badezimmer modern planen
one of the big things in dc is black mail this is how it's done this is how you control someone of influence sometimes you're not trying to get data from a network sometimes you're trying to manipulate an organization from the inside they had very influential people submit because they had stuff on them this is the next generation of nation-state cyber warfare welcome to the edge of wonder we have a very special episode for you with a slightly more serious tone
compared to our previous episodes but we hope you will keep watching till the end because this is about very sensitive information, social media and how your personal data is being compromised on this episode we had the amazing opportunity to sit down with james scott who is the senior fellow and co-founder of the institute for critical infrastructure technology senior fellow at the center for cyber influence operations studies and center for space warfare studies
and that's the longest title we've ever heard but rightly so this guy knows so much alright so we hope you enjoy part one of this two part special series so without further ado let's meet james scott okay, hey everybody, we're here with james scott senior fellow at the center for space warfare studies james, thanks a lot for being with us today
thanks for having me so ben and i are actually pretty excited to have james with us because he has a lot of information a lot of which we can't talk about on the screen but we're gonna try to get as much out of them as we can very true alright, so james, thanks a lot for being here yeah, great okay, so what we want to talk about first here
first thing i kind of wanted to discuss with you was any information that we can get about our cellphones everybody out there is using cellphones right now there's a lot of information on our cellphones and a lot can be done with code that i think a lot of people aren't aware of well, especially with like the whole thing with facebook in the news about monitoring phone activity data all that stuff i mean how can we be manipulated with our phones
can you tell us a little bit about that i can throw your phone at you and it will really hurt you that is true, please don't do that i manipulated your psychology with the uh i hadn't even had which one yeah, the phone we have this thing happening now, it's called cyborgification right and cyborgification is just the technological extension of oneself in order to make up for
the vulnerabilities in the human condition right so this cellphone can be used for good to call your mom but it can also be weaponized against you as a surveillance tool it's something that people take to the bathroom with them you take it everywhere so you have multiple things that can happen your gps i mean if you go to facebook as soon as you're talking about facebook just from the app, it tracks you and i don't really see the reason why
the facebook app should be collecting that type of metadata why yeah, i don't know i don't want facebook to know i'm in the bathroom with it i know but dude zuckerberg knows he knows, he knows you're in the bathroom because you're that important he wants to know what if the camera turns on and you are looking at it, you know so that's another thing
it's not just the metadata it's not just a gps they call it hot micing there's camera activation malware as well and this is very common, it's on your computer we put on your computer it's in the intelligence community it's a blackmail tool the vulnerability isn't necessarily just the phone
but it's the apps that you have on your phone you should always have your privacy settings maximized any apps that are not absolutely necessary you should just delete off your phone and then reboot your phone, you know because a lot of times you have remnants of the app in there it accumulates over time too so i deleted facebook off my phone and for 24 hour, even 48 hours it still said a deleted app was still using like my battery power
yeah and i was like, what in the world is going on this is crazy yeah, we advised to congress the intelligence community i got an sms text one time i thought it was from my son who's in college it was a spoofed thing because i responded i wasn't getting response back so i was getting worried and called him he's like, i didn't call you, i didn't text you whatever
i had pressed on a link that delivered a payload into my phone i didn't realize until like two days later i couldn't keep the battery charged and so i took it to a friend of mine at darpa and he found a hot mic camera activation malware so they were listening to me and i don't know maybe seeing i don't know, but both payloads were on the phone but this stuff is normal like in our industry, a lot of politicians don't understand, they don't have cyber hygiene of course not
they're writing legislation about that i'm not saying anything bad about that they a little bit old like my mom with her cell phone, my dad with his cellphone so one of the big things in dc is blackmail that's how you control a politician and when you get somebody you have a guy or lady or whatever that is it's 3:00 a.m.
