The World's First Hackocracy With Geoff White

Show Notes

In this episode of The Entropy Podcast, Francis Gorman sits down with British investigative journalist, author and BBC podcaster Geoff White to go inside the world of organised cybercrime and the regimes that increasingly depend on it.

Geoff has spent years embedded in the underbelly of the cyber economy, from ransomware syndicates to state-sponsored hacking operations, and he brings a working journalist's eye to questions most security professionals only ever see from the defender's side. The conversation opens by dismantling the hoodie-in-a-basement myth: ransomware groups like Conti are run as businesses, with HR functions, payroll, performance management, customer support teams, and an obsession with professional polish. Geoff walks through what the leaked Conti messages reveal about how these organisations think of themselves including the striking self-description of their work as "postpaid penetration testing."

The conversation then turns to North Korea, where Geoff lays out the case for what he calls a "hackocracy" — a regime increasingly funded by computer hacking. Drawing on US government estimates and his own analysis, he explains how cryptocurrency theft is keeping the North Korean state afloat, why sanctions are losing their bite, and why this should worry anyone who relies on the global supply chains that pass through the Korean peninsula. Francis and Geoff also dig into the moral and practical reality of the "don't pay the ransom" position, the weaknesses that still let attackers in, and the systemic role of money laundering as the unspoken second half of every major cybercrime story.

The episode closes on the most timely thread: AI as an inherently deceptive technology. Geoff makes the case that systems like ChatGPT are designed from the ground up to fool users into thinking they're human and that this design philosophy has serious implications for the next generation of social engineering attacks. The conversation ends with a frank exchange on Anthropic's recent walk-back of its core safety commitments and what it signals about the industry's direction.

Key Takeaways

• Ransomware gangs run themselves as businesses, not basements. 
• The economics of ransomware are extraordinary. 
• Money laundering is half the story. 
• North Korea is becoming a hackocracy. 
• A national ban on ransom payments would work eventually. .
• Humans are still the attack surface and AI makes that worse.

Soundbites

 "In order to earn the kind of money that Conti was earning, the average Russian would have had to work for 400 years. So in a single ransom, you can make not just your life's money, but the money for the life of all of your family around you as well." — Geoff White 

 "Within the next five to ten years, North Korea could become the world's first hackocracy — a regime entirely funded by computer hacking." — Geoff White 

 "Our world is not being run by lovely rational AI. It's human beings who are deciding what happens." — Geoff White 

Transcript

Francis Gorman (00:03.633)
Hey everyone, welcome to the Entropy Podcast. I'm your host, Francis Gorman. Before we dive in, if today's conversation challenges you, sparks a new idea or sharpens how you think about the world, don't keep it to yourself. Subscribe, leave a review and share the episode with someone who enjoys staying curious. Today I'm joined by Geoff White, a British investigative journalist, author and podcaster whose work explores the intersection of technology, cybercrime and organized crime. His investigations have featured on the BBC News and BBC World Service, including the Lazarus Heist.

And he has reported on topics ranging from billion dollar cyber heights to global money laundering networks and crypto crime. He is also the author of books including crime.com, the Lazarus heist and rinsed. Geoff, it's lovely having you here with me today.

Geoff White (00:46.766)
Thanks, thanks for having me.

Francis Gorman (00:49.051)
Geoff, I was looking forward to this conversation, not only because you're a fantastic storyteller, but because of your years working in the world of cybercrime, specifically around ransomware groups like Conti and others and nation states like North Korea, you have a really unique perspective on the world that is the underbelly that comes up and attacks organizations at different points in time. When people hear ransomware gang,

They probably get a picture of a hoodie in a basement or a dark room and someone working on a laptop. After speaking and interfacing with these groups, what should they picture instead?

Geoff White (01:20.034)
Yeah.

Geoff White (01:26.67)
Yeah, I think that's a really important point, Francis, that you make, you know, the imagery around these groups is of the dark, shadowy, hooded character. That is just not how the gangs see themselves. They see themselves as partly legitimate businesses. I genuinely think that. I think it's a part of their brain that knows that what they're doing is wrong. It's very hard not to understand that, you know, scrambling somebody's data and holding it to ransom is a crime and you're committing a crime.

But I think what's happening here is if you're going to get involved in these hacking exercises and ransomware exercises from the criminal side, you're to have to be quite smart. mean, these are not stupid people. know, they're not smashing somebody over the head and, you know, nicking their phone. They're quite advanced crimes. They take a lot of skill to plan and to execute. These people are bright. And if you're a bright person, I think that waking up every day and blackmailing people and extorting them.

is something that's quite hard to do. think that's just psychologically quite tough to take on. So you have to have a cover story. You have to reframe it for your brains so that you're able to wake up every day and do this. And I think the way that these ransomware gangs do that is by saying, we are a business. Our business is encryption software. We hit companies with that encryption software. And if those companies are not well enough defended, if they've not been secure enough, well, then their data gets encrypted and they owe us a fee.

