Risky Business - Risky Business #772 -- Salt Typhoon is truly a national security disaster
Episode Date: November 27, 2024On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: A ransomware attack has crippled US supply chain software pr...ovider Blue Yonder Russian spies hack nearby wifi to get to their targets, but that doesn’t seem surprising? Salt Typhoon’s attacks on telcos are hard to solve and big on impact China’s surveillance state workers sell their access at home Palo Alto is bad and should feel bad And much, much more. In this week’s sponsor interview Patrick Gray chats with Matt Muller from Tines about Gartner’s “spicy take” that the SOAR category is dead. SOAR is dead! Long live SOAR! This episode is also available on Youtube. Show notes Retailers struggle after ransomware attack on supply chain tech provider Blue Yonder | The Record from Recorded Future News Customer Update Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED China’s Salt Typhoon hackers target telecom firms in Southeast Asia with new malware | The Record from Recorded Future News Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned Top senator calls Salt Typhoon “worst telecom hack in our nation’s history” - The Washington Post Privacy-focused mobile phone launches for high-risk individuals | CyberScoop China’s Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED Former Verizon employee gets four-year sentence for sharing cyber secrets with Chinese government | The Record from Recorded Future News Surveillance Legislation (Confirmation of Application) Bill 2024 – Parliament of Australia ParlInfo - BILLS : Surveillance Legislation (Confirmation of Application) Bill 2024 : Second Reading ParlInfo - Surveillance Legislation (Confirmation of Application) Bill 2024 ParlInfo - Surveillance Legislation (Confirmation of Application) Bill 2024 Chris Bing: "Regarding the reported hack of the Gaetz-ethics committee report, the file storage platform (FileShare) that held the document said they weren't hacked. But rather: "this file was shared anonymously which allowed anyone to download. This was not a breach"" — Bluesky Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say Palo Alto Networks boasts as customers coalesce on its platforms | Cybersecurity Dive Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited | Cybersecurity Dive RSF investigation: the Indian cyber-security giant silencing media outlets worldwide | RSF Patrick Gray (@patrick.risky.biz) — Bluesky metlstorm (@metlstorm.risky.biz) — Bluesky Catalin Cimpanu (@campuscodi.risky.biz) — Bluesky Tom Uren (@tom.risky.biz) — Bluesky
Transcript
Discussion (0)
Hey everyone and welcome to another edition of the Risky Business Podcast. My name is Patrick Gray.
We will be chatting with Adam Boileau about all of the week's security news in just a moment.
And then we're going to hear from this week's sponsor and we're hearing from Matt Muller over at Tynes.
And we're going to be talking about some rather puzzling work out of Gartner where they've said that SAW, which is what's that security
orchestration automation and response, SAW is dead except for the new stuff
it's just you know we spend a big part of that interview trying to sort of
divine what Gartner was actually actually meant by all of that so that
one's coming up later but Adam let's get into the news now.
And I'm going to start with a slight correction
because last week I said, well, Jen Easterly is leaving CISA.
She's decided not to stay.
And that's probably for the best because it could get awkward.
Turns out, you know, the US and someone pointed this out to me.
She's a political appointment, right?
So the normal thing to happen would be for her to resign at that time.
And that sent me down the rabbit hole of looking at political appointments in the United States,
and there's like thousands of them, and it's quite unusual, which is why to my innocent Australian
eyes, I thought it was a different situation. But yes, the normal thing is for her to resign. And I
guess her announcing it just means she wasn't asked to stay.
Yeah, I guess so.
Like, I also, that nuance was kind of lost on me as well. But, I mean, the whole American political system is a little bit opaque to us foreigners sometimes.
So, yeah, that's good to clarify.
Yeah, I mean, even some of the people who are sort of appointed through political processes here,
they will survive a transition in the government.
I mean, I can think of, you know, Mike Burgess, for example, who's run ASD and now ASIO. He has served both sides of politics,
you know, and that's not really a problem here. But I guess, you know,
America's just built a little different, isn't it? So, yes, there'll be several thousand people
automatically resigning on inauguration day because reasons, I guess.
Anyway, let's move on to this week's fresh news.
And we're going to start off with a ransomware attack.
So, you know, this is my fault because on last week's show, I said, gee, it's been a while since we've seen a major sort of significant ransomware attack.
And next minute, what do we have here? A major significant ransomware attack, next minute what do we have here a major
significant ransomware attack which is affecting a company called blue yonder and blue yonder does
sort of supply chain management for grocery stores and whatnot but they also have like
hr management uh stuff and it's all sort of as a service uh software they've been absolutely
wrecked um bit thin on details but it's clear they got absolutely wrecked
um walk us through what we know here uh so it sounds like they yeah they have been wrecked uh
they had a whole bunch of stuff um that they provide as a service it appears to be all gone
and their statements on the subject basically are like we're working on it you know things are bad
and there's really very very little detail we don't know for example which ransomware crew was involved we don't know
like what kind of money we're talking about um so not a lot of details there's a little bit of kind
of you know rumors as to like how their technology works and those kinds of things but either way it
seems bad and it's just it's a big it's one of those kind of big organizations that's important
to so many places that you've just never really heard of.
And they're multinational, provide services, you know, all over the place.
So, I mean, it's not clear even kind of what this means in terms of, you know, supply of goods to the companies that use them, et cetera, et cetera.
So other than it's probably bad, we don't know much.
Yeah.
I mean, I'm not expecting all of their customers to like go out of business, but it is a hassle, right?
So Starbucks has had to fall back to, you know, manual processes for figuring out things like timesheets by the looks of things,
because this HR software that they manage for their customers, like that's what it does.
So I think there's a lot of falling back to other processes.
And I think in the context of like grocery logistics, mean it's like what we saw in covert right like some
stuff you might not be able to get but you're still going to be able to walk home with a bag
full of groceries and cooked dinner um but just you know drama and and a significant event and
look if we do look at the the update page from Blue Yonder, it's very vague.
You know, as part of our continued commitment to transparency with our valued customers and partners,
we are providing a further update on the restoration of our managed services hosted environment.
The Blue Yonder team is continuing to work around the clock together with our external cybersecurity firms
to safely restore systems resulting in steady progress.
Blah, blah, blah, blah, blah.
We'll continue to update.
You know, at this point in time,
we do not have a timeline for restoration.
That was on November 23rd.
On November 24th, they say there are no additional updates
to share at this time with regard to our restoration timeline
following our post yesterday.
