[Script Info] Title: [Events] Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text Dialogue: 0,0:00:17.16,0:00:26.22,Default,,0000,0000,0000,,There's a long way from Argentina.\NArgentine, Argentine to Prague to Leipzig. Dialogue: 0,0:00:27.42,0:00:33.12,Default,,0000,0000,0000,,These two young researchers, security\Nresearchers, the lady and the gentleman, Dialogue: 0,0:00:38.16,0:00:46.02,Default,,0000,0000,0000,,Veronica and Sebastian are here to tell us\Nsomething about Emergency VPNs, virtual Dialogue: 0,0:00:46.02,0:00:54.36,Default,,0000,0000,0000,,private networks, analyzing mobile network\Ntraffic to detect digital threats. And I'm Dialogue: 0,0:00:54.36,0:00:59.46,Default,,0000,0000,0000,,quite convinced you're going to have a\Ngood time. You're welcome to have a big Dialogue: 0,0:00:59.46,0:01:08.82,Default,,0000,0000,0000,,hand for Veronica and Sebastian. Thank\Nyou. Thank you. OK, thank you, everyone Dialogue: 0,0:01:08.82,0:01:15.36,Default,,0000,0000,0000,,for coming here. My name is Veronica\NValera's. I'm a researcher with the Czech Dialogue: 0,0:01:15.36,0:01:19.80,Default,,0000,0000,0000,,Technical University in Prague. Currently,\NI'm the project leader of the Civilsphere Dialogue: 0,0:01:19.80,0:01:25.20,Default,,0000,0000,0000,,Project, and Sebastian Garcia, the\Ndirector of the Civilsphere Project in the Dialogue: 0,0:01:25.20,0:01:31.14,Default,,0000,0000,0000,,Czech Technical University in Prague. The\Nproject is is part of the Stratosphere Dialogue: 0,0:01:31.14,0:01:36.96,Default,,0000,0000,0000,,Laboratory in the university. The main\Npurpose is to provide free services and Dialogue: 0,0:01:36.96,0:01:43.02,Default,,0000,0000,0000,,tools to help the civil society protect\Nthem and help me then help them identify Dialogue: 0,0:01:43.80,0:01:55.35,Default,,0000,0000,0000,,targeted digital attacks. So Maati Monjib.\NHe's a Moroccan historian. He's the co- Dialogue: 0,0:01:55.35,0:02:02.64,Default,,0000,0000,0000,,founder of the Moroccan Association of\NIndependent Journalism. He was denouncing Dialogue: 0,0:02:02.64,0:02:08.04,Default,,0000,0000,0000,,some misbehavior of his government, and\Nbecause of that, he was targeted with Dialogue: 0,0:02:08.04,0:02:21.30,Default,,0000,0000,0000,,spyware. Around 2015. Alberto Nisman was a\Nlawyer in Argentina, he - he died. He was Dialogue: 0,0:02:21.30,0:02:26.94,Default,,0000,0000,0000,,until the moment of his death, the lead\Ninvestigator in the terrorist attack of Dialogue: 0,0:02:26.94,0:02:36.12,Default,,0000,0000,0000,,1994 that happened in Buenos Aires. It was\Na sad incident that may have been covered Dialogue: 0,0:02:36.12,0:02:42.60,Default,,0000,0000,0000,,up by the government. And after his death,\Nthe researchers found traces of a spyware Dialogue: 0,0:02:42.60,0:02:51.30,Default,,0000,0000,0000,,in his mobile phone allegedly installed by\Nthe government to spy on him. Ahmed Dialogue: 0,0:02:51.30,0:03:03.12,Default,,0000,0000,0000,,Mansoor. He's an activist from the UAE.\NHe's also a human rights defendant. He Dialogue: 0,0:03:03.12,0:03:07.74,Default,,0000,0000,0000,,also denounces misbehaviors of his\Ngovernment, and because of that, his Dialogue: 0,0:03:07.74,0:03:13.92,Default,,0000,0000,0000,,government targeted him repeatedly with\Ndifferent type of spyware from different Dialogue: 0,0:03:13.92,0:03:23.70,Default,,0000,0000,0000,,places. Right now, he's in jail. He he's\Nbeen there for almost two years, and he Dialogue: 0,0:03:23.70,0:03:29.10,Default,,0000,0000,0000,,barely survived there for more than 40\Ndays hunger strike. He did complain about Dialogue: 0,0:03:29.10,0:03:36.84,Default,,0000,0000,0000,,the prison conditions. Simón Barquera.