Welcome to our new website!
Aug. 1, 2022

Warshipping: The latest trick in the bad actor's playbook

Warshipping: The latest trick in the bad actor's playbook

Warshipping is yet another way hackers are taking advantage of how the pandemic has changed the workplace. Did you know you could be hacked by UPS, Fedex, or the postal service? Warshipping is shipping a self-powered device in a package so that it arrives at your office and is left unattended. (It's sent to someone working from home.) The device then sits there, sniffing the wifi, and eventually cracking your WiFi network and attempting to steal secrets. This isn't science fiction; it's reality. It's enabled by so much remote work, and by technology such as the Raspberry Pi. Read all about it in this article in DarkReading.com: https://www.darkreading.com/edge-articles/i-built-a-cheap-warshipping-device-in-just-three-hours-and-so-can-you

In this episode, Prasanna and Curtis discuss what this is, how it works, and what you need to do to stop this new attack vector.

Mentioned in this episode:

Interview ad

Transcript
W. Curtis Preston:

Hi and welcome to Backup Central's Restore It

W. Curtis Preston:

All podcast, I'm your host, W.

W. Curtis Preston:

Curtis Preston, AKA Mr.

W. Curtis Preston:

Backup.

W. Curtis Preston:

And with me, I have my AirPod loss consultant, Prasanna Malaiyandi.

W. Curtis Preston:

How's it going, Prasanna?

Prasanna Malaiyandi:

I'm good, Curtis.

Prasanna Malaiyandi:

I'm good.

Prasanna Malaiyandi:

Isn't that?

Prasanna Malaiyandi:

The problem with such small devices?

W. Curtis Preston:

It, it, it really is.

W. Curtis Preston:

And I haven't even told you the, the end of the saga, right?

W. Curtis Preston:

Because you, you remember, I had, I had a, I had a missing AirPod, right.

W. Curtis Preston:

And, and just to make it worse, it was an AirPod pro, so it's like more expensive

W. Curtis Preston:

and I didn't, and no, I didn't pay for the insurance, which, you know, given the

W. Curtis Preston:

costs and everything I really should have

W. Curtis Preston:

. So.

W. Curtis Preston:

I, um, I couldn't find the one, the one AirPod and I, as you may know,

W. Curtis Preston:

I recently have my office painted.

W. Curtis Preston:

So, you know, viewers that are watching this, you can see this,

W. Curtis Preston:

this is agreeable gray behind me is the official color of that.

W. Curtis Preston:

Um, cuz it was like peach for the longest time, cuz this was originally a nursery.

W. Curtis Preston:

And in the midst of cleaning my office, I found the missing AirPod.

Prasanna Malaiyandi:

Where was it?

Prasanna Malaiyandi:

It

W. Curtis Preston:

It was just literally laying on the floor over on the corner.

W. Curtis Preston:

So I went to my wife and I said, guess what?

W. Curtis Preston:

I found the missing AirPod.

W. Curtis Preston:

And she said, guess what?

W. Curtis Preston:

I found your AirPod case and your other AirPod.

W. Curtis Preston:

Where did you find it?

W. Curtis Preston:

In the wash.

Prasanna Malaiyandi:

Did it actually run through the wash?

W. Curtis Preston:

Oh yeah.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Is, is muerto, my friend.

W. Curtis Preston:

So guess what I have now?

Prasanna Malaiyandi:

you just, well, I see that it looks like you're

Prasanna Malaiyandi:

wearing a new set of air pods.

W. Curtis Preston:

But guess what?

W. Curtis Preston:

This one has.

Prasanna Malaiyandi:

A tile on the back.

Prasanna Malaiyandi:

Wait, so are you gonna put one for of the air pods too?

W. Curtis Preston:

No, the thing is the AirPods themselves

W. Curtis Preston:

has if the AirPods themselves.

W. Curtis Preston:

So first off, I'm gonna be much more like if I can't find my AirPods right

W. Curtis Preston:

now, I'm gonna make it my top priority to find the missing AirPod at that moment.

W. Curtis Preston:

Right.

W. Curtis Preston:

I'm not gonna go, oh, I find it later.

W. Curtis Preston:

Cuz you gotta find it while it has charge.

W. Curtis Preston:

But I also would misplace it them in a case.

W. Curtis Preston:

Right.

W. Curtis Preston:

Because there's no, there's no feature to find the case.

W. Curtis Preston:

And uh, so.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

So I decided to put a tile and it looks doofy as hell, but

W. Curtis Preston:

you know, it is what it is.

W. Curtis Preston:

I, I, I'm such a big fan of the tile family, if you will.

W. Curtis Preston:

Uh, I have a tile, I have a wall, the credit card tile in my wallet.

W. Curtis Preston:

I have a tile on my, on my keys and, this is a very easy segue into what

W. Curtis Preston:

I wanted to talk about this week.

W. Curtis Preston:

Which is this concept of warshipping, which is a, not to be confused with

W. Curtis Preston:

worshipping, which is very different.

W. Curtis Preston:

Um,

Prasanna Malaiyandi:

I didn't,

W. Curtis Preston:

they, they sound very similar to the non-native English

W. Curtis Preston:

speaking ear, uh, war, as in battle and shipping, uh, what, what would you,

W. Curtis Preston:

what would you define war shipping as.

Prasanna Malaiyandi:

it's almost like remote hacking, if you will.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Where except.

Prasanna Malaiyandi:

It's taking that plus you're adding in, like, I know we've talked about

Prasanna Malaiyandi:

sort of physical penetration testing before in the past where you're

Prasanna Malaiyandi:

trying to break into a building.

Prasanna Malaiyandi:

Warshipping is like doing that without having to take as much risk.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

You're basically shipping a device to a company.

Prasanna Malaiyandi:

And letting it sit in the company and using it in remotely accessing and

Prasanna Malaiyandi:

try to gather all this information from their networks, etcetera,

Prasanna Malaiyandi:

all remotely, without ever having to be anywhere near the company.

Prasanna Malaiyandi:

And the fact that they don't even know that that device is there potentially.

