Security BSides 2024 // Alex Holden

going to be talking about U Russian uh activist Collective called killet um and uh my name is Alex Holden I am chief information security officer with u hold security LLC um little bit north of Chicago in United States uh so uh today's topic is uh really discussing uh this uh group called killet and uh talk about activism how activism is affecting our planet how the things actually changing uh our threat landscape and this is also a story of U uh a personal story a war story I talk about in different conferences and uh today's topic is actually very uh personal because uh this is showing our active participation in a way that we found to take down uh really a herd of

uh uh threat actors uh fors uh Ukraine actually called this stopping uh herd type of event where we were able to derail a huge group of threat actors that nobody in the world uh did before so without further Ado I want to introduce and talk to you about KET who they are and what they do uh in uh Russia there are a number of uh different threat actors who actually been uh organizing themselves in different groups for different reasons uh Russia itself is a sespo of uh various um bad guys who've been attacking um different things for different reasons most of them like we heard in the previous talk like KY do rans and other threat components but

killet actually started uh something else the killet uh started really as a Dos uh for high service and that's what they called themselves dos for high killet established a little bit before Uh Russian invasion into Ukraine in November of 21 uh this group actually uh tried to make money through deos and uh this is a common activity uh today and in the past where they were able to extort companies for payment uh of um significant amounts usually in Bitcoins uh to stop adidos attacks but uh killet was different because uh they actually like to be uh prompted to create some kind of movement uh create Fame INF me themselves so um instead of attacking various targets uh on um uh Europe or uh

North America they picked very interesting attacks they picked a whole bunch of Russian government each agencies uh to Dos first and you can see that the Russians with a bit luck in imagination and creating logos for their special agencies uh but uh they attack pretty much everything KET tried to Dos uh the Russian government quite heavily in the short three months from November till February their opinion had changed completely on the February 23d just before the day before uh of Russian invasion Ukraine uh killet dedicated itself to Russian cause and they declared themselves a politically motivated group that was aiding uh goals of Russian Federation this was extremely unusual uh especially given the the previous targets but explanation is U

pending killet in 2022 did something that nobody have done before in the past they decided to get a different name of activism specifically for purpose of uh uniting people together the interesting thing about killet it was not built only by threat actors common hackers but it was mostly comprising of it professionals killet at its height had more than 100,000 individuals imagine 100,000 individuals joining this movement M and uh hacking creating dos or other attacks in the name of Russian Federation this had been never done before and I don't think will be repeated sense uh for quite a while why why how KET uh differs well very simple in the beginning of war with Ukraine there have been a lot lot of

Russian it professionals who enjoyed the very profitable work um of with uh foreign companies they work remotely for European and US companies making quite a bit of money with uh the beginning of the war most companies United States and Europe uh broke their ties with the Russian based employes uh and uh quite a few of uh Russian IT personnel became unemployed they were very unhappy very bitter that uh there many years of employment um very um good salaries because Russia is not a very wey Nation doesn't pay their uh citizens very well so they were collecting money from Europe United States and other uh well of Nations so these individuals were lost their um livelihoods and they were

ready uh to retaliate that these individuals join the ranks of killet not to uh hack for money but they were trying to retaliate against their previous employers they were uh against um foreign countries that were uh really pointing and saying hey uh we no longer want you imagine that a developer joining a hacker organization developer maybe not a hacker but they know really the application stack they know how to build an attack that would take down your application maybe in Doo situation they would comprise an expensive uh requests that results in a SQL query that would tie up your SQL server for quite a while and then doing multiple of uh of these queries would get um your

website stopped to respond imagine a network engineer who does not know about much hacking but knows hell of a lot about bgp and other network protocols and they start messing around with uh those think about the number of individuals who lost their employe but retain knowledge and connections within organization sometimes these would be system credentials sometimes it will be um just uh not fully the commissioned accounts and all these individuals join the free don't forget the individuals who wrote software and put it on GitHub and others and had the their libraries being that were used across the entire world by many commercial applications s and uh they retain control of those libraries they start making malicious changes in these