So...
Very transparent.
Very transparent.
I mean, this feels to me like they're probably negotiating with the attackers because look, if rumors to be believed, we had, you know, Kevin five data all five of their you know data center
environments which if that's the case they're gonna have to pay i mean that yeah if that is
as reported then they are in a tough place as rumen i would i would put it yes um because you
know so many places have not really tested their resilience against malicious events right those kinds of
disaster systems where everything's online in some clouds you've got multi-clouds you've got
cross-data center replication whatever it is it's all online and if you can make it not exist
anymore then starting from scratch is i mean what options do you have other than pay you know yeah
well i mean this is yet one more example
of why I'm against a payments ban.
You know, imagine you're them.
Imagine that rumor is true.
You've lost all of your backups, all of your DR,
all of your data centers are just, you know, encrypted soup
and you can't pay.
What then?
Yeah.
Yeah.
I mean, I guess the other side to that though is if we say
you can pay ransomware you know if they do it really good then that means that ransomware
operators are incentivized to do it really well i think they're already incentivized to do that
though you know what i mean so i i don't know that that's you know much of a much of a case so let's
see what the uh government response is to this as well.
We don't have any information on which crew is behind this.
And normally in these high-profile incidents,
you have some indication pretty quick because the crew will be all over a leak site
putting pressure on the target to pay, right?
So they're saying, we've got all of your data centers.
We've got all of this.
There's no way back.
And, you know, really trying to put the message out there to like investors or you know this isn't a public company in this case i think it's owned
by panasonic but we haven't seen any of that and i do find that interesting as well yeah i mean some
of the leaks in the past when we've seen this have been because like the ransomware crews leak
portals you can kind of like look up you don't necessarily need to know the names or whatever there's no
like secrets in the like web system for who are who the victims are like you can just kind of
increment the number and see who victim number 437 is or whatever else and kind of get hints
so some of the more modern ransomware crews have engineered their systems to be a bit better you
know the chat systems or the whatever the support systems are not you know not wide open like they used to be you know people would be snooping on ransomware
negotiations all the time back in the in the old days so you know depending on the type of crew but
also you know it could be that you know the kind of pressure that we've seen applied to high profile
ransomware groups makes them want to be a little more quiet about this process. So, yeah, we don't know.
Well, yeah, that's the thing.
I mean, we don't know, but normally by this stage you'd have an indication.
You know, you think back to Colonial Pipeline.
You know, whatever.
You just always have a bit of an idea.
Anyway, moving on, we've got a great story here from Andy Greenberg
over at Wired, and he's written up a talk delivered by one of the
team at Valexity at I think it was CyberWalkon. The reporting is a little breathless I guess
because it says Russian spies jumped from one network to another via Wi-Fi in an unprecedented
hack. So basically the story is here that APT28 managed, they had a target in mind in the United States.
So they hacked their way onto a device next door and then used the Wi-Fi on that device to attack their true target through their Wi-Fi network.
Now that's cool.
It's not something that you see often in public sort of incident reports, but it's not unprecedented and it's not necessarily a very new technique uh but you know i mean you've done similar stuff to this in red
team engagements yeah exactly i found some of this reporting just a little bit a little bit
frustrating because yeah as you i have done this i guess it's interesting to see abt28 doing it but
we have also seen them doing wireless proximity attacks, physically driving around or visiting areas near the target
to do this kind of thing.
So it's not much of a stretch to do it from somebody else's machine.
So, yeah.
Either way, it's still interesting reporting, right?
I'm not, you know.
Yeah, no, 100%.
And again, to have figured this out in incident response engagement
is extremely cool, right?
It's very, very cool.
But I just, yeah, I would
be very surprised if this is the first time this has happened. Now, look, let's talk about Salt
Typhoon, because the more and more reporting we get on this, it just keeps getting more interesting.
We've got a bunch of reports here, ones from Darina Antonyuk at The Record. We've got another pretty exhaustive one
from The New York Times by David Isanga and Julian E Barnes. Devlin Barrett and Adam Goldman,
that's a byline for you. And we've indeed got some reporting also from The Washington Post by
Alan Nakashima. And you know, it looks like our day one take on this might have been right, which is that what the Chinese were after is a list of people under surveillance by the FBI.
But there's more to it than that.
They did, it looks like, dip into listening to a few calls and like looking at a few text messages and stuff. One thing that's really got the FBI spooked is that it might have given up sources because the FBI, you know, FBI people calling their sources from FBI phones, that is information
that these attackers may have had access to.
So that puts some of those people in a really dangerous situation.
It also looks like, you know, Microsoft had a hand in tipping the telcos off.
I think their threat team somehow stumbled across some of this stuff.
And that the breach involved going after networking equipment like routers and switches.
So, you know, just bypass that EDR instrumented Windows network
and go straight for the ancient telco gear.
And, you know, in all of the coverage, there's a theme emerging,
which is that these networks are just ancient and they're not properly secured. So I think
this is the process of policymakers in the United States realizing that they've got a
real problem here because this is not going to be a quick fix. Yeah, absolutely. I mean,
I have spent my fair share of time inside telco networks, both from a like, you know,
security reviewing point of view, but also as a, you you know adversarially as a red teamer or whatever um so like telco networks
are a wonderland for attackers because there is so much super old gear there's so much obscures
as you say there's no edr anywhere that isn't corporate windows and if you stay the hell away
from that uh then it's really you know it's easy money inside telcos i mean the hard part is finding where in the network your you know actual
business target is like if it's stealing call data or if it's stealing text messages or whatever
else like actually getting into the smsc or getting into this you know the call call records or
whatever else like that's the the hard part because they're such big networks and the US ones in particular because of their very long history and the amount of kind of innovation
technically but also the kind of commercial maneuverings of the US telco world so many
mergers and acquisitions and divestitures and everything's you know there's so many layers of
technology in there that securing it's super difficult.
It's also difficult as an attacker to find your way around.
But I think the thing that strikes me about this, you know, whole kind of set of stories is,
so on Between Two Nerds, our other show that Tom Uran hosts with The Gruck,
I think it's last week's episode they were talking about telcos
as being like cyber high ground.
Like it's the preferred place
for sophisticated attackers to go
because you have such great visibility
of everyone using the telco,
of all the customers of the telco,
et cetera, et cetera.