In fact, some of these ransomware gangs have described themselves to me as postpaid penetration testing, as in you might hire a penetration testing firm to check your defenses. Well, what's happened here is they've checked your defenses without you asking, and now you owe them a fee because you've failed the test. That's how they see themselves. I think it's helpful for us, even if we don't see them that way, to understand how they see themselves.

Francis Gorman (03:16.154)
No, it's a great perspective, Geoff, and I suppose that kind of brings it to reality that there is a level of sophistication here and a level of framing around these, I would call them gangs, but it's deeper than that in some regards. And when I looked at Conti, like Conti is a well-known group in this space, but they're very well organized. have a HR department, payroll, performance management, playbooks, internal politics, all of that stuff.

So like, what does that mean for the evolution of how these tread actors operate?

Geoff White (03:49.294)
Yeah, Conti were a huge group, mainly active from around 2019 ish, think hit the heyday really though in 2020 2021, which of course was the middle of the pandemic. And so Conti were able to take advantage of that hitting lots and lots of targets. And for start, the people who were accused of being within Conti that the brains behind this, it was not their first go around they were they were experienced, highly experienced cyber criminals who've been active.

in some cases for decades. So they understand the scene. They've got the contacts to make it work. They also understand that you have to be professional about how you organise things. One of the great things for the podcast that I've done for the BBC about this was having access to the famous Conti leaks, a leak of tens of thousands, in fact, we all together hundreds of thousands of internal private messages sent within the Conti gang that eventually got leaked on the internet.

Looking through those messages, it's fascinating how obsessed they are with professionalism, both in terms of how they treat their employees, their recruits, but also how they deal with the victims or the customers or clients, as they call them. The idea that the emails have to be spelled correctly, that they have somebody on hand who's a decent English speaker who can help them craft the emails. They have teams of people who will phone up the victims and talk them through the process of decryption.

They have set this up and run it like a business because it is a business. This is their nine to five job. This is what they're doing day in, day out.

Francis Gorman (05:18.769)
And what are we talking about in terms of turnover here? we if we can call it that, you know, you've got these gangs are obviously running like a business. A business's objective is to make money. There's a lot of money to be made here.

Geoff White (05:25.966)
Yeah. Yeah. Oh, yeah, absolutely. I mean, the FBI assessment of how much the Conti gang made, and this is just 2021, is $158 million. Now, that's, for a start, a vast amount of money, but it's also an underestimate because that's just the victims that the US knows about. In those leaks that I talked about, I've come across the names of other victims that haven't been made public and some of whom did pay up. So you can add many, many millions on top of that.

we are talking in the hundreds of millions. And I think in terms of how profitable this is, you've got to realize, yes, Conti was a large group and they had, we think hundreds in the low hundreds of people working there. Certainly the core team, there would have been a dozen or so, maybe a couple of dozen, but they were being paid off with these millions and millions of dollars. And so was an extremely profitable organization. In fact, we worked out for the podcast that...

In order to earn the kind of money that Conti was earning, the average Russian would have had to have worked for 400 years. So in a single ransom, you can make not just your life's money, but the money for the life of all of your family around you as well. That's why it's so appealing, because it's extraordinarily lucrative.

Francis Gorman (06:39.697)
And Geoff, I have to ask, so to get these hundreds of millions of euros, what did it do with them then? How did they actually make that money legitimate that it can be spent, that they don't go straight to jail, they're going go and buy a Ferrari or whatever the purchase is?

Geoff White (06:48.878)
Yeah

Geoff White (06:52.844)
Yeah. Well, this is one of the big issues is obviously these ransoms are paid in cryptocurrency. Obviously, as most people understand crypto, it's almost always Bitcoin moves across the blockchain. And the blockchain is a publicly viewable available ledger of transactions. And so this money can be traced. The challenge for the ransomware gangs is to create laundering networks that they can move the money through. You need somewhere that's going to take a large amount of Bitcoin from you. No questions asked.

and allow you to move the money into rubles, maybe pounds, dollars, whatever you need, and extract that money. So you've got to have somebody on the other side of transaction who's going to take the risk. There are exchanges in the Russian Federation that have been sanctioned. Garantex, one of the most famous, who would take in, according to the US government, ransomware money. There's also an extraordinary story of a woman called Ekaterina Zhdanova.

who's been accused of a slew of money laundering crimes. She's currently facing trial in France. She is accused of taking in tens of millions of dollars from these ransomware gangs. And what was interesting was Ekaterina obviously then gives them money in exchange so they can take the ransomware gang, can take the money away and buy their Lamborghini or whatever. But then Ekaterina Zhdanova had the opposite problem. She was sitting on a bunch of hot crypto and she had to offload that somewhere. So there's this whole other story about how her side of the world works.

washing the money and moving it through these international networks. It's really fascinating.

