Trade Secrets | Investigation
42:40 Share

Americans love using their credit cards, the most secure and hassle-free way to pay. But D.C. politicians want to change that with the Durbin Marshall Credit Card Bill. This bill lets corporate megastores pick how your credit card is processed, allowing them to use untested payment networks that jeopardize your data security and rewards. Corporate megastores will make more money, and you pay the price. Tell Congress to guard your card.

because Americans lose when politicians choose. Learn more at guardyourcard.com. - This episode features strong language throughout. - Incoming transmission. - Welcome. - Welcome to True Spies. Week by week, mission by mission, you'll hear the true stories behind the world's greatest espionage operations. You'll meet the people who navigate this secret world.

What do they know? What are their skills? And what would you do in their position?

This is True Spies. If you're able to alter or do anything to a semiconductor, there's hardware attacks, there's all sorts of things to it to where either you can leak data from the semiconductor so you can steal somebody's data or you can put your own malicious things in there. If you knew where the weaknesses were in these things to interrupt the processing on these devices, then I think that would cause untold mayhem. This is True Spies. Episode 59, Trade Secrets.

I would definitely not feel safe traveling to Hong Kong. I pretty much guarantee that if I were to go somewhere in China, like, you would not hear from me again. We don't want to alarm you, but whatever platform you're using to listen to this episode of True Spies has probably been compromised. All prevention is going to fail at some point, and all of these mechanisms we put in place, no matter how many you put in place, a hacker will find a way to get through. You know, whether or not it's having some weird scan of your retinas, whatever we put in place, a hacker will find a way around. Hacking.

you've seen it in the movies but don't be mistaken this isn't hollywood this is the story of a real world attack with very real world consequences an attack that not only threatened taiwan's most high-profile industry semiconductors but the country's entire economy or worse in the right hands

could have brought essential services to a halt and industry to its knees. You're looking at power grids and hospitals and controlling water flow and just things like that. If you start to mess up those systems, you can cause major damage to somewhere. I bet you thought semiconductors were boring. It's not like we're talking about a nuclear facility or a missile base after all. But think of them as the foundation of almost all the technology you enjoy today.

Your car, your computer, and even your washing machine. And yes, nuclear facilities or missile bases too. And the companies based in Taiwan don't just produce the raw materials. They make the chips and processes, the brains that power our digital lives. Control those chips, control the world? Maybe.

And it's our spies' job to ensure that we don't find out the hard way. Right now, every organization is open to attacks because of the internet. And so one of the biggest threats out there is something called an APT, Advanced Persistent Threat. And we specialize in basically stopping those. Fortunately, for every bad hacker, there's an ethical one waiting in the virtual wings to combat them. This is where this week's spies come in. They're what's known as White Hat hackers.

the good guys. Hi, I'm Chad Duffy. I'm the Global Product Manager for Sitecraft Technology, a Taiwan-based cybersecurity firm. I'm CK. I'm a Senior Researcher in Sitecraft, leading our research team. Before we proceed, make a note of that term Chad used: APT, or Advanced Persistent Threat. Because you're going to hear it a lot. It's bad enough to have any kind of attack on your business.

But when it reaches several of the most prolific producers of semiconductors in the world at the same time, that's alarming. This episode's heroes might be experts in their field, but they weren't expecting a virtual raid with this potential size and scale to land in their laps. They're used to dealing with day-to-day security issues and protecting their clients' most valuable assets, safe from prying eyes.

It's an arms race. We learn how to stop, they find a new way. We learn how to stop, they find a new way. And that just keeps going on. Chad and CK are like any good cop duo. One is our seasoned pro with experience at large global tech companies and the US Department of Defense. The other? He's the streetwise young maverick with the local intel. And like all good crime fighters, they don't work alone. There's a highly skilled support team behind them.

Between 2018 and 2019, our cyber spies noticed a lot of attacks popping up, all of them on semiconductor vendors. And then when we go to investigation, we discover this is an APT attack and attack many, maybe more than seven semiconductor vendors. Fortunately, our spies have spent years honing their skills.

There's a lot of different ways that an organization wants to check out its sort of, you know, cybersecurity posture and defense. So one of these ways is red teaming. And what red teaming is, is sort of a full on, you know, tactical assault on defenses where you usually say there's some sort of goal ahead of time that you want the red team to achieve. Like maybe there's a database inside an organization that you want to check how, you know, how secure is this? So you make that the red team's objective. And then so blue teaming is on the side of defense where you're running, you know, defense practices and drills against this.