libraries to trigger certain events this is the majority of population of killet this franchise angry Russian IT personnel who joined this movement in order to get some kind of payback there are others uh lot of threat actors also um really joined this move M uh to get back at the enemies but also uh to get tactical advantage or really get ideas of what they can do other threat actors that were trying to learn the trade actually also joined the movement and they were really building up their knowledge base KET created the base for other types of attacks when uh the um um war in Middle East Israel and Hamas started the information and know how GA by KET was very quickly

weaponized by uh threat actors and activists uh on that front even uh last year when uh there was an incident between Canada and India the Indian hackers went directly to killet capabilities and the weaponized themselves within a single day within 24 hours learning from this type of approach as anecdotal thing uh somebody in KET telegram Channel wrote that even uh this person's Grandma joined killet she was sitting on her computer uh good portion of the day kill uh clicking on reload button on her edge browser trying to take down that um site that was listed in the chat um but for the most part this created a movement a movement that you will never see seen before and

uh the movement Act was actually powerful enough to be noticed and uh U uh brought to attention on government levels on the Press levels and impacting uh pretty much everything that we know the first Target for KET was known as the anonymous um Collective the first umos attack um was against anonymous group and there were successful knocking down that group uh website offline for a while and uh they claimed very quick Victory and moved along then they start attacking Ukrainian assets um the war between Russia and Ukraine was uh at its highest intensity and uh KET was contributing saying hey Ukraine's end is near in uh April and May uh KET got support from Russian government where

the members of Russian Duma equivalent of uh Congress um uh inent in um Russia they uh were openly calling for cyber Army that would be attacking Assets in Europe and United States on behalf of Russia because Russia is being wronged by these countries the high uh or low light of uh KET came on the uh in February I'm sorry in January uh January 27th of 2023 in this particular post uh on the left it's uh uh in Russian original translation is on the right uh this is a call from leader of Kil net a guy named kilk who actually uh wrote and called for cyber attacks against uh European and US hospitals being angry about uh Russian

military personnel not getting proper Health Care by Russia he actually wrote this uh short Manifesto with a very interesting tagline on the bottom calling for attacks against Hospital cyber attacks against hospital he wrote on the bottom kill them first if this is not repugnant by a group of uh cyber threat actors I don't know what is attacking hospitals and trying to knock them offline the Dos attacks were not very successful uh one of the Dos attacks was going against the gift shop uh was in one of our customers uh uh infrastructures I've been to that gift shop uh it has a separate internet connection uh I'm not sure where they have internet connection worst case

scenario somebody could not buy balloons or teddy bear for their life loved ones in the hospital but that's you know a comic situation some raw hospitals that did not have a lot of uh internet bandwidth actually experience outages with their phone systems with their Communications with uh their ability to exchange data on patients this is extremely critical killet Collective didn't stop that they heavily targeted organizations like lockhead Martin and boing um and blaming them that uh they are greatly aiding Ukraine in the war KET actually called for bounties uh to go after employees between in these two companies um suggesting that the employee who would betray the company would get paid and those that uh would

not uh participate uh would not give up would not quit would be targeted and their family would be targeted members of uh uh locked Martin um executive group group were uh um photoshopped inside of caskets saying that this will happen to you this is a group that showed its true Faith it's mostly propaganda because Doos attacks were not very successful and the intelligence gathered from other assets were quickly given to Russian government operatives for other purposes dos attacks were really about uh knocking down U main site offline so they would go to www boo.com and do DOS attack until their up down meters were show the site is down and I don't think Bo lost a lot of customers over that I

don't think people go to bo.com to buy a plane but uh from that perspective they still were effective as a propaganda machine so let me tell tell you a little bit more about the leader of this group the guy called Kil milk Kil milk is a very interesting individual we're going to talk about him as a um uh bad guy in our story his real name is uh Nikolai simov and he is a little bit than 31 years old right now he was under 30 when he became ahead of uh KET little bit about him personally um he is uh a husband and a musician and uh he portrayed himself as a Russian Patriot these are pictures