Francis Gorman (08:22.149)
It is. I think the Lazarus heist touched on some of those aspects. And, know, it's a really fascinating if anyone hasn't hasn't listened to that podcast, they should definitely go go check it out. But one thing that I found fascinating. Sorry.

Geoff White (08:31.576)
Well, sorry to interrupt, but the Lazarus Eyes podcast is a good example. I yes, it's a podcast about North Korea and the accusations of cyber activity against North Korea. But actually, if you listen to the podcast and if you read the book, you'll notice about half of that is about money laundering. know, the hacking happens and the money is stolen. But then the rest of the story is about the money laundering. Laundry is an absolutely key part of all of these big major crimes we cover.

Francis Gorman (09:01.259)
It's like the criminal supply chain, know, make the money, then I got to clean the money. It's a fascinating intersection of all of these different criminal disciplines coming together to get a clean outcome of cash that's usable. Speaking of North Korea, Geoff, the North Korean aspects I find absolutely fascinating because, you know, we would have looked at North Korea for the last decade and went, there's been quite a change with Kim Jong-un in terms of how it's interfaced with the world. But a large part of that is

Geoff White (09:18.018)
Yes.

Francis Gorman (09:29.669)
backed by cybercrime. Can you talk to a little bit about that? Because you obviously have a very deep understanding of the North Korean cyber aspects.

Geoff White (09:34.83)
Yeah.

Yes, yeah. And I think it's worth just ahead of this, discussing why we should be concerned about North Korea. There's a lot of things in the world, Francis, you'll have noticed to be concerned about right now. So why should we add North Korea to the list? you if you think about the interview we're doing right now, the microphones we're using, the laptops and cameras, and think about where that technology is made and who it's made by, you know, China, Taiwan, Japan, South Korea, those high tech nations. And you think at what slap bang in the middle of that, it's North Korea.

If North Korea goes bang, if North Korea does something destabilizing, the impact on the global economy is massive, universal and catastrophic and instant. And if you think Ukraine was bad, you can multiply that by an order of magnitude. So that's why I think we need to be worried about North Korea. The US government estimates, and this was the last estimate I heard, which was a few years old, that North Korea pays about 50 % of its missile program through cryptocurrency hacks, through cyber hacks.

cryptocurrency companies and banks. I worked out that North Korea seems to be roughly, very, very roughly doubling its money every two years. If you look at how much money it's stealing, and this is mainly from cryptocurrency companies, it's adding currency every couple of years. We spoke to a representative from within the US government, a former North Korea specialist from the US government, who reckoned that about 5 % of North Korea's current GDP comes from hacking.

So if you put all of that together, what you end up with is a situation where again, very, very rough maths within the next five to 10 years, North Korea could become the world's first hackocracy, a regime entirely funded by computer hacking. I have an alert set up for the Lazarus Group who are the North Koreans, the nickname we give the North Koreans of government hackers and the accusations against them come through that alert, know, the Google alert that I have set up.

Geoff White (11:31.894)
And it's hundreds of millions every month there's a few hundred million extra added to the pile at North Korea was stolen. And I worry we've just got used to this. This is not being thought about. The amounts of money North Korea is made out of this is in the multiple billions will be above probably above 10 billion at the moment. I the last estimate I heard was about six or seven billion. That was a few years old. So

North Korea was using its cyber attackers is the accusation to go out and steal money. That money is keeping North Korea afloat. And the US government official that we spoke to, or the former US government official, made a good point and said, we can hit North Korea with sanctions till we're blue in the face. But if North Korea can just hack and make the money, they don't worry about sanctions. Our weapon of sanctions just goes away if North Korea can hack around them. And I do fear that's what's happening.

Francis Gorman (12:22.737)
It's so complex. when I look at North Korea, it doesn't strike me as a nation of highly educated computer scientists, background individuals. How did this kid really develop? there must have been... Can you explain that piece to me? That's the bit I'm missing in this whole picture.