W. Curtis Preston:

That is.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

And by the way, we, the first time I saw war shipping demonstrated

W. Curtis Preston:

if you will, is in what TV show?

W. Curtis Preston:

No.

Prasanna Malaiyandi:

That's

W. Curtis Preston:

actually, Mr robot was the one I was thinking of.

W. Curtis Preston:

It's quite possible.

W. Curtis Preston:

I've see, you know, I watched a lot of alias.

W. Curtis Preston:

I was a big fan of alias, but the thing was the tech in alias was

W. Curtis Preston:

often so like out there, right.

W. Curtis Preston:

Like I remember there was the one that I really think about was that

W. Curtis Preston:

they wanted to suck a bunch of data out of a server and they couldn't

W. Curtis Preston:

physically break into the server room, but they could physically break into.

W. Curtis Preston:

They could hover over the server room, like, you know, like the scene in, um,

Prasanna Malaiyandi:

Mission impossible.

W. Curtis Preston:

like that.

W. Curtis Preston:

So like hover in that way.

W. Curtis Preston:

And what they got was she had a hard drive with a built in wireless modem.

W. Curtis Preston:

And all she had to do was like, like hang upside down within

W. Curtis Preston:

like two feet of the server.

W. Curtis Preston:

And all of the data would transfer wirelessly up to this

W. Curtis Preston:

device via the wireless modem.

W. Curtis Preston:

And it was like,

Prasanna Malaiyandi:

cone from 2000

W. Curtis Preston:

Yeah.

W. Curtis Preston:

I mean, it's totally possible.

W. Curtis Preston:

Right.

W. Curtis Preston:

And the thing was, I don't remember what the number was, but it was something

W. Curtis Preston:

like 20 terabytes and it's like, you know, cuz they actually gave the size.

W. Curtis Preston:

They're like, oh this is 20 terabytes of data.

W. Curtis Preston:

And I'm like, so 20 terabytes of data.

W. Curtis Preston:

Wirelessly, nevermind the fact that just, I don't understand how

W. Curtis Preston:

it's supposed to connect to the server, but let's just let that go.

W. Curtis Preston:

You're gonna transfer 20 terabytes of data wirelessly in 30 seconds.

W. Curtis Preston:

I want that box.

W. Curtis Preston:

That's what I remember thinking, but no, that's not what I was thinking about.

W. Curtis Preston:

I was thinking about, uh, as I recall, didn't he want to hack didn't he want

W. Curtis Preston:

to hack into what did they call it?

W. Curtis Preston:

Steel mountain.

Prasanna Malaiyandi:

Yes, I think it was called steel mountain.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

Clearly an allusion to iron mountain.

W. Curtis Preston:

Right.

W. Curtis Preston:

They wanted to hack into the evil Corp and, and so they, they sent

W. Curtis Preston:

a device and as I recall, didn't

Prasanna Malaiyandi:

it was like a cellular device.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

It was a cellular device.

Prasanna Malaiyandi:

I believe that had like a wifi hotspot and would attack their network and

Prasanna Malaiyandi:

allow them to take over like the security controls and other things like

W. Curtis Preston:

Right.

W. Curtis Preston:

Right.

W. Curtis Preston:

And because as you know, we often know that physical access is if you can

W. Curtis Preston:

gain physical access, all bets are off.

W. Curtis Preston:

Right.

W. Curtis Preston:

I, I think warshipping.

W. Curtis Preston:

I, I don't, I'm not sure if that would qualify as war shipping because this

W. Curtis Preston:

is a specific, you know, and again, I'm not a cybersecurity expert, but

W. Curtis Preston:

to me, I think the idea is you're not even gonna do the physical penetration.

W. Curtis Preston:

You're gonna do it remotely via something.

Prasanna Malaiyandi:

I, but I think though the first part of what they did

Prasanna Malaiyandi:

in that episode, I know it's a fictional show that we're talking about Mr.

Prasanna Malaiyandi:

Robot, but I think at least the first part could be considered warshipping.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Because he is sending a device remotely letting it sit there.

Prasanna Malaiyandi:

I think it was sitting in the mail room if I recall.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And it got.

W. Curtis Preston:

I, I, yeah, well, if that's the case and I

W. Curtis Preston:

withdraw my objection, your honor.

W. Curtis Preston:

But what I remember was that he like stuck it, that he actually went in

Prasanna Malaiyandi:

Oh, he went in

W. Curtis Preston:

on a wall.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

That's why I'm saying, but anyway, again, it doesn't matter, but

W. Curtis Preston:

that's the thing that matters is that we're shipping a device.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

that is going to somehow remotely, uh, monitor.

W. Curtis Preston:

And this article that we found, which, which I'll put it into the, um, into

W. Curtis Preston:

the show notes in a, a site called darkreading.com, which is, it's not

W. Curtis Preston:

a little light reading, it's dark reading Um, and the idea is that.

W. Curtis Preston:

What, what he was saying or, uh, yeah.

W. Curtis Preston:

Will plumber chief security officer at Ray secure the, is that there are

W. Curtis Preston:

so many of these many computers and he specifically called out The raspberry pi.

Prasanna Malaiyandi:

pie.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

Um, and you know, that it comes, it

W. Curtis Preston:

comes with everything you need.

W. Curtis Preston:

then you just need to give it some storage and some power and, and, uh,

W. Curtis Preston:

it says, um, so it's just interesting.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

So the idea is that he described how you could easily build a warshipping

W. Curtis Preston:

device that could fit in an envelope.

W. Curtis Preston:

itself for quite a long time and then get shipped to a company

W. Curtis Preston:

and then just sit there, sucking up all the data that it could.

W. Curtis Preston:

So my question to you Prasanna is why wouldn't that device get noticed?

Prasanna Malaiyandi:

Well, it depends right now, if we're in

Prasanna Malaiyandi:

the middle of a pandemic where no one's going into an office, right.

Prasanna Malaiyandi:

That's a perfect opportunity.

Prasanna Malaiyandi:

You ship something.

Prasanna Malaiyandi:

No, one's gonna really be checking the mail that often people aren't going by

Prasanna Malaiyandi:

the mail room and pulling a package.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

So it might go into the mail room.

