Episode Transcript
[00:00:00] Speaker A: Aj, welcome aboard to the show. I'm so excited to have you here today.
[00:00:03] Speaker B: Yeah, thanks for having me, Ari. I'm happy to be here.
[00:00:06] Speaker A: I'm so excited to speak to you. I've been looking forward to this.
What is the Dark Web like? This sounds like something. This is a TV thing. It doesn't really exist.
Nobody is explaining. What does it mean? What is the Dark Web?
[00:00:19] Speaker B: Yeah, I mean, it's funny.
It could be complicated, right? So you've got the Internet that everything. Everybody's aware of the Internet, right? So anything that's, know, indexed on Google, for instance, you know, that's the Surface Web, right? And then you've got the Dark Web, you've got the Deep Web, all these different, you know, little components. So Deep Web is anything below the surface, basically. You know, that's not indexed, you know, indexable and not searchable. And then the Dark Web is a subset of that that gets you into criminal enterprise, basically. So most professionals really don't call this deep and Dark Web, that's actually become more of a marketing term just because the public's aware of it. Most professionals call these, you know, the cybercriminal underground, for instance.
What it is really is a whole lot of places, you know, there's graphics that show, like, tip of the iceberg, you know, what we can see publicly is just a fraction of what really is on the Internet and all the other things. It's just that you have to know where to go, right? There isn't Google, for instance, although there's some technologies now. So you have to know exactly where you're going and how to get into these places. You have to use something like Tor, for instance, to be able to get on to begin with. And you have to know exactly where you're going. A lot of these locations are password protected, or you have to be vetted to get in some of those things. But this is where a lot of illegal commerce happens is where when you get into the, you know, the Dark Web, if you want to buy guns, if you want to buy IDs, if you want to buy credit card numbers or credit cards for that matter, and passports, you know, if you want to hire a hitman, if you want all sorts of horrible things, you know, illicit drugs, there's a. There's a lot of trade that goes on that's below the surface. And so that's, you know, that's what we talk about when we talk about, like, the Deep Web and the Dark Web. It's really the cyber criminal enterprise. Cyber criminal ecosystem that a lot of people will talk about. There's a lot of. A lot of horrible things, frankly, that are going on every day, and most people just don't know about it and probably shouldn't. Frankly, most people should not spend time there. You know, I've talked to folks who want to. I've talked to companies who talk about wanting to do it themselves instead of hiring vendors. And I've said, even if you have the technology, you can do it. Listen, that's sort of like going into a biker bar wearing a suit and tie. You may get in the door. I mean, you may know how to get there and find the door and open it, but you. You're going to stand out. You're not going to be welcome, and it could be dangerous. It's definitely not a place to go if you don't know what you're doing and why you're there. So, yeah, this is. This is a place where a lot of companies and vendors and professionals have built up what are known as sock puppets, you know, false Personas. They've built up all sorts of security, you know, layers to protect themselves. So they can go into some of these places or they use a tool. You know, there's some commercially available tools. You know, there's a company called Authenticate that has a really cool tool that just about anybody can use, frankly.
And they go into these places, but they're professionals. Again, this is not what amateurs should be doing. Just understand it exists and read the news and no scary things happen. But if your identification has been stolen, if your credit cards are being sold, it's a good chance it's happening in the cyber criminal underground, the dark Web.
[00:03:15] Speaker A: What is this physically?
Is it a domain or is it just these IPs that you need to know what the number is to get there?
[00:03:22] Speaker B: Yeah, it really is the IPs, you know, and some of them do have names now, but, yeah, they're IP addresses. So you have to be. Like I said, you have to be on the Tor, the onion router. You know, you have to be there just to get in. So there's like a gateway, right? And then you. Yeah, you need to know the IPs. Now there are some pages that are available now that have some index to them, so you might be able to find things. You know, there's some search capabilities that are being developed because, of course, you know, user access matters, right? Criminals want to make sure you can get to their door. Can't sell things if you can't find the store.
But most of it really still comes down to, yeah, you have to know where you're going to go, you know, what IP address. But a lot of these storefronts, these criminal storefronts, they do have names now, and marketing and advertising and all the things you would expect to be in the legitimate business world.
[00:04:06] Speaker A: It's just dystopian, is that, you know, they have customer success, customer support.
[00:04:11] Speaker B: They do, they do.
[00:04:12] Speaker A: I was like, wait, hold on. We now have customer support for criminal organizations. This just.
[00:04:21] Speaker B: This is criminal enterprise, too. There's customer success. If you're doing the criminal enterprises, criminal environments, there's also, not surprisingly, criminals don't trust each other. So if you're gonna do business there, a lot of money is set up through escrow and things of that nature. So there's. There's, you know, there's a process for that. There's an escrow process. There's. There's a process for settling disputes between criminals. So there's a rating system that goes along with this, and people develop, you know, sort of a trust rating.