Geoff White (12:40.814)
Yeah, absolutely. mean, there's a number of things to say. Look, North Koreans are like other people. They're as smart or as dumb as all of us. So it's not like North Korea as a country is more thick than any other country. Very bright and also incredibly resourceful. North Korea has been isolated in various ways for its entire existence since it was created in 1953. It's had to learn to deal with its own stuff, to pull itself up by its own bootstraps. There's a very famous story about

North Korea was buying tractors from the Russians. They wanted to get the designs for the tractors they can make their own. And the Russians said, well, no, we're not going to give you the designs, but we'll keep selling you the tractors. North Korea got one of the tractors, took it apart, reverse engineered it, worked out how to build one and built its own. Now, unfortunately, when they first started it up, it would only go in reverse gear, but they fixed that problem, got it going forward, and then they can make their own tractors. They built their own operating system. North Korea has this thing called Juche, which is usually

translated as self-reliance. It's this principle that we stand on our own two feet. So they are very bright, they're very self-reliant. In terms of the education system, it's a communist country. The education system is extremely structured. And what's interesting about the North Korean society is because it is so structured and controlled, the government can spot potential hacking talent at a very early age. If you're into computers or mathematics, particularly mathematics very early on, you will be streamed through a particular channel. If you get really good at it,

You will go to a good university. You'll be exposed to a computer and you'll be taught computer programming and taught it at a very basic level. you the North Koreans, the way from what I know, computer science is taught in North Korea. It is really interesting. It's taught from very much first principles. And so North Koreans learn to code on a very deep level. The code that they create, the malware that security researchers have looked at doesn't look like code written by other people because they're not just grabbing bits from GitHub and sticking them together. Not to downplay.

the work of software developers, but the North Koreans code in a very particular way. So all of this leads to a situation where you have a stream of very bright, very talented people who've learned to stand on their own two feet, who've been told that North Korea is the best place to live in the world. And it's constantly under attack from these awful forces from the outside. And that's how you get to this stage where you have, we think in the thousands of sort of North Korean cyber warriors. And look, you know, we've got them in the UK, you know, that we have a cyber force in the UK.

Geoff White (15:04.225)
The North Koreans are doing the same, the accusation is they're hacking for money, not just for information like other countries' They're hacking for money, and that's where it gets dangerous.

Francis Gorman (15:14.043)
Let's make that differentiation because we touched on kind of Conti, Russia, Lazarus, North Korea. But China is a big player here in terms of espionage and, you know, trade secrets and all that sort of stuff. Can you throw a lens for the listeners on the differentiation factor between hacking for money and hacking for strategic advantage?

Geoff White (15:22.446)
Yeah.

Geoff White (15:35.564)
Yes, yes. mean, every country worth its salt does does hacking for informational advantage over its adversaries, often its allies as well. The UK has certainly had our fair share of that. And as we know from the Snowden leaks, China is an interesting example. And I'll be quite honest with you, people who know my career might notice something which is I've done a lot on Russia and North Korea also did cover the Snowden leaks did a lot of stuff on the US the UK relationship. Conspicuously, I have not done a huge amount on China.

And it's because as a journalist, I'm looking for a story and I'm also looking for a compelling story and exciting story that I can tell. The stuff that China does is very, very large scale. mean, that they work on an immense level and also that they're planning things many, many years in advance, which is what you can do, of course, when you've got a regime that's going to be there forever. You don't have five yearly parliamentary cycles you have to work in. so China plans very, very far ahead. It's extremely stealthy about what it does.

It runs these giant data exfiltration operations, the Office of Personnel Management in the US being an example, stealing loads and loads of records. But the problem is telling, for me as a journalist, telling a listener or a viewer or reader, what was the point of that? Where did that end up? Where does the rubber hit the road? know, in North Korea's accused of breaking into a bank, we can see a while later as a missile launch. And you can say, well, look, North Korea puts this money into missile programs, according to the US government. With China.

they've stolen millions and millions of records from some company, but why? We don't sort of fully know. My worry is, as we go into a more fractured world, China's place in that more fractured world is very interesting. It's a huge power broker. It's obviously got its eye on Taiwan. That's the next target. It's showed its hand a bit more aggressively recently in attacks, salt typhoon and vault typhoon, the telecoms attacks that hit the US.

So we're seeing China become a bit more aggressive. We're seeing the world fracturing and China trying to work out how it fits into that fractured world. We're seeing China eyeing up Taiwan and working out whether in the wake of things like Ukraine and the war in Iran, an attack on Taiwan might be possible. So I do wonder whether the low and slow stealthy large scale attacks China's been doing, we will see a more aggressive stance in that country. We'll start to see some more aggressive hacking and all the use of.

Geoff White (17:56.146)
massive troves of data and the massive access it's previously been accused of getting. sort of one to watch. I do find China intriguing and also frustrating. You can tell I'm slightly frustrated that I've not managed to get, you know, the China cyber story, but still working on it.