CK Chen is a natural blue teamer. He cut his teeth protecting the computer network at his university, working as a system administrator as part of his computer science studies. Field training is one thing, but like all good agents, our spies need to keep their skills sharp and adapt to new threats. Think about your phone or computer. How many apps do you have? Do you ever stop to think about how secure it is before you download?

Now imagine a large corporation with all its employees and different suppliers. Anything that has access to the network can pose a threat. I think one of the big things in cybersecurity is that it's always changing. It's like the laws of physics are always changing. No matter what you think you have and understand the system, it's never quite going to continue to be that way. So that's what makes defense and detection all this so challenging.

In recent years, Chad and CK started to notice an increase in supply chain attacks coming their way. By infecting popular software or hardware, legitimate products in a corporation's supply chain, hackers can piggyback their way into multiple networks like a digital parasite. Take Stuxnet, the mysterious virus that hamstrung the Iranian nuclear program.

Listen back to episode 33 of True Spies, Olympic Games, to hear more about that. SolarWinds, a common IT management software, is a more recent example. We're talking about compromising, you know, tons of organizations that are using SolarWinds, which is, you know, including, you know, U.S. government, but also like FireEye, just many other large, well-known organizations.

And something interesting is when we analyzed SolarWinds malware, we finally tried to describe ourselves as the normal programmer as a SolarWinds programmer. The hackers hide themselves within a normal program, in this case, SolarWinds. Needles and haystacks come to mind.

But adapting to this increasingly common method of attack would prove to be crucial for Chad and CK, as they tried to understand the threat that landed on their desks one fateful day in November 2019. This cyber attack doesn't begin deep inside a dilapidated warehouse hideout. There are no hooded figures hunched over laptops, no rock music playing in the background. It begins in a brightly lit, comfortable office.

Just like the one you might go to every day. Except this one's on an island perched between the East and South China Seas. Specifically, the Hsinchu Science Park, about an hour southwest of Taipei. There's a lot of large buildings. In fact, Hsinchu is like one of our big science park cities. Yeah, it's very modern, very up-to-date, lots of new buildings. It looks like it was built basically yesterday. There are science park cities like this all over the island.

They are aware some of the brightest minds in technology go every day to make our electronics smarter and smaller. Hsinchu might not be unique to look at. It's a fairly ordinary business park lined with neatly manicured hedgerows and glass-fronted buildings. But it's a vital hub for the most important semiconductor companies in Taiwan. One of those companies is a client of Sycraft's. We can't share the name, that's confidential.

Chad and CK simply call it Company A. All you need to know is that modern cybersecurity has evolved in recent years. No more staring at errors and alerts streaming across a screen. Today's savvy white hat uses artificial intelligence to flag any suspicious activity.

So what we'll see is basically a certain set of alerts of unusual behavior come up on our end. And that triggers an AI analysis to go in deeper and look more at connecting docs for what's going on here. So basically, once we see one, two or three, because a lot of times you'll see an individual behavior and that won't really look that suspicious. But once you see it in the context of other more malicious behaviors, then it starts to, you know, the whole ball starts to come together a little bit.

If you're thinking the right move is to neutralize the threat immediately, think again. Like all good tradecraft, white hat hacking relies on intelligence. Sometimes you want to let the attacker reveal their intentions. Perhaps they might leave a clue as to who they are or what their objective is. Chad and CK's AI tool has indicated there's a potential attacker and caught it early enough that the villains haven't been able to get very far into the network.

What's surprising is that the hackers seem to have accessed the system using legitimate credentials. This isn't as uncommon as you might think. All the hackers needed was to find a list of leaked usernames and passwords. Something worryingly easy if you know where to look. This at least means they could follow that specific user's activity and see what the intruders are up to. Confident that the hackers haven't reached any critical infrastructure, our spies stand back

and carefully observe. Hackers want to use the most convenient, you know, way sort of, and they don't want to burn whatever they don't have to. So if I already know I have this valid account, then I'm just going to use that. You know, you want to do the laziest thing that's going to get you to your goal. All Chad and CK know is that right now, someone has a virtual foot in the digital door using stolen credentials. But that's not going to get you much beyond some poor employee's emails and maybe their calendar.

Fortunately, if there's one thing that computers are good at, it's remembering things. Keeping logs or showing you what software was launched and at what time. Our spies notice that the attackers deployed their malware disguised as legitimate software. Remember the red and blue team training methods Chad mentioned earlier? The software in question is a popular tool that red teamers use to simulate a threat. But this time, it's no simulation.

