 Hello everyone. It's great to be here. I'd like to start off with a demonstration. I'd like to have everyone please stand up. And on the count of three I want everyone to go like this. Wait, one, two, three. Oh cool, standing ovation one minute into the talk. It can't get any better. I've been doing a lot of, I'm a computer scientist. Some of the work I do isn't quite as exciting to people around here. Things like data provenance and security ontologies and stuff like that. But I'm also a magician. I've been a magician for 40 years. And I have, maybe some of you have read my tutorial once said. I don't know, anyone? Number one on Google. But anyhow. So I kept thinking about the similarities between what magicians do and what hackers do. And there's actually a lot in common. You know, first of all, you ever notice magicians are always wearing black. Which seems to be, you know, dominant color here. They also, they like to shock people. There's interesting people around here who are in that category. But mostly they have secret knowledge. And secret knowledge is the key to both hacking and to be a magician. Because with secret knowledge, and you go against something who has very rigid assumptions, it just blows right through it and you get profit. Got to put the formula in there somewhere. So what I'm going to do is I'm going to talk about the magicians tool kit. You know, the different things they use to accomplish the illusions that they're doing. And then I'm going to talk about the similarities between what magicians tools are and the hacking tools. I'm going to talk about basic psychology and some advanced psychology. And then I'm going to give an example of putting it all together saying how I would apply it if I was hacking into a company. So first let's talk about actions. Like the first one is important to know is the faint. It's the, oh here, here's the pencil. See, that was a faint. I knew exactly where the pencil was. I was just pretending I didn't know where. And you see this in hacking. Like you go to websites and saying, we're now skating your computer for viruses and you haven't seen little dials spinning around and all that. It's not doing anything. It's just a faint. And the next thing is the bluff where they're basically saying something that's just an outright lie. And that's typically the website saying, oh we've just detected a virus on your computer. Please install this software. So now the third thing is very important. This is the most important thing is the slide. You take something like this and it just, oh there it is over here. It's no big deal. It's just, oh there it is again. It's just a secret action with some technique that magicians use and a lot of times it requires a lot of practice to really be good at this. Some magicians will spend 20, 30 years just doing one slide and doing it really good. Also, slides are less valuable the more they're known. If you know what's happening, it's not as effective. Also, slides can be worth a lot of money. There's an underground economy for magicians where they partner sequence with each other. So what's the equivalent of this in hacking? It's the exploit. It's a zero day. All these things are true. A really good exploit is worth quite a lot. The speaker yesterday said they're worth like $100,000 up for a really good exploit that works 100% of the time. Also again, if you know about it, it's not as valuable anymore. There's an underground economy as well. The fourth sort of action is timing. That's very important in magic to get the timing just right. That can be used applied to hacking too. For instance, if you're doing a port scan, you do it over a long period of time, like over months or so, or it probably would not be detected. Props are the objects magicians use and some of them are just regular objects. There are special objects too. First of all, there's the gimmick. The gimmick is a secret device. You don't see it, but it has a secret function. For instance, if I had a piece of tape, a sticky thing right here, and I could then put this pencil right here and have it stay in my hand. Now there's also another type of gimmick where you don't actually have a special gimmick. You use another gimmick that has a secret function, which is what I did here with my finger. The equivalent in hacking of the gimmick is the root kit. It's hidden, you can't find it, you can't see it very easily, but it has a secret function. Now the next thing is a gaff. A gaff is a device that you see that has a function that you're aware of, but it's been modified. If I take a pencil and I stick a magnet on it or a thread, it becomes a gaffed pencil. Now what's the equivalent of this in hacking? That's like a backdoor or an Easter egg function in some software. Now the third type of object we should use is a fake. For instance, if I have a rubber tube and I paint it yellow and stick an eraser on it, it wouldn't really be a real pencil, it would just be like a rubber tube that looks like a pencil. That's what a fake is. What's the equivalent of this in hacking? That's like a Trojan horse or a man in the middle. It's not really the website you're going to, it just pretend to be the website and things are passing through it. Now there's people, but first I'd like to do a demonstration. I need three people to have a dollar bill. Anyone has a dollar bill? You'll get it back, I promise. Okay, there's one, I need two more. Come on, come on. Just stay right there, okay? Two more people, okay? Come on up. No, I'm not touching that bill. I'm not touching that bill. Okay, I want you to look at the bill so you're looking at the president, okay? So he's right in the middle, then fold it in half right down his face so the president's on the inside. You got that? Now fold it again the same direction again, okay? Now fold it top, that the bottom, fold it the other way down. Okay, and