 Yeah, welcome to Z Tech Tech Talks. I'm Jay Fiedel. Today we're going to talk about cybercrime and how it has become organized. That's pretty scary. This makes things all the more dangerous and difficult for us as consumers and business. To sort of discuss this, tell us to write us our old friend from SIPAC and his security analyst, Josh O'Neill. I get that right. Welcome to the show, you guys. Hey, thanks for having us, Jay. So, you know, ABC sent around four corners extended documentary video on this until can you summarize what they were saying about how cybercrime has become organized? Sounds like organized crime, doesn't it? Well, you know, it's one of those things that's kind of like scientists have known about climate change for a while and only now are we starting to see the effects. Same kind of thing when it comes to cybercrime. It's been organized for some time and, you know, North Korea has to pay for their weapons somehow, so it's no mystery or should come as no surprise that, of course, organized crime has jumped on the bandwagon for cybercrime a long time ago. If you kind of look at the history of bank heists and how organized crime has been able to profit off of their, you know, their activities, an average bank heist, a really big, you know, kinetic bank heist would be $4 million, right? They'd walk away from a bank from pulling out Tommy guns and walk away with a few million bucks. Well, on the contrary now, with cybercrime, you know, an average heist can be anywhere from, you know, 20 million to 400 million. We've seen it upward of $600 million heist over this past year. So yes, they are organized and by the very definition of the word organized, that means that they have quotas and systems and an order chart, right? All these things that, you know, a real business has, they have as well and that's led to them becoming very profitable and very effective in what they do. In fact, on that very, on that very video that we're going to probably talk a little bit about, they even have a representative calling a victim of cybercrime as if they were, you know, as if they hadn't paid their electricity bill, like, hey, we're going to, we're going to, you know, talk to you about the terms of your payment. Just, you know, you got to just pay your bill to us, you know, that's how organized they are. And that's a terrifying thing for all consumers. And it is unfortunate, but this is on the rise 2023 is going to be the best year to date. From an organized crime perspective, they're going to make the most amount of money. And they're going to have the most number of victims and this next year is going to be even bigger. If anything, if the trends continue, which it has for the past six years. So no surprise here, Jay, but it is unfortunate. And hopefully we can chat a little bit about how these guys operate and it might help some viewers figure out or be able to identify where they are in the process of being heisted and what they can do about it. Wow, pretty interesting. They don't need a Tommy gun. They don't need to take any risk at all. They could do this and get more money in the process and really not take any risk. That's an extraordinarily attractive business. So Josh, you know, how do they do it? I mean, what's what's the preferred mechanism for doing a heist on a bank using the techniques of organized crime? So I would say every great heist has planning and endpoints. And I think it normally would work as an intrusion. So you get your first point of intrusion, which is generally can be a person that they can, they can, as you're seeing more man traps nowadays, more, more like fingerprint scanners, more, you know, all these different devices and tools now. But now they don't have to leave their house. They can do it all from a command line or, you know, they call up a salesperson, get their credentials, they act as a, you know, a higher higher being maybe they act as like a higher being like a leader of the company or that is HR. And they say, Hey, we need you to send over this paperwork or this money or whatever. And then bam, now they have you. So it's a lot of it's, I would say nowadays, a lot of it's more social engineering than anything else. That's one of the primary methods of intrusion, I would say. Yeah. And when you say social engineering, we all hear AI, right? Josh is a, he's a big AI nut. So, you know, we're going to talk a lot about AI and how it's really helping these criminals get into networks like this. And, you know, it's kind of the big unspoken elephant in the room. But along with chat GPT, there's worm GPT and scam GPT chaos GPT. Yeah, oh, I haven't even heard of that one. Yeah, that's that's new. Bunch of uncensored, large language models, like as if you go, you know, you can go into GPT and plug in, you know, how can I hack this company? And it's going to be like, you know, as a large language model, I cannot do this. But now you can build your own iteration of it, or you can build and train it with your own data. We've done this with some of our data and it's sped up some of our processes, right? I believe, I don't think AI is going to take over anytime soon, but it will make everything faster and more