By modifying a trusted application with some of their own code, the hackers were almost able to go unnoticed. Almost. If it weren't for those pesky lol bins. So lol bins are living off the land binaries. And binary just means an executable file on a given operating system. So to live off the land is just to use the tools that are already there. Let me decode that for you.

Another way to look at living off the land is pretending you're a normal part of the computer's operating system, going about normal business. You might say it's the digital equivalent of stealing a lanyard and casually walking through the front door. And the reasons why is that makes detection a lot harder because these programs are already running anyway. And so it's a lot easier for attackers to basically evade detection systems. CK's blue team experience kicks in and he's quickly able to neutralize the threat.

The hackers didn't get very far this time, but they left some small, vital clues. White Hat hackers are organized, collaborative and freely share the code that their would-be attackers use to a website called VirusTotal. This helps other White Hats detect and eliminate the threat with a simple search. And sometimes, it can also reveal that hack's origins: the person or people behind it. So that's what CK does.

He uploads the malware to VirusTotal in the hope there's a match. So when we get a malware, we'll first query this VirusTotal to check this malware is being used to attack other organizations or not. But when they check, they discover there is no information that corresponds with this malware in the VirusTotal database. That means this malware is quite new and maybe it's customized only for this attack.

Well, it was worth a shot. But for now, Company A is in the clear. Chad and CK can tidy up their client system and provide them with an incident report. Job done? Not quite. CK's just told us the malware is unknown. The fact that it wasn't listed anywhere was worrying. That indicated this was a new threat. Or, as Chad and CK suspected, a cocktail of existing ones.

repackaged and tuned to intentionally attack the semiconductor industry. This meant this wasn't a general virus that happened to infect their client. It was a deliberate, targeted attack. But who? Why? And what did they want? Our spies didn't have to wait long for another opportunity to figure that out.

Not very much later, we get clients come to us, say, hey, we need some help. And they say, we need incident response. And they come to us and we sort it out. And we start to look and see some similarities between this attack. And this occurred within, you know, within two months period. Chad and CK soon made a startling discovery. This second semiconductor company had apparently been hacked for over a year. With the cyber criminals coming and going as they pleased. Bad news for company B.

but a lucky break for our intrepid white hats. If the hackers have spent this much time poking around their victims' computer network, there's a far higher likelihood of them having left a vital clue

A digital thread that can be pulled on. A lot of times what you see in like spies, you'll hear like terminology, like false flag operation, things like that. A lot of that stuff still applies, you know, in the cyber world. And that's one thing we have to be careful on with attribution, for example, is we've seen times where maybe we see an attack that's made to look like it's coming from one organization because they might leave behind certain, you know, artifacts such as, you know, language artifacts or, you know, adjusting times of things. There's all sorts of other, you know, variables of the attack that can be considered.

What Chad's saying here is important because the next few discoveries would invoke their worst fears. Company A's in-house Blue team shared some small but significant information about the hackers. And we find out their working hour is from 8 in the morning to 8 in the night. So clue one, they work from 8 a.m. to 8 p.m. Clue two, they're in universal time plus 8.

I wonder where in the world that is. So we say like 8:00 to 8:00, but it's often 9:00 to 9:00 because they're a little bit, you know, like late to getting to work and then getting off. That's at 9:00, 9:06 and working on the Saturday time is really common. This 9:00, 9:06 schedule is common in the tech industry in China. And that wasn't all. Another thing that I did when I was looking over the data was that we noticed that during October, which especially there's a big holiday in China during that time, and this is where the hackers really had just a rest.

The first week of October includes Chinese National Day. During this holiday, also known as Golden Week, workers enjoy several days off to celebrate the founding of the People's Republic of China.

And actually, this has come into a lot of attacks you're going to see coming out of China is that, you know, the holiday, they take it really seriously. They do not work during that time. So that's also a really good part of the plan often because that's when they can see if their persistence mechanisms and everything is still working when they come back. They know, OK, what's been discovered, what's not been. And they can say, OK, now I can really launch the rest of my attack to move towards my exfiltration target after this holiday. This presented another problem. Chad and CK knew this clue could be a false flag.

A clue deliberately left to throw our cyber spies off the scent. It wouldn't be hard to do. But mainland China and Taiwan's history is complicated, so they need to proceed with caution before making any accusations. Time for a quick briefing. To China, Taiwan, an island to the southeast of mainland China, is a rogue province, one that it wants to reclaim.

