Hot sauce and hot takes: An Only Malware in the Building special.
Dave Bittner: Hey, folks, Dave here. If you want to watch this episode, well, you can check it out on our YouTube channel by going to youtube.com/@n2kcyber. Enjoy the show. Why could we not have done the thing where they bake cupcakes? Oh, my God! [ Music ]
Keith Mularski: So, from N2K/CyberWire, I'm Keith Mularski, Chief Global Ambassador at Qintel, and a retired former FBI agent, turned cyberhost. And today, your interrogation lead. Welcome to a special heat-infused edition of "Only Malware in the Building," where we're combining digital forensics with hot sauce tactics. Today, I'll be grilling, not just the wings, but our guests, as we turn up the heat, spice, and the scrutiny. The questions get hotter as the sauces do. And by the end, we might uncover some truths our guests didn't see coming.
Selena Larson: You ready, Dave?
Dave Bittner: No!
Keith Mularski: Joining me at the table are two of our very own, Dave Bittner, host of the "CyberWire Daily," "Hacking Humans," "Caveat," and probably the most familiar voice in cybersecurity podcasts. And Selena Larson, senior threat researcher at Proofpoint, expert in cybercrime and a true hunter of the internet's most elusive adversaries.
Dave Bittner: Wow.
Selena Larson: I know. And a hunter of podcasts.
Keith Mularski: And a hunter of podcasts.
Selena Larson: I love a good podcast. [ Music ] [ Music ]
Keith Mularski: So we're going to start off just with a question in one that has no heat. So this is literally a softball.
Dave Bittner: This is our baseline to establish what no heat is like.
Keith Mularski: What no heat is like.
Dave Bittner: Okay, so this is for me.
Keith Mularski: The only heat-- yes.
Dave Bittner: Okay.
Keith Mularski: The only heat coming is the question.
Dave Bittner: All right. I'm ready.
Keith Mularski: All right. So, this shouldn't be any problem at all.
Selena Larson: Oh my gosh.
Keith Mularski: That's delicious.
Dave Bittner: All right, that's pretty good.
Keith Mularski: It's quite tasty.
Unidentified Speaker: No sauce, Scoville zero.
Keith Mularski: So let's take a trip down memory lane. What was the first password you ever used? Was it something super basic, like password123, or did you come up with something a little more creative? How have your password habits changed and evolved since? And be honest, do you still use the same password?
Selena Larson: It might take you longer to remember this.
Dave Bittner: Go ahead, yeah, because it was longer ago.
Selena Larson: Yeah, you have more time to think.
Dave Bittner: Go for it.
Selena Larson: My first password, I think, was probably like my last name. I was very young on the internet, coming up using AOL Instant Messenger and logging on to our little home computer. I honestly can't even remember really what it was, but it was probably something like that. But a better fun fact is my first AIM screen name, which was P-I-T-A, and then my name, which stood for "pain in the-- "
Dave Bittner: Posterior.
Selena Larson: Posterior, yes. So I still remember that very clearly, not my password though, but yes. Definitely, my password uses have changed. I do not use the same password as then or anywhere.
Keith Mularski: And not that you would admit it here in front of all the listeners.
Selena Larson: Not in front of all of the audience, that's for sure. But of course, no, it's gotten a lot better. Password managers, multifactor authentication. Definitely not using that when I was a little teeny-bopper on my big bubble back.
Dave Bittner: Well, I mean, I started with TRS-80 back in about 1980.
Keith Mularski: Did they even have passwords then?
Dave Bittner: Well, no, the computers didn't. I mean, you pressed the button and the computer came on. There was no booting, there was no-- you know. But we had dial-up modems, 300-valve dial-up modems, and we dialed into bulletin board systems. I don't know if you ever did any of that.
Keith Mularski: Yeah, I did, yeah.
Selena Larson: BBS?
Dave Bittner: BBS. So, and what it did one user at a time, you know? So it was great. It was fun. My first-- I remember my first username was the highly original and clever Ziggy Stardust.
Keith Mularski: Ah, yes.
Selena Larson: That was you? No.
Dave Bittner: That was me. But I don't remember-- my password, I don't remember what my original password was. It was probably something like appropriate for an 11- or 12-year-old boy. It was probably something like, you know, Bowie 69.
Unidentified Speaker: 69, dudes!
Dave Bittner: I don't-- but I do not still use that.
Keith Mularski: Mine, I remember vividly. So I remember going to the library and opening my first Hotmail account. So this is before I had my first internet computer at home and my first password. I was a big Beetle fan. Still am. But it was 28if, which was on the license plate on Abbey Road. So it was-- so I had a combination of both letters and numbers in that.
Selena Larson: That was a deep cut.
Keith Mularski: Yes, it was.
Selena Larson: That was a deep cut.
Unidentified Speaker: Sauce number one, hacked and hot. Scoville, 1200.
