Hacked - Lye Detector Test
Episode Date: March 2, 2021Jordan Bloemen & Scott Francis Winder discuss that special something they're putting in the water in Oldsmar Florida. If you like the show and want to make sure we can keep making it, please subscrib...e and if you can visit https://www.patreon.com/hackedpodcast and show us some love. Also - Special Christmas deal! Every purchase of a 2-year plan will get you 4 additional months free. Go to http://nordvpn.com/HACKEDPODCAST and use our coupon HACKEDPODCAST at checkout. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
I'm going to provide you a little bit of background on how water is provided in Pinellas County.
So we put sodium hydroxide into our water supply for a couple of different reasons.
It's super useful for controlling how acidic our drinking water is, and it is a very effective tool in preventing pipe corrosion.
But importantly, you don't put very much in the water, typically very, very little, about 100 parts per million.
Because sodium hydroxide, which you probably know is lie, is pretty dangerous to.
to humans if you consume more than that very tiny little diluted amount.
You remember the scene of Fight Club with Brad Pitt and Edward Norton and he kisses his hand?
I do, I do.
I know a very basic solution is not great for the human body.
So that would make sense.
And like everything that we put into our water, there's a dial somewhere on a screen at your water treatment facility that controls, you know, how much sodium hydroxide is in the water that comes out of your tap.
On Friday, February 5th, there was an awful intrusion into the city of Oldsmar computer system at its water treatment plant.
In Oldsmar, Florida, a city of 15,000 people just outside of Tampa is no exception.
On a computer somewhere in that facility, there's a dial, and it controls how much lies going into the water supply.
And it's kept at about 100 parts per million, which is a very, very low, very safe concentration.
And at 8 a.m., a couple of Fridays ago, someone reached out from the dark and wrapped their hands around that dial and Oldsmar, and they turned it way up.
Why they did it, who they probably are, and what we can learn from it is going to be our subject this episode.
Yikes.
Water systems, like other public utility systems, are part of the nation's critical infrastructure and can be vulnerable targets when someone desires to adversely affect public safety.
someone could mess with the water supply or the power grid or the traffic system has kind of long been a cliche in discussion surrounding cyber crime and cyber warfare.
We've talked about it a lot on this show.
I think because it's a really easy way to get people to understand the stakes of a cyber attack.
That, you know, life and death infrastructure is only as secure as the computers that are controlling it and that like a tech savvy bad actor could do a lot of harm.
And this is kind of about that, but it's also way dumb.
and way more relevant to most people's day-to-day lives.
This, and I'm pretty proud of this one, is the lie detector test.
Here on hacked. Nice.
On Friday morning at about 8 o'clock, a plant operator at the Olsmar water treatment facility noticed that someone remotely accessed the computer system that he was monitoring.
This computer system controls the chemicals and other operations are the water treatment plant.
You can watch the press conference where Penaeus County Sheriff Bob Gultieri stands at a podium
next to Oldsmar's mayor and city manager and announces that their water treatment facility was hacked.
The clip is on YouTube.
It's very interesting to watch.
And one of the journalists asks the sheriff closer to the end.
Are you comfortable sheriff calling this an attempted bioterror attack?
Well, what I'm comfortable, it is what it is.
You can put whatever label you want on it.
What it is is that somebody hacked into the system, not just once but twice, and controlled
the system, took control of the mouse, moved it around, opened the program, and changed the
levels from 100 to 11,100 parts per million with a caustic substance.
So you label it however you want.
I'm telling you those are the facts.
And in order to get into the system, somebody had to use some pretty sophisticated ways
of doing it.
Thanks, Scott. We should probably start by talking about a piece of software called Team Viewer.
Are you familiar with Team Viewer?
I am very familiar with Team Viewer, actually.
Broadly speaking, what is Team Viewer?
Team Viewer is a way to give people access to your local computer from remotely,
or remotely give people access to your local computer.
I know a ton of IT infrastructures use it as a way to connect to their remote desktops and laptops and stuff to provide support to staff.
The computer system was set up with a software program that allows for remote access where authorized users can troubleshoot system problems from other locations.
It's installed on boatloads of PCs and is and can be wildly vulnerable, so that doesn't surprise me at all.
According to Team Viewer's website, what is Team Viewer?
A cloud-based platform enabling global connectivity.
easy to use whenever and wherever you need it.
Designed to provide connectivity across operating systems and devices.
Team Viewer has 200 million users around the world.
And if you've ever used remote access software, you have a pretty good sense of how it kind of works.