\NMaybe you can check the slides. They are Dialogue: 0,0:03:36.84,0:03:45.72,Default,,0000,0000,0000,,not. Simón Barquera is a researcher, food\Nscientist from Mexico. He is a weird case Dialogue: 0,0:03:45.72,0:03:52.32,Default,,0000,0000,0000,,because it's not very clear why he was\Ntargeted. The Mexican government targeted Dialogue: 0,0:03:52.32,0:04:01.44,Default,,0000,0000,0000,,him and his colleagues with also spyware.\NKarla Salas she's a she's a lawyer from Dialogue: 0,0:04:01.44,0:04:07.44,Default,,0000,0000,0000,,Mexico as well. She's representing and\Ninvestigating the murder of a group of Dialogue: 0,0:04:08.16,0:04:14.64,Default,,0000,0000,0000,,human rights defendants that were murdered\Nin Mexico. She and her colleagues were Dialogue: 0,0:04:14.64,0:04:22.20,Default,,0000,0000,0000,,targeted by the Mexican government with\Nthe NSOs Pegasus spyware. Griselda Triana, Dialogue: 0,0:04:22.20,0:04:27.12,Default,,0000,0000,0000,,she's a widow. Her husband was a\Njournalist from Mexico covering drug Dialogue: 0,0:04:27.12,0:04:34.32,Default,,0000,0000,0000,,cartel activities and organized crime in\NSinaloa, Culiacán, Mexico. She was Dialogue: 0,0:04:34.32,0:04:38.58,Default,,0000,0000,0000,,targeted by the Mexican government with\Nspyware. Few days after her husband's Dialogue: 0,0:04:38.58,0:04:47.34,Default,,0000,0000,0000,,death, and we don't understand exactly\Nwhy. His, her husband's computer and Dialogue: 0,0:04:47.34,0:04:54.30,Default,,0000,0000,0000,,laptop were taken away when he was\Nmurdered, so there was no known reason why Dialogue: 0,0:04:54.30,0:05:01.50,Default,,0000,0000,0000,,she was targeted. Emilio Aristegui, he's\Nthe son of a lawyer, he is a minor, and he Dialogue: 0,0:05:01.50,0:05:06.42,Default,,0000,0000,0000,,was targeted. His phone was targeted by\Nthe Mexican government with spyware to spy Dialogue: 0,0:05:06.42,0:05:12.78,Default,,0000,0000,0000,,on his mother and that she was a lawyer\Ninvestigating some cases. So these are Dialogue: 0,0:05:12.78,0:05:20.76,Default,,0000,0000,0000,,only a few cases of the dozens of hundreds\Nof cases where government use surveillance Dialogue: 0,0:05:20.76,0:05:26.04,Default,,0000,0000,0000,,technology to spy on people. But not only\Ncivil society defendants, but also Dialogue: 0,0:05:26.04,0:05:32.76,Default,,0000,0000,0000,,civilians like this kid. And the common\Ncase among all this is that their mobile Dialogue: 0,0:05:32.76,0:05:37.68,Default,,0000,0000,0000,,phones were targeted. And there is a\Nsimple explanation for that. We take our Dialogue: 0,0:05:37.68,0:05:42.06,Default,,0000,0000,0000,,mobile phones with us everywhere we use\Nthem. These we don't take computers Dialogue: 0,0:05:42.06,0:05:46.86,Default,,0000,0000,0000,,anymore. When we are in the front line in\NSyria covering war, we regard the videos Dialogue: 0,0:05:46.86,0:05:52.02,Default,,0000,0000,0000,,with our phones. We send messages that we\Nare still alive with our phones. We Dialogue: 0,0:05:52.02,0:05:57.30,Default,,0000,0000,0000,,cannot. When we are working on this field,\Nwe don't know. We cannot not use the Dialogue: 0,0:05:57.30,0:06:02.82,Default,,0000,0000,0000,,mobile phones. So they have photos, they\Nhave documents, they have location, they Dialogue: 0,0:06:02.82,0:06:12.90,Default,,0000,0000,0000,,have everything. This is perfect for\Nspying on someone. So, it is a fact that Dialogue: 0,0:06:12.90,0:06:17.46,Default,,0000,0000,0000,,governments are using the spyware as a\Nsurveillance technology not only to Dialogue: 0,0:06:17.46,0:06:25.20,Default,,0000,0000,0000,,surveil, but also to abuse, to imprison,\Nto sometimes to kill people. And we know Dialogue: 0,0:06:25.20,0:06:29.94,Default,,0000,0000,0000,,that they are governments because the\Ntechnology that they are using like, for Dialogue: 0,0:06:29.94,0:06:35.70,Default,,0000,0000,0000,,example, the Pegasus software by the\NIsraeli company NSO. They can only be Dialogue: 0,0:06:35.70,0:06:43.80,Default,,0000,0000,0000,,purchased by governments. So we know they\Nare doing this. So these tools are also Dialogue: 0,0:06:43.80,0:06:49.62,Default,,0000,0000,0000,,cheap, easy to use, cheap for them, right?