Francis Gorman (18:11.971)
You know, China are amazing. think someone once said on a geopolitical stage, they play chess. Everyone else is playing checkers. You know, it's kind of they're they're they're always thinking of the next move, you know, before anyone has thought of what that end game is. And even Taiwan, you know, the chips manufacturing aspect of it is a huge play in that thing. had I had a sorry.

Geoff White (18:17.518)
Yeah.

Yeah. Yeah.

Yeah. Yeah. And actually the chess analogy is a good one. I've started trying to play chess recently. I'm not very good, but what I found intriguing about chess is that it's a brilliantly structured game because you've got short, short distance and long distance threats. So you're concentrating on a pawn and a knight and working out what's happening. And then a bishop just comes in from the edge of the board, just takes you out. And I think from that perspective, we could look at some of the North Korea

Russia, cyber stuff as being, you know, pawns or knights, small scale, small distance chess moves. And maybe we need to look at China as being, you know, the rooks and the bishops who can just move across large scales. So I just I am, yeah, as I said, I'm not very good at chess, but that's my analogy I draw.

Francis Gorman (19:14.001)
Yeah, I don't want to. It's as we see the world unfold. think I think that picture is going to almost paint itself because there's definitely a long game I play there. Geoff, I want to talk a little bit about we've touched on ransomware, we've touched on content, we've touched on North Korea.

the hybrid warfare that's going on underneath here, because it feels like as we move into, you call this, this kind of fractured world, cyber is starting to play a role in the shadows that is highly, highly important to the geopolitical objectives or strategic advantage that each of these nations is trying to bring across. And UK, Ireland, obviously.

Geoff White (19:39.726)
Yep.

Francis Gorman (19:54.042)
I've seen a lot of this kind of hybrid warfare from Russia specifically in terms of disinformation, misinformation around immigration and, you know, the governments and trying to create that instability. saw interference by Russia in America in the presidential elections. last number of them have had that kind of interference at play there. Is cyber becoming far more strategic as a weapon than it used to be in the previous decade?

Geoff White (20:00.546)
Yes. Yeah.

Geoff White (20:20.686)
Yeah, absolutely. mean, you know, most governments worth their salt have realized that, you know, the idea of land, sea and air, now needs to have, you know, a cyber element sort of added to it. The problem with it is those previous domains of land, sea and air, you know, we had an Air Force, we had a Navy, and you could you could draw a literal boundary between it's like, you know, if it floats on the sea, it's the Navy, as soon as it takes off.

arguably, it starts becoming the Air Force, you know, if it hits some dirt, it's probably the army, you know, you've got some some boundaries you can draw that with cyber cross, it spreads across all of those, you know, all of those forces will need a sort of cyber element, you can also have a cyber element sitting alongside. And then there's the so there's a question of which domain it fits into, well, it doesn't it goes across all of them. So it's not its own domain, it's a it's a sort of super domain, if you like. The other issue is when in the course of conflict, when does the cyber

come in, cyber attack come in, the cyber tactics come in. As you pointed out, even before you start the conflict, you're using cyber means for things like propaganda, for spreading disinformation, and so on. We're also seeing sort of crossover into kinetic attacks. I mean, the accusations against the Russian Federation of effectively engineering physical attacks within the UK, you know, paying off sometimes petty criminals to go and carry out acts of violence in the UK.

That's absolutely astonishing. And although it you wouldn't class that, I don't think as a cyber attack, it's being done through sort of underground groups. And you suspect that the people behind it are probably going to be based in the same places as the cyber operations people, because it's it's very similar. We also see some interesting crossovers. And this takes us back to a thing I talked about earlier in the podcast, the woman, a Katarina Zdanova, who I mentioned, who's accused of being part of this huge money laundering network. One of the things her group

is accused of doing is funneling money from the Russian government into spying operations in the UK. There was a spying ring, Bulgarian spying ring based out of Great Yarmouth, a hotel in Great Yarmouth of all places, who were basically being used to intimidate dissidents, to investigate journalists, to research things in Ukraine, a very handy group of people. They obviously needed funding and it's alleged that funding came through Katerina Danova and her network. So again, in terms of it goes beyond sort of

Geoff White (22:48.254)
cyber warfare into kind of cyber statecraft and we're starting to see a melding of those different elements. That is a slightly worrying picture and alliances we previously could have relied upon, notably the US, in our increasingly fractured world, I'm just concerned about where those alliances go.

Francis Gorman (23:10.065)
In terms of that, so the financial piece, we keep kind of coming back to it and crypto seems to be the anchor. If you took away crypto in the morning, would ransomware stop?