You can control a computer it's installed in by logging into your team viewer account on another device.
And in a lot of the discussions I read about software like Team Viewer, and I guess when and where you should,
and shouldn't be using it.
People brought up the distinction between IT and OT a lot.
Scott, what are those?
What is that distinction?
IT and OT.
I think the easiest thing to say is that like IT is a lot of your basic computer systems,
you know, the ones that the people in the accounting offices use,
where OT is more of the hardware level stuff,
you know, the SCADA and the valve controllers and the PLCs
and things like that that actually impact the physical nature.
You know, technology,
that controls physical things where IT is more of a, you know,
fluffier, softer digital space stuff, I guess would be the layman's way to describe that.
And as an IT person, if you found Team Viewer or some software like Team Viewer,
installed on a computer that controlled OT, what would you think about that and why?
Truthfully, I'd probably just assume that it was put there by the IT department
to support the computer that controls the OT stuff.
Interesting.
Team Viewer is on so many people.
computers and so many people download it. My mother-in-law has it installed on her
laptop and it's so that her friends can give her remote support. She's probably done nothing to
secure it. No, she doesn't disable it when it's not required. And that probably exists on,
as team viewers website says, 200 million people's computers. Yeah, apparently it's kind of a meme
in the cybersecurity world. Like I bumped into that a bit when I was reading about this. It's the thing
where when cybersecurity people get into a system,
they almost flinch a little bit when they see it.
Like, it's very common, but is it a great idea at the volume it's used?
No.
It was sort of the sentiment I pumped into.
I haven't used it in forever,
but if I do recall correctly, the default settings for it is passwordless.
You literally just need this number that's generated to connect to a computer.
So, you know, as we talked about in the auto dialers and Zoom dialers,
It's not that hard to generate random numbers and try to connect to them.
The remote access at 8 o'clock on Friday morning was brief,
and the operator didn't think much of it
because his supervisor and others will remotely access his computer screen
to monitor the system at various times.
So the FBI puts out these things called private industry notifications or pins,
and there's like blog posts the FBI puts out.
And the FBI posts a pin a few days ago about the Oldsmar case.
stating that, quote, beyond its legitimate uses,
team viewer allows cyber actors to exercise remote control over computer systems
and drop files onto victim's computers,
making it functionally similar to remote access Trojans,
which we've talked about before on this show.
It is entirely, it is a commercial remote access piece of software.
And the difference between a piece of software that's sold and a piece of software
that's deployed in a bad sense,
is pretty dissimilar.
So yes, you could use team viewer as a remote access Trojan without question.
Like as a hacker, if I gained access to a computer,
I could just install team viewer to use it to come back.
Sure.
It's like the next part of that sentence is what I was about to say,
which is, quote,
team viewer's legitimate use,
however,
makes anomalous activity less suspicious to end users and system administrators
compared to typical routes,
which is exactly what you said,
compared to a remote access Trojan, team viewer might actually be supposed to be there,
which might make it harder for someone to notice when it's out of place.
Totally.
Which is all to say.
It seems this is kind of the first half of what happened.
So nothing else happened from that initial intrusion at about 8 o'clock on Friday morning until about 1.30.
When someone again remotely accessed the computer system and it showed up on the operator's screen with a mouse being moved.
about to open various software functions that control the water being treated in the system.
The water treatment facility in Oldsmar had Team Viewer installed on a computer.
In the press conference from the start of the show, the mayor explained that it wasn't in active use for about six months,
but it was still installed on that system.
And someone somehow found that connection.
And luckily for the people of Oldsmar, for whoever wide open the front door to their
water treatment system was. The security system inside was like pretty good.
After the intruder increased the parts per million from 100 to 11,100, the intruder exited
the system and the plan operator immediately reduced the level back to the appropriate amount of
100. Because the operator noticed the increase and lowered it right away, at no time was there
a significant adverse effect on the water being treated.
Alarm bells sort of immediately went off once that lie content went over a certain threshold,
It was kind of, I think, about a 24-hour delay for the chemicals to actually reach people.
And even if somehow all of that failed,
there are physical impediments to this much toxic material getting into the water supply that quickly.
You know, because like a little pump meant to disperse 100 parts per million,
doesn't really know what to do with a command ratcheted up to a cartoon number like 11,000.
I imagine just having that much base in the water supply probably also caused problems in the infrastructure as well,
all the pipes, you know, any kind of seals.
If it had made it out, yeah.
If this was a plan, a cyber sabotage attack,
as that journalist called it, it was like a pretty bad one.