And in any big telco,
there's going to be dozens
of different nation states all kind of
duking it out for control of their environment and the idea that u.s telcos are not the same
as everybody else's telcos in that respect in terms of being penetrated by everybody
you know i feel like that's a thing you know us in the industry probably have understood for a
long time and it's interesting watching it come home to roost when the Americans are, you know, the experts at owning telcos.
Well, this is the other thing, right, is that they can't really complain too much about this because they do this to China.
I mean, there's some differences here, though.
So another thing that's popped up is the number of compromised devices that, you know, these Chinese APTs have racked up is just insane, right?
So it's going to be real expensive to clean up.
I think that's one difference.
We saw that with the Barracuda hacks as well, where it's like, okay, you're going and doing intelligence collection, right?
But you've got rumbled.
So now you're burrowing into those devices and you're turning it, you know, you've been snapped, guys.
Like, why make it
expensive to clean up why impose that cost on you know your collection targets that just seems like
a not very nice thing to do and i think it's the same here whereas you know western operations
against chinese telcos i don't think they're going in there and owning every single device on the
network um you know one difference too and this is pointed out in some of the coverage is that
a lot of these american telcos america was quite ahead in developing its telcos right which means
that you know a lot of this stuff was built right for its time but its time was decades ago and
you know so it's not like some all singing all dancing modern huawei uh you know vibe it's just
you know ancient ancient routers and switches everywhere yeah and stuff bought
from vendors that are you know 15 corporate maneuverings old you know been divested or
sold or rebranded or whatever else like it's i love walking through telco data centers because
you see so many old names like i haven't seen a nortel in a long time or a you know uh ascend max
or uh you know all the stuff that from my you know youth working in isps and network
environments like yeah you see all these throwbacks so it's kind of like it's like a vintage shop you
know like going in and browsing through the shelves and seeing all the you know the cool
vintage stuff that's kind of what telco networks feel like to me um yeah so i don't know what the
us is gonna do about it right because we haven't really seen a heap of success in bringing cyber
security regulation to
things like you know critical infrastructure water and whatever else is kind of pushed back
and obviously the incoming administration is kind of anti-big government and anti-regulation
but at the same time this is super serious stuff and telcos you know like if the government turns
around and says to telcos okay you have to do all this extra work you have
to impose all these extra controls and i mean telcos have been doing security for a long time
they're not necessarily great at it but like of of industries that have had to take security
seriously you know telcos are better equipped than average and yet but their entire thing was
stopping people from making free phone calls.
You know, like that's what they optimized for,
which is less relevant these days.
So now they've got to worry about, you know,
state-backed actors trying to do this stuff.
And, you know, actors who are willing to spend
the time and money to develop novel attacks
into gear that doesn't really have great defenses.
It's so good.
It's so much fun.
I love Telco.
So you're available for consulting on this one?
I mean, risky business.
We could branch out into a little Telco shenanigans.
Sure, why not?
Now, speaking of, there's actually a company in,
there's a startup in the United States that's doing some interesting stuff around Telco.
It's called Cape.
And I'd heard of it a few times.
Like it's starting to hit the headlines now.
And the idea is they're selling like a privacy
and security focused like Android phone,
but they're also running the network.
They're like a, you know,
mobile virtual network operator or whatever.
And the idea is they can secure people
against SS7 style attacks and whatever.
It just, you know, give their customers a connection to a network
that is not one of these, right?
Now, obviously this won't help
those people who are talking to the FBI, right?
Who might've received phone calls and whatever,
but you know, pro tip to the FBI,
maybe get your sources to install Signal.
That might be a good idea
and don't just call them on the old telephone
out of FBI HQ.
Just a little OPSEC tip for you there, guys.
But I do find this idea of CAPE.
And, you know, I've spoken to their advisors and stuff in months gone by.
Dmitry Alperovitch is apparently an investor.
So I guess he made his decision on that one.
And, you know, it's a really interesting idea i wonder about the
i wonder how much of a moat it has as a business because i can imagine they'll pick up a lot of
u.s federal contracts and then companies like talus or lockheed or you know raytheon or whatever
might go hmm nice business and then spin up their own uh uh you know virtual uh mobile networks but
you know you and i have discussed this as well over the last couple of months.
What do you think of all of it?
I mean, I think it's a good idea.
There are a number of things in the telco world
that are difficult to solve at the edge of the network, right?
I mean, end-to-end messaging with Signal, whatever else,
it buys you a lot, right, in terms of confidentiality.
But, you know, there are things,
and you mentioned the SS7, for example,
and tracking and, you know, kind of metadata leakage and call records and stuff like that that you know you can't really
solve at the network edge you do have to do that in in the middle of the network and you know having
a telco for whom security was a priority as opposed to a like kind of thing that as you said
they have to do to stop people stealing stealing phone calls or whatever but like some things like sim swapping for example right
that's about making the telcos processes easy for them and easy for customers and it's not about
securing that against malice as we have seen with the amount of sim swapping so having a telco where
this was a value that they cared about and it was part of their you know like value proposition
their customers like you know that would be a good thing there is a lot of fiddle in
here you know because running an mvno you know is you know there's kind of different levels of
integration and and stuff you can do with the telcos that are providing the equipment and so on
and so there's a bit of technical fiddle in there but that stuff is so much easier now
yeah in modern mobile networks than it ever was and also you can get rid of a whole bunch of legacy stuff, you know,
that would make you less vulnerable to the sorts of things that current telcos have.
So like overall I like it as an idea, like business model, like are people willing to
pay?
Oh yeah, there's enterprises and governments and you know people will pay
there's definitely a business here I just wonder how successfully you can
defend a business like that when you know there's other companies out there
who have existing contracts with all of those sort of people right that's more
that's more what I wonder about there's definitely a market here 100% yeah no I
think and I think obviously the timing of this,
given the amount of focus that mobile
and then comms networks in general
are getting with this optifoon thing,
they're in a great place.
If they started a couple of years back
and they're ready to roll with some solutions
to this problem right when it's hitting the zeitgeist,
then top work there.
But yeah, I'm technically curious
about the gubbins, of course. but well it's funny because one of the um advisors actually reached
out uh a month or two ago and said hey do you guys want to you know want to take a look at this
i was like well we are in australia and new zealand do you have agreements that would actually
get us data and they're like oh yeah no the advisor said so that's a shame i mean i'm guessing
the phones would probably work here but you know their but their data bills by giving us a free trial
would rack up pretty quickly.
Yeah, probably.
And roaming is also fiddly.