For most locals, however, Taiwan is an independent democracy, a situation they'd very much like to preserve. The conflict started in 1949, during China's civil war. The ousted leadership found exile on the island of Taiwan, and a long-lasting standoff began. For decades, political tensions have remained high. By the early 90s, things were improving, with the then-Taiwan government officially declaring the war with the mainland over,

But only a few years later, during Taiwan's first democratic elections, China set off missiles, making it clear that things were far from settled. All the while, the legal status of the island has been a constant source of dispute. Much to China's chagrin, Taiwan would then go on to become a dominant force in the computing industry, providing many of the complex components that allow you to enjoy the luxuries of the connected world.

Technology that China has never been able to compete with. This gets into the semiconductor industry hugely because that's one of Taiwan's largest contributions to the global economy. And this is something that China has been really

not able to catch up in is in terms of their semiconductor technology. So they've been definitely having a huge amount of attacks here, not only for the political reason, but also for the industrial espionage side. It's been many years since Taiwan was recognized as a country globally. And, you know, it was not since the 70s. And so it's been China's, you know, idea to at some point, you know, retake Taiwan, this idea of one China. But, you know, Taiwan's been a very independent, you know, Democrat. We have our own president, currency, flag, all that sort of stuff.

In summary, even if you don't know who your attacker is,

If you work in cybersecurity, in Taiwan at least, your first instinct for attribution might be to look toward the twinkling lights across the Taiwan Strait. It also means you're potentially acting as the testbed for a broader global attack. If CK and Chad's guts were correct, the implications of this threat were more than just corporate secrets. It was a matter of concern for us all.

So really, it's again about this sort of supply chain issue because semiconductors are like almost hacking like the very core of the digital supply chain. So if you're able to alter or do anything to a semiconductor, there's, you know, hardware attacks. There's all sorts of things to it to where, you know, either you can leak data from the semiconductor so you can steal somebody's data or you can put your own malicious things in there. I mean, there's all kinds of things that can get done. So this really affects everybody today. I don't think there's really anybody that would not be affected by large semiconductor attacks. What Chad is dancing around here

is that if the Chinese government were able to get hold of all the blueprints for the chips and processors being developed in Taiwan, it would be a very bad thing indeed. If you knew where the weaknesses were in these things and you were able to shut down to interrupt the processing on these devices, then I think that would cause untold mayhem. For example, imagine in the healthcare industry or imagine in just your car or imagine any of these other things. And that presents a huge dilemma.

The worst-case scenario? A world superpower holding the world's computers hostage. Or it could just be after trade secrets for its own commercial gain. But that's still a massive problem for Chad, CK and the semiconductor industry as a whole. This, of course, would be true for any attack from any country. But the diplomatic minefield that is Taiwan and China relations

means an incorrect attribution could also be the spark that reignites decades-old political gunpowder. But whoever the hackers were, they certainly knew what they were doing. Hello, True Spies listener. This episode is made possible with the support of June's Journey, a riveting little caper of a game which you can play right now on your phone. Since you're listening to this show, it's safe to assume you love a good mystery, some compelling detective work,

and a larger-than-life character or two. You can find all of those things in abundance in June's Journey. In the game, you'll play as June Parker, a plucky amateur detective trying to get to the bottom of her sister's murder. It's all set during the roaring 1920s,

And I absolutely love all the little period details packed into this world. I don't want to give too much away because the real fun of June's journey is seeing where this adventure will take you. But I've just reached a part of the story that's set in Paris and I'm so excited to get back to it.

Like I said, if you love a salacious little mystery, then give it a go. Discover your inner detective when you download June's Journey for free today on iOS and Android. Americans love using their credit cards, the most secure and hassle-free way to pay. But DC politicians want to change that with the Durbin Marshall credit card bill.

This bill lets corporate megastores pick how your credit card is processed, allowing them to use untested payment networks that jeopardize your data security and rewards. Corporate megastores will make more money, and you pay the price. Tell Congress to guard your card, because Americans lose when politicians choose. Learn more at GuardYourCard.com.

Thank you.