And so you can end up in arbitration, you can be banned. You can be, you know, from certain places. So, yeah, I mean, the reality is human nature is human nature and society is society. So this is its own subculture, but it's still people working with people. So you end up with a lot of the same things you see other places. And it's interesting, you'll see criminals complaining about other criminals being dishonest. And you're like, well, yeah, that's. That will happen.
[00:05:12] Speaker A: Is there honor amongst thieves? Let me just ask you.
[00:05:15] Speaker B: I mean, there's some, apparently, you know, again, people have been there a long time. People have developed credibility and ratings. Yeah, you have to have some of that. You know, there's. There's a minimum required. If you come in and you're a criminal and you do criminal things and you cheat other criminals, they won't do business with you anymore. I mean, you know, there's still a reputation that builds, and then you. You've shut yourself off from this massive marketplace. So, yeah, there's. There's a minimum there. I mean, there's going to be disagreements. Some people, you know, obviously are going to dispute who. Who screwed who, basically. Right, who screwed whom?
[00:05:43] Speaker A: I guess mad, Mad, you know, genius that came up with, oh, let's create Yelp for, you know, criminals.
[00:05:52] Speaker B: Yeah, yeah, it's, you know, I don't know. You know, the whole rating systems have been around for a long time, and different, you know, different groups have different ratings. It's not for like the entire dark web or anything like that, but if you're in different locations and different enterprises, different storefronts, they all have their own. Right. And again, it's just born out of it. Makes sense, it's logical. I'm sure somebody looked and said, how are we going to trust people? And so it's a crowdsourced solution to trust. You know, it's. If you screw everybody, nobody's going to do business with you anywhere. I don't care if you're a criminal. I don't care if you're in the. In the legitimate business world.
You know, people get tired of working with people they can't trust in some fashion. Again, in this area, a lot of it's, you know, trust but verify, right? There's very little direct trust. I mean, some people do. They get to know each other and they become friends and allies and partners. But yeah, that's why there's a arbitration system. That's why there's an escrow system. There's not a lot of direct transition, you know, of funding because you're dealing with criminals. Like if you're buying guns or drugs or credit cards or, you know, body parts or whatever you might be getting, you know, you're dealing with somebody who has some flexible morals.
Yeah, I wouldn't start handing them your banking information or your Bitcoin or whatever it might be that you're using. It's not banking information, I assure you. But yeah, you're just not going to be quick to hand that stuff over. So they had to come up with a solution for it.
[00:07:13] Speaker A: Let me ask you this. I mean, this is well known and you're ex government. Why don't we just shut this down?
In essence, it's a black market, right? Anything that you put outside of the law, it generates automatically a black market. Why don't we shut it down?
[00:07:32] Speaker B: Well, I'm not in law enforcement, but I mean, it's a question you can ask of any criminal enterprise, I guess. Why don't we shut down crime? Because you can't. Because crime just continues to pop back up.
You can't shut down crime in the physical world. It's much more hard, much more difficult to do it in the cyber world where storefronts get stood up instantly and technology moves and there's the ability to build backups and backups and backups. The mafia might own a building and you can take the building away. It takes them a while to build a new one in cyberspace. You can build 1,000 buildings, virtual buildings, in an hour.
I don't think you can stop crime entirely. Right. I think the best you can hope for is to create an environment where it's too expensive or too risky to commit crimes as opposed to doing whatever the legal method is. I'm sure there's also some aspect of law enforcement that leaves places open because it's good for intelligence. I'm an intel guy. I mean, you've mentioned government. Obviously, I'm an intel guy. Certainly there's times when you don't shut down something because it's an asset, it's a resource.
You know, I don't. I don't know if I were fighting crime, if I would care so much about the people that are doing the small transactions here and there. But I sure would like to figure out where the sources are. You know, I don't care about the person who's selling, you know, dime bags of pick your drug. I care about the supplier, you know, the big. The big person behind it all. So I suspect there's some of that. I'm sure there's government agents inside pretty much every one of these locations at some level. So I think you got that combination. You're never going to shut down crime in general, and there's some value to keeping some places open. Government has certainly taken over places and kept them open. There's paranoia runs rampant through the dark web as well. There's plenty of times when criminals have said, well, the site was down for a few days, now it's back up. I bet the FBI owns it. And so it's bad for business. Which also means they really need to keep their technology good, they need to keep their uptime. Because you shut down one of these sites for a few days and you're going to lose a lot of business because people just assume you've been compromised. So they have some pretty strong IT requirements to keep business going in the criminal enterprise.
[00:09:39] Speaker A: You know, one thing, I was laughing because you said trust but verify.
That's a slogan that works on both sides.
[00:09:47] Speaker B: Exactly.
[00:09:48] Speaker A: Yeah.
[00:09:48] Speaker B: And it works everywhere. Listen, we use it in the intelligence community too. You know, we people talk about your allies that way. We trust but verify. There's nobody in the intelligence community who doesn't watch everybody, basically, whether they trust them or not, with the exception of things that are illegal. US Intelligence community doesn't spy on domestically, despite what people think. I can go down a whole path there, but yeah, it's. Trust but verify is just a common intel phrase we use all the time.