and they are behind their computer you know what they're doing that's when the russian nation state their apts (automatically programmed tool) the chinese nation state apts muslim brotherhood is probably a sort of caliphate yeah so this is how it's done i mean i don't do it i'm just saying this is how they do it this is one of the ingredients
a payload is a compiled tools and they call it malware or ransomware i mean whatever but it scans your system, finds the vulnerability on your computer in your server and it delivers tools so it's a hacking term and so an example i deal a lot with critical infrastructure so one thing that most nation-states want to get access to are critical infrastructure executives with elevated privileges which means they have access to ip, electronic health records like the actual treasure trove of all that data
so it's within the best interest of our adversary to go after those guys so you do a thing called spear phishing where you act like you're a recruiter you give them a call, hey look i got this job, twice what you're making now i'm gonna send you their offer don't tell anybody keep this on download and then they deliver that and what it does it'll have camera mic activation
but it also has things like remote access trojan so the objective then becomes to get into the network at that critical infrastructure facility maybe the grid to get into the network and move laterally throughout the network in search of the data okay, and then you set up the remote access trojans to be able to pull out that data it gets more specific than that but i think that's easier than it sounds
your phone, your apple watch like in my industry i can't have that watch really so they may be listening to things on there right yeah, yeah so and then you actually at the nsa (national security agency) you have to take them and put them in a locker which is a faraday cage you know you can't even bring your laptop
what's that or a lead locker or something it's like i don't know it might be made of material where you can't send frequencies out to that's very interesting okay, so earlier, we were kind of talking about different things that can actually do with the phone and send out signals to even manipulate the human body can you talk a little bit about this
yeah, frequencies demonstrated that they can have an effect good or bad on the individual psychology the brain waves malware as this is hyper evolving this space nation-state advanced persistent threats the russian actor, the chinese sometimes you are trying to manipulate an organization from the inside you want there to be disunity you're trying to
from a psychological warfare perspective, you're trying to do reputational harm to the individual make it seem like this other person is saying this about them you know what i mean you kind of like influence operations information warfare but this is more psychological warfare so it's a little different so this particular payload, it was just code okay so as part of the payload maybe it's just a frequency that emits from the computer where you can't hear it but it has a physical effect
interesting migraines, vomiting, aggressive behavior and it surprises me that nobody's really talking about this because this is the next generation of nation-state cyber warfare yes i was gonna say it too i mean for example we're talking about china what if they had this technology could they put this and like on a mass scale like on a cell phone well you wouldn't want it to get out
so what you would do is you would focus on the consulate system or the state department or like a critical agency a critical silo within an important agency wow that's you would target because you wouldn't want it to get out because with malware there are signatures and there's timestamps so you can forensically analyze these stuff to get a good idea of where it's coming from
in a few years, after this type of payload becomes more commonplace you have the russians who will make an extremely sophisticated variance of this malware and leave it in a network where it's found just as a demonstration of skill that's part of psychological warfare with nation-states too that's crazy so i think this will come on real quick just like the weaponization of metadata like we saw with cambridge analytica and facebook with what we saw during the elections with between the russians, the chinese, special interest groups how they were using metadata
putting it into a big data analytics algorithm customizing a psychographic targeting tool, and weaponizing cookies so now if you are a pro-trump guy all you're seeing is pro-trump, pro-trump, pro-trump everywhere banners are falling everywhere facebook weaponizes the platform against their users they've been doing that for years google does the same thing twitter does the same thing
they mute hashtags that are actually organically viral so yeah, i think the most fascinating part like just kind of going back to what you're talking about like they can just manipulate part of the human body to make him do stuff yeah, and this stuff is very real just look at this research what darpa is experimenting with you know what they're doing in israel with their science this stuff it's funny. i mean i take it for granted because i'm around this stuff all the time down there with a think tank you know
but it surprises me how little people understand about the weaponization of code and the manipulation of code, the manipulation of perception by weaponizing metadata like the combination, the variation and then a number of actors that are in this space and the thing is you know cambridge analytica was the least sophisticated from a big data science perspective the thing that made them potent was their black mail and black mail is very real so they had very influential people submit because they had stuff on them
all you do is step back and okay well what can be done with code this is how nation-states are thinking how can we inflict as much pain into this key person quick this is more a question for the audience then and it is for me but why would someone want to inflict that kind of pain on someone give me a scenario maybe where there's an influential person and they're doing something someone doesn't like who's the the kind of person that would try to inflict that pain and what would they be trying to do
sure, so you look at a nation-state like china they have their 13th five-year plan and psychological warfare influence operations all that stuff is rolled up in that plan so what they would do is target an ambassador that we have reputational harm comes first real or imagined so they'll make something up if they don't have anything on the guy they will follow this guy learn his habits, how he takes his coffee, like everything
this is their espionage the chinese are clunky and awkward with their espionage this stealth and sophistication comes from the u.s., israel and russia and it's the hacking styles, it's the same too so you have the stealth and sophistication like chess [game] coming from russia and then you have loud and clangy coming from the chinese kind of like how their products work in real life yeah yeah with building vulnerabilities
but somehow people keep buying them yeah, building vulnerabilities is for the chinese 13th five-year plan a lot of people don't understand that they are required to have a chinese communist party person on the manufacturing floor of every manufacturer facility now that's a party member yeah and you have an iphone, which is now being manufactured in china so who knows what's in my iphone exactly
i guess, yeah so that too, that's how that works and now dc is full of private intelligence firms so we contribute to some as well for national security there are some that do not play by the rules so we have a problem with that in dc between politicians they'll have a political action committee they're getting money for whatever they will take the initiative to go and intimidate this other guy to signing on to this piece of legislation because the signature is needed
so that's the kind of thing and everybody has something on everybody down there and so it's okay if you do we're gonna mention this we're gonna talk about your 18 or 17 year old girlfriend you know we're gonna convince her, pressure her in the chart you know that how dirty this gets well when you're dealing with nation state vs nation state or nation state vs an important executive here that's when things get really dirty
well we hope you enjoy part one of the special episode with james scott be sure you guys tune in next week for part two with james where he unveils even more crazy things you guys need to know about until then, we'll see you guys out on the edge