\NEasy to use. They can be used multiple Dialogue: 0,0:06:49.62,0:06:56.52,Default,,0000,0000,0000,,times all the times they want. Sometimes\Nthey they cannot be traced back to their Dialogue: 0,0:06:56.52,0:07:00.90,Default,,0000,0000,0000,,sources. It's not that easy. So you find\Nan infection and it's hard to know who is Dialogue: 0,0:07:00.90,0:07:09.66,Default,,0000,0000,0000,,behind it. So for them it's a perfect\Ntool. So what can what can we do if we Dialogue: 0,0:07:09.66,0:07:14.82,Default,,0000,0000,0000,,think our mobile is compromised? There are\Nseveral things we can do. For instance, we Dialogue: 0,0:07:14.82,0:07:20.88,Default,,0000,0000,0000,,can do, our forensic analysis. It's costly\Nbecause it takes a lot of time. We need to Dialogue: 0,0:07:20.88,0:07:25.92,Default,,0000,0000,0000,,go on the phone to check the files, to try\Nto see if there is any sign of infections. Dialogue: 0,0:07:27.06,0:07:34.08,Default,,0000,0000,0000,,And sometimes this also involves like\Nsending our phone to somewhere to analyze. Dialogue: 0,0:07:34.08,0:07:39.00,Default,,0000,0000,0000,,And in the meantime, what are we going to\Nuse? It's not very clear. We can factory Dialogue: 0,0:07:39.00,0:07:45.18,Default,,0000,0000,0000,,reset our phone. It might work sometimes,\Nsometimes not. And it's costly. Sometimes Dialogue: 0,0:07:45.18,0:07:51.00,Default,,0000,0000,0000,,we lose data. We can change phones which\Nis a simple solution. We just drop it to Dialogue: 0,0:07:51.00,0:07:56.16,Default,,0000,0000,0000,,trash. We pick another one. But how many\Nof us can afford to do these, like maybe Dialogue: 0,0:07:56.16,0:08:01.26,Default,,0000,0000,0000,,three or four times a year? It's very\Nexpensive. But we can also do traffic Dialogue: 0,0:08:01.26,0:08:05.94,Default,,0000,0000,0000,,analysis. That means work on the\Nassumption that the malware that is Dialogue: 0,0:08:05.94,0:08:10.38,Default,,0000,0000,0000,,infecting our phones will try to steal\Ninformation from our phones and send it Dialogue: 0,0:08:10.38,0:08:17.58,Default,,0000,0000,0000,,somewhere. The sending of data will happen\Nover the internet because that's cheap so Dialogue: 0,0:08:17.58,0:08:24.66,Default,,0000,0000,0000,,that communication we can see and\Nhopefully we can identify it. So how can Dialogue: 0,0:08:24.66,0:08:30.12,Default,,0000,0000,0000,,we know? How can we know if our phone\Nright now is at risk? Imagine that you're Dialogue: 0,0:08:30.12,0:08:35.70,Default,,0000,0000,0000,,crossing a border. Someone from the police\Ntakes your phone, then gives back to you. Dialogue: 0,0:08:35.70,0:08:41.23,Default,,0000,0000,0000,,Everything is fine. How can you know if\Nit's not compromised? So this is where in Dialogue: 0,0:08:41.23,0:08:50.04,Default,,0000,0000,0000,,Civilsphere we start thinking, which is\Nthe simplest way we can go there and help Dialogue: 0,0:08:50.04,0:08:55.71,Default,,0000,0000,0000,,these people, which is the simplest way we\Ncan go and check those phones in the field Dialogue: 0,0:08:55.71,0:09:01.05,Default,,0000,0000,0000,,while this is happening and we came up\Nwith an Emergency VNP. So the Emergency Dialogue: 0,0:09:01.05,0:09:06.50,Default,,0000,0000,0000,,VPN is the service that we are providing\Nusing OpenVPN, this free tool that you Dialogue: 0,0:09:06.50,0:09:11.42,Default,,0000,0000,0000,,know that you install in your phone. And\Nfrom these, we are sending the traffic Dialogue: 0,0:09:11.42,0:09:15.78,Default,,0000,0000,0000,,from their phones to their university\Nservers or the servers are in our office Dialogue: 0,0:09:15.78,0:09:20.79,Default,,0000,0000,0000,,and