Geoff White (23:21.3)
that's the honest answer. ransomware, think people get a bit confused about ransomware. When you say ransomware, it's like the sort of Jedi mind trick where people go ransomware and, know, it's a cyber thing. Ransomware is extortion. It's, it's a crime of extortion. and extortion is a really difficult crime to do for a couple of reasons. Firstly, when you extort somebody, you have to do something nasty to them, but then convince them that if they pay you.

you'll be honorable and trustworthy and will stop doing the nasty thing to them. You know, you've given their kids back or you won't blow up their shop. That's really hard. Like making that switcheroo is really hard. The second big challenge with extortion crimes has always been the payment. Francis, you remember the classic Hollywood movies where, you know, the kids get kidnapped and the ransom demand comes in, you've got to leave the money in a phone box in an unmarked bills. And of course, as soon as the extortionist come to pick up the ransom money, the police swoop because they know where the money is. All the bills are marked or something like that.

cryptocurrency solved that issue. It gave ransomware operators an international, apparently anonymous payment network, payment system. Without that ransomware wouldn't exist. to go back to the original point, you can't unfortunately unplug Bitcoin. That's not how it works. It's deeply embedded and a lot of people use it for benign reasons as well. So it's caused problems, but you can't sort of unplug crypto. doesn't...

I don't think that would appeal to lot of people, actually.

Francis Gorman (24:48.881)
It's amazing because I Matthew Hedger, was deep undercover in the Mexico drug cartels for the American intelligence communities on the show last year. And he talked about you can't walk through the airport with 10,000 in cash, but he could walk through the USB stick with 10 million in Bitcoin. know, and you know, so it's been used kind of in physical applications of crime along with the cyber aspects, which is amazing.

Geoff White (25:05.624)
But what.

Yeah.

Geoff White (25:12.654)
Yeah. And it doesn't even need to be a USB stick. I people forget this can be a piece of paper with a wallet address and a seed phrase written on it. You know, that that information could be hidden, hidden inside a photograph. It could be steganography encryption. So yeah, the ability to move it is quite interesting. And again, you know, if you want to pay somebody off in a particular country, know, previously used to to smuggle the dollars in and, you know, hand them over late at night in a dodgy bar somewhere these days, you know,

you could just post them a slip of paper and say, there you go. That's, that's your million. It's astonishing. Absolutely astonishing.

Francis Gorman (25:45.907)
It makes life so much easier if you're a criminal, I suppose. And then, you know, pick up the phone and give Katrina a call and see, can she clean it for you? Might be a good way going about it. Geoff, there's one thing that I probably don't talk about enough in cybersecurity. It's the the moral position of don't pay the ransom. You know, if if if you if you if you get attacked, don't pay the ransom. In fact.

Geoff White (26:06.37)
Hmm

Geoff White (26:11.693)
Yeah.

Francis Gorman (26:12.674)
some jurisdictions that would be a crime if you paid a ransom you'll be you'll be facilitating criminals what's the realistic picture here if a hospital goes down or or something that's critical infrastructure what's the real outcome what's that look like

Geoff White (26:28.202)
It's, it's, yes. The reality of this is people do pay, victims do pay. If they didn't, if nobody paid, the ransomware industry would not exist. And the ransomware gangs have got extremely good at arguing that logic. Because of the reporting that goes around this, the ransomware gangs know exactly how much it will cost a business. And so they say, look, you can lose 10 million a day while your systems are corrupted, or you can just pay us 10 million in one day.

And that's it, you're done. And it's extremely hard to resist that logic, particularly when your systems are being kept down and forced down, your employees are struggling and you're potentially looking at them thinking, if this doesn't stop, our company goes under and all of you are going to be unemployed. Every company doesn't want to pay, but every company is faced with that decision of, we just pay the ransom and move on? What I would love is to be in a position where the UK, and I just think it'd be brilliant if the UK and Ireland could do this, you

be countries where it's like, no, we will not pay. Don't even come knocking, we're not gonna pay. If the government banned ransomware payments, and if we could suddenly fast forward three years in time, where the ransomware gangs have got the hang of the fact that no, no, don't come knocking on this country's door, because nobody there will pay you, it's a complete waste of time, then we've solved the problem. The problem is, it's a bit like the driverless cars issue. If we could fast forward five years in time to the point where we all had driverless cars,

and we all had autonomous vehicles and we could just get in and all the autonomous vehicles on the road were just navigating around each other, that would be an interesting future and would work. But we've got this messy situation at the moment where we've got autonomous vehicles, we've got driverless cars, we've got human drivers and we're in a mess while we sort this out. In the future, it might all work seamlessly. It's the same with banning ransomware. If you could fast forward to the point of banning ransomware payments, if you could fast forward to the point in the future where you'd banned them,

And if that had happened for a few years and ransomware gangs had got a hang of that, then you solved ransomware, particularly for that country. But you have to go through an incredibly messy, like awful, awful, brutal period of a few years while companies don't pay while they go out of businesses where potentially hospitals can't treat people for that future where you can turn around and say, right, now everybody understands we won't pay. How much pain are you willing to take for your country to be the one that never pays?

