Paul Eckloff was a US Secret Service Agent for 23 years. 14 of which were spent protecting the US Presidents. Before that? Paul was a High School Teacher. Today?
Paul is one of the top leaders with Lexis/Nexis Risk Solutions.
Topics discussed: us secret service in action, ai effect on national security, us secret service approaches, ai powered social engineering, how ai helps defend against cyber crime, and how we defend critical infrastructure.
Try KiteWorks today at www.KiteWorks.com
Don't Miss our Video on this Exciting KiteWorks Offer!
Try KiteWorks today at www.KiteWorks.com
Don't miss this Video on it!
The Most Secure Managed File Transfer System.
Paul Eckloff was a US Secret Service Agent for 23 years. 14 of which were spent protecting the US Presidents. Before that? Paul was a High School Teacher. Today?
Paul is one of the top leaders with Lexis/Nexis Risk Solutions.
Topics discussed: us secret service in action, ai effect on national security, us secret service approaches, ai powered social engineering, how ai helps defend against cyber crime, and how we defend critical infrastructure.
Try KiteWorks today at www.KiteWorks.com
Don't Miss our Video on this Exciting KiteWorks Offer!
Try KiteWorks today at www.KiteWorks.com
Don't miss this Video on it!
The Most Secure Managed File Transfer System.
Paul Eckloff was a US Secret Service Agent for 23 years. 14 of which were spent protecting the US Presidents. Before that? Paul was a High School Teacher. Today? Paul is one of the top leaders with Lexis/Nexis Risk Solutions. Topics discussed: us secret service in action, ai effect on national security, us secret service approaches, ai powered social engineering, how ai helps defend against cyber crime, and how we defend critical infrastructure.
Dino Mauro (04:02.214)
Come join us as we dive deeper behind the scenes of security and cybercrime today.
interviewing top technology leaders from around the world and sharing true cybercrime stories to raise awareness. From the creators of Vigilance, the newest global technology newsletter translating cyber news into business language we all understand. So please help us keep this going by subscribing for free to our YouTube channel and downloading our podcast episodes on Apple and Spotify so we can continue to bring you more of what matters.
This is Cybercrime Junkies, and now the show.
Topics: us secret service in action, ai effect on national security, us secret service approaches, ai powered social engineering, how ai helps defend against cyber crime, how ai helps cyber security, how we defend critical infrastructure, how ai used in cyber security, how cyber crime uses ai, us secret service driving cyber security, ai in cyber crime, us secret service role in cyber security, us secret service view of physical and cyber security, how physical security impacts cyber security, how physical security effects cyber security, physical security issues in information security, physical security issues in cyber, physical security dangers in cyber security, federal law enforcement challenges in cyber security, newest risks in cyber security, new risks to cyber security from physical security, new risks to cyber security from ai, importance of data sharing in law enforcement, , social engineering risks to national security, social engineering lessons from us secret service, ai powered social engineering tactics, ai uses for critical infrastructure,
Dino Mauro (04:51.149)
can only imagine where this conversation is going to go. So welcome everybody to cyber crime junkies. Today is an episode unlike all episodes. We are joined by a seriously a living legend. So Paul Eklop was a United States Secret Service agent. That's a United States Secret Service agent who's willing to talk to me, which is phenomenal.
Right there and then we should just end the show with that sentence and that's it. But you were, and correct me if I'm wrong, if I get my dates wrong, but, or if I do terrible at math. But as I look at it, it looks like you were a Secret Service agent for 23 years and 10 of those were spent, or even possibly 14 of those were spent protecting the most important people on the planet. And before that, what's really interesting is that you were a high school teacher.
So today you're one of the top leaders on the planet today in information security, working with LexisNexis Risk Solutions. So Paul, Mr. Eklav, thank you so much for joining. Welcome to the studio. Thank you so much for having me. I'm sorry to interrupt you there. I just wanted to tell you the reason that as well when you talk to you is the Secret Service needs to speak to you about something. We'll talk about it. Oh, Jesus. I'm from the government. I'm here to help.
You're way too like just as soon as you said it to like I knew it was a joke but like the hair on the back of my neck went up and I was like started to have an anxiety attack. I'm like, oh man that is not what I want to hear today. Today's been a day. I understood. Thanks for having me. The work that you do on cyber crime junkies to distill these concepts that are so incredibly complex and honestly they don't need to be.
But that reminds me of my high school biology work, that it, to explain things. And it's not dumbing it down, honestly. It's making it digestible because they are such critically important issues. Cybercrime, it affects all aspects of every American's life, whether they want to admit it or not, or think it's the realm of nerds. And I will ask you to maybe insert a nerd alert flash with the klaxon from Star Trek or Star Wars noise, because I don't want to alienate half your listeners.
Dino Mauro (07:10.957)
when I speak because that's the rabbit hole. That's hilarious. Well, thank you for that. I mean, look, and then I'm humbled to hear that from you. I mean, look, I think it's important. I think it's important to do even outside of cybersecurity. I think just technology initiatives, digital transformation, things like that even business owners aren't necessarily technical, but they know they need things to happen.
And in today's world for them to happen, technology is involved. With cybersecurity, we have to make sure that we can do those things without being torpedoed, right? Without uninterrupt, like unanticipated harm coming from us. And the fact that we use technology for everything isn't great for, for crime fighting, right? I mean, it's really, it's really a lot, a lot more difficult to police because every time we get online, we enter.
the you know uh... a territory that is no longer kansas anymore absolutely and we also have to realize and this is something that as a secret service person who can shut down a city for an nsce for security event we also can't move the pendulum so far that our systems are not accessible to the users and we also can't burn the boats cybercrime is digital piracy but you don't outlaw boats
uh... built by governments they're built by individuals you can innovate they've been around you can't you can't be extreme there's that there's there's a balance there between privacy and security and at i'm not a believer in absolutism i think there's a spectrum of all these things are that every complex venn diagram i can understand but you look at that's just how society seems to go they have at one and this is sad i'm gonna get a lot of hate mail
But one myopic turtle send him send me all and I'll get together with Brett Johnson and we'll go through your mail. That's all. And you don't want to run afoul of Brett. I can see you service. Try to learn the hard way. That guy knows more than anyone in this. But they want myopic turtle jammed a straw in its nose. One sea turtle jammed a straw in its nose. And now we all use sippy cups at Starbucks.
Dino Mauro (09:30.221)
Like, I'm not saying single use plastics aren't a problem, but how do I know this turtle didn't have a drug problem? I mean, it doesn't even have thumbs and it got this straw on its nose. You don't look at a junkie on the street and go, you know, oh, well, we're just going to have to ban syringes. I mean, maybe that's a counter, maybe that's not a popular opinion. I think that turtle had problems. Yeah, I think that turtle grew up in the, in without the right.
