Renee dudley is a Technology Reporter at propublica previously is an Investigative Reporter at reuters. She was named a 2017 Pulitzer Prize finalist. Her work uncovering systematic cheating on College Admission tests. She started her career at daily newspapers in South Carolina and new england and has won numerous journalism, including the Eugene PulliamFirst Amendment award, the Ransomware Hunting Team, a band of misfits, improbable crusade to save world from cyber crime is her first book. So with that you for joining us today, renee, im pleased be here. Thank you very. So your your first book and when you this my understanding is this wasnt necessarily going to be a book so did you stumble into writing a novel . Yeah. Well, its not not a novel its actually narrative nonfiction. Its a true and you know, my like you mentioned my is as a corporate investigator and reporter i worked at reuters and right before i joined as a tech reporter with virtually no Tech Experience background at all. I was i was reporting on on big fortune 500 companies and got know chief Information Security officers and top i. T. Folks from these from these companies. And one thing i would hear time and again from them is we cant get our boards of directors interested in investing cybersecurity even though we know this is a huge issue. And at that time this was around 2018. One of the things that they were increasingly worried about was ransomware. And ill just lay it out for those of you who may not be as familiar ransomware is a type of malware that encrypts files on your computer and it it demands a ransom to get those files back youll have to pay a hacker demands have have dramatically increased from hundreds of thousands of dollars a decade ago to millions and tens millions these days and i thought oh, thats interesting ransom where so when i when i joined propublica my my editor who later my coauthor he just about as tech savvy as me which is to say he was not at all tech savvy. And when i mentioned this phenomenon, john, that people werent investing as much as they should be in cybersecurity, he got interested away. And just the ransomware itself, he was blown away by the fact that there was ransom. Peoples computer files could be held for ransom, just like kidnap for ransom. And we decided to go all in on ransomware as a series in 2019 for propublica and. I started reporting it. We were convinced that there would be some us angle to ransomware beyond. The fact that there are so many us victims. And as i started, everybody who knew anything about it direct in me to this man that they knew by a demon slave. Three, three, five. And i. Okay, whats his real name . I dont know. We just know im by david slay three five. Okay, so i find on twitter where hes got, you know, a gazillion followers and i track him down to his employer, which was cannot make this up a nerds on call it a repair shop in the town of normal illinois. So you know as a reporter im thinking well this is fantastic i already love it im this is you know and i call him up and he was he was surprised to hear from me because hes, you know, a quiet humble, modest guy who doesnt with, you know, any press, let alone the national press, frequently. And we got talking about and when he saw that, i was serious and was asking the right kind of questions he really he went all in and we got to know each other. And he was very helpful in helping me report the series that will probably end up talking a little bit more about it in a while. But he he he was so great i wanted just his name was Michael Gillespie. And michael so great at making complex easily accessible somebody like me and was instrumental in helping us helping me prove you know who some of the bad actors were in this space beyond just the hackers themselves because in the on the us side of things there were some enablers were making this economy go round. And as i was reporting this series, you know, mike, michael continued to be a help and i learned that he was a part of this team called the Ransomware Hunting Team. And its a group of a dozen private researchers scattered across across the globe who devote their time and their resources to fighting the crime of ransomware for free and in their spare time, they develop tools to help people recover their files. Having to pay hackers without having to see that ransomware and. I learned that since been active in 2016, theyd saved of people from paying billions of dollars to hackers, which is remarkable because theyre not just saving people from paying this money, theyre also keeping money out of that ransomware economy. When youre not feeding the kidnaper of your files, youre making the crime less profitable and, less people are likely to get into into it. So i was really taken by the fact that there were these people out there doing this. And in the spring of 2019, i decided that it was time to go meet michael in person. So i did that he i flew from where im based boston to his his home base in rural and by this point i knew michael was the foremost code breaker. This team theres hundreds of strains of ransomware where 700 800 strains of ransomware and hed cracked more than 100 of them and he was cracking more than anybody else even on this team doing this remarkable work. But when i got to his house, it wasnt what i expected. So heres a guy who, you know, you know, i come come up as a, you know, corporate investigator, science reporter. You know, usually when somebody the worlds greatest at what they they have all the trappings of such they have handlers and schedulers they have people doing their public relations. You know, have your people to my people, not Michael Michael greets me from