There's a whole bunch of extra kind of things
you have to worry about there.
That whole roaming interconnect network,
also a very interesting place to go.
Yeah.
Anyway, it's just one that I think is interesting.
The time is right, as you say.
Let's see how they go.
But good luck to you at
cape uh moving on and you know we've been talking about chinese espionage i think there was a real
turning point for our understanding of how the whole chinese ic slash surveillance apparatus
works you know big turning point for that was the really the isoon leaks where we realized that wow
everybody's broke nobody likes their jobs
um and we got an another great piece from uh andy greenberg at wired here today uh looking at how
people who are working in the surveillance apparatus are like selling their access to
like shady data brokers who then on sell this data uh to telegram this was a this was a talk at uh
cyberwalk on as well where the people doing the
talk actually managed to buy information on like chinese government officials and ransomware crews
and whatever and this made me think like geez what an opportunity for cia nsa fbi to just go
and buy the information on the people uh they want this is a huge national security issue for
uh china and it's a it's a vulnerability that the West
would do well to take advantage of, if I'm honest. But it's a fascinating story all around.
Yeah, yeah, it really is. I'm looking forward to actually seeing, because the talk, I think,
happened a few days ago at CyberWalkOn. So I haven't seen videos or anything posted on the
internet. I'm certainly interested to see it because the previews, you know, are always fun, but, you know, you want to see the actual thing from the researchers.
I was kind of struck by, you know, we've talked a bunch of times about the US data broking ecosystem where you can, you know, buy all sorts of, you know, sort of vaguely public data, but sort of aggregated and searchable and so on and how that kind of provides a force multiplier and then this is the same thing
but in the Chinese underground where you've got all these underground sources data breaches and
leaks and and public sources that are scraped but that also combined with paying government employees
to provide search access into their work systems and you know the ice and leaks illustrated for us
and Andy's story also points out that you know at
some point uh some of these people who are you know work in these environments make really not
very much money at all and the sorts of money being offered by the people doing this data broking
is you know like a third of a year's salary a day kind of thing. It's pretty compelling. And I think absolutely that, you know,
economic disparity of the Chinese surveillance apparatus
is a thing that the West could probably, as you say,
take pretty good advantage of because it's one of the, you know,
China has absolutely taken advantage of, you know,
these same kinds of things in the West.
So, you know, if we're going to compete.
This is deeper access.
Like this is amazing, you know.
More so than just data broking.
Like this is actually helping yourself to these internal systems.
And, you know, you think about the amount of grief the FBI got
for searching some of its stuff without following,
entirely following all of its procedures, you know,
with the, what's the Pfizer 702 data set,
for example.
Like, imagine just being able to pay really very little money.
Ten bucks a query, yeah.
Yeah, and search that by Chinese, and it says Chinese were equivalent of that.
Yeah, these researchers were from SpyCloud.
They did say, though, that some of the brokers, these underground brokers, like, they wouldn't
let you, you know, get information on sensitive people like, you know, party officials and whatever.
But they'd always, you just ask the next one and they'd cough it up, right?
So that's pretty interesting.
Looks a little bit different on the US side.
John Greig has a report up for the record about a former Verizon employee who's just been sentenced to four years for sharing so-called cyber secrets with the Chinese
government. So this was a 59-year-old IT worker living in Florida by the name of Ping Li. So I'm
guessing he has some sort of connection to China just based off his name. But yeah, he's been
supplying all sorts of information to the MSS, which is, you know, you think four years, gee,
you got off pretty light there, guy. Yeah, and this is an interesting story
because, I mean, he'd been at Verizon, what, 20 years,
I think it said, something like that.
It's like quite a long time.
And there's no word in the stories that I've seen so far
about kind of what his motivations were,
whether it was purely financial,
whether it was family connections or history
or, you know, pressure from the Chinese government.
We've seen, you know, all those tactics used
by China's intelligence services
to have their diaspora do things for them.
But it's a good reminder that these kind of insider threats
are not just about ransomware, not just about cybercrime.
They are very much also a thing that you have to think about
from an intelligence lens.
One thing that's interesting is that he got tasked with looking up information about these
Chinese breaches of US telcos.
So it kind of makes sense, I guess.
They'd be interested to know what their adversary knows about their operations.
So yeah, helpful for them, I suppose, having an insider.
Yeah.
Now we're going to talk about my favourite story of the week,
which just proves Australia is built different.
So, of course, Australia and New Zealand were all over the ANOM thing,
the investigation.
I think here it was called Operation Ironside.
And, you know, this was, of course, where the FBI
and Australian Federal Police were distributing
and selling crime phones to people,
but they would send, they would carbon copy every message where the FBI and Australian Federal Police were distributing and selling crime phones to people,
but they would send, they would carbon copy every message sent over the network onto a government server. Now, where this gets interesting is the Australian Federal Police, I think we're using
like computer access warrants to retrieve the material from those servers, which means they
didn't, I don't think they actually got telecommunications interception warrants,
which are quite hard to get, right? So they were they were just like well the data's just sitting there on that server
so we just grab it off that server and that's fine we don't need an interception warrant so it looks
like there's you know this has turned into a bit of an avenue of appeal or it is threatening to
turn into a bit of an avenue of appeal and the way it goes is that, you know, the appeal, someone appealing this could argue that the parliament didn't intend for these laws to be used this way.
So the Australian parliament, the federal parliament is passing an entire act of legislation which says this is actually what we intended.
Right. So this is just going to seal off an avenue of appeal. I've linked through
to the, you know, the homepage about this bill and then the explanatory memoranda and whatnot.
But I just think it's real funny where, you know, the sort of people who got caught up in that
sting here were very serious criminals, a lot of them quite violent. And, you know, they've got
really good lawyers on this. And you can just imagine being. And, you know, they've got really good lawyers on this.
And you can just imagine being that lawyer saying,
aha, we've got an avenue of appeal.
We can drag this out for years.
And then the federal parliament passes a law to clarify,
you know, what this act is, how it's supposed to be used.
Like it's called the Surveillance Legislation Confirmation
of Application Bill 2024. I just think this is um kind of funny actually if i'm honest yeah no no that
that is kind of funny and i guess you know it's it seems strange to have a government that's so
like nimble and responsive in a way you know looking from uh you know comparing to everybody
else's government so yeah i, good work, Australia.
And it'll be interesting to see how this changes
any of the cases that are going on
that are trying to challenge the process
that the Anom system went through to bust them all.
