skip navigation

More signal. Less noise.

Daily briefing.

The innocently named but criminally famous Russian Business Network appears to be up and operating in Sochi, reports Lookingglass.

Kaspersky has discovered and (along with others) analyzed a major cyber espionage campaign, "the Mask," or "Careto." The Mask targets sensitive data including "encryption and SSH keys and wiping and deleting other data on targeted machines." The Mask is unusual in several respects. It appears state-sponsored, possibly by the government of a Spanish-speaking nation. (But such linguistic clues must be treated as indicators, not decisive evidence.) It employs a remote-access Trojan distributed by infected email attachments. Its suite of tools includes Backdoor.WeevilB, a modular cyberespionage tool with multiple possible configurations. This prompts comparison to Duqu and Flame, but there's little to suggest the same actors are behind it. The Mask has operated against government, diplomatic, activist, private equity, and energy sector targets since 2007. Kaspersky believes the Mask has claimed at least 380 unique victims in 31 countries; it ceased operation recently, perhaps because its operators realized they'd been discovered.

Comcast has quietly advised customers to change passwords post-NullCrew hack.

Flappy Birds may be gone from legitimate sites—"too addictive," thought its creator—but addicts beware: Trojanized knock-offs remain freely available.

Microsoft's Patch Tuesday features two more fixes than expected: there are seven, not five. The Tor Project releases an updated browser.

The European Union releases a feasibility study for a proposed cyber Early Warning and Response System (EWRS). The US DNI releases a list of permissible uses of signals intelligence.


Today's issue includes events affecting Algeria, Argentina, Australia, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, European Union, France, Germany, Gibraltar, Guatemala, Bailiwick of Guernsey, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Philippines, Poland, Romania, Russia, South Africa, Spain, Switzerland, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and Venezuela..

Cyber Attacks, Threats, and Vulnerabilities

Lookingglass Issues Special Alert Linking Major Cybercrime Organization to IT Infrastructure at Sochi (Lookingglass) Investigation reveals connection to Russian Business Network, a known reseller of stolen identities. Special Alert: We at Lookingglass are seeing significant new criminal activity positioned in the Sochi region of Russia. This is a serious threat. For those traveling to the area, be wary of using 4G or untrusted/unsecure wireless connections. Act with overall heightened awareness of cyber security risks. Be on the lookout for the following: strange emails, links, social engineering, Phishing, etc. Be extra protective of business and personal credentials and credit card information. Monitor for fraudulent charges to your credit cards as they may slip automated flags set up by your provider if you have notified them you are traveling to the region. Limit the use of network-connected devices such as smartphones and laptops, especially from accessing proprietary, financial, confidential or personal information. Consider cleaning devices of critical information prior to entering the region

Researchers Uncover 'The Mask' Global Cyber Spying Operation (Dark Reading) Rare Spanish-speaking cyberespionage campaign usurps Flame as most sophisticated spy attack to date

New 'Mask' APT Campaign Called Most Sophisticated Yet (Threatpost) A group of high-level, nation-state attackers has been targeting government agencies, embassies, diplomatic offices and energy companies with a cyber-espionage campaign for more than five years that researchers say is the most sophisticated APT operation they've seen to date. The attack, dubbed the Mask, or "Careto" (Spanish for "Ugly Face" or "Mask") includes a number of unique components and functionality and the group behind it has been stealing sensitive data such as encryption and SSH keys and wiping and deleting other data on targeted machines

The Mask (Symantec) Modern cyberespionage campaigns are regularly defined by their level of sophistication and professionalism. "The Mask", a cyberespionage group unveiled by Kaspersky earlier today, is no exception. Symantec's research into this group shows that The Mask has been in operation since 2007, using highly-sophisticated tools and techniques to compromise, monitor, and exfiltrate data from infected targets. The group uses high-end exploits and carefully crafted emails to lure unsuspecting victims. The Mask has payloads available for all major operating systems including Windows, Linux, and Macintosh

'Elite' hacking operation 'The Mask' targeted govts, diplomats for 7 years (Russia Today) Researchers recently detected a highly sophisticated cyber spying operation, active since 2007, that targeted governments, diplomats, and embassies before it was razed last month

Who's behind The Mask? A guide to the spyware-on-steroids bundle (Gigaom) According to Kaspersky Lab, a malware bundle dubbed "The Mask" was used to spy on government institutions, activists and energy companies across 31 countries for years. Here's what it did, and where it might have come from

The Careto/Mask APT: Frequently Asked Questions (SecureList) What exactly is Careto / "The Mask"? The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007