his front porch swing and a working neighborhood. His is in desperate need of repairs. Hes a big animal fanatic. Hed adopted eight cats and a dog and a couple bunnies from the local shelter. He took in. Theyre all kind of, you know, hairballs that are flying around like tumbleweeds. And, you, the one needs to be mowed and the leaves to be raked and his, you know, hey, come sit down on the swings, start swinging on the swing and and then he picks up his phone and theres 40 new direct messages on twitter and another dozen messages this popular, you know, computer help site, you know, called bleeping computer. And hes responding to people who are just clamoring, desperate for his help to retrieve their personal their university theses. Theyre corporate trade secrets, their law firms, client records. You know, just ran the whole spectrum. And he had respond to a few and then come to me, respond to a few more, come back to and as the day on he he he we went from talking about ransomware to talking his his his life and what the toll that ransomware had taken on it. He told me he was 28 years old at the time. He had just overcome cancer. He was struggling, make ends meet. He and his wife fell behind on their payments and they had to surrender their car to the bank. They fell behind their mortgage payments and they almost lost their one month. Theyd have to turn off the water so that they could pay the electric and then theyd switch it the next month. They were really and all the while responding to thousands of victims a month and helping them for free and doing all of this without without any kind of recognition or thanks or payment and. I was so taken. I was really blown away that he was not motivated by the typical things that motivate people, fame, money, power. Hes doing it because its there. He knows can hes knows he is one of the only people in the world who is going to do this. And, you know, as somebody was bullied in his youth, this was his way. Like other members of the team, a lot of them feel its their way to get back at the boys of their youth, to protect place that they feel intellectually at home, which is the internet and and gone on to help millions of from paying billions of dollars and so it became a profile for propublica and the series that ran in 2019 got after especially once that profile ran got quite a bit of attention from literary agents and subsequent life became the book. Yeah, with that opening you can see why is not just a 1200 word article that runs once its a deep about people thats also going to have the theme of ransomware, the ethics and other through it. And well cover some of that as we continue to have our chat here today. So youve get to this. You meet michael, youve written this series on this. And so as youre going series to book here and as youre laying this out, so lets go through and talk some. So youve talked about the Ransomware Hunting Team, but who is our arch nemesis in this . So who is the other piece that the the people that are doing the ransomware, are they just 100 completely evil or is its a little more complicated . Yes, it is. Although one of the criminal organizations that ill talk about is appropriately named evil corp. So, i mean, if youre doing the crime, youre going to that spirit and you. But its a good question and this is one of the things that we weve really to get at in the book. Who is the other side of this . And one of the things there are some unexpected things, you know, maybe i shouldnt have been surprised this, but one of the things that i found that i found surprising is the hunters and the hackers. Remarkable similarities. Theyre mostly young men. Theyre mostly selftaught the hunting team. You know a number of the members, the only one or two of them graduated, college. Some of them didnt even finish high school. They learned their craft, their craft, the cryptography, the reverse engineering malware. They learned this from watching youtube tutorials, getting books out of the library. And the evidence suggests that what the hackers do to theyre not theyre not they dont have, you know, a huge record of Higher Education. Theyre selftaught. You know, the evidence suggests many of them are gamers, just like the team, and they have even similar interests in movies. A number of the team members, theyre with disney, Michael Gillespie, his Favorite Movie is the lion king. And theres a strain of ransomware called acuna, which had and so theyre theyre obsessed with cryptography, which is, you know, the study of codes and code breaking and and theyre using their skills the same for two different reasons. One is creating ransomware, and one is fighting it. Theyre the thing that separates them more than anything is their greed. Now, that said, know theres been some interesting back and forth banter among among the hackers and hunters. And its one of the things that that keeps exciting for them. You know, the hackers know that the are picking apart the code, their ransomware. So then insert little messages in it and from time to time there will be a little recruitment message, you know, use your skills, come to our side. We love your skills. You can clear, you know, a couple hundred thousand in one weekend if you just, you know, put them to use the way that we think should. Of course, the team would never do. But in darker moments you know any of a number of them like michael are with a financial stresses you know they know if they they applied this for the you know the wrong they would be able to those those problems go away but course they would never do this. You know the hackers themselves cause you know they run the gamut too. I got to know a hacker, adrianne, who