from his social media showing that um he is willing and able to take arms for his country but these this is a mandatory military service that he had to undergo uh when he was much younger a decade ago uh the real Kil milk looks completely different this person is Fist and racist I'm obviously not using U the visual proofs to do so but believe his social media is full of these calls uh but he's also the franchised young man he in his social media for over the past decade been making statements um uh along the lines saying that everybody who uh betrayed didn't support me in the past would pay heavily he would be looking

for Revenge he would be looking for Retribution of anybody who wronged him in the past um the real kill milk is actually a uh low life that is uh uh drowning in the world of uh drugs even in 2023 in one of those social media surveys like um 30 questions about myself he's ask being asked uh what kind of surprises you like and he's like well uh I like uh drugs illegal drugs what what drives your mood well his mood is being driven by amount of drugs in his system at the time his world of drugs actually got him uh into much trouble he was uh in 2017 um arrested and he was convicted on

uh article 2281 part five of rational criminal code the reason for me listing this is that uh this particular charge carries an 8-year sentence prison sentence it's a mandatory sentence and the judge in its um uh in the best way possible can reduce this sentence only to its half no less never less than that we actually see in court documents that uh kill milk uh s was actually fully Cooperative uh with the um uh Russian government he gave up much of his uh resources and contacts but he uh did not uh really um uh do anything else yet uh after his conviction in 2017 we already see that he is out of prison in 2018 he's taking out uh loans

he uh is is uh talking to people outside of the guag where he was serving his sentence he was living a normal life what can happen in a Russian Peno system that would uh break its very stringent laws and the only answer is that uh SAR F's interaction with Russian government was actually uh went so far that he was made a Russian uh agent whether if it's FSB or another organization that put him under their control uh we don't know but we definitely know that this is a highly abnormal event for a criminal to get out of prison for no apparent reason uh for serving a very length sentence two years later uh simov uh starts uh talking

about uh cyber security cyber crimes and uh in November of 21 one he actually launches killet killet is successful Kil net is Big the Russian government actually heals killet uh and Kil milk is a national uh hero um he uh actually Sports number of uh very expensive cars with um Kil net uh signatures killet merchandises are selling in Russia and in United States around the world we are seeing that uh killet is actually uh uh gaining grounds in um pboto moment comes in October of 2022 K Kil milk at the top of his uh game so to speak gives an interview to a Russian publication called AR Russian television in this particular article he is talking about him coming to this

infamy the goals of killet and what they're trying to do next one question that became being asked is was about the foreign support that he may be getting and there he mentions that um all success that Kil net is enjoying be is because of the group called salaris and Solaris is a drug cartel it's illegal drug uh trade within Russia done online so here's my thought process when I read this article I know Solaris I don't know Kil milk but if Kil milk says that entire success of uh Kil net is within Solaris then if Solaris cease to exist maybe Kil net will stop existing as well because that's their base so we at hold security go on a very

interesting and abnormal Journey but before I tell you about the journey I'm going to do be lated into introduction I'm going to tell you a little bit about myself and why I'm talking about this uh over here I think I'm setting a record introducing myself in the middle of a talk uh so my name is Alex hi um I uh was born in Ukraine um my family immigrated to United States um in 1989 uh so you know I lived in former Soviet Union really and uh as a kid uh I was moved U to United States uh living city called Milwaukee which is now north of Chicago uh in my entire career I worked in it and cyber

security um I uh also do something called threat intelligence cyber threat intelligence so uh run organization called hold security um uh and uh we find very interesting very unusual things one of the highlights of my resume is this I'm making uh Puttin Med since 204 thank you uh so um this is the New York Times article in 204 uh and uh Philadelphia inquire uh article afterwards um after this uh article in New York uh times uh Putin put me personally on uh his sanctions list uh as my response to him I put him on my sanctions list he's not allowed in my house he can stay in my garage down the driveway but not allowed in house um