They share three books they love, one book they don't, and what they've been reading lately. And I recommend three titles they may enjoy reading next. Guests have said our conversations are like therapy, troubleshooting issues that have plagued their reading lives for years, and possibly the rest of their lives as well. And of course, recommending books that meet the moment, whether they are looking for deep introspection to spur or encourage a life change, or a frothy page-turner to help them escape the stresses of work, or a book that they've been reading for years.

school, everything. You'll learn something about yourself as a reader, and you'll definitely walk away confident to choose your next read with a whole list of new books and authors to try. So join us each Tuesday for What Should I Read Next? Subscribe now wherever you're listening to this podcast and visit our website, whatshouldireadnextpodcast.com to find out more. Jargon alert. Administrator is one of the highest levels of access you can have to a computer. A domain...

That's a group of computers that perform functions together or are overseen by the same administrator. A skeleton key? That's just regular old very bad news. One thing we noticed was how they were able to inject a skeleton key. The hackers were able to basically put in like a default sort of account where if your password didn't match one of the known ones, but if it was this secret default one, that allowed you access administrator level to other computers on this domain.

By sneaking a secondary full-back password into the system, the hackers could freely log on and move around the network. They didn't need to hack every single machine. They simply added a master password that unlocked everything. So in this moment, the hacker can use any account with a password to login any system in your domain. Think about that. Any account. The hackers now had free run of the network

they could move over to more important endpoints as if they had a master key at a hotel. And also make our investigation more difficult. This is not what you want to hear when you're suddenly tasked with protecting your country's most important industry. By CK's account, at least seven of the semiconductor companies in Taiwan saw attacks around this time.

For a sense of scale, Taiwan's top producer of semiconductors alone is estimated to account for half of the global market. The sector generates over $12 billion a year in Taiwan. Right now, in 2021, there's already a global chip shortage thanks to COVID-19's impact on production. President Biden was forced to hold crisis meetings with industry leaders to address the issue.

The situation is so bad, companies like Ford have had to suspend or reduce car production until the situation is resolved. Now imagine you could disrupt this industry on purpose. This cluster of attacks means there's a high likelihood of them being from the same group or organization. And they might have the keys to everything. Frustratingly, Chad and CK could only know the specifics of what happened to company A and company B

but it wasn't looking good. They discovered that the attackers encrypted some data from Company B before exfiltrating it. And that turned up another unusual clue. CK was able to reverse engineer the password they used and it was interesting, to say the least. Fuck Google.com. The expletive password was more than just a micro protest from the hackers. It was another vital clue.

CK had been monitoring some of the other attacks going on at the same time, where this same password had been spotted by other white hats. This is why they share their intel. Small details like this can make a difference. And the malware was hiding another secret. So we analyzed this malware and found the location and the authentication token to get into the Google Drive. An authentication token is exactly what it sounds like.

Think of it as a key or a backstage pass. And on this occasion, backstage is a folder online containing something that looks like an instruction manual. A Hacking 101. No spoilers, but as a reminder, in Taiwan they write using traditional Chinese characters.

That would indicate someone, most likely in mainland China. Okay, well it sounds like a fait accompli. Job done.

But before you jump to conclusions, don't forget what Chad said earlier about hackers sometimes leaving deliberate distractions, a false flag. Someone or some group could be setting the Chinese up. The attacker may fake themselves as a Chinese and launch a laser attack. You might be thinking, why does that have to be the government? Couldn't it just be a group of civilians using Chinese characters? It could.

In fact, the actual hackers are almost certainly not government employees.

Not officially, at least. Inside of not just China, but inside of many countries, you have all different types of threat actors and they're based off of their sponsorship and their purpose. So there are definitely ones that are government run and then there are ones that are like quasi government run. So you see a lot of people that might get trained through the government, but then they move on to a private criminal organization. So they bring with them their techniques or other teammates. They have sort of their own LinkedIn for this sort of thing.

Yes, it's 2021. So of course there's the LinkedIn for quasi-government sponsored hacking groups. The problem is, they're often loosely organized, nebulous, and operate entirely in the shadows. But there are some groups that are well known in cybersecurity circles. You've maybe heard of Anonymous. But what about APT41, sometimes known as Winty? Winty isn't as well known in the civilian world.

But it's a group that's generally feared in cybersecurity circles. Highly skilled, well-resourced, and crucially for Chad and CK, based in China. In this Winti group, it's not like one monolithic group, but it's probably a lot of subgroups with different objectives and teams and members are possibly shared or techniques are possibly shared. So in this group, they may have some specialization of the works.