Prasanna Malaiyandi:

Someone's like, oh yeah, it's Steve Smith's mail.

Prasanna Malaiyandi:

They leave it on Steve Smith's desk.

Prasanna Malaiyandi:

Steve Smith may not show up at the office for like two weeks, three

Prasanna Malaiyandi:

weeks, or he may never come in.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And that's a lot of time for a device to be sitting there listening to all the

Prasanna Malaiyandi:

network connections, not being discovered because who's gonna open your mail.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

That's just kind creepy.

W. Curtis Preston:

well it's and, you know, and it's a federal crime depending

W. Curtis Preston:

on, to whom the mail is addressed.

W. Curtis Preston:

Right.

W. Curtis Preston:

So, yeah, so that it's . Yet another example.

W. Curtis Preston:

And we've talked about this before on the podcast.

W. Curtis Preston:

It's yet another example of how the pandemic has created

W. Curtis Preston:

another opportunity for hackers.

W. Curtis Preston:

So in this case, you know, we've talked about how that.

W. Curtis Preston:

So many people have, have moved to work remotely and because they're working

W. Curtis Preston:

remotely, they're no longer behind their company's firewall and they're working

W. Curtis Preston:

in, you know, Starbucks or whatever.

W. Curtis Preston:

And they, uh, they, you know, so they're, they're more open

W. Curtis Preston:

perhaps to being attacked directly.

W. Curtis Preston:

By ransomware or, or other malware.

W. Curtis Preston:

And in this case, this is it's the, the data center it's sort of now the

W. Curtis Preston:

data center or the, or the, or the office as it were, has been ignored.

W. Curtis Preston:

And so all these people are receiving packages and.

W. Curtis Preston:

Those packages could very easily contain one of these war shipping

W. Curtis Preston:

devices, which could then sit on the network for a really long time.

W. Curtis Preston:

So my question to you, and again, go ahead.

Prasanna Malaiyandi:

But I think there's a couple things I wanna bring up, right.

Prasanna Malaiyandi:

The first is that yes, it could sit there and it doesn't just

Prasanna Malaiyandi:

directly get onto your wifi.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

There are packages, software packages out there that allow to either passively or

Prasanna Malaiyandi:

actively try to attack and break into the wireless network by listening to packets,

Prasanna Malaiyandi:

trying to break the, uh, encryption.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Figuring out what the key is to be able to access the network.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

So assuming it's done that though.

Prasanna Malaiyandi:

I think actually the fact that there are less people in the office should

Prasanna Malaiyandi:

trigger alarms when a unknown device shows up on your network, right?

Prasanna Malaiyandi:

It's not like you're gonna have hundreds of people who are coming

Prasanna Malaiyandi:

into the office now logging in bringing their own device, etcetera.

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

If this is really a shut down office, right?

Prasanna Malaiyandi:

The fact that a new wifi device joined your network should hopefully

Prasanna Malaiyandi:

flag or trigger some alert.

W. Curtis Preston:

It's funny.

W. Curtis Preston:

This is gonna be, this is a total non sequitor, but it's not shut

W. Curtis Preston:

down is another one of those words.

W. Curtis Preston:

It's a compound word in English where as a, as a noun, it's one word as a verb.

W. Curtis Preston:

It's two words, just like backup.

W. Curtis Preston:

Backup is two words when it's a verb

W. Curtis Preston:

And it's one

W. Curtis Preston:

word when it's a noun.

Prasanna Malaiyandi:

Gotcha.

W. Curtis Preston:

anyway, sorry, you know, for those, you know what, if you

W. Curtis Preston:

learn nothing today, you learn that backup is two words when it's a verb

W. Curtis Preston:

and it's one word when it's a noun.

W. Curtis Preston:

I, if I back up, I create a backup.

W. Curtis Preston:

If I back.

W. Curtis Preston:

That's two words.

W. Curtis Preston:

And why is it two words?

W. Curtis Preston:

Because I, I, back up, he backs up, she backs up, he backed up, right?

W. Curtis Preston:

So it allows for different tenses.

W. Curtis Preston:

Anyway, sorry.

W. Curtis Preston:

I digress.

Prasanna Malaiyandi:

And today's grammar lesson brought

Prasanna Malaiyandi:

to you by the letters a and E

W. Curtis Preston:

it's one of my pet peeves, by the way, uh,

W. Curtis Preston:

when people spell backup as the

Prasanna Malaiyandi:

with two.

W. Curtis Preston:

With with, with, with no, as one as one word, uh, or

W. Curtis Preston:

vice versa, either way, either way.

W. Curtis Preston:

I I'm I'm easily peeved as you know, but, but yeah, so, so we'll talk about

W. Curtis Preston:

some preventative stuff in a minute.

W. Curtis Preston:

Uh, my question, you know, you said, cuz that was gonna be my question.

W. Curtis Preston:

Well, I, when I go in, when I go into the Druva corporate network,

W. Curtis Preston:

for example, by the way, Prasanna and I work for different companies.

W. Curtis Preston:

He works for Zoom.

W. Curtis Preston:

I work for Druva.

W. Curtis Preston:

This is not a podcast of either company and the opinions that you hear are ours.

W. Curtis Preston:

Also be sure to rate us at ratethispodcast.com/restore and, um,

W. Curtis Preston:

or, uh, just click, you know, scroll that, especially if you're on apple

W. Curtis Preston:

podcast, just scroll to the bottom, hit the stars, give us a comment.

W. Curtis Preston:

We love it.

W. Curtis Preston:

And, uh, we also love to hear from you if you know, more stuff, if you know more

W. Curtis Preston:

about this warshipping stuff than we do, which by the way, that's pretty possible.

W. Curtis Preston:

Uh, because we're, we're totally faking it at this point

Prasanna Malaiyandi:

Or if you have other movies that it happens

W. Curtis Preston:

or yeah.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Actually, if you wanna discuss, if you wanna discuss why the technology

W. Curtis Preston:

in alias was way better than I think it was, you know, whatever.