uh I don't really know what this really means uh because uh you know I got the call saying hey don't go to Russia like okay I'm not planning I'm from Ukraine uh but uh this is kind of uh what um you know we uh drive and not only targeting Russia but really targeting cyber criminals going back to uh the story uh Solaris what this Solaris Solaris is illegal drug trade online that is uh was incredibly successful and very well known why a threatened tence organization not know so much about uh drug trade illegal drug trade in Russia well we we don't really work with drug enforcement groups but here's an interesting thing a lot of cyber

criminals are drug users and drug users tend to buy their drugs not very far from them home so you know um so we uh monitor illegal drug platforms because cyber criminals use the same nicknames on those platforms they chat they make friends and stuff like that and they buy drugs and we can see where they buy drugs so we can actually triangle with their homes their uh locations and this works really well so we devise a plan that spends over a year to take down killet I'm going to tell you the final punch line we are successful but the first step what we do we decide to take down Solaris and we do this uh big time we

make a big splash on the uh pages of uh Forbes uh.com we um um infiltrate Solaris infrastructure and we Institute a setting in which Solaris customers and drug dealers themselves actually transfer the payments not to each other but to a Ukrainian charity that aided uh elderly um people in time of War so we do something good with this but this was just the first step so what is really Solaris what's what is it behind the scenes uh first of all it's um uh been established in 2017 by the guy named zansi and there is a Russi ramp um dark web Forum where zansi hangs out he built a whole bunch of um illegal drug trade

sites but salaris seems to be uh the most uh prominent surviving one at the time uh at the time uh in 2022 it Solaris operated um about 1,000 shops so individuals drug dealers were building their shops on their platform selling illegal drugs all over Russia and and the daily volume was about four Bitcoins uh not not a small drug trade for Russians and this was take home thing what confused us a lot from uh statement of kill milk was that he was thinking his foreign supporters but I know for sure that we actually tracking the guy named zanzi by his phone and his uh locations are all over Moscow so he is uh traveling around he is uh

there but he is definitely not a foreign uh entity and Solaris is a local uh group so from that perspective we uh go inside of Solaris infrastructure and we divert uh money to Ukrainian charity Forbes writes about it and creates a huge Splash we um do threat intelligence and this was one and only offensive cyber operation that we took but we also thought thought who would Aid or who would oppose us Russians yeah they would uh but uh not not many law enforcement agencies would actually care about Russian drug trade besides Russian law enforcement agencies that probably on a take from these drug trades uh overall so we do this with divert money and so

response breach no Bridge like you know somebody got in it's a some kind of Ukrainian activist so they did nothing soar goes offline uh for about uh 24 uh 26 hours and when they come back they say nothing bad had happened everything is back to normal we fix the issue we uh fix everything um these darn ukrainians did not get anywhere so everything is secure uh so we go on the gitlab server to see what they changed because they obviously didn't have a breach and we obviously don't have access to the gitlab server um so they did change um uh their bitco in wallet they change a copyright date uh on the site and U they

change little bit of cosmetics and uh they telling their users that everything is safe you know so they lost some money they would recover that money not a big deal so we're trying to make a bigger Splash we actually show them that uh we have full access and how do we get full access um you know how does the threat intelligence group do that uh we uh dwell in dark web we talk to the bad guys and we build our reputation so at some point uh way before this uh Solaris um administrators reach out um to our our and say hey guys we are having problems with some PHP code can you take a look so we say well why not you know

we'll take a look uh so now they had two problems the PHP code still didn't work but now they also had a back door in the system they they invit Us in you know it's a vampire rules they said take a look we looked uh we tried to make a change it kind of resulted in back door you know um but uh from there uh these guys love using um SSH uh uh authentication file so U the entire infrastructure through uh SSH Pros yeah easy and uh also a fun way to get in so we ma the entire infrastructure uh which included not only components of their um shops but also their chat rooms uh their uh

inventory everything else and two weeks after the Forbes article we actually publish an article on our site fully exposing Solaris this is stage two of our plan we don't know if it's going to work or not but we actually publishing source code we are publishing uh gitlab components we are publishing data that we took from the uh Russian illegal Marketplace and we are uh publishing all of this in hopes that somebody is paying attention but before somebody pays attention we actually have to weather storm uh uh messing with drug lords is not fun believe me uh first of all um kill milk takes a personal offense to me he uh writes to me personally he um posts publicly on his