efficient, specifically targeting cyber crimes. You know, I've been talking about hacking for years. But now this is different. This is organized crime hacking. And I wonder if you could explain to me why we're talking about organized crime hacking and why we're making, you know, a metaphor for, you know, organized crime using hacking. Is this different hacking? How is it different that we would call it organized cyber crime? Well, I would say one reason it's different is because there is like, like Katila was saying, there's org structures, there's, they have a whole hierarchy of people. They have the bottom, you know, the bottom tiers, the foot soldiers, they have the ring leaders. I mean, it's all, it's all very organized. It's the same thing you'll see in a gang or a big, a big organized crime, right? Big, big gangs have all these foot soldiers, they have these quotas. And now it's a, you know, hacking is a multi-billion dollar industry. I mean, stealing from something else, all using, you don't have to go into a bank anymore. And Rob, you can just steal it off in the safety of your couch or desk. Well, you know, and also we imagine to some, some young person in a basement in Bulgaria hacking, and he was very smart or she, and I had the tools because he downloaded the tools from the net anyway. And he was looking at the dark web and he had, you know, he had it all in the front of him. And that's the, the profile, isn't it? Some guy in a dark basement all by himself hacking and nobody will ever find him and nobody will ever, you know, investigate or prosecute him because he's elusive at the best. But we get two reactions I want to mention. Number one is there must be a benefit in having these various layers you talk about. There must be a benefit in having this sort of business organization. It must be more powerful to do it that way than have this guy in the basement all by himself. And that's one thing. And the second thing I'd like to ask, I'm sorry to give you a compound question, but here it is. The second thing is if I have layers and I have a lot of people, you know, I'm just, just judging by all the organized prime movies that are on television all the time, there are more people, you know, to tell a story, more people to be turned by investigators to be flipped. So on the one hand, you have greater, what are you going to call it, power, business power, business, business resources by having multi layers, multi people. On the other hand, you have a greater exposure to being found out. Am I right on those points? Yes, I would say the only thing that helps, or one of the many advantages these hackers have, especially when they're organized, is they can use aliases, they can use encryption. So let's say somebody doesn't get flipped. Well, if everybody's encrypted and they all use aliases, you don't have much information on your boss or your ringleader, right? You don't even know their IP address could be spoofed, they could be, who knows, right? And oftentimes, especially with the scamming that's rampant now, they'll be in the same call centers as legitimate outsourced companies like Microsoft or Dell or whatever. They'll be in the exact same building, even, and purportedly, purportedly. Purportedly, yeah, yeah. And you know, it's also important to remember that the economy has changed. So this isn't like, you know, like you said, some nation state sponsored, you know, secret basement, whatever. These are, this is an entire industry. So there are those that specialize in certain things, like for example, access brokers. What these guys do is that they're, they're groups of folks, right, they're highly skilled and talented, and they find ways to break in the networks. So phone engineering, brute force, whatever, doesn't matter. Once they're in there, like, hey, I have access to this hospital. Does anyone want to buy it for, let's say 10 grand, right? Then who raises their hand, maybe a nation state, maybe another organized crime person, who knows, right? But they, the access broker does this. Now then the organized crime syndicate may say, okay, here's $10,000, I'd like to have access to this hospital. Now, how do we encrypt and hold for ransom the entire hospital network? Well, that's kind of hard to do, it's kind of complicated. Why don't we pay another, you know, a few thousand dollars to this other, right, bond net broker, right? And then they're going to, they're going to take care of all that for us. In fact, they even have the customer service departments that will reach out to the hospital and say, yes, you've been held for ransom. Do you need help with getting that money together? You know, that is like customer service, right? So it's an entire turnkey operation. We're not talking about, you know, we're talking literally like drive through cyber crime at this point. That's how efficient and commoditized and easy it is for, you know, what you might consider a lowly criminal, but for anyone who wants to become a criminal to go out and do this, I'm not advocating that obviously, but I'm kind of bringing to reality how organized and how commoditized and how simple it is to do this yourself. Well, you know, it's, it's just spreading, spreading the