to bounce off that you made, and then I'll hand it over to Mr. Firefly and his much more significant other. The other point is that, and you seem to be hinting at this, we would call this an a fortiori argument in the law or by necessary implication. And the fact that all these kids did with this particular access, this massive amount of power that they had, controlling verified accounts of politicians, really, really famous people, reaching literally hundreds of millions of people through this. The fact that all they did was perpetrate a two-bit Bitcoin scam that really only netted, I think, like $100,000, $150,000. So not too many people were caught up in this. It indicates to me that they could have done a hell of a lot worse. They could have caused an international incident. They could have caused massive diplomatic nightmares between countries by using the verified accounts of these politicians. But the fact that a 17-year-old could do it, here's where the a fortiori bit comes in. That means that by necessary implication, more sophisticated threat actors, state-sponsored type of threat actors could have very easily done the exact same thing. And so I think your point about there being necessary audit trails and necessary levels of protection, several different gates and several different layers of compliance for these particular types of internal tools to be utilized by Twitter employees is extraordinarily important. And that we put so much emphasis on securing the actual accounts themselves without knowing what's going on behind the scenes, what kind of security, what kind of processes and procedures are in place to prevent this type of access from being abused and misused by Twitter employees. Jump in for a second, Alex. You say that a 17-year-old could do this as if that proves how easy it is. I think only a 17-year-old could do this because a 17-year-old still is somewhat naive about the world and somewhat idealistic and thinks that anything is possible, which actually it is. We just forget about that as we get older and have more responsibilities heaped on our shoulders. But this guy, whatever his history, whatever his motives, was able to do something that nobody else could do. And the other people are older than that. I'm not sure how that works legally, if they are charged by Florida State or if they're going to be charged by federal authorities because they're over the age of 18. Do you have any inkling as to how that works? It depends. One of them is located, I believe, in Southern England. Another young person that I think lives with his mother in Southern England, it's possible this could constitute what's known as an extraterritorial criminal offense, which means that the criminal laws of the United States would apply to conduct that occurs outside of its borders. I don't necessarily know. I think those charges remain to be seen, but it does seem like, at least for the individual that resides in Florida and around the Tampa area, this is going to be a very serious state-level charge for them. It's unclear to me how the feds are going to deal with the other two individuals. I think it would not be unheard of to have an indictment unsealed against them in short order. The other thing that I found really interesting about all of this is that when the child, the young man, was being arraigned, the fact that nobody thought that maybe this was something that needed to be secured a bit, so it was in an open Zoom. The arraignment was on an open Zoom, no password, no nothing. Oh, you're talking about something else. You're talking about his arraignment that got – I am talking about his arraignment that got fully Zoom-bombed. Oh, boy. It's this kind of crime, and you're saying, oh, if the 17-year-old who had the ability to do this kind of social engineering, do this kind of spear-phishing, and who's probably got friends, who's probably got acquaintances, why wouldn't anyone think that this would also require some sort of security to go forward with? That was just the question that I had about the whole thing. Well, it had nothing to do with his friends. It had to do with the fact that they were announcing a Zoom arraignment without any password whatsoever, literally opening it up to the entire world, and I think the judge learned a whole lot about security right there and then. Now, did those people commit crimes? Is that something that more charges will be opened up against? Alex, I wanted to ask you, though, when you say that things would be different 25 years ago, why? Why would things have been different 25 years ago? Would this not have been just as much of a crime? Yes, it would have. It would have been just as much of a crime, and I think that quite likely the criminal laws that were on the books then haven't changed all that much in those 25 years, especially at the state level when it comes to things like computer trespass and computer intrusion. They don't change all that much, and you also had the federal law, the Computer Fraud and Abuse Act that was passed in response to none other than war games coming out in Hollywood. But the way in which the judiciary, I think, approached this and the way in which I think prosecutors approached this 25, 30 years ago was much less punitive. I feel like there was an acknowledgment that there may have been an issue with the teenager, with the child itself, that perhaps this person was maybe too smart for their own good, that