Dave Bittner: All right, here we go. Oh.
Selena Larson: This is good.
Dave Bittner: Okay.
Keith Mularski: Okay, that's not, I can feel something coming.
Dave Bittner: It's building, for sure. There's more coming, but manageable. This is something I would expect in like an authentic restaurant, you know, like where they warn you that this is not actually for Americans. It's a little-- that's hotter than I expected.
Keith Mularski: The heat is coming--
Selena Larson: The aftertaste. It really, it packs an after punch.
Dave Bittner: And I'm worried because that was the--
Keith Mularski: That was number one.
Dave Bittner: Yeah.
Keith Mularski: As a cybersecurity expert, what is your personal tech routine, like when you wake up in the morning, do you go straight to checking if you've been hacked? Or do you start with a fresh cup of coffee? Is there any kind of ritual you have to make to make sure your digital life stays secure?
Selena Larson: That's a good question. I have an unhealthy addiction to my smartphone and my computer. So I immediately look at my phone as soon as I wake up, my alarm clock, and I look at it. But this is actually an interesting question because I feel like it's fundamentally about threat modeling, right? And we're thinking about how do you use technology? How do we use technology? Are we always checking to see, you know, like what is our risk level? And for us, I mean, I don't know how you feel, Dave, but I feel sort of, I'm very public. I'm out there.
Dave Bittner: No, I'm out there.
Selena Larson: I am imminently findable.
Dave Bittner: Yeah, yeah.
Selena Larson: On the internet.
Dave Bittner: Yeah.
Selena Larson: And so I do kind of think that I am a little bit more cautious about some of the stuff that I would post of like, "Oh, where am I? Or what am I doing?" And, you know, making sure that I do have all those things under control. But more importantly, I also talk to people who know me, who are my friends and family, and make sure that they are also very secure. Because for public people, it can, you know, kind of be a little bit of a supply chain, I guess, the best things, you know?
Keith Mularski: Some collateral damage, so to speak, yeah.
Selena Larson: Exactly, exactly.
Dave Bittner: But yeah, same thing. My phone is what wakes me up in the morning. But so I'm on an iPhone, so the first thing it does is tell me everything, you know, "Hey, good morning." And I have my nickname and my phone is "Your Majesty," so it says, "Good morning, Your Majesty. Here's the weather, and here's what it's going on, right?"
Keith Mularski: I follow a very similar routine that you guys do as well. The one thing I do do is always checking my bank account and my credit cards for, you know, because it's not necessarily that they're going to hack my passwords that are going-- you know, and come into my accounts, but they may hack somebody where my credit card or something has been. So I'm always looking for those fraudulent charges, especially when I'm traveling overseas, because you never know, you know, whether there's a skimmer there or something like that. So I'm very hyper-vigilant on that.
Selena Larson: That's a great point, actually.
Keith Mularski: And then also using, you know, two-factor authentication. So even if they would get one of our passwords, just you don't have to worry, it's going to be much more difficult to get in.
Unidentified Speaker: Sauce number two, threat levels Scoville 26,500.
Selena Larson: Let's do it.
Keith Mularski: Let's give it a shot.
Dave Bittner: Down one, two, three.
Selena Larson: Mm-hmm.
Keith Mularski: Good taste.
Dave Bittner: Mm-hmm.
Selena Larson: Time on time. Hot level, delicious.
Keith Mularski: Yeah. Two thumbs up. I think that was the best-tasting one so far on that.
Dave Bittner: I am sweating a little.
Selena Larson: You are a little, yes.
Dave Bittner: Thanks.
Keith Mularski: All right, so as a cybersecurity pro, you're clearly about protecting yourself from malware. But have you ever had a moment where malware almost got you? Maybe an email attachment or a shady website that you almost clicked on, and how close did you come to a digital disaster?
Dave Bittner: Oh, I got got.
Keith Mularski: Yeah?
Dave Bittner: Yeah.
Keith Mularski: I think we all have.
Dave Bittner: Yeah. So for me, it was the classic I got a text message from a good friend that said, "Hey, Dave, did you see this video that was posted of you?"
Selena Larson: Oh, no.
Dave Bittner: It's all it said.
Keith Mularski: Yep.
Dave Bittner: And I was like no.
Keith Mularski: Well, I've got to see what this is.
Dave Bittner: Right. I got to see what this is. So I click through and it's like-- takes me to like a Facebook login page. And I logged in.
Keith Mularski: Yeah.
Dave Bittner: That was it, that was the ball game.
Keith Mularski: And so you got your Facebook hacked.
Dave Bittner: I did. I got it back. This is probably-- this may have been 10 years ago. So I was a lot less vigilant back then, but at the same time, you know, I just-- I fell for it hook, line, and sinker. They got me, got my ego, my curiosity, my fear of what could the-- what video could this be?
Keith Mularski: Yeah.