It is funny though that they're saying,
well, we didn't intercept the telecommunications thing,
you know, data here.
This was just data sitting on a server,
which happened to have been carbon copied there
by the design of the system.
But, you know,
I don't really feel sorry for the people
who are being charged by this thing.
Another quick update,
like a day after we recorded and published last week's show,
you remember we talked about that,
I think it was a New York Times report
that said that testimony by witnesses,
you know, in a civil suit
against the then Attorney General nominee, Matt Gaetz,
the New York Times reported that, you know,
documents had been hacked.
And we said, I don't know,
that kind of sounds like someone accessed a file share link.
We got a Blue Sky post here from chris bing that
suggests that that is indeed what happened so it looks like we were right on that yeah apparently
uh there was a file stories button called literally file share no share file share file share file um
that yeah it was one of those like if you've got the link you can download the doc um and someone
had the link and downloaded the doc so yes exactly as it kind of
you know we had no resourcing on that it was just kind of like vibes yeah it was vibes but the vibes
were strong the vibes were good as it turns out go those vibes uh now we got one from joe cox over
at 404 media which is looking at the way uh that money launder is connected to uh mexican drug cartels are you know using tether which is a you
know stable coin as we all know it's an interesting write-up like it is an interesting write-up and
i think it's pretty funny that some of these launders are still using uh exchanges and whatnot
like binance um but you know it's really good to get this stuff out there and on the record
about criminal use of crypto because we're just gonna to, you know, it's already sort of become the standard way for many transnational crime syndicates to move money around.
Like, that's not surprising at all.
And frankly, a lot of this activity, it doesn't ever need to leave the blockchain.
You know, you really only need to
launder and pull out the money that you want to spend you know why not just leave it in the
blockchain and then when you need some money it looks like some of these mexican money changers
will buy tether at a discount because they know it's illicit and then they can have a store of it
and then you know move it along into to some launderer who might pay you know certain number
of cents on the dollar and whatnot so this is this is just a little snapshot of of what it looks like but you know
crypto has been used for you know international payments in in large-scale drug trafficking for
a long time yeah i mean it's kind of the point of crypto really there isn't much there isn't much
else to do with crypto other than scam people hodll it, or use it for crime, right? I mean, there's,
what other purpose does cryptocurrency really have? The thing that I found really funny in
this story, though, is that Jokox reaches out to, like, you know, Binance and Tether
to ask them about it, and they both say, look, cryptocurrency is on the blockchain,
it's the most robust against money, you know, against anonymous use of money
compared to cash because, look,
all the transactions are there for everybody to see.
So therefore, we're better than cash.
We're better than the other financial systems
because of our extensive logging and traceability.
It's like, well, I mean, you say that, but...
Yeah, but they're still doing it, aren't they?
Your customers are voting with their, you know,
with their illicit dollars right there, buddy buddy they're voting with their digital wallets yes
but you know look my point is you don't need to really launder it until you want to spend it like
if you're looking to buy a whole you know truck full of cocaine from mexico you can just zap some
tether down there when they need to buy something they can just zap some tether down there when they need to buy something, they can just zap some tether around. Like it really, you know, you don't need, you know, the whole operation doesn't need
to be in cash.
You can just run entire arms of these types of syndicates on chain.
Right.
And I think that's what they're going to do.
And that means you can take a bit more, you know, because storing it as a store of value
and ready to spend, ready to transmit funds, you know, you don't a store of value and ready to spend ready to transmit funds you
know you don't need to launder it at that point um if you if you're you know doing self-hosted
in particular right so i i just find all of that pretty interesting um and it's yeah it's well and
truly i mean i spoke to people like i knew one guy who was kind of involved at a pretty low level
uh in the drug business i the reason i can speak about it now
is he is dead um and drugs killed him um but you know speaking to one of his friends um and i mean
this is like 11 years ago and they were all over bitcoin uh for doing international payments and
whatnot so yeah this is is very much not new and um i think yeah some of the stories that are yet
to come out on this will blow people's minds now speaking of lots of money uh we're going to talk
about palo alto networks so palo alto is doing earnings calls and it's all backslaps and high
fives because they're doing platformization deals,
apparently, according to this reporting
from Cybersecurity Dive.
And this makes us unhappy.
This is a company that is now worth
$129 billion US dollars.
Its share price has forexed
over the last five years.
And you look at the other story
about Palo Alto
that we've got in our run sheet,
and it's about Shadow Server spotting 2,000 Palo Alto networks out there.
They found artifacts on them that suggest that they'd been compromised.
Yeah, this is the firewalls with the bug that we talked about last week,
the auth bypass, prevesc, like super dumb bug.
And they're all owned.
And they're all owned. they're all owned and these guys
are laughing all the way to the bank when will the wicked be punished adam that's it's a great
question we are very much here for the wicked being punished on this show and uh oh pan i mean
that bug last week was just so dumb and then the like the process by which it was you know like it was sold on a on a crime
forum or underground forum somewhere you know as zero day without palo knowing the details of the
bug and then they were kind of like offering weasel the advice and then you know the i mean
okay yes it's in the management interface yes you shouldn't put the management interface on the
internet and they told the customers not to do that but they're just like the whole process of
this did not fill me with confidence and then when we saw the actual bug itself you just want to smack
yourself in the head so it's particularly galling to then see them as you say like laughing it up
yacking it up on their earnings calls so yeah and they're disputing shadow for shadow service
findings here as well which i you know i think i know whose side i'm on with that well exactly
yeah i think palo alto network said uh well we can't confirm the exact number of customers that got
wrecked uh i can tell you it's a smaller number than the one that shadow services yeah by how
many by two by a hundred like they don't say yeah like they've certainly lost the uh you know the
benefit of the doubt there when you come out.
And Shadow Server is a bunch of volunteers,
and they're not always right,
but Shadow Server is absolutely working in the best interests of the internet,
and Palo Alto probably not.
What sticks in my craw about companies like Palo Alto and Fortinet,
which is another tens of billions of dollars company?
I mean, look, Palo Alto could issue a bunch of new shares and raise half a billion dollars tomorrow
and go spend that on fixing this stuff.
They could announce their bold plan to stop this sort of stuff happening.
And they just haven't.
They're just not interested because, hey,
we got good stuff to say on the earnings calls.