[00:10:13] Speaker A: Let me ask you a controversial question.
[00:10:16] Speaker B: Oh, sure, I'm good for those.
[00:10:18] Speaker A: Does any country truly have allies? And what is that?
What is an ally even?
[00:10:27] Speaker B: Sorry.
Sure, yes, countries have allies, but it's, I think all international relationships at best, you're hoping for something that's symbiotic. But most countries, the intent is to have it be at least slightly advantageous.
It just depends on what your advantages and what your needs are. Right. So, you know, would the US have nearly as many allies if the US had no money? No, probably not.
You know, it's, it's also true in real life, though, I think, I think the wealthy have a much easier time finding friends than the poor.
So, yeah, there's, there's allegiances to an extent, there's alliances.
And over long periods of time, you grow to trust, you know, people or nations. So there's some of that. But, you know, it's fragile. Obviously, you know, we can see some of that in today's politics. In the US for instance, you know, our system, we've had allies for decades, for centuries. And there's some risks now because that's the way our political system runs. So I think again, trust but verify that. You know, we've had allies for generations that now are concerned because of what's going on currently, you know, politically. And I think that's, that's to be expected. You know, and it may shift back and change, but I don't know that anybody trusts anybody else implicitly. You know, with 100% trust, it's too risky. So, you know, it's. I think you have allies. If you're aligned on more things than you're not and you're not diametrically opposed in ways that are, you know, too difficult or uncomfortable to accept, then yeah, you have an ally.
But those things can change. You know, it's. The question is just how easily they change. Some countries, some individuals for that matter, are more loyal than others.
And so you watch for the shifting winds.
But yeah, I think there's some allies out there. Sure.
[00:12:15] Speaker A: You know, quote a Thriller Agency person that I know and said, yes, country, you know, xyz, I won't even name the country. Yeah, they're an ally, but they're the enemy.
[00:12:29] Speaker B: Yeah, I mean, there's some of that. Right. It's our relationship. I'll use the US for an example. Right. Our relationships with Great Britain, France are very different. Relationship with, you know, we have five eyes countries, you know, UK and, and Australia and New Zealand and Canada and Great and, and the U.S. so those are, you know, stronger alliances then you got NATO alliances, which are probably a step away from that comparatively. You know, there was a time the US Was, you know, diametrically opposed to the Soviet Union, and then there was a time we were allies with Russia. I wouldn't say we're allies now and we may or may not be again in the future. And if so, who knows, you know, how that's going to look. You know, the US has had a strong relationship with Israel since its foundation, but it isn't without reservations, it isn't without concerns on both sides.
So, you know, this is how it works in Saudi Arabia. Is it an ally? Sure. Are the challenges? Absolutely. So, you know, I think, I think a lot of these things are just, they move, you know, and they change over time. They shift because culture shift and politics and geopolitics economics can shift. You know, would, would the US have been as strong of an ally to Saudi Arabia if Saudi Arabia had no oil? Probably not. The strategic advantages isn't there anymore. So, sure, we're allies and we're friends, but it's because there's a purpose, right? There's a balance, there's a value to it, you know, and so that's, that's just a reality. I think most countries understand about each other and sometimes you're allies just because you both have the same enemy. And it's as simple as that.
[00:14:03] Speaker A: I want to bring this friend of friend, enemy of my enemy, right? I want to bring this back into the business world. We've been talking about geopolitics. We've been in the context of security and business. Why does that even matter? Why would your average, you know, CEO executive even need to think about geopolitics?
[00:14:25] Speaker B: Yeah, I mean, it's a good question, right? And we have those discussions and listen, a lot of them don't. It's a challenge I run into as an intel guy in the private sector is most organizations, when they think intel, they just want about the tactical and the technical. They really rarely want to spend the time, energy or money on the strategic, which gets into the geopolitics. But it's incredibly important because it drives everything else. If you don't understand the geopolitics of the world, you're not going to be able to be proactive, among other things, to know something's coming or have an idea of something coming. An assessment means you have to be able to see a much bigger picture.
You know, so I mean, examples, when the world brings more sanctions On a country, say North Korea or Iran, they both come to mind.
It's reasonable to believe that you're going to see cyber crime from those countries go up. Well, more from North Korea, really. Iran may just react with a cyber attack, but there's been some cybercrime too. But North Korea definitely ramps up their cyber criminal activities, that their country is its nation state activities, but they're also just a giant criminal enterprise when it comes to cyber a lot of times. So if, if, if they lose resources in other ways, if they have funding that's cut off or supplies, then they're going to ramp up their cyber attacks. And you have to understand that, you have to know, am I going to be part of that? You know, it's. If you don't understand what's going on in the Middle east, you know, if you don't understand the situation in Israel and, and, and Palestine, then as a company, you may not understand your exposure. When Russia invaded Ukraine, understanding the situation there, you know, can I keep doing business in Russia? And if I do, am I suddenly going to be a target of pro Ukrainian hackers, of anti Russia hackers, which aren't necessarily the same thing all the time, of activists of any kind, or vice versa?