described himself as in it, a professional who couldnt a job. And he was living in the middle east. And so he to put food on the table. Well, how did he do that by ransomware . He decided to start a strain that he called ziggy. And he hit people. He said he was politically motivated. He hit people in the us and israel charging them few hundred dollars a pop to get their files back and was his way of feeding his family can find a job he wasnt interested in guy because to hundred dollars at the time that he was active which was in 2020 even then was you know that was a small change i mean that was really not this was as ransomware amounts were really drastically exploding and so eventually adrian decides he feels badly about what hes done and it may be coincidental or not, that he was having this these guilty of a global Law Enforcement crackdown, ransomware. But in any case adrian decides to get out of it and like everybody else in ransomware, he approaches this. Damon say three, three, five in terms over the keys and, michael develops a tool so that people can recover their files for free and and he does that and adrian ends up giving refunds to people who had already paid. Thats on one side that sort of the quaint ten days of ransomware thats not evil, its not evil corp. Evil corp really represents the side of things. Ransomware these days is much more likely to be sprawl and criminal organizations that in many ways reflect typical corporate structures of of normal, aboveboard. Theyll have Human Resources departments, payrolls, theyll have specialized missions. Theres people who do everything creating the malware itself. Theres people theres a separate department to do the vulnerabilities, you know oftentimes these hackers are located in Eastern Europe and theyll theyll have who are english language specialists will run the negotiations because know oftentimes you can negotiate the hackers to lower the ransom demand. Theres people who do the money launder and its become very highly and evil corp run by hacker whos now indictment by the u. S. Justice department. His name is maxime jacob. Its it really represents this new era of ransomware and. This is the way that most of these gangs, the most successful gangs that are these days are structured. You cubits is interesting for a number of reasons. One is that he, although hes under indictment, he feels so secure in freedom because hes in his in moscow and he you know, he feels so secure. He drives around moscow in a lamborghini with the license plate that translates to because he knows that hes never yet, even though hes under u. S. Indictment, hes never going to be extradited because the us does not have an extradition agreement with russia. Obvious only his father in is a known friend of vladimir and at the time of his indictment you qubits was known to be working on behalf of the fsb, russias intelligence agency. So its its its scary for a number reasons. One is just the sprawling nature of these criminal organizations, these days, but also the fact that so many ransomware gangs if theyre working at the behest of enemies of the u. S. , theyre at least working under their protection. And in the case of evil corp and and many other ransomware gangs these days ransomware historically, you know, a decade ago and and and even more recently had the Main Objective was to lock your files so that your parents nowadays hackers will steal your files before lock them. So when you think about that in terms of like. Maxine mckew bits working on behalf of the fsb, and youre thinking about the kinds victims of ransomware that youve read about in the news, its anything you know, he and his gang are taking anything from Health Records and, you know, corporate, intellectual to potentially state secrets. So its yet another disturbing new twist in. Yeah, so youve got this idea of this lone hacker individual which like adrian not really whats driving most this its well run criminal organized enterprises they have 800 numbers as you said you can call because in order to pay ransom is cryptocurrency and more have learned about it now. But if you go back to 2016, even me being the tech industry, figuring out how to get a Crypto Wallet and all of that stuff to pay ransom was so they set up one 800 call number help center. So that you could call them and talk to them and they would teach you how to get your your cryptocurrencies. You could pay them. So you go through this transitioning here, paying these ransoms. So ethical, not ethical, good idea, bad idea. Walk some of the things you cover in the book about should you pay the ransom or not. Yeah i mean its its the ethical dilemma of book and we you know our inscription at the beginning of the book is if once you paid the dan guild, you never get rid of the dan the kipling the kipling poem and same was true of the dan guild is true of ransomware. If you pay a ransom youre feeding the ransomware economy youre making the crime more profit. More hackers will get into it and then they can charge more money, theyll have more victims. And the crime keeps going round and round and round. On the other hand, you know, when you look at it from the victims side, things if you are a victim without adequate of your files and you you, you know, say, you know, a business or a hospital and you need to get your files restored to get up and running, you may not feel like you have a choice and it really becomes becomes this dilemma. We at a few cases one and then theres cases where you want to pay, but it cant happen fast enough. And there was a case involving a hospital in alabama. You know, the electronic Health Records were down and the various systems monitoring were