then to the internet and back. So we\Nhave normal internet. And we are capturing Dialogue: 0,0:09:20.79,0:09:25.08,Default,,0000,0000,0000,,all your traffic. We store in there. What\Nwe are doing with these? Well, we have our Dialogue: 0,0:09:25.08,0:09:29.66,Default,,0000,0000,0000,,security analysts looking at this traffic,\Nfinding infection, finding that out, using Dialogue: 0,0:09:29.66,0:09:34.20,Default,,0000,0000,0000,,our tools, using our expertize threat\Nintelligence, threat hunting, handling Dialogue: 0,0:09:34.20,0:09:38.64,Default,,0000,0000,0000,,whatever we can and see everything in\Nthere and then reporting back to you say, Dialogue: 0,0:09:38.64,0:09:42.71,Default,,0000,0000,0000,,Hey, you're safe, it's OK. Or, Hey, there\Nis something going on with your phone, Dialogue: 0,0:09:42.71,0:09:46.98,Default,,0000,0000,0000,,uninstall these applications or actually\Nchange phones. We are from time to time Dialogue: 0,0:09:46.98,0:09:51.81,Default,,0000,0000,0000,,suggesting stop using that phone right\Nnow. I don't know what you are doing, but Dialogue: 0,0:09:51.81,0:09:55.87,Default,,0000,0000,0000,,this is something you should stop. So we\Nare having experts looking at this Dialogue: 0,0:09:55.87,0:09:59.78,Default,,0000,0000,0000,,traffic. Also, we have the tools and\Neverything we do in there is free software Dialogue: 0,0:09:59.78,0:10:04.61,Default,,0000,0000,0000,,because we need these to be open for the\Ncommunity. So how does it work? This is a Dialogue: 0,0:10:04.61,0:10:09.38,Default,,0000,0000,0000,,schema of the Emergency VPN. You have your\Nphone on in the situation. Like Veronica Dialogue: 0,0:10:09.38,0:10:13.35,Default,,0000,0000,0000,,was saying, you are at risk and you say\Nright now I'm crossing the border, I'm Dialogue: 0,0:10:13.35,0:10:17.99,Default,,0000,0000,0000,,going to a country that I don't know. I\Nsuspect I might be targeted. In that Dialogue: 0,0:10:17.99,0:10:22.68,Default,,0000,0000,0000,,moment, you send an email to a special\Nemail address that - the address is not Dialogue: 0,0:10:22.68,0:10:27.09,Default,,0000,0000,0000,,here because we cannot afford right now\Neveryone using the Emergency VPN, because Dialogue: 0,0:10:27.09,0:10:31.53,Default,,0000,0000,0000,,we have humans checking the traffic. So we\Nwill give you later the address if you Dialogue: 0,0:10:31.53,0:10:37.02,Default,,0000,0000,0000,,need it, but you send an email to say,\NHey, help automatically. We check these Dialogue: 0,0:10:37.02,0:10:43.95,Default,,0000,0000,0000,,email, we create an OpenVPN profile for\Nyou. We open this for you and we send by Dialogue: 0,0:10:43.95,0:10:49.36,Default,,0000,0000,0000,,email the profile. So you click on the\Nprofile. You have the open VPN installed Dialogue: 0,0:10:49.36,0:10:53.59,Default,,0000,0000,0000,,or you can install the additional one. And\Nfrom that moment, your phone is sending Dialogue: 0,0:10:53.59,0:10:58.31,Default,,0000,0000,0000,,all your traffic to the university to the\Ninternet maximum three days. We stop it Dialogue: 0,0:10:58.31,0:11:03.00,Default,,0000,0000,0000,,there automatically and then we create the\NPCAP-file where the analysts are going Dialogue: 0,0:11:03.00,0:11:08.04,Default,,0000,0000,0000,,there and checking what's going on with\Nyour traffic. After this, we create a Dialogue: 0,0:11:08.04,0:11:14.13,Default,,0000,0000,0000,,report that is being sent to you back by\Nemail. OK, so this is the core operation Dialogue: 0,0:11:14.13,0:11:19.36,Default,,0000,0000,0000,,like 90 percent of the magic of the\NEmergency VPN. So advantages of this Dialogue: 0,0:11:19.36,0:11:25.08,Default,,0000,0000,0000,,approach? Well, the first one is that this\Nis giving you an immediate analysis of the Dialogue: 0,0:11:25.08,0:11:30.16,Default,,0000,0000,0000,,traffic of your phone, wherever you are.