Infographic: The Mask malware victims (ZDNet) "The Mask" (aka Careto) cyber-espionage malware has claimed 380 unique victims between 1000 IPs in 31 countries, according to the Kaspersky Lab security research team

Botnet Malware Found Contaminating Linux, Mac OS X and Windows Systems, Reports Kaspersky (Spamfigher News) Penetration testing experts at Kaspersky recently discovered one botnet malware designed to contaminate computers with operating systems such as Windows, Linux or Mac OS X as the devices also run Java software of Oracle

'CoinThief' Mac Malware Steals Bitcoins From Your Wallet (CoinDesk) A Mac OS X trojan horse masquerading as a private bitcoin wallet app is responsible for "multiple" bitcoin thefts, according to Mac security researchers

Bitcoin Foundation, Mt. Gox spar over purported bug (C/Net) Mt. Gox, one of the largest Bitcoin exchanges in the world, claims that it has uncovered a bug that affects all transactions and needs to be addressed outside the scope of its own service. But the Bitcoin Foundation — the organization that ultimately manages the crypto-currency — sees things differently. On Friday, Mt. Gox suspended all Bitcoin withdrawals from its service, citing a glitch in the way the currency handles transactions paid out to digital wallets held by third parties'

Why hackers targeted social media sites of Dubai Police (The National) The group who hacked Dubai Police's social media pages on Sunday have claimed they did it to expose breaches of UAE citizens' privacy

Govt report: Cyberattacks not coordinated (AP via the Boston Herald) A multi-agency government task force looking into cyberattacks against retailers says it has not come across evidence suggesting the attacks are a coordinated campaign to adversely affect the U.S. economy

Target Breach Takeaway: Secure Your Remote Access (InformationWeek) Yes, attackers could use stolen credentials to get into your systems from a distance. But slamming the door is not the answer

Corporate hackers target the weakest link, the supply chain (Minneapolis Star Tribune) The cyber-thieves who hit Target Corp. took advantage of a widespread and often overlooked weakness in corporate information security: third-party computer connections that can create a virtual back door to customer information

Concerns Remain Whether Healthcare.Gov Site Is Secure (HealthTechZone) It now appears the U.S. Department of Health and Human Services (HHS) cannot find malicious software in computer networks used by the Affordable Care Act (Obamacare)

DTI-Davao cautions public vs cyber-attack (Davao Sun-Star) The regional office of the Department of Trade and Industry (DTI) in Davao Region cautioned the public on Monday against becoming a victim of cyber-attack

Flash bundled in the browser: Who owns the bugs? (ZDNet) Google Chrome and Microsoft Internet Explorer both bundle Adobe Flash Player. Is a vulnerability in Flash a vulnerability in the browser now

Windows XP lives on in ATMs. Crisis? (ZDNet) An ATM running an unpatched Windows XP is not like your kid's old laptop running XP. It's pretty heavily defended. And lots of new ATM and POS security features are coming in the next few years

Change your passwords: Comcast hushes, minimizes serious hack (ZDNet) Comcast took a page from Snapchat's playbook to hush and downplay NullCrew FTS' successful hack on dozens of Comcast's servers — from an unpatched, easy-to-fix vulnerability dated December 2013 — which most likely exposed customer data

Dynamic Detection of Malicious DDNS (Cisco Blogs) Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence playbook to detect attack pre-cursors and attacks in progress

Beware of Trojanized Flappy Bird game (Help Net Security) Trojanized versions of Flappy Bird, the mega-popular iPhone and Android game that has recently been pulled from Google Play and Apple's App Store by its creator, have begun popping up on third-party Android markets

Snapchat vulnerability can be exploited to crash iPhones, researcher says (IT World) A vulnerability in Snapchat allows attackers to launch denial-of-service attacks against users of the popular photo messaging app, causing their phones to become unresponsive and even crash

Managed TeamViewer based anti-forensics capable virtual machines offered as a service (Webroot Threat Blog) Operational Security (OPSEC) has always been an inseparable part of the cybercrime ecosystem, especially in the context of preventing law enforcement agencies from tracking down the activities of fraudulent and malicious adversaries online. Throughout the years, the industry has witnessed active utilization of malware-infected hosts (Socks4/Socks5) as anonymization 'stepping stones' and the use of cybercrime-friendly VPN providers, bypassing internationally accepted data retention regulations, as some of the primary anonymization tactics used by cybercriminals. Nowadays, this set of tactics has evolved into a diversified mix of legitimate and purely malicious infrastructure that provides value-added services such as APIs supporting Socks4/Socks5 services, DIY real-time

Easter Seals Data Breach Exposes 3,026 Kids' Health Records (eSecurity Planet) Names, birthdates, healthcare provider information, healthcare billing information and occupational therapy notes may have been accessed