The question then is, you know, what was this?
Our digital forensics unit has been working all weekend
to try and determine exactly how the breach occurred
and the identity of the person or persons responsible.
And in the days following the story breaking,
there was a lot of speculation.
A couple of the security researchers
who have published about this in the
a little bit of time since it happened, brought up something that you and I have talked about
here before.
Meaning, the answer might lie in our trusted Internet of Things search engine, Showdown.
Scott, can you remind everyone what it is we use Showdown for?
To look for vulnerable IOT devices, notably cameras and other things?
It's interesting and weird that it's legal.
That's a big thing to unpack, but it is kind of wild to me that something like Showdown is legal.
I think the reality is like, you know, Shodan's doing nothing wrong besides highlighting an issue.
So is it Shodan's fault?
You know, we're getting into the chicken and the egg and the, you know, is it the IOT devices?
Will the IOT devices ever be more secure if something like Shodan didn't exist to highlight the fact that they're insecure?
You know?
It's a fair point.
It becomes a, I don't know, that's an interesting predicament that society deals with in so many different fast.
And this is just another one of those facets.
So Shodan, as you said, it's a search engine for internet of things devices.
And this kind of SCADA equipment, these human machine interfaces, whatever you want to call them,
the kind of systems that control water treatment facilities are sometimes indexed on Showdown.
So Scott, say you're bumbling around on Showdown and you bump into one of these pieces of equipment
that controls the water treatment in this town, would we expect that this is going to be locked down?
some way, how are you going to go about taking control of that?
Well, I would depend on, you know, what information was available to me.
You know, if it was just on Showdown, like, I guess my gut instinct is,
it's like you're not really going to gain access to the skate equipment, the OT stuff.
You're gaining access to the PC that's controlling it.
And chances are that that PC had the vulnerability prior to the person finding,
it like it would be it would be more believable to me that this was a random encounter where somebody
randomly ended up on this computer and was digging around looking to see what it was and and and
accidentally turned up the turn the valve turn the knob up because to me like to go from what was it
a hundred or eleven parts per million to 11 thousand yeah it's a hundred parts per million to
11,000 you got. Yeah, so like those are relatively similar numbers. Like it wouldn't it wouldn't surprise
me if are like similar in structure i.e. it contains ones and zeros. You know somebody who has no
idea what they're doing stumbling around a computer inside of a skater controller like a valve
control system accidentally like changes an input field. Here's the thing. This is still early enough
that that might turn out to be what happened. There's a couple more interesting.
interesting data points that come up, but that is super interesting that it could just be a mistake.
Yeah. Like I can't, I don't, knowing a bunch of people that, that operate and exist in this space,
you know, trying to poison and kill a bunch of them is just not, I don't think any, like, you know,
there's already enough legal punishment for cybercrime as it is. I think once you get into like colossal grade militia,
like when you're like maliciousness
like trying to impact the lives of thousands or tens or hundreds of thousands of people
in a negative negative way like the the criminal penalty for that is astronomical
well of course there could be some federal charges a lot of it would depend upon
there's a lot of things and of course there are state felonies that would absolutely apply
and it would be a felony offense like you either have to be a bent sociopath looking to like
destroy the world or you know you're just an idiot it's one
of the two.
I told you the story
was pretty dumb.
So you used a phrase earlier
that is really relevant here
and you said what information
this all depends on what information
is available to you, right?
Yeah.
And I think that's going to come up in a second here.
Obviously, these investigations are very
complicated. Right now we do not
have a suspect identified, but we do have
leads that we're following.
So as the days click on
and the FBI investigates further,
they make another discovery.
And it kind of happens in the second wave of press about this story.
And that discovery starts to clarify what this actually might be.
You know, when we talk about Shodan, that sort of seemed like a viable explanation early on.
It's why people speculated that that's what happened.
Someone discovered this.
And it's kind of compatible with the energy of that press event.
You know, there's a paranoia in that event of this idea.
There's a bad actor out there lurking around and they discovered us.
And they were just waiting to strike and they saw the opportunity and they took it.
Because of this security breach, we are asking that all governmental entities within the Tampa Bay Area with critical infrastructure components actively review their computer security protocols and make any necessary updates that are consistent with the most up-to-date practices.
But three days after that initial press event, the FBI and the state of Massachusetts both released their reports on what happened, which I thought was pretty fast.
It kind of seemed like someone just sort of stepped inside immediately saw what was going on and then just published these reports.
And there's a line in the Massachusetts report that I read twice.
Quote, all computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system.