W. Curtis Preston:

Um, anyway, I'm just saying I've met Jennifer Garner.

W. Curtis Preston:

I'm just saying.

W. Curtis Preston:

I met her and I'm pretty sure she, it was as memorable of an

W. Curtis Preston:

experience for her as it was for me.

W. Curtis Preston:

So

Prasanna Malaiyandi:

and.

W. Curtis Preston:

So here's my question.

W. Curtis Preston:

So you, so that was what I remember asking you.

W. Curtis Preston:

Well, just because when I go into the Druva office and, and if I have

W. Curtis Preston:

a new device getting onto the Druva corporate network is not easy peasy,

W. Curtis Preston:

I've got to have the right S S I D I've gotta have the right, uh, password.

W. Curtis Preston:

How, how does that happen if you've just got a random device that

W. Curtis Preston:

doesn't have that information,

Prasanna Malaiyandi:

So

W. Curtis Preston:

how does it get onto the

W. Curtis Preston:

network?

Prasanna Malaiyandi:

sure it's not as secure as you think.

Prasanna Malaiyandi:

The fact that people go and say hide network from broadcasting SS, I D

Prasanna Malaiyandi:

doesn't actually prevent anything.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

It's kind of, uh, it's hidden, but there are tons of tools that are still

Prasanna Malaiyandi:

able to figure out what the SS I D is based on what's being broadcast.

Prasanna Malaiyandi:

So that's not a good way to protect the network.

Prasanna Malaiyandi:

In fact, a lot of people.

Prasanna Malaiyandi:

Don't even bother hiding it because it just makes things more complicated

Prasanna Malaiyandi:

for guests and other people to find your network right now, once you

Prasanna Malaiyandi:

know what the SS I D is, right.

Prasanna Malaiyandi:

There are tools.

Prasanna Malaiyandi:

That'll sit there, suck up all the packets.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And then eventually things have gotten smarter that they're able to break the

Prasanna Malaiyandi:

encryption key and figure out what's the passcode to get into your network.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

So it's not bulletproof.

W. Curtis Preston:

that sounds bad.

Prasanna Malaiyandi:

And especially if you have a war shipping device

Prasanna Malaiyandi:

sitting there for a day a week, right.

Prasanna Malaiyandi:

Just sucking up all this information.

Prasanna Malaiyandi:

It can just sit there and passively listen.

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

Because airwaves are airwaves.

Prasanna Malaiyandi:

So anyone can listen in on those airwaves of the fact it's

Prasanna Malaiyandi:

going back and forth, right.

Prasanna Malaiyandi:

Especially in networks where maybe they're using WPA two or even

Prasanna Malaiyandi:

WPA, the older standards, right.

Prasanna Malaiyandi:

Not WPA three, which is the latest and greatest, or they, or they're using.

Prasanna Malaiyandi:

TKIP rather than AES for the encryption.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Don't ask me what it stands for.

Prasanna Malaiyandi:

I just know that T I P is less secure than AEs.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

But there are all these things,

W. Curtis Preston:

It's it's it stands for the keys.

W. Curtis Preston:

I prefer.

Prasanna Malaiyandi:

Is it really?

Prasanna Malaiyandi:

I don't think

W. Curtis Preston:

have no idea.

W. Curtis Preston:

No, I don't think so.

W. Curtis Preston:

I have no idea what T K I P stands for.

Prasanna Malaiyandi:

But there, there are all these issues.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And so.

Prasanna Malaiyandi:

there are ways to break into networks or say you have a vulnerability,

Prasanna Malaiyandi:

or you don't have the latest patches on your access points.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

That could also be another way.

Prasanna Malaiyandi:

So it's not unknown.

Prasanna Malaiyandi:

Right.

W. Curtis Preston:

right.

Prasanna Malaiyandi:

a matter of time.

Prasanna Malaiyandi:

And like you said, if you have a warshipping device that's sitting in

Prasanna Malaiyandi:

your, at your corporate office, right.

Prasanna Malaiyandi:

It can sit there for weeks without being recognized and just

Prasanna Malaiyandi:

keep sucking up all this data.

W. Curtis Preston:

why wouldn't I, why would I go through that trouble?

W. Curtis Preston:

Why wouldn't I just like drop one of these things, like right outside your building,

Prasanna Malaiyandi:

Someone might

W. Curtis Preston:

and remotely access your yeah, no, that's a good

Prasanna Malaiyandi:

someone might see.

Prasanna Malaiyandi:

It depends also on how the wifi is configured.

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

Some people might not have full coverage really outside, or they might have

Prasanna Malaiyandi:

sort of different networks sitting on the outside versus the inside.

Prasanna Malaiyandi:

right.

Prasanna Malaiyandi:

Depending on

W. Curtis Preston:

Uh, I mean, I mean, yeah, it might just be

W. Curtis Preston:

a weak signal outside, but yeah, but this is a super easy way.

W. Curtis Preston:

Send it to a person that's a remote employee and, you know,

W. Curtis Preston:

or just send a bunch of them.

W. Curtis Preston:

Right.

W. Curtis Preston:

You only have to get right with one of them.

W. Curtis Preston:

The, um, So, so you're saying that over time, given enough time, you could, you

W. Curtis Preston:

know, theoretically, and again, this is one of those things where you don't

W. Curtis Preston:

have to be successful with everybody.

W. Curtis Preston:

You just have to be successful with one company.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

And the

W. Curtis Preston:

yet another method

Prasanna Malaiyandi:

the other thing also is computers have gotten blazingly

Prasanna Malaiyandi:

fast processing and computing.

Prasanna Malaiyandi:

That what used to take a while to try to break like an encryption

Prasanna Malaiyandi:

algorithm right now, it doesn't take as long as it used to.

Prasanna Malaiyandi:

And like you see right with the raspberry pi and other things like that.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

It's conceivable that it won't take you that long to

Prasanna Malaiyandi:

actually break that encryption.

W. Curtis Preston:

Yeah, he talked about, um, he said he

W. Curtis Preston:

talked about a raspberry pi.

W. Curtis Preston:

Um, and then he said, he'd use a wifi dongle.