You know, being able to have an idea of what's going on in the world does influence how we are going to make changes to our business and to our environment. You know, when countries are allies or enemies, it could get in the legalities of it. You know, if you're going to have relationship, a business relationship with a country and it turns out your home country doesn't allow that, it's not legal, you can't sell to them, they're under sanctions, you know, or new sanctions have arrived that you didn't know about. It's a problem. If you're selling into a country and now suddenly there's sanctions and you didn't know it, now you're in violation of the law.
So I mean, these things are definitely things we should all be keeping track of. The politics come into play at different elections. You should know who the new leader of the country is, what's their political position on whatever business you're in, Understanding that can be a factor or just stability. Is the country going to have stability issues? And if so, do you have people in countries? Should you be worrying about their physical security?
Should you be worrying about being targeted for having people in that country? So the world is a small place. It's huge, but it's very small. And we're all very Interconnected and those who just want to focus on the tactical and technical. And I get that as a first sign. But if that's all you're focusing on, it's whack a mole forever. Everything's a surprise. Whenever something changes, it's all a shock. Whereas if you're strategic and you see how the world is working, you get assessments that might tell you, you know, likelihoods of things happening down the road so you can get ahead of those things. You know, for those who aren't paying attention to the discussions of massive tariffs, you know, when the new administration takes over in the US they may be very surprised to see their costs on a lot of things go way up if those tariffs do come to pass. Whereas those who are paying attention to it might be stocking up right now and saying, I'm going to get a bunch of these supplies in advance. And if it turns out the tariffs don't happen, I've just supplied myself, you know, early. But they have a chance to get ahead of things like, you know, exponential cost increases.
[00:17:59] Speaker A: This is so important what you're describing because so far you've kind of been like, okay, there's all these bad things that can happen, all these risks, but actually these risks are an opportunity to create a competitive advantage.
[00:18:11] Speaker B: Exactly.
[00:18:12] Speaker A: And through this example that you're giving around basically creating a buffer in supply chain, you can actually have lower costs as opposed to other suppliers. This was a black swan. We didn't expect the memory factory to burn down and prices in memory to double, quadruple, but it happened. If you had supply there, excess supply of memory chips, you had a clear competitive advantage.
[00:18:37] Speaker B: Exactly, yeah. At a minimum, you've got that. Obviously if you want to get more nefarious, you also have the chance to really jack up the prices. And there's a lot of that atmosphere, the price gouging that goes with it. Right. You have an advantage, you have almost corner to market and lo and behold, everything's very, very expensive.
There's a lot of that going on in the world unfortunately too. But yeah, it's understanding risks and probabilities allows us to take actions that either could be preventing harm for us or could give us advantages. Like I said, business advantages.
And so more, more companies probably should be investing in these things and looking at them. I think companies do look at them more in things that they think are obvious. Business analysis is a common one. I think people do analyze their particular industry. They analyze stock markets and things like that. I think it's harder to get them to go further into the geopolitics, especially if it gets into things like war fighting, to help them understand how that's really going to impact or could impact. Because a lot of this, the further you go out, it's an investment, right? Getting companies to invest in strategic intelligence is really difficult because it's expensive and time consuming. And a lot of times it comes back with, well, this is a really interesting GWIZ product, but what do I do with it? And sometimes there's nothing you can do with it. There's some educational value. But as I said in the intelligence community, and granted, the government prints money, so trying to be the intelligence community won't work. But I've said about it for years, the intelligence community, the US Intelligence community has tens of thousands of people and not everybody's focused on China and Russia and Iran and North Korea. Somebody someplace is probably in an office studying Bolivia. I don't think Bolivia is a threat, as far as I know. But if tomorrow Bolivia becomes a threat, tomorrow's way too late to start learning about Bolivia for the first time.
[00:20:14] Speaker A: That's right.
[00:20:15] Speaker B: So having some baseline knowledge, you may not have the same depth of knowledge being able to prioritize things, but having at least some baseline to start from really matters, you know, and it really does provide advantages. But convincing people the ROI is tough.
[00:20:27] Speaker A: The point that you just made is so overlooked. It's all about the lead time.
If you don't understand what could happen and you haven't created basically a decision tree of what you will do in that situation, which is the minimum thing you should be doing, you're not going to know how to react, you're not going to have a plan, you're not going to know the costs and timelines and cycle times of those changes. And you're basically together with everybody else and the clock is ticking. But if you're the first person to react, because you're basically now executing your decision tree plan and you don't know what will ultimately happen, you don't know what all these, you know, non. The unknown unknowns are. That's why you have a decision tree which allows you to evaluate different scenario plannings. That gives you the competitive edge, you know, it's as simple as that. So this is such an important point. You're kind of glossing over it as if it's trivial, but you know, you're.
