1
00:00:00,000 --> 00:00:02,996
Singapore was the second country
in the world where attacks were 

2
00:00:02,996 --> 00:00:04,669
coming from. 
I have to pause for the emphasis

3
00:00:04,669 --> 00:00:06,496
there. 
Because it's not a target, it's 

4
00:00:06,496 --> 00:00:08,970
the source. 
Today's guest is Joseph Yap, 

5
00:00:08,970 --> 00:00:11,790
founder of Otonata. 
With over two decades optimizing

6
00:00:11,790 --> 00:00:14,436
corporate Operations and Supply 
Chain, Joseph now helps 

7
00:00:14,436 --> 00:00:17,598
individuals protect the one 
place they never expected to be 

8
00:00:17,598 --> 00:00:19,440
vulnerable: their homes. 
Let's understand why. 

9
00:00:19,945 --> 00:00:21,810
Why Singapore? 
Since the eighties, the 

10
00:00:21,810 --> 00:00:24,120
Singapore government has been 
very actively promoting 

11
00:00:24,120 --> 00:00:26,960
information technology. 
Everyone has multiple devices. 

12
00:00:26,990 --> 00:00:29,390
Washing machines. 
You've got fridges, robot 

13
00:00:29,390 --> 00:00:31,714
vacuums, security cameras. 
The attack surface is just gonna

14
00:00:31,714 --> 00:00:33,585
keep growing. 
For low income households, you 

15
00:00:33,585 --> 00:00:36,290
get high speed fiber access. 
So there's a term that really 

16
00:00:36,290 --> 00:00:38,060
disturbed me now. 
It's called residential proxy. 

17
00:00:38,120 --> 00:00:41,150
The hackers are using people's 
houses and monetizing them. 

18
00:00:41,240 --> 00:00:44,723
One of my friends was very proud
that he bought a media player 

19
00:00:44,723 --> 00:00:47,030
from a very small shop that was 
$50. 

20
00:00:47,060 --> 00:00:49,806
But you could access everything.
It reminded me of a quote that 

21
00:00:49,806 --> 00:00:52,465
if you can't work out what the 
product is, you are the product.

22
00:00:52,495 --> 00:00:54,745
You are the proxy. 
You are the service. 

23
00:00:54,745 --> 00:00:56,575
They're selling access to your 
network. 

24
00:00:56,725 --> 00:00:58,945
Are you now saying that we are 
all being hacked? 

25
00:00:58,975 --> 00:01:01,615
Probably, yeah. 
If I looked at the statistics 

26
00:01:01,615 --> 00:01:04,425
now, botnet they counted over 
700,000 devices attacking at the

27
00:01:04,425 --> 00:01:06,775
same time. 
It hit 30 terabits per second. 

28
00:01:06,835 --> 00:01:09,055
It's like downloading all of 
Netflix within minutes. 

29
00:01:09,055 --> 00:01:12,335
With AI, the barrier to entry 
for hacking now is super low. 

30
00:01:12,415 --> 00:01:14,920
Some of the best known 
ransomware gangs are run by 

31
00:01:14,920 --> 00:01:16,680
teenagers. 
You can ask ChatGPT, you can ask

32
00:01:16,680 --> 00:01:19,124
Gemini, you can ask Claude. 
If someone broke into the home 

33
00:01:19,124 --> 00:01:21,402
network, it's like they have 
access to your house, but you 

34
00:01:21,402 --> 00:01:23,305
don't know that they're there. 
It's very freaky if someone's 

35
00:01:23,305 --> 00:01:25,130
standing behind you but you 
don't know them. 

36
00:01:25,280 --> 00:01:28,760
And they're there 24/7, watching
everything that you do. 

37
00:01:45,203 --> 00:01:47,649
Hey, quick pause. 
My goal with Tech Lead Journal 

38
00:01:47,649 --> 00:01:50,233
is simple. 
Learn from the best in tech, so 

39
00:01:50,233 --> 00:01:53,603
we can all grow together. 
If this resonates with you, hit 

40
00:01:53,603 --> 00:01:56,897
subscribe to follow the channel.
It's the biggest way for you to 

41
00:01:56,897 --> 00:01:59,468
support the show and help us 
keep bringing great guests and 

42
00:01:59,468 --> 00:02:01,919
insights to you. 
Thanks for being here, and let's

43
00:02:01,919 --> 00:02:04,097
get back to it. 
Okay. 

44
00:02:04,127 --> 00:02:06,399
Hi everyone. 
Welcome back to another 

45
00:02:06,399 --> 00:02:09,917
in-person podcast recording. 
Today I have with me Joseph Yap.

46
00:02:10,320 --> 00:02:13,707
He's gonna share something very 
interesting today about 

47
00:02:13,707 --> 00:02:16,710
cybersecurity. 
But we are not going to talk 

48
00:02:16,710 --> 00:02:20,126
about cybersecurity as you may 
have heard it a lot of times, 

49
00:02:20,126 --> 00:02:22,230
you know, with organizations and
things like that. 

50
00:02:22,290 --> 00:02:26,855
But this is actually at your 
personal home or your personal 

51
00:02:26,855 --> 00:02:28,940
usage. 
So there are some statistics 

52
00:02:28,940 --> 00:02:31,840
that I think kind of like mind 
blowing to me when he first 

53
00:02:31,840 --> 00:02:34,740
shared it with me. 
So, yeah, I think let's just 

54
00:02:34,740 --> 00:02:37,245
discuss it later. 
So welcome, Joseph, to the show.

55
00:02:37,805 --> 00:02:39,425
Thanks very much. 
Good to be here. 

56
00:02:40,025 --> 00:02:42,882
So, Joseph, in the beginning, I 
always love to maybe invite my 

57
00:02:42,882 --> 00:02:45,729
guest share a little bit about 
your career, especially the 

58
00:02:45,729 --> 00:02:48,150
turning points that you think we
all can learn from you. 

59
00:02:48,485 --> 00:02:52,629
Okay. 
Yeah, so I started very much in 

60
00:02:52,629 --> 00:02:54,277
communications and journalism 
actually. 

61
00:02:55,152 --> 00:02:59,912
My initial background 
academically was more about 

62
00:02:59,912 --> 00:03:02,690
journalism interviewing. 
Being on the other side of the 

63
00:03:02,690 --> 00:03:04,858
table. 
I've changed career paths quite 

64
00:03:04,858 --> 00:03:08,857
a bit along the way, but I found
that for every change that I 

65
00:03:08,857 --> 00:03:11,962
made, there was always something
that I had learned before that I

66
00:03:11,962 --> 00:03:15,682
could leverage to a new role. 
So in terms of, yeah, turning 

67
00:03:15,682 --> 00:03:19,088
points, I think changing career 
paths and finding that actually 

68
00:03:19,088 --> 00:03:22,858
there's stuff I can carry over 
from a previous role was quite 

69
00:03:22,858 --> 00:03:26,582
helpful. 
I've also found that over the 

70
00:03:26,582 --> 00:03:31,530
20+ years of corporate life, one
of the biggest learnings that I 

71
00:03:31,530 --> 00:03:35,554
had was thinking about people. 
It's funny to say this out loud,

72
00:03:35,554 --> 00:03:39,784
but in the space that I've been,
which is really to do with 

73
00:03:39,784 --> 00:03:43,824
operations and supply chain, we 
often forget that businesses are

74
00:03:43,824 --> 00:03:46,672
run by people, organizations are
run by people. 

75
00:03:47,402 --> 00:03:52,637
My expertise of familiarity has 
been with processes and trying 

76
00:03:52,637 --> 00:03:55,277
to simplify and stabilize 
things. 

77
00:03:56,117 --> 00:03:58,812
But unfortunately, if you don't 
think about the people aspect of

78
00:03:58,812 --> 00:04:01,397
that, things will always go 
wrong, right? 

79
00:04:01,397 --> 00:04:05,598
So one of the big lessons that I
had were from, yeah, a corporate

80
00:04:05,598 --> 00:04:07,698
career has always been to do 
with people. 

81
00:04:07,788 --> 00:04:12,130
And I think one of the biggest 
lessons that I had in my last 10

82
00:04:12,130 --> 00:04:14,718
years or so was dealing with 
complexity. 

83
00:04:15,414 --> 00:04:18,353
So going back to what I said 
about people, when you're not 

84
00:04:18,353 --> 00:04:21,880
managing processes with thinking
about people and how much effort

85
00:04:21,880 --> 00:04:26,188
it can take someone to make a 
lot of micro decisions, how much

86
00:04:26,188 --> 00:04:28,054
fatigue they can put someone 
through. 

87
00:04:28,774 --> 00:04:32,219
I had an example where someone I
worked with, she would wake up 

88
00:04:32,219 --> 00:04:35,902
in a panic at 3 am in the 
morning to write something down.

89
00:04:35,902 --> 00:04:38,602
Because while she was thinking 
about something going to sleep, 

90
00:04:38,602 --> 00:04:40,592
she fell asleep. 
And then she suddenly remembered

91
00:04:40,592 --> 00:04:42,952
that, oh my God, I need to do 
this tomorrow morning. 

92
00:04:43,490 --> 00:04:44,750
And then she couldn't go back to
sleep. 

93
00:04:45,455 --> 00:04:49,949
So the process that they were 
working with was so complicated 

94
00:04:49,949 --> 00:04:54,389
that there was so much burden on
people to take the 

95
00:04:54,389 --> 00:04:58,494
responsibility onto themselves. 
So one of the, yeah, lessons I 

96
00:04:58,494 --> 00:05:03,085
had from corporate world was we 
have to work out how to make it 

97
00:05:03,085 --> 00:05:06,475
easier for people not to deal 
with so much complexity and put 

98
00:05:06,475 --> 00:05:09,557
the burden on themselves. 
So when I think about the 

99
00:05:09,557 --> 00:05:12,641
developing processes now, a lot 
of it is around, one, what is 

100
00:05:12,641 --> 00:05:16,648
the value add? 
And two, how do I minimize the 

101
00:05:16,648 --> 00:05:20,132
ability for human error for 
something to go wrong because of

102
00:05:20,132 --> 00:05:20,713
that? 
Yeah. 

103
00:05:22,148 --> 00:05:25,833
Before we continue, I want to 
tell you about our sponsor, 

104
00:05:25,833 --> 00:05:29,065
Cyberhaven. 
AI is exfiltrating your data in 

105
00:05:29,065 --> 00:05:30,787
fragments. 
Not one big breach. 

106
00:05:31,027 --> 00:05:34,492
A prompt here, a screenshot 
there, a quiet export into a 

107
00:05:34,492 --> 00:05:37,549
shadow AI tool. 
Every week, AI makes your team 

108
00:05:37,549 --> 00:05:39,727
faster and your data harder to 
see. 

109
00:05:39,997 --> 00:05:43,435
Files are moved to new SaaS 
apps, models are trained on 

110
00:05:43,435 --> 00:05:47,197
sensitive inputs, and legacy DLP
is blind to the context that 

111
00:05:47,197 --> 00:05:50,407
matters most. 
On February 3rd at 11:00 AM 

112
00:05:50,407 --> 00:05:54,425
Pacific Time, Cyberhaven is 
unveiling a unified DSPM and DLP

113
00:05:54,425 --> 00:05:57,297
platform. 
Built on the original data 

114
00:05:57,297 --> 00:06:00,902
lineage, so security teams get 
x-ray visions into how data 

115
00:06:00,902 --> 00:06:04,062
actually moves and can stop 
risky usage in real time. 

116
00:06:04,332 --> 00:06:08,122
Watch the launch live at 
cyberhaven.com/techleadjournal. 

117
00:06:08,292 --> 00:06:11,542
That's 
cyberhaven.com/techleadjournal. 

118
00:06:11,950 --> 00:06:13,990
And now let's get back to our 
episode. 

119
00:06:14,417 --> 00:06:15,992
Well, thank you for sharing the 
story. 

120
00:06:15,992 --> 00:06:19,612
I think sometimes we didn't 
realize at work, right? 

121
00:06:19,612 --> 00:06:23,357
We are so maybe stressful, 
anxious, right, thinking about 

122
00:06:23,357 --> 00:06:26,657
what we need to do for work. 
And sometimes we just think it 

123
00:06:26,657 --> 00:06:29,407
is like something, you know, 
like a habit or something 

124
00:06:29,407 --> 00:06:31,681
normal. 
But I guess, the onus is for the

125
00:06:31,681 --> 00:06:35,592
leaders to actually think how to
improve the process, not to make

126
00:06:35,592 --> 00:06:40,064
people's life harder, I guess. 
And I like actually that you 

127
00:06:40,064 --> 00:06:43,052
said that you have switched 
career path multiple times. 

128
00:06:43,082 --> 00:06:46,370
Maybe one thing that piqued my 
interest is like you said you 

129
00:06:46,370 --> 00:06:49,556
started from journalism. 
Is there any skill that from 

130
00:06:49,556 --> 00:06:53,507
journalism that you take on and 
on in other multiple careers as 

131
00:06:53,507 --> 00:06:57,497
well? 
I wouldn't say necessarily a 

132
00:06:57,497 --> 00:07:00,907
skill but a desire to be curious
and to learn. 

133
00:07:02,227 --> 00:07:05,707
So I've taken on several roles 
where I knew nothing about the 

134
00:07:05,707 --> 00:07:08,587
role when I first took it up. 
I mean, I give you an example. 

135
00:07:08,587 --> 00:07:12,355
I led a procurement function for
a while in a construction 

136
00:07:12,355 --> 00:07:14,407
company. 
Never worked in construction. 

137
00:07:14,797 --> 00:07:19,924
I did procurement before, but I 
ended up becoming the lead for 

138
00:07:19,924 --> 00:07:22,847
timber in construction. 
Didn't know anything about 

139
00:07:22,847 --> 00:07:24,161
timber, didn't know anything 
about construction. 

140
00:07:24,161 --> 00:07:26,411
But it was really interesting to
me. 

141
00:07:26,951 --> 00:07:29,861
And I dove really deep into that
subject matter. 

142
00:07:30,581 --> 00:07:34,074
Within two years, I became the 
company subject matter expert in

143
00:07:34,074 --> 00:07:37,804
timber. 
And not only that, I helped the 

144
00:07:37,804 --> 00:07:40,574
company win the Forest 
Stewardship Council Builder of 

145
00:07:40,574 --> 00:07:44,117
the Year Award. 
So they went from not being on 

146
00:07:44,117 --> 00:07:48,459
the radar to being the best 
known builder for green timber. 

147
00:07:49,199 --> 00:07:52,463
So I found that being a 
journalist helped me, gave me 

148
00:07:52,463 --> 00:07:56,537
the skills to ask why, and to be
curious and learn about 

149
00:07:56,537 --> 00:08:00,403
something so that when, yeah, 
down the path, other career 

150
00:08:00,403 --> 00:08:05,928
paths that I took, I had the 
skills and the, I guess the 

151
00:08:05,928 --> 00:08:09,053
interest to chase the story down
to ask why. 

152
00:08:09,383 --> 00:08:11,323
Why is it like this? 
And be curious about it. 

153
00:08:11,323 --> 00:08:15,599
So I think journalism helped me 
develop a few tool sets to be 

154
00:08:15,599 --> 00:08:19,177
able to talk to people to be 
curious about what they do and 

155
00:08:19,177 --> 00:08:20,019
why. 
Yeah. 

156
00:08:20,619 --> 00:08:23,979
Yeah, I find asking good 
questions, asking questions, 

157
00:08:23,979 --> 00:08:26,709
knowing the why seems simple, 
right? 

158
00:08:27,159 --> 00:08:29,249
We think it's stupid, like you 
come up with a lot of questions,

159
00:08:29,249 --> 00:08:32,126
but actually there's a lot of 
insights just by coming up with 

160
00:08:32,126 --> 00:08:34,200
the questions. 
And I learn a lot by 

161
00:08:34,200 --> 00:08:36,619
interviewing people, right? 
Even in your preparation, you 

162
00:08:36,619 --> 00:08:39,067
know, thinking of what 
questions, what good questions 

163
00:08:39,067 --> 00:08:41,774
you would ask for the guest. 
I think it's also very 

164
00:08:41,774 --> 00:08:43,546
difficult. 
And good conversations will 

165
00:08:43,546 --> 00:08:46,186
start from the curiosity that 
you mentioned, right? 

166
00:08:46,186 --> 00:08:47,506
The questions that you ask. 
Yeah. 

167
00:08:47,506 --> 00:08:50,516
Completely agree. 
So let's just dive in into the 

168
00:08:50,516 --> 00:08:52,276
topics that we want to discuss 
today, right? 

169
00:08:52,276 --> 00:08:55,426
So I think in the first place, 
you wanna share something about 

170
00:08:56,116 --> 00:08:58,126
Singapore state of 
cybersecurity. 

171
00:08:58,426 --> 00:09:01,276
I think this is also coming from
a report by Cloudflare. 

172
00:09:01,336 --> 00:09:05,490
And it mentioned that Singapore 
is one of the top most DDoS 

173
00:09:05,490 --> 00:09:07,666
attack sources country in the 
world. 

174
00:09:07,756 --> 00:09:10,920
So tell us a little bit more 
about this mind-blowing 

175
00:09:10,920 --> 00:09:13,396
statistics. 
So I think I have to pause for 

176
00:09:13,396 --> 00:09:16,975
the emphasis there. 
Because it's not a target, it's 

177
00:09:16,975 --> 00:09:18,241
the source. 
Yeah. 

178
00:09:18,571 --> 00:09:21,253
And I found this super 
interesting 'cause when I first,

179
00:09:21,253 --> 00:09:26,606
when it first came on my radar, 
Singapore was among the top 10, 

180
00:09:26,606 --> 00:09:29,281
firstly, and then slowly 
increasing. 

181
00:09:29,863 --> 00:09:31,951
In the... 
I think it was earlier this 

182
00:09:31,951 --> 00:09:36,917
year, Singapore was the second 
country in the world where 

183
00:09:36,917 --> 00:09:39,493
attacks were coming from. 
So it's not attacks too. 

184
00:09:39,943 --> 00:09:44,025
I mean, you hear a lot in the 
media about, you know, 

185
00:09:44,025 --> 00:09:46,780
cybercrime, scams. 
Singapore lost a billion dollars

186
00:09:46,780 --> 00:09:50,531
last year to scams. 
But you never, nearly never hear

187
00:09:50,531 --> 00:09:53,255
about Singapore being a source 
of cyber attacks. 

188
00:09:53,525 --> 00:09:56,495
You hear about Myanmar, 
Cambodia, the Golden Triangle, 

189
00:09:56,495 --> 00:10:00,149
where all the scam centers are. 
So when I first came across that

190
00:10:00,149 --> 00:10:03,235
information from Cloudflare, and
keep in mind, it's not just 

191
00:10:03,235 --> 00:10:07,010
their report about it, it's 
actually they have the data and 

192
00:10:07,010 --> 00:10:11,017
the breakdown, the stats, right?
So when I first looked at that, 

193
00:10:11,017 --> 00:10:16,045
and I dug into it, the number 
one country in the world was, at

194
00:10:16,045 --> 00:10:19,077
that point, Indonesia, and then 
Singapore was number two. 

195
00:10:20,007 --> 00:10:23,689
But you know, Indonesia is a 
much bigger country, much bigger

196
00:10:23,689 --> 00:10:26,097
population, okay. 
Singapore was a lot smaller. 

197
00:10:26,577 --> 00:10:28,887
But when you look at the 
breakdown of where the attacks 

198
00:10:28,887 --> 00:10:32,347
were coming from, the number one
source at the point in time was 

199
00:10:32,347 --> 00:10:36,267
DigitalOcean, which is hosting 
VMs, you know, a lot of servers.

200
00:10:36,267 --> 00:10:38,981
Singapore is a lot digitalized 
services, so I get that. 

201
00:10:39,861 --> 00:10:42,681
But then you look further down 
the track, it's Singtel and then

202
00:10:42,681 --> 00:10:46,633
Starhub, and these are, this is 
where people's internet 

203
00:10:46,633 --> 00:10:50,261
connections are. 
And what that occurred to me was

204
00:10:50,261 --> 00:10:53,621
actually, it's not one specific 
part of Singapore that's that 

205
00:10:53,621 --> 00:10:55,840
where the attacks are coming 
from. 

206
00:10:55,840 --> 00:11:01,660
It's across the entire trench. 
So that was earlier this year. 

207
00:11:01,930 --> 00:11:06,447
I looked up the statistics for 
the last six months, effectively

208
00:11:06,447 --> 00:11:10,924
in the top, I believe it's top 
six, in the last six months, 

209
00:11:10,924 --> 00:11:13,942
between Indonesia, Singapore, 
and Vietnam, 20% of attacks are 

210
00:11:13,942 --> 00:11:15,632
coming from these three 
countries. 

211
00:11:16,382 --> 00:11:18,977
And when you think about 
proportion versus the rest of 

212
00:11:18,977 --> 00:11:21,972
the world, I mean sources of 
attack, Singapore rates above 

213
00:11:21,972 --> 00:11:24,618
China. 
You look at the amount of 

214
00:11:24,618 --> 00:11:27,421
technology that's in China 
versus the Singapore and the 

215
00:11:27,421 --> 00:11:29,602
size, but the attacks are coming
from Singapore. 

216
00:11:29,602 --> 00:11:31,960
I thought, huh, this is really 
interesting. 

217
00:11:31,960 --> 00:11:33,970
It's concerning 'cause no one's 
talking about it. 

218
00:11:34,510 --> 00:11:37,292
But at the same time, it's a 
very interesting space. 

219
00:11:37,292 --> 00:11:40,352
And, you know, my curious mind 
goes, hmm, why? 

220
00:11:40,442 --> 00:11:42,782
Why, what's, what makes it so 
interesting? 