they wouldn't necessarily throw the book at them and maintain several felonies against this person, that it was much more likely that a case against a juvenile offender would have been disposed of by something like an ACOD or an adjournment in contemplation of dismissal, paying restitution, any kind of situation or any kind of disposition of a case that would not necessarily involve jail time. Nowadays, because there is such a problem with cybercrime, financial crime, wire fraud, any kind of internet-related fraudulent activities, I feel like prosecutors really latch on to these things now. They want to make a name for themselves as being known for prosecuting and having an expertise in prosecuting electronic crimes, cybercrimes. The defendants who may have been ignorant or youthful or otherwise playing around and figuring out the limits of the system are facing very severe criminal charges. I think that's really, really unfortunate because one of the hallmarks of our criminal justice system is that there is something called prosecutorial discretion. That allows a prosecutor to determine, looking at all of the circumstances of this case, is this a person who's a criminal, a hardened criminal who deserves to have felony charges levied against them or is this a child who has done something that he doesn't necessarily understand the implications of and he may need to make some restitution to various parties and do some community service, but perhaps we shouldn't ruin his life. I think the big difference is that 25-30 years ago, it's less likely that a child's life would be ruined. I think it's much more likely today that a child's life will be ruined and a child will be facing imprisonment and confinement for the same acts. The thing that I find really interesting about this is, talking about what this has been different 20-25 years ago, as a user and a student and a critic of the media environment, I am really fascinated by, as you said earlier, how seriously social media is taken these days. If 20-25 years ago, President Clinton or President George W. Bush had gotten a LiveJournal account and made that their main communication tube to the public and then somebody started messing with that, maybe it would have been big news. But I think the reason this hack was such huge news is because it affected the verified accounts, the celebrities, the big money people, the people that arguably keep Twitter interesting and relevant to the vast majority of its users these days. It's no longer somewhere you just go to hang out with your pals. When this hack happened, I don't know if you guys noticed this, but that day, while Twitter was figuring out what was going on, they shut down all the verified accounts. None of the blue checks could tweet. There was a lot of talk going on because you go on Twitter and all of a sudden, it's just your buddies again. It's just the smaller accounts that you're interested in. It was quiet. It was peaceful. No one was inciting international incidents on a major political level. It was almost old Twitter again for part of a day until they switched it all back on because that's where the money is and that's why it's a serious crime now. I think you nailed it right there. I wanted to ask Alex this as well because when you said this is obviously a crime, if you only had one crime to point the finger at here, what would that crime be? It would be fraud. That's very general. Fraud in what sense? They're asking people to send them money and people send them money under these false pretenses. That's fraud. Stealing money, that's the number one crime. I see that as a much more serious offense, a much more concrete offense than the social engineering and the spear phishing issues. Those are obviously big problems that Twitter has internally and externally. This is a perfect example of there being an insider threat problem from an external source. This is something that I think is very unusual from an information security perspective in that an external party has been able to effectively social engineer an inside person to become a threat. That's interesting but I see this less serious than the actual financial fraud that occurred because that's something that could have happened on a much more widespread scale. They did steal some money and frankly, given what you said before, I think that's the elephant in the room here, which is that the Feds did in fact seize a boatload of money, 700 grand or something, from one of the defendants in the past. That indicates to me that these guys were probably involved in some kind of Bitcoin theft in the past as well. This would indicate to me a pattern of that. There are legitimate ways to make $700,000 in Bitcoin. I don't know what they are. If somebody knows, please share that with me. I don't want to jump to conclusions. I've seen the Feds distort stories often enough where everything is not always as it may appear. They might have helped someone across a street. Someone very rich and powerful. The thing is, if I cross Pennsylvania Avenue and I scale whatever that new monstrosity is that they're putting up there and I lie in the grass for half an hour, not moving at all so that nobody sees me and then I just crawl slowly to the building, taking over 45 minutes to get there because you don't want to set off the motion detectors and you don't want the dogs to pick you up. Once I finally get to the building, I find that loose window