Geoff White (28:53.646)
It's really, really difficult. There was a great World United Services panel on this. World United Services Institute panel, should say, on this. She had Kieran Martin, who used to run the National Cyber Security Centre. And they went through all of this of like, OK, what if we don't pay? It's worth saying, I think the UK government at the moment is minded to institute a system where you report payments. If you make a payment, you report the payment. The other option is the government gives you permission to pay the ransom.

Now, that's not stopping organizations paying, certainly in the former case, it might be in the latter case. But at least the government then has some statistics and some metrics on how this is happening and can trace the payments. That does seem quite a sensible solution, you know, trying to get a handle on this and trying to understand who's paying, how they're paying, rather than stigmatizing it at the moment, because nobody wants to be seen to be paying.

Francis Gorman (29:49.117)
that's that's great insight. Geoff, one thing that I suppose keeps you about I am a security architect by by trade. I do my threat models. I look at my attack vectors, you know, layered defense, try to make sure that everything is solid and companies all around the world do the same thing. And yet they still seem to manage to find a weak point and get in. What are you seeing?

between 25, 26 and into the future as those weak points. Is it still human or is it technology?

Geoff White (30:23.214)
Unfortunately, it is. And I know this is awkward because, you know, we don't want to just blame the humans all the time. And I want to push back on that trope of if wasn't for these messy humans, we'd be fine. You know, there's still a sort technical aspect to the hacks that go on. certainly, most of the ones that I end up investigating end up covering, there was some human interaction within it somewhere, some human weakness that was exploited, you know, people's hunger for a new job for better salary, people's

you know, fear of getting sacked and they receive an email that threatens them with redundancy. So they start clicking on it. You know, there's lots of ways to push human beings around. We're quite complicated organisms. If you think about it, human beings, you know, we've got multiple different stresses and strains on us. Also the people doing the hacks against us, you know, the gangs on the other side. If you think about human beings as a piece of technology, which is quite a weird analogy, but if you think of it as a technological target that can be hit.

Well, problem with hitting a target is you need to understand it. The good thing about hitting a human being is if you're a human being hitting a human being, you understand how that human being works. You don't have to understand how they're sort of built. They're built the same as you, you know, they, they get frightened of things and get excited about things. So, you know, the humans I think will, will just always be a natural attack surface. And even as we go into sort of, you know, potential AI future, I'm interested by the fact that at the same point, we're going into a, apparently an AI fueled

future with great speed. Our world and what's happening in our world is, from what I can work out, being dictated by angry men. Vladimir Putin, Donald Trump, Xi Jinping, know, these men who are human beings who are dictating what's happening in our world. You know, our world is not being run by lovely rational AI, you know, it's human beings who are deciding what happens. So I find that quite interesting.

we've got to realize human beings will always be around. won't, we won't AI ourselves out of human beings, partly because, know, it's human beings who will still end up designing and applying AI. So there'll always be that, that human there. And that's why I worry about one of the effects of AI. And again, I'm not saying anything new here, but the deceptive abilities of AI are quite striking. I mean, if you think about this, from my point of view, think AI is a naturally inherently deceptive technology. You know,

Geoff White (32:45.718)
It's trying to fool you into thinking that it's human. And the evidence of that for me is the way chat bots like ChatGPT work. Instead of just clicking a button and getting the answer, it types it out. Why? If you ever wondered about that, why does ChatGPT type the answer? doesn't it just, because Google doesn't type out all the answers on the page. That's a design choice. And it's been designed to make you think that ChatGPT is typing for you. But it goes further than that. The people who've designed that type it all out in words,

system have had to decide how fast chat GPT can type. And what they've gone for is slightly faster than any human being could, know, like it's really, really fast. So again, this is a deceptive technology. And if you look at the basis of a lot of social engineering attacks, it is deception that you're trying to convince your victim that the email you sent them is real, that the job interview is real, that the, you know, the, Amazon delivery they're expecting is real.

AI is massively going to help with that because AI is a deceptive technology. And if you're trying to deceive somebody into doing something, AI will really help you. I do sort of worry about where that goes in the future.