221
00:11:43,082 --> 00:11:46,392
What makes Singapore so special 
or susceptible to being the 

222
00:11:46,392 --> 00:11:49,347
source? 
Again, like, just the emphasis 

223
00:11:49,347 --> 00:11:51,473
here, right? 
So because in the news we always

224
00:11:51,473 --> 00:11:54,392
hear about, you know, scam 
attacks, victims, right, of 

225
00:11:54,392 --> 00:11:56,542
cybersecurity. 
You know, be it, I dunno, 

226
00:11:56,542 --> 00:11:57,617
ransomware, whatever that is, 
right? 

227
00:11:57,677 --> 00:12:01,277
But your emphasis here is 
actually the source of attack 

228
00:12:01,277 --> 00:12:04,317
comes from Singapore. 
And this could come from your, 

229
00:12:04,317 --> 00:12:06,995
our typical, you know, internet 
provider like Singtel and 

230
00:12:06,995 --> 00:12:10,103
StarHub and DigitalOcean, which 
is like, kind of like a cloud 

231
00:12:10,103 --> 00:12:13,337
SaaS service. 
So maybe let's understand why. 

232
00:12:14,177 --> 00:12:15,647
Why? 
Why Singapore? 

233
00:12:15,647 --> 00:12:17,117
Why Indonesia? 
Why Vietnam? 

234
00:12:17,117 --> 00:12:20,447
Because we always associate 
cyber crime with, you know, top 

235
00:12:20,447 --> 00:12:24,453
countries like North Korea, 
China, like US and things like 

236
00:12:24,453 --> 00:12:26,753
that. 
So why is Singapore specifically

237
00:12:26,753 --> 00:12:30,349
or these three Southeast Asian 
countries, which seem harm 

238
00:12:30,349 --> 00:12:33,023
harmless? 
So I think the key point of 

239
00:12:33,023 --> 00:12:35,277
clarification here is even 
though that's where the attacks 

240
00:12:35,277 --> 00:12:38,458
are being launched from, it 
doesn't mean that there are, 

241
00:12:38,458 --> 00:12:41,963
there's a huge crime community 
in Singapore of hackers. 

242
00:12:42,203 --> 00:12:44,470
They're all controlling things, 
they are attacking from 

243
00:12:44,470 --> 00:12:45,803
Singapore. 
But this is the launch. 

244
00:12:45,863 --> 00:12:47,423
This is the launch points for 
the attacks. 

245
00:12:47,733 --> 00:12:50,731
And also, again, specifically, a
lot of these attacks are DDoS 

246
00:12:50,731 --> 00:12:53,748
attacks at the moment, which 
means that it's a distributed 

247
00:12:53,748 --> 00:12:57,873
denial of service attack which 
is kind of coordinating hundreds

248
00:12:57,873 --> 00:13:01,837
of thousands of devices to all 
attack one point at the same 

249
00:13:01,837 --> 00:13:05,315
time, to disrupt them, to try 
and shut down the traffic or to 

250
00:13:05,315 --> 00:13:07,514
overload them. 
So that's one specific type of 

251
00:13:07,514 --> 00:13:10,700
attack. 
Singapore is in that list 

252
00:13:10,700 --> 00:13:14,276
because primarily, and this is 
my expectation, 'cause I haven't

253
00:13:14,276 --> 00:13:16,845
interviewed a hacker to ask them
why are you doing this? 

254
00:13:17,685 --> 00:13:19,956
I think even if I tried, they 
probably wouldn't get back to 

255
00:13:19,956 --> 00:13:21,950
me. 
But my expectation is there's 

256
00:13:21,950 --> 00:13:25,336
two reasons why Singapore is 
such an attractive spot to be a 

257
00:13:25,336 --> 00:13:28,358
source of attacks. 
The first is capability. 

258
00:13:28,358 --> 00:13:31,970
So since the eighties, the 
Singapore government has been 

259
00:13:31,970 --> 00:13:35,715
very actively promoting 
information technology and 

260
00:13:35,715 --> 00:13:38,905
information economy. 
Everything's digitalized. 

261
00:13:38,905 --> 00:13:42,975
There's a lot of services that 
are online, you know, paperless 

262
00:13:42,975 --> 00:13:46,877
society since, you know, for the
last 40 years that trend has 

263
00:13:46,877 --> 00:13:49,627
been consistently growing and it
doesn't look like it's gonna 

264
00:13:49,627 --> 00:13:53,395
slow down anytime soon. 
What that means is that everyone

265
00:13:53,395 --> 00:13:56,266
has access, everyone has 
multiple devices, and everyone 

266
00:13:56,266 --> 00:13:58,705
is used to having that 
connectivity. 

267
00:13:59,329 --> 00:14:02,265
One key example is if you look 
at, even for low income 

268
00:14:02,265 --> 00:14:05,093
households, it's almost like a 
minimum basic standard of living

269
00:14:05,093 --> 00:14:07,985
now. 
Even for a very, very low price,

270
00:14:07,985 --> 00:14:11,123
you get high speed fiber access.
A lot of countries around the 

271
00:14:11,123 --> 00:14:12,965
world, you don't get that. 
You don't get the benefit. 

272
00:14:13,025 --> 00:14:16,295
'Cause fiber is, you know, 
gigabits per second, right? 

273
00:14:16,295 --> 00:14:20,015
Compared to early dial-up, which
is the very, very tiny fraction.

274
00:14:20,405 --> 00:14:24,638
So capability is one big factor.
The other one is Singapore is 

275
00:14:24,638 --> 00:14:26,030
generally quite a law abiding 
society. 

276
00:14:26,300 --> 00:14:32,300
So people are very well aware of
following the rules and are well

277
00:14:32,300 --> 00:14:35,418
respected in the international 
community for being that law 

278
00:14:35,418 --> 00:14:38,116
abiding society. 
And one of the examples I use is

279
00:14:38,116 --> 00:14:40,554
if you look at the passport, 
Singapore is one of the best 

280
00:14:40,554 --> 00:14:43,770
countries in the world where you
get to travel to many countries 

281
00:14:43,770 --> 00:14:46,256
visa free. 
So the reputation of 

282
00:14:46,256 --> 00:14:48,776
international standing there and
expectations of safety, 

283
00:14:48,836 --> 00:14:50,756
Singapore is a really good spot 
for that. 

284
00:14:51,356 --> 00:14:55,587
Now unfortunately, if you are a 
cyber criminal and you don't 

285
00:14:55,587 --> 00:14:59,479
have to worry about the rules 
and you have access to the 

286
00:14:59,479 --> 00:15:04,338
country, that also means that as
a country, this is a really good

287
00:15:04,338 --> 00:15:06,264
spot to be attacking from, 
right? 

288
00:15:06,324 --> 00:15:09,432
This is my expect, this is my 
guess, my expectation, my 

289
00:15:09,432 --> 00:15:12,254
hypothesis. 
So that's why I think from the 

290
00:15:12,254 --> 00:15:15,314
statistics that you've seen or 
that Cloudflare publish, it's 

291
00:15:15,314 --> 00:15:18,654
not one specific spot. 
It's across the entire country. 

292
00:15:18,894 --> 00:15:21,750
If you look at where all their 
attacks are coming from, it's 

293
00:15:21,750 --> 00:15:23,292
people's houses. 
It's servers. 

294
00:15:23,772 --> 00:15:25,542
It's anything that you can get 
your hands on. 

295
00:15:25,872 --> 00:15:28,678
I think the other thing I was 
gonna mention as well was there 

296
00:15:28,678 --> 00:15:33,734
is a bit of a consumer culture 
to buy fancy new devices that 

297
00:15:33,734 --> 00:15:37,729
are, oh, internet connected. 
I dunno how many devices 

298
00:15:37,729 --> 00:15:41,258
everyone has in their house now.
Average 20 to 40 internet 

299
00:15:41,258 --> 00:15:43,892
connected devices. 
But now you've got washing 

300
00:15:43,892 --> 00:15:47,034
machines, you've got fridges, 
robot vacuums, security cameras.

301
00:15:47,544 --> 00:15:51,060
This is the extra stuff on top 
of your routers, your smart TV, 

302
00:15:51,060 --> 00:15:54,808
your smart speakers. 
There's just more and more 

303
00:15:54,808 --> 00:15:58,812
things that are being built with
IoT and smart technology into 

304
00:15:58,812 --> 00:16:01,077
it. 
I mean it's just gonna grow. 

305
00:16:01,077 --> 00:16:02,757
The attack surface is just gonna
keep growing. 

306
00:16:03,012 --> 00:16:06,462
Yeah. 
Yeah, I still don't have any 

307
00:16:06,462 --> 00:16:11,000
counts of how many smart devices
or IoT devices in my house, 

308
00:16:11,000 --> 00:16:12,894
right? 
I guess the last, I don't know, 

309
00:16:12,894 --> 00:16:16,117
maybe five, 10 years, IoT has 
been booming, right? 

310
00:16:16,117 --> 00:16:20,305
So we can even see like doors, 
you know, controlled by internet

311
00:16:20,305 --> 00:16:22,763
now. 
Lights, whatever that is at 

312
00:16:22,763 --> 00:16:24,988
home. 
I think people increasingly, you

313
00:16:24,988 --> 00:16:26,803
know, having these smart 
devices. 

314
00:16:27,062 --> 00:16:30,555
And I think you point out about 
we have this culture, like 

315
00:16:30,555 --> 00:16:34,167
always wanting new devices, new 
gadgets, new toys. 

316
00:16:34,527 --> 00:16:38,397
I think that probably one aspect
that drives, you know, this, you

317
00:16:38,397 --> 00:16:41,337
know, source of attack, right? 
But specifically I think still 

318
00:16:41,337 --> 00:16:43,062
we haven't answered the why, 
right? 

319
00:16:43,092 --> 00:16:45,402
Because, okay, Singapore is well
connected. 

320
00:16:45,402 --> 00:16:49,602
We have good internet bandwidth,
people have so many devices. 

321
00:16:49,932 --> 00:16:52,272
Are you now saying that we are 
all being hacked? 

322
00:16:53,437 --> 00:16:56,798
Probably, yeah, quite, I guess 
quite frankly, if I looked at 

323
00:16:56,798 --> 00:17:01,048
the statistics now, the last one
of the last publicly known ones,

324
00:17:01,048 --> 00:17:05,178
a botnet that was recently 
revealed to be, I think the 

325
00:17:05,178 --> 00:17:07,483
largest botnet, active botnet 
right now. 

326
00:17:07,603 --> 00:17:11,059
They counted over 700,000 
devices attacking at the same 

327
00:17:11,059 --> 00:17:14,413
time. 
It hit 30 terabits per second. 

328
00:17:15,613 --> 00:17:18,313
If you think about what that 
translates to, it's like 

329
00:17:18,313 --> 00:17:20,772
downloading all of Netflix 
within minutes. 

330
00:17:21,397 --> 00:17:23,766
Wow. 
That's a massive amount of 

331
00:17:23,766 --> 00:17:26,281
volume. 
And again, if you... just law of

332
00:17:26,281 --> 00:17:29,127
averages, if you take the total 
volume of the attacks and you 

333
00:17:29,127 --> 00:17:32,155
break them down to the countries
and the sources, I think I 

334
00:17:32,155 --> 00:17:34,873
worked out Singapore was 
probably about 2% of that. 

335
00:17:35,923 --> 00:17:39,034
So if you think about how many 
households there are here, one, 

336
00:17:39,034 --> 00:17:41,473
1.5 million households, 2% is 
quite a lot. 

337
00:17:41,533 --> 00:17:44,691
And that's just one bot at one 
point in time that could be 

338
00:17:44,691 --> 00:17:46,228
identified. 
It's not hard. 

339
00:17:46,288 --> 00:17:49,858
So personally, when I've gone 
around to people's houses to see

340
00:17:49,858 --> 00:17:53,290
what's on their network, I've 
already found houses that have 

341
00:17:53,290 --> 00:17:56,230
been compromised. 
So the either device has a back 

342
00:17:56,230 --> 00:17:59,546
door or has already been hacked 
and people haven't really paid 

343
00:17:59,546 --> 00:18:03,990
attention to it or realized it. 
One of the hardest things to do 

344
00:18:03,990 --> 00:18:07,102
from a maintenance and admin 
point of view, unfortunately, is

345
00:18:07,102 --> 00:18:09,048
actually to see what's on your 
network. 

346
00:18:09,438 --> 00:18:13,068
It's not hard in the sense of 
having access to your router. 

347
00:18:13,428 --> 00:18:15,588
It's hard in the sense of 
thinking that you even have to 

348
00:18:15,588 --> 00:18:17,844
do it and then, you know, you 
just wanna connect to something 

349
00:18:17,844 --> 00:18:19,608
and just leave it and you forget
about it. 

350
00:18:19,848 --> 00:18:23,376
The natural tendency, as I said 
earlier, is that for humans we 

351
00:18:23,376 --> 00:18:27,100
just want to plug it in and have
fun with it, but you forget that

352
00:18:27,100 --> 00:18:29,628
actually everything that you 
plug in has to be maintained. 

353
00:18:30,098 --> 00:18:33,758
One big learning that I had in 
the last 10 years or so was that

354
00:18:34,058 --> 00:18:35,588
physical things have an end of 
life. 

355
00:18:35,618 --> 00:18:38,341
Devices have an end of life, but
we don't really think about that

356
00:18:38,341 --> 00:18:41,228
because my speakers still play 
music when I expect it to. 

357
00:18:41,528 --> 00:18:44,154
Oh, it still works fine, but 
really it's probably already 

358
00:18:44,154 --> 00:18:47,153
been hacked because it was from 
10 years ago. 

359
00:18:47,836 --> 00:18:50,366
Recently, actually two recent 
examples. 

360
00:18:50,656 --> 00:18:54,242
D-Link, which are a very big 
brand for routers, just a few 

361
00:18:54,242 --> 00:18:57,020
days ago, they reported, well, 
someone reported that there's 

362
00:18:57,020 --> 00:19:00,766
vulnerability, they can be 
hacked for a device that was 

363
00:19:00,766 --> 00:19:03,104
launched in 2017. 
So it's not that long ago, eight

364
00:19:03,104 --> 00:19:05,776
years ago. 
It was discontinued in 2021. 

365
00:19:06,536 --> 00:19:10,646
It was a high-end router, but 
it's now very hackable. 

366
00:19:10,886 --> 00:19:13,226
And they've also said, we're not
gonna, they're not gonna fix it.

367
00:19:13,886 --> 00:19:18,577
So people who have those 
routers, they're not gonna be 

368
00:19:18,577 --> 00:19:22,222
constantly thinking about, oh, 
I'm now exposed, I'm now, 

369
00:19:22,222 --> 00:19:26,216
someone's got a master key to my
house, right, from my router. 

370
00:19:26,216 --> 00:19:29,731
And they can enter my network. 
Because it works. 

371
00:19:29,761 --> 00:19:32,539
It, you know, if I'm a user and 
it's still working, I don't 

372
00:19:32,539 --> 00:19:34,805
really think about and 
consciously go out to pay 

373
00:19:34,805 --> 00:19:36,971
attention to it. 
The recent one. 

374
00:19:36,971 --> 00:19:40,171
And the other thing I also 
learned recently was, the 

375
00:19:40,171 --> 00:19:43,211
devices that we completely 
forget about. 

376
00:19:43,781 --> 00:19:46,574
It's fun to set up, but if you 
don't find the value from it, 

377
00:19:46,574 --> 00:19:48,701
you actually forget that it's 
connected to the internet. 

378
00:19:48,701 --> 00:19:52,573
One of the unexpected devices 
that came up my radar recently 

379
00:19:52,573 --> 00:19:55,986
was a Thermomix. 
Oh, Thermomix cooker. 

380
00:19:55,986 --> 00:20:00,157
So it's wifi enabled. 
Someone's worked out how to hack

381
00:20:00,157 --> 00:20:02,287
it. 
You need physical access to the 

382
00:20:02,287 --> 00:20:05,528
Thermomix to actually hack it. 
I never thought that there would

383
00:20:05,528 --> 00:20:08,222
be even a point of attack. 
Like first of all, I don't know 

384
00:20:08,222 --> 00:20:11,426
how many people that use the 
device still use it with the 

385
00:20:11,426 --> 00:20:13,898
wifi. 
But it's one of those things 

386
00:20:13,898 --> 00:20:16,478
where it has the capability, 
it's got the parts for it. 

387
00:20:17,198 --> 00:20:20,843
If you're not constantly 
thinking about keeping up to 

388
00:20:20,843 --> 00:20:24,357
date, maintaining it, managing 
it, then it can be used against 

389
00:20:24,357 --> 00:20:27,452
you. 
And we, just now when you 

390
00:20:27,452 --> 00:20:29,756
mentioned it, it is used for 
DDoS attack, right? 

391
00:20:29,756 --> 00:20:32,876
And DDoS attack is just like 
sending garbage traffic. 

392
00:20:33,176 --> 00:20:34,896
Even it could be like ping or 
whatever, right? 

393
00:20:34,896 --> 00:20:38,792
So it is very easy to just send 
from any device endpoints, 

394
00:20:38,792 --> 00:20:39,866
right? 
So that's one thing. 

395
00:20:40,346 --> 00:20:43,946
And I think this comes back to 
like, even including me, right? 

396
00:20:44,006 --> 00:20:48,686
Sometimes we put a lot of focus 
on our laptops, our hand phones.

397
00:20:48,746 --> 00:20:51,830
I think those two are 
predominantly devices that we 

398
00:20:51,830 --> 00:20:55,353
think is the most like, yeah, 
susceptible and our golden 

399
00:20:55,353 --> 00:20:58,431
source, right? 
And we have so many other 

400
00:20:58,431 --> 00:21:00,263
devices. 
I'm pretty sure many people 

401
00:21:00,263 --> 00:21:03,061
don't even think of, you know, 
updating the firmware, because 

402
00:21:03,061 --> 00:21:07,093
it would even took a lot of 
effort to just, you know, go to 

403
00:21:07,093 --> 00:21:10,193
the settings, update the OS, 
because it doesn't do that 

404
00:21:10,193 --> 00:21:12,523
automatically, right? 
Unlike maybe your laptop or your

405
00:21:12,523 --> 00:21:15,538
hand phone, it will just auto 
update and you just trigger yes,

406
00:21:15,538 --> 00:21:18,509
right? 
So I think this brings an 

407
00:21:18,509 --> 00:21:23,388
awareness for us as a, you know,
like, common people, I guess, to

408
00:21:23,388 --> 00:21:27,554
actually now think that we have 
so many devices at home that are

409
00:21:27,554 --> 00:21:30,382
probably prone, especially if we
buy it a long time ago. 

410
00:21:30,382 --> 00:21:35,092
The firmware is not updated. 
And even the provider has 

411
00:21:35,092 --> 00:21:36,842
stopped providing the patches, 
right? 

412
00:21:36,842 --> 00:21:39,101
So I think now we can kind of 
like map a little bit. 

413
00:21:39,401 --> 00:21:41,684
So when we think about this now,
right? 

414
00:21:42,046 --> 00:21:45,760
What should we do? 
So I guess, this maybe come to 

415
00:21:45,760 --> 00:21:48,084
your Otonata, right? 
The things that now you're 

416
00:21:48,084 --> 00:21:49,308
doing, right? 
So, yeah. 

417
00:21:49,308 --> 00:21:52,458
How do we know that we are being
hacked or not hacked? 

418
00:21:53,523 --> 00:21:55,893
I think in most cases it's hard 
to tell. 

419
00:21:56,313 --> 00:22:00,910
So I think one of the challenges
with network devices is that if 

420
00:22:00,910 --> 00:22:03,823
someone broke into your network,
it's different from someone 

421
00:22:03,823 --> 00:22:06,991
breaking to your house. 
Even though there are a lot of 

422
00:22:06,991 --> 00:22:09,081
parallels, right? 
If, and this is kind of where I 

423
00:22:09,081 --> 00:22:11,691
started for myself as well. 
'Cause I was concerned about 

424
00:22:11,691 --> 00:22:14,969
home security. 
And I had, you know, security 

425
00:22:14,969 --> 00:22:17,437
sys, alarm systems, I had sensor
lights. 

426
00:22:17,767 --> 00:22:20,527
I had enough indicators to tell 
me if my security is 

427
00:22:20,527 --> 00:22:22,541
compromised. 
But then I realized that my 

428
00:22:22,541 --> 00:22:25,115
network is a whole different 
ball game, because if someone 

429
00:22:25,115 --> 00:22:28,349
broke into the home network, 
it's like they have access to 

430
00:22:28,349 --> 00:22:30,157
your house but you don't know 
that they're there. 

431
00:22:30,697 --> 00:22:32,987
It's a bit like, I dunno if 
you've watched the movie the 

432
00:22:32,987 --> 00:22:35,397
Invisible Man. 
It's very freaky if someone is 

433
00:22:35,397 --> 00:22:38,204
standing behind you, but you 
don't know them and they're 

434
00:22:38,204 --> 00:22:40,857
there 24/7 watching everything 
that you do. 

435
00:22:40,857 --> 00:22:42,507
They have access to everything 
that you have. 

436
00:22:43,381 --> 00:22:46,755
It's a scary thought, but it's a
good parallel compared to your 

437
00:22:46,755 --> 00:22:48,405
physical security. 
This is your network security. 

438
00:22:48,735 --> 00:22:51,234
How can you tell? 
There are a few indicators of 

439
00:22:51,234 --> 00:22:53,843
compromise. 
One of the ones that I find kind

440
00:22:53,843 --> 00:22:57,958
of anyone can do is look at your
router and see what the traffic 

441
00:22:57,958 --> 00:22:59,883
is. 
Firstly, see what's connected on

442
00:22:59,883 --> 00:23:02,640
your network. 
You know, your most modern 

443
00:23:02,640 --> 00:23:05,217
routers should show you 
everything is listed in the 

444
00:23:05,217 --> 00:23:07,055
network. 
If something looks a bit 

445
00:23:07,055 --> 00:23:09,701
suspicious, as in you don't 
really recognize or you can't 

446
00:23:09,701 --> 00:23:11,115
find it, you go around 
everywhere. 

447
00:23:11,235 --> 00:23:13,335
Maybe it's your washing machine,
maybe it's the fridge, I dunno. 