now give your bill to someone else so you don't have your original bill anymore. All right, now I need someone else, let's see. Okay, let's see now, I'm going to make sure I have all my stuff here, okay? I need someone else to, here. Okay, whoever gets it. Okay, pick it up and point to one of these three people. Or just tell me which one you want. First, second, third. Number two? All right, why don't you come on up. Now, I was going to bring a longer poll here. I'm not going to touch the bill, but I'd like you to put the bill in this clip. Now, I was going to have a longer one, but TSA had issues with it, the bill in the clip, yeah. All right, and the rest of you, you can sit down. You've got a bill, you're all set. Okay, so what I'd like you to do is come over here, step over here, and hold this up real high, okay? Now, I am going to try to read his mind. I'm going to try to determine the serial number of that bill. All right, okay, please open up the bill and look at the number. You got it? All right, now, I want you to, did I get the number correct? Yes. Thank you very much. Oh, you people are so gullible. No, no, actually why don't you read the serial number of the bill, step right up here and tell everyone what it is. F-7-6-0-8-2-1-5-5-I. Thank you very much. Keep the bill, you're all done, thank you. All right, so we're going to talk about people. And of course, the first one you're all thinking of, a shill, a stew, a secret accomplice, you know? Now, I made things a little bit interesting to you because maybe all three of those people were accomplices, you know? Who knows? Now, and of course in hacking, this would be the inside or threat, someone on the inside. Now, for this to work, you know, you really have to trust the person. If you don't trust the person, you know, or suspect the person, then this might not work. So that's very important that if they're, if you would have trust in the person, the more you trust them, the more likely you're going to be deceived by them. There's an also interesting little ploy. It's been used in the magic on a stage production where they had, the magician was the main character and they had a protagonist, the enemy, someone who hated the magician. The magician, you know, put something, you know, on a table and covered it up with a cloth. And his enemy, his nemesis says, I don't believe you. And he picked up the cloth. He says, yep, okay, it's still there. And then, boom, the thing vanished. And what really happened is the person who was the enemy was the one who was secret accomplice. He stole the item out when no one else, no one knew about it. So this could be, this could be applied in hacking too. For instance, if you have someone who's an enemy of someone else and if they say something about this other person, you're more likely to believe them, even though they might be an accomplice. But you see, this is also how it works, you know, you get email and it's more likely to believe it from a friend and a stranger and so on. So now the second type of accomplice is an unwitting accomplice. This is like social engineering. That's what I did with the say yes gag. I had him go along with it, you know, just for some fun. And you see this happening when sometimes social engineering they call someone up and they give a big, you know, one of your colleagues is visiting our site today and they're having problems getting access to the network and he's kind of busier right now and I'm trying to help him out. Could you please do me a favor, you know? So you see that happening a lot. All right, and the third type is the patsy or the fall guy. So if you want to know how, you know, how that bill worked just ask our patsy here. So I'm sure he'll tell you how everything all worked there. Don't ask me because I'm not going to tell you. All right, now let's talk about psychology. The most important principle in magic is naturalness. The professor, Dai Vernon, is a noted expert in magic. He always stressed how magic had to be natural. Tarbell talked about it. A bunch of other people talked about it. If you're doing something and it doesn't look right, like I could have the best light in the world but if I had to go like this when I'm doing my slight it's going to be suspicious. So you have to do slights so they look completely natural. You know, that's really the most critical thing. In fact, someone says, someone said, all magician, all magical effects have a flaw and the stuff they do around it helps disguise that flaw because they really can't be natural. I mean, if they were really that good they could just, you know, point to someone, do something, boom, make a car appear, waving their hands and all that. They always have to disguise it and do things around that to make it look somewhat natural. But what if you can't be natural? What if you can't do it? Can't be 100% natural. Well, one of the first things magician tries to do is to try to make it look as natural as possible. For instance, if you have an exploit and it generates three log entries, if you can illuminate three log entries and go down to two, that's better. If you go down to one, that's even better still. If you have no log entries at all, no alarm, stuff like that, that's the best. So that's the goal is trying to, you know, reduce anything or remove anything that is unnatural. If you're going to have, use a buffer overflow, if you pick, you know, padding of all As or something like that, the log files might show that up and that'd be more suspicious than putting something, that real file name involved in there. There's even someone, a Mason had an interesting paper on shellcode using the English words, which is a thought, it's a very interesting idea. So, and if you can't, if you can't eliminate it, you try to find ways to hide it. I was listening to Paul.com podcast and they had Mike Murray and Mike Murr