Without the right parenting guidance or without some some belief in higher cause but you know I see the turtle at my 12 -step meetings. He's doing okay. He's doing a little better today. Awesome. Yeah, his eyes are still all teary with the saltwater. He is his shells a little drier now, but he's doing well Good. Good to know. Let's talk about your origin story Paul. So, um, I
If you can't tell, Paul should have a stand up show, which honestly, a stand up comedian who used to be a high school teacher, and a US Secret Service person, that is a show. Like, I'm just letting you know, if you're ever thinking about it, I will manage you, I will be there, I will, I will set the dates for you. Like that is a phenomenal, like think of the material. Oh, my God. I you like the wrestling.
manager, the old guy that had the mullet and the trash racket. I forget his name. I want someone like that. I am the Forrest Gump of professionals. I've literally had almost from scuba diving for fish for aquariums around the world in college. I was going to be the next Jacques Cousteau, as you can see. Okay, so back up. That's what I want to ask you. When you were a kid, and I'm not saying when you're six years old, but when you were a young adult,
going through school, like, did you know, like, I want to protect the President of the United States? Like, if somebody goes after that guy, I'm jumping in front of them. I'm checking out a car. Like, is that what you were thinking? Or like, you wanted to be like a scuba diver, right? Like what? Let's go back to what you were thinking when you were because I try and explain this to my kids that are that age now and say,
Dino Mauro (11:53.111)
It's okay. Just learn along the way because 20 years from now, you're going to be doing something you have no idea what you're doing. You can completely pivot. I was raised in a military family around the world. Okay. I did see President Reagan from about 400 yards away when he recommissioned to the New Jersey and Long Beach. Very cool. I thought that was cool. He wasn't a bad president, I'll tell you, but let's not go there. Let's not. Well, he played a Secret Service agent in one of his most famous movies. I know. He bankrupt.
I know.
Dino Mauro (12:49.451)
And in order to feed your family as a marine biologist, you literally have to eat the fish you're studying. Like if you want to train flipper, you got to share the bait because it's not a highly paid thing. I realized if I could be a teacher, because I like to talk and tell stories and you can judge whether they're any good. If I influenced two kids to be scientists, I could double the impact I could have had. And so it was sort of profound for me, not that I was a very profound college student because I wasn't. I had a mullet and.
Now, because I went to University of Miami, I had a lot of skin cancer, but I pivoted to education and became a teacher. I was a teacher. Do we have photos of you having a mullet back in the day? They may exist. And if one appears on the show, you'll hear from my lawyers. That would be phenomenal. If I could just insert, I'll use AI to regenerate one. I'll send you one. It actually is kind of funny and I'm proud of it. That thing looked good, but this is what God does to mullets. He's like, oh, you want hair on your back?
Now that's the only place you can grow it. That's hilarious. So how did you, okay, so you were, which makes sense for that transition to go from that interest to teaching science in high school. That's a normal transition. We could see that one coming. How did you go from being, because we've had other teachers that became FBI agents, Darren Mott and Nancy,
Um, Aguilar, uh, like they, they both transitioned into the FBI from being a high school. I still was blown away by that story. How did you go from high school teacher to secret service? Did somebody like tap you and go, come here. Like we have a plan for you or was it like you applied and you went for it? And, and I want to know why. Like it's the story is I was teaching biology at the time in rural Georgia.
and struggling to reach what they call the middle 50. They're not brilliant, they're not gonna go to college, they're not special needs in that sense. But these were just average good Americans. You teach them a science, it was applied science. And the county bought me this applied science set of paperback books and it was like a month on water. You can only talk about water or this is physics and I was just so bored and being arrogant enough, I told the principal, I said, these are terrible.
Dino Mauro (15:11.053)
And he said, well, if you think he's so smart, write your own. And I went, is that an option? So at the time, those Dr. Michael Bodden videos on HBO and those types of things, autopsy, it interested me how science was used to solve crime. So I thought if you want to get their interest, you don't tell them about water. You talk about these shows that they're watching where, you know, nothing but a torso is found in a lake and how to get the...
different things. So I studied forensic science myself. I ordered books. I may or may not have called publishers and said that I was a forensic science instructor. And so they sent me books and things. And I stayed a chapter ahead of the students. We did a unit on forensic entomology, ballistics, bloodstain pattern analysis. All while you were a science teacher. While I was teaching biology, I got them to allow me to teach this applied science as criminology, criminalistics. It's now a four year course.
It is. This county in high school science, they teach whole units on it from this little thing that I started. I mean, we literally would take a chicken from the grocery store and stab it. And then I would put it by the air intake for the math wing, knowing that I could take them out every week and show them the different insects that arrive. Stab wounds close up, but they seep fluid. So ants are the first things to arrive and they drink that fluid. So if you go to a corpse and you see, you know, if there's a
a real forensic entomologist who wants to correct me, you can see the little ants in there. That's where the stab wounds are that you can't see. And then different insects arrive at different stages. If you pull off and fly at a certain instar larvae, you know it's been there a week. My plan, by putting it by the air intake for the math wing, which was rather evil, very Mr. Burns -ish, was that it wouldn't smell real great in the building, so they'd send someone out to check it. He'd be disgusted and kick the body.
then I could take them out and go, these species of insect aren't found in the sunlight. So this body was moved. It was devious and it worked out. Oh, somebody moved the body. Somebody moved the body and you could tell by the types of insects. It was those kinds of things that a 10th grader and 11th graders, they were fascinated by. We're learning about, you know, the angle and, you know, hydrophilic and hydrophilic. you started to get into that, which is a definite precursor to law enforcement.
Dino Mauro (17:30.061)
Well, and specifically a unit on security paper. I came upon a unit on how security paper is made to prevent counterfeit money. And I would have them design their own currency poster board size. So I didn't get in trouble and draw it and had to include three security features, whether that was micro printing, watermarks, the hologram, whatever hologram type things. And in doing that, I learned and studied about the secret service and it struck me at the time.
that I should apply, it fascinated me. I was either going to get a degree in forensic science or go in federal law enforcement. And that's what landed when I called the office in 96 in Atlanta. They were in the middle of the Olympics and didn't have time. I took their test and being a huge nerd did rather well on it. And the rest, as they say, I got to walk through history with. That's phenomenal. You served with, I mean, you were in the Oval Office or on presidential detail for 14 years or so.
Yes, I started in 05 under President Bush 43 on the president's detail. I started in 98 under President Clinton, but starting on PPD and 05 and eventually when I finally left, it's around 2019. I progressed through the years doing just about every assignment and left as the detail leader or assistant special agent in charge of President Trump and President Obama for almost four years as an ASAC. Best job in the Secret Service.
Wow. And so you were traveling the world, you were, you, you and I have spoken previously, obviously not on air, but, um, yeah, I mean, you've had, uh, I think you said it once, like you, you were in all these different countries throughout the middle East. Some of them are, you know, very dangerous for Americans to be at all in one day, but yet getting online scares you more now.
Well, I would say to the average American, and it is funny because I've told people that now that I'm a director of public relations for just an amazing company that works with government agencies, I'm far less comfortable than I was at the presidential palace in Kabul where our motorcade route had been hit with IEDs the day before, or carrying a gun in Ramallah in the West Bank. You to step on toes.
Dino Mauro (20:22.317)
because you hear the word cyber. Most people tune out because it's the realm of nerds or cyber. It is. They think all hackers are like kids in hoodies, cracking code, drinking Red Bull, living in their mom's basement. And it's like, it is organized crime. Like it is the movie The Godfather. When it covers every aspect of our lives. Most people have no idea where cyber, do you know where cyber even comes from?
No, I didn't go down that rabbit hole. What? Where's the word cyber come from? I was fascinated people instantly hear it and they do this. Please. Sound probably. Of course I do Paul. Let me tell you the history. The epitomology of the word. No, I don't know. So tell me trigger nerd alert once again, klaxon sound from Star Trek. It fascinates I looked into it. Cyber.
was first coined cybernetics in 1948, the study of animal and machine control. It comes from the Greek word, just 2 ,500 years old, kyvernetus, which means rudder, pilot, or control. So cybercrime, what is cybercrime about? It's about taking control. And what's cybersecurity? Taking control back. It's so simple, beautiful, a concept, but that it's a 2 ,500 year old concept.