448
00:23:13,785 --> 00:23:17,301
But you can't find out what that
one device is and it's sending 

449
00:23:17,301 --> 00:23:20,363
data and it's connecting. 
That's the one you need to be 

450
00:23:20,363 --> 00:23:23,405
concerned about. 
Second one, similar to the 

451
00:23:23,405 --> 00:23:26,639
router is check your firmware, 
right, as what you pointed out. 

452
00:23:27,519 --> 00:23:29,709
Age is a big factor, a risk 
factor. 

453
00:23:29,739 --> 00:23:32,419
If you've got a really old 
router, chances are there's 

454
00:23:32,419 --> 00:23:35,139
someone's already found a way to
hack it and has published it. 

455
00:23:35,439 --> 00:23:38,977
If you haven't updated the 
firmware, or in some cases you 

456
00:23:38,977 --> 00:23:40,974
can't, you're not allowed to 
update the firmware. 

457
00:23:41,394 --> 00:23:45,111
I've had quite a few routers in 
Singapore, unfortunately, where 

458
00:23:45,111 --> 00:23:49,822
it's convenient to keep the 
router because you've set up 50 

459
00:23:49,822 --> 00:23:54,279
devices on your wifi, and you've
signed up to a new ISP, ISP is 

460
00:23:54,279 --> 00:23:56,736
giving you a router, but, you 
know, ah, I don't wanna have to 

461
00:23:56,736 --> 00:23:59,298
reset up all the wifi again. 
I'm just gonna use the old 

462
00:23:59,298 --> 00:24:01,986
router. 
Unfortunately, in a lot of 

463
00:24:01,986 --> 00:24:05,486
cases, the firmware is fixed to 
a much older version. 

464
00:24:06,056 --> 00:24:09,536
I've now physically forced quite
a few routers of clients to 

465
00:24:10,196 --> 00:24:13,770
forget the ISP version and 
follow the manufacturer's 

466
00:24:13,770 --> 00:24:15,983
version. 
But it's so much effort to try 

467
00:24:15,983 --> 00:24:17,592
and do that. 
So firstly, you need to know 

468
00:24:17,592 --> 00:24:19,650
about it. 
And secondly, you gotta put an 

469
00:24:19,650 --> 00:24:22,851
effort to break out of that. 
So one, check what's on your 

470
00:24:22,851 --> 00:24:25,549
network. 
Two, if you can, make sure the 

471
00:24:25,549 --> 00:24:29,627
router is recently up to date. 
The third one goes back to the 

472
00:24:29,627 --> 00:24:31,177
first point. 
If you've got anything 

473
00:24:31,177 --> 00:24:33,945
suspicious. 
So you mentioned the, my 

474
00:24:33,945 --> 00:24:36,661
business, Otonata. 
We've now got something called a

475
00:24:36,661 --> 00:24:38,169
hack check. 
It's a free service. 

476
00:24:38,519 --> 00:24:42,036
Basically you take a photo of a 
device if it's something that 

477
00:24:42,036 --> 00:24:45,055
you are a bit suspicious about, 
we've now got AI to help you 

478
00:24:45,055 --> 00:24:48,535
recognize what the device is and
then also run it through our 

479
00:24:48,535 --> 00:24:51,659
vulnerability database. 
And what that means is it will 

480
00:24:51,659 --> 00:24:55,209
look through for that device, 
any known publicly disclosed 

481
00:24:55,209 --> 00:24:57,963
vulnerabilities. 
So unfortunately, the database 

482
00:24:57,963 --> 00:25:01,589
is now over 300,000 lines of 
products. 

483
00:25:02,238 --> 00:25:05,434
But basically we can tell you 
that, hey, this product is 

484
00:25:05,434 --> 00:25:08,888
there's a risk of it having been
hacked before for different 

485
00:25:08,888 --> 00:25:12,059
reasons. 
The worst one is the, what's 

486
00:25:12,059 --> 00:25:15,524
called RCE, Remote Code 
Execution, where it's not just 

487
00:25:15,524 --> 00:25:18,544
the mobile phones and the 
laptops, right? 

488
00:25:19,364 --> 00:25:22,234
Smart TVs, especially old smart 
TVs, they've got a lot of 

489
00:25:22,234 --> 00:25:23,999
processing power. 
'Cause if you think about 

490
00:25:23,999 --> 00:25:26,504
something like what, running 4K 
and processing a 4K signal, it 

491
00:25:26,504 --> 00:25:27,974
actually takes quite a bit of 
power. 

492
00:25:28,394 --> 00:25:32,366
But if you got an older TV that 
hasn't yet been up to date, I 

493
00:25:32,366 --> 00:25:34,564
think the biggest risk we find 
are one, age. 

494
00:25:35,294 --> 00:25:37,694
Two, things which have good 
processing power. 

495
00:25:38,054 --> 00:25:40,994
But three, if it's, how do I put
this? 

496
00:25:41,384 --> 00:25:43,874
It's a dubious brand, a no-name 
brand. 

497
00:25:43,994 --> 00:25:48,229
So sometimes you get OEMs that 
have kind of cobbled together 

498
00:25:48,229 --> 00:25:51,359
different parts and, you know, a
screen from here, processing 

499
00:25:51,359 --> 00:25:54,364
board from there. 
Those are typically the ones 

500
00:25:54,364 --> 00:25:58,058
where we found that there has 
been, you know, more cause for 

501
00:25:58,058 --> 00:26:00,127
concern. 
I'll tell you a funny story, but

502
00:26:00,127 --> 00:26:03,661
one of the, before I got into 
cybersecurity, one of my friends

503
00:26:03,661 --> 00:26:08,173
was very proud of the fact that 
he bought a media player from a 

504
00:26:08,173 --> 00:26:13,021
very small shop that was $50, 
but you could access everything.

505
00:26:13,651 --> 00:26:18,481
So I was like, I understand 
business enough to go, you're 

506
00:26:18,481 --> 00:26:22,602
not making money for $50. 
You have access to pirated 

507
00:26:22,602 --> 00:26:27,428
movies, streaming from IP TV all
over the world and it's $50 for 

508
00:26:27,428 --> 00:26:30,565
a lifetime? 
It reminded me of a quote that 

509
00:26:30,565 --> 00:26:33,727
if you can't work out what the 
product is, you are the product.

510
00:26:34,669 --> 00:26:39,216
So it occurred to me much later 
on that you paid them $50, their

511
00:26:39,216 --> 00:26:43,784
job is to feed you with dodgy 
content, but they've got access 

512
00:26:43,784 --> 00:26:46,759
to your house. 
You are the proxy. 

513
00:26:47,239 --> 00:26:50,508
You are the service. 
Doesn't matter, the $50 doesn't 

514
00:26:50,508 --> 00:26:52,712
matter anymore. 
They're selling access to your 

515
00:26:52,712 --> 00:26:56,530
network to be able to access the
rest of your network in your 

516
00:26:56,530 --> 00:27:00,549
devices, in your house. 
So yes, while, you know, your 

517
00:27:00,549 --> 00:27:03,941
laptops and your mobile phones 
are the ones that you only think

518
00:27:03,941 --> 00:27:08,010
about. 
If you expand that to just go by

519
00:27:08,010 --> 00:27:12,304
the processor, your network 
connection, storage, power, your

520
00:27:12,304 --> 00:27:16,735
home could actually be a 
computer, right? 

521
00:27:16,765 --> 00:27:19,621
Just different, just split out 
over different things, 

522
00:27:19,621 --> 00:27:22,580
distributed computing. 
Your neighborhood could be a 

523
00:27:22,580 --> 00:27:25,405
computer. 
And when you think about how 

524
00:27:25,405 --> 00:27:29,054
connected everyone is from a 
wifi point of view, there's 

525
00:27:29,054 --> 00:27:32,852
actually now they found another 
form of attack called nearest 

526
00:27:32,852 --> 00:27:35,836
neighbor attack. 
Whereby rather than attacking a 

527
00:27:35,836 --> 00:27:39,160
target directly, they attack the
neighbor, compromise that 

528
00:27:39,160 --> 00:27:44,035
network, and because it's wifi 
distance away, 24/7, they're 

529
00:27:44,035 --> 00:27:47,568
just knocking on the, checking 
every single door they can until

530
00:27:47,568 --> 00:27:51,143
they find an entry point in. 
So I find that in Asian 

531
00:27:51,143 --> 00:27:55,025
countries, and this goes back to
one of the hypothesis for why 

532
00:27:55,025 --> 00:28:00,339
Asia is a hotbed for sources. 
My hypothesis is because 

533
00:28:00,339 --> 00:28:04,643
everyone's so dense within wifi 
points, it's gonna be quite easy

534
00:28:04,643 --> 00:28:09,463
for someone to work out how to 
attack one location, find wifi 

535
00:28:09,463 --> 00:28:13,505
around the area, use that to 
attack someone else's house, use

536
00:28:13,505 --> 00:28:16,405
their resources to attack the 
neighbor and the neighbor and 

537
00:28:16,405 --> 00:28:17,975
neighbor. 
So daisy chain the attack. 

538
00:28:18,625 --> 00:28:24,185
When I do a scan of where I am 
now in a 24 hour period the wifi

539
00:28:24,185 --> 00:28:26,385
around me, I get over 800 
points. 

540
00:28:27,105 --> 00:28:29,402
So if you think about it, it's 
almost like someone trying to 

541
00:28:29,402 --> 00:28:33,104
break into your house, there's 
800 doors to choose from, and 

542
00:28:33,104 --> 00:28:37,287
you can do it 24/7 because it's 
distributed computing, right? 

543
00:28:37,287 --> 00:28:40,283
Once you've broken into someone 
else's house, there's zero 

544
00:28:40,283 --> 00:28:43,677
opportunity costs. 
All you need is a AI written bot

545
00:28:43,677 --> 00:28:47,451
to work out how to best maximize
that location to attack 

546
00:28:47,451 --> 00:28:50,412
everybody else. 
So I find it really interesting.

547
00:28:50,487 --> 00:28:54,427
There's a lot of vectors, it's 
whole new cowboy territory. 

548
00:28:54,477 --> 00:28:58,433
There's a lot of vectors that 
are now gonna be AI augmented as

549
00:28:58,433 --> 00:29:01,932
well, because they're going to, 
they're finding... researchers 

550
00:29:01,932 --> 00:29:07,117
are finding more and more new 
threats that kids, even kids are

551
00:29:07,117 --> 00:29:10,168
getting into it. 
It's kind of disturbing. 

552
00:29:10,168 --> 00:29:13,798
But the barrier to entry for 
hacking now is super low. 

553
00:29:14,128 --> 00:29:16,444
Woa. 
I think you just open up a lot 

554
00:29:16,444 --> 00:29:18,058
of things, right? 
So obviously there are many 

555
00:29:18,058 --> 00:29:19,633
interesting things that we can 
pick, right? 

556
00:29:19,633 --> 00:29:23,443
So the first thing I think, just
to summarize, right, for us at 

557
00:29:23,443 --> 00:29:28,173
home, please try to first figure
out what networks are being 

558
00:29:28,173 --> 00:29:28,703
used. 
Yeah. 

559
00:29:28,703 --> 00:29:31,597
What device are being connected 
to your network, right? 

560
00:29:31,807 --> 00:29:33,847
See if there's any device that 
you don't know. 

561
00:29:34,247 --> 00:29:36,057
The traffic is a bit suspicious,
right? 

562
00:29:36,417 --> 00:29:38,337
And first, identify that. 
Check the firmware. 

563
00:29:38,967 --> 00:29:40,917
Use your tool, I think, I 
believe it's free, right? 

564
00:29:40,917 --> 00:29:44,544
Available online and I think we 
can just take a snap and upload 

565
00:29:44,544 --> 00:29:47,067
it and maybe it can tell whether
there's a risk or not. 

566
00:29:47,967 --> 00:29:50,709
When you mentioned about the 
media player, in fact, today, I 

567
00:29:50,709 --> 00:29:55,032
read an article in Krebs that 
says Android Media Player, the 

568
00:29:55,032 --> 00:29:58,227
typical thing for streaming, 
right, it's actually a 

569
00:29:58,227 --> 00:30:00,147
vulnerable for such things, 
right? 

570
00:30:00,267 --> 00:30:03,646
So if those of you listeners who
actually has this kind of 

571
00:30:03,646 --> 00:30:06,889
device, that will be also one 
thing that to be suspicious 

572
00:30:06,889 --> 00:30:10,175
about, right? 
So think about the repercussions

573
00:30:10,175 --> 00:30:14,530
of continuing using the device. 
Okay, let's say we have mapped 

574
00:30:14,530 --> 00:30:16,854
it out, right? 
So but one thing I would like to

575
00:30:16,854 --> 00:30:19,303
understand, this is also for 
layman people to understand, 

576
00:30:19,303 --> 00:30:21,794
right? 
So where does the attacker 

577
00:30:21,794 --> 00:30:24,259
actually come in the first 
place, right? 

578
00:30:24,259 --> 00:30:26,869
Because we have so many devices.
Router is one, right? 

579
00:30:26,869 --> 00:30:29,779
We have smart TV, we have maybe 
fridge, whatever that is. 

580
00:30:29,839 --> 00:30:34,482
How does it actually go inside? 
Which point of attack typically 

581
00:30:34,482 --> 00:30:39,686
is the most vulnerable, yeah? 
So I think the two most likely 

582
00:30:39,686 --> 00:30:43,463
sources are either one, your 
compromised IoT device, which 

583
00:30:43,463 --> 00:30:46,363
is, you know, typically your 
media player, even your printer.

584
00:30:47,376 --> 00:30:48,696
And the other one's gonna be 
your router. 

585
00:30:49,266 --> 00:30:54,364
And like I said, I think as long
as there's a sufficient powerful

586
00:30:54,364 --> 00:30:59,122
processor in that device, and it
is able to be compromised to get

587
00:30:59,122 --> 00:31:03,296
to RC, running code, that's when
it's going to find everything. 

588
00:31:03,444 --> 00:31:06,590
It's doing everything else that 
a hacker would wanna do, which 

589
00:31:06,590 --> 00:31:09,596
is look around for your network,
look at what combination of 

590
00:31:09,596 --> 00:31:12,716
devices that you have, and then 
work out what's the next best 

591
00:31:12,716 --> 00:31:14,940
spot to jump into. 
So that's called lateral 

592
00:31:14,940 --> 00:31:18,124
movement. 
If you look at the diagnostics 

593
00:31:18,124 --> 00:31:22,626
of some of the larger attacks by
the more state sponsored, those 

594
00:31:22,626 --> 00:31:25,350
really powerful APTs, that's 
really what they're looking for.

595
00:31:25,350 --> 00:31:26,880
Lateral movement and 
persistence. 

596
00:31:27,120 --> 00:31:30,254
Because what they wanna do is be
able to... they don't just break

597
00:31:30,254 --> 00:31:31,605
in and then they go steal 
everything. 

598
00:31:31,605 --> 00:31:34,360
It's not like robbing a bank. 
They wanna hide there 'cause 

599
00:31:34,360 --> 00:31:36,615
they wanna use it to leverage 
into something else. 

600
00:31:37,425 --> 00:31:41,485
And there have been few big 
cases, quite well known cases 

601
00:31:41,485 --> 00:31:44,695
where, for example, in Medibank 
Private, which is a private 

602
00:31:44,695 --> 00:31:46,593
health insurance. 
The government took two years 

603
00:31:46,593 --> 00:31:48,043
and they worked out what 
actually happened. 

604
00:31:48,373 --> 00:31:52,465
The database administrator's 
home PC got hacked and they 

605
00:31:52,465 --> 00:31:55,783
found the passwords that he had 
for the database. 

606
00:31:56,413 --> 00:31:59,196
Over three months, they just 
slowly tested it and went, oh, 

607
00:31:59,196 --> 00:32:01,153
we can get in, we can get in, we
can get in. 

608
00:32:01,213 --> 00:32:04,639
And they stayed inside the 
servers downloading 500 

609
00:32:04,639 --> 00:32:07,633
gigabytes of data. 
This is personal medical 

610
00:32:07,633 --> 00:32:10,653
information. 
So if you think about it, in the

611
00:32:10,653 --> 00:32:13,153
home network, what they're 
really targeting for is movement

612
00:32:13,153 --> 00:32:16,123
across the network to see how 
many devices they can compromise

613
00:32:16,123 --> 00:32:18,463
and then staying inside the 
network and using that. 

614
00:32:18,823 --> 00:32:20,977
And that's what the persistence 
is. 

615
00:32:22,067 --> 00:32:25,959
You kind of want to ex, you kind
of expect that your laptop is 

616
00:32:25,959 --> 00:32:28,262
safe. 
Especially Mac, like there's a, 

617
00:32:28,262 --> 00:32:31,628
there's a reputation for Apple 
being very pedantic about 

618
00:32:31,628 --> 00:32:34,379
security. 
But even now, you can see that 

619
00:32:34,379 --> 00:32:37,651
if you just Google zero day, 
right, you'll see that even Macs

620
00:32:37,651 --> 00:32:41,537
get compromised as well. 
No one is completely protected. 

621
00:32:41,717 --> 00:32:46,117
Like there's enough incentive 
for hackers to want to target 

622
00:32:46,117 --> 00:32:49,461
Macs because of their reputation
and because people expect it to 

623
00:32:49,461 --> 00:32:51,769
be safe. 
But unfortunately, the reality 

624
00:32:51,769 --> 00:32:54,051
is it's still software. 
It's still computer, it's still 

625
00:32:54,051 --> 00:32:58,477
made by people. 
And now worse with one extra 

626
00:32:58,477 --> 00:33:03,156
computing resources and AI, it's
even easier now to customize a 

627
00:33:03,156 --> 00:33:06,840
target and what's the best way 
to attack the target based on 

628
00:33:06,840 --> 00:33:09,986
what they have. 
So that lateral movement is one 

629
00:33:09,986 --> 00:33:12,642
of the things that they're 
typically going for. 

630
00:33:13,212 --> 00:33:17,278
And DDoS is just the easy thing 
to do once you compromise a 

631
00:33:17,278 --> 00:33:19,984
network. 
What they're finding now 

632
00:33:19,984 --> 00:33:25,865
recently is that the hackers are
using people's houses and 

633
00:33:25,865 --> 00:33:29,585
monetizing them. 
So there's a term that really 

634
00:33:29,585 --> 00:33:31,958
disturbs me now. 
It's called residential proxy. 

635
00:33:32,780 --> 00:33:37,834
It's almost like giving someone,
renting out someone else's 

636
00:33:37,834 --> 00:33:42,325
network access to someone who 
wants to hide the information in

637
00:33:42,325 --> 00:33:45,467
the news. 
If you look at, in the Singapore

638
00:33:45,467 --> 00:33:47,963
context, there's very strong 
laws around loaning out your 

639
00:33:47,963 --> 00:33:51,131
SIM, your SIM card, you get in a
lot of trouble, right? 

640
00:33:51,131 --> 00:33:55,835
And it's because your SIM card 
is then used to commit crime, 

641
00:33:55,835 --> 00:33:58,883
scam other people. 
And going back to the whole 

642
00:33:58,883 --> 00:34:01,976
reputation in Singapore being a 
law abiding, when you see a 

643
00:34:01,976 --> 00:34:06,091
number that's a trustworthy 
number with a +65, you kind of 

644
00:34:06,091 --> 00:34:08,138
expect, oh, you know, they 
should be protected. 

645
00:34:09,398 --> 00:34:12,458
In that same context, the 
internet connection doesn't have

646
00:34:12,458 --> 00:34:14,068
any of that. 
Yeah. 

647
00:34:14,217 --> 00:34:14,737
Yeah. 
Yeah. 

648
00:34:14,737 --> 00:34:18,529
Unfortunately, if someone else 
is renting out your home network

649
00:34:18,529 --> 00:34:22,913
connection, the people that want
to use that to hide whatever 

650
00:34:22,913 --> 00:34:25,777
they're doing can have all sorts
of different reasons. 

651
00:34:25,853 --> 00:34:29,077
What are typical use case that 
people are doing with this 

652
00:34:29,077 --> 00:34:32,543
residential proxy? 
So, at the moment, what the 

653
00:34:32,543 --> 00:34:35,929
family friendly version is 
fraud, unfortunately, which is, 

654
00:34:35,929 --> 00:34:38,549
you know, looking like it's 
coming from, the traffic is 

655
00:34:38,549 --> 00:34:41,344
coming from somewhere else. 
There's much scarier things that

656
00:34:41,344 --> 00:34:43,909
people, 'cause they're renting 
it on the dark web. 

657
00:34:43,938 --> 00:34:46,879
There are much scarier things 
that people can rent them out 

658
00:34:46,879 --> 00:34:48,319
for that are not family 
friendly. 

659
00:34:48,679 --> 00:34:51,889
When you think about 
pornography, the darkest things 

660
00:34:51,889 --> 00:34:57,455
in the dark web that you don't 
want people to be seen that you 

661
00:34:57,455 --> 00:35:00,667
are accessing, that's where 
residential proxies are becoming

662
00:35:00,667 --> 00:35:03,415
a service. 
So hackers are compromising it 

663
00:35:03,415 --> 00:35:07,381
and they've gone from botnets, 
which are, you know, a bit more 

664
00:35:07,381 --> 00:35:10,901
volatile to trying to come up 
with more stable, sustainable, 

665
00:35:10,901 --> 00:35:14,945
they call it sustainable sources
of income, which is to rent out 

666
00:35:14,945 --> 00:35:18,540
other people's houses. 
That concept really disturbs me,

667
00:35:18,540 --> 00:35:21,815
because these people don't even 
realize that they are, they're 

668
00:35:21,815 --> 00:35:23,515
being sold as a residential 
proxy. 