on the second floor in the corner there and I crawl through there and then make my way down the hallway hiding in the utility closets along the way so that nobody sees me and then sit down in the Oval Office and say, Hey, I'm the president now. I think that's a lot different than me going onto Twitter and saying, Hey, Trump's password is dog and I'm the president there. But we're treating them the same. We're treating something like Twitter the same as a James Bond type of takeover of authority and that's to our detriment. It's not the same. We need to keep reminding ourselves just because you see something coming from a particular account doesn't mean it's coming from that account. It could be coming from all sorts of different sources. That little blue checkmark doesn't mean anything. And real communication is something that should not be substituted by simply short text messaging. I know we're moving into the era now of fake videos where you can make people say almost anything and we've got to be even more careful at trusting what we see, what we hear. If we simply believe whatever we are told, whether it's in the media, whether it's on Twitter, or whether it's looking at what seems to be a believable videotape, let's question more. I think that's the lesson to be drawn from here. I agree with Alex. The financial crimes, those are the ones. Those are the ones that you can't walk away from. That's stealing, and stealing has always been stealing. But simply figuring out how to bypass security, that is what we do. That is our lifeblood here. And what we have learned from this escapade is fascinating. And I think it's highly productive for all of us to know exactly how these systems work. And we should have known this all along, and I'm glad we know it now. And I want to know more. I want to know more about how their system works, about what they can do. I know now that there are Twitter employees who can go through every communication that I have and turn that over to whoever asked for it. Hopefully legitimately asked for it, but as you can see, sometimes illegitimately. These are things the end user needs to know. Yeah, especially when consolidations occur, and there may have been a culture where having access and what you did with that access was one thing, but it changes hands, and perhaps a different prevailing attitude allows a lot more careless access because that same culture doesn't translate over as it changes hands in the market. I just want to read something from... This just puts it all in perspective. This has to do with the hearing. Judge Christopher Nash spent more time rapidly force-ejecting trolls than he did delivering his decision, which was to keep Clark's bail at $725,000, which he could actually cover with that Bitcoin. But the judge had to approve each attendee that joined. There was no way for him to tell from their usernames that they weren't journalists or well-meaning members of the public. Yeah. We just had a conference for nine days where we used Zoom like maniacs, and we were not Zoom bombed once. Why? Because we understand a thing or two about security, and we're willing to teach people these things. But if you don't take it seriously, you're going to get Zoom bombed. You're going to have your Twitter account hacked. You're going to have your systems hacked, and people are going to believe whatever they're told, and that just is wrong. Now, to get a sense as to what these people are really like, it's not that different than a couple of decades ago when we were reading similar stories. This person told the New York Times that he got involved in the scheme because he wanted to acquire unique Twitter usernames. Yeah, that was his crime, wanted to acquire unique Twitter usernames. Even saying that sentence 20 years ago would have been laughable. I just kind of found it cool having a username that other people would want. This person's name, by the way, was ever so anxious. That's their name, three words, ever so anxious. It's an interesting handle. Ever so anxious said in a chat with the Times, he ultimately brokered the sale of at least – this is where I separate sale. It just doesn't seem right to be selling these things. But he ultimately brokered the sale of at least 10 addresses such as drug, W, and L. According to this, they have interest in short usernames like single characters, double characters, all numbers. Wait a minute. We have an all number username, 2600. We do, don't we? Those bastards, they would have come after us, wouldn't they? Prison, they must go to prison. They have to learn this lesson somehow. No, seriously, they could have taken us over. They could have said, we're 2600, and the conference is tomorrow, not today. Or the show, the radio show is rescheduled for 8 o'clock instead of 7 o'clock, and then people would have missed it. That would have been a crime. That would have been horrible. Think of the damage they could have done by saying they were us and having people believe them. When I say it like this, it seems so much more serious. Okay, well, you know what? There are other stories we have to cover as well. But this, I thought, was a very interesting one that we didn't get to cover because we were so busy. And I'd like to know other people's opinions on it. So please write to us here at OffTheHook, oth at 2600.com. That is unless 2600 is hacked and taken over by teenagers in Florida that are stealing Bitcoin. There was