[00:21:23] Speaker B: Making a better point of it. Basically. I was just talking about it randomly, but you actually put the fine point on it that it deserves because you're Right, That's. That is what matters in all of this. And it's interesting. Leaders get that when it's explained well to a point. Again, budgets are still budgets. But. But you're right, it's. These are things that being able to make quick, accurate decisions. You know, I talk about with intel, our job as intelligence professionals is to get the right people the right content, the right time to make informed decisions. They won't always make the decision we want them to make, but they should at least be able to make the most informed decisions. And that's really what this comes down to. Like you said, lead time is a perfect way of looking at it. You know, if you're reacting to things for the first time, having not heard of them, at best, you're going to make quick decisions that are uninformed and maybe we'll get lucky. At worst, you're going to make no decision at all, perhaps, or really bad decisions that are uninformed. So, yeah, that lead time really matters. And that's the difference. You know, when you talk about a cyber attack or a physical attack for that matter, that can be the difference between, you know, something very minor, minor that gets resolved versus a massive, you know, economic cost or even, you know, costing human lives. You know, this is why intel matters in the government space. We all know this and the military knows, understands the value of intel. We know as much as we can about every environment before we go in. But again, the government, as I said, prints money, so, you know, it's. They can afford to have a lot of intelligence that sits on a shelf and goes dusty and never gets used. The private sector is held to a totally different standard. So then it's about finding a way to prioritize. And unfortunately, I think we've reached a point where companies don't face enough consequences when they fail to prepare. Frankly, I think that's part of the challenge that we're running into is it's really hard to convince people to get ahead of things when they don't see the consequence if it doesn't happen. The world is pretty forgiving at this point of everybody gets hacked, everybody gets compromised, you know, cyber specifically, and you just blame the bad guys. It's not our fault. Even if it's most basic of things. You know, it's. I know it's in the news right now. You know, sadly, it was a murder yesterday. I'm gonna script your timing for when you publish this, but it was a murder yesterday in New York of a CEO for United Healthcare, which is a subset of UnitedHealth Group.
And. But United Health Group had a massive breach, the world's largest data breach, earlier this year. 100 million Americans impacted. And when their CEO shows up before Congress, it's embarrassing. Like, they were hacked because they didn't have the most basic of things. They didn't have two factor authentication. You know, they had acquired a company that they hadn't done integrations on security.
[00:23:45] Speaker A: What's the percentage of people that use two fa? And let me specifically also say physical tokens.
[00:23:52] Speaker B: Very low. Yeah. Physical tokens is very low. Yeah. And 2fa is certainly too low. And these are some basic things. And, you know, he got hauled in front of Congress and didn't perform particularly well because they'd acquired this sub company that got compromised. But they'd acquired him for several months and just hadn't gotten around to doing some of the most basic things. There wasn't a sense of urgency. And probably because it was cost. It takes time to do these things that cost money. And a lot of companies are playing fast and loose with security because they're hoping they won't get hit and they'll get away with it for as long as possible. And then if they do get hit, they figured out that there's a better return on investment in the PR and marketing after a breach than there is on trying to prevent it in the first place. Because it turns out customers don't change. I think when I first got into this in the private sector, I worked at a bank, and it was very clear. Everybody agreed our goal is to protect the customers at all costs almost. Because if customers don't trust us, they won't do business with us. They won't trust us with their money. That's just not true. As it turns out, banks get compromised and retailers and hotel chains and airplane airlines and all these things happen and people don't move and they don't change. It turns out all the largest compromises, those companies still had record profits the next quarter, the next year, et cetera. And if that's the case, then companies don't have a motivation to care.
[00:25:07] Speaker A: This should make us furious. I mean, the fact that we boiled this frog slowly to the level that we find it acceptable that we're getting hacked. And it's by everybody. I mean, when it was the password management softwares that got hacked, I'm like, okay, but there is no hope if the people that are opposed to secure our passwords. And it was like within a few months, like, two of the large companies got hacked. And I Was like, okay, there is no hope for this. I must have spent. And I have different passwords for every single site and it's like 20 characters. It's like the most complicated thing. I'm like, okay, so the database online for my password. So I had to change every single password that I had. It took me hours. This is ridiculous. This is ridiculous.
What's the solution? I mean, do we need to get angry as the people, or is it government that needs to change the rules of the game, so to speak?
[00:26:02] Speaker B: Yeah, it's a good question. I mean, first, I would say there's a lot of technologies now that are getting away from passwords altogether. So there's some solutions there at least. But, you know, as far as how do we fix it, I mean, yeah, if consumers could fix the problem if we wanted to, but I think we might have even gone too far for that now because. Where are you going to go? All right, my airline gets compromised. I'm not going to fly them anymore. Well, all the airlines have been compromised. My hotel gets compromised. I won't use that chain anymore. Well, they've all been compromised.