Further, all computers shared the same password for remote access and appeared to be connected directly to the internet without any type of.
a firewall protection installed.
Without getting into the Windows 7 thing, which for context, I think Microsoft stopped updating
this year and probably shouldn't be on any kind of critical equipment.
Yeah, that's correct.
You know, Windows 7 is kind of seen its lifespan.
And, you know, Windows 10 is a much, much better product.
So if you haven't upgraded, you should.
Without getting into that, the second half of that quote again.
Further, all computers shared the same.
password for remote access and appear to be connected directly to the internet.
Which means that any employee who knows their own login for remote access also knows the
login for remote access to the super sensitive machine that controls what goes into the drinking
water.
Well, it also sounds like every computer had access to the super sensitive control unit that
controls how much goes into the drinking water.
The computer in question had TeamBue were installed and all computers used the same
remote access password.
So it kind of paints a pretty clear picture of what happened here.
Poor cybersecurity infrastructure?
Unpack that more.
You mean that could have prevented it?
Oh, yeah, absolutely.
Like a mission critical computer that controls something like that probably should be air-gapped.
Just saying.
Like, you know, when you want to start fiddling with what goes into the water supply to the citizens
of a town or a city, you probably want to share.
show up and on-site to do that. You know, that's something that requires you to leave your house.
It should require you to leave your house. You know, that's not, that's not something that I would
trust to be just wildly open to the internet. Not having a firewall, also completely reckless,
but I would actually go one step further and say the team viewer specializes in bypassing firewalls
by using, you know, ports that are typically left open or different protocols. So I don't even know if
that would have blocked it.
But still.
FBI Massachusetts both immediately honed in on the idea that this was a disgruntled employee
logging in and mucking around.
Verge summarized and nicely asking,
can you really even call this a hack?
Which I thought was a super interesting way of summarizing it.
Yeah, but even then, like, you know,
you'd have to be a pretty disgruntled employee to try and, you know, hurt.
Like, you'd have to be a pretty messed up person to try and hurt that many citizens.
You sure would.
And if you were a disgruntled employee,
chances are you know that there are other mechanical catches and alerts and alarms
that are going to prevent whatever you're doing from actually causing an impact,
or at least from immediately causing an impact.
There's an interesting question you posed, Scott,
of what kind of person would actually try and do this?
And I want to talk about this right after the break.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere, saw something too late, an alert buried, a signal missed, an SOC that just
couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground
up for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agentic system powered by the swarm
of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic,
agents that handle whole entire workflows. Humans stay in the loop and on the loop to validate the
critical decisions and keep everything trustworthy. And all of this is just off running on their
secure operations graph. A constantly updating intelligence engine fueled by more than nine
trillion telemetry events every week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data. And the result
is the new Aurora agent SOC. It's the first SCC that is agent led by design. You get
agents that coordinate, agents that investigate, agents that respond at machine speed, and hundreds
more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions.
The automation frees your concierge secure.
team to focus on higher value strategy and proactive risk reductions while the agents
handle the grind. If you want to see what trustworthy, production-ready AI and security operations
actually looks like, go to arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up? Last year, 2025
was nothing short of a record-breaking year for major breaches, from sophisticated ransomware
operators to AI-enabled attacks that turn defenses on their head. Organizations,
around the world saw headlines they never expected and cyber security teams were tested like
never before. But here's the thing. These incidents aren't just news headlines. They're learning
opportunities. And that's why Arctic Wolf is hosting a live webinar on February 5th, diving the most
impactful breaches of 2025. Their field CTO and security leaders are going to unpack not just
what happened, but why these attacks succeeded. And most importantly, what businesses can do to
fortify their defenses for it's too late. You're going to walk away with real insights and how
threat actors are evolving, how defenders are responding, and what strategies can help you stay ahead
of the next big breach. It's not fearmongering. It's practical, actionable, intelligence from experts
in the trenches. Register now at arcticwolf.com slash hacked. Have you heard about these kind of attacks
happening at other agencies around the country? I think we anticipated that, you know, this day was
coming. I can't tell you that I know a whole lot about those that we've confirmed have already
happened elsewhere, but you know, we talk about it, we think about it, we study it, but as far as a
specific, I'm not aware of one right now. So I want to work backwards in this section with some
case studies about exactly what kind of person we're talking about here. And I want to start about
as far away from this hack as we can go. And to do that, we have to go to the Ukraine.
Right around Quentin time, December 23rd, five years ago, inside the Piracarpatioablergo,
control center.
I've heard of that one yet.