W. Curtis Preston:

Um, so he can connect to the internet.

W. Curtis Preston:

Right.

W. Curtis Preston:

Uh, and then

Prasanna Malaiyandi:

I think actually the wi the wifi dons, actually to connect

Prasanna Malaiyandi:

to the wifi network of the company.

Prasanna Malaiyandi:

And

W. Curtis Preston:

Yeah, so basically he's talking about two different connections.

W. Curtis Preston:

One to be able to, to do a, a, to get a SIM card and a sell, click

W. Curtis Preston:

connection, an optional GPS device.

W. Curtis Preston:

That's.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, but all these are little things that you can easily plug

W. Curtis Preston:

to a raspberry pi without very much cost and, and send it in.

W. Curtis Preston:

Right.

W. Curtis Preston:

And again, I, I don't want the, I don't want this to be,

W. Curtis Preston:

you know, blaming the tool.

W. Curtis Preston:

Right.

W. Curtis Preston:

Raspberry pi is a pretty cool device.

W. Curtis Preston:

This isn't raspberry pi's fault.

W. Curtis Preston:

It's just what, what, I think what the true culprit, if you will here

W. Curtis Preston:

is that you have this ability.

W. Curtis Preston:

Where you have all these offices that are, that are, you know,

W. Curtis Preston:

relatively unnocupied, right.

W. Curtis Preston:

And you, you just send a device and it can just sit there all this time.

W. Curtis Preston:

So let's talk about, um, you know, you've talked about it already, but let's talk

W. Curtis Preston:

about ways that you can prevent this.

W. Curtis Preston:

So, um, the, the first, you know, you, you're saying that.

W. Curtis Preston:

We're going back to sort of monitoring.

W. Curtis Preston:

You should be monitoring your network traffic for all kinds of things.

W. Curtis Preston:

And before we even talk about this one, let's talk about some of the things

W. Curtis Preston:

that we've mentioned on other episodes, things that you should be looking

W. Curtis Preston:

for first off, I, I agree a lot with.

W. Curtis Preston:

You know, we've had snorkel 42 from Reddit on here, and he talks a lot

W. Curtis Preston:

about preventing lateral movement.

W. Curtis Preston:

And I think that that's a really important thing that you should

W. Curtis Preston:

be, you should be blocking.

W. Curtis Preston:

You should also, I think, be looking for things that are

W. Curtis Preston:

trying to do lateral movement.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, and you should be.

W. Curtis Preston:

Um, and I think, and again, I understand that this is harder and you know, which

W. Curtis Preston:

therefore means it's gonna come with more cost, but the idea of using some

W. Curtis Preston:

sort of machine learning to monitor what is normal network traffic for,

W. Curtis Preston:

for every device on your network.

W. Curtis Preston:

And then when you see a new device or you see a significant change in.

W. Curtis Preston:

The the, the bandwidth utilization, especially upload, you know, cause

W. Curtis Preston:

somebody's doing exfiltration.

W. Curtis Preston:

Um, he, he, then, then, then you, you shut that down, right?

W. Curtis Preston:

You shut that down, contact that person and go, Hey, what what's going on?

W. Curtis Preston:

They're like, oh, you know, I suddenly, I started producing videos for the company.

W. Curtis Preston:

Oh crap.

W. Curtis Preston:

Sure.

W. Curtis Preston:

You know, no problem.

W. Curtis Preston:

Right.

W. Curtis Preston:

No big deal.

W. Curtis Preston:

Right.

W. Curtis Preston:

Sorry, Alex.

W. Curtis Preston:

Um, but so, but the, uh, but then you're like, oh, I, I wasn't doing anything.

W. Curtis Preston:

And you find out while the guys got ransomware and it's

W. Curtis Preston:

uploading all this data.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, and then the other thing that I remember, um, snorkel talking about

W. Curtis Preston:

was the idea of blocking access to.

W. Curtis Preston:

Um, new domains, right?

W. Curtis Preston:

Newly registered domains or newly activated domains.

W. Curtis Preston:

That's a that, I think that's an important one.

W. Curtis Preston:

And we've had the, the DDI folks on here, the, the idea of blocking

W. Curtis Preston:

access to weirdly named domains.

W. Curtis Preston:

Right?

W. Curtis Preston:

You remember that, that, that command and control servers have these really long

W. Curtis Preston:

domains and that no one would ever type.

W. Curtis Preston:

The only reason they're so long is because that each part of that domain.

W. Curtis Preston:

Name is a, is an instruction, right.

W. Curtis Preston:

Or a request.

W. Curtis Preston:

And then it responds with the appropriate instruction.

W. Curtis Preston:

And, um, there are a bunch of things that you can do like that to prevent

W. Curtis Preston:

malware from executing once it gets in.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, and this would be an example of a way that malware would get in.

Prasanna Malaiyandi:

Just going back to sort of the monitoring

Prasanna Malaiyandi:

aspects and the flagging.

Prasanna Malaiyandi:

I like the anomaly detection that you talked about looking at basic patterns.

Prasanna Malaiyandi:

Um, I think what becomes challenging is as companies, and this was even pre pandemic.

Prasanna Malaiyandi:

Right where people would bring their own devices.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Because I everyone's like, Hey, I'm more efficient.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And so you now have a lot of random devices that aren't corporate

Prasanna Malaiyandi:

controlled showing up on your network.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

I think that becomes a challenge.

Prasanna Malaiyandi:

It's in terms of how do you ensure employees are productive, right.

Prasanna Malaiyandi:

And have easy access to devices they want versus, um, locking

Prasanna Malaiyandi:

everything down and securing it.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

This is kind of what snorkel also talked about.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

It's kind of the trade off between.

Prasanna Malaiyandi:

Ease of use versus security.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And there's always gonna be that tension that

W. Curtis Preston:

Well, he, he, he, he seemed to be okay with

W. Curtis Preston:

what I was suggesting though, of the, sort of the stomp on

W. Curtis Preston:

somebody's foot and say, oh, sorry.

W. Curtis Preston:

I, you know, and then lift it up for that one person who has a legitimate reason.