[00:26:26] Speaker A: Mobile phones now, right?
[00:26:27] Speaker B: Exactly. Mobile phones, you know, God help us. So if you can't, as a consumer, move from a company to another company because they're all just compromised, much as people don't want to hear it, yeah, it's probably going to be government. They're the only ones that will have the authority to create the pain necessary to get companies to comply.
But that's going to be significant pain. That's the other issue. You know, there are laws in place. Europe, you know, the EU has some pretty strong laws on a lot of things that. It doesn't really matter, though. I mean, Google got hit with a massive fine. Geez, I don't know what it is now. Two, three years ago, maybe they still haven't paid it. You know, just keep fighting it. It's in court and it goes around and around. By the time they pay it, by the time they finally have to pay it, I'm sure the money they put aside and invested will have earned enough interest to pay what the fine was. So, you know, and that's sort of the goal, right, and just value of money. Right, right, exactly. And you can't have a big enough fine. So, you know, let's use this one because it's out there right now. Elon Musk is the world's richest man. He's worth, I don't know, 300 billion, 320. It changes every day over $300 billion.
What would be an appropriate fine for somebody worth $300 billion?
For anything. So, you know, and I'm not picking anything that's real in this case. Let's assume he was, you know, stone cold guilty of a terrible, terrible crime. Right. But a financial crime, not a. Not a murder, whatever. Okay, what's a. What's a good fine? A billion. So 300th of his net worth, 30 billion, still won't change his life. You could find him $150 billion and it wouldn't change his life at all.
And that's one person. There's companies, obviously, that are worth trillions of dollars. So how do you force compliance?
This is a really significant problem to solve for. And then if you did have those fines, where's the money going to go? It'd be a whole other question.
But, yeah, I think it's going to take regulation, unfortunately, and people don't like it. And of course, now we're also dealing with a pretty big shift to the right politically in the US and certainly in a lot of other countries. And a lot of that involves deregulation as a big cheering point for a lot of these folks at a time when we probably need more regulation, unfortunately. But not surprisingly, the people in charge of these organizations are billionaires who are in favor of deregulation not for the benefit of the people, but for the benefit of themselves.
[00:28:40] Speaker A: Have you heard about the sugar barons?
[00:28:43] Speaker B: I have not.
[00:28:44] Speaker A: Okay, so these two brothers, right? You know, every year they have a big party, and each brother goes to a different location and they give these huge checks, right. To maintain their. Their basically sugar tariffs, which allow them to. So, you know, it costs each individual, you know, American citizen less than a dollar.
But then if you aggregate all the sugar together, it's making them a huge amount of money.
[00:29:10] Speaker B: Right.
[00:29:11] Speaker A: So they donate to guess who, to the left or to the right every year. Well, the right one brother denotes to the right, the other brother donates the left.
[00:29:19] Speaker B: Oh, sure. So they're good either way. Why not?
[00:29:21] Speaker A: They're good either way, Right.
[00:29:23] Speaker B: Why not?
[00:29:23] Speaker A: Why the hell not? This is just. Oh, my God.
Okay, I want to make a point about regulation. Sure.
You know, on the. On the, you know, left, right, we want small government, big government. But here's the point. They're both wrong. They're both right. Here's my perspective. There are things that if we don't do them, nobody's going to do them because there's no economic incentive for them to be done. And unfortunately, digital security for the little person like me, like you, it's not going to be done if government doesn't make it mandatory.
On the other hand, government is the worst possible type of organization to create efficient processes. So if there is incentive design for anybody in the private sector to do that, it might be much better. So it's a complex environment. I don't think there's a black and white answer. At least that's my perspective.
[00:30:17] Speaker B: Yeah, I don't disagree with that. I mean the government is a model of inefficiency. So you know, it's, it's tough when you have an organization that is probably the only one with the authority to make the changes necessary and not necessarily the wherewithal to do it. And then the folks that would have the wherewithal to do it best either don't have authority or, and, or don't have the motivation.
And so that's where we end up with, you know, public private partnerships can be really beneficial if they're partnerships. If it's a bunch of incredibly wealthy private sector people who now invade the government and that's been make partnerships that are really just them running both sides, I think that's going to be really bad for a lot of people.
[00:30:55] Speaker A: Here's my problem with US politics, right? It seems like we're, we're playing this game show as opposed to looking at metrics and actually evaluating agendas and saying, okay, what is the issue? How do we improve it? We're not really talking about the real issue. We really, you know, it's, it's like you know, some kind of reality game show where, you know, some couple needs to win through outmaneuvering the rest. And I spoke to a three letter agency friend of mine and I was like, oh, we don't deserve this leadership. And he was like, yes you do.
[00:31:27] Speaker B: And I was like, get the leadership you deserve. That's, that's democracy usually.