happiness too. What I mean is if I'm the CEO or the founder of a given family of cyber crime, well, I don't want people who help me in the same room physically. I don't want them in the same you know, building or city for that matter. I may not want them in the same country. I may want to have them spread all over the world. And I remember one tech guy was pretty successful. At first he was alone. And then he started to develop, you know, his human resources in other countries. And before you know it, he was in 24 time zones and, you know, talking to people and emailing them and texting them all day long and all those time zones. No two knew the others. No two, they were not cells, they were individuals. And so I wonder with modern technology, modern communications, this, this, this gang we're talking about needs to be alone or can it operate completely independently? You know, with, with numbers instead of names or monikers, you know, instead of their real names, so that nobody else knows who they are, what they are, where they are. Is this the way this is being done? Yes, I would even further to further iterate on that, I would say you, I'm sure you've heard of the Tor network, right? It is the network of the deep web, dark web. It uses, well, they haven't. So, okay, I mean, so here's perfect. I would, what do I start? So the Tor network, it's called onion routing. There's because there's many, many layers, right? Each layer has a different layer of encryption. So it's even for like the CIA, let's say, how do you take down these, these onion routers? How do you take down like a site that's hosted on them? Well, you can try to DOS, right? Probably seeing that a lot more now. One thing they will use is Cloudflare. Cloudflare can filter traffic and mitigate it. That's it. A DOS attack is a distributed denial service. Basically, floods your router switch, whatever, your hosted domain with a ton of mouth form packets. So your router freaks out, doesn't know what to do and gets shut down. That's what the government is trying to do at the moment, but there are, you know, there are ways to mitigate it, right? I mean, that's what the government is trying to do to stop them. Yes, yeah. Well, that's what they could do too. Yeah, absolutely. And what you're describing, Jay, earlier about the, you know, every time zone being a global network, that's called the follow the sun model. And guess who invented that? Legitimate companies, right? And so that follow the sun model, they say, hey, look, can we find bad guys or people who will work or do a portion of this chain of attack in every part of the globe? And the answer is, of course, yes, including in the United States. Yeah, right. Well, you know, what you describe is is actually something we have all seen in movies, movies about American spies, for example, or American spies engaging with spies elsewhere, you know, with anonymously, where they move around a lot, nobody can find them and nobody knows what they do. And, you know, if the agency finds out, the agency will deny, right? So they're, you know, they're, they're loose, so to speak. And these spy tech, you're not just wondering, you know, watch these movies and you say to yourself, gee, they know a lot about this. They must have people, you know, the directors and producers who must have some experience with, with, with espionage. That's why they can make a movie like this. And then I say to myself, hmm, there's just learning here, there's an education here. If I watch movies like this all day, I can figure out how to do it for fun and profit as a criminal. If you watch the, if you watch the police work, it can be a better criminal, right? Yeah, that's true. I would say the representation of hacking in films is a little maybe over exaggerated. One great film that our great show TV series that every bit of command line code you see every bit of all the terminals, it's all real. And it's all, these can all be not replicated, but they can be, you know, diagnosed and used is Mr. Robot that the director really did go through. They had multiple security analysts on, on site to set up real world, real life applications, you know, in perfect environments, every single one of those attacks or whatever happens in no spoilers, but whatever happens in that show can be replicated. So should I be making a panel? I should be making a video of these shows so I can get the code. No, no, it's, it's a lot more and they don't show exact code. They'll sometimes show like either, you know, the main character, Elliot running a piece of code, but they don't show the actual code itself, they just show him running it on a command line. But yeah, that show is the most accurate representation of what it is like to hack. Well, what strikes me is a sort of a mirror image what's going on, you know, if you watch, at least theoretically, if you watch what the shows are telling you about the law enforcement side, then maybe you learn something about how do we evade them or run a parallel. And if you watch or read about, you know, gangland organizations now and gee, in the past also, you may learn about how to, how to do cyber criminal in an organized crime fashion. I mean, it organized