669
00:35:23,845 --> 00:35:27,291
And it's the people that bought 
the $50 media player that went, 

670
00:35:27,291 --> 00:35:30,790
oh, I'm getting all this great 
content, but they're actually 

671
00:35:30,790 --> 00:35:34,585
now part of... 
Yeah, but it's, I don't think 

672
00:35:34,585 --> 00:35:37,485
we've seen enough. 
I don't think there's enough 

673
00:35:37,485 --> 00:35:40,961
cases yet where someone is, has 
been taken the court or arrested

674
00:35:40,961 --> 00:35:43,561
because their network has been 
compromised to the extent that 

675
00:35:43,561 --> 00:35:46,561
they're being used to facilitate
a really bad cyber crime. 

676
00:35:46,561 --> 00:35:50,552
But it's not implausible. 
If your bandwidth is really 

677
00:35:50,552 --> 00:35:53,717
great 'cause you're really like 
online gaming, for example, and 

678
00:35:53,717 --> 00:35:57,111
there's a whole bunch of traffic
that happens after you've gone 

679
00:35:57,111 --> 00:36:01,434
to bed, I don't know what the 
liability, where the liability 

680
00:36:01,434 --> 00:36:03,479
falls. 
But if it's a SIM card, it's 

681
00:36:03,479 --> 00:36:05,835
very clear you're the one that 
let your access out. 

682
00:36:05,865 --> 00:36:08,361
But home networks, I don't think
we are quite, we're quite clear 

683
00:36:08,361 --> 00:36:09,195
on that yet. 
Yeah. 

684
00:36:09,870 --> 00:36:11,880
And even like it's very 
distributed, right? 

685
00:36:11,880 --> 00:36:15,240
Again, like it's very hard to 
trace actually how the traffic 

686
00:36:15,570 --> 00:36:19,062
goes in the internet in, in 
while connected internet 

687
00:36:19,062 --> 00:36:21,404
devices. 
And, yeah, again, just to remind

688
00:36:21,404 --> 00:36:24,939
people, if you buy this kind of 
media player, be cautious. 

689
00:36:25,299 --> 00:36:28,689
Try to check further. 
You mentioned something about 

690
00:36:28,689 --> 00:36:30,907
password, right? 
Again, I wanna understand the 

691
00:36:30,907 --> 00:36:33,706
root cause how these attackers 
can actually go into your 

692
00:36:33,706 --> 00:36:37,484
internet router or your, I 
dunno, media player, printer and

693
00:36:37,484 --> 00:36:38,528
all that. 
Yeah. 

694
00:36:38,993 --> 00:36:42,947
Is password like weak password 
the typical way they hack in or 

695
00:36:42,947 --> 00:36:46,033
is like open ports or is there 
any other thing that they do? 

696
00:36:46,063 --> 00:36:50,173
There's no, so in the... 
I'll come up with the, I'll go 

697
00:36:50,173 --> 00:36:53,509
backwards a little bit in the 
context of what I do in terms of

698
00:36:53,509 --> 00:36:54,769
the service that I provide, 
right? 

699
00:36:54,799 --> 00:36:58,849
What I try and do is, I look at 
how someone would compromise 

700
00:36:58,849 --> 00:37:01,969
your network and use it against 
you and then protect from that. 

701
00:37:02,299 --> 00:37:05,224
And what that means is the 
service that I do is it's almost

702
00:37:05,224 --> 00:37:07,794
like going to your house, 
looking at all your doors and 

703
00:37:07,794 --> 00:37:10,057
windows and going, that one, 
you've got a rusty lock there, 

704
00:37:10,057 --> 00:37:11,374
someone's gonna come in and 
break in. 

705
00:37:11,644 --> 00:37:15,558
That one's big enough to, that 
one, I know this brand of door 

706
00:37:15,558 --> 00:37:17,839
or door lock, it's been broken 
into. 

707
00:37:17,854 --> 00:37:21,709
I like the analogy, yeah, okay. 
So the network version of that 

708
00:37:21,709 --> 00:37:25,123
is going into your home network.
So I've got devices to actually 

709
00:37:25,123 --> 00:37:29,031
plug into your network. 
It'll do a initial scan to do an

710
00:37:29,031 --> 00:37:31,882
inventory, right? 
If I'm a corporate IT person and

711
00:37:31,882 --> 00:37:34,820
I take over the responsibility 
of the IT assets for a company, 

712
00:37:34,820 --> 00:37:37,522
that's the first thing you do. 
Do inventory and look at all the

713
00:37:37,522 --> 00:37:42,012
things that you have. 
Then one by one, I will test the

714
00:37:42,012 --> 00:37:45,764
vulnerabilities on that device. 
So going back to what I said 

715
00:37:45,764 --> 00:37:48,612
earlier, we've got over 300,000 
lists of items. 

716
00:37:49,129 --> 00:37:51,169
They are known, they're 
published. 

717
00:37:51,679 --> 00:37:54,205
One of the, it's a double-edged 
sword. 

718
00:37:54,235 --> 00:37:58,462
One of the ethos for 
hack-for-vulnerability and 

719
00:37:58,462 --> 00:38:03,165
security research is that when 
you find a way to hack 

720
00:38:03,165 --> 00:38:06,191
something, you tell the 
manufacturer and you give them a

721
00:38:06,191 --> 00:38:09,260
chance to fix it. 
Unfortunately, not every 

722
00:38:09,260 --> 00:38:13,283
manufacturer will fix it. 
Not every manufacturer cares. 

723
00:38:14,093 --> 00:38:18,439
And in the meantime, until it's 
resolved, this information is 

724
00:38:18,439 --> 00:38:20,233
public. 
It's known. 

725
00:38:20,383 --> 00:38:23,783
So like I said with the D-Link 
example, they're afraid they 

726
00:38:23,783 --> 00:38:26,909
said they're not gonna fix it. 
But what that means is the 

727
00:38:26,909 --> 00:38:29,393
instructions for how to hack it 
are on Google. 

728
00:38:30,208 --> 00:38:32,973
Oh no! 
So that's how, that's, and like 

729
00:38:32,973 --> 00:38:36,293
I said, the list of the database
that I have, it's just, it's 

730
00:38:36,293 --> 00:38:39,587
growing exponentially. 
But the services basically to 

731
00:38:39,587 --> 00:38:44,222
look at the devices that you 
have, and then based on the 

732
00:38:44,222 --> 00:38:46,943
vulnerabilities that we can 
test, we'll test them and tell 

733
00:38:46,943 --> 00:38:49,271
you this is how someone will 
hack into your network and this 

734
00:38:49,271 --> 00:38:52,073
is what you need to do in order 
to prevent that. 

735
00:38:52,265 --> 00:38:56,037
In the context of the, what you 
are asking around what's the 

736
00:38:56,037 --> 00:38:59,811
most common way. 
The most common way that I, if 

737
00:38:59,811 --> 00:39:03,951
I'm a hacker and I'm hacking a 
house, is to actually look at 

738
00:39:03,951 --> 00:39:07,308
what devices you have and check 
the internet because it's been 

739
00:39:07,308 --> 00:39:10,025
published. 
'Cause that actual device has 

740
00:39:10,025 --> 00:39:13,771
already had a publicly 
acknowledged way of accessing 

741
00:39:13,771 --> 00:39:15,921
that and it's got instructions. 
Oh wow! 

742
00:39:16,121 --> 00:39:20,445
Right, so unfortunately, based 
on that approach and that ethos,

743
00:39:20,445 --> 00:39:25,021
once you break into a network, 
it's not hard to work out how to

744
00:39:25,021 --> 00:39:30,028
then take advantage of that. 
Easy passwords are, it's a no 

745
00:39:30,028 --> 00:39:31,954
brainer. 
It's almost, there are tools 

746
00:39:31,954 --> 00:39:34,918
that you can go online to 
actually see how challenging 

747
00:39:34,918 --> 00:39:37,164
your password is. 
And that's one of the things I 

748
00:39:37,164 --> 00:39:40,804
recommend people do as well. 
Try password strength tester. 

749
00:39:42,026 --> 00:39:45,146
Being a child from growing up 
with technology in the eighties,

750
00:39:45,566 --> 00:39:47,786
you used to come with a password
that was easy to remember. 

751
00:39:47,816 --> 00:39:52,286
Unfortunately, those are, it's 
like closing, trying to cover a 

752
00:39:52,286 --> 00:39:53,576
piece of paper as your front 
door. 

753
00:39:53,756 --> 00:39:56,531
It's completely useless. 
People just charge through cause

754
00:39:56,531 --> 00:39:58,916
brute force and distributed 
computing makes it so easy. 

755
00:39:58,916 --> 00:40:03,572
So it's almost like you don't 
even want to talk about the 

756
00:40:03,572 --> 00:40:06,296
simple passwords. 
The weak passwords being a 

757
00:40:06,296 --> 00:40:08,276
factor because that's already a 
given. 

758
00:40:08,306 --> 00:40:11,854
You need to not have default 
passwords and simple to guess 

759
00:40:11,854 --> 00:40:14,668
passwords. 
Unfortunately, in the clients 

760
00:40:14,668 --> 00:40:18,086
that I've seen, it's still 
happening a lot. 

761
00:40:19,406 --> 00:40:22,850
"adminadmin". 
I dunno how many devices I've 

762
00:40:22,850 --> 00:40:25,356
seen with the username and 
passwords "adminadmin". 

763
00:40:26,126 --> 00:40:29,282
What we're finding now as well 
is even with what looks like 

764
00:40:29,282 --> 00:40:33,373
random passwords, security 
researchers have now found a lot

765
00:40:33,373 --> 00:40:36,227
of hardware. 
Even though it looks like a 

766
00:40:36,227 --> 00:40:38,451
random password, there's 
actually algorithm to how they 

767
00:40:38,451 --> 00:40:41,953
create the random password. 
So unfortunately, even with a 

768
00:40:41,953 --> 00:40:45,297
modern router, it looks like 
it's really weird and 

769
00:40:45,297 --> 00:40:47,841
randomized. 
One of the cases was a 

770
00:40:47,841 --> 00:40:50,463
researcher found that it is 
based on the MAC address. 

771
00:40:51,273 --> 00:40:53,643
Because again, it's designed by 
a person. 

772
00:40:53,793 --> 00:40:56,673
It's not, they had to come up 
with a way for them to scale it 

773
00:40:56,673 --> 00:40:59,879
up and to make it within a 
scalable process and therefore 

774
00:40:59,879 --> 00:41:02,883
that's the algorithm they use. 
And someone worked out, I can 

775
00:41:02,883 --> 00:41:04,699
reverse it and I can find 
everyone's password. 

776
00:41:05,149 --> 00:41:10,447
So there's no one way, 
unfortunately, there's no one 

777
00:41:10,447 --> 00:41:14,711
way to protect. 
You gotta think about the 

778
00:41:14,711 --> 00:41:17,951
flexible approach, right? 
So one cybersecurity terminology

779
00:41:17,951 --> 00:41:22,748
is called living off the land, 
whereby if I am, if I can't 

780
00:41:22,748 --> 00:41:25,688
bring anything to the party and 
I can only attack this way, what

781
00:41:25,688 --> 00:41:30,098
can I use, what resources do I 
use within that space to be able

782
00:41:30,098 --> 00:41:32,528
to... 
You have to be creative, right? 

783
00:41:32,528 --> 00:41:35,305
If you're a hacker to just, you 
know, it's like breaking into a 

784
00:41:35,305 --> 00:41:38,518
bank with only a backpack or 
your watch. 

785
00:41:39,078 --> 00:41:40,298
It's almost like a MacGyver 
thing. 

786
00:41:40,388 --> 00:41:44,251
Yeah, exactly. 
But the problem is now you have 

787
00:41:44,251 --> 00:41:46,288
AI. 
AI can scrape everything, can 

788
00:41:46,288 --> 00:41:48,428
search all this other stuff to 
help you. 

789
00:41:48,758 --> 00:41:51,832
So yeah, passwords is like a, 
you don't even wanna talk about 

790
00:41:51,832 --> 00:41:55,655
it anymore 'cause you need, it's
like minimum a very, very 

791
00:41:55,655 --> 00:41:58,377
minimal standard. 
Don't use default passwords. 

792
00:41:58,407 --> 00:42:02,775
Change your default passwords. 
And even on things like security

793
00:42:02,775 --> 00:42:06,859
cameras, it's very common for 
security cameras to, because you

794
00:42:06,859 --> 00:42:10,301
feel like it's a physical device
plugged in, but you forget that 

795
00:42:10,301 --> 00:42:12,972
actually it's probably streaming
video somewhere else. 

796
00:42:13,512 --> 00:42:17,052
So a lot of times, some of the 
passwords are actually baked 

797
00:42:17,052 --> 00:42:20,707
into the hardware as well. 
Brother printers, there were the

798
00:42:20,707 --> 00:42:23,742
mother-, I think it was the 
motherboard manufacturers, 

799
00:42:23,742 --> 00:42:28,302
unfortunately, had a hardware 
password baked into it. 

800
00:42:28,782 --> 00:42:31,769
There's something like 6,000 
different models of various 

801
00:42:31,769 --> 00:42:35,520
printers that all have the same 
flaw and you can't fix it from 

802
00:42:35,520 --> 00:42:37,302
firmware update 'cause it's 
built into the hardware. 

803
00:42:38,042 --> 00:42:41,382
So it's cases like that where 
you have to do what you can with

804
00:42:41,382 --> 00:42:44,330
the password, but it's not gonna
be bulletproof either. 

805
00:42:44,360 --> 00:42:47,165
There's no one tried and tested 
way where hackers will keep 

806
00:42:47,165 --> 00:42:49,190
going. 
They're gonna be creative based 

807
00:42:49,190 --> 00:42:51,575
on what you have and 
unfortunately they're gonna use 

808
00:42:51,575 --> 00:42:55,783
that against you. 
So on that, what I try to 

809
00:42:55,783 --> 00:43:00,210
espouse is something called the 
be the path of greater 

810
00:43:00,210 --> 00:43:03,429
resistance. 
So in the cybersecurity world, 

811
00:43:03,429 --> 00:43:07,630
there's something called defense
in depth where you want to not 

812
00:43:07,630 --> 00:43:09,520
just have, that's where your 
multi-factor authentication 

813
00:43:09,520 --> 00:43:11,807
comes in. 
You don't want to just have one 

814
00:43:11,807 --> 00:43:13,725
level of protection. 
You want multiple ways of 

815
00:43:13,725 --> 00:43:16,230
protecting. 
And even in home security, 

816
00:43:16,230 --> 00:43:19,390
that's a common parallel. 
There's a story around a bear 

817
00:43:19,390 --> 00:43:21,970
and chasing people in the woods.
I won't go into that one. 

818
00:43:21,970 --> 00:43:25,454
But basically the idea is as 
long as you are a bit more 

819
00:43:25,454 --> 00:43:29,460
difficult than someone else, you
create a bit more resistance to 

820
00:43:29,460 --> 00:43:32,686
being the easy target. 
You're already better off, 

821
00:43:32,686 --> 00:43:35,642
right? 
So I don't know if anyone is 

822
00:43:35,642 --> 00:43:39,400
unhackable, I don't know if 
anyone is, even Fort Knox. 

823
00:43:39,400 --> 00:43:41,897
I mean, if you got enough 
resources, you can break into 

824
00:43:41,897 --> 00:43:43,810
anything, right? 
It's just a matter of whether 

825
00:43:43,810 --> 00:43:45,635
it's worth it. 
So it's a question of not 

826
00:43:45,635 --> 00:43:48,730
necessarily trying to go crazy 
to protect a lump of coal. 

827
00:43:49,030 --> 00:43:53,042
You wanna find the right balance
between what you have at risk, 

828
00:43:53,042 --> 00:43:55,334
and how much effort you put into
protecting it. 

829
00:43:55,844 --> 00:43:58,536
Yeah. 
So first of all, it's like 

830
00:43:58,536 --> 00:44:00,114
thanks for all sharing all 
these. 

831
00:44:00,134 --> 00:44:03,914
I think it opened up a lot of 
our minds, our eyes, right? 

832
00:44:04,244 --> 00:44:07,611
The first is like the scariest 
part is like so many devices 

833
00:44:07,611 --> 00:44:11,270
with outdated firmware that are 
publicly disclosed, you know, in

834
00:44:11,270 --> 00:44:14,771
terms of vulnerabilities. 
And if the vendor, the provider 

835
00:44:14,771 --> 00:44:18,161
doesn't patch it, you know, it 
stays open, people can try it. 

836
00:44:18,161 --> 00:44:20,131
Even like you mentioned the 
instructions are out there. 

837
00:44:20,131 --> 00:44:23,801
And we all know now with like AI
capability, you can just search 

838
00:44:24,221 --> 00:44:26,561
and even try yourself, right? 
Hacking into others. 

839
00:44:26,771 --> 00:44:28,451
Okay, that is... 
Don't try this at home. 

840
00:44:29,261 --> 00:44:31,921
That itself is pretty scary. 
Second thing is you mentioned 

841
00:44:31,921 --> 00:44:34,451
about password, right? 
So I also realized, or just 

842
00:44:34,451 --> 00:44:38,191
realized when we, when you talk 
about brute force, I think all 

843
00:44:38,191 --> 00:44:40,931
these devices don't have 
something like a rate limiter 

844
00:44:41,291 --> 00:44:44,635
or, you know, the ability to 
actually, you know, kind of like

845
00:44:44,635 --> 00:44:46,871
back pressure, you know, like 
where people are attacking you 

846
00:44:46,871 --> 00:44:47,921
with so many traffic. 
That's right. 

847
00:44:47,921 --> 00:44:50,453
So many attempts, so many times.
It will just let it, right, 

848
00:44:50,453 --> 00:44:53,393
until it breaks. 
And if you use easy password, 

849
00:44:53,393 --> 00:44:56,805
even default password, it's so 
much easy to just hack within 

850
00:44:56,805 --> 00:44:58,136
minutes, I guess. 
Yeah. 

851
00:44:59,396 --> 00:45:03,730
The worst wifi password I found 
took three seconds. 

852
00:45:05,320 --> 00:45:07,900
And this client was living on a 
very busy street. 

853
00:45:08,260 --> 00:45:10,750
So I told him, you know, if I 
drove by your house slowly, I 

854
00:45:10,750 --> 00:45:12,670
would've broken into your wifi. 
That's how. 

855
00:45:12,730 --> 00:45:15,965
It's three seconds. 
Unfortunately, like I said, if 

856
00:45:15,965 --> 00:45:19,972
you grew up in a time where 
brute force wasn't a thing, rate

857
00:45:19,972 --> 00:45:23,520
limiting wasn't a thing. 
We are in a whole different 

858
00:45:23,520 --> 00:45:26,340
world now where it's so easy. 
It's almost like, you know. 

859
00:45:27,453 --> 00:45:31,929
Our phones are so much more 
powerful now than a full size 

860
00:45:31,929 --> 00:45:34,923
room computer was, you know, 30,
40 years ago. 

861
00:45:35,883 --> 00:45:39,393
We, but our culture and our 
expectations technology are 

862
00:45:39,393 --> 00:45:43,063
still kind of very backward. 
So absolutely right. 

863
00:45:43,083 --> 00:45:46,177
Like if you think about what I 
said earlier with age being a 

864
00:45:46,177 --> 00:45:48,855
risk factor. 
With the smart TVs, I don't know

865
00:45:48,855 --> 00:45:50,991
about modern ones. 
I would hope that there's some 

866
00:45:50,991 --> 00:45:53,973
kind of cool off mechanism, rate
limits where, or too many, 

867
00:45:53,973 --> 00:45:56,193
you've got the password wrong 
five times. 

868
00:45:56,223 --> 00:45:57,603
Like you have it with your 
phone, right? 

869
00:45:57,603 --> 00:46:00,120
Yes. 
The more you try, the longer it 

870
00:46:00,120 --> 00:46:03,324
takes before you can try again. 
I've never found one with any of

871
00:46:03,324 --> 00:46:05,163
these devices actually. 
Exactly. 

872
00:46:05,163 --> 00:46:06,862
So I don't know. 
I don't know if they they built 

873
00:46:06,862 --> 00:46:09,165
that. 
But again, going back to age, I 

874
00:46:09,165 --> 00:46:12,449
almost guarantee you 10 years 
ago, a smart device would not 

875
00:46:12,449 --> 00:46:15,991
have any of those because you 
go, no one's gonna try and brute

876
00:46:15,991 --> 00:46:19,004
force my TV. 
Because I just wanna put it on 

877
00:46:19,004 --> 00:46:21,068
the internet. 
I wanna make it smart and make 

878
00:46:21,068 --> 00:46:23,527
it accessible. 
Does it mean, is it possible now

879
00:46:23,527 --> 00:46:26,687
for you, because you mentioned 
like at one point in time you 

880
00:46:26,687 --> 00:46:29,098
scan there could be like 
hundreds of wifi networks 

881
00:46:29,098 --> 00:46:30,715
available. 
Like I just bring a device. 

882
00:46:30,715 --> 00:46:34,230
It could be just mobile device. 
You just walk around and just 

883
00:46:34,230 --> 00:46:37,269
stay for, I dunno how many 
minutes and see if you can... 

884
00:46:37,269 --> 00:46:38,080
I, wow. 
Yeah. 

885
00:46:38,080 --> 00:46:40,047
I don't really want to talk 
about it 'cause I feel like 

886
00:46:40,047 --> 00:46:41,680
people will get the idea to try 
it. 

887
00:46:42,100 --> 00:46:44,713
Okay. 
Unfortunately, the tools are 

888
00:46:44,713 --> 00:46:46,603
there. 
That it's not hard. 

889
00:46:46,933 --> 00:46:48,673
And that's kind of what concerns
me. 

890
00:46:49,463 --> 00:46:52,639
We are in an environment where 
the technology and the 

891
00:46:52,639 --> 00:46:56,756
capability is very, very far 
advanced for misuse. 