W. Curtis Preston:

And by the way, I think, and again, I'm not an expert in those

W. Curtis Preston:

particular types of product, but I would think that that particular,

W. Curtis Preston:

uh, challenge would be easy to.

W. Curtis Preston:

Would be easily dealt with, by for example, we have a standard

W. Curtis Preston:

profile for a new device.

W. Curtis Preston:

That's on the network.

W. Curtis Preston:

A new device does a lot of lookups does a lot of browsing.

W. Curtis Preston:

Doesn't send a lot of data,

Prasanna Malaiyandi:

But I, I

W. Curtis Preston:

And then when you know what I mean, I'm just saying on again,

W. Curtis Preston:

you could have, you could have a, a usage of a machine learning pattern for,

W. Curtis Preston:

this is what a new device looks like.

W. Curtis Preston:

And then that device, that device that just came on, it's sending

W. Curtis Preston:

a whole bunch of data up, shut it down and then go figure out why.

Prasanna Malaiyandi:

But I'm wondering.

W. Curtis Preston:

it's impossible.

Prasanna Malaiyandi:

It's not impossible, but I'm just wondering,

Prasanna Malaiyandi:

given limited it budgets, given limited resources and skill sets, right.

Prasanna Malaiyandi:

Are most companies really going to be able to invest and manage a tool like this?

Prasanna Malaiyandi:

Or is it one of those things where people are like, yeah.

Prasanna Malaiyandi:

warshipping or these random devices coming on the network?

Prasanna Malaiyandi:

I know it's an issue, but it's not the.

Prasanna Malaiyandi:

Immediate thing.

Prasanna Malaiyandi:

And like you said, going back to what you were talking about, right?

Prasanna Malaiyandi:

How do you prevent lateral movement instead of trying to

Prasanna Malaiyandi:

prevent them from coming in?

Prasanna Malaiyandi:

How do you prevent the damage if they get it?

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Um, I, I, I do think, and you, you may recall that that.

W. Curtis Preston:

That his advice was he had a longer list before we, before you

W. Curtis Preston:

got to what I'm talking about.

W. Curtis Preston:

He didn't have any problem with what I was saying, but he, but he wanted to

W. Curtis Preston:

like block access to, to weird domains.

W. Curtis Preston:

He wanted to, uh, limit lateral movement.

W. Curtis Preston:

Uh, he wanted to do MFA everywhere.

W. Curtis Preston:

Uh, do least privilege everywhere.

W. Curtis Preston:

These are all basic concepts of computing that everyone should

W. Curtis Preston:

be doing everywhere they can.

W. Curtis Preston:

And the, uh, and no one should be administering a server

W. Curtis Preston:

via root anymore, right.

W. Curtis Preston:

Or administrator, it should, that should just never be happening.

W. Curtis Preston:

And, um, the.

W. Curtis Preston:

Uh, and the only place you should be able to log in as root should be at the console

W. Curtis Preston:

and you know, all these different things.

W. Curtis Preston:

Right.

W. Curtis Preston:

And, uh, and I think it should be a, like a breaking glass situation, right?

W. Curtis Preston:

If someone needs the root password, the root password is somewhere available,

W. Curtis Preston:

but you gotta go through all these different levels of change to get the

W. Curtis Preston:

access, you know, all of those things.

W. Curtis Preston:

I think those are all great.

W. Curtis Preston:

I guess the reason why I focus so much on.

W. Curtis Preston:

This concept of monitoring the network for even if again,

W. Curtis Preston:

something is better than nothing.

W. Curtis Preston:

That, that, that's another concept that he talked about a lot about

W. Curtis Preston:

something is better than nothing.

W. Curtis Preston:

If you could get, you know, a basic tool that just did you know that just

W. Curtis Preston:

even if you, if, if you didn't do the automated shutdown, but you got

W. Curtis Preston:

a basic tool that just monitored for the upload patterns of every device.

W. Curtis Preston:

And then you, you found a device that suddenly was, you know, this

W. Curtis Preston:

really high and you could, you know, find out who the device is, right.

W. Curtis Preston:

Flag it.

W. Curtis Preston:

Right.

W. Curtis Preston:

Uh, again, with the, with the B Y O D situation.

W. Curtis Preston:

I don't know how you figure out who that device is.

W. Curtis Preston:

Other end to shut it off, honestly, other than to shut it off it's you probably

W. Curtis Preston:

won't be able to do it automatically with a less expensive tool, but you shut it

W. Curtis Preston:

off and then what's gonna happen is Fred's gonna come to the it department and go,

W. Curtis Preston:

Hey man, I got good on the Yeah, well that's because you were uploading stuff.

W. Curtis Preston:

Um, and, and then he's like, I know what you're talking about.

W. Curtis Preston:

Well, you found, you found your culprit, right?

W. Curtis Preston:

That, oh, by the way, I, I just want the reason why I'm so hot on.

W. Curtis Preston:

And maybe even more so, and again, it's because of my backup background

W. Curtis Preston:

and that is that a good air gap.

W. Curtis Preston:

Backup is the best defense against traditional ransomware.

Prasanna Malaiyandi:

Mm-hmm

W. Curtis Preston:

There is no defense against exfiltration once it has happened.

W. Curtis Preston:

None.

W. Curtis Preston:

And that's why I, I perhaps focus on that a little bit more.

W. Curtis Preston:

I think all the other stuff is, is good.

W. Curtis Preston:

Uh, I just like this idea of somehow using something, you know, um, and, and

W. Curtis Preston:

another, I think maybe easier one on the built-in devices is, is whitelisting

W. Curtis Preston:

right on the company.

W. Curtis Preston:

Devices is whitelist, you know, application white listing.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

everything I.

Prasanna Malaiyandi:

right.

W. Curtis Preston:

Yeah, applica, well, I think both right.

W. Curtis Preston:

Um, you know, application and, um, the other thing it's like, you can,

W. Curtis Preston:

you know, there's just ways, I think you could, you could somehow limit an

W. Curtis Preston:

individual devices, ability to start downloading or uploading the entire

W. Curtis Preston:

company's intellectual property.