crime is organized crime. It can be, it can be the mafia that it goes on us to her, or it can be the cause of come current. I guess you're also saying that the cause of no threat come current does involve itself in cyber crime. Is that right? Well, you know, I don't know exactly who's who's involved right now at this time. But all I can tell you is this, whenever there's money involved, there's a gold rush. And we've been involved in a cyber crime gold rush for the past couple years. And a lot of times, a cyber gang will pop up, they'll be very successful, such as Conti in that video that you sent over, they'll get busted, they'll be an international effort to break them up. And guess what happens? They go somewhere else, these people are still alive, they're still have the skills, and they're still going to be recruited. Because they can go out and make a lot of money off people like us, right? Us in the United States, we're considered like the big target. Any first world countries, right? EU, right? Australia, as we talk about, they're probably not going after the places in Africa as much, right? But India now, of course, you know, they have a space program, they're a wealthy company, they're even going after their own people. So sometimes there's folks that are based out of India. And I'll tell you, there's no honor amongst these, they're going to go after them. If there's a dollar involved, they're doing it. Well, it sounds like a democratization. In other words, if I'm from India or Africa, and I don't have a whole lot of money, but I can study, I can go to school in some places in Africa and learn about hacking, and then I can do it from my impoverished town somewhere and make money. It's a democratization between, you know, I guess the global south and the EU and Australia and the US. So there's a certain equalization there. But you know, so how do I do that? What do I learn? I mean, this is new and it's changing. And, you know, it's hard to just crack a book. It's hard to take a computer science course. How do I become an effective member of the gang? Well, I don't think we're going to tell you exactly how to do that, but just just tell us what's your lips. Have your lips move. Okay. Well, I'll give you kind of a, can give you, I mean, an example. If you use GPT, it'll make everything like I used, I've been writing code for about five years now. And it used to take months, years even, on a good project, right? Code takes a long time. You have to, you have to define your functions, define variables, and then you have to go and debug it. And oftentimes, that takes the longest. Now you can just dump entire lines of entire databases of code, basically, or repositories into GPT and say, Hey, fix this, or hey, I want you to replace, you know, all of this, this instance of, you know, I want loop iterate this, right? You can do all that in days and hours now. So everything is going to become a lot faster with AI. And I think, especially cyber crimes, it's just a lot, you can ask it questions, like, why does this code work? Why does this, what does this code do? But let you don't recommend jumping on the dark web. And I would not. Stay on the dark web if you don't know how to anonymize yourself, if you don't know how to use proxies or VPNs. What's the risk? You can't, I mean, you can have your public IP address, you know, you can be docs to feds, the feds and other bad guys. That's what we hear, by the way, on the dark web is that it's not, you don't often have to be as worried about law enforcement, it's the other guys that are honest, because here's just jumping into a pool of sharks. So it is legal to be on the dark web, right? But yeah, you're in unknown waters, you're in, like, you know, when you use, when you visit the dot comms, or the dot orgs, all those high level domains, you're somewhat safe, I would say somewhat. But when you go to the dot onion, for example, yeah, you don't know what scripts they're running on that, you don't know who's owner, the owner of it. You may be a victim. Absolutely. And you're putting yourself more out there when you go on these things. Well, just for interest, how do I look at it? Do I type in my browser, show me the dark web? Do I go to GBT and say, let me, where do I find the dark web? Where is it? Well, okay, so there is, there's two things, right? There's a dark web and the deep web. The dark web is more for marketplace or code for credit cards, social security numbers, stuff like that. And there's a deep web, which is kind of a good wealth of knowledge. Now, I won't tell you how to access the dark web. But if you would like to do some research and dig into it, that you can download the tour browser that gives you access to visit dot onion domains. And dot onions look like a random string of numbers generally. And we'll have a dot onion at the end. Better watch out for that. So suppose I wake up tomorrow morning, you guys, and I say, I want to be the CEO of a sub crime, organized crime organization. When do I start? I want to find people who will help me. I want to find, I don't care where they are, they can be in Bulgaria or Indonesia, or anywhere in the Middle East, anywhere, Russia. How do I find them? Not