It drives me nuts. It's everything that's wrong with this industry, got good stuff to say on the earnings call it drives me nuts it's
everything that's wrong with this industry i'm sorry to say and you know we're lucky we get to
be selective uh with our sponsors on this show which is why we don't do business with companies
like that and you know just so yeah anyway consider them told yeah exactly big old risky
biz middle finger to palo Alto Networks.
And Fortinet.
Don't forget about Fortinet.
We'll never forget about Fortinet on this show.
Yeah.
Yeah.
And, you know, another interesting thing, you know,
I had that discussion with the Sophos CISO way back when.
One thing that was interesting there is I was saying to him, like,
you know, why aren't you putting better controls
on those management interfaces?
Like, because we've got this entire other path for people to manage our devices via the like soft
us cloud service thing and it's like the people who don't use that who are who are getting rinsed
and we tell them don't do this don't put it on the you know i still think they need to figure
something out in terms of making that start making that stuff safer for the people who absolutely
insist on putting it out there but at least those guys are thinking about things they're doing some interesting hackbacks against you know people
targeting their their devices you just don't hear much from Pan or Fortinet and I know there's very
good people at both of those companies but they need to be empowered it's just not good enough now
it's a love story it's a beautiful love. This next story that we're going to talk about because, you know, we've talked many times about the security researchers at Qualys and about how much you love their Linux security research.
And it turns out, Adam, the feeling is mutual.
No, you're all going to need to get a room because at the end of the advisory we're discussing today, we actually have a shout out to you, which is we also thank Adam Boileau, Metal Storm, and Rodrigo Branco, who is BS Damon, for their very kind words about our work.
They mean the world to us.
So there you go. Well, I mean, A, I'm glad that they have heard the nice things we've had to say
Because no one seems to know who it is at Qualys that does this amazing old school, you know, beautiful research
And I'm glad they are at least listening to us
So hats off to you as always
And this one is straight out of their regular playbook
This is a set of bugs in a service called Need Restart
Which is a set of bugs in a service called need restart which is a component of
linux systems i think primarily ubuntu maybe that kind of figures out after you've installed
some software upgrades which running processes could do with a restart to pick up those updates
and they found some bugs in this process that lead to local privilege escalation.
And the nature of those bugs just warms my heart.
These are exactly the sort of bugs that I love and that I have dug up and used in many Unix boxes over the years.
So things like if this tool wants to figure out if a Python process is running, a Python interpreter is
running, and it uses some libraries that got patched, it needs to go nose into that Python
runtime and kind of figure out what it's using. And it does that by and large by running the Python
binary and querying what libraries are installed. And you can, the bugs mostly revolve around
tricking the privileged need restart process
into running an attacker-controlled
or attacker-influenced Python or Perl or Ruby
or whatever else scripting language environment.
And it's just a beautiful set of research.
And, you know, the sort of bug that is exactly
what you want in a local privilege
because there's no memory corruption there's nothing unreliable it's just straight up please
run code that i provided in a privileged context thank you very much um so solid chef kiss work
there you go uh so everybody's everybody's happy there uh that's wonderful hope they're still
listening shout out to you now one thing i want to address really quickly is we were actually mentioned in a Reporters Without Borders write-up
on this whole shambles involving the Reuters coverage of an Indian spyware firm. Now, of
course, this has involved a company called Appen. The founder of Appen sued Reuters,
somehow got an injunction in a court in India.
So Reuters had to pull down the story.
Where we got involved is my colleague, our colleague, Tom Uren,
had written up a short analysis of the Reuters article.
And Tom's work, his newsletter, is actually syndicated by Lawfare.
So it was published to Lawfare's website.
Lawfare got a legal threat demanding that we take it down.
I mean, all we really did was link to the Reuters story.
We didn't even mention the founder.
We didn't mention the company.
But they came in with this extremely aggressive legal threat.
And this was after, of course, the Reuters story had already been removed.
Now, from our perspective, so the reason I'm mentioning this is
Reporters Without Borders cite us as an outlet that basically pulled down our content in anticipation
of intimidation. And I don't think that's quite accurate. And they also said we didn't give a
reason. So there was the intimidation to Lawfare. So they were the ones who actually received the
takedown request from the solicitors in that case. But, you know, it was based off our content. So they were obviously going to come for
us next. Now, the reason we took it down had less to do actually with the intimidation and more to
do with the fact that what we had published was an analysis of an article that was no longer published.
So it was sort of difficult when we hadn't done any of the primary news gathering or verified
any facts or whatever, and a court in India had said that that story needed to be nuked off the
internet and Reuters lawyers themselves understood that they had to do that. It was very difficult
for us to then leave that online. So we just thought we'll take it down.
We'll wait for the Reuters story to eventually get restored,
which it has been, and then we'll put it back.
We haven't put it back yet, but we will.
But yeah, so I don't think it was fair to us to say that, you know,
we just pulled it down in anticipation of intimidation.
There had been intimidation, but ultimately the call to remove it had more to do with the fact that you can't let an analysis of an article stand when the masthead that's published that article has then pulled it down.
It was just one of those situations.
So just wanted to get that out there on the podcast.
And the last thing I want to mention, too, is that we have all joined Blue Sky.
And we can all be found on Blue Sky.
I'm just Patrick.risky.biz
because you get domain validated uh usernames over there uh you are metal storm m-e-t-l-s-t-o-r-m
tom is tom.risky.biz and uh catalan is campuscody.risky.biz and i gotta say i am quite
enjoying being on a twitter-like platform without the, you know, crazy racism, violence,
and also just the copious volume of filler content
that you find on X these days.
So, you know, it's sort of like blue skies giving me, you know,
Twitter eight years ago vibes.
How about you?
Yeah, I mean, I've only just joined up
because I kind of had resettled
over on mastodon with the other nerds um but it is weird how much it feels like twitter and there
are people who basically i haven't really been in social media contact with you know since i moved
over to mastodon that are just there on blue sky doing exactly the same things that they were you know kind of before twitter
fell apart as well so it's kind of it's it's kind of it's weirdly familiar um even the color scheme
is weirdly familiar so like i'm cautiously optimistic about it like it just it feels
like old twitter and you know old twitter had its moments you know so yeah it did it did everybody
climb aboard i didn't realize how reluctant i'd become to, you know, posting on X.
I mean, I still was every now and then, but it just didn't,
I didn't enjoy it anymore.
You know, it feels dirty every time you go to there.
You feel like you've got ick on you and you have to go have a shower
afterwards.
Yeah, I mean, I haven't posted on there in a couple of weeks
and it feels good, man.