I mean, like the first species right here on cybercrime junkies today that was far. Yeah. And today way low on the evolutionary tree. Paul swings from his family tree. I've seen my 23, man. It's not pretty. So, so you bring up a good point. Um, and that is your experience was with physical security and that it naturally involved, I mean, back in 98, not to dis on the technology of 98, right? But.
Back in 98, cyber crime and cybersecurity wasn't what it was today. And the realm of physical security was clearly paramount. Now you have both, right? Now the realm of, I mean, we see ransomware attacks leading to deaths, literally, right? Proximate cause of a death are certain ransomware attacks. So you're seeing the digital criminal activity directly affecting the physical.
Dino Mauro (22:44.403)
realm now. So the physical security and cyber security walk us through what you see to be some of the biggest dangers for Americans, Canadians, Australian, you know, the Western civilization. No, absolutely. And at its core, the biggest threat are nation -state supported actors. Certainly. when you look at it... Most organizations, most people don't have to worry about that. I mean, the
They do like, you know, we always talk about the largest healthcare breach was Anthem. And we always ask people like, how much, you know, how much do you think all that data sold on the dark web? Right. And, and then they're always shocked to find out it never was because it was actually espionage. It was a nation state. Absolutely. And most of these things, what are interesting, your biggest cyber actors with China, Russia, North Korea, and Iran.
The average person does have to be concerned about it. The interplay or interconnectedness of cybersecurity, physical security, and national security, they're really inseparable. Even the average person, when you look at whether it's consumer confidence or financial crimes and money being stolen, they're all interconnected. And at the end, no matter how strong your security, what we're finding is the majority of these hacks, the vast majority,
Are someone letting them in? Like you think about a castle defense. I'm still blown away by it. I'm still blown away by it. Yeah. I love the castle analogy, right? Because I mean, when you think about whenever I'm in meetings and my regular job, my real job, right. And, and we're talking to people, they're always talking about infrastructure and, and hardening and everything else. And I'm like, you do know.
that none of this is going to matter if Mrs. Buttermaker over on the third floor lets them in. Right. Absolutely. We have to focus on the people to me. Like that's the most important thing, isn't it? A hackers hack people. Yeah. There's very little of the old school, you know, injection SQL hacking. It still exists like war crimes or war games where they put their phone and they did phone freaking.
Dino Mauro (25:04.077)
which is another funny story. Did you know that jobs and Wozniak got their first business making illegal phone freaking machines? I actually do. And that was the book. They make enough money on it. Yeah. The book I think about it is right up on my shelf. They didn't make enough money doing it. So they pivoted to something that made more money. Yeah. I'm drawn to like Monty Python. They come up there clacking their coconuts and asked to get in the castle and he says, return and I shall talk to you a second time.
Well, that's one of my favorite movies. And when my daughter watches this, she hates that movie. So I'm so glad that Paul Eklop actually cited Monty Python and the Holy Grail. We'll have links to it in the show notes. I still fear bunnies, but it's a they scare the dickens out. They're terrible. They go right for the throat. Someone's behind him tapping that guy on the shoulder going, well, I already opened the gate. And the key to security is have the moat.
have the drawbridge, have the pornculus, so that if there's one human error, hopefully second. And what I really found fascinating, you had a brilliant episode about the psychology of social engineering. I mean, you guys were talking about the amygdala and the lizard brain and all of these things. What I find interesting is all of those triggers that lead to social engineering attacks are really, they parallel the seven deadly sins.
The Bible taught us about social engineering. If you're talking about lust or sloth or wrath or greed or envy, and I'm trying to have a little note to remember the other ones, pride, every one of them plays upon. Let me look in my diary. I think I've committed all of them. You're just hacking the human condition. You might also want to read Dante and see which level you'll be living at, which has the best cocktail bar. But these cubes, they're hacking the human condition. But I often get accused of what you're victim blaming.
What's the difference between victim blaming and victim educating? Because it really are humans. I'm not shaming them because I get five phishing emails a day. And when you add that up to phishing, vishing, smishing, now we have quishing, or QR codes. Absolutely. You don't solve any of those by wishing, you solve them by educating. Right. So that you aren't, oh, that sounds like a great deal. It's not, or.
Dino Mauro (27:18.221)
Oh, you're a really smart person. You know, wait a minute. That's how you lured me on this podcast. Well, that hyperbolic. Yeah. When you think about it, not my first rodeo in social engineering, you are devious, but what social engineering is marketing, right? The sales cycle. How do you, how do you really in your new, your new Corvette? Well, it really is social engineering, the, you know, studying marketing, like I had before, and then studying social engineering. I'm like, the tactics are
Like they use different words to describe the efforts that are made. They're identical. I mean, it's, it's identical. They are identical. It's cause everything involved. You know what I mean? Black Friday sales, like all that stuff is designed to act with, with urgency. It's designed to invoke emotions and have your amygdala hijack. It's, it's how the humans are wired. We're, you know, we,
When that happens, it's our fight or flight. It's like a wooly mammoth has entered our village and we have to fight or we have to run away. And when that happens, the brain, the frontal cortex, actually shuts off. All of the scans of people when they're undergoing social engineering, it shows the front part of the brain, the neocortex, shuts off, which means you can't remember your training. You can't recognize that
Oh my God, I shouldn't click on this. Like they do that sense of urgency for a reason. Well, and it's fascinating because it brings us back full circle to the inventor of cybernetics in 1948, which was about feedback loops in systems, animals and in machines. And I hate to break it to, we talked about, you know, the Darwin's origin of species. I hate to break it to them. We're animals and we're subject to all of these things.
How do you get someone to make a decision that is counter to their own interest? That's marketing. Like I don't need a new Maserati, but I sure would look cool in one. But if not, the only marketing works if people don't think marketing works right. When you go to the grocery store for X and you come out with more than X marketing has worked. Absolutely. And it's time to the music.
Dino Mauro (29:40.557)
Yes. The shade of the lighting, item placement. Absolutely. Look at Creighton Barrel. I remember studying how like Kmart back in the day had the exact same glass by the exact same manufacturer created from this exact same manufacturing plant in Alabama and they put it on their shelves with the fluorescent lighting on the metal shelves and it sold for X and not that many sold Creighton Barrel.
at Indirect Studio Lighting, glistening on balsam wood, right? Right at eye level, and they sold like 10 times as much, like four times the price. Like, market. It's the same thing like you go into a dress. This shirt looked really cool in the dressing room. I'm looking at it now, and I look like a third world doctor. But when this airs, it'll look great. We'll put it in post -production.
Don't you workplace it with something like a really nice tasteful. We can do any we'll get into deep fakes in just a second. Yeah, cybercrime though. I just want to add. Yeah, I think his problem we talk about hacking humans or the psychology of social engineering and then the physical security versus the cyber security and how the Secret Service sort of came to it. And I was a bit of a Luddite earlier, like you talked to my brother trying to get me to use a Tivo or when.
the Secret Service came to us and said, we have this new critical systems protection program, and you're gonna have to let those people in and they're gonna prevent the hackers from messing with your protective site. Us old knuckleheads were like, oh no, they're gonna turn the lights off. It's far more ominous. And society has a tendency to make hackers the heroes. Watch a movie and find that they're on both sides, but it's always that cool. Now there's not a procedural crime drama, where there's some cool hip guy with cool rings and braces and he's kind of quirky and he's at the keyboard and he can hack anything.
He can solve anything. We look at these people, they're lionized because of the once again, the human condition and the story of either the antihero or the David and Goliath asymmetrical warfare. We Americans, you know, we view we the British hated the fact that Americans were about asymmetrical warfare and guerrilla for shooting from the trees, aim small, miss small, you know, like from the Patriot. But then it was used pretty effectively against us in other wars like Vietnam.