Francis Gorman (33:52.369)
really love that. That's that's an angle I haven't heard for angry men and deceptive AI and the type and angle brought in. Brilliant. Brilliant, Geoff. I to have to give you that one. That is that's fantastic. You know, I do find AI is, it's it's an incredibly good liar. You ask it the wrong question in the right way and it'll tell you what you want to hear. know, make my ego bigger, please. You know, yes, I am fantastic. Like it does that.

Geoff White (33:59.47)
Thank you.

Geoff White (34:16.712)
And that just to pick up on that, obviously, at the time of recording this Anthropics released, well, not released, has announced that it has this mythos, flawed mythos program. And one of the interesting things reading through the report, yes, there was lots of about cybersecurity and the vulnerabilities that mythos had found, but there was also sections about how mythos was behaving and how when it was caught trying to disobey the rules that it was set, it dissembled and lied to try and get out of being caught.

That I find really quite worrying. And even more worrying is the fact, I don't know whether you picked up on this Francis, but Anthropic has a psychologist who assesses its AI model. And the psychologist said that this was a quite a stable model, psychologically speaking. And I thought, well, I'm not sure what your criteria for stability is there because I think that's a terrifying, you know, if.

When kids lie, we discipline them. say, you know, they always try and lie. They were out of things kids, because that's what they do. You discipline them. say, no, you can't, you can't lie. That's just a bad thing. You know, where's the, where's the intervention with AI that says, no, lying is bad. You shouldn't do that. I've like you, I've seen it happen a lot. You know, you get the wrong answers and the AI tries to sort of gaslight you into thinking that it was all fine. It's bizarre. That's bizarre.

Francis Gorman (35:34.171)
It is I've noticed it more since entropy dropped or three age policy. They used to have entropy will be helpful, harmless and honest. And they got rid of they got rid of that kind of early last year because they couldn't compete with open AI. And ever since then, I found the Claude responses to be amazingly deceptive, but extremely professional. like you can you can feed it data and it might just.

Geoff White (35:42.221)
Mm-mm.

Geoff White (35:48.542)
Francis Gorman (35:59.915)
a little bit on because it doesn't fully have the context or the construct that it needs. But it'll read so impressive, go, Jesus, did I write that? And then bring it somewhere and go, that's absolutely rubbish. But it sounds amazing. So like you have to be so careful with the outputs and that deception. And I think entropy do fantastic videos kind of where to set up the shop and try to show how it run a business and all these things. They are a very. I suppose.

transparent to an extent in how they put these models out to the world versus some of the other creators of large language models. But yeah, the Midas one, I don't know how much of it is market and hype and how much of it we should be worried about. It still looks like it attacks lab type setups, but a corporate network may be a different thing. But, you know, let's let's see what comes after it, which could be far more powerful if it it learns from from this iteration. So, yeah, brave new world, Geoff, that we're faced into.

Geoff, can I ask you, you've got a new show coming out with the BBC. I think before we leave, maybe you'll give me a bit of insight into what that looks like. And then I'll let the listeners know when it's airing in the notes when we put this out live.

Geoff White (37:06.542)
Mmm.

Geoff White (37:11.692)
Yeah. Yeah, absolutely. Yeah. So it's going to be called with it's the Strand cyber hack. So I did a couple of series with the co-host Jean Lee that were called Lazarus Heist, which was all about North Korea, as we've discussed. The BBC then renamed that cyber hack, which is not my favourite name, but there you go. At least it covers the sort of remit and it means that we're not just covering the Lazarus group, which is North Korea. We're able to cover more wide, more wide stuff. Previous series, by the way, was about Evil Corp and Zeus.

to gangs, I'm sure they're familiar to you. So the series, the new series is going to be called the Conti files. And it's taking apart that Conti operation, looking at the leaks, looking at how this organization worked, going really deep into the gang, their history, their tactics, the different targets they attacked. And we've just got some great stuff. I, you know, I knew about the Conti gang, I knew about ransomware, but the wonderful thing about being able to make a really like in-depth investigative series is you just uncover layers you never...

thought you'd get to you. You find people you never thought you'd be able to locate. And we've got some really, really good stories. We've got victims, villains and heroes. We've got everything you need really for a story to be quite honest.

Francis Gorman (38:20.082)
Well, I'm looking forward to it, Geoff. I'm sure it's going to be amazing if it's anything like The Lazarus Heist and your books to date. So look, I really appreciate you taking the time to come on the show. A lot of great insights there for the listeners, and I hope you have a great day.

Geoff White (38:24.515)
Thank you.

Geoff White (38:33.112)
Fantastic, thanks so much for me, and to you.

Francis Gorman (38:35.923)
Thank you.