this other interesting case about the vaccine, the potential vaccine for COVID-19 that is being developed. Well, it's being developed all over the world, but it's being developed in this country. The National Security Agency said that a hacking group implicated in the 2016 break-ins into the Democratic Party's servers has been trying to steal intelligence on vaccines from universities, companies, and other health care organizations. The group is associated with Russian intelligence and is known as Cozy Bear. Cozy Bear? I'm sorry. It's just, you know, I'm reading a serious story and then all of a sudden you throw a phrase like Cozy Bear at me and it just stops being serious. They sought to exploit the chaos created by the coronavirus pandemic. American intelligence officials said the Russians were aiming to steal research to develop their own vaccine more quickly, not to sabotage other countries' efforts. My question here, maybe Alex, you can help me with this. What exactly is the big deal here? Shouldn't we be sharing this information? Why are we accusing Russians of trying to, first of all, they're not stealing because I assume the data is still there. This data should be shared with everyone so that we can find a vaccine for this damn thing. Well, one would think that this type of information should be freely shared around the world so that, you know, like Thomas Jefferson said back in the 18th century, you know, that somebody can light their candle from his candle without diminishing his own flame, right? This is how ideas travel. And you would think that if any kind of information would want to be shared by countries around the world, it would be information about how to develop a COVID-19 or coronavirus vaccine. However, there is a massive amount of power associated with developing a vaccine first and a almost unimaginable amount of money that can also be associated with developing a vaccine first. And in terms of the power, you really have to think about whoever comes up with this vaccine first. And obviously, you know, we saw the announcements, was it yesterday or I can't even recall, yesterday or this morning about Russia, you know, pumping out their own coronavirus vaccine. But whoever does this first effectively essentially controls the agenda of the entire planet. And that is a massive amount of power for any company or any country to have. And at a time when there is a lack of information, a dearth of information about the efficacy of one way of approaching this or another, and the fact that corona-type viruses have not been given the type of vaccine-related attention that they should have been given over the last several years, there is very much a shortage of information. When there's a shortage of information, nations send out their collectors, their spies. That's when they engage in espionage, not only against their adversaries but also against their allies. Because, you know, we may have been able to get a lot of information, let's say, about the United Kingdom and Oxford University's advancements with respect to the vaccine under development with the Jenner Institute. So anytime there's a lack of information, nations are going to send out their information collectors, their intelligence operatives to exfiltrate data that can be used not only to develop a vaccine but also that data that can be used to make foreign policy decisions and domestic policy decisions for their own population. You know, back in March when we had detected a state-sponsored attack on the World Health Organization, and that's how Flavio Agio and I became buddies, the CISO of the World Health Organization, who was also a keynote speaker at Hope, what scared me most about that was not that the attack itself occurred in the middle of March, and this is the unsexy part of it, but because we had seen that particular actor target the World Health Organization at least a half a dozen times over the last year and a half. And it's those attacks in the past, not the attacks that happen right now, the attacks in the past I think are much more problematic from an information security standpoint and information collection standpoint because if those were effective, then that means you've let the bad guys into your network, you've got the threat actors there, and they are harvesting and collecting information from, let's say, pharmaceutical companies, the World Health Organization, for example, I'm not saying that that's accurate, or any other type of IGO or intergovernmental organization. So, yeah, I mean, I'm not surprised that the Russians are doing this, but I read through the report that came out from the UK, I looked at the IOCs, the indicators of compromise, I wasn't extraordinarily impressed with the data that they had put together, and because every nation knows every other nation's TTPs or tactics, techniques, and procedures, it's very easy to throw up false flags that would make something look like Russia. So attribution here is extraordinarily difficult, and I find it very suspect, and I don't believe attribution data unless I see the underlying reasons for attributing this to Russia. The other thing I think that's really important to note is that Russia, sure, they may have been doing this, it wouldn't be beyond the pale at all, but I think every other country on the planet was doing very similar types of activities, because we needed information to make foreign policy and domestic decisions. That's