[00:31:31] Speaker A: So, so talk us through that. Like how, how can we get better either leadership or rules or like what's the metric or the law that needs to pass? What is a low hanging fruit for me? I've been thinking about identity a lot. Like why do you not need to verify your identity before you go on Snapchat? Like so much pedophilia going on Snapchat. Why is this not these kind of laws? Not an easy thing. Australia just had their no children on social media. Bipartisan like, yep. Why can't we do this?
[00:32:10] Speaker B: Yeah, it's, I mean it's a really good question. Right. So, and I Think the challenges we run into in America. And listen, we have a lot of good and a lot of bad, right? And one of the challenges I think we run through, first of all, is we're a much younger nation than people seem to remember, right? So we're still sort of the teenagers of the world.
We're just the wealthy teenagers. You know, we have all the. We have way more money than we should have and way more, you know, weapons than we should have. And, you know, imagine a teenager who had that. And so, you know, we've got some really good ideas and some good philosophies, and we've made some good progress in a lot of places, but we also have some pretty big challenges to overcome. And so I think one of them is we have. We have this adherence to our Constitution that perhaps is to a fault. And I'm sure there's plenty of people that love to hear this from me. I'm sure I'll hear a lot about it. I mean, especially as somebody who swore oath to the Constitution. And I do believe in, you know, protecting and defending it. But Australia, like, they throw theirs out every several years and start over, basically, if I remember correctly, we don't have to go that far, but we probably should be doing something a little different. We have adherence in such dogmatic terms. It's why we have so many issues with Second Amendment with. With guns in America. Is. Is. You can go back to this. Is. This is the law of the land and it's ironclad. And First Amendment is the same thing. But again, if you start chipping away at those, then the question is where you know, that slippery slope and where do you want to go? So, you know, things like being anonymous on the Internet, you know, and protections of people's privacy. Where does the collective good outweigh the individual? And the US Historically really leans heavily towards the individual Sue. A fault, perhaps, for the collective.
And I think that's a. That's a big challenge we're trying to overcome as a society before it eats us. You know, we may. We may well be our own demise because we're so dedicated to this individualism which. Which creates this rugged individual and has created a vulnerability that adversaries, I think, can exploit and happen.
[00:34:11] Speaker A: So we've seen that across the United States very recently. I don't want to get political, but sure, wow.
[00:34:16] Speaker B: We're well past that point, I think, but I think we got political a while ago. But I think, you know, I think it's a good question, you know, what has to happen. Right. How do we, how do we come back from some of these things? I mean, I think I'm not as optimistic as I would like to pretend to be right now. You know, I think we have some huge challenges though. I think missed this and mal information mdm, I've been railing about it for a couple of years. I think it's an existential threat at this point. We have a nation that's one of the more technical. So you know, hundreds of millions of people who are on social media almost all the time combined with a nation that's actually undereducated and has a need to know things very, very fast. You know, we have a very fast paced nation. So you've got people that are consuming massive amounts of content without context, without, you know, foundations in, you know, deep educational foundations. They don't know where the sources of this information are coming from.
It makes you ripe for all sorts of challenges, you know, with misdis and mal information and that can directly undermine a democracy. You know, the best way to rig an election is to get people to actually vote for the things you just want them to vote for that they shouldn't want to vote for. You don't have to rig it any other way. Just, you know, use great information operations to convince people to vote for the things that they really probably shouldn't. And we've seen some of that, you know, so you know, a lot of influence operations, campaigns, that's a huge threat and unfortunately right now it seems to favor one side pretty strongly over the other. There's threats on both sides, but there seems to be a favorite on one side and therefore you have half of the country roughly that doesn't want that fixed.
And it's a huge problem for us at this point. So if you can't fix that, then all these other problems are probably going to continue because you're putting people into positions of power who specifically are going to do the things that you don't want them to do and that they even said they wouldn't do in some cases, although in other cases they said they would do it. Well, we just didn't believe that side. So, you know, it's, I think it's a tough spot to be in, to be honest. I think we're reaching a tipping point. 2024 might have been 2026 probably is and maybe you don't come back from it. I don't know. I've talked to friends and family and said, listen, you know, this belief that we are immune to things that have happened in the rest of the world. This, this very American thought process of American exceptionalism and combined with rugged individualism may be our downfall.
Countries have lost democracies before this way. And listen, If World War II, if the Germans had had social media, they may well have won the war. They had great propaganda. They just couldn't get it out to enough people. Social media now does. You can get any message you want around the world in seconds to millions and millions of people. And if you have a group that's committed to doing that thousands or hundreds of thousands of times every day, it's going to change how people feel about things and think about things due to massive misinformation. And so I think that affects everything. I think that affects healthcare, I think that affects politics, that affects economics, that affects cybersecurity and physical security and pretty much everything we have on life. It could affect science. We have people that are rampantly anti science now.