\NThis is in the moment you need it and then Dialogue: 0,0:11:30.16,0:11:35.06,Default,,0000,0000,0000,,you can see what your phone is doing or\Nnot doing right. Secondly, here is that we Dialogue: 0,0:11:35.06,0:11:38.92,Default,,0000,0000,0000,,have the technology. We have the\Nexpertize. Our threat hunter, threat Dialogue: 0,0:11:38.92,0:11:43.05,Default,,0000,0000,0000,,intelligence people. We have tools. We are\Ndoing machine learning also in the Dialogue: 0,0:11:43.05,0:11:46.89,Default,,0000,0000,0000,,university. So we have methods for\Nanalyzing the behavior of encrypted Dialogue: 0,0:11:46.89,0:11:51.76,Default,,0000,0000,0000,,traffic. We do not open the traffic, but\Nwe can analyze this also. So we took all Dialogue: 0,0:11:51.76,0:11:56.51,Default,,0000,0000,0000,,the tools we can to help the civil\Nsociety. Then we have the anonymity. We Dialogue: 0,0:11:56.51,0:12:01.24,Default,,0000,0000,0000,,want this to be as anonymous as possible,\Nwhich means we only know one email Dialogue: 0,0:12:01.24,0:12:06.31,Default,,0000,0000,0000,,address, the one used to send us an email.\NAnd that's it. It doesn't even need to be Dialogue: 0,0:12:06.31,0:12:11.01,Default,,0000,0000,0000,,your real email. We don't care, right?\NMoreover, this email address is only known Dialogue: 0,0:12:11.01,0:12:16.32,Default,,0000,0000,0000,,to the manager of the project. The people\Nanalyzing the traffic do not have this Dialogue: 0,0:12:16.32,0:12:20.55,Default,,0000,0000,0000,,information. After that, they send the\Nreport back to the email address and that Dialogue: 0,0:12:20.55,0:12:25.58,Default,,0000,0000,0000,,say we did a pcap, and that's all we know.\NOf course, if your phone is leaking data, Dialogue: 0,0:12:25.58,0:12:31.09,Default,,0000,0000,0000,,which probably is, we see this information\Nbecause this is for the whole purpose of Dialogue: 0,0:12:31.09,0:12:35.67,Default,,0000,0000,0000,,the system, right? Then we have our\Ncontinuous research. We had a university Dialogue: 0,0:12:35.67,0:12:40.09,Default,,0000,0000,0000,,project like almost 30 people here. So we\Nare doing new research, new methods, new Dialogue: 0,0:12:40.09,0:12:44.23,Default,,0000,0000,0000,,tools, open source. We are applying,\Nchecking, researching and publishing Dialogue: 0,0:12:44.23,0:12:49.44,Default,,0000,0000,0000,,research, continually moving at last. This\Nis the best way to have a report back to Dialogue: 0,0:12:49.44,0:12:54.80,Default,,0000,0000,0000,,you in your phone saying if you are\Ninfected or not. OK, so some insights from Dialogue: 0,0:12:54.80,0:13:01.35,Default,,0000,0000,0000,,the Emergency VPN. The first one is this\Nis active since mid-2018. We analyzed 111 Dialogue: 0,0:13:01.35,0:13:06.93,Default,,0000,0000,0000,,cases, roughly maybe a little bit more 60\Npercent of our Android devices here. We Dialogue: 0,0:13:06.93,0:13:11.90,Default,,0000,0000,0000,,can talk about that, but it's well known\Nthat a lot of people at risk cannot afford Dialogue: 0,0:13:11.90,0:13:17.11,Default,,0000,0000,0000,,very expensive phones, which is also\Nimpacting their security. Eighty two Dialogue: 0,0:13:17.11,0:13:24.32,Default,,0000,0000,0000,,gigabytes of traffic. 3200 hours of humans\Nanalyzing this, which is huge and most Dialogue: 0,0:13:24.32,0:13:31.06,Default,,0000,0000,0000,,importantly, 95% of whatever we found\Nthere. It's because of normal applications Dialogue: 0,0:13:31.06,0:13:37.28,Default,,0000,0000,0000,,like the applications you have right now\Nin your phone in this moment. And this is Dialogue: 0,0:13:37.28,0:13:43.82,Default,,0000,0000,0000,,a huge issue. The most common issues,\Nright, that we found, and we cannot say Dialogue: 0,0:13:43.82,0:13:51.01,Default,,0000,0000,0000,,this enough. Geolocation is an issue. Like\Nonly three phones ever were not leaking Dialogue: 