Security Patches, Mitigations, and Software Updates

Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release (Microsoft Security Response Center) We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included in tomorrow's release

Tor Browser 3.5.2 is released (The Tor Project) The 3.5.2 release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory

Cyber Trends

Banking Cyber-Attack Trends to Watch (GovInfoSecurity) When it comes to cyberthreats, what are the major concerns for banking institutions in 2014? Distributed-denial-of-service attacks waged as a mode of distraction to perpetrate fraud across numerous banking channels are a growing threat. But financial institutions also are concerned about ransomware attacks designed to wage account takeover fraud, as well as mobile malware and insider threats

Governments unprepared for the impact of the big five IT trends (Help Net Security) A new MeriTalk study, underwritten by Brocade, examines how the implementation of the Big Five — data center consolidation, mobility, security, big data, and cloud computing — will affect state and local

Cyber Attacks — a serious threat that all businesses must take seriously (International Finance Centre-Guernsey) Business leaders attending the latest Guernsey IOD seminar heard that it isn't a question of if there is a cyber attack on their business, but when. The sell out event sponsored by JT was entitled: 'Cyber Risk — one of the biggest threats to business', and included expert panellists brought in from the UK, Jersey and Guernsey

EU frets over evolving cybercrime threat (UPI) The European Union said Monday it expects the threat from cybercriminals to evolve as Internet connectivity expands and changes globally

Bad behavior, not malware, puts more of your corporate data at risk (ZDNet) Personal cloud services, portable storage devices, and email are a company's worst enemies. Malware is much less of a problem than once thought

Verizon Report: Many Organizations Still Fall Short On PCI Compliance (Dark Reading) Ongoing PCI compliance is up, but many enterprises still aren't meeting requirements, Verizon study says


Lockheed Chief Sees Commercial Demand for Cybertechnology (Bloomberg) Lockheed Martin Corp. (LMT), the world's largest defense contractor, sees an expanding market for its cybersecurity products and services among companies in industries from energy to banking, Chairman and Chief Executive Officer Marillyn Hewson said

Gates muses on NSA, bitcoin, his new role at Microsoft (InfoWorld) During a Reddit online chat he also praises new CEO Satya Nadella, saying he is 'off to a great start'

Kaspersky Lab Announces Establishment Of International Advisory Board (Dark Reading) Board brings together seven internationally recognized experts in IT security from industry, public sector, and academia

HID Global Acquires Biometric Leader Lumidigm, Enhances Secure Authentication Portfolio (Dark Reading) Lumidigm offers multispectral imaging technology, software, and biometric fingerprint sensors to authenticate identities

Products, Services, and Solutions

Citrix and Palo Alto partner for next-gen firewall on NetScaler SDX (TechTarget) Citrix and Palo Alto Networks have consolidated application delivery services and a next-generation firewall on the NetScaler SDX

FireEye takes on Cisco, Palo Alto with new cyber product (Reuters via the Chicago Tribune) Cybersecurity firm FireEye Inc plans to take on Cisco Systems Inc and Palo Alto Networks Inc in selling intrusion prevention systems, which help companies detect cyber threats that breach their firewalls

The Next Big Thing You Missed: A Would-Be Dropbox Meant to Thwart the NSA (Wired) BitTorrent Sync was designed as a free and easy way for one engineer to share photos. But it now finds itself at the vanguard of a lively movement to build a decentralized, encrypted version of the web

A Surprisingly Easy Tool for Encrypting Email, Courtesy of an Ex-NSA Employee (Motherboard) Thinking of sending some strictly confidential, top secret information over email? A degree of hesitation would seem appropriate, as most forms of digital communications, be they email, text messaging, social network conversations, or phone calls, are continuously being proven exploitable and accessible to hackers and intelligence gathering government agencies. Dodging the NSA is no easy task—but what if you have the help of an agency alumnus? A new service introduced by a former NSA employee Will Ackerly and his brother John, called Virtru, is being called an easy-to-use, one-stop, secure email platform

Microsoft gives multifactor authentication to all Office 365 users (InfoWorld) The company also plans to add multifactor authentication for Office 2013 client apps

DoubleVerify Acquires Proprietary Fraud Prevention Technology From RealTargeting (Dark Reading) RealTargeting technology will be integrated with the DoubleVerify Fraud Protection suite that addresses a broad set of digital fraud schemes

Technologies, Techniques, and Standards

Six tips: Protecting your firm from cyber attack (Supply Management) Organisations can significantly mitigate any potential damage and costs by following good practices