892
00:46:57,286 --> 00:47:00,523
And the expectation and 
understanding of security is 

893
00:47:00,523 --> 00:47:04,305
very, very, very far behind. 
It's just, the gap is just 

894
00:47:04,305 --> 00:47:06,468
growing. 
It's already big enough for 

895
00:47:06,468 --> 00:47:08,478
corporates. 
You read about how many 

896
00:47:08,478 --> 00:47:11,203
enterprises are being 
compromised and hacked on a 

897
00:47:11,203 --> 00:47:14,295
daily basis. 
There's nothing paying attention

898
00:47:14,295 --> 00:47:17,983
to the homes. 
And yet we know that from a DDoS

899
00:47:17,983 --> 00:47:20,738
point of view, they've already 
been significantly compromised. 

900
00:47:20,798 --> 00:47:23,698
So that's the way I find it 
interesting personally because 

901
00:47:23,698 --> 00:47:26,380
I'm going. 
How do I help people at least 

902
00:47:26,380 --> 00:47:29,569
catch up a bit to the corporate?
I'm not saying be a corporate, 

903
00:47:29,569 --> 00:47:32,315
you know, to that extent. 
Because even then, quite 

904
00:47:32,315 --> 00:47:34,465
frankly, they're not keeping up 
to the level of threat. 

905
00:47:34,495 --> 00:47:38,572
But take some steps, right? 
Be the path of greater 

906
00:47:38,572 --> 00:47:40,262
resistance. 
Take some steps so it's 

907
00:47:40,262 --> 00:47:43,408
protecting yourself. 
And don't make it so easy 

908
00:47:43,408 --> 00:47:46,558
because it's bad enough. 
The gap is huge enough as it is.

909
00:47:47,573 --> 00:47:50,033
Coming back to that, right? 
Like the path of greater 

910
00:47:50,033 --> 00:47:53,170
resistance and also like the 
number of point of attacks that 

911
00:47:53,170 --> 00:47:55,259
hackers could leverage, so to 
speak, right? 

912
00:47:55,409 --> 00:47:57,799
But interesting enough for your 
service, right? 

913
00:47:58,399 --> 00:48:03,365
You kind of like target a lot 
for C-suites, executives, right?

914
00:48:03,575 --> 00:48:07,056
High-net-worth, lawyer. 
You also mentioned in the very 

915
00:48:07,056 --> 00:48:09,932
beginning just now that personal
medical, you know, information 

916
00:48:09,932 --> 00:48:13,260
could easily be hacked simply 
because they went in from your 

917
00:48:13,260 --> 00:48:14,180
home network. 
Yeah. 

918
00:48:14,720 --> 00:48:19,400
So tell us this, like if you're 
part of this demographics or 

919
00:48:19,400 --> 00:48:22,906
personas, so to speak, right? 
Are you, should you be more 

920
00:48:22,906 --> 00:48:25,889
concerned? 
And why attackers love, you 

921
00:48:25,889 --> 00:48:28,265
know, chasing them? 
Yeah, absolutely. 

922
00:48:28,505 --> 00:48:31,805
So if you think about from an 
economics perspective, what's 

923
00:48:31,805 --> 00:48:33,995
the incentive for someone to 
attack you? 

924
00:48:34,959 --> 00:48:37,509
Quite a few times when I've had 
the conversation with people to 

925
00:48:37,509 --> 00:48:40,545
tell them, hey, you're at risk, 
sometimes the response I get is,

926
00:48:40,545 --> 00:48:43,378
so what they gonna do to me? 
Like, what are you gonna do? 

927
00:48:43,378 --> 00:48:46,976
They go, they, you know, I don't
have money in my bank, for 

928
00:48:46,976 --> 00:48:49,872
example, right? 
And what I found is there's 

929
00:48:49,872 --> 00:48:53,568
three threats that are quite 
common and more prominent in 

930
00:48:53,568 --> 00:48:56,329
high-net-worth individuals. 
The first thing is they're 

931
00:48:56,329 --> 00:48:59,548
attacking you directly, right? 
So they're going after your, you

932
00:48:59,548 --> 00:49:02,536
specifically, your assets, your 
financial assets, your digital 

933
00:49:02,536 --> 00:49:05,218
assets. 
For example, bank accounts, 

934
00:49:05,218 --> 00:49:06,949
right? 
If they can... 

935
00:49:06,949 --> 00:49:11,596
I've known of cases where 
they've been able to spoof 

936
00:49:11,596 --> 00:49:15,278
someone's bank account and show 
them a screen that's not theirs 

937
00:49:15,278 --> 00:49:17,176
and actually transferred the 
money somewhere else. 

938
00:49:17,646 --> 00:49:20,971
Stealing passwords, stealing 
your family photos and holding 

939
00:49:20,971 --> 00:49:25,796
that as ransom. 
I've heard of cases just this 

940
00:49:25,796 --> 00:49:29,746
year where someone's C-suite 
person has had their entire 

941
00:49:29,746 --> 00:49:33,964
digital identity stolen. 
So social media accounts, family

942
00:49:33,964 --> 00:49:37,226
photos, bank transactions, 
financial records, travel plans 

943
00:49:37,226 --> 00:49:40,774
all stolen and then sold on the 
dark web for identity theft. 

944
00:49:41,104 --> 00:49:42,454
And the person didn't even know 
about it. 

945
00:49:42,484 --> 00:49:46,744
So he wasn't even given a chance
to pay a ransom to get it back. 

946
00:49:46,744 --> 00:49:49,768
He was just, immediately his 
information was all sold and 

947
00:49:49,768 --> 00:49:54,992
utilized against it. 
So you might be a target just by

948
00:49:54,992 --> 00:49:58,873
targeting you directly. 
The second other source that 

949
00:49:58,873 --> 00:50:03,597
I've seen is, it's happened more
in, I've seen in Australia where

950
00:50:03,597 --> 00:50:07,236
it's tax fraud. 
So they file on your behalf. 

951
00:50:07,566 --> 00:50:11,190
So they have enough information 
about you to file your taxes for

952
00:50:11,190 --> 00:50:13,441
you. 
It sounds convenient. 

953
00:50:13,711 --> 00:50:16,219
But what they're doing is 
they're actually claiming a 

954
00:50:16,219 --> 00:50:19,252
refund under your name. 
So they're getting very big 

955
00:50:19,252 --> 00:50:21,196
chunks of the money out from the
tax office. 

956
00:50:22,102 --> 00:50:24,802
The last one I heard was $24,000
as a refund. 

957
00:50:25,192 --> 00:50:27,415
And they get the money 
transferred to their own account

958
00:50:27,415 --> 00:50:30,795
and then they disappear. 
But when you go to do your own 

959
00:50:30,795 --> 00:50:33,652
tax claim, suddenly, oh no, I 
haven't filed my taxes, I 

960
00:50:33,652 --> 00:50:37,431
haven't done any of that. 
It's so much effort to undo that

961
00:50:37,431 --> 00:50:39,493
damage. 
I've got friends that couldn't, 

962
00:50:39,493 --> 00:50:42,283
that lost sleep because they 
felt personally violated. 

963
00:50:42,613 --> 00:50:45,763
But on top of that, just the 
admin to be able to undo that 

964
00:50:45,763 --> 00:50:48,866
and the loss to the, you know, 
the tax office is quite 

965
00:50:48,866 --> 00:50:49,993
significant. 
It's a very big deal. 

966
00:50:51,103 --> 00:50:53,881
The third one is what I talked 
about earlier which is access 

967
00:50:53,881 --> 00:50:56,681
through you. 
So depending on what you have 

968
00:50:56,681 --> 00:51:00,095
access to, C-suites are a very 
popular target because of the 

969
00:51:00,095 --> 00:51:04,122
access to the organization. 
There's a lot more efforts at 

970
00:51:04,122 --> 00:51:07,894
trying to protect them through, 
you know, VPN, through, I've got

971
00:51:07,894 --> 00:51:10,898
friends who. 
They do the internet banking on 

972
00:51:10,898 --> 00:51:13,730
the work computer and they do 
everything else on their home 

973
00:51:13,730 --> 00:51:15,214
computer. 
Like keep, you know, keep all 

974
00:51:15,214 --> 00:51:18,044
that separate. 
But it's because they're very 

975
00:51:18,044 --> 00:51:20,366
big targets for leveraging their
access. 

976
00:51:20,426 --> 00:51:24,074
I already know of two people 
that have had their title, the 

977
00:51:24,074 --> 00:51:27,836
office holder title used against
them, against the organization. 

978
00:51:27,866 --> 00:51:32,276
So what that means is one of 
them was saying he was the 

979
00:51:32,276 --> 00:51:36,807
president of a sports club. 
His email got spoofed to ask the

980
00:51:36,807 --> 00:51:42,674
treasurer to send money. 
The easy way to do that was to 

981
00:51:42,674 --> 00:51:46,531
go online and look at all the 
office holders 'cause it's 

982
00:51:46,531 --> 00:51:48,133
public. 
It's public information. 

983
00:51:48,133 --> 00:51:50,533
It's called open source 
intelligence, right? 

984
00:51:50,533 --> 00:51:54,193
So C-Suites are very, it's easy 
to see what they look like. 

985
00:51:54,223 --> 00:51:57,673
It's easy to find out who they 
are, where, what organization 

986
00:51:57,673 --> 00:52:01,288
they are, what their role is. 
And in more recent cases, and 

987
00:52:01,288 --> 00:52:05,694
I'll show you some links, but 
CFOs, CEOs have been spoofed 

988
00:52:05,694 --> 00:52:10,348
with deep fakes, with AI 
technology, to mimic them and 

989
00:52:10,348 --> 00:52:13,288
provide instructions to, hey, 
transfer $25 million. 

990
00:52:14,248 --> 00:52:16,402
It's me. 
I'm giving you the authority now

991
00:52:16,402 --> 00:52:21,480
on the video call in front of 
other deep fake members of the 

992
00:52:21,480 --> 00:52:23,956
executive. 
And it's, there's more reasons 

993
00:52:23,956 --> 00:52:27,134
to be targeting a high-net-worth
individual from an economic 

994
00:52:27,134 --> 00:52:30,953
incentive point of view. 
Now, if you are a hacker just 

995
00:52:30,953 --> 00:52:35,092
after a bot net, you don't need 
to put in all the extra effort. 

996
00:52:35,452 --> 00:52:37,042
But you have a whole different 
model there. 

997
00:52:37,372 --> 00:52:40,732
And quite frankly, that's why a 
lot of people have, that's why 

998
00:52:40,732 --> 00:52:42,878
they've been so successful. 
'Cause these people aren't 

999
00:52:42,878 --> 00:52:46,546
really looking after themselves.
So I'm focusing on the people 

1000
00:52:46,546 --> 00:52:50,581
that have, one, more a bigger 
target, but are also more 

1001
00:52:50,581 --> 00:52:54,626
willing to get help to protect 
themselves because they know 

1002
00:52:54,626 --> 00:52:58,721
that they've got more risk. 
If I had a magic wand and 

1003
00:52:58,721 --> 00:53:01,111
unlimited resources, I would 
want to try and protect 

1004
00:53:01,111 --> 00:53:03,535
everybody. 
But the reality is, you know, 

1005
00:53:03,535 --> 00:53:07,273
you got a 80-20 rule, you gotta 
work with the target that are 

1006
00:53:07,273 --> 00:53:10,357
more responsive, but also higher
targets until I can work out how

1007
00:53:10,357 --> 00:53:13,389
I can scale this and make the 
umbrella bigger. 

1008
00:53:13,938 --> 00:53:17,160
And try and get, I guess, more 
people involved in looking after

1009
00:53:17,160 --> 00:53:19,440
that. 
There's a similar parallel in 

1010
00:53:19,440 --> 00:53:23,550
what's happening in the US. 
A lot of infrastructure, city 

1011
00:53:23,550 --> 00:53:26,466
infrastructure, so water 
systems, for example, they run 

1012
00:53:26,466 --> 00:53:28,995
with operational technology that
was really, really old. 

1013
00:53:29,852 --> 00:53:33,702
And what's happened is they've 
been hacked on a regular basis, 

1014
00:53:33,702 --> 00:53:37,011
but because they are, It's such 
a fundamental service, I mean, 

1015
00:53:37,011 --> 00:53:39,357
imagine if you wanna turn on the
tap and there's no water. 

1016
00:53:39,357 --> 00:53:43,069
But at the same time, because 
it's so old and outdated, it's 

1017
00:53:43,069 --> 00:53:46,649
not fun, sexy to get into the 
industry of cybersecurity for 

1018
00:53:46,649 --> 00:53:48,757
water service. 
So they become really big 

1019
00:53:48,757 --> 00:53:50,929
targets. 
So there's a big community now 

1020
00:53:50,929 --> 00:53:55,069
in the US for white hat hackers 
to volunteer their time to go 

1021
00:53:55,069 --> 00:53:56,917
help protect their local water 
utility. 

1022
00:53:57,277 --> 00:54:01,279
Because without that community, 
that kind of community approach,

1023
00:54:01,279 --> 00:54:03,847
there's no way to scale it up to
be able to fit. 

1024
00:54:04,607 --> 00:54:06,907
And even then they're only 
covering a small portion of it. 

1025
00:54:06,907 --> 00:54:11,077
They're not covering everybody. 
So very, very big target base. 

1026
00:54:11,561 --> 00:54:13,702
Very hard to reach everybody at 
once. 

1027
00:54:14,062 --> 00:54:17,490
I'm focusing on the people that 
are more susceptible, but also 

1028
00:54:17,490 --> 00:54:21,206
are gonna be more willing to 
listen to, hey, this is how 

1029
00:54:21,206 --> 00:54:23,402
you're gonna get attacked. 
This is how it can help you. 

1030
00:54:24,162 --> 00:54:26,272
And that's why I've targeted 
the, yeah, executives. 

1031
00:54:26,302 --> 00:54:29,488
Ideally it'd be everybody. 
But, yeah, it's not a, it's a 

1032
00:54:29,488 --> 00:54:31,240
very big landscape at the 
moment. 

1033
00:54:31,256 --> 00:54:34,561
Yeah. 
I think that's also very good 

1034
00:54:34,561 --> 00:54:37,897
awareness building, right? 
Because again, like we all like 

1035
00:54:37,897 --> 00:54:41,896
our gadgets, our devices, we 
just buy them, put it at home, 

1036
00:54:41,896 --> 00:54:43,792
you know. 
We forgot about it, especially 

1037
00:54:43,792 --> 00:54:47,347
if you're these type of persona 
where you hold a lot of 

1038
00:54:47,347 --> 00:54:49,731
information. 
You know, could be medical, 

1039
00:54:49,731 --> 00:54:52,118
private, it could be your 
digital assets. 

1040
00:54:52,118 --> 00:54:55,346
I think these days a lot of 
people, hack into, I dunno, 

1041
00:54:55,346 --> 00:54:58,423
either your browsers and they 
just took your crypto for 

1042
00:54:58,423 --> 00:55:01,944
whatever reasons, right? 
In this world these days, I 

1043
00:55:01,944 --> 00:55:05,398
think if you simply have a lot 
of these assets, right? 

1044
00:55:05,398 --> 00:55:09,493
I would say just be mindful as 
well and yeah, probably do take 

1045
00:55:09,493 --> 00:55:11,933
care about the security of your 
network, right? 

1046
00:55:12,973 --> 00:55:16,573
So with all these, right, how 
come in the news, there's no, 

1047
00:55:16,573 --> 00:55:19,505
nothing, nothing at all 
mentioning about this, because 

1048
00:55:19,505 --> 00:55:21,774
this is happening, and it's 
widespread. 

1049
00:55:22,224 --> 00:55:26,312
And if you're saying that 
Singapore now is the top source 

1050
00:55:26,312 --> 00:55:28,144
country, why I've never heard 
anything about it? 

1051
00:55:29,340 --> 00:55:32,520
That's an interesting question. 
I have actually had a chance to 

1052
00:55:32,520 --> 00:55:34,320
ask someone in the government 
before. 

1053
00:55:35,128 --> 00:55:37,678
The response wasn't what I was 
hoping for. 

1054
00:55:38,296 --> 00:55:41,506
But you're absolutely right. 
I think at the moment there's 

1055
00:55:41,506 --> 00:55:44,920
probably a level of concern but 
not necessarily clear 

1056
00:55:44,920 --> 00:55:46,180
understanding of what to do 
about it. 

1057
00:55:46,240 --> 00:55:49,632
So just a few months ago, I 
think the Minister of Law called

1058
00:55:49,632 --> 00:55:53,949
out for the first time threats 
from APT that, and calling out 

1059
00:55:53,949 --> 00:55:58,844
the country, the source, is 
typically not in the culture for

1060
00:55:58,844 --> 00:56:01,375
Singapore to be acknowledging. 
I was curious about that. 

1061
00:56:01,400 --> 00:56:02,360
Why? 
Yeah. 

1062
00:56:02,360 --> 00:56:05,605
Calling it out unless it's 
really, unless it's like a real,

1063
00:56:05,605 --> 00:56:10,010
really serious problem. 
What I think at the moment, 

1064
00:56:10,010 --> 00:56:13,874
unless there's a clear line 
between the damage that's being 

1065
00:56:13,874 --> 00:56:15,861
caused. 
Like I said with the SIM cards, 

1066
00:56:15,861 --> 00:56:19,710
it's probably my best example. 
At the moment, it's very, it's a

1067
00:56:19,710 --> 00:56:23,702
lot easier to see that, hey, if 
I don't control the SIM cards 

1068
00:56:23,702 --> 00:56:26,672
and allow people to take 
advantage of that and use that 

1069
00:56:26,672 --> 00:56:31,574
for legal purposes, then that's 
when the response, the societal 

1070
00:56:31,574 --> 00:56:33,474
response is, okay, we need to 
clamp down on it. 

1071
00:56:33,474 --> 00:56:37,359
We need to deal with it. 
I don't think that's as clear 

1072
00:56:37,359 --> 00:56:41,532
cut yet with the internet 
technology and with, so I think,

1073
00:56:41,532 --> 00:56:44,421
one, the attack is not so clear 
and two, therefore the response 

1074
00:56:44,421 --> 00:56:47,741
isn't as harsh or as firm or as 
immediate and urgent. 

1075
00:56:48,341 --> 00:56:51,431
But when you can see the efforts
that Singapore is working on at 

1076
00:56:51,431 --> 00:56:55,011
the moment, I think it's clear 
that they are very concerned 

1077
00:56:55,011 --> 00:56:57,521
about the effect on corporates 
and businesses. 

1078
00:56:57,581 --> 00:57:00,977
'Cause that does link to the 
reputation of the country as 

1079
00:57:00,977 --> 00:57:03,981
well as being attractive place 
for businesses. 

1080
00:57:04,331 --> 00:57:08,153
So I think it's a matter of time
before, one, the attack scale 

1081
00:57:08,153 --> 00:57:12,727
up, before there's more and more
things that you can do with a 

1082
00:57:12,727 --> 00:57:15,462
compromised network. 
And then two, finding a strategy

1083
00:57:15,462 --> 00:57:19,567
to be able to respond to that. 
I use vaping as a parallel. 

1084
00:57:19,837 --> 00:57:22,680
So when vaping started 
happening, you know, there was a

1085
00:57:22,680 --> 00:57:24,254
growing trend, growing 
popularity. 

1086
00:57:25,176 --> 00:57:28,558
It didn't seem like it was that 
big a deal until they started 

1087
00:57:28,558 --> 00:57:29,928
putting more and more things 
into it. 

1088
00:57:30,058 --> 00:57:33,550
They started getting more 
visibility around the problem 

1089
00:57:33,550 --> 00:57:37,450
and it became very, very clear 
that, okay, we need a stronger 

1090
00:57:37,450 --> 00:57:39,196
response. 
And the government has then 

1091
00:57:39,196 --> 00:57:40,318
gone, right? 
That's it. 

1092
00:57:40,378 --> 00:57:41,788
Zero tolerance. 
Clamp down on it. 

1093
00:57:42,604 --> 00:57:45,814
I see a similar parallel to that
with home cybersecurity. 

1094
00:57:46,444 --> 00:57:50,852
Unfortunately, the way the 
networks are working, it's 

1095
00:57:50,852 --> 00:57:53,794
harder to... unless you're China
with a firewall. 

1096
00:57:53,794 --> 00:57:55,624
And even then people get around 
firewall. 

1097
00:57:56,014 --> 00:57:58,719
It's harder to control things 
that flow in and out from the 

1098
00:57:58,719 --> 00:58:01,879
internet. 
It's not like it's a physical 

1099
00:58:01,879 --> 00:58:04,330
border. 
I think that's where, again, if 

1100
00:58:04,330 --> 00:58:07,856
the threat is not clear and 
therefore the strategy for 

1101
00:58:07,856 --> 00:58:11,599
responding is not that clear, 
you have to quite frankly let 

1102
00:58:11,599 --> 00:58:14,641
things develop further and then 
see, okay, so how do they 

1103
00:58:14,641 --> 00:58:17,701
respond from that? 
But from my perspective, by that

1104
00:58:17,701 --> 00:58:20,887
time, where we are, it's already
kind of we're already late to 

1105
00:58:20,887 --> 00:58:23,648
the party. 
So it's almost up to the people 

1106
00:58:23,648 --> 00:58:26,907
to try and take the personal 
responsibility to protect 

1107
00:58:26,907 --> 00:58:29,760
themselves. 
And quite frankly, it's almost a

1108
00:58:29,760 --> 00:58:35,214
going back to defense in depth. 
Even if you have a police post 

1109
00:58:35,214 --> 00:58:38,610
station near you, if you're 
surrounded by police stations. 

1110
00:58:38,940 --> 00:58:41,294
And if there's security guard in
your state, it doesn't mean that

1111
00:58:41,294 --> 00:58:42,600
you should leave your front door
open. 

1112
00:58:43,110 --> 00:58:48,216
But when I say we collectively, 
you're so used to a protected 

1113
00:58:48,216 --> 00:58:51,595
safe space that you don't really
think about what people could be

1114
00:58:51,595 --> 00:58:53,241
doing and how they could be 
leveraging you. 