0,0:13:51.01,0:13:57.34,Default,,0000,0000,0000,,geolocation. So the rest of the phones are\Nleaking like weather applications, like Dialogue: 0,0:13:57.34,0:14:02.13,Default,,0000,0000,0000,,dating applications , to buy staff,\Ntransport applications like a lot of Dialogue: 0,0:14:02.13,0:14:07.80,Default,,0000,0000,0000,,applications, are leaking these. Most are\Nleaking these in encrypted form. A lot of Dialogue: 0,0:14:07.80,0:14:12.93,Default,,0000,0000,0000,,them are leaking these unencrypted, which\Nmeans that not only we can see that, but Dialogue: 0,0:14:12.93,0:14:18.35,Default,,0000,0000,0000,,the people in your WiFi, your government,\Nthe police, whoever has access to this Dialogue: 0,0:14:18.35,0:14:23.49,Default,,0000,0000,0000,,traffic can see your position almost in\Nreal time. Which means that if the Dialogue: 0,0:14:23.49,0:14:29.07,Default,,0000,0000,0000,,government wants to know where you are,\Nthey do not need to infect you. It's much Dialogue: 0,0:14:29.07,0:14:33.90,Default,,0000,0000,0000,,easier to go to a telco provider. They\Nlook at your traffic and see that you are Dialogue: 0,0:14:33.90,0:14:37.60,Default,,0000,0000,0000,,leaking your location of all over the\Nplace. We know that this is because of Dialogue: 0,0:14:37.60,0:14:41.85,Default,,0000,0000,0000,,advertising and marketing. The people are\Nselling this information a lot. Be very Dialogue: 0,0:14:41.85,0:14:46.41,Default,,0000,0000,0000,,careful with which application you have,\Nand this is the third point is secured Dialogue: 0,0:14:46.41,0:14:51.08,Default,,0000,0000,0000,,applications are a real hazard for you.\NMaybe you need two phones like your Dialogue: 0,0:14:51.08,0:14:55.92,Default,,0000,0000,0000,,professional phones and your everyday life\Nphone. We don't know what the problem Dialogue: 0,0:14:55.92,0:15:00.60,Default,,0000,0000,0000,,usually comes for the applications that\Nyou're installing, just because, right, Dialogue: 0,0:15:00.60,0:15:05.55,Default,,0000,0000,0000,,these applications are leaking so much\Ndata like your email, your name, your Dialogue: 0,0:15:05.55,0:15:11.19,Default,,0000,0000,0000,,phone number, credit cards, user behavior,\Nyour preferences if you are dating or not. Dialogue: 0,0:15:11.19,0:15:17.05,Default,,0000,0000,0000,,If you are buying and where you're buying,\Nwhich transports you are taking which seat Dialogue: 0,0:15:17.05,0:15:22.88,Default,,0000,0000,0000,,you're taking the bus. So a lot of\Ninformation really, really being believe-I Dialogue: 0,0:15:22.88,0:15:28.03,Default,,0000,0000,0000,,believe us here. Alas, the email and the\Nemcee that these two identifiers of the Dialogue: 0,0:15:28.03,0:15:32.01,Default,,0000,0000,0000,,phone are usually leaked by the\Napplications. We don't know why. And this Dialogue: 0,0:15:32.01,0:15:37.32,Default,,0000,0000,0000,,is very dangerous because identifies your\Nphone uniquely OK. From the point of view Dialogue: 0,0:15:37.32,0:15:42.54,Default,,0000,0000,0000,,of the important cases, there are two\Nthings that we want to say. The first one Dialogue: 0,0:15:42.54,0:15:47.64,Default,,0000,0000,0000,,is that we found trojans here that are\Ninfecting your phones, but none of these Dialogue: 0,0:15:47.64,0:15:53.58,Default,,0000,0000,0000,,trojans were actually targeted. Trojans\Nlike trojans for you. They were like, Dialogue: 0,0:15:53.58,0:15:58.94,Default,,0000,0000,0000,,Let's call normal trojans. So this is a\Nthing. And the second one is malicious Dialogue: 0,0:15:58.94,0:16:03.30,Default,,0000,0000,0000,,files. A lot of phones are doing this\Npeer-to-peer file sharing thing. Even if Dialogue: 0,0:16:03.30,0:16:07.47,Default,,0000,0000,0000,,you don't know some applications. I'm not\Ngoing to give you names, but they're doing Dialogue: 0,0:16:07.47,0:16:11.42,Default,,0000,0000,0000,,this peer-to-peer file sharing, even if\Nyou don't know and they were malicious Dialogue: 0,0:16:11.42,0:16:17.75,Default,,0000,0000,0000,,files going over the wire there. However,\Nwhy is it that after a year or something Dialogue: 0,0:16:17.75,0:16:25.16,Default,,0000,0000,0000,,of analysis after 111 cases analyze, we\Ndid not found any targeted attack? Why? Dialogue: 0,0:16:25.16,0:16:34.52,Default,,0000,0000,0000,,Why this is the case? I mean, the answer?