Dino Mauro (32:05.709)
And now when you look at we see we see cyber actors as somehow heroes like and this is going to get political but like Edward Snowden is no hero to me. Dozens of people lost their lives for your cute notion of and somewhat childish notion of privacy and transparency. Do you need some privacy and transparency? Absolutely. And what's the smallest unit of cybercrime? It's data. And I love when people I don't love actually lose sleep over it but people just want to ban all data.
Data is wrong. People who sell are evil. Data is the only way modern commerce works. Just like you don't ban votes for piracy because it was global shipping, it was the global economy. You can't ban data because it is now the global economy. It allows your Uber to know where to go and Amazon to set the right thing. People to get affordable insurance and we can't function without knowing the data. So it has to be sold and transacted for us to get it. And you can regulate it. But much like other arguments.
It should be controlled and it is. But if you ban it or you say law enforcement can't use it, criminals don't care about your laws, which is kind of the definition of criminal. So you've got to find what is the like cyber criminals, their early adopters are the earliest of adopters. So when you think of that, that maturity, that that the scale of early adopters, the.
the laggards at the end that still want landlines, right? And dial up and cyber criminals are right at the epitaph, right at the beginning, aren't they? They absolutely are because once again, their motivators are still in the seven deadly sins. They have a greed or an envy or a wrath that they use those same inspirations within them to target other people like physician heal thyself.
They're self they're they're very self aware in many respects. Although Brett Johnson will teach you very quickly that many of them in the space are not very self aware of their bragging on Telegram or going on his podcast as a liar or all the like he teaches me more than any college class I've ever had within five minutes. Much like you're breaking the things down. We do and we just we just interviewed him last week.
Dino Mauro (34:22.093)
So that episode, I think that episode will air either right after right before this one. So people will know exactly what we're talking about. Absolutely astounding. But when you look at those early adopters, it didn't used to be that way. There isn't a convergence of technology that has occurred where it used to be that the governments only could wield the tank and rule the world. But now the tank can be rendered useless with a few keystrokes and.
When you look at that, you can go into a best buy or order on Amazon if there are any best buys anymore and get a keyboard or a laptop that's more powerful than some government systems. Like in the pandemic, many government systems still ran on COBOL, a language no one can write anymore. And they stole a trillion dollars from the US government. We've become numb to cyber criminals because we think hacking is cute. And we've become numb to the numbers.
I posted on LinkedIn, I do that a little too much, but I never even realized the word numb was in numbers. But hey, once again, as a huge nerd flash, I saw that a trillion dollars was likely stolen of the four and a half trillion that was doled out. But once again, people have billion trillion, what's the difference? So let's provide some context there, because I did want to ask you about that. So let's let's part of cybercrime is crime. When you think of fraud, right, not necessarily.
cyber criminal gangs like Black Cat that we talked to, which you and I'll get into in just a second, but we're talking about like fraud. And there was a lot of massive amounts of fraud that arose from the pandemic when the government wanted to help organizations. They wanted to help small businesses like the local in -town restaurant that had to shut down because of the pandemic. They wanted to provide some relief. So the intent was good, but there's a lot of things that happened with the government. The execution is horrible.
And so what happened here? Like what? There were a lot of loans given to people that didn't need it, like the Oprah Winfrey's or the the the jet setting group, no offense to Oprah per se, but like, like that group, and then they didn't have to pay it back. But then some of the smaller organizations did have to pay it back. But then a whole bunch of it was just stolen. Walk us through high level kind of what all happened because a lot of Americans have no idea that this even happened.
Dino Mauro (36:44.109)
Well, and it's astounding. They have no idea of the impact or how it's even caused. There was so much PPP fraud in certain major cities. What is PPP? It's the Paycheck Protection Program, which was to provide these small loans to businesses that could be paid back or forgiven. And there was I think there was around nine hundred billion dollars, eight hundred and something billion dollars in change. Billion would it be assigned to it by my studies?
795 billion dollars of that was lost to fraud, waste and abuse. And there's a difference between those three things, but they were intended and unfortunately people get into not just victim blaming or they want to blame these. The term bureaucrat has become an epithet and it is not. People look at Secret Service agents and I mean you're unbelievably kind and hyperbolic intro. Oh well they're they're heroes. Police are heroes. Well they're bureaucrats. Why are the people the hardworking men and women of
the Department of Labor or the USDA, they are trying to do right as well. They're sometimes hindered by poor political decisions, poor systems, rules that are foisted upon them. Generally, that all comes from Congress or poor oversight. But what happened during the pandemic was a problem was recognized and a solution. The answer was it just has to get out quickly.
programs used to have checks and balances, whether that was identity verification, asset verification. But the drive to expediency, the drive to get it out fast, broke a lot of maybe safeguards in built in the system. Almost all of them. Yeah. And it just didn't need to be that way. Michael Horowitz, the brilliant head of the pandemic response accountability, the prac has even said you could have had
what they call the industry friction. And I always tell my reporters to stop using because the average person doesn't get that. If I have to enter my name and a password, many government officials say, well, that's too much. It'll slow them down. Well, criminals realize it really quick. When you outlay $4 .5 trillion, people, criminals go where the money is. So they're going to go there. They were defrauded. $4 trillion. Let's talk about cyber fraud by the numbers a little bit.
Dino Mauro (38:59.981)
So 4 .5 trillion was issued through the pandemic in an effort to kind of help the economy and help the people. And it did. It did in a lot of ways. It certainly did. I know lots of people that received it and used it and used it for the right reasons and paid it back even. And then some didn't have to. So and but it seemed like there was what were the rules on having to pay it back? Is it a case by case basis or what? Because
I see people at all the different sizes and industries, some who did have to pay it back, some who didn't. To me, I can't make up any rhyme or reason. Well, there were forgivable loans under PPP, unforgivable loans under the EIDL. I don't even think I can tell you what that, the two ones out of the SBA. There's a lot of rules that if you had money, you could navigate. If you were a criminal, it didn't matter. Certainly the, you know, once again, I don't want to get enemies, but the Oprah Winfrey's and the Kanye West and the Tom Brady's.
and the Bruce Springsteens who took PPP loans clearly didn't need them. Did they violate the law? No. But that's where you start to get like in this prison of two ideas or the bias of the binary of not a lawyer, but a mala and say versus a mala prohibita law, things that are inherently evil and wrong and things that are wrong because they're prohibited. And there is an overlap there though, because society can change its minds on things. Cybercrime clearly at its intent falls under mala prohibita, but you can.
As you said, a ransomware attack on a hospital or a children's hospital, which is unconscionable to people like us, is done every day and they've actually returned to it. But the fraud that was lost and the amounts and the impact home prices went up, fraud in the SNAP program actually means food costs 15 to 20 % more. So by trying to, I mean, no one can argue that the hungry deserve food and we should provide these services, but there's no correlation between the amount spent and the people fed. Criminals.
take from it I don't want to highlight that one but any number of them and when you look at the numbers I'm astounded because people you hear a billion a trillion what's the difference and I probably said this too much lately but there's an enormous difference a billion seconds ago was 1992 and my glorious mullet that we talked about a trillion seconds ago was the woolly mammoth you brought up it's 29 ,000 years ago that's the difference between a billion and a trillion that is a great analogy
Dino Mauro (41:23.309)
So when we talk about the difference between a billion and a trillion, whenever you're looking at numbers, it's a great, that's a great. One is 30 years ago. Once 30 ,000 times years, years ago. And it astounds me. But as we talk, I pivoted mainly to fraud because that's mainly where I focus. But cyber crime in general, you know, these tools that were developed, some of the earliest, well, the first cyber attack, I think was before any of it existed like 1841. Correct. The other ones, they were tools.