channel insults and stuff like that uh you know and uh you know says whole bunch of uh racist things toward Ukraine uh but these are cyber threats uh dxing unpleasant uh nothing greatly interesting I I thought my wife also thought nothing interesting uh nothing that she didn't know um obviously targeting swatting uh attempts which uh thankfully our local police had prevented a number of times so uh these things um you know not great uh opportunities and as a researcher I can tell you that uh um cyber security research comes with a great amount of threats and um potential targeting and a potential harm but while we weathering everything there is a complete unraveling of killet guess what Russian government

noticed Russian government saw something happening in their um criminal undergrounds and they noticed that uh the group that they were giving money the killet group that they supported financially was actually uh taking the money and uh using that money uh to Aid illegal drug trade and the Russian government is very upset about um uh criminal uh activities that they don't control so over the course of 2022 going into 2023 uh we are seeing Kil net unraveling itself first um kill milk is posing alism is over killet is now for-profit um activist organiz ation that will be uh taking Uh pro- Russian stance if you pay them uh having an army of 100,000 people it's really fun to

monetize this thing so who's getting paid 100,000 people how much you need to get paid to pay 100,000 people if you going to pay only the leaders like you know people not very happy so uh then he does the thing uh disbanding uh the group so uh K mil says for now everybody's fired I'm alone I'm going to take the group back so um probably the largest layoff in in history Grandma should be upset uh click in uh then uh he uh even gives uh control over uh to another hacker called backside and over a sudden um uh the other threat researchers and uh even his power saying hey did you used to call yourself black sight on other places

like you know is it really you you give control of killet to yourself he's like oh never mind this didn't work um October 3rd of 2023 in very unusual movement uh Kil milk actually in his uh public Channel calls for peace and I had to read this uh Post in Russian maybe 10 times to say what do you mean like is uh working for peace they uh asking to follow the Red Cross uh rules they trying to um ask entire Collective not to attack civilian targets uh well they were attacking civilian targets all along uh you know don't harm any civilians and stuff like that October 6th of 2023 many people would like to take that

go back to that day because the next day there is an attack against uh Israel uh terrorist action by Hamas and kill milk uh is not erasing the previous statement but post a new one um and calling for actions and attacks against Israel so back to war back to military actions by the end of uh 2023 killet is done killet 2024 you would not recognize it you would not recognize it at all killet Channel we are killet was sold by kill milk to a group called Dian Club the Dian club actually takes ownership uh paying around $10,000 for the channel and the control of the channel but the channel uh membership shrunk from 100,000 plus

people to about 3 to 5,000 you would not believe what uh K uh Kil n Chanel is doing right now under uh thean cab it's actually fighting Uh Russian illegal drug trade I'm not making this thing up I like you know I was reading it like that's cool I started the war against drugs in Russia uh but uh seriously they actually been uh doxing uh illegal drug Traders um and uh getting into fights with Russian um illegal drug trade but this is for different reason they're trying to restore Russian government F funding for killet that's the only reason that they actually picking that fight Kil milk changed uh his uh colors completely and um in uh Kil mil lost

control he lost respect of Russians Russian newspaper G gazetta that Tru which is Russian government controlled media actually duckes kill milk they call him at home they try to identify him and after much denial he is like oh well it's not me it's me it's not me it's me uh 2023 after being identified as a uh person uh behind uh uh killet and as a uh his connection with illegal drug trade Kil milk starts losing funding he overspent by March while uh being on the Russian government payload and collecting all the money for his Collective so he lost lots and lots of money we actually seeing that him uh ping uh all his cars four vehicles and

taking out loans from them his wife taking uh uh mini uh uh loans popular in Russia for 50 to1 us to pay for her nails and whole bunch of other things uh just showing that they don't have much of financial prosperity um kill milk is running between different groups and doing different things he uh is actually uh joining different projects and he is asking for different assistance he's uh looking for uh different ways to um uh make himself popular uh if you want to talk to him today if you go and find him on uh telegram he most likely will try to sell you a school of uh darknet um training course in Russian uh