were talking about how they used D instead of CL for Oracle. And they were able to trick a lot of people into thinking that was the legitimate website when they tried to make it look as similar as possible. So that's again the same sort of principle in doing that. Now, and if you can't do that, sometimes you just can't do it. So what else can you do? You can make something that is unnatural and become more natural. And you can do this with some sort of contrived justification. If you come up with some sort of situation that help explain this and maybe even adding things to it to make this sort of thing seem more reasonable, you can do that. Social engineering does this a lot. Another thing you can do is repetition. If you do something once, it's suspicious. If it happens a hundred times and nothing happens, it's not so suspicious. For instance, if you had an exploit which you may want to do that you wouldn't leave log entries, you could for instance create a tool that you let script kiddies run that looks like probes for this vulnerability but it doesn't actually do anything. And if people started using these tools, they would start generating alarms on systems, but they'd realize oh, it's just that script kiddie tool. It's harmless. It doesn't do anything. They might not notice it if you have a real exploit that has exact signature as a script kiddie tool. All right, now here's... Here, let's do something else. I'm going to do a coin vanish. I'm going to take this coin. I'm going to move away from the mic a little bit. I'm going to make this coin vanish by tapping it with my wand here. On the count of three. One. Two. Three. The coin didn't vanish. The pencil vanished. I stuck up to you how many years. You weren't looking for that. See, you thought the coin was going to vanish when I... At least I still got my pencil. All right, that... Thank you. There were no slights whatsoever in that illusion. All it was was misdirection. That's all I used to do that. I just made you look somewhere else when I was doing it and that's how that particular effect works. So misdirection. It's a way to control some detention so that they look over here when you're doing something secret over here. Now, how can you do this? One of the most important things you want to do is you want to find something that they're going to be interested in. Something that they're going to want to take a look at. Something that appeals to them or has a great interest to them. And it's hard to tell exactly what it is because there's so many different cases. People are different and all that. You can do things that might... Magicians a lot of times would have an assistant and a skimpy outfit and she might drop something and bend over to pick up something and all the men would be looking at her bending over while this magician is doing something secret over there. Those are examples of things like that. It all depends on what the crowd... what appeals to the crowd. And I've seen this in some e-mail and Facebook things and it says, oh my God, you won't believe what he's doing in this picture. You don't may not realize this. Wait a minute, there's something kind of hinky about this thing here but the topic is such as to say I've got to take a look at what this is and now that is... Okay, there's different kinds of misdirection. The first one is the directive misdirection where you say, look over there and of course that doesn't always work. It has to be something logical that makes sense. You can use certain things like... If it doesn't make sense, it might be suspicious if you're suspicious you may not look where they want you to look you may look elsewhere. So it's really important to make this make sense. So you get to find out what attracts their attention. Lady Gaga or Justin Bieber or free iPad, that gets people's attention a lot. They stop thinking about certain things. Now the other thing you could do is on the uniqueness of the event. Some things that just sort of grab your attention. Hackers have set off fire alarms. When they've broken into systems. They might be able to get access to the HVAC that's attached to a computer network and manipulate the environment that way. Or they could set off another attack. Sony was just mentioned recently how they had a very sophisticated attack that was happening while another attack was occurring and that's why they missed it, if you believe them. Now there's another kind which is a little subtler. It's called discovered misdirection. In other words, you don't tell them about it you wait for them to discover it on their own. So it's sitting there ahead of time waiting to be discovered and when they look at it they say, oh my, look at this. So it can be very useful but you have to control the timing because the timing is not always under your control. If you can do certain things to make them want to go there and look at it, that's what this will do. So I'm going to give an example of this later on. There's also another kind of misdirection called constrained misdirection. Penn and Teller do something where they throw something over someone's head and he doesn't know what happened to it and everyone else does because they're controlling what he sees. That can happen, you know. It happened a long time ago I'm not too sure how it happens right now but if you can control the environment maybe get an administrator to have remote access to the machine that you control. They may not see the things that, you know, that they think they're seeing because you're controlling the environment. So that's a possibility. Now, here's some more advanced psychological techniques. I was just mentioning the misdirection but there's a lot more magicians can apply to fool people. All right, one of the most useful techniques magicians use is they want to encourage a false conclusion. Magicians have these things they call