shut down. And newborn baby died because ransomware shut down the fetal monitoring and it was all know where where this monitoring ordinarily would have happened at the nurses station and the nurses would have seen the distress, the fetus they didnt see that the baby died severe, would have delivered by csection. But ended up, you know, being delivered normally and and with severe brain damage. Died, died shortly after being born. We looked at the case of baltimore, which was in the news a few years ago. Some of you may remember this the baltimore was hit ransomware and the mayor famously resisted paying the ransom and it was widely seen as being a brave ethical decision. You know, especially, you know, theres a lot of sensitivities when taxpayer dollars are at stake, especially. Well, what ended up happening is the cost of recovering from backups without. Paying the ransom ended up being orders of magnitude more than the itself, which drew other types of criticism, of course, but its thing that a that that all victims have to struggle with and is the reason why members of the ransomware hunting would and the fbi and everybody else would suggest that prevention is the best is the best approach. You dont want to you dont want to need the services of a Ransomware Hunting Team. You want to have adequate and wellprotected backups of your information to begin with so that even if you are hit, then youll be able to restore from the backups. Yeah, youve got to be able to restore those backups in an adequate timeframe. Well, this is one many of you may have seen the Colonial Pipeline news from a couple of years ago where they had backups. But those backups have taken weeks to restore from and we were going to run out of gas in the northeast four days. So in that case, the ransom was paid and then that ransom was this was a big, large, high profile case. And i think some of our authorities decided that this was one to set an example or they were going to extradition treaty or not go figure out how to get that money back, which they did. In that case, you can look at that one a little bit online, but so as we go through this, so were looking at paying these ransoms. So if i pay them, do they always is this just like regular kidnaping . You pay and you always get the person back or is the person in this case, your data is it always coming back or not . How do trust these criminals when you give them the money and it is like regular kidnaping in many regards and usually if you pay, you do get your files because if you if you dont, then well get out and then people will be less likely to pay. And that does happen. There are the most probably promise in ransomware help site is run by one of the members of the Ransomware Hunting Team and its called bleeping computer and victims of ransomware will go on there if theyve been, you know, double crossed by by one of the ransomware gangs and say i paid this ransom and i didnt my files back, as you can imagine. And its actually effectively shuts down payments to that group because nobody wants to be paying six or seven figures of ransom and then not get what you were promised. Hackers know that thats bad business. Usually when you pay theyll give you your your decryption tool. Yeah so as youre going through this is a business or an individual youre thinking about paying this ransom. You decides, you know what, im going to go ahead and pay this ransom, but im going to call the fbi just so that they know. So if i call fbi, what happens next in this situation . Well, thats thats changed. You know, the fbi the topic of the fbi is interesting because it comes up in light of. You know, i get asked frequently what why ransomware gotten so out of control over the past ten years. Like i mentioned the top ten years ago, ransoms were hitting mostly home users, 100, a couple thousand dollars. These days, its hitting the biggest corporations, the biggest governments and ransoms are routinely in the millions or tens of millions of dollars. There are many behind this, but one that cannot be ignored is the role of the fbi. The fbi is the the Law Enforcement agency that is in the us primarily responsible, the agency that has the most responsibility for containing the Ransomware Threat and things are changing since the colonial, but up until up until relatively recently, the fbi had dismissed ransomware as an ankle biter crime. They they just thought, well, this is, you know, teenagers you know we dont have to really worry about this. Its not, you know, sort of your higher level, you know, state sponsored, you know, criminal attack, which turned out to be wrong. And a lot of the issues with the fbi can actually traced back to the j. Edgar days hoover, the legendary director of the fbi. This mantra that fbi agents should be able to do any job anywhere this works out okay. If you say white collar investigator who gets moved on to a gang crime, it doesnt work out as well to try to move, say, a gang crime investigator on to a cyber cyber squad. And the reason is that the skills that it takes to investigate cyber crime are so specialized and theyre usually over a lifetime. I, i think of people like the members of the Ransomware Hunting Team, most of them been obsessed with computers from their youth and, you know, the computers, you know what they did in every waking moment and people with no or aptitude even, you know, bright fbi agents, people would know if they have no interest or aptitude in computers. Theyre not going to be able to get up to the level of these guys or people, you know, in cyber who have spent an entire career doing nothing but cyber crime. So thats one issue is that theyre trying to turn people with