A Tale of Two Admins (and no Change Control) (Internet Storm Center) I have a client who's done the right thing, they've broken out their test environment from their production environment. The production environment is in a colocation facility, and uses a different firewall. The test environment is in the office location, and shares the office subnet and the office firewall. So sort-of the right thing, they're moving in the right direction — I would have given the test lab it's own firewalled DMZ subnet

Preparing For and Surviving a Data Breach (Credit Union Times) Credit unions spend millions of dollars complying with regulation designed to reduce the risk that the use of information technology presents, yet must spend millions more on card replacement and other costs to protect their members when a card processor or vendor is breached

Prevent Distributed Denial-of-Service attacks with the right services (TechTarget) Some of our sites are occasionally the target of Distributed Denial-of-Service (DDoS) attacks. What can we do to help ensure critical applications don't suffer performance breakdowns

Secure The Cloud (Dark Reading) 'Cloud security' needn't be an oxymoron. Here's how to get it right

Cloud Security Alliance releases Software Defined Perimeter framework details (WhaTech) It's not that in-house IT systems are always as secure as they should be, but there is growing concern that at the present stage of its evolution security in the cloud is weaker than on-premises security

STAR Certification will boost confidence in cloud security (WhaTech) The Cloud Security Alliance has teamed up with business standards company 'BSI Incorporating NCSI' to create a new standard for security of cloud services and an independent system of certification for conformance to it

A case for opportunistic encryption on the web (SC Magazine) When, in 2010, I scanned about 90 million web sites (all .com, .net, and .org domain names that existed at that time) in order to determine their support for encrypted communication, I was dismayed to discover that only about 0.5 percent had means to protect their data in transit. The vast majority made no attempt to encrypt anything. Looking at only the top one million websites, the situation is better, but—with only about 10 percent of those sites supporting encryption—not significantly better

Seven Useful Habits for a Safer Internet (Kaspersky Lab Daily) Tomorrow is Safer Internet Day. You must know you can make your own Internet experience a lot safer without big technology or tough measures. All it takes is just a couple of good habits

Isn't it About Time to Get Moving on Chip and PIN? (Internet Storm Center) I got to thinking about the 3 "big story" breaches that we've all been discussing over the last month or so. Just adding things up, we're at a count of over 100 million cards and personal information disclosed

10 Bitcoin Security Tips (eSecurity Planet) Bitcoins have the potential to revolutionize business payment transactions. But they also have some security shortcomings. Here are 10 tips for keeping Bitcoins secure

Design and Innovation

Microsoft Accelerator Launches New Program For Late Stage Startups In India (TechCrunch) As we have been writing, startup accelerators in India's nascent ecosystem are beginning to seek more mature, late stage companies to work with. The latest to join this trend is Microsoft Ventures, which announced its Summer 2014 batch for the Indian accelerator today. Of the 16 startups selected, six will be part of Microsoft's new Accelerator Plus program, aimed at helping companies

Research and Development

D-Wave's Quantum Computing Claim Disputed Again (IEEE Spectrum) The strongest scientific evidence for D-Wave's claim to have built commercial quantum computers just got weaker. A new paper finds that classical computing can explain the performance patterns of D-Wave's machines just as well as quantum computing can—a result that undermines crucial support for D-Wave's claim from a previous study


Boom or bust: The lowdown on code academies (IT World) The reason these schools exist is simple. There's an enormous number of openings for people with coding skills and a serious shortage of warm bodies to fill them

Legislation, Policy, and Regulation

Feasibility study and preparatory activities for the implementation of a European Early Warning and Response System against cyber-attacks and disruptions (EU Bookshop) In preparation of the discussions on a European-wide Early Warning and Response System (EWRS) against cyber-attacks and disruptions as proposed in the NIS Directive by the European Commission, this document represents a feasibility study and preparatory activities for the implementation of a European-wide EWRS. This study outlines recommendations which the European Commission and the Member States should take into account when moving towards the implementation of a European-wide EWRS

List of Permissible Uses of Signals Intelligence Collected in Bulk (IC on the Record) Presidential Policy Directive/PPD-28 — Signals Intelligence Activities establishes a process for determining the permissible uses of nonpublicly available signals intelligence that the United States collects in bulk. It also directs the Director of National Intelligence to "maintain a list of permissible uses of signals intelligence collected in bulk" and make the list "publicly available to the maximum extent feasible, consistent with the national security." Consistent with that directive, I am hereby releasing the current list of permissible uses of nonpublicly available signals intelligence that the United States collects in bulk