sucker tricks and it's designed so that when it's being performed it's pretty obvious to you what's really happening and you start thinking what it's going to be. They do this a lot with kids. Well, they want the kids to yell out and say, I know what you're doing. Turn it around, it's on the other side, whatever. Of course, the very end, the magician reveals the fact that well, no, you're wrong, this is what really happened. They turn the other side and something completely different. Or they'll make you think that someone's hidden underneath a table that's surrounded by a curtain and then they pull away the curtain at the last minute. So, you know, oh, they're not under the table. So this is really, really useful. You have to basically get them to, you know, experience a false premise. A false alarm is also another thing that can do this. So that if you can generate an alarm you might make them think something's happening when it's not. So that's another useful thing to do. You could repeat that and they would also then learn to not trust alarms if you're abusing that. Some examples, the dark market sting. The guy was pretending to be involved in illegal activity. Another case I saw on the sans mailing list, someone had a shockwave file and it had malware in it. They had a virus in it, but it also had the iCar test virus in it. Why would a file have a harmless, you know, a virus and a real virus in the same file? I think it was someone trying to be deceptive. Another good thing the magicians love to do is they like to be able to use multiple methods. If I can do the same effect using three completely different concepts, it becomes really hard for someone to figure out what's going on. For instance, let's say I was doing a trick and it required a trap door. But I could also do the same trick, but this time I didn't use a trap door, I used a mirror. And they looked identical. If you saw both versions of it, you say, I've seen him more than once and he didn't use a trap door and he didn't use a mirror, so I don't know what he did. But meanwhile, it's like when I'm not using a trap door, I'm using a mirror, when I'm not using a mirror, I'm using a trap door. And that's very useful. So if you have multiple ways to do certain things, it makes it really hard to figure out which one it is that's really happening. And it's a very good psychological thing because they say, you know, once they say, well, it's not this, I know it's not this, they tend to want to believe that again. So, oh, another thing that some magicians have done, especially when they're working, trying to steal market share from another magician, is they will come up with an illusion that maybe is an improvement over someone else's illusion and they'll tell people, it says, unlike some magicians, we don't use a trap door or whatever it is. And they purposely reveal the technique that other people are doing to improve the illusion of what they're doing. And that could be useful, too. We'll talk about that. All right. And another very useful thing for magicians is a switch where they're using something, a gimmick, I'm sorry, a gaff, using something that's gaffed. And what they do is they let you examine it and then this regular object and they switch it for the gaffed object or maybe they do it the other way around where they use the gaffed object and they switch it for a regular object and then you hand it out, let people take a look at this. So that, you know, that's very common. And you can do this in hacking, too. If you had, like, programs, you could switch programs in and out pretty quickly. Your programs are self-destruct after they accomplish certain things. So there's ways that this can be done as well. Now, oh, the fake revelation, I mentioned this before, and I'll give an example of this in a little bit in the scenario. Okay, all right, so, okay. All right, so let me summarize some of the stuff we talked about and then we're going to give you the scenario. See, first of all, I believe there's a lot of things in common, but what I do not think is a lot of people have applied the psychological techniques of a magician as they're hacking as much as they could. And I'm going to try to describe this and I'm still going to call this person a magician hacker, I guess. I don't know what else to call him. So, let's pick a scenario. We've got this company, and they have some very valuable intellectual property. I'm thinking, for instance, they could have a server that has all their source code of everything on it or some sort of database with very valuable financial information or something. But they also have very good security. The XYZ company has really good security and they've got sharp people. Now, the hacker's inside, he's already gotten into the network and he has limited access to it. But, and also one more thing, too, if this intellectual property is stolen and they learn about this, it may not be worth as much money. It might be, for instance, trade secrets that if you can steal this without them knowing it, it's more valuable. But if they know that it's stolen, they might do something else. And also, in this scenario, any obvious attempt to extract information and send it out onto the internet would be detected and blocked. So, the initial thing of what might be done can't be done. You have to do something else. So, what would the magician hacker do? All right, let me build up the scenario a little bit. First, we're going to have a Patsy involved. This is Unlucky Lucy. She is the administrator of this server. Okay? She's responsible for it. And she's smart. She's really alert. She's smart. If anything strange happened, she'd detect it. She'd make sure it got stopped. All right? But let's say the magician hacker has partial access to some of her files. Maybe she's got a directory that she owns and he can put some files into it. And also, she