1115
00:58:53,631 --> 00:58:56,712
It's to the benefit of the, you 
know, the people using the 

1116
00:58:56,712 --> 00:59:00,329
networks and access and hacking.
So it's almost like, I just 

1117
00:59:00,329 --> 00:59:04,398
think that we are not yet there 
in the point where there's a 

1118
00:59:04,398 --> 00:59:08,595
very big, clear problem, but 
it's got enough fires and smoke 

1119
00:59:08,595 --> 00:59:11,895
to indicate to me that this is 
gonna get worse. 

1120
00:59:12,135 --> 00:59:13,815
Yeah. 
It's just gonna get worse. 

1121
00:59:13,815 --> 00:59:17,015
So in the meantime, I'm gonna 
try and help people be educated 

1122
00:59:17,015 --> 00:59:20,235
to be able to catch up and try 
and close a bit of their gap. 

1123
00:59:20,794 --> 00:59:24,054
But quite frankly, I expect the 
gap will still get bigger, 

1124
00:59:24,054 --> 00:59:26,552
especially with AI growing at 
the pace that it's growing. 

1125
00:59:26,997 --> 00:59:29,122
How about the telco, you know, 
the internet provider? 

1126
00:59:29,122 --> 00:59:31,442
They would have seen these 
traffic, right? 

1127
00:59:31,442 --> 00:59:33,342
Especially if it's being used 
for DDoS attack. 

1128
00:59:33,362 --> 00:59:36,273
I'm sure like you will see the 
kind of like the targets, right?

1129
00:59:36,273 --> 00:59:38,863
The target endpoints goes to 
somewhere and in one go. 

1130
00:59:38,863 --> 00:59:42,263
Like how about them? 
Like can they actually try to 

1131
00:59:42,263 --> 00:59:45,113
mitigate a little bit? 
It's hard. 

1132
00:59:45,113 --> 00:59:48,912
So at the moment when you look 
at the scale that they're 

1133
00:59:48,912 --> 00:59:52,410
attacking it's, you know, it's 
within 14 seconds, for example. 

1134
00:59:52,770 --> 00:59:55,506
By the time the AI recognizes, 
oh, there's something going on, 

1135
00:59:55,506 --> 00:59:58,255
it's already over. 
But one of the interesting 

1136
00:59:58,255 --> 01:00:01,590
trends that I'm, that you're 
seeing with DDoS attacks, 

1137
01:00:01,590 --> 01:00:03,540
they're actually attacking ISPs 
as well. 

1138
01:00:03,960 --> 01:00:09,823
So it's almost like if you... 
there's a level of mischief in 

1139
01:00:09,823 --> 01:00:12,783
what they're doing as well. 
It's not always, you know, for 

1140
01:00:12,783 --> 01:00:14,303
commercial gain or economic 
gain. 

1141
01:00:14,333 --> 01:00:16,873
It's also sometimes they just 
wanna piss someone off. 

1142
01:00:17,573 --> 01:00:21,912
So ISPs actually, if you look at
Cloudflare and the setup they've

1143
01:00:21,912 --> 01:00:24,567
got, because they can, they're 
tracking where all the IP 

1144
01:00:24,567 --> 01:00:28,057
addresses are, they can actually
tell the ISPs, this is where 

1145
01:00:28,057 --> 01:00:30,533
your, yeah, this is where the 
attacks are coming from. 

1146
01:00:31,224 --> 01:00:35,544
I actually want to talk to the 
ISP to go give me a list of all 

1147
01:00:35,544 --> 01:00:38,070
the IP addresses. 
Every time I go to a house that 

1148
01:00:38,070 --> 01:00:42,081
I check, I can marry it out. 
I can tell you there's already a

1149
01:00:42,081 --> 01:00:46,338
compromised device there. 
I just don't think at the moment

1150
01:00:46,338 --> 01:00:49,320
the concern, the level of 
concern is warranting that for 

1151
01:00:49,320 --> 01:00:51,340
the ISPs to actually take that 
kind of action. 

1152
01:00:52,260 --> 01:00:55,356
But I feel like if, you know, 
magic wand, that's what we need 

1153
01:00:55,356 --> 01:00:58,166
to be doing. 
We need to be going tell me all 

1154
01:00:58,166 --> 01:01:00,674
the ones that are, have been 
compromised 'cause attacks 

1155
01:01:00,674 --> 01:01:04,170
coming from there, I'll go send 
someone there and actually work 

1156
01:01:04,170 --> 01:01:08,106
out with what devices. 
One or many devices is actually 

1157
01:01:08,106 --> 01:01:10,578
contributing to this, right? 
Because the footprints are 

1158
01:01:10,578 --> 01:01:12,396
there. 
That's the good thing in a way 

1159
01:01:12,396 --> 01:01:14,932
about the internet, right? 
Even though it's all connected, 

1160
01:01:14,932 --> 01:01:18,612
interconnected and all digital, 
you should be able to see if you

1161
01:01:18,612 --> 01:01:20,828
can see it's coming to attack 
you, you can see where it's 

1162
01:01:20,828 --> 01:01:22,118
coming from. 
Yeah, with the packets. 

1163
01:01:22,118 --> 01:01:24,048
Yeah. 
So it's really around be able to

1164
01:01:24,048 --> 01:01:27,368
trace and follow that. 
But yeah, we're just not in a 

1165
01:01:27,368 --> 01:01:30,878
position where, one, they've got
the resource and the, I guess 

1166
01:01:30,878 --> 01:01:33,398
the social urgency to deal with 
that. 

1167
01:01:33,747 --> 01:01:36,435
Like I said, if it becomes a 
bigger, which I expect it'll 

1168
01:01:36,435 --> 01:01:38,961
become a bigger problem, like 
with the SIM cards, then yeah, 

1169
01:01:38,961 --> 01:01:41,424
you're gonna put in more and 
more steps to try and deal with 

1170
01:01:41,424 --> 01:01:44,454
it. 
But also if you look at the rate

1171
01:01:44,454 --> 01:01:48,906
of growth of DDoS as a proxy, I 
don't think any country in the 

1172
01:01:48,906 --> 01:01:52,294
world is prepared to deal with 
the level that they're growing. 

1173
01:01:52,364 --> 01:01:56,810
And the Aisuru report that Brian
Krebs was just discovering is 

1174
01:01:56,810 --> 01:01:59,942
hitting new records at.... 
Like this year they've gone 

1175
01:01:59,942 --> 01:02:05,547
from, I think it was 3.5 to now 
30, 30 terabits per second. 

1176
01:02:06,137 --> 01:02:09,625
Like the pace at which they're 
collecting devices and break and

1177
01:02:09,625 --> 01:02:12,946
compromising networks is I don't
think any single government by 

1178
01:02:12,946 --> 01:02:15,228
itself can deal with that level 
of growth. 

1179
01:02:16,143 --> 01:02:20,489
So if government, maybe now not 
the right time for them to act 

1180
01:02:20,489 --> 01:02:22,605
in. 
The ISP is probably also not the

1181
01:02:22,605 --> 01:02:25,291
right time. 
So it's coming back to us now to

1182
01:02:25,291 --> 01:02:28,165
protect ourselves, right? 
So thinking my head, typically 

1183
01:02:28,165 --> 01:02:32,357
in a corporate or maybe like we 
read in the news or some blogs, 

1184
01:02:32,357 --> 01:02:34,475
right? 
You would typically install 

1185
01:02:34,475 --> 01:02:36,775
anti-virus, anti-malware on your
laptop. 

1186
01:02:37,195 --> 01:02:39,937
In corporate you will have like 
a firewall, you know, put in 

1187
01:02:39,937 --> 01:02:41,935
place. 
Is there such thing that we can 

1188
01:02:41,935 --> 01:02:45,658
do to our home network as well? 
I think the short answer is 

1189
01:02:45,658 --> 01:02:48,318
there's no one size fits all. 
Like I said, there's no one path

1190
01:02:48,318 --> 01:02:51,497
that people are following. 
In the early days with viruses, 

1191
01:02:51,497 --> 01:02:54,412
it was a lot clearer, right? 
You would get infected through 

1192
01:02:54,412 --> 01:02:57,034
an email or you would get 
infected through pirated 

1193
01:02:57,034 --> 01:02:59,137
software. 
Like there was clearer vectors 

1194
01:02:59,137 --> 01:03:01,852
for attacks. 
Now with the level of technology

1195
01:03:01,852 --> 01:03:04,972
and how everything is a lot more
interconnected now. 

1196
01:03:05,872 --> 01:03:10,747
And again, with AI giving you a 
very, very large range of access

1197
01:03:10,747 --> 01:03:13,072
tools is not as straightforward 
as that. 

1198
01:03:13,770 --> 01:03:16,401
I think that's where one of the 
philosophies that I push is 

1199
01:03:16,401 --> 01:03:18,193
to... 
"can doesn't mean you should. 

1200
01:03:18,343 --> 01:03:20,623
So you shouldn't just connect 
things. 

1201
01:03:20,623 --> 01:03:22,243
You shouldn't just buy it 'cause
it's got wifi. 

1202
01:03:22,243 --> 01:03:25,413
You shouldn't just plug it in 
and not as, as any value. 

1203
01:03:25,963 --> 01:03:30,262
I have a robot vacuum cleaner. 
It sends a crazy amount of data 

1204
01:03:30,262 --> 01:03:33,163
to the internet. 
It's very frustrating that I 

1205
01:03:33,163 --> 01:03:36,578
know what it's probably doing. 
It's scanning on my neighbor's 

1206
01:03:36,578 --> 01:03:38,268
wifi. 
It's logging everything in my 

1207
01:03:38,268 --> 01:03:41,398
house and sending it to them, 
but I've kept it separate from 

1208
01:03:41,398 --> 01:03:43,243
my, the rest of my, all my 
devices. 

1209
01:03:43,873 --> 01:03:46,953
I get a lot of value out of 
having my robot vacuum cleaner 

1210
01:03:46,953 --> 01:03:50,173
run once a day, twice a day 
because it keeps my house clean.

1211
01:03:50,203 --> 01:03:54,817
So I get benefit of doing that. 
My washing machine, on the other

1212
01:03:54,817 --> 01:03:57,583
hand is wifi connected, but I 
get zero value out of that. 

1213
01:03:57,613 --> 01:04:01,493
In fact, I'm probably the 
service of how, the product. 

1214
01:04:01,493 --> 01:04:03,103
I'm giving them my product 
information. 

1215
01:04:03,955 --> 01:04:07,711
I've connected it as well 
because I wanted to not leave it

1216
01:04:07,711 --> 01:04:11,345
open for someone else to try and
connect to it, but I'm a lot 

1217
01:04:11,345 --> 01:04:13,615
more conscious around why I've 
connected it that way. 

1218
01:04:13,855 --> 01:04:17,686
So going back to what you were 
saying with the anti-virus and 

1219
01:04:17,686 --> 01:04:21,298
anti-malware, there's no clear 
one size fits all approach, what

1220
01:04:21,298 --> 01:04:25,093
I try and challenge people to do
is think about spring cleaning. 

1221
01:04:25,453 --> 01:04:27,351
Spring cleaning your network. 
Like look at all the things that

1222
01:04:27,351 --> 01:04:30,163
you have at your network and go,
do I actually get value? 

1223
01:04:30,703 --> 01:04:33,591
Does it improve my life to have 
wifi connectivity for this 

1224
01:04:33,591 --> 01:04:35,940
thing? 
If not, then either get rid of 

1225
01:04:35,940 --> 01:04:38,443
the thing or at least try and 
disable the wifi. 

1226
01:04:39,123 --> 01:04:42,561
Unfortunately, I've seen so many
cases where people have 

1227
01:04:42,561 --> 01:04:45,113
connected things and forgotten 
about them to a point that even 

1228
01:04:45,113 --> 01:04:46,993
though they've been hacked, they
don't even realize it. 

1229
01:04:47,675 --> 01:04:50,195
And because they haven't used it
on a regular basis, it doesn't 

1230
01:04:50,195 --> 01:04:53,714
add the value. 
You forget that you are taking 

1231
01:04:53,714 --> 01:04:58,990
on the risk without the benefit.
So it's all bad news having that

1232
01:04:58,990 --> 01:05:01,590
some kind of connectivity. 
So yeah, unfortunately there's 

1233
01:05:01,590 --> 01:05:05,140
no one size fits all approach. 
You know, back in the day, it 

1234
01:05:05,140 --> 01:05:09,048
was just running antivirus. 
But now, the amount of different

1235
01:05:09,048 --> 01:05:13,322
threat vectors are significant, 
the best thing to do is try and 

1236
01:05:13,322 --> 01:05:16,288
reduce your attack surface and 
try and keep as little entry 

1237
01:05:16,288 --> 01:05:19,056
points for, you know, someone to
access your house. 

1238
01:05:19,596 --> 01:05:22,722
Speaking about value, it reminds
me one typical device that 

1239
01:05:22,722 --> 01:05:25,854
people have that is always 
connected and it's kind of like 

1240
01:05:25,854 --> 01:05:28,446
valuable for them, which is the 
network attached storage. 

1241
01:05:29,196 --> 01:05:31,836
This could be your harddisk that
you can access from anywhere, 

1242
01:05:31,836 --> 01:05:33,938
right? 
What should we do about it? 

1243
01:05:33,938 --> 01:05:36,893
We love it. 
We want it to be connected, but 

1244
01:05:36,893 --> 01:05:39,308
it also opens itself up for 
attacks. 

1245
01:05:39,938 --> 01:05:43,348
And I think the challenge with 
network access storage is it's 

1246
01:05:43,348 --> 01:05:45,158
very attractive for multiple 
reasons. 

1247
01:05:45,318 --> 01:05:47,502
Yeah. 
And typically we store like 

1248
01:05:47,502 --> 01:05:49,088
personal. 
Yeah, yeah. 

1249
01:05:49,178 --> 01:05:54,703
One I've got, in Australia, 
ASX20, top 20 listed companies 

1250
01:05:54,703 --> 01:05:57,970
in Australia. 
I know one of them has been 

1251
01:05:57,970 --> 01:05:59,797
hacked before with ransomware on
the NAS. 

1252
01:06:00,254 --> 01:06:04,136
I've several NASes as well. 
And one of the best targets, 

1253
01:06:04,136 --> 01:06:06,543
most attractive targets for 
ransomware because it's your 

1254
01:06:06,543 --> 01:06:09,643
digital assets. 
I constantly tell people that if

1255
01:06:09,643 --> 01:06:12,756
my whole house burned down, the 
only thing I need protected is 

1256
01:06:12,756 --> 01:06:14,661
the photos. 
Because you can't replace that. 

1257
01:06:14,661 --> 01:06:18,446
You can replace everything else.
Your passport, your ID cards, 

1258
01:06:18,446 --> 01:06:20,601
what certificates, whatever. 
You can get reprints. 

1259
01:06:20,871 --> 01:06:22,131
But you can't get the photos 
back. 

1260
01:06:22,671 --> 01:06:24,531
So it's a very, very attractive 
source. 

1261
01:06:25,191 --> 01:06:27,756
Unfortunately, going back to 
what I said about distributed 

1262
01:06:27,756 --> 01:06:31,238
computing, it's got a processor,
it's got storage, and it's got 

1263
01:06:31,238 --> 01:06:32,031
network. 
It's... 

1264
01:06:32,616 --> 01:06:36,456
It's got your asset as well. 
Yeah, so it is a great target. 

1265
01:06:36,526 --> 01:06:41,361
And quite sadly, I've seen quite
a few NASes now that when I run 

1266
01:06:41,361 --> 01:06:43,876
this vulnerability scan thing, 
because it's so attractive, 

1267
01:06:43,876 --> 01:06:48,692
going back to what I said about 
the ethos, it's constantly being

1268
01:06:48,692 --> 01:06:51,666
hacked and new vulnerabilities 
are being found all the time. 

1269
01:06:52,357 --> 01:06:54,697
One of the key things that 
people have to be doing is 

1270
01:06:54,697 --> 01:06:56,827
checking whether the firm has 
been updated for NAS. 

1271
01:06:57,067 --> 01:07:00,061
Right, you, that's one of the, 
keep in mind that that's one, 

1272
01:07:00,061 --> 01:07:03,065
it's a gold mine. 
Like NASes have been found to be

1273
01:07:03,065 --> 01:07:05,867
mining crypto. 
Because they're on there 24/7. 

1274
01:07:05,887 --> 01:07:08,560
They're constantly worrying and 
you just don't know what's 

1275
01:07:08,560 --> 01:07:10,611
happening. 
They've been very popular. 

1276
01:07:11,091 --> 01:07:15,521
Trend Micro have something 
called Zero Day Initiative where

1277
01:07:15,521 --> 01:07:18,973
they reward hackers, 
competitions for hacking the 

1278
01:07:18,973 --> 01:07:23,012
NASes, QNAP and Synology have 
been very, very popular. 

1279
01:07:23,522 --> 01:07:26,538
And there's a Singapore company.
Actually I'll call them out on 

1280
01:07:26,538 --> 01:07:27,762
this podcast. 
STAR Labs. 

1281
01:07:28,142 --> 01:07:32,880
They've won what they call 
Master of Pwn which is there are

1282
01:07:32,880 --> 01:07:37,825
a few competitions every year. 
They won the one in, I think it 

1283
01:07:37,825 --> 01:07:40,948
was Ireland, no, Berlin, I 
think, earlier this year where 

1284
01:07:40,948 --> 01:07:43,282
they've successfully shown how 
to hack into things. 

1285
01:07:43,552 --> 01:07:47,193
So going back to what I said 
before, the workflow for 

1286
01:07:47,193 --> 01:07:51,463
security researchers to hack 
into something is to share the 

1287
01:07:51,463 --> 01:07:54,099
information with the 
manufacturer and then make it 

1288
01:07:54,099 --> 01:07:55,466
public. 
But ideally giving the 

1289
01:07:55,466 --> 01:07:58,844
manufacturer time to patch it. 
This happens a lot with NAS. 

1290
01:07:58,864 --> 01:08:02,246
It's very... 2, 3 times a year, 
this happens. 

1291
01:08:02,996 --> 01:08:07,296
So if you have a NAS, absolutely
take extra precaution with it. 

1292
01:08:07,296 --> 01:08:09,986
Check if the firmware is 
updating, up to date. 

1293
01:08:10,632 --> 01:08:15,290
If it's old and it doesn't 
update anymore, get a new one, 

1294
01:08:15,290 --> 01:08:17,548
unfortunately. 
Christmas, go shopping. 

1295
01:08:17,548 --> 01:08:21,010
But at the same time, be aware 
that it's a very attractive 

1296
01:08:21,010 --> 01:08:23,930
target and just do the hygiene, 
like the digital hygiene that 

1297
01:08:23,930 --> 01:08:26,712
you need to. 
Don't hold things that longer 

1298
01:08:26,712 --> 01:08:29,640
than you need to, right? 
Cause it can be used against 

1299
01:08:29,640 --> 01:08:32,747
you. 
It's typically harder with NAS, 

1300
01:08:32,747 --> 01:08:36,255
because as you accumulate your 
data, your files, right, and to 

1301
01:08:36,255 --> 01:08:38,343
migrate it to something else. 
Yeah. 

1302
01:08:38,627 --> 01:08:41,465
When you have terabytes, for 
example, you have terabytes of 

1303
01:08:41,465 --> 01:08:44,046
data. 
I literally in my bag right now,

1304
01:08:44,046 --> 01:08:47,423
I have a harddisk to put in the 
NAS that I just bought an hour 

1305
01:08:47,423 --> 01:08:49,410
ago. 
'Cause I want to, because I'm 

1306
01:08:49,410 --> 01:08:52,841
actually doing that. 
I'm, it's outgrowing the 

1307
01:08:52,841 --> 01:08:54,850
capacity. 
So I just bought 16 terabyte 

1308
01:08:54,850 --> 01:08:56,448
harddisk. 
But yeah, absolutely. 

1309
01:08:56,448 --> 01:09:01,301
So once I do the migration, it's
part the Lean methodology that I

1310
01:09:01,301 --> 01:09:04,988
applied to my process as well. 
Along the way, if you don't need

1311
01:09:04,988 --> 01:09:07,712
to hold, if it doesn't add any 
value, get rid of it. 

1312
01:09:07,773 --> 01:09:11,046
It makes the migration easier, 
but it also reduces your attack 

1313
01:09:11,046 --> 01:09:13,371
surface. 
If you don't have too much 

1314
01:09:13,371 --> 01:09:16,173
clutter and complexity, going 
back to some of the learnings 

1315
01:09:16,173 --> 01:09:17,733
that I took away from the 
corporate world. 

1316
01:09:18,662 --> 01:09:21,423
It just makes your life simpler,
having less things to manage. 

1317
01:09:22,023 --> 01:09:26,363
Because it's really fun to buy 
the new thing, plug it in, and 

1318
01:09:26,582 --> 01:09:28,832
get that 30 seconds of 
enjoyment. 

1319
01:09:29,372 --> 01:09:33,582
But the risk that you put on, 
take on for leaving it then and 

1320
01:09:33,582 --> 01:09:36,292
not tidying it up, it just grows
over time. 

1321
01:09:37,143 --> 01:09:42,703
And I've already found NASes in 
my circles scanning that have 

1322
01:09:42,703 --> 01:09:46,661
been compromised. 
And the disappointing ones are 

1323
01:09:46,661 --> 01:09:50,093
finding where people know that 
they should have updated the 

1324
01:09:50,093 --> 01:09:52,292
password or changed the password
and they haven't. 

1325
01:09:52,843 --> 01:09:56,103
And I'd show them this took 30 
seconds. 

1326
01:09:56,133 --> 01:09:56,598
Like... 
Yeah. 

1327
01:09:57,561 --> 01:09:59,871
You are so close to, if you 
haven't been hacked already, 

1328
01:09:59,871 --> 01:10:01,326
you're so close to being hacked.
Yeah. 