no interest or aptitude into. Topflight computer, Computer Science experts. The other main issue there that they just dont have enough people or on cyber squads to begin with the people that they they do you know there are some really investigators cyber in the fbi but with the issue of having to constantly retrain new colleagues and their supervisors. You know one one agent described having compare everything to cars because that was you know the level of understand ing of his supervisor. They get frustrated and they leave. And of course, they can make much more money in the private sector. And theres also this culture in the fbi. You know, its a very macho theres this culture that the skills of cyber investigators historically theyve been treated as lesser. Youve got the swat team counterintelligence, counterterrorism guys at the top and then the cyber the cyber investigators are all the way at the bottom of the pecking order. You know, theyre there for us to with jobs like, you know, do you have to do your physical fitness requirements with a keyboard in your backpack and things like this and it kind of erodes this already tenuous sense of belonging and they get up and they leave. Interestingly. With, you know, you wonder, well, who does this right . Interestingly, the Dutch National police have done an fantastic job of confronting the Ransomware Threat and the most notable comparison between the fbi and the Dutch National police is just the volume of computer scientists that they have on the dutch established their high tech crime unit a decade ago. And one of the founding principles of the unit was that there would be an equal ratio of traditional Law Enforcement officers to computer scientists, and its that ratio in a traditional cops with with with people who really understand the technical underpinnings of a case that has led to a lot of their a lot of their success. And i think about it in terms of what it takes to be an fbi, you know, fbi, you know, they want you to be able to pass fitness requirements and, carry a gun, relocate around the country necessary. You think about the kind you know, Michael Gillespie, he both he would neither want to carry a gun. You wouldnt want him carrying a gun any you know, he couldnt run around the track, you know, two miles and under 14 minutes, you know. But hes the kind of you hes got the kind of mind that they really need. The dutch have figured out you dont need a College Educated athletic gun toting. You know, candidate. We can do this with just people who love computer hackers. And so they got rid of all the traditional cop requirements but didnt get rid of the promotion. Everybody, regardless of whether theyre a traditional cop or not is eligible for the same promotions. And the other the other thing they do right in contrast with the is, you know, in the fbi prestige prestige typically springs from being a successful whats known as trial agent. Those are agents who you know who who make and diet, you know, bring charges indict indict suspects that you know, make the nightly and make them. But, you know, as as no arrests are hard to come by. It comes to ransomware because the criminals so often are located places like russia or north korea who arent going to extradite. So what the dutch have figured out is they can they can get at ransomware by taking down the infrastructure. They go after the criminal servers, take those down, take down the the ransomware, spreading botnets and and sort of go around the periphery the money launderers and that kind of thing and, you know, were seeing more of that from from the fbi now, you know, to your original question, when you call the fbi, what it used to be, you know, not that. Yeah, increasingly have, you know, in the wake particularly of the Colonial Pipeline incident theyre working more with the Ransomware Hunting Team. Theyre prioritizing work. The private sector. Earlier this year, there was a successful takedown of the Ransomware Group and theyre doing more. The things that the dutch have had a lot of success with over the past decade. Yeah, its one that creates an interesting ethical for the fbi agent as well. So if youre out, say its a business that u. S. Business calls, says, hey, fbi, ive been ransomware and then that business decides to wire 5 million to Ransomware Group north korea. That business and the people that made that decision that business have just committed federal crime that that fbi agent watching them do it could arrest them for it and could actually prosecute because theyre already here in the u. S. So its like, how do they turn a blind eye to that sort of piece of this . You pay the ransom. Its breaking a real clear crime. Yeah, well, paying a ransom is is not necessarily the crime. Its dependent, as you mentioned, if it goes if its known to go to north korea, you know, theyre obviously breaking sanctions, but historically and even today, the fbi will tell victims of, ransomware dont pay the ransom. They dont want anybody to pay the ransom, but they give no practical alternative. And thats thats what what victims have found so frustrating and increasingly the fbi is working with Michael Gillespie and the hunting team and theyre spreading word when when the hunting thing comes up with solution that, they dont have to actually pay the hackers theres there maybe theres a way to recover your files without having to pay the hackers if dont have backups and thats been one of the big changes since the colonial took the colonial pipe pipeline incident. Yeah. Are we ready for questions out in the audience does anyone have some. I can always keep asking rene. So lets go ahead and get the microphones to around the room. Weve