\NThe answer is simple. No. Yes. The answer Dialogue: 0,0:16:34.52,0:16:43.93,Default,,0000,0000,0000,,is simple. The Emergency VPN works for\Nthree days maximum, so it's not about Dialogue: 0,0:16:43.93,0:16:49.91,Default,,0000,0000,0000,,reaching the right people, but reaching\Nthe right people at the right time. Like, Dialogue: 0,0:16:49.91,0:16:55.69,Default,,0000,0000,0000,,if we take three days before the incident,\Nwe might not see it. If we check three Dialogue: 0,0:16:55.69,0:17:02.06,Default,,0000,0000,0000,,days later, we might not see it. So right\Nnow, we we need your help. Reaching the Dialogue: 0,0:17:02.06,0:17:09.36,Default,,0000,0000,0000,,right population is very important because\Nwe need people to know that these services Dialogue: 0,0:17:09.36,0:17:15.09,Default,,0000,0000,0000,,exist and it's always tricky. If we tell\Nyou, Hey, connect, here we are going to Dialogue: 0,0:17:15.09,0:17:19.96,Default,,0000,0000,0000,,see all your traffic is like, Are you\Ninsane? Why? Why would I do that? However, Dialogue: 0,0:17:19.96,0:17:26.02,Default,,0000,0000,0000,,remember that the other options are not\Nvery cheap or easy or even feasible if you Dialogue: 0,0:17:26.02,0:17:31.95,Default,,0000,0000,0000,,are traveling, for example. And again, as\NSebastian said. Like, everything that goes Dialogue: 0,0:17:31.95,0:17:37.88,Default,,0000,0000,0000,,encrypted is called, We don't see it. We\Nare not doing man in the middle. If we see Dialogue: 0,0:17:37.88,0:17:44.77,Default,,0000,0000,0000,,anything, we see it because it's not\Nencrypted. So if you believe that you are Dialogue: 0,0:17:44.77,0:17:50.84,Default,,0000,0000,0000,,a people, a person that is at risk because\Nof the work you do or because of the type Dialogue: 0,0:17:50.84,0:17:55.37,Default,,0000,0000,0000,,of information or people that you help,\Nplease contact us. We are willing to Dialogue: 0,0:17:55.37,0:18:00.27,Default,,0000,0000,0000,,answer all the questions that you might\Nhave about data retention, how we handle Dialogue: 0,0:18:00.27,0:18:06.45,Default,,0000,0000,0000,,the data, how we store it, how we delete\Nit after how long, etc. And if you know Dialogue: 0,0:18:06.45,0:18:12.87,Default,,0000,0000,0000,,people that might be at risk because of\Nthe work they do, because the people they Dialogue: 0,0:18:12.87,0:18:18.35,Default,,0000,0000,0000,,protect, the people, they represent the\Ntype of investigation they do, please tell Dialogue: 0,0:18:18.35,0:18:23.70,Default,,0000,0000,0000,,them about the service. We, we can.\NContact us via email. As we say, the Dialogue: 0,0:18:23.70,0:18:29.13,Default,,0000,0000,0000,,information, how specifically do you see\Nit is not publicly available, available Dialogue: 0,0:18:29.13,0:18:34.40,Default,,0000,0000,0000,,because we cannot handle hundreds of cases\Nat the same time. However, if you think Dialogue: 0,0:18:34.40,0:18:40.72,Default,,0000,0000,0000,,you are a person at risk, we we will send\Nit to you right away. This is the contact Dialogue: 0,0:18:40.72,0:18:47.12,Default,,0000,0000,0000,,phone number we are in Telegram. Wire,\NSignal, WhatsApp, anything that you need Dialogue: 0,0:18:47.12,0:18:52.26,Default,,0000,0000,0000,,to to reach out and we will answer any\Nquestions. So we need to reach these Dialogue: 0,0:18:52.26,0:18:56.53,Default,,0000,0000,0000,,people. OK, so thank you very