that weren't intended to cause harm. The first creeper worm was supposed to creep around the internet and figure out its size. But it went a little crazy. Even back in the 80s, in more modern times, back in the 80s, there was somebody that was at a, I forgot, I think it was Health and Human Services, or it was like an AIDS conference, and they sent out the disks, right? Like, here's this, and it encrypted like 20 ,000 computers. And I'm like,
there were 20 ,000 people in the eighties that had computers. I didn't even know that. But, but, but I mean, it was the, like the ransomware, like they, or whatever the, the, the virus spreading, the malware, they were doing that 40 years ago, 50 years ago, hundreds of years ago. Right? Like it's, it's just leveraging advances in technology for malintent. Really? Yes. And that one was to prevent piracy. So,
but it caused problems. Like you start with good intent. And this is to, uh, it was a thought that, um, the director of the secret service took away from a meeting with a hacker, kind of the one man's, uh, malware is another man's software. It's kind of like, you know, you can build or destroy with a hammer. Um, and then you can start getting into other debates. I don't want to bring up cause they're politically sensitive, but you look at these cyber attacks and the bleed over to national security or physical security is astounding. Like one, I think one of the first,
Well, it bleeds over micro and it bleeds over micro, right? You have cyber criminals and the ones that are in the news are the ones that are going after either government entities, organizations, hospitals, private industry, names, brands that we recognize. And those are the ones that we talk about often. Those are the ones that are in the news. But then on the macro level, you've got cyber criminals, you know, running.
Dino Mauro (43:46.113)
you know, human trafficking and child predating, predators. And, and, and that's at the micro level. And then at the macro level, we have national security and both of those extremes is where it really matters, at least to us. Like, and people don't understand either, like the solar winds hack. You know, that's a huge example of, of a supply chain attack. Yes. Well, how did it start and why? Well, it turns out.
And I'm probably giving us something I don't have any special knowledge, but from looking at it, you know, history doesn't doesn't observational knowledge, everything gather up through OSINT through OSINT. SolarWinds was was a Russian born cyber espionage attack on the United States government. It wasn't intended to, you know, through the Orion software to impact businesses necessarily, except like in Russia and China.
the state and the nation's interests are 100 % aligned. In America, we have this separation of, you know, not only church and state, but everything is separated. It was intended, and you haven't heard a lot about its effect on government, not an immense amount on its attack on government, but emails disappear from the Department of Defense, emails disappear from the Department of Homeland Security. You haven't heard a lot about it because I think it had a greater effect than people are aware. They went in there and they were able to reverse some of the things, but it's possible some of those things still exist.
And that gets down to dwell time. The average cyber attack only has a dwell time of, I don't know, is it hours? 48 hours, dwell time for it? During the time of the actual launch, yeah. But then there's also the getting inside a network and moving around and gathering up all of the research and espionage that's done before. And that's anywhere between four to six months still. So it all kind of depends.
once SolarWinds, they were inside 14 months before they really did anything. And I mean, the Buffalo Bill running around in the skin of all these companies and the government. And you've got to wonder with, I mean, you know, they had systems, they had detection systems. How did they not? I mean, did they not have a sock monitoring for anomalies doing threat hunting? How did they not see it? But, you know, that's a different story. Well, they didn't deploy the malware and they actually were inside for
Dino Mauro (46:06.221)
probably at least six months before they did a test injection. And what they, from my reading, what they did was normally the communication back to the kybernete or the controller in these attacks is done outside or it's an anomalous signal that can be detected by these socks. The solar winds hack was so devious because the Russian, I don't know whether it was, what are the two main ones, Cozy Bear and. Yep.
once the government, or once the intelligence, once the military, there's a couple of bears there. It was hidden as normal network traffic. So it's, they were able to disguise it amidst normal things, you know, a very, a very Odyssey and hanging to the bottom of the sheep as it walked out of the cave, you know, of the monster on that island. But you look at these things in the way that these governments are able to do it, whether it's, you know, Iran,
or one of the more devious uses of these cyber attacks. Obviously, there was a hack of Ukrainian systems in 2015 that they haven't really, they know it's Russia likely, but it probably was a precursor to Crimea, a precursor to what we've seen now. And they even know, this really terrifies me, in the heinous Hamas attacks, they actually hacked the warning system.
that Israeli citizens received of incoming missiles so that they wouldn't get any warning this attack and they would stay where they were when the attackers came in. Yep. I remember reading about that and reporting on that right after it attacked because people were like, well, why would we worry about, you know, cyber attacks when things like that happen? I'm like, cyber was happening as part of that. Like it's part of the reason it was so bad physically for the people on the ground is because the cyber defenses were rendered.
You know, I mean, there's a lot of countries out there that have a lot of defense systems where Israel is. This isn't a political statement, but where they are, they have some of the best because they have to write. They're surrounded by enemies. So they had those warning systems in place. They were just essentially decommissioned right. Right. As they launched one, what's even more terrifying is you can talk about active attacks. But when you talk about.
Dino Mauro (48:27.693)
Preemptive attacks. I don't I'm not a big fan of the word proactive because either actor you don't you can't do but that's another etymology It's that's a mark alert alert, but that's marketing When you look at countries that are doing preemptive cyber attacks in anticipation of potential conflict China has hacked into the infrastructure in Guam because Guam would be the primary center with its base at Anderson Air Force Base And you have a gotten a bay with the Navy down there?
would be the primary response for the Pacific fleet during any conflict in the South China Sea, Taiwan, any of that. So they packed into that. Hearts and minds, they reach into the systems. And that's another story. But when you look at the shipping of the infrastructure that would be required for any type of physical conflict, there are these cranes at all the ports that would load the military vessels.
are all under the internet of things under Chinese control as far as we know. But that's... So you bring up a good point. And so I want to address a couple of things. One, critical infrastructure. When people talk about shoring up our critical infrastructure, people think of our nuclear plants or these big systems. But a lot of America's critical infrastructure is the local water plant. Yes. Right? And they don't have a chief information cybersecurity person on staff, most of them.
Like they don't even have basic systems a lot of times. They are funded by small city governments and county governments. That is probably where some of our most vulnerable situations exist, don't they? Absolutely. And we've seen a hack of the water system in Pennsylvania. Yeah. We've seen it in another location where they went in remotely and changed the percentage of salts and fluoride and chlorine that were used in the water.
And what they raised it to from my end, if I'm incorrect, correct me, but they raise it to a level that would be relatively deadly. Now I know the LD 50 on chlorine is probably very, very high. You'd have to drink straight bleach to really get injured, but they. Doesn't everybody drink straight? Oh, nevermind. I'm not going to go down that political rabbit hole either. But the, they were able to hack into those things. And because of a number of reasons, most of these systems are online.
Dino Mauro (50:51.053)
And once again, you hear Luddite arguments like you hear around data is that, well, we should just pull them all off online again. Well, you just need redundant systems. The world will, you cannot put Pandora, you know, bot, you can't, everything's out. You can't, you can't close these things. And they're critical. These, these operational technologies and the internet of things. Now it's not always as devastating as people think. I remember having all of this horrible training. If you're, for those of us old enough to remember Y2K, how horrible it was going to be.
And my joke was like, why does my microwave care whether it's 1900? Is it suddenly gonna go, I'm not invented, I'm not working? Like it's, there's times when it mattered and times when it didn't. They just didn't add four zero. I was involved in a lot of technology then I still, I was able to formulate an explanation of it generally, but I still personally never understood it. I'm like, what, like how is it really going to stop working because it doesn't know the right date? Like I don't like.