also has some files that, under her control, that can be propagated throughout the network. You know, maybe she's got some sort of startup batch file or something like that that people use or something along those lines. All right. And so, what does he do there? He sort of scopes it out, finds the Patsy, and then first step, he's going to go to some web forms and create an account using Lucy's name and create some interesting little piece of information there which we'll discover later. Okay? All right. There's also innocent Ivy. You know, she's going to, something's going to happen to her, too, but this is all like setting up the discovered misdirection thing. All right? So, the hacker has to do a little bit more work. He's going to create some files on a public-facing web server. But these are files that are not indexed in the main page. A search, a spider, might not find them. You have to know about the URLs to actually see these files. So, these files are created and they're available on the Internet, but no one knows about them yet. Also, one more thing to sort of make this work is you have to make sure that, since some sites do incremental backups, you want to be able to do a full backup, but you want to be able to make sure that the entire database is going to be backed up. So, you may have to do something to make sure the size of the incremental backup is big enough so that it's going to be able to do a full backup. Now, this file that Lucy is distributing throughout the company, it's got a zero-day virus in it. No one knows about this exploit yet. You know, it's undiscovered. And in fact, the virus doesn't do anything. It just sits there, might propagate. It sits there pretty quietly, just waiting for the right time. All right, next, the hacker generates a fake press release regarding the XYZ company. They are now announcing they're going into adult services. And goes on to quote about the CEO, you know, John Smith, and says, there's a real need, there's real money in here, and heck, I love pornography. So, you can imagine what might happen. Well, let's go through it, let's see what happens here. So then the hacker makes a phone call to Innocent Ivy, okay? Said, I was on this URL and I found something on your web page that I don't think should be there. And notices and lets Ivy know about this. And she checks it out and she reports it to her manager. She says, oh my God. And also, the magician at the same time reveals the details of this new zero day. Here's the exploit, here's how it works. Maybe says, I've seen this in the wild or something like this, or whatever. They put all the source code, put all the information out there to let people know about it and let the hackers play around with it. So probably pretty soon, you'll see malware and all that. Okay, so this is all, this is things that we're doing the bluff, we're doing a winded accomplice, we're creating a false conclusion, revealing an inferior method by others. So we're doing all that at this point. And we're still haven't gotten to the good part yet. Okay, meanwhile, the CEO hears about this press release. He's obviously not reading Twitter first thing in the morning. Someone has to tell him about this stuff. And of course, he's going to be outraged about this. So the blogs are now talking about this press release, because it hit the news, they're talking about this. So they publish a press release in response. Let's say denying this whole thing, it's just a fake press release, don't believe it. Okay. But then they learn, he's got porn on his website. Hmm. So we might have to issue another press release that sort of contradicts the first press release. You know, saying maybe they're, you know, to figure out how to get around it. He's going to be sweating bullets on this. All right. And maybe the hacker has some, they found some of the screenshots of what these some of these, you know, what these pages are and publishes it on Twitter and stuff like that and let people see what it is. All gets around. They're going to take it down quickly. But, you know, it's going to be there and it might look like something, you know, like there's the CEO saying, this is good porn here, you know, I'm personally guarantee it, you know. So he is going to be pretty upset. Okay. And, oh, in this point, now the antivirus company is now creating signatures for that malware that we just talked about, that zero they just came out. So this is the first round of chaos. Let's go a little bit deeper. Okay. So now Ivy gets some random email saying, you know, one of your people, Lucy, was talking about XYZ's company and their new porn stuff, new porn content and how she thinks it's a really good idea and all that. We just want to let you know. I said, Lucy? Lucy did this? So anyhow, they check it out and they just hold in Lucy's file, there's some JPEGs that were on the website and maybe a rough version of that press release in her files. Uh-oh. Ivy reports this to the chief and Lucy gets fired. You know, this stuff like this, they just want the people out of there as quickly as possible, you know, just hush-hush, hide everything and all that and get the person out of the door but now the blogs are talking about this too, you know, about the porn the porn pages that were showing up and how it, you know, sort of counters the first press release that came out and the virus signatures are now updated and propagated throughout the, you know, throughout the systems to say here's the new, you know, virus that we're putting signature into the system and they're all getting updated. All right. So this is sort of the second round of chaos. So what happens now? Okay. Now the hacker decides to publish a second press release faked one from the XYZ company saying we're now as a policy that all our press releases are going to be cryptographically signed and the public key to