just the way the world works. And do you doubt for a second that the United States would not be doing the same thing if they had an inkling that there was a cure being developed in a different country? And I don't think there's anything wrong with that. I think, you know, if you have access to this information, sharing it is key to the survival of the human race at this point, and I don't care about the money, I don't care about the power. Yeah, every country will want to control its own citizens. That's to be expected. But if you keep something bottled up and secretive, I mean, do you really trust Trump to do something fair involving other countries? I don't think that's going to happen. And, you know, if we're going to have a legitimate clearinghouse of information, maybe an organization like the World Health Organization is a good place to start, and I believe that's the organization that we are no longer a part of. So we should be the last place to be trusted. Yeah, I mean, we talk about open source, right? I mean, a coronavirus, COVID-19 vaccine is, you know, I think the prime example of something that should be open source type of data here. And if all the data was legitimately out there in the public, there would be no need to resort to things like espionage for one nation to carry an advantage over another. But, you know, that would be in a perfect world where people would share actual and real data about this thing. But because it would give one nation or one company such a monetary and competitive advantage over others, I think we all are operating under the assumption that any information shared is not total, complete and accurate information. And that's just, I think, an unfortunate consequence of the way the world works these days. Well, I think that needs to be changed. And I think if you're a researcher that's involved in this, I think it's your obligation to make sure the information is not kept secret, not simply hoarded by a company to make maximum profits. That is not serving the human race. And, you know, Alex, would you say if somebody had access to this and they simply published it or shared it, are they committing a crime? Probably not a crime. I mean, maybe it could be a crime, depending upon how the information was classified by one's own government. If it was information that was derived from the government, it could be considered perhaps misappropriation of a trade secret if you're working for a pharmaceutical company. But on the other hand, you know, there is obviously a hell of a lot of public interest involved with any kind of vaccine-related data. And so, you know, it would be difficult, I think, to prosecute this kind of thing if you were trying to put it out there in a public domain. I feel like this might be a good place to plug the 2600 SecureDrop link. Well, there are many SecureDrops, but, yeah, we do have one of them. True. Rob, did you have something? Yeah, just that's got me thinking. Can you imagine the optics if, like, somebody released this information that is vital to the future of the human race, you know, cementing their place in history as the next Pasteur or Salk or whoever, and then some company, like, tried to sue them over it and say, no, you shouldn't have done that as the entire world is getting its life saved thanks to their actions? I would love to see them try that. Well, we live in such a crazy world now where that kind of thing is possible. And, you know, we take Twitter seriously as a trusted news source, and we believe that profits come before human lives quite literally. At some point, people have to say, no, this is wrong, and we're going to defy it. We're going to defy it in large numbers. And that's, you know, we've seen that over the past couple of months. We've seen major things being changed as a result of people standing up and saying we've had enough. I think we need to do a lot more of that in the months and years ahead. Yeah, no doubt. I mean, no complaints on my end from that. I mean, I think, look, putting information out in the public domain, whistleblowing, all of this is crucial for a democracy and crucial for, you know, the stability and well-being of the world's population. This is why in the 18th century the founding fathers of this country created the First Amendment of the Constitution, which gives us freedom of the press. And it's why we don't have an exception built into the Espionage Act for whistleblowing and handing over documents and publishing documents that are of a classified nature. It's why we don't have something like Britain has, like an official Secrets Act, because we recognized in the 18th century that this is absolutely critical for a democracy. All right. Well, we're going to have to leave it there because we're out of time. We're out of time. And we will be back next week with another exciting edition of Off the Hook, a pre-Democratic National Convention edition. And you can write to us, othat2600.com. We want to hear your thoughts, your feelings, your theories. And, of course, if you have information to share with us, by all means, send that as well. The world is changing. We are in interesting times. And I think WBAI is the place to listen, to hear how it all unfolds. Remember, 516-620-3602. Pledge whatever you can afford and give to WBAI.org. Support community radio. That's right. See you next week. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back. We'll be back.