and it can cost you between 290 to $229,000 us uh don't pay that um I read the reviews uh reviews are not great uh first of all uh from easy to uh read course uh he is uh once you pay him he won't talk much to you but he will send you couple uh links he gets from the internet uh and ask you to read it and uh send him uh more money so it's a scam uh but that's uh his main offering and he also U gets into flame Wars with a whole bunch of different uh people uh he fights with bloggers he fights with other PE uh people um and uh um quite

recently he even uh created a big uh fake news story where a drone uh flew into his house and killed him and and uh that was in the morning Russian media picked it up in the evening he posted I'm okay uh there was no drone attack I I I don't get the guy uh the only interesting thing that uh positive thing maybe that's happening in his life he is uh uh actually went back uh to his music routes he released several singles uh mostly um uh his political uh songs uh against uh various world leaders um he he he's okay with his voice content I you know not not particularly a proov uh but on a serious note on a serious note

uh killet uh is actually got uh Grim Legacy it created um a wave of activism it normalized activism think about 3 years ago uh in 2021 or before that imagine uh group of individuals from a single country attacking another country this would be an international Scandal this would lead to sanctions this would lead to calls for extradition this would lead to various uh uh political or legal moves today activism is normal and kill milk and killet are responsible for legitimizing this today's cyber warfare what's happening in the Middle East what's happening around the world where it's okay for a threat actor in one country to attack a another nation in the name of their um

agenda this is not really being cared as any milicias Kil milk had not gotten any sanctions any legal moves uh by any government even though his group attacked viciously various assets around the world this what KET Legacy is it also showed that um activism is not only on the dark web individuals within um killet did not hide their names did not hide their identities did not stay behind the onion links or uh proton male accounts they uh were driven by their society and uh they were Heroes celebrated heroes in their society we also learned that um breaches versus propaganda two different things KET uh breached very few few things in fact almost everything that they were

successful in infiltrating went to Russian APS went to Russian government for further exploitation there were not no known for breaching almost anything they would post different breaches try to broker things hype things up but they were not really known for uh technical provers however they are a propaganda machine and in 2024 I can tell you that uh propaganda is as hurtful as breaches certain statements misstatements or threats being taken much more seriously than any uh components uh that uh we um can find s a SQL injection Stone credentials or anything else but today's story is different it's positive we are here on a small island and it's uh small compared to many other great Nations my company is also a small

company that uh went after a giant how do you decimate 100,000 person strong herd but finding aillis steel is about being uh small But Mighty its ability of finding a weakness that an enemy has exporting this weakness within a reason and within common sense and actually uh bringing that uh huge group to a screeching Hal turning against itself uh making it lose its handlers and U making a slight difference in this overall game I'm not delusional killet is not dead the uh powerful threat actors who made it possible still uh running dos attacks still exporting things but the time of groups like this being built is over it's AP groups that still prospering but activism in uh Russia have taken a huge

blow which is not likely to recover anytime soon so this is a story of killet and uh taking down killet um in very unusual way and I think I have a couple uh minutes for questions yes five minutes for questions who has questions after this amazing amazing presentation none of us want to join Alex on Putin's list really Alex I think I owe you a shot for that one that's amazing story okay we do have a question don't be shy folks we're here to ask questions hey Alex whenever you compromised their infrastructure were able to detect what specific hosting uh they were leveraging like were they using cloud services so so this was bulletproof hosting uh

and uh called the CEO hosting um I don't remember where it was uh particularly uh based but uh it was uh impossible to get legal actions to get inside um what uh followed was a really upset uh Solaris uh members uh reaching out to hosting Solutions say hey you know what's going on what had happened um you know how do you guys uh let um this to be compromised and the Hoster just shut down their servers so you know um it's uh uh their response was uh very Swift um but um um the the holer was not at fault solar staff themselves um you know were uh really negligent in building uh this interconnected web uh

