Authors and Panel Discussions about race and immigration we do lots of classes and conferences. If you have not received the latest news order please purchase a book at the end of the night it will tell you what is coming up over the next six weeks and a quex reminder. It is critical for every person alive in the 21st century in addition to taking on a journey of understanding the awardwinning author and journalist takes a stab at what motivates the sand worm hackers and how they protect the Critical Infrastructure and what lessons have we learned a new era of the most dangerous hackers you would think youre picking up the latest tom clancy novel however it really happened spending three years researching the story in the process to ukraine denmark and russia looking up sand worm on the internet i am not a Science Fiction aficionado its a animal that appears in the doom novels and for wired magazine with privacy information and hacker culture the author of the machine killed secrets and the wired cover story winning an award from the professional journalist and lives in new york with his dark wife a documentary filmmaker and we are honored to have in conversation with andy about Computer Security and privacy he wrote about Cloud Business computing and a bit coin and lives in San Francisco please give a welcome to andy. [applause] thank you so much for having us here its really wonderful to be in a full service bookstore like this. I will get to your question about sand worm but i want to start like i feel like i should apologize because his first book came out i just read a little blurb and i said that story about Julian Assange and cryptography and the quest for conversation on the internet and these technologies that allow wikileaks to have them but now i dont know this will catch on but i remember writing im not sure this wiki thing might be overblown. Like theres no point in the story of leaks and then i forgot everybody forgot that i wrote a book about the leaks lamented just kept coming and now its part of the culture almost like generational of those millennia is one millennials of post millennials this is a wonderful time to be a journalist one of the big stories in the news right now is about a whistleblower. It really took off so a few years later have you connected that if technology really did build a new sentiment of the leaker generation. I didnt expect to be talking about this book but it was mega leaks and with that data digitally and anonymously yes that is happening like the Paradise Papers that followed have dwarfed all of the leaks i wrote about in that book and continue with the exponential trend line that it shows we are in this new era of liquidated information that can be leaked and talking to the german reporters who are paying the penalty now every newspaper has the same cryptographic protected anonymous inbox that wikileaks invented and popularized now the wall street journal has those the wire has one and then the New York Times with serious Investigative Journalism maybe it was too early because it came after wikileaks and then it became very much news the 2016 i hope this book has better timing. I hope you are wrong this book is terrifying. Really the book puts the risks of cyberwarfare in a context and perspective that if you would have asked me of this would have happened ten years ago i wouldve laughed at you at that time i thought of cyberwarfare as a term for espionage or Software Related to in fact the nuclear version but it was Science Fiction but the book captures the whole context so the first question to start with about sand worm tell us how your book came to be called sand wor worm. In 2016 after the Election Hacking by the russians my editors were obsessed as anyone and wanted to find the big story of cyberwar and like you i didnt say this out loud because i do what editors ask for but i was resistant to the idea that they stole the information from the dnc to me that seem to be republic but not cyberwar but i went looking for what could be a real cyberwar story but mike colleague had written the story about the first ever blackout happening in ukraine so talking with what was happening in ukraine and with that bigger context in 2014 they had this revolution that was breaking free of the influence and russia had responded by invading and they were accompanied by wave after wave of cyberattacks not just one blackout but were they tried to spoof the results of the ukrainian election before they tried to mess and they had Government Agencies and private industry destroying hundreds of computers in the networks and then finally that first blackout had the climax from the first attack and with ukrainian civilians the first time that has ever happened anywhere in the world and then there was a second blackout so the story was still unfolding and it wasnt real war it is an actual nationstate hacker group with Critical Infrastructure and in the midst of a physical war and then trying to figure out who was responsible and who were the Russian Hackers and entrance raising their company outside of dc and they discovered these hackers and they seemed to be russian in 2014 and the group they appeared to be russian because they left one of their servers open and the United States analyst found russian language for the malware they were planting on the targets in Eastern Europe so it seemed they were doing typical espionage stuff but then they began to notice some of the targets did not look espionage back Critical Infrastructure for even in the United States american grid targets had the same malware planted in fact this