But what's the thing? It's like 1854 and we're going to actually, you know, it's not, well, we weren't invented then we have to shut down. Like what, like it was still going to work. And then Y2K happened and everything was fine. Correct. And it wasn't, I mean, there were, I'm sure there were some impacts in some of the work, but once again, that gets to the overreaction. Yeah. I want to ask you about this. So today's cyber criminals.
the ones that are always in the news. When I say in the news, I'm talking not the geeky tech news that you and I might read constantly, right? I'm talking about what every American is seeing on the news or seeing on Facebook and seeing on Instagram and LinkedIn and everything like Black Hat, Lockbit. These are cyber criminal gangs. They've evolved so much and they have, they're not state actors, but their software is designed.
to not work on organizations that use the languages of the CIS countries, right? Like the certain Russian dialects, Iranian dialects, Chinese, et cetera, right? And then they have been involved through pairing up with social engineering groups like Scattered Spider and stuff. And some of the big hacks like the MGM breach or the Caesar's breach. What are we seeing in their evolution?
Dino Mauro (53:16.877)
Well, that evolution is interesting because you do see people who push back on the nation state narrative. You don't have to be nation state funded to be nation state complicit where the country knows is occurring. After SolarWinds, Russia came out with a statement and said cyber attacks would be against the interests of the Russian people and we would never use it. And then Putin in a speech, so well, there might be patriotic hackers that if they go after our adversaries, they would be they would be just and you could operate here.
once again, not using Russian language and going after those targets. The evolution, and we can get into AI, which is even beyond it, because before AI, what you saw was cyber crime as a service. That was huge. A huge, and we've even seen this evolve from cyber crime as a service to ransomware as a service where the average person, you can get a tutorial on Telegram or the dark web and it'll teach you how to do it. You don't even have to.
They'll just sell you the... They're not breaking the law. They're teaching you how to do it. technical. It's basically plug and play. You just have to be criminal. And you can go and launch these things. And if you're operating from a country that is not going to hurt you, so long as you don't do it against any of the organizations that they have an interest in, you're fine. And you can make hundreds of millions of dollars. Well, absolutely. That cybercrime as a service, ransomware as a service.
fishing as a service is really, really dangerous because like scatter spider that you mentioned with the MGM and the Caesar's hacks, they're hard to pin down because they're a group of decentralized individuals and cells, much like terrorist cells, terrorist organizations. They have individual cells that don't communicate. They go under, they emerge. What we're seeing now, I think, like I said, once again, setting AI aside, which is
was pouring gasoline on the fire. Well, I think that is tight. And for the yeah, for the for the listeners and for the viewers, we're going to have another segment on AI and deep fake. And it's going to be Paul myself in a special guest mystery guest. So yes. It's going to be interesting because AI once again, you see people fighting it. If you're not using some sort of generative.
Dino Mauro (55:40.429)
large language model now and I don't want to just say chat GPT because it's one of many. If you're not using it now or you're saying that it's cheating then don't use a calculator or Excel for your test because it is a tool you cannot just rely on it but it is a force multiplier for one of the most important things in human interaction which is communication. It's accessible to everyone and
if you use it as a writing partner or as a tool, it's incredibly powerful to improve almost every aspect of what you do. But realize, as the earliest of adopters, criminals use it too to perfect their fishing language. Or now one of the things they probably asked Chachi PT, well, if you were a criminal, what would you invent? I noticed this new type of hacking that is, I call it, it's not ransomware, it's extortionware.
Because ransomware is like, get in and get your data, give me money, I'll give it back. Extortionware is, I catch you doing something, and I'm going to extort you for the same thing for Bitcoin. And I don't want to give them any ideas, but if cyber criminals would quit demanding Bitcoin, because I wouldn't know how to create a Bitcoin account, I don't want one. And I'm a Luddite there. But the whole history, you know, Luddism or Luddites started because of textile workers who were afraid that the loom would kill their craft and take their jobs. That's where the term comes from. Sounds a lot like writers and AI.
Now there is a potential, but it could also just make them that much better. It could steal jobs or it could create them and make more people good writers. But when you look at extortion where there's even extortion where as a service, which will come next. Well, evolution of gangs like Black Cat and Lockbit, because from what we're hearing and seeing is they're looking at, well, do we launch these mass and they chart all of these campaigns just like a big business.
But the effort that has to be involved in ransomware attacks is a lot higher. And a lot of times they're making much more just by taking the data. Meaning we're not going to lock you down. You've got a copy of your data. So we're not, we're not borrowing you from accessing your data. We're saying your data can't be publicized and we're going to publicize it if you don't pay it. And that's where ransomware evolved into extortionware. It's a subset of it. And you do see that. And it's interesting because.
Dino Mauro (58:05.325)
Even most of these hackers or cyber criminals, they have morals and standards. Even they looked at each other when they started hacking hospitals. I think one hacker group hacked the other to prevent them from doing it because you're affecting people's health care. There's plenty of other targets. Why go after a high school, releasing children's mental health records? The school has to pay because we're making them financially accountable for it.
But until hackers aren't seen as these cute kids in hoodies in the basement and seen as nation state actors that can affect every aspect of your life. And this comes back to preventing the social engineering. More humans need a BS detector and a tactical pause. If you talk about in the physical security realm, before you react, and I am once again, I'm very self aware. I call it blackberry Tourette's because that's when I discovered it.
you know i got a respond right away rather than taking a pause that jessing understanding motivations work comes from some thinking of a more coaching spots the immediacy of communications they leads to a lot of that miscommunication and if people would take that tactical pause like one of the earliest i remember using the term social engineering while briefing uh... we were bringing president obama to uh... guadalajara and i was pretty good manpower briefing and i was warning them as a supervisor of what to look out when you interact for op sack
I'm an info sec and and I said that you will be socially engineered and they all laughed because they hadn't heard the term and I said like when I go to a bar if if if a companion acts like I'm a 10 when I know I'm a to a feeler ought to go up so if you're just you know, you're being socially engineered if you're a to in America, you're not attending Guadalajara assume that someone is you is trying to get information. You're suddenly fascinating.
That's social engineering used for espionage or other purposes. But when you see that human element, no matter how cyber or how geeky and nerdy we get, it's human interactions. I can put up enough cybersecurity on this laptop that it can never be hacked. Nothing can get out. You can't get, but I probably can't use it. We couldn't be having this conversation. This stream is hackable. The data that communicates us are different accounts. It's all exploitable or weaponizable against us.
Dino Mauro (01:00:30.189)
The answer to that once again is not to eliminate it. It's to allow it to be used for good purposes because criminals already do and regulate it in some way that is dangerous to people. And just be aware of the risk and make your decisions based on the awareness of what the risk is. Driving a car is risky. You risk injury and death every day, but you still choose to do it, right? But you are aware of it. Risk awareness, risk acceptance.