Don't Spy On Us: it's time to hold politicians to account for mass surveillance (Wired) UK digital rights organisations have teamed up to launch Don't Spy On Us, a protest against mass surveillance perpetrated by the NSA and GCHQ and a call for a public inquiry on the topic. It coincides with a similar initiative in the US titled The Day We Fight Back, which takes place today, 11 February 2014

Why Should You Be Worried About NSA Surveillance? (NPR) Virtually every international Internet user is being watched, says hacker and cyber security expert Mikko Hyppönen. He calls for digital privacy in the age of government surveillance

How Cybersecurity Laws Are Outdated (Wall Street Journal) Mike McConnell on why the government and business need to share more information

Obama Cybersecurity Plan Seen Lacking Perks for Business (Bloomberg) President Barack Obama's plan to get utilities, banks and other essential services to bolster defenses against hackers will be filled with technical standards and guidance on responding to attacks

OPM to take on final reviews of background checks (FierceGovernment) Final quality reviews for contractor-completed background investigations will now fall on the shoulders of the Office of Personnel Management and not contractors, a Feb. 6 statement by OPM Director Katherine Archuleta says

Army Sec. Talks Cyber Command Plans at Fort Gordon (WHBF ABC6) In preparation for the Army Cyber Command consolidation, Secretary of the Army John McHugh visited Fort Gordon to look at the logistics of the change. The trip included talks with the commanding general and staff to set the stage for work that is needed in order to make the Cyber Command Center of Excellence happen as well as address any of the soldier's concerns. He told media at the conclusion of his visit that Fort Gordon was chosen because it is the best place to be

Litigation, Investigation, and Law Enforcement

Australian Attorney General Accuses Snowden of Putting Lives at Risk (Softpedia) Ever since news broke that Edward Snowden's leaks impacted Australia as well, the country's officials have taken sides — some call the former NSA contractor a whistleblower, while others a traitor. Australia's attorney general believes Snowden is definitely a traitor

Arresting hackers more effective than botnet takedowns for tackling cybercrime (V3) In recent months law enforcement has had plenty to celebrate, with various agencies and departments catching and charging numerous people believed to have masterminded some of the world's most dangerous cyber criminal empires

Charges in ATM Skimming Scheme (BankInfoSecurity) A Romanian man faces charges that he directed a large-scale ATM skimming scheme that allegedly defrauded Wells Fargo, Citibank, TD Bank and multiple other financial institutions out of at least $5 million, federal prosecutors say

Judge orders new hearing for student in alleged cyber attack (Luzerne County Citizens Voice) A Luzerne County judge denied a preliminary injunction to block a Dallas High School sophomore's suspension for allegedly launching a cyber attack that nearly crashed the school district's Web server and ordered the district to hold a new informal hearing to determine the student's punishment

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

HITBSecConf2014 Amsterdam (, January 1, 1970) The annual HITB Security Conference will be featuring an all-women keynote lineup of leading security individuals, as well as Haxpo exhibition. To encourage the spirit of inquisitiveness and innovation,...

Security Analyst Summit 2014 (Punta Cana, Dominican Republic, February 9 - 13, 2014) The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.

NovaSEC! Pre-RSA Rally (, January 1, 1970) This unique forum allows participants to meet, interact on key issues and provide a unified forum to network with likeminded individuals and creates an opportunity to cultivate a strong and integrated...

FBI HQ Cloud Computing Vendor Day (, January 1, 1970) As part of its FAR mandated market research efforts and in order to keep FBI employees informed of new products, technologies and services available in the industry, ITED has been tasked with organizing...

New FFIEC Guidelines on Social Media: 3 Things You Need to Know (, January 1, 1970) We'll take an in-depth look at the new Federal Financial Institutions Examination Council (FFIEC) guidelines on social media and consumer compliance risk, and how they may impact your organization. We'll...

Free OWASP Training and Meet Up (San Francisco, California, USA, February 24, 2014) OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn...

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

Nellis AFB Technology & Cyber Security Expo (, January 1, 1970) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

Cloud Expo Europe (, January 1, 1970) Cloud Expo Europe covers everything from hybrid cloud to software defined networks and data centres, from open source cloud to IaaS, from security and governance to cloud applications and from complex...

Suits and Spooks Security Town Hall (, January 1, 1970) Privacy versus Security: An Informed Debate and Discussion to Raise Industry Awareness. Taia Global and our sponsoring companies are hosting our first Suits and Spooks Security Town Hall at the Ritz Carlton...

Trustworthy Technology Conference (, January 1, 1970) Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens...

Creech AFB Technology & Cyber Security Expo (, January 1, 1970) The Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter, with support from the 432d Wing, will host a Cyber Security Awareness Day & Technology Expo at Creech AFB. This is...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.