It feels good.
I mean, I still fire it up, check to see,
because there's still some stuff there that you're not going to get elsewhere um you know i might post the
occasional uh post you know linking to work that we've done or whatever but apart from that like
you know for the fun posting i posted a clippy meme the other day a pretty dark one that was
that was cool you saw that i did see your deck memes pat yeah. So I'm back into, you know, I've rediscovered
my love of posting. So see you all over there. But Adam, that is actually it for the week's news.
Thank you so much for joining me as always. And I look forward to doing it all again next week.
Yeah, thanks so much, Pat. I will talk to you then.
It is time for this week's sponsor interview now with Matt Muller over at Tynes.
And, you know, Tynes, of course, make a terrific automation platform.
And they were puzzled somewhat by a statement from Gartner along the lines of SOAR, which is, you know, security orchestration automation response, SOAR is dead, which is a very odd thing to say,
given that large language model technology is just breathing all sorts of new life into
that category. So a big part of this interview is Matt and I trying to divine and analyze and
kind of understand what on earth Gartner was talking about there and why they're wrong,
basically. So here is Matt Muller from Tynes.
Enjoy. Gartner said that SOAR is dead, which I think is a pretty spicy take for Gartner.
And, you know, this may be a weird thing to say for somebody who actually works at a next-gen
security automation company, but like, I couldn't disagree more. I don't think SOAR is dead.
No, I mean, I think it's a bizarre thing to say. Like, we're on the cusp of the AI age,
and one of the big things that AI is going to be really good at is automation. So it seems a
strange thing for an analyst firm to come out and say that automation's dead.
But what exactly did they say, Matt? I mean, why don't we start there?
Yeah, I mean, I think, you know, the general gist was that SOAR was a category that sort of never
got off the ground. And, you know, now what we're sort of seeing generally, if you look at some of
the marketing terminology is that, you know, the next generation here is hyper-automation and
autonomous SOC and fun terms like these. But if you look at what, you know,
SOAR actually stands for, right, just security orchestration, automation and response, like
automation is still a very big thing that is still happening across a lot of companies.
Last time I checked. Yeah. So, I mean, are they, I mean, so this is typical sort of analysts being
analysts, right? So they're not saying that the concept of doing orchestration and automation is dead. They're just saying, as you know, that category as it existed previously is dead. Is that
kind of where they're coming from? Yeah, I mean, they said, you know,
SOAR is dead, the category is dead. Now the new thing is hyper automation. And so, you know,
I actually googled what is hyper automation. And the first search result, you know, brought me to
the IBM website. And I actually have a direct quote,
which is hyper-automation is the concept of automating everything in an organization
that can be automated. The difference between automation and hyper-automation is often unclear.
I'm like, are you serious? Like this hyper-automation, it's often unclear,
right? Like this is the thing that is replacing automation is just more automation yes yes it's the same thing but faster and more of it so okay thanks
for the thanks for the clarification uh on on on what they said so i mean it's probably a good
thing to point out here that tines is at the moment really embracing stuff like LLMs to drive, you know, simple decisions for automation purposes.
Like we had your founder on a demo recently showing off like your chat
service where you can just ask computers to go and do computer things,
which was, which was pretty cool. I mean,
how is that all unfolding at the moment?
Like what's the competitive environment for that looking like?
Are there more and more companies doing this? I guess I'm just asking for your sense of, like, uptake, development,
innovation, like, how's this space evolving now that AI has come into the mix?
Yeah, I mean, I think evolution is definitely the right word for it. And what we're finding
generally is that, you know, the toolbox of tools that's available to security
practitioners is just growing, right? Like AI isn't necessarily displacing traditional automation,
it's supplementing it. And when you start to see these combinations of human plus deterministic
automation plus probabilistic AI that can sort of act as a human analyst that
never gets tired. Now all of a sudden you start to see these really cool combinations of things
that people can then go automate. So there is a difference compared to what people may have
perceived as legacy SOAR. I don't disagree that the category is evolving, but I think AI and LLMs
and all these tools are just part of that natural
evolution of automation. Yeah, I 100% agree, right? So I work with a company that does some
automation stuff around detection. And they haven't tried to rebuild the detection stack,
right? Because that would be pointless. What they're trying to do is instrument your existing detection stack and apply some basic AI decision-making to fairly predictable sequences of events, which is what you're mostly doing in the SOC. rebuilding, security and IT tooling. It's about figuring out how to get some of that
basic decision-making involved so that people can do the stuff that people are good at. I mean,
that's, you know, that seems about right. Yeah. Yeah, absolutely. And I think, you know, there's,
there's sort of an interesting analogy to just, you know, the overall evolution of compute
generally. You know, like despite my youthful good looks, I have actually racked
and imaged a server, right?
Like this is, you know,
in the battle days
when that was all you could do
in order to, you know,
bring a website online.
And then, of course,
we saw virtualization
and we saw the first generation
of cloud platforms.
And then we saw serverless.
And, you know,
if you saw a VP of engineering say,
well, serverless is the hot new thing.
We have to ditch. EC2 is dead, right?
The only thing left is Lambda.
You'd have looked at them with a little bit of confusion, I think, because, you know, really strong engineering teams understand that there's a time and a place for each of these different pieces of tooling.
And it's how you combine them that actually provides value, right? And so, you know, from an automation perspective, being able to, you know, have AI, you know, maybe make a prediction for you, but then call a,
you know, deterministic workflow in response, right? That blend, I think, is very, very powerful.
And, you know, one that, you know, if you just said, hey, only AI, right? I think you'd run
into a little bit of disappointment. Now, there's two ways that I know you're using AI.
So there's the chat service thing, which as I mentioned, we demoed with Owen. But there's also,
you've got like an automation action in your normal times automations, which is now LLM driven.
So you could throw like a bit of data and a prompt at it and take the response and do things with it.
I guess one thing I'm curious about is that's actually been around for a while now. bit of data and a prompt at it and you know take the response and and do things with it i guess uh
one thing i'm curious about is that's actually been around for a while now where are people most
applying that you know and and what are they asking you because i'd imagine there's some
things they want to do that doesn't quite work and they would be asking you like can you make
some changes here so that we can get this thing to work like where are people most clamoring for
more automation,
sort of AI driven automation? Because I can't actually think of a better vendor
to answer that question, to be honest, given that you just Swiss Army, you know, automation company.