we had uh over 4 servers mapped out was an the infrastructure and it's not small infrastructure um the technical components of uh the marketplace were really ingenious because uh they created their own [Music] microeconomic coins but uh they were collecting money in a single uh Place using the virtualized tokens inside and the payments were reconciled at the end of day so this reconciliation was gave us a way to uh U get them to change because they were rotating uh the Vets all the time so we put uh our wallets in the rotation and they start depositing money into a

charity this was a great presentation um I'm not a technical person but I absolutely love this um so I imagine since Solaris was kind of like you know they're not going to call law enforcement to say hey somebody is you know preventing us from selling illicit drugs so but did law enforcement ever get involved from you on your end for what you were doing or was it because you were donating to charity that law enforcement was like yeah there's really not a crime here uh so so basically we consulted our legal team and legal team you know Russians won't be happy uh so if you go to Russia you may face certain things uh but all we're doing we are

letting them uh substitute the votes they need to be reviewing this and they did deposit themselves so we really didn't not take the money and moved it uh the second component is that uh this is really no man's land uh we under us in European jurisdiction we are not allowed to make these changes but when we went to law enforcement they said well it's Russian uh illegal drug trade you know what you know who who's going to go after you on a legal court so that that was the basis and you know it's uh it's defendable uh this is again uh a difficult component because uh uh this is Warfare um uh everything was carried

out by our Ukrainian uh Team uh you know just uh uh for more satisfaction uh and I can tell you that uh at the end of the day we did not Target uh for charity um anything but specific help to elderly in time of War especially as the winter was coming they had uh challenges so uh I think uh this was uh great humanitarian help uh rather than anything else and uh uh if drug lords uh lost some money uh most you know I'm not even sorry sorry any last questions before we break

I guess a quick thing is I noticed you speaking about their efforts to dox you threaten you and all sorts of things that they pretty much uh threatened you with really but is there anything you can kind of recommend or any measures that you would recommend people take in order to protect themselves their identities and the people around them uh don't use your name uh uh realistically uh this was uh the first time we did something publicly um main cases we expose groups but we don't name names uh in this particular case uh we went directly against uh um the people who need to know who we were because if it was just anonymous group uh it would be

swept at the the rug the goal was to get Russian government to pay attention and if we went small there would be no movement uh but uh I think um you know the the safety is a Paramount component um we have credit protection other components built we also made sure that uh my name is the only one that's playing out uh in the public the rest of it is our Ukrainian team um a group of um uh about nine people who uh went through um you know as a subset of our group and uh it's uh great thing for them because uh I think uh our cyber threat is much lesser than the folks in

Ukraine who actually pick up arms and defend their country so on one side uh you know it's uh careless and stupid but I think that um you know from as a person from Ukraine uh it's also uh with a bit of contribution uh to the war without um you know taking arms but also helping the country because uh the folks on the front lines in the much more in the Harm's Way than uh any of us okay I'm going to squeeze one last question in before I let folks out of the room um Alex that was amazing um I got into cyber security accidentally I was on the IT team for little company called fire eye that had just purchased

another little company called mandant um when when you talk about a telegram group with 100,000 users that's some pretty strong Community engagement uh can you say and you don't have to obviously are you tracking any Splinter groups from maybe some of the moderators who are really strong Community engagement there AB absolutely so uh this really splintered the groups what the group that went away at the activists uh who were you know occasional uh members but uh now uh there are more than 100 groups in Russia long that are operating under uh same uh uh M Mo but they are professionals and in numbers they are lesser significantly lesser some groups are from uh two three

people to a dozen but they're much more uh focused and I would argue much more harmful but as propaganda machine uh killet was one of the most powerful one and that's the difference but uh we definitely Tracking not only telegram but on other uh components other channels where these um bad guys are operating and uh the disinformation campaigns that they're running are and attack campaigns uh are unfortunately still unprecedented because they are break breaking all kinds of international laws and engaging in cyber warfare quite openly thank you so much all right big hand of applause