group use them as the first step but the reason and this group would be called sand worm is each of the victims of that first round of attacks was identified in the snippet in each of those references was a little name from the Science Fiction novel dune that was called sand worms so we just named it sand worm and looking back it was incredibly appropriate because it is a monster that hides beneath the surface and only occasionally surfaces to do terribly distraught one disruptive things which was very appropriate for this one group of hackers to become the first real cyberwar. Is it big in russia quexs. [laughter] but they were using that same server to control this malware. Actually thats what tied the attacks together in the first victims of the 2014 campaign. But the stories that you talk about we had heard about cyberattacks on the grid for years and they were always wrong or like a squirrel or transistors so when this happened when people were suggesting it could be a cyberevent . I got in late 2016 and then it was a year since the first in fact the mechanics were laid out by a cybersecurity analyst who eventually became the central characters in my book and the mechanism of that first blackout is so interesting starting with the typical documents and a fishing email that is the malicious part of it then they would steal your passwords and then the vpn to move into the other part of the electric grid network and that is what trolls like Circuit Breakers but then the way they took control was insidious they hijacked the Remote Desktop like it administrators would to remote into your machine and then the poorer grid operators in the control room watched as the mouse started moving of its own accord but then they could not click through all the Circuit Breakers and then turn off the power to thousands more there was nothing they could do about it i was very drawn to this hacker group and i got this by going to that utility and you Eastern Ukraine and then it airdropped into my iphone it is something that i heard about but then we could see it. You write a lot of interesting stories about cyberoffense but at what point did you feel this was a topic for a book quexs. I eventually delivered for wired which was the ukrainian federal wars that by early 2017 i had gone to ukraine and what was happening with this one group of hackers that we came to know as sand worm carried out these escalating attacks and the thesis of that story is we have to Pay Attention to ukraine thats where russia shows the capabilities and using ukraine as a test lab for innovation and we can see cyberwar and we can predict lightly what happened to ukraine can happen to the rest of us. And the day it hits the newsstands and it was released by the same with the worst cyberattack in history it to take down the Worlds Largest shipping firm and fedex and on and on with this prediction and on the very day that you print it that is what happens and that ukraine was a canary in the coal mine. It took a little while to recognize what it was now i have to define sand worm but that this piece of malware that spreads from computer to computer automatically which is amazingly dangerous. And that is what happens but it looked like ransomware you have heard of that and then demands a certain ransom. And then to gain access. And then people realized even with 300 you could not get it back and a destructive form pretending to be ransomware it was a cover story that hits ukraine very quickly and destroys the networks of 300 companies of Government Agencies and many hospitals and transportation, atm it was the carpet bombing of the countrys internet but it wasnt initially clear but as they reported to their shareholders 300 million in damage. With those Ransomware Attacks it cost 20 million ultimately. From one company and losing 750 million. In this is quickly turning out to be the worst attack in history but none of them would talk about their experience or how they would lose that much money to this attack so it was becoming clear it was something unusual to see the full scale it ultimately cost 10 billion but we quickly could see the forensic link and the earlier sand worm attacks that turned off the lights. This is the work of one group and i could see there was an arc to the story and thats when i began to work on the book. Its crazy because it was designed to spread like a worm around the world. So we have the two attacks that are linked to russian intelligence and one causes widespread damage including taking out companies in russia. Why . s. When you try to figure out what it was intended to do, it worked by hijacking the ukrainian Accounting Software. And then piggyback on the Software Updates and pretty much anyone in ukraine who wanted to file taxes or do business had to had this Accounting Software its equivalent to turbotax. That was how it was targeted ukraine but it seems that sand worm in this way that i have come to associate the Russian MilitaryIntelligence Agency that thought sand worm was a part of what is insanely reckless and brazen attack to shoot first to destroy the internet without considering the collateral damage. Not only russia but i spent nine months reporting this book delving into the experience of the Multinational Companies to capture what it looks like when the entire global conglomerate is online. My favorite part is that shipping giants there are 18 wheelers turned around at the ports around the world and just to the global traffic is frozen by the ransomware and at minsk they almost lost everything almost all Domain Controllers but they got lucky. Because