What's your risk tolerance, I guess, is the term that business, you have to choose because you can dial up and down that friction, but you can't set it at zero and you can't set it at a hundred. I don't, I mean, this is not trying to delve into some really sensitive things, but the world is not binary. That it's a prison of two ideas. And that's a Greg Gutfeld. There is, there's bleed over, there's, it overlaps that pendulum. It never stays at one end very long. And we've seen our political discourse.
doing this, that used to just sort of pivot like this, with the occasional outlier. It's just swinging so wildly out of the picture now that we're governed by the fringes and we're led, unfortunately, back to cyber, many of the things you read on online about various problems or issues with the things, even the things I just said, they aren't originating with facts and they're not originating with reliable American sources. They're foreign injects to sow distrust and.
you know, concern in the American market. Yeah, it meets a foreign aim. Like I was in Baltimore for a for for an improv thing that was really good the other night. And it was funny. One of the things that came out of it was what we recommend it was a new marketing term for Baltimore. It's not as dangerous as you think. Like it's kind of it's not wouldn't be our car jackings are gentler than other car jackings. But muggers are polite. Our mugger say please. It's interesting when you look at the impacts.
and I'm a bit all over the place with it because those I don't believe that national security, physical security or separate security are separable. Because even even even one senior citizen having their retirement stolen through a romance scam is it's still tragic, stolen physical money. But it's a national security concern of because somebody has their social safety nets for that if that if that seems like the money is being gone, that money is being used to fund more criminal activity, which
Dino Mauro (01:02:54.253)
does or could I mean, it's all it's still going into the criminal element, which is part of the part of the issue. Well, absolutely. And that gets far more far more damaging than you would even suspect a good friend and coworker of mine, Andy McClenahan pointed out to me when we were looking at at snap fraud. There are documents like in Al Qaeda's Inspire magazine that refer to snap as a jihadist allowance. They're taught the jihadist allowance, jihadist allowance, they're taught how to come here.
manipulate our social safety nets to feed and clothe themselves until they have to act. In Cuba, social services in America are called lauda or the help. I think most of the food aid in Cuba comes from stolen benefits in America. It's astounding the impact that a lack of program integrity, a lack of cyber hygiene, which all overlap, can cause to an individual.
community or a nation. So as we wrap up Paul, if a individual
not an organization, but individuals that are getting online. What are some of the things that they need to be aware of? Like, what are some of the best practices that you see with all your vast amounts of experience in secret service, cybersecurity, understanding cybercrime better than anybody? What should individuals do? They can't just unplug and go camping and live under a bridge, right? Like,
What should people do? What do you recommend to people? You've got to be asked this at dinner and stuff. So what am I supposed to do? I don't want to disparage camping. I mean, it's a great American pastime. We love it and we love bridges. You can't eliminate bridges, Dave. I bridging community to come after us now. Where would the trolls live?
Dino Mauro (01:04:55.325)
It really is a good question of what you can do and it comes back to like one of my nerdy heroes Carl Sagan, he said more Americans should have a baloney detector. I was a paid paranoid for 23 years I was trained to come in a room and it's I think differently When I look at systems and I've done it in my current company I did it in the Secret Service I did it for a brief time in the intelligence community with the CIA. How do you look at something as an attacker? How would I destroy this?
And then you can put in defenses or put redundant systems in place. But for me, the number one thing is you'll notice that no law enforcement officer in a restaurant sits with their back to the door because they want to be aware and be able to respond. At your keyboard, you don't want to think that everybody is a criminal. But.
Dino Mauro (01:05:47.581)
I mean, why would you know it's kind of like I'm what another is like a quote rush I can't prevent a stranger is an uninvited friend. I have I'm not sure if that's the exact quote, but I will throw it I had to get a rush quote in a suit I would say assume the worst but have a sense that Look at the implications if you get an email that says this is the IRS and if you don't click here You know, well, you're gonna you're gonna lose your house. Don't click it. I
You can actually roll over it and see that the URL is not what it purports to be. I get five of those a day because my email is put out in press releases. Have a sense, use a little reasoning, look at things investigatively. Take that, I would say take a tactical pause. If you're really not sure, ask a trusted friend. I tactical pause because after studying the science of social engineering, a tactical pause lets your body adjust.
and gets away from that amygdala hijack and let me remember let you remember the context of your training and what they're asking and why would they do that maybe I should just call the person and verify first before wiring funds or all of our company dw2s or whatever right back to reagan and you mentioned the trust but verify take that tactical pause in in law enforcement and military
It's called the fatal funnel. When you step into a doorway in a warrant execution or when you move the president out in the public, it can be a fatal funnel. Your keyboard is that. But trust, but verify those things. Take the tactical pause, allow the frontal cortex to kick back in and think, could it be a threat? Now, don't let them play on your immediacy or your lust, your greed, your envy, your sloth. All of those things that if it looks too good at you, it probably is. But...
I know this sounds simplistic, but I would say take a moment, take a breath. Whatever they're asking you. It all gets to the root of human behavior. I mean, at the end of the day, what we're talking about, like you said in the beginning, it's not that complicated. It's part of the reason why we translate cyber because people turn off. People think, oh, it's cybersecurity. It's a bunch of geeks. It's just technology. There's a bunch of acronyms. I don't understand it. I'm like, whoa, whoa, whoa, whoa, whoa. This is.
Dino Mauro (01:08:13.591)
This is not that complicated right back to the 2500 year old root of cyber it's about control pilot right Take back the control the person who sent you the email does not have the control the cyber criminal wants you to think they do by preying on immediacy or preying on your needs or your greed or your fear Don't give the cyber person the cyber take it back take control
And just own it. You don't have to relinquish that by responding immediately or clicking the link or or or when you get a text. I unfortunately assume every text is is is errant or fraudulent. So I look at it a little better. But well, I don't know what you mean to say. You could probably get me. Joe Biden texted me earlier and said, hey, Ashley, I'm really excited about you joining me for dinner. Just like donate to my presidential campaign. I'm like, well, Ashley being Ashley.
I don't think I'm going, but you know, when you get those things, obviously, I mean, that's an obvious one. That's like the Prince from Nigeria back in the 90s, right? But some of them are really good. And that's weird. I mean, some of them are when you're working and you're at work and you use a certain platform or program or whatever, they email you from that platform. They're like, how did they know that? Right? Well, and absolutely. But people should...
Don't fall prey to arrogance either. Be self -aware. I may be aware of cyber crime and physical security. You know it more than anyone. But don't assume you can't be fooled. I could click one at any time. You could click one at any time. I know I could. I absolutely know I could. And for them wanting to hack me, I will already tell you, you would succeed. But the surprising thing is you're not going to get anything out of me. So I'm just letting you know. I laugh.
If you want to go after somebody, go after some of the people that Paul and I know, because they might be worth it. I'll do an episode on that. I'll give you some names. I'm still convinced that between you and now this is some secret plot between you and Brett Johnson to ask me my life story, prey on my pride and ego and my fear of just not being relevant. I've answered all of these questions and you've stolen all...
Dino Mauro (01:10:40.557)
of my answers. Like you probably know my grandmother's maiden name. You know my first pet. You know my car. You don't need to do any of that. We're going to use deep fake and create a re and we're going to recreate you for decades to come. That's terrifying because I should. You know, Shakespeare said it best in the Mark Antony speech, but I probably should be in turn with my bones. Any good that I do. No, it's it's it is realize that all these things are human. I think people need to to.
connect themselves to these terminology, this terminology and these ideas that seem foreign or seem too technical. And if a knucklehead like me can understand them. And me. Yeah, that's exactly right. You're I wasn't I wasn't killing chickens and putting them by the by the air vents. I didn't kill the chicken. Understood the site. We killed the chicken. Yeah, I was one of the kids that would have walked out there and kick the thing like chicken did.
I didn't kill the child. My class did not murder a chicken. We like people will be reaching out. I'll be on the chicken list. It's a bad thing. I don't need. We don't need PETA or not pet you or any of those. We don't want that pet. Yeah, not PETA. We don't want them. Yeah, we don't want them either. It's it really is astounding. Just put the humanity back into the science and that. Yes. That is the problem we have people.
the science literacy in the country, that was another thing of Carl Sagan. And it bleeds over into this, knowing your history or an interest in history. I didn't like or know history when I was younger. Now, as you experience more of it, and I've been in the room for much of it with many presidents, whether it was the Oval Office or in Kabul or in any other number of country, in Buckingham Palace or wherever I was lucky enough to be through my time in the amazing Secret Service. But in the end, it is the people prey on the human condition.