W. Curtis Preston:

Okay.

W. Curtis Preston:

So enough about that, let's talk about , let's talk about

W. Curtis Preston:

what this episode's actually

Prasanna Malaiyandi:

so, so going back to, this is an actual device.

Prasanna Malaiyandi:

I think we kind of went down the, okay.

Prasanna Malaiyandi:

How do you do it once it's in your network?

Prasanna Malaiyandi:

But I think there's a whole bunch of basics, even before we get to that.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Curtis,

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah.

Prasanna Malaiyandi:

this is a physical device, right?

Prasanna Malaiyandi:

It's landing on someone's desk.

Prasanna Malaiyandi:

What can you do before?

Prasanna Malaiyandi:

It just like sits there.

W. Curtis Preston:

Well, I think one of the things, well, the question,

W. Curtis Preston:

you know, in no particular order, this is just what's coming to my mind.

W. Curtis Preston:

One is, you know, physical security.

W. Curtis Preston:

Um, you, you know, this is, this is a physical security problem

W. Curtis Preston:

before it's anything else?

W. Curtis Preston:

They're talking about Physically processing packages.

W. Curtis Preston:

And there also, there are mail scanning technologies.

W. Curtis Preston:

There's a box.

W. Curtis Preston:

You can run all the mail through and go, Hey, this thing is, this

W. Curtis Preston:

thing is broadcasting a signal.

W. Curtis Preston:

You know, this is a problem, right?

W. Curtis Preston:

You can do that.

W. Curtis Preston:

You can scan the thing before it comes in.

W. Curtis Preston:

The other thing is what,

Prasanna Malaiyandi:

put it in a faraday day cage,

W. Curtis Preston:

what

Prasanna Malaiyandi:

Speaker:

put it in a faraday cage

W. Curtis Preston:

put all, can you buy a big faraday cage?

Prasanna Malaiyandi:

They did an enemy of the state.

W. Curtis Preston:

I just mean a big enough one, you know, can you

W. Curtis Preston:

make the mail room a faraday cage,

Prasanna Malaiyandi:

I bet you could.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

So that, that, that could be another way to do it.

W. Curtis Preston:

Right.

W. Curtis Preston:

Uh, poor guys in the mail room, they don't get any wifi.

W. Curtis Preston:

The, um, the, the other is the, the device white listing that you talked about.

W. Curtis Preston:

Everybody needs to have a conversation with it before their

W. Curtis Preston:

device is allowed on the network.

W. Curtis Preston:

Is that.

W. Curtis Preston:

So is that, is that unreasonable?

W. Curtis Preston:

What do you think?

Prasanna Malaiyandi:

Speaker:

So it it's reasonable.

Prasanna Malaiyandi:

Speaker:

I think the challenge is, or that they get segmented off into a separate wifi

Prasanna Malaiyandi:

Speaker:

network where they get almost zero access.

Prasanna Malaiyandi:

Speaker:

Right?

W. Curtis Preston:

they get, they basically, this is guest versus

Prasanna Malaiyandi:

yeah.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

Now,

W. Curtis Preston:

Doesn't see anything in the corporate network.

W. Curtis Preston:

All it gets is ability to Google stuff.

Prasanna Malaiyandi:

yeah.

Prasanna Malaiyandi:

Now the only challenge is how you end up doing that white listing.

Prasanna Malaiyandi:

Um, there are issues, depending on what sort of method you use.

Prasanna Malaiyandi:

If for instance, you're just using Mac address, filtering Mac

Prasanna Malaiyandi:

addresses can be spoofed, right?

Prasanna Malaiyandi:

So it's not a great mechanism to

W. Curtis Preston:

But you would,

Prasanna Malaiyandi:

device

W. Curtis Preston:

I mean for this device, sorry to interrupt there, but

W. Curtis Preston:

for this device, you know, you're, we're assuming that this device is

W. Curtis Preston:

just a dumb device that wouldn't know what Mac address to spoof.

Prasanna Malaiyandi:

oh, it could.

W. Curtis Preston:

You know?

Prasanna Malaiyandi:

It could, if it's sniffing all the wireless

Prasanna Malaiyandi:

packets, it would be able

W. Curtis Preston:

Oh, you're saying, you're saying it's oh, geez, man.

Prasanna Malaiyandi:

Speaker:

And, and especially if

W. Curtis Preston:

stuff, man.

Prasanna Malaiyandi:

and especially if it's a passive device, right.

Prasanna Malaiyandi:

It's just sitting there listening to everything coming across the airway.

Prasanna Malaiyandi:

So

W. Curtis Preston:

so, alright, so you, you clearly know

W. Curtis Preston:

more about wifi than I do.

W. Curtis Preston:

Can we monitor for this device that is sniffing packets?

W. Curtis Preston:

Can

Prasanna Malaiyandi:

if it's

Prasanna Malaiyandi:

passive, if it's passive, you can't tell at all, because it's just airwaves right.

Prasanna Malaiyandi:

Wifi is just a signal.

W. Curtis Preston:

Right.

W. Curtis Preston:

Right.

W. Curtis Preston:

So what,

Prasanna Malaiyandi:

So the, which is why I said from a, the best thing

Prasanna Malaiyandi:

is, like you said, go back to the physical security aspects, right?

Prasanna Malaiyandi:

Try to prevent the wifi device from sitting or the warshipping device from

Prasanna Malaiyandi:

sitting in your corporate mail room or in your location for long periods of time.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Have a process to take the packages, scan it.

Prasanna Malaiyandi:

If you can, if you don't have a scanning ability.

Prasanna Malaiyandi:

Contact the recipient say you have this package, come pick it

Prasanna Malaiyandi:

up with a certain amount of time, forward it off to the person.

Prasanna Malaiyandi:

If you have to right.

Prasanna Malaiyandi:

Ask them if they're expecting a package or even if you can open the package.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

If they're not expecting something, ask can I open it?

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

There are so many different options,

W. Curtis Preston:

So number one, you've got to have someone actively

W. Curtis Preston:

managing all of the mail from all of these people that are getting

W. Curtis Preston:

mail during the pandemic, right?