1329
01:10:01,731 --> 01:10:04,701
It's disappointing because when 
you, like I said, the value that

1330
01:10:04,701 --> 01:10:08,271
I place on my digital assets is 
significantly high, so I want to

1331
01:10:08,271 --> 01:10:12,706
take effort to protect it. 
But people don't realize how 

1332
01:10:12,706 --> 01:10:16,491
easy it is for NASes and how 
attractive it is to be hacked. 

1333
01:10:16,656 --> 01:10:18,953
Yeah. 
I guess one of the main reasons 

1334
01:10:18,953 --> 01:10:21,384
why people don't want to change 
password is like they might 

1335
01:10:21,384 --> 01:10:23,534
forget the password. 
They don't know how to create 

1336
01:10:23,534 --> 01:10:25,511
strong password. 
And that's why I think using 

1337
01:10:25,511 --> 01:10:28,386
password manager is like, maybe 
it's like a must these days. 

1338
01:10:28,386 --> 01:10:31,446
Like if you have password 
manager, it can help you to kind

1339
01:10:31,446 --> 01:10:33,936
of like, first, create a strong 
password. 

1340
01:10:33,966 --> 01:10:35,326
Second is kind of like save it, 
right? 

1341
01:10:35,326 --> 01:10:37,986
So that you can get access to it
from time to time. 

1342
01:10:38,046 --> 01:10:39,464
Absolutely. 
That's one of the things I 

1343
01:10:39,464 --> 01:10:40,806
strongly recommend. 
Install password managers. 

1344
01:10:41,346 --> 01:10:43,106
So I wanna touch on a bit about 
AI, right? 

1345
01:10:43,106 --> 01:10:46,634
So now we know about all these 
possibilities, the attack 

1346
01:10:46,634 --> 01:10:49,026
vectors, the potentials that you
can do, right? 

1347
01:10:49,056 --> 01:10:52,461
Because I think it can be 
lucrative for someone who start 

1348
01:10:52,461 --> 01:10:55,686
going to the dark side and 
knowing about potential of this.

1349
01:10:55,836 --> 01:10:59,784
And now with AI, kind of like, I
would say superpower for them to

1350
01:10:59,784 --> 01:11:02,256
kickstart doing this, I wanna 
understand the scale. 

1351
01:11:02,316 --> 01:11:06,960
How much has it really been in 
terms of increasingly hackers 

1352
01:11:06,960 --> 01:11:11,310
learning from AI and using its 
capability, to actually starting

1353
01:11:11,310 --> 01:11:13,746
becoming like a, you know 
hacker? 

1354
01:11:14,781 --> 01:11:17,031
So I don't think it's that 
obvious yet. 

1355
01:11:17,601 --> 01:11:23,416
But from just tools that I build
as well, I use AI for coding, 

1356
01:11:23,416 --> 01:11:25,919
for understanding. 
Like I said, if I'm trying to 

1357
01:11:25,919 --> 01:11:28,788
think like a hacker, if I'm 
trying to replicate what they're

1358
01:11:28,788 --> 01:11:34,323
doing, I'm gonna be trying to 
use the tool to protect as much 

1359
01:11:34,323 --> 01:11:38,485
as I can for good. 
But it's also very easy to go 

1360
01:11:38,485 --> 01:11:42,791
the other way, cause, you know. 
In a way, as far as AI is 

1361
01:11:42,791 --> 01:11:45,891
concerned, I could just as 
easily be a hacker, someone 

1362
01:11:45,891 --> 01:11:48,817
trying to break into someone's 
network, because I'm asking it 

1363
01:11:48,817 --> 01:11:52,271
questions that a hacker would be
asking it, which is you look at 

1364
01:11:52,271 --> 01:11:54,591
the, firstly, what is this? 
What device is this? 

1365
01:11:55,011 --> 01:11:57,511
Is there known vulnerability 
that I can use to attack it? 

1366
01:11:57,951 --> 01:12:01,793
And if not, for this type of 
device, what are the most common

1367
01:12:01,793 --> 01:12:04,189
ways for, you know, it doesn't 
have to be this brand, doesn't 

1368
01:12:04,189 --> 01:12:06,283
have to be. 
But if there's a common 

1369
01:12:06,283 --> 01:12:09,133
component, if there's a common 
combination of components. 

1370
01:12:09,463 --> 01:12:12,709
If you think about the range of 
things you can ask an AI, you 

1371
01:12:12,709 --> 01:12:15,559
can ask it many, many different 
ways of how to, what's the best 

1372
01:12:15,559 --> 01:12:19,178
way to attack this device. 
It's not clear yet, like I said.

1373
01:12:19,178 --> 01:12:22,148
And as I mentioned earlier, 
Anthropic recently reported that

1374
01:12:22,761 --> 01:12:27,577
they believe that it's the 
resources are being put towards 

1375
01:12:27,577 --> 01:12:31,484
nefarious users for hacking and 
by creating a hacking, 

1376
01:12:31,484 --> 01:12:35,532
autonomous hacking agent. 
It's not even someone querying 

1377
01:12:35,532 --> 01:12:37,948
anymore. 
It's someone using AI to work 

1378
01:12:37,948 --> 01:12:41,228
out how to hack everything else,
setting up an agent. 

1379
01:12:41,648 --> 01:12:47,006
So it's a double-edged sword. 
What I'm trying to do is use the

1380
01:12:47,006 --> 01:12:50,146
positive side of that sword and 
the AI to go, how do I help? 

1381
01:12:50,776 --> 01:12:53,914
How do I help rather than hurt? 
But as far as AI is concerned, 

1382
01:12:53,914 --> 01:12:56,347
it's the same. 
It's the same query, it's the 

1383
01:12:56,347 --> 01:12:59,608
same skillset, right? 
You are asking it how to, I'm 

1384
01:12:59,608 --> 01:13:03,256
asking how to, how would someone
hack it in order to protect it? 

1385
01:13:03,586 --> 01:13:04,966
They're asking how would someone
hack it? 

1386
01:13:04,966 --> 01:13:06,796
Full stop, right? 
To be able to get in. 

1387
01:13:06,916 --> 01:13:09,016
But it's the same. 
It's the same skillset. 

1388
01:13:09,625 --> 01:13:13,374
And I think, weirdly, one of the
things that was being reported 

1389
01:13:13,374 --> 01:13:16,050
as well was going back to the 
residential proxies. 

1390
01:13:16,920 --> 01:13:21,465
Apparently, there are LLMs being
who are using the residential 

1391
01:13:21,465 --> 01:13:24,955
proxy to get around scraping 
rules. 

1392
01:13:26,165 --> 01:13:27,825
So it doesn't look like they're 
the ones scraping. 

1393
01:13:27,885 --> 01:13:32,535
So I don't know how much of that
is, you know, traceable back to 

1394
01:13:32,535 --> 01:13:36,157
the LLM, but it kind of makes 
sense when you think about it, 

1395
01:13:36,157 --> 01:13:37,587
right? 
Because they, they're going, 

1396
01:13:37,587 --> 01:13:41,281
they wanna hide the activity and
get as much data as they can, 

1397
01:13:41,281 --> 01:13:44,460
but not showing that it's them. 
So they're going to people's 

1398
01:13:44,460 --> 01:13:47,685
houses and using the houses. 
It's a bit like Black Mirror, 

1399
01:13:47,685 --> 01:13:49,233
you know, it's like Black Mirror
kind of stuff. 

1400
01:13:49,233 --> 01:13:52,242
It feels very warped to be 
talking about or thinking that's

1401
01:13:52,242 --> 01:13:55,790
what they're doing. 
But the reality is if it's on 

1402
01:13:55,790 --> 01:13:59,071
the network and you can't tell, 
they can get away with it. 

1403
01:13:59,251 --> 01:14:02,037
They, it's hard for them to, I 
mean, they don't, as long as 

1404
01:14:02,037 --> 01:14:04,385
they keep quiet about it, you 
know, you can't tell it's them 

1405
01:14:04,385 --> 01:14:07,703
doing it. 
So AI is introducing new 

1406
01:14:07,703 --> 01:14:11,627
complexity, new challenges to 
cybersecurity, but it can also 

1407
01:14:11,627 --> 01:14:15,419
be like, I believe that AI for 
everything in the sense that, 

1408
01:14:16,064 --> 01:14:17,624
it's a double edged sword, 
right? 

1409
01:14:17,624 --> 01:14:20,109
You can use it, you can use it 
for good, you can use it for 

1410
01:14:20,109 --> 01:14:23,150
harm. 
So I'm focusing on trying to 

1411
01:14:23,150 --> 01:14:27,825
leverage that for good. 
But there's a lot of options for

1412
01:14:27,825 --> 01:14:29,964
attacking. 
I mean, some of the recent 

1413
01:14:29,964 --> 01:14:33,668
cases, they're just teenagers. 
Teenagers who are bored, they 

1414
01:14:33,668 --> 01:14:37,273
just miss, they're just being 
teenagers, but they have access 

1415
01:14:37,273 --> 01:14:41,436
to crazy resources now with AI. 
Some of the best known 

1416
01:14:41,436 --> 01:14:43,136
ransomware gangs are run by 
teenagers. 

1417
01:14:43,166 --> 01:14:45,607
It's, Scattered Spider is one of
them. 

1418
01:14:45,637 --> 01:14:48,112
The other one was, yeah, that, 
like I think I mentioned 

1419
01:14:48,112 --> 01:14:51,415
17-year-old kid that was 
arrested in the UK for hacking 

1420
01:14:51,415 --> 01:14:55,300
into a childcare network. 
They just, yeah, it's crazy. 

1421
01:14:55,300 --> 01:14:59,524
I mean, if you think about 40 
years ago, teenagers wouldn't 

1422
01:14:59,524 --> 01:15:02,980
even have access to, you know, a
fraction of these resources. 

1423
01:15:02,980 --> 01:15:06,156
But now you can ask ChatGPT, you
can ask Gemini, you can ask 

1424
01:15:06,156 --> 01:15:07,615
Claude. 
It's crazy. 

1425
01:15:07,615 --> 01:15:11,406
And again, I would imagine the 
lucrativity of this activity, 

1426
01:15:11,406 --> 01:15:13,192
right? 
Because like increasingly we 

1427
01:15:13,192 --> 01:15:15,661
have digital assets. 
Increasingly, we are well 

1428
01:15:15,661 --> 01:15:17,710
connected. 
Increasingly, there are so many 

1429
01:15:17,710 --> 01:15:20,481
devices that potentially kind of
like lure you into, hey, please 

1430
01:15:20,481 --> 01:15:21,475
attack me. 
Please attack me. 

1431
01:15:21,475 --> 01:15:25,705
I think that might be one of the
reasons why, you know, a lot of 

1432
01:15:25,705 --> 01:15:28,295
people trying out, right? 
And if they didn't get caught. 

1433
01:15:29,445 --> 01:15:32,707
Yeah. 
I again, I haven't really met a 

1434
01:15:32,707 --> 01:15:36,295
hacker to ask to, but I've heard
stories, enough stories, and 

1435
01:15:36,295 --> 01:15:37,875
you're right. 
It's very lucrative. 

1436
01:15:37,875 --> 01:15:41,965
One of the most disturbing ones 
I heard was, an interview with a

1437
01:15:41,965 --> 01:15:45,621
ransomware negotiator. 
This is a corporate one but he 

1438
01:15:45,621 --> 01:15:50,027
was negotiating with a guy who 
attacked a children's ICU unit. 

1439
01:15:51,047 --> 01:15:54,211
The guy, the hacker knew what he
was doing 'cause it was a, he 

1440
01:15:54,211 --> 01:15:58,145
was threatening to disconnect 
the life support for the child 

1441
01:15:58,145 --> 01:16:01,738
and kill the child. 
And he wanted to do it for 

1442
01:16:01,738 --> 01:16:02,908
money. 
He just wanted the money. 

1443
01:16:04,078 --> 01:16:07,428
When you think about how much 
technology now has operational 

1444
01:16:07,428 --> 01:16:09,429
technology, right? 
So outside of the home 

1445
01:16:09,429 --> 01:16:12,642
environment at the moment, but 
on the way here, I was just 

1446
01:16:12,642 --> 01:16:15,093
looking at LinkedIn where 
Singapore is now talking about 

1447
01:16:15,093 --> 01:16:17,103
cybersecurity standards for 
lifts. 

1448
01:16:17,878 --> 01:16:18,968
Smart lifts. 
Wow. 

1449
01:16:19,203 --> 01:16:21,989
And it just opened my, it just 
suddenly blew my mind like, oh 

1450
01:16:21,989 --> 01:16:23,263
my God, I never thought about 
that. 

1451
01:16:23,263 --> 01:16:28,195
Can you imagine if you are being
held hostage in an elevator, in 

1452
01:16:28,195 --> 01:16:30,603
the hospital when you're trying 
to get to someone? 

1453
01:16:31,346 --> 01:16:35,743
That's crazy. 
So we don't recognize how many 

1454
01:16:35,743 --> 01:16:41,135
different things are now at 
risk, let alone in the home 

1455
01:16:41,135 --> 01:16:44,125
environment where, you know, you
wanna feel safe in your home, 

1456
01:16:44,125 --> 01:16:46,341
own home. 
You wanna feel that your things 

1457
01:16:46,341 --> 01:16:48,795
are protected. 
But like I said, you know, it's 

1458
01:16:48,795 --> 01:16:51,327
like Invisible Man. 
It could be someone watching you

1459
01:16:51,327 --> 01:16:53,577
all the time, 24/7. 
And they're not even watching 

1460
01:16:53,577 --> 01:16:55,532
you. 
They're hiring an AI agent to 

1461
01:16:55,532 --> 01:16:58,429
watch you until you do something
that they're interested in and 

1462
01:16:58,429 --> 01:16:59,677
then they'll come and pay 
attention. 

1463
01:17:00,699 --> 01:17:05,222
It's not great, but it is the 
state of the, you know, the 

1464
01:17:05,222 --> 01:17:06,819
maturity of the society at the 
moment. 

1465
01:17:07,179 --> 01:17:10,303
We are very immature in the 
sense of cybersecurity, but we 

1466
01:17:10,303 --> 01:17:14,167
are also on the other side of 
the scale, very, very connected,

1467
01:17:14,167 --> 01:17:16,942
right? 
So I feel like that's an area of

1468
01:17:16,942 --> 01:17:19,906
vulnerability. 
Well, again, this conversation 

1469
01:17:19,906 --> 01:17:23,116
itself is really I would say 
insightful, at least for me, 

1470
01:17:23,116 --> 01:17:26,362
right, to open up my eyes. 
And I'm sure many people here, 

1471
01:17:26,362 --> 01:17:29,814
if they listen, they understand 
the level of... how should I 

1472
01:17:29,814 --> 01:17:32,764
say, the level of risk that 
they're exposed to. 

1473
01:17:32,794 --> 01:17:35,334
I think, hopefully, you know, 
they can do something, right? 

1474
01:17:35,334 --> 01:17:39,281
So maybe that's also the time 
for you to say a little bit of 

1475
01:17:39,281 --> 01:17:41,938
words of Otonata. 
What can you provide to people 

1476
01:17:41,938 --> 01:17:44,624
if people wanna find how to get 
help, right? 

1477
01:17:44,644 --> 01:17:47,422
Because I'm sure many people are
kinda like clueless, okay, now 

1478
01:17:47,422 --> 01:17:49,234
what? 
I need to do so many things. 

1479
01:17:49,454 --> 01:17:52,458
Yeah. 
Yeah, so the web, I've got a 

1480
01:17:52,458 --> 01:17:55,214
website, Otonata. 
O-T-O-N-A-T-A.com. 

1481
01:17:55,743 --> 01:17:59,703
It's inspired by odonata which 
is a dragonfly, and you know, 

1482
01:17:59,703 --> 01:18:02,763
it's a silent bug hunter, which 
I like the imagery. 

1483
01:18:03,883 --> 01:18:06,862
But basically there's a service 
on the, from the website, I call

1484
01:18:06,862 --> 01:18:09,878
it Hack Check, which is, like I 
said, you could take a photo of 

1485
01:18:09,878 --> 01:18:12,735
your device. 
And it might not all necessarily

1486
01:18:12,735 --> 01:18:15,501
recognize what the device is 
'cause there's millions of them.

1487
01:18:15,621 --> 01:18:18,557
But it gives you a chance to put
in the brand and the model 

1488
01:18:18,557 --> 01:18:20,670
number. 
And what we'll do is we'll scan 

1489
01:18:20,670 --> 01:18:22,896
the database and give you a very
quick response. 

1490
01:18:23,256 --> 01:18:25,986
So that's kind of the, the one 
of the easiest things you can do

1491
01:18:25,986 --> 01:18:30,111
in terms of understanding, or at
least even if you're mildly 

1492
01:18:30,111 --> 01:18:33,076
curious about your device and 
whether or not there's a known 

1493
01:18:33,076 --> 01:18:35,825
vulnerability, try it out. 
'Cause it's pretty easy, it's 

1494
01:18:35,825 --> 01:18:39,120
free. 
But if you are more serious 

1495
01:18:39,120 --> 01:18:42,945
about wanting to, I guess get 
your risk profile clearer and 

1496
01:18:42,945 --> 01:18:46,830
understand what your actual risk
is, we have a service that will 

1497
01:18:46,830 --> 01:18:49,724
send a device to your house. 
You just plug it in and we'll do

1498
01:18:49,724 --> 01:18:52,356
a full scan for you. 
There's a much more premium 

1499
01:18:52,356 --> 01:18:55,661
version, which is someone, I 
will go to your house and plug 

1500
01:18:55,661 --> 01:18:58,964
it in for you and tell you how 
to protect your house and 

1501
01:18:58,964 --> 01:19:01,994
actually help you configure your
house to manage your risk. 

1502
01:19:02,054 --> 01:19:04,838
And I think that's one of the 
key things I took away from a 

1503
01:19:04,838 --> 01:19:07,471
corporate environment, which is 
it's all about balancing the 

1504
01:19:07,471 --> 01:19:10,970
risk but we forget that the same
principles apply everywhere even

1505
01:19:10,970 --> 01:19:14,503
at home. 
So it's a conversation about 

1506
01:19:14,503 --> 01:19:18,856
finding what you have at risk 
and then taking the right 

1507
01:19:18,856 --> 01:19:22,156
efforts to protect it. 
'Cause in some cases, some of 

1508
01:19:22,156 --> 01:19:23,386
the stuff is not worth 
protecting. 

1509
01:19:23,774 --> 01:19:27,372
If it's a D-Link router and you 
have a NAS that you really want 

1510
01:19:27,372 --> 01:19:30,398
to protect and secure, if it's 
all outdated D-Link router, just

1511
01:19:30,398 --> 01:19:33,614
get rid of it. 
Like it's not, it's not worth 

1512
01:19:33,614 --> 01:19:37,314
taking extra steps to protect 
against that, if the solution is

1513
01:19:37,314 --> 01:19:41,748
just to entirely replace it. 
What I find is that there's no 

1514
01:19:41,748 --> 01:19:46,146
one size fits all formula, which
is why the service has different

1515
01:19:46,146 --> 01:19:48,946
scales. 
It can be as simple as telling 

1516
01:19:48,946 --> 01:19:52,812
you this is at risk, to telling 
you, giving you better 

1517
01:19:52,812 --> 01:19:55,674
visibility of your network to 
actually helping you change and 

1518
01:19:55,674 --> 01:19:58,512
take all the steps that you need
to protect yourself. 

1519
01:19:58,512 --> 01:20:00,822
Because no one network is the 
same. 

1520
01:20:00,972 --> 01:20:03,667
I've never seen a house that has
exactly the same configuration 

1521
01:20:03,667 --> 01:20:05,092
as another one that I've seen 
before. 

1522
01:20:05,147 --> 01:20:07,818
Yeah. 
Yeah, so the website gives you 

1523
01:20:07,818 --> 01:20:10,826
that, one, that simple hack 
check, but also more about the 

1524
01:20:10,826 --> 01:20:14,492
service and what you can do. 
Typically, a scan takes about 

1525
01:20:14,492 --> 01:20:16,992
two, three days, because it 
tries to look for all the 

1526
01:20:16,992 --> 01:20:19,354
devices and network. 
And then it tries to, like I 

1527
01:20:19,354 --> 01:20:21,727
said, knock on every door, check
every window to see whether 

1528
01:20:21,727 --> 01:20:26,010
something can be broken into. 
But the mitigation might take a 

1529
01:20:26,010 --> 01:20:28,692
bit longer depending on what the
issue actually is. 

1530
01:20:29,396 --> 01:20:32,229
It might mean having to redesign
your network. 

1531
01:20:32,319 --> 01:20:35,720
'Cause it's, like I said, in 
some cases I've seen over 50 

1532
01:20:35,720 --> 01:20:38,190
devices on the network. 
I've got more than 50 devices on

1533
01:20:38,190 --> 01:20:40,710
my network. 
And my network is segmented to 

1534
01:20:40,710 --> 01:20:44,957
manage my risk profile. 
So it's not always gonna be the 

1535
01:20:44,957 --> 01:20:46,632
exact same solution for 
everybody. 

1536
01:20:46,902 --> 01:20:49,801
It's gonna be what do you, how 
do you wanna live your life with

1537
01:20:49,801 --> 01:20:51,907
your devices, right? 
How do you wanna be comfortable 

1538
01:20:51,907 --> 01:20:55,015
with what you use? 
And this is the solution that 

1539
01:20:55,015 --> 01:20:58,099
would give you the best 
protection while still keeping 

1540
01:20:58,099 --> 01:21:00,507
it convenient. 
Because you don't wanna, like I 

1541
01:21:00,507 --> 01:21:03,413
said, you don't wanna go crazy 
having three locks on your front

1542
01:21:03,413 --> 01:21:06,217
door, two locks on your window. 
Every time you wanna open a 

1543
01:21:06,217 --> 01:21:08,172
window you gotta do magic 
tricks, you know, to do that, 

1544
01:21:08,172 --> 01:21:09,625
right? 
It's finding the right balance 

1545
01:21:09,625 --> 01:21:11,984
of risk. 
So yeah, that's what Otonata 

1546
01:21:11,984 --> 01:21:13,812
does. 
It gives you very tailored 

1547
01:21:13,812 --> 01:21:17,323
advice around what are you 
trying to achieve with what you 

1548
01:21:17,323 --> 01:21:20,407
have, so that you don't have to 
worry about it. 