verify the contents of the press release is on our webpage over here and sure enough there's a public certificate that's on the webpage and they can go to it, they can validate it and they say, oh, and by the way, you know, we are getting into the porn business and this is cryptographically signed and that the CEO has some issues with the current direction. All right. And by the way, the antivirus packages sort of says oh, we have hundreds of machines are now infected with a virus. This is the third round of chaos. Shall we go on? All right. All right. So now next thing, this virus, it does have one thing this virus does. It was waiting for the right time and the time is now. It decides to make connections to random websites on the internet, but in the HTTP get in the header, they have this big new header in there that contains all this random information, random characters, very large files. Now, it actually really is random information, but from an analytical point you can't tell the difference between something that's random and something that's encrypted. So as far as anyone can tell, this is sending encrypted information and all the different machines are connecting to all these web servers on the outside and sending megabytes of data to tens of thousands of websites out there. And also the antivirus package found some files in Ivy's directory and it got triggered and notified. They look at them and these are a little bit different. So this is the fourth round of chaos. Okay, finally, here's where he gets the final stage here. So in Ivy's directory, they find source code of this virus. Hmm. Also, they found some more of these adult pages and the press releases are also in Ivy's directory. So Ivy's now fired. So this is the fifth round of chaos. Now let me summarize what's going on here. We've got this complete circle of chaos here. First of all, they've got a PR nightmare. You know, they keep coming up with these press releases and their press releases contradicts other press releases and they seem to know what they're doing. They're trying to handle this, trying to smooth everything out and it's not quite too sure how to handle this situation. They also have this big virus infecting all these machines in the center, you know, all over the place. They've got to deal with that. Where's the virus? How's it propagating? What's going on? They might trace it down to the fact that maybe it was, you know, Lucy that was doing it. Everything that makes sense but then maybe it's Ivy she was involved too. So, and the third thing is they got all this, you know, gigabytes of traffic going out to the internet that's encrypted. What is in there? It's maybe it's their intellectual property. Someone's doing all this stuff. They better figure out what this is and stop it soon. The fourth thing that they worry about is they now they have two cases of wrongful termination. I mean the CEO's not going to care about this. They just want the, you know, the people gone. You know, they don't want to care about, you know, excuses. What's that? Oh, okay. It says wrongful termination. I don't know what it is. Well, I got chopped off. Okay. All right. And the next one is, well, you know, now people are going to have problems with their management. They're not quite comfortable with what's going on because Ivy and Lucy got fired. People know these people. They can't understand what's going on. Rumors get spread. You know, people can't make up their mind as to what's going on and who's to blame for that. It seems like they're blaming people, you know, for no real reason or maybe they are. It's really confusing. And the fifth problem that they have is the fact that, well, the server, the administrator of the server is now changed. They lost the primary and they lost the secondary so they have some other person who's not familiar with that server. Now you think they're going to care about that last one. It's just not going to be something as high in their radar. So now we're going to complete the illusion. Now, like magic, once you know what's really happening, you're going to be disappointed because it's so simple. That's how magic is. But it's not just the effect it's done. It's the whole creation of the illusion with all of the misdirection and all of the psychology, the whole thing. That's what makes magic interesting. But the actual, what really happens can be very simple. So remember what we're trying to do is trying to steal the information from the database and not be detected as natural as possible and leave no evidence. So this is what's done. It's pretty simple. Well, we're going to do a full backup of that database and using some DNS cache poisoning or something like that, it goes to a different website, a different external server, maybe in a different country or whatever, but they may not notice it. And when it's all done, it sort of cleans up all traces of it. You know, the DNS cache will be cleansed and as far as they can tell, everything looks perfectly fine. So therefore, you have profit. Thank you. All right now, just to summarize some things to talk about, press releases should be signed. I think detecting this sort of technique is going to require a new sort of philosophy of new ways of thinking about things and new motivations, understanding it. The obvious answer may not be the correct answer. It seems like it's the obvious one, but that may not be good enough. And unrelated events may not be unrelated. They may, the whole thing may be part of a big package. Forensics are really important and people like computers or assets, they're vulnerable to denial of service as well. So in the DVD and on my webpage, there's an 18 page paper, I give a lot of detail of all this stuff. I've been collecting information about this. If you have any questions, contact me and I'll have to upload the papers and hope you enjoyed it.