so easy. And I can't do, you know, organized crime with these layers you've been talking about without having some people to help me. How do I find them without exposing myself? Or, generally, there's a lot of forums, even on the, you know, even on surface web, there's, you know, 4chan, there's, you know, endless, there's even forums on like Reddit and Facebook. Yeah, I mean, some of these cyber criminals, they're not all created equal. Some of them are kind of dumb, right? I mean, you hear about the people on Snapchat selling drugs, right? That's, it's so, but you can, there's a wealth of knowledge on the on the dark web, if you, if you, I'm just deep web, actually. How big would you say these organized crime organizations are? Is it five people, or 10, or 20, or 100? Is there any companies, thousands, thousands? It depends on if it's a nation state, depends on if it's, you know, a hacktivist, depends on if it's, you know, just a group of people that want to get a little bit of money. It can be one person. And now with AI, there's AI agents. So you have a bunch of agents, you literally have AI iterating on itself, right? So you can spin up a bunch of agents and then tell them, you give them one overarching goal, and then they sometimes they'll come back to you and say, I'm stuck. And then, you know, you can just keep, you can fix it and re-apply it. Okay. So I sent them some code. How do I send them the code? And how do they pay me for my time? Oh, that's a, that's a tricky one. Yeah. I mean, his first thing, why would they, why would they pay you? You'd have to, you know, encrypt all their data. You'd have to maybe extort them or you just plain old steal money, right? You could just fake being an HR person or a vendor and say, hey, send me this, send me 20,000 or whatever. I need this for, and you could whip up a fake invoice. No, I'm not talking about that. I'm talking about being a member of a syndicate. As somebody, I found somebody or they found me, they say, do this work for us. We need you to participate in our, in our syndicate, in our crime organization. So I do, I do things for them. I do, I do it in an honest way. Let me call myself 007. Okay. 008. Wow. 008. There you go. There it is. And I do this work, whatever it may be. Okay. And then I send a little note somehow, and so I did the work. I did what you wanted. Now pay me. How does that work? So you can use a, I mean, a lot of it's almost all of us through crypto, right? That's an easy one. You can send, but then, you know, stuff like Bitcoin or crypto cryptocurrency, like Bitcoin is all public. I mean, that is, there's public ledgers. It's not anonymous, but there is one that's a spooky one called Monero, right? XMR. That one is encrypted into end. So let's say you send it to somebody, not even the people that are really receiving it knows exactly where it's coming from. Not even the people that are hosting the XMR nodes know exactly what's going through their routers, right? It's fully encrypted. So that's one way. You could buy a bunch of gift cards, send them it that way. There's many ways to accept payment and send stuff. Oh, so Attila, you know, you're running a company, you have a certain, you know, expertise resource, you can write code. How do you know that a given request for assistance is legitimate? Can you, the red flags that would tip you off that it's not legitimate and that you could be part of one of these syndicates without realizing it? Yeah, that's a great, that's a really important question, Jay, because so when we work with the FBI on some of these remediation efforts, what does, what happens is that, you know, some money will get laundered, right? And they can go through anywhere from 12 to 15 or 20 plus bank accounts. And each step of the way, sometimes there's a knowing participant, but oftentimes there are not. And so the, you know, FBI could show up at someone's house and say, look, you laundered, you know, several hundred thousand dollars of funds that, you know, were stolen essentially from, let's say, a bank or a legitimate business. And the person who had, who's the owner of that bank account, on short, right? So we're talking in the US, they say, what are you talking about? I was hired by a legitimate company to do this work from home thing. All I had to do was, you know, do a few things that I got to cut of that money as well. That's feeding me and my family. I'm a legitimate person who's a legitimate employee. I have nothing to do with this. And in short, they've been bamboozled. Like, they don't know there were unwilling participants in this money mule laundering scheme. And they could be victims themselves. Sometimes, you know, if you're a victim of this sort of scam or whatever, they will go through you and say, hey, we'll fix this for you, but we're going to need you to take this money or take these credit cards and then send them to another person. Right? So they act as the unwilling participant. Be very cautious if you're approached by a work from home type of, you know, setup, especially from a, from a kind of a shady company. If they're ever asking you to, and we hear about this, you know, from LinkedIn, job scams, that kind of stuff, like you