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

this is gonna be at, at a minimum.

W. Curtis Preston:

This is gonna be a bulky envelope, right?

W. Curtis Preston:

One of those puff.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

Envelopes and possibly a box.

W. Curtis Preston:

And you have rules specifically for those you contact, you need

W. Curtis Preston:

to contact a person and ask what should be done with this thing.

W. Curtis Preston:

Right.

W. Curtis Preston:

Uh, and if they're not expecting a package, perhaps yeah.

W. Curtis Preston:

You could create a policy.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, I don't think you should be randomly opening mail from people that

Prasanna Malaiyandi:

Speaker:

Without their permission

W. Curtis Preston:

to do it.

W. Curtis Preston:

Right.

W. Curtis Preston:

Right.

Prasanna Malaiyandi:

you should yeah.

Prasanna Malaiyandi:

Or forward it off to them or whatever else is.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

I, I think that basic based on what I'm hearing from

W. Curtis Preston:

you, this is really the only choice,

Prasanna Malaiyandi:

I,

W. Curtis Preston:

right.

W. Curtis Preston:

Because the white listing, the, the device white listing wouldn't stop the

W. Curtis Preston:

person, you know, the, the box that his SPO has, you know, sniffed packets

W. Curtis Preston:

has spoofed the

Prasanna Malaiyandi:

well, And this is where I was saying that it depends on what

Prasanna Malaiyandi:

methodology you're using for whitelisting.

Prasanna Malaiyandi:

There's other things like radius authentication and other certificate

Prasanna Malaiyandi:

based authentication and other things, which you could also use for whitelist.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And so that's why I said, if you're just doing basic Mac address

Prasanna Malaiyandi:

filtering, it's not strong enough.

W. Curtis Preston:

Okay.

W. Curtis Preston:

So, so, so then we, we do have this additional, this is, this is all

W. Curtis Preston:

in the line of like four more money

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

stop this completely by a more robust

W. Curtis Preston:

whitelisting system than Mac addressed

Prasanna Malaiyandi:

Yeah,

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Okay.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

That makes sense.

W. Curtis Preston:

Um, but I, I think it, I think like a lot of it, you don't, you don't

W. Curtis Preston:

leave your data center open, wide open, and so you shouldn't do this.

W. Curtis Preston:

This is essentially an intrusion into your data center, right.

W. Curtis Preston:

Or into your corporate network.

W. Curtis Preston:

And so you shouldn't leave that wide open.

W. Curtis Preston:

I guess there are many people like me that just never thought of war shipping

W. Curtis Preston:

as a way to get into a corporate network.

W. Curtis Preston:

And so they're not thinking about these incoming packages as a potential.

Prasanna Malaiyandi:

Yep.

W. Curtis Preston:

And so you need to think about those packages as an

W. Curtis Preston:

internal, as a, as a potential risk.

W. Curtis Preston:

And they need to be handled physically before they can do any damage.

Prasanna Malaiyandi:

The other thing to consider is I know we've

Prasanna Malaiyandi:

been talking a lot about corporate environments and warshipping, but

Prasanna Malaiyandi:

also if you get a random device in your mail, right from someone and it

Prasanna Malaiyandi:

looks like a camera or something else.

Prasanna Malaiyandi:

And you're like, oh, that's kind of cool.

Prasanna Malaiyandi:

Let me plug it in.

Prasanna Malaiyandi:

Don't plug it in.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Be very careful at home also of putting random things on

W. Curtis Preston:

your network.

W. Curtis Preston:

I read this article and I was like, dang, that is just something

W. Curtis Preston:

I never thought about in my life.

Prasanna Malaiyandi:

so it's interesting because there was actually

Prasanna Malaiyandi:

an uptick in these articles about warshipping back in 2019 as well.

Prasanna Malaiyandi:

When I did some Googling.

W. Curtis Preston:

Uh huh.

Prasanna Malaiyandi:

So this isn't the first time it's come out.

Prasanna Malaiyandi:

But I think specifically with the pandemic and everything else, it's

Prasanna Malaiyandi:

kind of coming back to the forefront.

Prasanna Malaiyandi:

In fact, warshipping here's something.

Prasanna Malaiyandi:

I was just looking it up.

Prasanna Malaiyandi:

I don't know how accurate this is.

Prasanna Malaiyandi:

Warshipping is a term coined by IBM in 2019.

W. Curtis Preston:

All right.

W. Curtis Preston:

That's kind of cool.

W. Curtis Preston:

Good old, IBM still, still setting the bar, raising the

W. Curtis Preston:

bar, whatever you wanna call it.

Prasanna Malaiyandi:

that's probably why all those articles started in 2019

W. Curtis Preston:

You could put it in a place in your

W. Curtis Preston:

building that doesn't have wifi.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

There are places in your building that you know, where

W. Curtis Preston:

they are because you tried to use the wifi there and it doesn't work.

Prasanna Malaiyandi:

Or you just have all packages delivered to an offsite facility.

Prasanna Malaiyandi:

Don't have it delivered to your

Prasanna Malaiyandi:

corporate network.

W. Curtis Preston:

you know what you could have, you could have your, you

W. Curtis Preston:

could have packages, like I'm sure that that could be managed for you.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

That wouldn't be free, but it could be managed for you.

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

All right.

W. Curtis Preston:

Well, once again, we have solved world peace.

W. Curtis Preston:

Uh, so thanks for, thanks for helping me keep people safe.

W. Curtis Preston:

Prasanna.

Prasanna Malaiyandi:

Anytime.

Prasanna Malaiyandi:

And thanks for sharing that article, Curtis.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

It's now we'll have to go back and watch Mr.

Prasanna Malaiyandi:

Robot and figure out what exactly he did if it was warshipping or something else.

W. Curtis Preston:

Yeah, I, yeah.

W. Curtis Preston:

My memory is like he was a janitor.

W. Curtis Preston:

Like he pretended to be a janitor and then stuck the thing.

W. Curtis Preston:

Thanks to the listeners.

W. Curtis Preston:

Uh, for those of you that stuck out this long and remember to subscribe