Inside a Western Ukrainian control center.
Popular tourist site.
If you haven't been to Piarca Petaklumurgo, you haven't lived.
The operator of the center sits down at the desk, and they watch as their mouse skitters
across the screen.
But unlike Oldsmar, which was a water treatment facility, the Western Ukrainian control center
was a power center.
But otherwise, exact same thing happens.
The hacker wrestles away control of the mouse,
grabs control of something on the screen,
in this case a circuit breaker,
and they actually start turning them off,
plunging thousands of people into darkness.
Do you remember this story, Scott?
I do not.
It's super fascinating.
And what's really interesting
about what happened in the Western Ukraine,
isn't that a hacker took control of the computer.
We watched someone in Oldsmart do that quite easily,
about as easily as you sneak into a garage
if you knew where the key was.
Was it that they were also using team viewer?
I couldn't verify that it was team viewer,
but the one white paper on it I read
did think that it had to do with remote access software
that was intentionally installed.
So who knows, that's a bit ambiguous,
but they used the same basic technique.
They just took control of the mouse.
But I think it was really interesting
what would happen in the Western Ukraine
is how small a part of how big what was actually going on
this moment of taking control actually was.
Like, taking control of the mouse
was actually just one tiny part
of three simultaneous attacks
on these centers launching all around the region.
It had been planned for months.
They'd embarked on a spearfishing campaign
to get the right credentials,
and the whole thing worked pretty much perfectly.
Unlike Old Smar, it went off without a hitch.
Since then, Ukraine has been the victim
of what one writer called a digital blitzkriek
of cyber attacks that are almost certainly
coming from another nation state.
I wonder who it would be attacking the Ukraine.
Good question.
Thousands documented every year against their energy systems, their financial systems, their transportation, all of it.
It's an ongoing like digital cold war that they are the victim of.
But it all started and all came back to someone just taking control of some remote access software
and messing with the knob that controlled physical infrastructure, just like Oldsmart.
But a nation state doing something malicious is still different than the, the, the,
the individual actor, the person that you asked who would do something like that, right?
Like, that's just a different kind of thing.
Totally.
So our next stop on our two of people messing with public utilities of large groups of people
for really confusing reasons brings us pretty far from the Ukraine all the way to the Australian
Shire of Maruki.
You are Australian.
Do you think I'm saying that right?
Maruki.
Yeah.
Actually, it's probably pretty close.
Maruki.
Maruki.
So a guy in Maruki.
named Vitek Bodin, applies for a job with the waste management authority.
Wait, his last name was actually Bodin.
Oh, what does Bowden mean?
Well, Bogan is an Aussie slang for like essentially redneck.
So to have the last name Boden is pretty damn close to Bogan.
And if he lives in a shire called Maruki, well, you know, you can probably put one in one together.
Boden the Bogan from Maruki?
Yeah.
So Vec Boden, applies for a job.
with the Waste Management Authority.
And he previously worked for an external contractor, it seems like,
and he sees this job go up, and it seems like a nice place to work from his, you know,
experience with them, so he applies for the job.
VTEC does not get the job with the Waste Management Authority.
And it would seem this really, really pisses VTEC off.
And based on his old job working with Waste Management,
he technically has access to some remote desktop access software.
So can you guess what V-Tech does?
Messes with the waste management facility?
Like the Oldsmar culprit, he took control of the system, and he flicked a switch.
But again, unlike Oldsmar, this all worked.
Vitech dumped, quote, millions of liters of sewage back into local parks, rivers, and the
grounds of a Hyatt Regency Hotel.
Quote, Marine Life died, the creek water turned black, and the stench was
unbearable for residents.
It's a Janelle Bryant of the Australian EPA.
What the, you got two years in prison for that.
Only two?
That's great.
These people, these people fascinate me.
It's such a strange use of that kind of capacity, because we talk about this stuff so much
that that seems kind of like, yeah, they took access of some remote desktop access
software, but I think a lot of the population, that is a level of like sophistication that
to use it to dump poop into a creature.
and like mess up a town's life for a couple months, it's just such a strange choice.
Well, the other thing is too is like, you know, life lesson here.
Life is full of rejection.
And if you're so poor accepting it and dealing with rejection that you have to do something
like that to like, you know, feel better about the fact that you've been rejected,
then you probably should spend more time in a mental health facility than a jail.
Yeah.
That's an interesting point.
So we got the Ukraine, right?
This massive coordinated attack using this technique.
I want to home back in on the technique.
Ukraine, giant attack using this technique and succeeding.