I never thought I'd reach a point that getting an education would be a negative thing, but we've reached that point now where, you know, experts are now derived. Derived or are, what's the word I'm looking for here? Reviled is the world is going to go for. There are people that actually, you know, say, well, who cares about experts? People have decided their opinions are equal to science and fact and reason and logic and, you know, deductive reasoning and all sorts of technologies because they don't understand any of those things anyway. So, you know, how come you're better? You think you're better than me because you, you know, you have a different opinion? Well, no, I don't think I'm better than anybody. But sometimes I think my opinion is going to be more educated because it is. Sometimes it's not. Depends on the topic.
[00:38:08] Speaker A: It's not. Just like American society, this has percolated, I would say, into the corporate American culture in terms of how do we make decisions now. You know, I've, I had a CEO outright tell me their culture is being nice.
Yeah, like, hold on, we can be kind, we can be helpful, we can be honest. But what does that mean to be nice like that? I honestly, I had to ask myself if I'm willing to work for that company, with that company anymore, because that's just crazy. What does it mean that we can't be devil's advocates, that we can't say that I have an opposing opinion, that I can't passionately advocate for something that I think is, is right or wrong or whatever?
You know, it's really Dangerous, Right. That balance between good decision making and feelings like.
Yeah, you know my point. Suck it up, butter. That was his.
[00:39:13] Speaker B: Yeah. It's not about being nice. I think, you know, I think you made a really excellent point. Nice and kind aren't the same thing.
[00:39:19] Speaker A: Not the same thing.
[00:39:20] Speaker B: I think kindness, yes. I think everybody should strive for kindness.
There's no reason to be cruel. There's no reason to be unnecessarily aggressive or, I don't know, bombastic or abrasive or whatever term you want to use.
But no, you're not always going to be nice. Sometimes things are going to be said that are not going to want to be heard because they have to be said.
They can be said in kind ways, but everything can't be nice all the time and be successful because there's things in the world that just aren't nice. You know, it's not nice to tell somebody their product is terrible. Some products are terrible, though. You know, is it, Is it. Is it nicer to pretend and say, no, that's a great product unless you spend all the time and energy and money to put it on the. On the market so the market can then tell them their product is terrible?
[00:40:07] Speaker A: Yeah.
[00:40:07] Speaker B: Or is that actually more cruel than being in front of it and saying, hey, listen, I got to. I got to say, you know, here's some challenges and some, you know, some reasoning behind it. I think we're better off to try doing these other things because you don't want to waste your time, energy, and money to let the world tell you. Because the truth of the matter is life just isn't nice. The world is not nice. That's just how it works. If we want to live in our delusions, eventually the reality shows up. Facts don't care about your feelings, and truth triumphs eventually over everything. So I think kindness is a great thing to have. I think to just be inherently nice all the time is inauthentic and probably is doing more harm than good.
[00:40:46] Speaker A: Yeah, I completely agree with you. I think the opposite of toxicity is not nice. It's kindness. And this would be my man. There's like a million more things we. Aj, we have to have you back. This has been so much fun, so many topics. We went all over it.
We're at the end of our time.
[00:41:06] Speaker B: Oh, yeah.
[00:41:07] Speaker A: I need to ask you one last question. This is a really hard one. It's the only scripted question we have in this.
[00:41:12] Speaker B: Sure.
[00:41:13] Speaker A: If you had to go back to 20 something year old AJ, dude, what would you advise him.
[00:41:22] Speaker B: 20 something year old, AJ I would advise him just to put every dime.
[00:41:32] Speaker A: Unacceptable. Dig deeper, give us. Give us a vulnerable answer.
[00:41:37] Speaker B: Yeah, I would definitely admit. Advised to do that.
I think I would have. I mean, yeah, listen, not the apple thing. I definitely would have and regret that I didn't do a better job, you know, economically, early on in life. I probably would have pushed for education a bit earlier.
You know, if you want to go further back into like teenage years, I definitely would have. Would have told them, hey, spend more time at school.
But, you know, aside from that, I think, you know, I think it's important to be honest, be authentic. I think I've always worked at that, probably, but I think it's been harder and you get older and you finally figure it out, Right? And I think, I guess here's the one. Here's probably the winner. I would have probably told 20 something. Me, stop worrying about what everybody else thinks.
And believe me, people who've known me that long would say, I don't remember AJ Ever worrying about what anybody else thought. I'm not known for that. But. But the truth is I did. You know, I have insecurities like everybody, and I probably spent too much time worrying about my own insecurities.
And they hold you back. You know, the truth of the matter is most people don't see whatever it is you see in the mirror.
[00:42:47] Speaker A: That's right.
[00:42:48] Speaker B: They don't hear whatever it is you hear in your voice. That's right. Most people are too busy in their own insecurities. They live inside their own heads.
So, you know, just go do and be the best you can and, you know, not hold yourself back. I think from things that are just all in your head, aj, it will.
[00:43:05] Speaker A: Be incredibly difficult to top that. So with that, I'm going to say thank you so much for joining the show today. I appreciate you.
[00:43:11] Speaker B: Yeah, thank you, Ari. I appreciate it.