Yeah, I mean, we are always just perpetually surprised and delighted by what our customers
actually do with the tools that we build. You build. I think one of the most common use cases that we see,
particularly for AI within a workflow,
is what we call our automatic transformation mode.
If you've ever had to move data from one format into another,
there can be a lot of painstaking,
looking up different data formats and all that sort of stuff.
And so when we say, hey, automatically transform this, right? Take this input,
output a JSON blob that has maybe these three fields in it. And, you know, by the way,
the AI is not actually trying to do that in real time. The AI is generating Python. And so your
deterministic Python transformation is what actually runs. But like, I didn't have to figure
out how to write that Python. The AI did it for me. Right. And I can validate that the outputs are what I expect.
And so that's a use case that we just see getting, you know, pretty massive traction across the
board. You know, because yeah, data transformation, moving stuff from one system into another,
everyone has to do it and it's everyone's least favorite task.
Well, and it's time consuming too, because it's just, it's a pain. It's a pain
in the you know what? Exactly. Exactly. You know, we also have, you know, sort of a more traditional,
you know, just prompt the LLM and, you know, see what output it provides. And, you know,
one of the use cases that I think it's been pretty, for is around understanding the intent of everything
from I need help from the security team
and maybe you have that being routed
to one of five different parts
of your security organization, right?
And people can ask questions
in very slightly different ways.
The LLMs are really good at interpreting that nuance
and rules-based, click this dropdown
to get this exact help from the security team. Not so, you know, not so useful, you know, processing and categorizing
phishing emails. Right. So like where it comes to, you know, just this, Hey, interpret this data for
me and help route it to something based on your classification of it. Super prominent LLM use case
for us. So when Gartner talks about the death of SOAR, what are they saying is actually
dead here? Because, you know, we've already established they're not saying that orchestration
and automation are dead. Are they just saying that the existing solutions that don't use,
you know, LLMs and whatever, that that's the thing that's dead? And if so, why have those
solutions not succeeded? Because I think it's actually fair to say that as a category,
it didn't quite go where people hoped it would, particularly the people who own those companies,
right? It didn't quite take over the world in the way that perhaps people thought it would.
But what did they mean, really? Yeah, I mean, I think that's a fair take. And, you know,
if you look at some of the things that, you know, next-gen SOAR has learned from, I mean, I think that's a fair take. And if you look at some of the things that next-gen SOAR has learned from what I would sort of classify as legacy SOAR, which might be the using like pre-built integrations, you're going to have a really hard time being successful automating with that.
But that's okay.
They usually come with an integrations builder that you only would need to study for four years to get it to do anything useful, right?
Yeah.
Just here, learn this scripting language.
Yeah, or learn this scripting language, you know? Yeah. And I think the other mistake
that they made was focusing only on the SOC. And like, don't get me wrong, the SOC team is probably
one of the most overworked parts of any security organization, alert fatigue and analyst burnout
and all those sorts of things. You know, but one of the things that we've learned is that there's
a huge appetite for automation beyond just the SOC team and that the SOC team actually benefits when, you know, say the IT organization is using the same platform as they are.
Because IT has to deal with resetting passwords, right?
And, you know, provisioning and deprovisioning user accounts.
You don't have to build that automation yourself, right?
You can leverage, you know, IT built the password reset flow because people forget passwords.
Awesome. I can also use that in my incident response workflow if I see a compromised user, right? There's actually network benefits from getting more and more teams using the same
automation platform, which again, I think it involves, you know, being a little bit more
neutral about, you know, where and when you integrate into all these other platforms.
Yeah. I mean, I think the difference is, right, like Saw previously was like,
we build a platform that does the thing. And I think this newer approach is we build an engine that tells the stuff you've already got what to do, right? I think that's probably one of the
core differences. Yeah, absolutely. And I think at the end of the day where I see this as an evolution is, you know, one thing still holds true.
If you have a bad process and you automate it, that doesn't make the process better, right? It
just means you get a bad outcome more frequently. And so, you know, I think people that are looking,
whether it's traditional SOAR, next-gen SOAR, whatever you want to call it, if you just sort
of go in saying, you know, well, we bought the platform, therefore our problems are solved. Again, I think you're
going to be a little bit disappointed. So look, you've described some of the run-of-the-mill,
you know, use cases here, like, you know, transforming data from one format to another,
you know, getting stuff to put into a nice tidy JSON blob that can be ingested over here and
whatnot. And phishing is a huge one. I was
expecting you to say that one first, actually. But what are some of the, I'm sure there would
have been a couple of exotic use cases that have popped up by now. I'm just curious what they've
been and stuff that like maybe one or two customers have done where you thought, geez,
everyone should be doing this. Can you think of any of them off the top of your head?
I mean, I think in general, you know, tying things maybe back a little bit to workbench here is,
you know, the way we've seen people using LLMs is as a tool for iteration, right? And like,
having that workbench conversation, we actually recently added the capability of turning a
workbench conversation into an actual deterministic workflow. And, you know, I think some of the use cases that
we've seen coming out of that, right? Like, hey, I don't, I literally, you know, I honestly think
that some of the boring use cases that come out of this end up being the most fascinating. Because
when a tool is boring, it means it's actually useful for your day to day job, right?
It means it's boring for the robots, not for us.
Exactly, exactly.
Let the machines do it.
Yeah.
And so the ability to empower people that, again, have maybe never interacted with the
AWS command line before are now able to do incident response in AWS, right?
Because the AI is helping them generate those commands.
And then you can turn that into a workflow, right?
That your senior analysts can validate for you that it's doing what you actually expect
it's going to do and we'll do it every time. So I think to me, just seeing the ability
to unlock that ability to go from like, hey, I have an automation idea to I actually have
something that is like validated, tested and in production without sort of like background,
deep background knowledge of that system. That to me is the coolest thing. And we just see it
applied across so many different tools. All right, Matt Muller, thank you so much for joining us for that
conversation. All really interesting stuff. And yeah, I can't wait for the Tynes all singing,
all dancing robot army to take over the boring work. That sounds great. Likewise. Thanks so much,
Patrick. That was Matt Muller there from Tynes. And they do all sorts of awesome automation stuff.
And they're plugging AI into their tools in a not insane way,
which is really cool, and you can find them at Tynes, T-I-N-E-S dot com.
And that is it for this week's show.
I do hope you enjoyed it.
I'll be back soon with more risky business for you all,
but until then, I've been Patrick Gray.
Thanks for listening.