much and we\Nwill be around for the rest of the Dialogue: 0,0:18:56.53,0:19:00.64,Default,,0000,0000,0000,,congress. If you want to stop us, ask\Nquestions. Tell us something. If you need, Dialogue: 0,0:19:00.64,0:19:05.40,Default,,0000,0000,0000,,tell us about these two other people in\Nthe field that they needed. Trust is very Dialogue: 0,0:19:05.40,0:19:15.19,Default,,0000,0000,0000,,important here. And let us know. OK? Yes,\Nthank you. Thank you. OK. And as usual, we Dialogue: 0,0:19:15.19,0:19:24.49,Default,,0000,0000,0000,,will take questions from the public. There\Nare two microphones. Yes, go ahead. Talk Dialogue: 0,0:19:24.49,0:19:29.46,Default,,0000,0000,0000,,into the mick one sentence, please. Just a\Nquick. Thanks for your excellent service. Dialogue: 0,0:19:29.46,0:19:35.00,Default,,0000,0000,0000,,My question is how can you be sure that\Nall the traffic of a compromised phone is Dialogue: 0,0:19:35.00,0:19:41.69,Default,,0000,0000,0000,,run through your VPN? Mm-Hmm. So of course\Nwe cannot. We can't say that in our Dialogue: 0,0:19:41.69,0:19:48.17,Default,,0000,0000,0000,,experience, we never found or saw any\Nmalware that is trying to avoid the VPN in Dialogue: 0,0:19:48.17,0:19:53.45,Default,,0000,0000,0000,,the phone. So we rely on that. No, no\Nmalware or APT ever that we saw or known Dialogue: 0,0:19:53.45,0:19:58.43,Default,,0000,0000,0000,,about is actually trying to about the VPN\Nservice in some phones. I'm not sure if Dialogue: 0,0:19:58.43,0:20:02.53,Default,,0000,0000,0000,,you can avoid it. Maybe, yes, I don't\Nknow. In our experiments on trials with Dialogue: 0,0:20:02.53,0:20:06.10,Default,,0000,0000,0000,,different phones and tablets and\Neverything, all the traffic is going Dialogue: 0,0:20:06.10,0:20:11.91,Default,,0000,0000,0000,,through the VPN service, right? Because\Nlike a proxy in your phone? Yes. So if you Dialogue: 0,0:20:11.91,0:20:19.08,Default,,0000,0000,0000,,if you know, if any case. Yeah, we would\Nlove to know. We try. We we run a malware Dialogue: 0,0:20:19.08,0:20:24.42,Default,,0000,0000,0000,,laboratory and we run malware on phones\Nand computers to try to understand them. Dialogue: 0,0:20:24.42,0:20:28.56,Default,,0000,0000,0000,,And we have not encountered such a case.\NSMS, for example, we are not seeing. Dialogue: 0,0:20:28.56,0:20:33.03,Default,,0000,0000,0000,,Right? Yes. One more question, please.\NYeah. So you're running the net, you're Dialogue: 0,0:20:33.03,0:20:39.15,Default,,0000,0000,0000,,running the data through your network at\Nthe university. Do you have a like a lot Dialogue: 0,0:20:39.15,0:20:44.79,Default,,0000,0000,0000,,of exit IP numbers? Because, yes, a\Nmalware app could maybe identify it is Dialogue: 0,0:20:44.79,0:20:49.11,Default,,0000,0000,0000,,routing through you and decide not to act?\NYeah. So that's a good question actually. Dialogue: 0,0:20:49.11,0:20:54.30,Default,,0000,0000,0000,,In the university. We have a complete\Nclass public network. We have, of course, Dialogue: 0,0:20:54.30,0:20:58.44,Default,,0000,0000,0000,,agreements with the university to use part\Nof the IPs. So this is part of the Dialogue: 0,0:20:58.44,0:21:05.94,Default,,0000,0000,0000,,equation in the right, like any way we are\Ntaking precautions. But so far we did not Dialogue: 0,0:21:05.94,0:21:10.62,Default,,0000,0000,0000,,found anyone blocking or checking our IPs.\NSo we would say that it's true, right? Dialogue: 0,0:21:10.62,0:21:17.04,Default,,0000,0000,0000,,Yeah, we would say that if that happens,\Nwe would consider our project very Dialogue: 0,0:21:17.04,0:21:25.20,Default,,0000,0000,0000,,successful. We we haven't we haven't heard\Nof such a case yet. Thank you. OK. Let's Dialogue: 0,0:21:25.20,0:21:29.64,Default,,0000,0000,0000,,have a big hand final for Veronica and\NSebastian. Thank you very much.