need to pay before we will accept you to be credit cards, right? Yeah, never accept those forms. Yeah, especially if you're an office oriented. Well, you both mentioned, you know, the authorities. And of course, the big question is, you know, like in, in, in, in organized crimes, it's hard to catch them. It's hard at first, it's hard to, you know, find out who they are. And then it's hard to get evidence on them. And then it's hard to prosecute them, particularly if they're far away, where they're all defumes, you know, with, like, but these various layers and hundreds of thousands of people all connected, all not knowing what the other guy does. So, you know, it's hard to prosecute organized crime these days, probably harder than it was before, when they had John Dillinger and Tommy Guns and banks and whatnot. And I wonder if anybody is catching anybody. I start out with it, but the presumption, you guys, that nobody's catching nobody. Tell me I'm wrong. Well, I would say it's, there's always positive and negatives to a new form of, you know, crime or whatever, right? There, everything you do on the internet, there is a paper trail. So that's one good thing, but it's usually behind layers and layers of encryption. You know, with new quantum computers, new AI algorithms coming out, large language models can potentially reverse engineer this encryption and then hopefully decrypt these onion routers. And, you know, I mean, so, yes, I would say it is more prevalent nowadays, but there's also more resources being thrown at it. What's more prevalent? And tell me the answer on whether there are authorities that are actually catching these guys, investigating them, identifying, investigating and ultimately throwing them in jail. Well, like I mean, like I told you earlier, we do work with the FBI, so we do, I mean, we see it all the time, that people get caught, all that. I mean, because here's the thing, it only takes the FBI one time, right? You have to be, as a cyber criminal, you have to be, every second, every step has to be encrypted. Every paper trail has to be burned or thrown away, right? You have to be super, super careful, but the FBI just has to get right once. They have to be right at once. Yeah. They stretch pretty thin though, aren't they? Say it again? They stretch pretty thin. They got a lot to do. Well, they do, and that's where they have to be kind of selective. And we hear about local crime, even here on the islands, like for example, last week, title guarantee, right? They got hit with ransomware. There's some uncertainty there on what's going to happen with that company. That's a local company, right? Who knows? And just depends on how deep it goes. But that's an example of someone who would probably get a little bit more attention versus someone who's been a victim of a romance scam. And even though they may have gotten a couple hundred thousand dollars stolen from them, it was voluntary, it was kind of hard to really kind of stop and put a squash on that versus someone who's actively looking to disrupt our economy by taking about a company like that. That's the biggest thing is these scammers nowadays. That's huge. That's becoming the number one business model for these, because hacking, it takes a long time. It's hard to learn and then you can get caught. But social engineering, faking being a legitimate person, spoofing a phone number, spoofing an IP address, spoofing a email address, it's all very, I mean, not easy, but a lot simpler. So that's the biggest thing to watch out for, I would say, is watch out for being scammed. Because there's no way to get your money back. Once you sit down money, you're done. Gone. Yeah, nobody, not the FBI, not the government. And then that's the problem. So it's hard to prosecute. It's hard to get recovery. And I want to tell you now, I'm volunteering for any jury that has a case on this sort of thing. I want to be the foreman. I have a few things I want to tell to the my old members of the jury. I don't wonder if they're really getting sucked the way they should, because there's, as you say, there's a social overlay on this. There's an economic, a macro economic overlay, when you have all the stealing going on it. And if you have this organized crime, cyber crime, the stealing is in greater numbers, right? Hundreds of millions, what about this is very disruptive to our economy. And if I were on the jury, I really let them have it. I mean, let them have it. What do you think isn't happening? Is that ever happening? Well, like you said, there's different states or I mean, different nations, right? So let's say you get stolen, or you get hacked from somewhere in India, how, you know, no, you can't prosecute. There's no jury for people, you know, cross country jury, right? So it would be hard to, yeah, I mean, there's just there's no, you can't prosecute somebody from another country, right? I mean, you could. But well, Jay is the attorney on that one. But you know, in short, it's a lot easier to prevent and educate and help people understand and realize the kind of dangers that they put themselves into by performing certain activities or not being aware. But just be on the lookout for anything that's