And you can't escape that. You need to have self -awareness. But that's true in anything. Like we talked about before the show. Having that self -awareness that you could fall prey to it, not judging people who do, understanding that they, their trigger may have been stronger at the time. That attack surface that moves may have had a singularity so that their guard was down or their stress. But that's the problem with some of these hackers. They'll find these people like hospitals that have cancer patients will shut down your chemotherapy machines if you don't pay us.
Dino Mauro (01:13:06.285)
Good God, those people, Dante didn't even invent a hell deep enough for those people. Right. Well, they do that because they know we have to restore those systems. You do. And there should be far stronger crimes. I think the longest, originally one of the longest sentences for a cyber hacker was like 13 years. And now I know it's getting longer. But well, there've been more and more arrests and more and more. You know, you had the the person that was involved in the solar winds.
breach person that was involved in the case a breach caught going to trial down in Texas and in other places. So, I mean, we're getting there. We just saw the one of the young gentlemen that was tied to scattered spider that been scattered spider along with black cat who we've talked about today were involved in the MGM and Caesar's breach. But he was a young person like 1921, something like that down in Florida. And they caught him.
So it'll be interesting to follow some of these stories. Well, the key to stop again is once again, getting back to data, removing investigators, criminal investigators, whether it's law enforcement or from cyber groups, removing their access to this information is not the answer. No, absolutely not. Children would go missing. Crimes would go unsolved. You've just got to take back control. Absolutely. I mean, the criminals are going to get access to the data.
How do you, it's like arms. It's like you have criminals with AK -47s and police officers with handguns. Like why, what, what? Like it doesn't make any sense. I purposefully avoided that as an example because yeah, I know. Murder is already illegal. Making some things illegal. Don't stop murder. Cause that's already illegal, but people do it. But yeah, I avoided that third rail at all costs. Yeah, exactly. So just to give everybody a taste of what we're going to do.
with deep fake and an AI because if you think cybercrime and crime and national security and personal fraud is scary Just wait until we're gonna talk more about what deep fake is doing to give them just a taste of it Can you share the story? Are you permitted to share the story of what you guys did? We're like the the business leader came out and was talking to like the national team
Dino Mauro (01:15:30.477)
You know, explaining, hey, everybody, thanks for coming to our national convention. And then by the way, I'm not even real. Uh, and then the real person came out on stage without even disclosing the company necessarily. Sure. Absolutely. AI and deep fakes are such a game changer for fraud. Cause men, it fraud and hack, not just fraud. You saw the deep fake of Biden calling the voters. I think it was in New Hampshire telling him not to vote.
Track two, a company in Texas, which is interesting, but what we did was we made a video that was identical of the leader and saying that AI is going to change the face of fraud and is something we need to embrace. And now that I have your attention, much like this, it is not really me. And now that I have your attention, I'd like to introduce the real. And I can say, I mean, Woody Talcott, who's fantastic, he's been in the anti -fraud helping children for.
14, 15 years with the company who actually using puts his money where his mouth is and puts his information analytics where his mouth is to help to make make lives better and and and partner with government to I don't know to get the services they need deserve and have earned. Yep. Well, and and it's remarkable, right? When you think about that, everybody's there looking at their leader and somebody that they admire.
Thinking wow, this is really exciting. This is great only to realize that What they're watching wasn't even real and what's what I think we're gonna demonstrate for people when we do have that and we can show some samples of it is how real it is I mean It has the intonation the emotion behind it the cadence syntax It sounds like in and we've always been taught seeing is believing, right?
And but now you don't even know and with an election coming up, I think it's a really important not to be political at all on either side. But because of the potential and the real issue of misinformation, this is going to be it's going to be really interesting as well. So look forward to that. I was receiving classified briefings in the Secret Service about the impact on politics or presidential protection.
Dino Mauro (01:17:53.985)
years before the public knew that it was possible. And if you look at the software that I use to create deep fakes, it's good, but it's not what the criminals are using because I'm hindered by laws, right? Should be and my own ethics of what I can and will create, but the voice cloning and you can do it in any language. We could take this video. Yes. It would be in.
It could be in Mandarin. It could be an ancient Greek. Yep. And our lips would move and it would be our voices speaking it. I've done it in multiple languages. It really is. It's fascinating and scary. Well, I just read that we're one of the top podcasts in the Netherlands and Cambodia for some reason. So maybe we'll just recreate this whole thing in Cambodian. Is that what they speak there? Maybe. I don't know. We can do that in the Netherlands. That would be cool, right? Pretty exciting.
It's a beautiful place great beer good waffles. Yeah, I love it No, absolutely. I think I posted something in Dutch the other day. There you go Which was interesting that gets to Stuxnet when we talk about cybercrime one of the one of the most powerful uses of cybercrime in war was the Tool that was in development since I don't know 2015 to upload malware into Iranian centrifuges so they could not You know weaponize uranium and make it visible
Oh, I didn't. Yeah, Dutch a Dutch supply chain person says that it went there in a water pump. Rather than being installed in a thumb drive. I don't know if that's possible or true. But the Dutch are certainly brilliant enough, intelligent and good looking. Oh, cool. For your Dutch listeners, but that's what they believe was a water pump that had it in it. I don't know how that works in a raining enrichment uranium enrichment facility. But that was kind of fascinating. But that's stuck snap.
an example of positive, you know, because if I rent's not getting a new gear weapon faster, I'm hey, I'm on board. Yeah, I think we all are. We all are. So it's interesting. So we will have links to you, sir, in our show notes. We will have links to you've created information on fraudster Thomas. But I didn't create him. I discovered if you don't, yeah, if you don't have LinkedIn, I
Dino Mauro (01:20:13.517)
I think our audience all is involved in LinkedIn, but if you don't just sign up, it's free. Just get a, get a LinkedIn account and follow Mr. Eklav because you will know about the state of cybersecurity, cyber crime, things like he already has months and months of content that he is already ready to go. I mean, there's so much, you're like one of my best news feeds. Like I'm.
finding out what's going on. I'm like, how do I keep up with this guy? Like, does he not sleep? That's what they say about me. And you're like, 500 times ahead. So really good stuff. So I'm telling you, so I do have to correct you. I did not create fraudster Thomas. Oh, you did not? Okay. I discovered him in a dusty library in somewhere in Europe. Okay. Well, yeah, it was probably on some mission.
Very cool, man. Thank you so much. And you know that I'm going to be in touch because I did speak with Brett Johnson, got the clips that we needed. We'll send those to you and we will have some creative fun and really go into the in -depth on Deep Fake and AI very soon. So looking forward to. I enjoyed this. I hope that you and your absolutely especially the Dutch. I hope they get a lot out of this and.
I'm just glad you cited Monty Python and Holy Grail because you have to. I know it's like it's used in so many different contexts, but my children don't value that. But who raised it? It was the first KBA. It's your favorite color. And then you're launched, if you say it wrong, red, no blue. Right. And then you're launched. It was brilliant. It was absolutely brilliant. So, hey, thank you so much, Paul. Thank you, first of all, for your service.
Remarkable. First is your service as a teacher. Fantastic. And then your service for our government. I mean, absolutely. We are so grateful. Thanks for all the work that you continue to do. You work for a phenomenal company. You know, just keep doing it. We will talk many, many more times in the future if you will continue to be socially engineered by me. And we will we will definitely talk again soon. Thanks, everybody.
Dino Mauro (01:22:36.781)
Thank you very much.