1549
01:21:20,467 --> 01:21:22,397
Like going back to what I said 
at the start. 

1550
01:21:23,278 --> 01:21:26,838
Having a lot of small decisions 
to make can be very fatiguing. 

1551
01:21:27,378 --> 01:21:30,253
Unfortunately, when we 
accumulate devices, we sign 

1552
01:21:30,253 --> 01:21:33,628
ourselves up to the obligation 
of looking after all these 

1553
01:21:33,628 --> 01:21:35,543
things. 
But we don't do any of that. 

1554
01:21:35,993 --> 01:21:38,813
'Cause it's boring. 
It's so tedious. 

1555
01:21:38,933 --> 01:21:42,517
So I've taken my operational 
background expertise, applied a 

1556
01:21:42,517 --> 01:21:44,873
more scalable process to 
managing it for you. 

1557
01:21:45,357 --> 01:21:48,020
The last part of the service is 
actually offline monitoring. 

1558
01:21:48,620 --> 01:21:51,886
So the starting point of the 
Otonata service is do a 

1559
01:21:51,886 --> 01:21:55,545
inventory of what you have, do a
vulnerability scan of all the 

1560
01:21:55,545 --> 01:21:58,874
ways someone could attack you. 
Mitigate what your profile 

1561
01:21:58,874 --> 01:22:01,530
should look like based on what 
risk you want. 

1562
01:22:02,040 --> 01:22:05,668
But after that, we've exited 
your premises, but I know 

1563
01:22:05,668 --> 01:22:07,200
exactly all the devices that you
have. 

1564
01:22:07,920 --> 01:22:11,250
And what we can do is, as new 
information comes about from a 

1565
01:22:11,250 --> 01:22:14,660
vulnerability point of view, we 
can go, hey, you've got this 

1566
01:22:14,660 --> 01:22:16,815
device. 
Last week, it was established 

1567
01:22:16,815 --> 01:22:18,915
that this is how you would hack 
into it. 

1568
01:22:19,455 --> 01:22:21,970
We can tell you. 
So it's almost like I don't 

1569
01:22:21,970 --> 01:22:24,730
actually have to be at your 
house anymore, but I know all 

1570
01:22:24,730 --> 01:22:27,502
the stuff you have and I can, 
I'm proactively looking out for 

1571
01:22:27,502 --> 01:22:31,114
all your things. 
In supermarkets, there's recalls

1572
01:22:31,114 --> 01:22:35,958
where if you bought a dodgy food
item, right? 

1573
01:22:35,958 --> 01:22:37,868
They go, oh, you gotta bring 
this one back. 

1574
01:22:37,868 --> 01:22:40,148
It's not safe for you to eat, et
cetera, et cetera. 

1575
01:22:40,718 --> 01:22:43,928
No one pays attention to recalls
for your devices, unfortunately.

1576
01:22:44,648 --> 01:22:47,816
Firstly, no one even has recalls
for devices 'cause they want to 

1577
01:22:47,816 --> 01:22:50,030
keep it quiet. 
They don't want you to think 

1578
01:22:50,030 --> 01:22:52,628
about the brand being affected. 
But we'll do that for you. 

1579
01:22:52,628 --> 01:22:55,689
'Cause it's, I've got the 
processes automated, it's 

1580
01:22:55,689 --> 01:22:58,296
scalable. 
I have hundreds and thousands of

1581
01:22:58,296 --> 01:23:00,879
devices. 
I can check them on a daily 

1582
01:23:00,879 --> 01:23:03,253
basis. 
It's not something that I would 

1583
01:23:03,253 --> 01:23:07,119
expect anyone to be, oh, today I
gotta check everything on my 

1584
01:23:07,119 --> 01:23:09,896
list, right? 
So that's why I've automated and

1585
01:23:09,896 --> 01:23:12,991
taken away the fatigue of having
those micro decisions. 

1586
01:23:13,251 --> 01:23:16,680
So it's really that step 
process: having your inventory 

1587
01:23:16,680 --> 01:23:19,273
list built, doing a 
vulnerability scan, mitigating 

1588
01:23:19,273 --> 01:23:21,811
the risks and then doing offline
monitoring. 

1589
01:23:22,171 --> 01:23:27,411
And for me, like I said, that 
gives you enough protection to 

1590
01:23:27,411 --> 01:23:30,021
be more resistant. 
It's not gonna be, I can't 

1591
01:23:30,021 --> 01:23:31,202
guarantee that you won't get 
hacked. 

1592
01:23:31,562 --> 01:23:36,692
But I can tell you that compared
to 99.9% of the population, you 

1593
01:23:36,692 --> 01:23:38,792
are in a much better spot 
already just by doing these 

1594
01:23:38,792 --> 01:23:39,977
things. 
Right, right. 

1595
01:23:40,907 --> 01:23:42,467
Wow. 
So very comprehensive. 

1596
01:23:42,467 --> 01:23:45,977
I'm sure if people would want to
protect themselves better, they 

1597
01:23:45,977 --> 01:23:47,297
can check out your website, 
right? 

1598
01:23:47,297 --> 01:23:50,997
And maybe engage you. 
Is there any kind of like, I 

1599
01:23:50,997 --> 01:23:53,987
dunno, like good stories? 
Good, you know, like service 

1600
01:23:53,987 --> 01:23:58,023
that you did for us just to 
learn, be curious, like what 

1601
01:23:58,023 --> 01:24:02,363
kind of service that you have 
saved, for example, in terms of,

1602
01:24:02,363 --> 01:24:06,228
you know, big profiles or maybe 
those kind of stuff, if you can 

1603
01:24:06,228 --> 01:24:10,111
share? 
At the moment, so because of my 

1604
01:24:10,111 --> 01:24:12,189
target audience, it's more 
discreet. 

1605
01:24:12,359 --> 01:24:15,740
That's part of what I, what I 
bring to the table as well. 

1606
01:24:16,140 --> 01:24:21,510
I have worked with people who 
were embarrassed to have had 

1607
01:24:21,510 --> 01:24:23,580
vulnerabilities that were fairly
basic. 

1608
01:24:24,261 --> 01:24:28,401
IT leaders who had "adminadmin",
thought leaders. 

1609
01:24:28,491 --> 01:24:33,715
Like I said, ASX 20 CEOs that 
have had devices that have been 

1610
01:24:33,715 --> 01:24:36,936
ransom hacked that they didn't 
know about. 

1611
01:24:37,601 --> 01:24:39,191
I wouldn't share any direct 
stories. 

1612
01:24:39,191 --> 01:24:44,757
I think what for me, it's more 
the amount of creative 

1613
01:24:44,757 --> 01:24:48,591
situations that have been, I 
guess publicly disclosed in, 

1614
01:24:48,591 --> 01:24:53,924
even in the last three years. 
One, I was just talking to 

1615
01:24:53,924 --> 01:24:56,768
someone about today was 
politicians being caught in 

1616
01:24:56,768 --> 01:24:59,744
compromising positions through 
cameras. 

1617
01:25:00,538 --> 01:25:05,148
IP cameras. 
So it's a bit scandalous, right?

1618
01:25:05,508 --> 01:25:08,448
When you think about the, you 
know, people in high positions 

1619
01:25:08,448 --> 01:25:14,023
and being caught, found dirty. 
But if you zoom out a bit 

1620
01:25:14,023 --> 01:25:17,072
further and you go, how did 
someone get access to that 

1621
01:25:17,072 --> 01:25:20,700
material in the first place? 
And does it mean that everyone 

1622
01:25:20,700 --> 01:25:23,316
has access to everything? 
It's quite concerning. 

1623
01:25:23,846 --> 01:25:28,586
So it's a bit juicy. 
Yeah, it's a bit, it's a good 

1624
01:25:28,586 --> 01:25:32,910
source of gossip. 
But it risks missing the point 

1625
01:25:32,910 --> 01:25:37,054
of how vulnerable we are as a 
society. 

1626
01:25:37,589 --> 01:25:38,704
Wow. 
Right. 

1627
01:25:38,704 --> 01:25:42,336
So like I said when you hear the
more serious cases around 

1628
01:25:42,786 --> 01:25:47,924
critical operational technology 
being compromised, it's very 

1629
01:25:47,924 --> 01:25:49,966
raw. 
Like, you know, people's actual 

1630
01:25:49,966 --> 01:25:52,419
lives are being affected. 
But at the same time, you gotta 

1631
01:25:52,419 --> 01:25:55,306
zoom out and go how do we stop 
this from happening to, you 

1632
01:25:55,306 --> 01:25:59,322
know, people we care about? 
It is a bit distance when you 

1633
01:25:59,322 --> 01:26:01,205
see someone else, being attacked
and affected. 

1634
01:26:01,860 --> 01:26:05,340
But when it actually hits you, 
it's a, you know, it's, yeah, 

1635
01:26:05,340 --> 01:26:07,228
it's very concerning. 
So, yeah, sorry, I don't have a 

1636
01:26:07,228 --> 01:26:08,505
juicy story to share. 
It's okay. 

1637
01:26:08,655 --> 01:26:11,195
I think that's quite revealing 
enough for us to understand the 

1638
01:26:11,195 --> 01:26:15,048
kind of impact that, you know, 
we might get affected, I guess 

1639
01:26:15,048 --> 01:26:19,100
one day, right? 
When this becomes like a more 

1640
01:26:19,100 --> 01:26:22,119
riskier attack vectors. 
Possibilities are more endless, 

1641
01:26:22,119 --> 01:26:23,895
right? 
So I think thanks for sharing 

1642
01:26:23,895 --> 01:26:26,629
that. 
I was gonna say, I think with 

1643
01:26:26,629 --> 01:26:30,027
the automation and if you 
project a bit further to what 

1644
01:26:30,027 --> 01:26:33,114
the trends are with the Tesla 
robots, with the humanized 

1645
01:26:33,114 --> 01:26:36,577
robots, with self-driving cars, 
I think once there's a much 

1646
01:26:36,577 --> 01:26:39,867
bigger overlap between physical,
the physical world and the 

1647
01:26:39,867 --> 01:26:42,895
digital world. 
And you can extend it to 

1648
01:26:42,895 --> 01:26:45,562
Neuralink like how people's 
brains are gonna be connected 

1649
01:26:45,562 --> 01:26:48,912
and wired up. 
That's why I'm trying to get the

1650
01:26:48,912 --> 01:26:52,028
message out now earlier, because
by the time we get there, it's 

1651
01:26:52,028 --> 01:26:55,215
not just gonna be your digital 
assets that are risk, it's gonna

1652
01:26:55,215 --> 01:26:58,432
be your physical wellbeing. 
I mean, they've already shown 

1653
01:26:58,432 --> 01:27:00,197
cars to be hacked while being 
driven. 

1654
01:27:00,389 --> 01:27:01,187
Wow. 
Right. 

1655
01:27:01,307 --> 01:27:05,803
So you extend that further. 
If you are not taking steps now 

1656
01:27:05,803 --> 01:27:10,151
to protect some of the basics 
hygienes, when you get to a 

1657
01:27:10,151 --> 01:27:13,637
point of having a humanoid robot
helper in your kitchen or your 

1658
01:27:13,637 --> 01:27:16,747
self-driving car is driving you 
to work, you're gonna set 

1659
01:27:16,747 --> 01:27:21,047
yourself up for a world of pain 
because some of these basics 

1660
01:27:21,047 --> 01:27:23,387
haven't been embedded into your 
normal. 

1661
01:27:23,687 --> 01:27:27,015
You can't expect them to be 
covering every possible threat, 

1662
01:27:27,015 --> 01:27:30,179
right? 
So that's why I think we are not

1663
01:27:30,179 --> 01:27:34,463
there yet, but given the trends 
of how things are converging 

1664
01:27:34,463 --> 01:27:38,345
with networked physical devices,
it's gonna get scary. 

1665
01:27:38,705 --> 01:27:42,647
So, you know, as much as 
possible start learning the 

1666
01:27:42,647 --> 01:27:46,365
basics to prepare yourself for 
when, yeah, you've got a robot 

1667
01:27:46,365 --> 01:27:50,093
driving a car and your child to,
I don't know, whatever activity 

1668
01:27:50,093 --> 01:27:51,962
they've got, right? 
All of that is kind of 

1669
01:27:51,962 --> 01:27:52,628
susceptible. 
Yeah. 

1670
01:27:53,208 --> 01:27:55,989
So yeah, probably now it's not 
enough to just understand 

1671
01:27:55,989 --> 01:27:58,677
physical safety anymore. 
Digital safety, definitely very 

1672
01:27:58,677 --> 01:28:01,222
important. 
And we should not just focus a 

1673
01:28:01,222 --> 01:28:03,553
lot on, you know, identifying 
scams, you know, these deep 

1674
01:28:03,553 --> 01:28:05,673
fakes, which is kind of like now
the trends, right? 

1675
01:28:06,093 --> 01:28:08,677
But obviously these kind of 
attacks is also one thing that 

1676
01:28:08,677 --> 01:28:10,171
throughout this conversation I 
learn a lot. 

1677
01:28:10,471 --> 01:28:12,871
And hopefully people start 
having that awareness. 

1678
01:28:13,081 --> 01:28:16,187
You know, try to do something. 
Or even understand why all these

1679
01:28:16,187 --> 01:28:18,301
becomes risky over the time as 
well. 

1680
01:28:18,631 --> 01:28:19,921
So I think thanks for sharing 
that. 

1681
01:28:20,434 --> 01:28:23,404
I know we've talked a lot. 
We've got only one question that

1682
01:28:23,404 --> 01:28:26,115
I would like to ask you to wrap 
up our conversation. 

1683
01:28:26,475 --> 01:28:28,815
I call this the three technical 
leadership wisdom. 

1684
01:28:28,845 --> 01:28:31,993
So just think of it like advice 
that you wanna give, maybe, you 

1685
01:28:31,993 --> 01:28:35,491
know, pieces of wisdom that you 
wanna share to the listeners 

1686
01:28:35,491 --> 01:28:37,820
here today. 
Yeah, what would that be? 

1687
01:28:38,665 --> 01:28:42,738
So sourcing from Lean. 
Like I said, first one, I would 

1688
01:28:42,738 --> 01:28:44,070
reiterate is "can doesn't mean 
should". 

1689
01:28:44,980 --> 01:28:48,083
Like a lot of times we're not 
deliberate enough or we get 

1690
01:28:48,083 --> 01:28:51,025
caught up with a shiny new thing
that we don't really think about

1691
01:28:51,025 --> 01:28:54,215
the value that it adds. 
Go back to Lean principles, 5S. 

1692
01:28:54,395 --> 01:28:57,406
Clear out the things that you 
actually don't need to reduce 

1693
01:28:57,406 --> 01:28:59,610
your footprint. 
Reducing your footprint also 

1694
01:28:59,610 --> 01:29:01,042
means reducing your attack 
surface. 

1695
01:29:01,612 --> 01:29:04,308
A lot of times I, quite frankly,
I've still got devices that I 

1696
01:29:04,308 --> 01:29:06,180
know I need to clean up. 
I just haven't got around to do 

1697
01:29:06,180 --> 01:29:08,350
it. 
But if you're not even thinking 

1698
01:29:08,350 --> 01:29:10,672
about it, then you are 
constantly gonna be leaving 

1699
01:29:10,672 --> 01:29:12,967
yourself open for no benefit, 
right? 

1700
01:29:13,297 --> 01:29:17,030
So can doesn't mean should. 
Like I almost, if that's the one

1701
01:29:17,030 --> 01:29:19,942
thing like for people to take 
away from. 

1702
01:29:20,512 --> 01:29:23,602
But if you can also be more 
aware of your digital hygiene. 

1703
01:29:24,442 --> 01:29:28,966
So things that we access, things
that we put up on the cloud, 

1704
01:29:28,966 --> 01:29:31,942
they're all our digital assets, 
our footprints. 

1705
01:29:32,842 --> 01:29:36,512
It's almost like having, you 
know, basic dental checkups. 

1706
01:29:36,932 --> 01:29:40,538
There are things that we take 
for granted as minimum standards

1707
01:29:40,538 --> 01:29:42,722
of hygiene for ourselves, for 
our self-care. 

1708
01:29:43,472 --> 01:29:46,682
Think about that being applied 
to your digital life, right? 

1709
01:29:46,682 --> 01:29:52,437
So in terms of your data, in 
terms of your passwords, your 

1710
01:29:52,437 --> 01:29:55,808
admin, your router firmware. 
There should be a list of things

1711
01:29:55,808 --> 01:29:57,982
that you need to be doing on a 
yearly basis. 

1712
01:29:57,982 --> 01:29:59,892
Like you go to a dentist once or
twice a year. 

1713
01:30:00,222 --> 01:30:04,182
There needs to be that level of 
self-care for your digital 

1714
01:30:04,182 --> 01:30:05,976
footprint, right? 
There has to be a level of 

1715
01:30:05,976 --> 01:30:08,636
digital hygiene. 
If you don't do, if you're not 

1716
01:30:08,636 --> 01:30:10,932
even thinking about it all, you 
won't do any of it. 

1717
01:30:11,352 --> 01:30:16,692
Just put some thought and time 
into what should you do and then

1718
01:30:16,842 --> 01:30:20,472
create a process that gives you 
a reminder once a year, 

1719
01:30:20,472 --> 01:30:23,865
something. 
In Australia, they remind you to

1720
01:30:23,865 --> 01:30:26,830
change your smoke alarm 
batteries when there's daylight 

1721
01:30:26,830 --> 01:30:29,560
savings. 
So there's a kind of a mnemonic 

1722
01:30:29,560 --> 01:30:32,420
around the relationship between 
time and having to do something,

1723
01:30:32,420 --> 01:30:34,299
right? 
Create something like that for 

1724
01:30:34,299 --> 01:30:37,539
your own digital hygiene. 
Whether it's deleting your 

1725
01:30:37,539 --> 01:30:41,673
photos that you... screenshots 
for example of information. 

1726
01:30:41,673 --> 01:30:45,201
Like stuff like that where you 
actually consciously go through 

1727
01:30:45,231 --> 01:30:47,301
cleaning up house every now and 
then. 

1728
01:30:47,958 --> 01:30:51,351
And like I said, thinking in 
mind around your cybersecurity 

1729
01:30:51,351 --> 01:30:53,949
posture is be the path of 
greater resistance. 

1730
01:30:55,119 --> 01:30:58,236
Even if you're not doing 
everything I talked about, even 

1731
01:30:58,236 --> 01:31:03,663
if you're not taking crazy steps
to protect your house and your 

1732
01:31:03,663 --> 01:31:08,768
assets, do something that makes 
it, that pushes you along in the

1733
01:31:08,768 --> 01:31:12,185
distribution curve, right? 
Makes it a little bit harder 

1734
01:31:12,185 --> 01:31:16,031
than the next guy, because 
700,000 devices right now on the

1735
01:31:16,031 --> 01:31:19,010
botnet. 
Those are already at the, this 

1736
01:31:19,010 --> 01:31:20,810
is, that's the easy stuff, 
right? 

1737
01:31:20,810 --> 01:31:23,502
There was people not doing 
anything about it and going, you

1738
01:31:23,502 --> 01:31:24,920
know what? 
Hack me, I don't care. 

1739
01:31:24,980 --> 01:31:27,050
Those are the people, you don't 
wanna be in that group. 

1740
01:31:27,350 --> 01:31:29,750
You wanna be in the ones that 
have a stronger password. 

1741
01:31:30,110 --> 01:31:33,762
You wanna be in the ones that 
have paid attention to the 

1742
01:31:33,762 --> 01:31:37,520
firmware and made it a little 
bit harder because then at least

1743
01:31:37,520 --> 01:31:40,165
you're not as exposed. 
Especially if you're high, if 

1744
01:31:40,165 --> 01:31:42,762
you've got stuff to lose, if you
are a higher net worth 

1745
01:31:42,762 --> 01:31:46,437
individual. 
Like I said, you don't want to 

1746
01:31:46,437 --> 01:31:50,082
lose your digital assets, your 
bank accounts, your financial. 

1747
01:31:50,112 --> 01:31:54,062
You don't have financial losses,
you don't have emotional turmoil

1748
01:31:54,062 --> 01:31:56,742
and losses because someone's 
compromised you. 

1749
01:31:57,042 --> 01:32:00,712
So path of greater resistance, 
whatever steps you can take 

1750
01:32:00,712 --> 01:32:04,242
towards being that. 
By all means, take a first step 

1751
01:32:04,242 --> 01:32:07,337
and see how far you can go. 
If you need help, give me a 

1752
01:32:07,337 --> 01:32:10,365
call. 
I really love that. 

1753
01:32:10,365 --> 01:32:14,252
Very, how should I say, fit into
the theme as well, what we 

1754
01:32:14,252 --> 01:32:16,505
discussed, right? 
So, again, thank you so much, 

1755
01:32:16,505 --> 01:32:19,728
Joseph, for sharing all this. 
I think again this is a very 

1756
01:32:19,728 --> 01:32:21,570
good awareness session for all 
of us. 

1757
01:32:21,660 --> 01:32:24,164
If people love this 
conversation, they would like to

1758
01:32:24,164 --> 01:32:26,920
connect with you, ask you more 
questions, is there a place to 

1759
01:32:26,920 --> 01:32:28,410
reach out? 
Yeah, my website. 

1760
01:32:28,590 --> 01:32:30,960
So Otonata. 
O-T-O-N-A-T-A.com. 

1761
01:32:31,230 --> 01:32:33,540
Alright. 
Alright, so that's a wrap. 

1762
01:32:33,540 --> 01:32:35,310
So again, thank you so much for 
coming here. 

1763
01:32:35,700 --> 01:32:36,610
Thank you. 
Thanks for having me. 

1764
01:32:36,610 --> 01:32:37,600
That was fun.