fear mongering, right? Yeah. So anyone is coming to you and say like, look, you need to do this right now, right now, the urgency, that's the big one. Because people don't think in the right mind when that happens. So I certainly agree. But let me let me offer you this start in terms of the direction of all of this. Number one is just as you say it, tell them, you know, people are not engaging with others ever since COVID. You know, they stay at home and their engagement is largely on the web. And if you ask me whether they have fear, well, you know, all the news makes them afraid. The news makes them afraid. You hear about the shootings and the wars and the invasions and the threats and all this. It makes you afraid about the future. So there you are sitting at home getting all this bad news. And you're, you know, you're kind of, you're a little desperate. And you may not have anybody you can talk to about it, except think tech. You can come and talk to psych. I might be clear about that. And so, you know, a sideback. Yes, sideback to sideback will talk to you. Yes. So what I'm saying though is that, you know, psychologically, we lived in different times than we did lived in five years ago. And that has an effect on our, you know, vulnerability, our victimization. The other thing is that there are so many programs and s words and obligations to do clean hygiene, find of computing. It's powerful, but it's tricky. And a lot of people never, ever get it right. And they worry and wonder and they mess up on the passwords. They mess up on the subscription. They mess up on reading their email, you know. Coming from all these people is, you know, solving people are writing to you. And there's so many people who want your money. Okay. That's one thing on one side. The other side, okay, is the technology for these hackers. I shouldn't use that term. Cyber criminals is better than it ever was. And this organized crime and model that you describe is more powerful than it ever was. It's a matrix. It's an elusive matrix and it's global. It's got leverage. It's got, you know, it's got the smarts. And with AI, it has way more smarts. Okay. So if you look at this as a kind of competition, the poor shtunk who sets bone in a silo of thought who never really educates himself or herself versus organized crime and businesses that haven't caught up, you know, you look at these, you know, huge monopoly, you know, global enterprises, they're not necessarily smart and they may miss things. Okay. But if you have a smart organized crime organization trying to rip them off, you know, who is smart, who is using every AI, you know, function they can find, who has all these people in all these places and it's all very well organized. It seems to me that there's an imbalance that the criminals increasingly have a greater advantage. And the businesses that are really not Akamai and the people who are afraid and desperate and alone are not Akamai, then the guys who are doing the cyber crime are going to do more of it, make more money, motivated because nobody catches them. Your reaction to that, please. Oh, the stats, the stats back up what you're saying? Yeah. Yeah. Every year, cyber crime is a bigger and bigger industry in the billions. Yeah. So yeah, you're right. As long as folks continue to think it's not going to happen to them, or, you know, there are lots of days ago about their employee security awareness training. They don't employ the proper security tools, software tools. They don't ask the right questions from their vendors. They don't obey basic common sense cyber hygiene. Yeah, they will continue to happen. Yeah. And it's going to be disruptive and expensive. And, you know, we're always looking for good people to join SIPAC. And it's not because this industry is shrinking, but it is because it is growing. Well, you know, I agree with that. I see you guys and like companies as first responders, as advisors that could theoretically minimize the risk both for individuals and businesses. But I also think that there ought to be a more clearly defined, more heavyweight, more resource government operation that does what it can do to cut down, you know, on these crimes and to prosecute these crimes on a global basis. You know, we talk about war crimes, for example, and boy, you know, nothing much happening. We know they're, we know the war crimes are happening, so nothing happens about it. And no war criminals know of any consequence have been prosecuted. And we know we see it on television. And likewise, there's all these crimes you described, which are known crimes. And at some level, we're not talking about first responders like SIPAC. They're very important. But over time, you know, in the larger strategy of it, don't we need government intervention, government protection, where government throws a lot of money at it, government hires people out of the best schools, and government makes an organized, to use that same term, an organized arrangement to deal with it. Are we missing that? What do we do to get that? Well, I mean, there are, and I'm a part of a couple groups that we're trying to crack down on these people. They call them scambaiters. So basically, we're trying to