in the beginning of the story at their headquarters in copenhagen they never returned my calls. None of these Massive Companies that would talk officially what happened to them or that it was russia it took back channel investigative reporting and it starts with the it staffer who told me his screen was black and then he looks up to see there is a wave of black screens going across the room in the office as every screen Global Headquarters turns black and then shows a ransom message. People are running down the hallway everybody turn off their computers before they can be infected going into middle of meetings to jumping over turnstiles even the physical Security Systems were already locked and paralyzed by the malware. And those terminals and then to carry another Empire State Building worth and they couldnt figure out what was on the ships they didnt have Inventory Software did not know how to unload them. Seventeen terminals around the world so the trucks are lining up by the Thousands Miles long nobody is telling them where to go they cant even send an email to tell them whats happening one staffer who was enterprising went into his own Gmail Account but the entire network was down tens of thousands of trucks had to figure out where to send their containers but is part of the just in time supply chain. And that is 17 ports around the world. And with that pharmaceutical science and then fedex and each one has that disaster story. And that cannot even be quantified and hospitals across the United States and that is speech Detection Software that allows doctors to read changes into a medical record to have them automatically update from an audio file. But nuance was taken down and lost 92 million but the bigger cost is that new wants failed so that all the hospitals and one executive told me she was on a Conference Call were hundreds of people were trying to get answers so there were dozens or hundreds of hospitals had doctors who were reading changes in to the software and it was lost. Like procedures to be followed for surgery. Everything. Talking about someones treatment but a test that is necessary before surgery it took one it administrator told me that one week later i should say in some cases they had many millions of changes to medical records that were lost. And an it administrator was panicked by a nurse we have to transfer the patient and we dont know if they had the test necessary to clear them for the procedure and then it was a few hours before it was scheduled to happen and then find the lost audio file to make the change manually and they did it just in time but it happened three more times just in this one persons experience in that week. And then you multiply that by how many patients were affected it was hundreds of thousands and hundreds of hospitals i did not actually confirm anyone was killed, but you do start to question how did that not have somebodys Health Seriously harmed on such a massive scale. I will come back for questions in a few minutes. And built on a couple pieces of software that was created by the nsa and another by a french man. There were two pieces that were not created to do this. Basically there were three main ingredients. With this armageddon moment there was that hijacking moment. Not that you have a foothold and with the nsa hacking to all. And we still dont know how they steal those tools from the nsa that could break in with this technique that was paired with a demonstration that was intended to mean cute cats but it was a dangerous component because they could take all the passwords on the computer and then use those to gain access that the password had the access to so if they intertwine and seeding that out given the initial foothold on the network with any of these ukrainian institutions in seconds it could saturate every computer on the network. You have 10 billion in damage in part because of the nsa hacking tool. How much of that is nsa quex. Eternal blue this tool was leaked by the rogue hackers but they did their best to respond and they pulled microsoft before it was leaked publicly they try to help them put out a patch to protect people but it turns out patching is a problem you have to convince millions of people to install the patch and a lot of people dont. Do you blame the nsa the tool was taken and misused . To use it almost exclusively but they just spy on a global scale but they will use the same hacking tools to disrupt the same way sand worm does. But what you can criticize them for before it was stolen and leaked. Thats the theme of the book that the Us Government has its entire story to be so much more interested in these capabilities to push forward the arms race of cyberwar than trying to control these incredibly dangerous hackers and the ark of the book is how the us watched cyberwar. As sand worm turns out with thousands of ukrainian civilians even though ukraine is not nato to say thats not okay you dont do that to anyone especially was cyberwar crimes. So what do you think the red line should be . Where would it be quex. Its probably never okay but that indiscriminate mass scale of the first of these quarter million ukrainian certainly thats not okay but when i put this both to obama and Trump Administration officials they both made the argument we want to be able to do that ourselves we dont really want to call out russia or have the Geneva Convention for cyberwar we want to turn that off and destroy entire networks. But it should so shortsighted because we lived in that targeted way but when you call out russia to set the rules nobody should do it then sand worm does i