got a handful here. Start there in. The middle. Thank you. Hello. I was wondering the use of bitcoin. I know that Bitcoin Transactions can be tracked so is there a rise in gaining that money back from the bitcoin wallets of the bad . Thats a very stupid question. So while bitcoin is traceable all very often hackers use whats known as tumbling or mixing services. Its their way of laundering the bitcoin and that makes it a whole lot harder to trace. Its not impossible. Theres also some other types of crypto currency, the dash and monaro that are even less traceable, so they find their ways around it. But its it its, you know, ten years ago, what they would do is, you know, theyd have prepaid cards and theyd request payment through those and that would be theres no way of tracing that. Its its more traceable than that. But it is still very, very tricky. Weve got one up here at the front, a couple up here on the front in the case. That you told us about with the baby that died in alabama. If the person who did the ransomware on that was caught i dont know if they were would they be charged with murder. Yeah, im sure theyd be charged with all manner of federal crimes. But thats the problem. So often arrests are just impossible to come by that was believed to have been Ryuk Ransomware was one of the most notorious ransomware over the past five years. Theyve really in this is they called big big game hunting era of ransomware where the hackers were sure of their targets they it became more targeted they went after targets they went after victims that they knew had money to pay. You know your bigger bigger hospital and and bigger municipalities corporations and ryuk is this this this this this group that hit that hospital. Theyre theyre known to be a russian organization. Im interested in the size overall the main. Okay and what percentage would be like single entrepreneurs, Small Businesses and. Then the corporate structure. For instance 20 years ago i research at the inventors of totally new visuals on computer. It turns out there is only 20 world wide. A couple from japan and the rest were from sweden so you know how special ized is it . Yeah well, when. When ransomware was just kind of getting its footing a decade ago, it was mostly users that were getting hit. And now its most small and medium businesses are a huge target these days. As as is, you know, as are huge corporations. And municipalities colleges, Higher Education is a big target these days. You know it, it runs the gamut. One of the dilemmas that victims are often reluctant to report that theyve been a victim of ransomware. So to answer your question about the magnitude its impossible to say to put things into perspective give the fbi gets about 2000 reports of ransomware a year we know that that is dramatic under under representing the magnitude of the problem and we know that partially because Michael Gillespie has a website called id ransomware, which is a site that anybody can use if youve been a victim of ransomware can upload a sample encrypted file his site spits what type of ransomware has afflicted you and whether theres a free decryptor the team or somebody else has come up with and how to get it. Submissions to this site he gets about 2000 a day, so he gets as many submissions in a day as the fbi gets in a whole year and thats just people who about his site so its a huge problem but you know people are reluctant to report because theyre embarrassed they fear that the fbi wont be to help them. They fear that while, you know, may maybe the fbi will come looking at me for, you know, you you know, theyre worried about their dirty laundry being aired. So its really challenging to get at the magnitude of the problem. But it by all appearances seems to be getting worse. Yeah, we didnt get a chance to talk some about the insurance angle and side of this, but its in the billions dollars a year that this this is not little kid money this real scaled industry likely hundreds organizations that are the criminal enterprises. So this also isnt we just down one and its over if we take down one of these organizations, theres other ones sitting right there behind. Them, well go ahead and take one more back over here. Then i think well be wrapping up after that. What advice would you give to young people who want to pursue a career in cyber and also want to prevent Ransomware Attacks and cyber . Well, thats great to hear. Theres plenty of room and its a lucrative profession these days. And on that point im glad to tell you that Michael Gillespie is doing financially lot better these days and has a job also until they get to find that out, if they bought the book has has a better job and as im sure financial footing but theres so many great resources online and so many communities where people who interested in this type of stuff gather the way that the team came is through that website i mentioned bleeping computer. It was an i. T. Help site. And when ransomware started taking off, people would come the site and say, ive been hit by the strain of ransomware who can help me. And dedicated core of researchers just started responding to people. And as time went on, they realized its the same, you know, six or seven of us who are responding to one of these. We might as well start our own slack channel and Start Talking about this stuff for real. And thats exactly what happened. So this these groups are out there and they they tend just get up, you know, you know, sort of organically. But wherever you find your, you know, your interest and theres probably out there who need your people there who need your help. Well, thank you for us today, rene, and thank you for coming to san