waste their time. We're trying to get a reverse into their computer. We're trying to, as much downtime as we could cost them, they're not harming buck. And this is kind of like a social movement. You'll see this all across the country. It's just everyone's kind of doing their best they can to fight back. And to Jay's point about federal intervention, there have been a lot of federal changes in the past few years that have really made a big difference. And by the way, cyber crime extends not just planetary, but it goes into space too. So we didn't have Space Force 10 years ago, right? Homeland security has done a lot to bring its departments together and share information, hire the best people, put together training programs. So I believe they're doing all that you really can. But it's just such a huge problem. And it's getting so much easier, better, more efficient, and just better for criminals that they can only do as much as they can. In short, it's going to be, we can put together all the sidewalks and traffic lights and make sure the roads are painted and really nicely laid out. But if someone steps into a road with an oncoming car, it's going to be difficult for them not to get hit, no matter how much safety is put on the road itself. So that's what we really encourage is good user behavior. How do we keep that business from having this problem in the first place? Stay on the sidewalk. Yeah, you stop poking everything like your meals or your dogs on social media. It makes it that much like there's a bunch of scraping tools that you can use that you can search a person, type in the username, and it will give you all their, not all their data, but pretty much everything they've ever posted online. That's disgusting. I see this as a kind of continuum. I see you as first responders. And indeed, you are going to be more expert, more focused, more nimble, you know, say then government. But I also see those groups you were talking about, Josh, that's very important because they're groups of people who are like-minded and who, you know, would like to help the community and good for them. But I also see, yeah, I know there are a lot of people who feel that way. And I know personally, many people that have been, my mom, one, I've been affected by scammers. I mean, they, I bet you know a couple people yourself. I mean, I know so many people that have been scammed or have been hacked. I mean, it's, that's really why I do it. I, I, yeah, I don't know, I despise those people. Well, but it's a continuum. So you learn it in CyPAC, well, you learn it in the government, or the government, you know, hires people from CyPAC or CyPAC hires people from the government. And then there are the dark web guys who may hire themselves out as what you call white ads. And so you have this kind of flow, call it tech flow from one element to be the, you know, the industry and the organized groups in the industry to another. And I think you always have the risk, tell me if I'm wrong, of getting a call from the other side in 11 o'clock at night one night and say, Hey, Attila, you know, how would you like to make $5 million and be 008? You always have that risk. And because it's a continuum, and the talent applies in all, all places along the spectrum, you have people shifting for a few bucks, especially if they're unhappy where they are. Am I right? Yeah, insider threats are real, you know, challenged. And there was something that was circulating a few months ago where there was a cyber gang or something that said, look, if you take this USB stick and you stick it inside your employer's network, then we'll give you 10% of whatever we store it out of them. And what a great little way. But that's a sure way to end up in prison too. So just be aware it's two-way street. Okay, final comments. Josh, you go first. What would you like to leave with our audience? Definitely make sure you're as up to date on, keep yourself up to date. Whether it's knowledge or security on your like update your, all your devices, right? Make sure that's all up to date. Make sure you know, yeah, make sure you trust the person or you know the person you're talking to on the other end. And if you don't, better safe than sorry. Yeah, and back up your data when your machine is infected and little buggies are hopping all over it throwing the trash. Right. Okay, until I, yeah, you know, fall side pack, fall side pack immediately. That's right. Yeah, just give us a ring when in doubt, you know, reach out for help. You're not alone. And, you know, I don't think there's anything I could say that folks don't already know, right? Don't click on things that you shouldn't be clicking on. Don't go to websites you shouldn't be going to, especially in the workplace. But you know, I heard a fun fact. I heard a fun fact. Maybe we can end with this fun fact. Did you know that we as humans, right? So humans eat more bananas than monkeys. And we're closely related to the banana genetically. But, but think about this. Think about this fun fact. What was the last time that you ate a monkey? Well, I guess it was time to leave it there. Hey, yeah, thank you. Thank you, Josh. Great discussion. Thanks. They say, they say about there.