Like any profession, hackers find their own specialization. Maybe you're a pro at developing malware. Or perhaps your skills are finding ways into a network. So that's why they write notes to each other and pass them to each other so they know how to operate their own tools. This is where things get complicated. Governments can be held accountable. Rogue hacking groups? Not so much. Conversely, Chad and CK don't have the benefit of being anonymous.

especially because both of them are often quoted in the media suggesting a threat is coming from China. Despite all their clues and suspicions, it's just too much of a gamble to firmly pin this attack on their neighboring giant. The risk is simply too high.

I would definitely not feel safe traveling to Hong Kong. You know, like right now, I used to go to Hong Kong all the time. Like there's pretty, like I'm quoted in Wired magazine as being like, oh yeah, this is, you know, highly likely to be, you know, coming from China. And it's like, yeah, I pretty much guarantee that if I were to go somewhere in China, like you would not hear from me again. I like Hong Kong, but I think it's hard to go to Hong Kong in the future. Thanks to their proactive work with Company A,

Chad and CK were able to apply the same techniques to neutralize the threat on Company B. That, after all, is their more immediate objective. The long breach might have been a disaster for the client, but it provided vital clues about the perpetrators that can be shared with fellow White Hats and provided copies of the malicious tools that can now be dissected, reverse engineered to help prevent future attacks should our mysterious hackers return.

Now it's a cleanup job. One thing we do is that we put agents on all of their machines that kind of record activity and do analysis and stuff like that. And then after we say, hey, do everything to clean it out, we'll rerun an analysis to make sure that we have actually cleaned everything out. Once that's fully done, then we'll also give policy recommendations to the organization saying, okay, well, we give them full attack paths and storylines of everything that happened. While our duo's immediate involvement in this hack had come to an end,

There was a small inbuilt problem. White Hat hackers rely on sharing solutions, but that means the criminal gangs also received a nice performance review, one they can use to patch any flaws in their attack.

The race never ends. So when we publish some new defense mechanism, new detection mechanism, the attacker will try to bypass this mechanism. Once we start to publish this information out there and other groups start to track this organization and then also track its behavior and stuff like that, we're able to see similar attacks happening in Europe. And this really does fit the sort of model that we've been seeing over the past several years of certain threat actors in our region, maybe from China, will try to attack here in Taiwan first.

And then once they feel that, you know, to achieve some level of success with that, they'll move that over to Europe or elsewhere. They might have been able to prevent a full attack on Company A and spared Company B from further damage. But it's a short-lived victory. A frustrating reality for Chad and CK is that they may never really know whether the attack is over or not.

These super high level attacks are very rare, speaking based on percentage of attacks. If it wasn't that way, then we wouldn't be able to have our modern economy right now. We don't get a notification from a hacker group saying, hey guys, we've stopped. They're not that cordial, I guess. So we don't, we just keep observing, we keep defending, we have to keep going because we really don't know what the final motive or destination or whatever this hacker group is trying to do. You also always kind of question, did I do the work right? It's not so scientific in terms of I can't go out there and get the,

based truth all the time. You can go up there and go, "Oh, it is really exactly this." So when you put it out there and then you find other people are corroborating with your analysis, you're seeing the same thing out there in the world. I think that's really fortuitous. In late 2020, news reports emerged about another round of attacks on the island. Taiwan's Bureau of Investigation, Cybersecurity Investigation Office, reported to media that it suspected two well-known Chinese hacking groups were able to infiltrate various government departments

with as many as 6,000 official email accounts compromised. Soon after, Psycraft published a report on its block. The company's own investigations spotted something worrying about the new hacks: the return of the skeleton key technique. As Chad and CK rightly predicted, it looks like the same attackers are back at it. All our spies can do for now, though, is keep a watchful eye and batten down the virtual hatches.

If there's a silver lining here for Chad, CK and the Silent T behind them at least, it's that this is all very good for business.

It's so satisfying when you are able to do something like an attribution, or especially if you've looked at something and you go back over, you go, wait a second. Oh, there's this one other section. Now this links back and, you know, you can figure out that it came from somewhere, has an association with something. That's really exciting for us because it makes something a lot more real. So I think that that's what we need to look at is what's going to be the next mutation on it. And then where can you go from there? I'm Vanessa Kirby. Join us next week for another Brush with True Spies.

Americans love using their credit cards, the most secure and hassle-free way to pay. But D.C. politicians want to change that with the Durbin-Marshall credit card bill. This bill lets corporate megastores pick how your credit card is processed, allowing them to use untested payment networks that jeopardize your data security and rewards. Corporate megastores will make more money, and you pay the price. Tell Congress to guard your card.

Because Americans lose when politicians choose. Learn more at GuardYourCard.com.