Next story, we have a disgruntled employee using the same technique as the foundation of like
a still larger hack, kind of this weird revenge campaign, and they still succeed.
And now, this month, we have a person sort of casually bumping into this phone.
vulnerability and deciding to mess around, maybe trying to do harm, it's hard to tell.
All centered around this one technique.
When you look at these as a set, like where does your head go?
Do you see any patterns?
Remote access Trojans, you know, not saying team viewers a Trojan because it isn't.
It's usually willfully installed.
But remote access Trojans are typically, you know, classic Windows hack and Unix 2.
installing backdoors into
Unix systems.
But like a remote access Trojan
is, you know,
as old as the book.
You know, we've talked about it before, but like, I think
B-O-2K was the one that made it like super famous.
And like, you know, you had kids getting their friends
to install it so that they could like open their CD drive
and like take control of their computer remotely.
And, you know, that was like a big thing where people were like,
wow, you know, this is super powerful.
You can very easily build
deploy a remote access Trojan.
And, you know, with things like remote desktop, like obviously remote desktop is a little bit
more secure, uses the whole, you know, Windows infrastructure for security, things like that.
VPNs usually house those infrastructures, so you have to connect to the VPN.
A lot of them have multi-factor authentication, et cetera, et cetera.
Team viewer is a much more like recreational product.
Not recreational, but like, you know, personal, pro-sumer.
Sure.
It's not a full security infrastructure, like something like the Microsoft Suite.
So you just get TeamViewer showing up on Windows PCs everywhere.
And essentially, TeamViewer is a remote access Trojan, but it's not a Trojan in the sense that it wasn't disguised.
People willfully install it.
And IT infrastructure is leverage it because it provides really easy remote access to all the PCs that they have to manage, etc., etc., etc., etc.
So it's super commonplace.
But yeah, remote access is, I think, one of the oldest parts of, like, network hacking, like hacking network PCs.
Because usually when you get into something, you want to come back to it.
Remote access is, I think, as far as networked computer hacking goes, is probably one of the staples.
I think almost a year ago exactly to this episode,
you made a bit of a prediction.
And you talked a bit about how the increased reliance on remote access
was going to lead to vulnerabilities.
That is we all have to rely on remote work
because of what's happening in the world,
that increased reliance is going to up the number of these incidents.
And I think this is kind of seeing that prediction a little bit being realized.
When I look for a pattern, I see if not something getting easier,
then more common.
The more devices this stuff is installed in just sort of law of large,
numbers, the more we're going to see these kind of events happen.
Well, thank you, Jordan.
And in a sense, the sheriff from that opening cliff kind of had the right point.
He was talking about, you know, how we all need to be on blast because there's all these really
high-level malicious hackers out there.
And I don't think that's really what happened here, but he was kind of right that, you know,
this should be a warning.
We're all kind of on blast here a little bit.
I think very rarely is the message of this show as simple as keep your cybersecurity hygiene up.
But maybe a year into our collective journey towards this remote work, present future, whatever you want to call it,
it's sort of maybe looking back on all the janky solutions we've cooked up throughout the last year
and thinking about, okay, how do we make these work in the long term?
Because I don't think they are.
Yeah, there's definitely going to be underfunded IT and IS departments.
out there that have flaws and vulnerabilities.
I feel bad for them.
I think everybody, most senior IT people experienced ones know, you know, kind of the
fundamental rules of Internet security and information security.
And, you know, the problem is that it's time intensive, cost intensive, requires perpetual
management, can create other headaches to deal with.
So like something as simple as, you know, a complicated,
to a multi-factor VPN, you know, adds tons of management and support requirements.
You know, it's just the more, the better job you want to do, the more it requires.
And I think that that's probably a problem, too, is people are hitting capacity
or, you know, companies are thinning down on overhead expenses like IT and IS.
So, yeah, I 100% agree with putting everybody on blast.
But the important thing is to put everybody on notice.
And I think that's really the purpose of today is to make sure that everyone realizes this,
these kind of bad actors are out there.
It's happening.
So really take a hard look at what you have in place.
Thanks for listening, everybody.
Sorry for the delay in this week's episode.
It's been pretty busy in the old personal life.
We usually come out last Tuesday of the month and you can expect us to be back on that schedule again in March.
If you want to support the show, rate.
subscribe and tell folks about it.
You find us on Twitter at Hacked Podcast,
and you can support the show on Patreon
at patreon.com slash hacked podcast.
Thank you very much for listening,
and we're going to catch you on the next one.