Dave Bittner: And then also, because it came from a trusted source. So it was my friend who got hacked, and then they were spamming everybody on their, you know, directory, their list of friends.
Keith Mularski: Yeah, that was one of the big techniques to do that. So, because now you think it's safe, it's coming. That's like my sister will send me stuff. I would never click on a link that she sends me anything. And I'll call her up, I'll be like, "Hey, did you just send me something? I'm not clicking on anything until you tell me it's safe."
Selena Larson: Yeah, that's a good trick though. But did anything happen?
Dave Bittner: No, I mean, I realized it quickly enough that I was able to salvage it, and so I didn't actually end up losing anything. I did feel pretty stupid, though.
Selena Larson: Well, so I think it's really important because, to your point, everyone has something that they could fall for. And, you know, we as cybersecurity practitioners have experienced something, you know, that might be bad or whatever, but I think the most important thing that people need to do is not feel stupid.
Keith Mularski: Yes.
Selena Larson: Because that is-- you know, part of the hack is making you feel stupid. They prey on your brain. They like are going after you emotionally. They're trying to hack your feelings. And you're-- you know, like you were saying, play to your ego and your interests. And you're like, I want to see this video of me. And so, I think that that's so important because that is-- it's, they tailor it to make you feel bad. My almost getting got, I don't think I, as far as I know, have never like fully been hacked, but scammers will oftentimes register phone numbers. That's like one letter or one number off of a real phone number. And so I was trying to book a flight and I was calling the airline, and I called the airline, but I mistyped the number. And so I was like one number off. It wasn't even clicking on it, or wasn't like, you know, an attack that says, "Call this number to dispute it," or whatever, I literally just mistyped it. And then I called whatever, and it went through the whole like answering machine and like this is the airlines and, you know, put in your information, put in your date of birth, put in your-- all of this stuff. And then there was one thing that they had asked for that I was like, okay, this is weird. But they-- but yeah, but I-- and then I just started putting in fake information. Because I was like, I want to see where this is going.
Keith Mularski: You're not getting this.
Selena Larson: Yeah, but then they said it was like, put in your passport information, put in your credit card information. And so, like, put in all of the things that are like numbers that you can sort of like type in to get information. And it was all like automated. I was like, wow, this is actually pretty good. Like it could have got me.
Keith Mularski: When I was working undercover, my job on the forum was to review any new mail work packages that came out. And they really thought that somebody on my site was a fed. So five people--
Dave Bittner: And they were right.
Keith Mularski: They were right. They were right. And so, what they did was, at that time, there was like the control panel for the malware, and they backdoored it. So when it came in to get reviewed, even though we took it off on like, you know, like-- not a production network, you know, like on a research network, and it was backstopped and everything like that. As soon as we executed the file, everything that was on the flash drive, which the analysts had some other things on the flash drive, that were like templates of the NCFTA, where I was stationed, and it went right back to the bad guys.
Dave Bittner: Oh.
Keith Mularski: So, yeah. So there was like a little bit of a melancholy moment there where, you know, now all of a sudden, they knew somebody worked at the NCFTA. So we-- at that time, we had it backstopped to a company and all that. And then we heard a story that they were going to do this exposé that one of the admins worked at the NCFTA, and, you know, and I thought I was toast. But then, what we ended up doing, we made some phone calls and we scrubbed the DNS. We scrubbed the who is. So when they did their exposé, none of that stuff existed anymore. And then like they were just like the NCFTA template reports. And like the other hackers were like, you know, this is all made up because nobody would have, you know, these documents there with typos in it, and things like that, because they were just, you know, templates and all that. So I was able to actually skate by. But that was probably the worst hack because that was, you know, my undercover identity. But we were able to make it through it.
Selena Larson: Patched it up, and is that something that's commonly done in these forums, is they'll sort of seed back towards--?
Keith Mularski: Oh, yeah. Yeah, because that's the other-- you know, they're always worried about, you know, are there feds or cops there on the forum? So they're always trying to dox people. And so I wouldn't trust anything like a credit card checker or anything like-- I would always make sure you're-- you know, any undercover guys out there, make sure you don't want to get--
Selena Larson: Or researchers, yeah.
Keith Mularski: Or researchers. Make sure you're opening it up, you know, in a VM and a totally non-attributable network because they're going to backdoor it for sure.
Unidentified Speaker: We'll be right back. [ Music ] Sauce number three, Scorchware, Scoville units, 131,000.
Dave Bittner: All right.
Selena Larson: Mm.
Dave Bittner: Oh, there it is.
Keith Mularski: Yeah, a little bit there, starting. So, given your line of work, how often do you take a break from all things cyber? Now it's hitting me. Do you ever go on a digital detox, or is it just impossible to turn off with so much going on in the cybersecurity world? And what is your strategy for really finding balance between staying on top of threats and taking a breather from your screens?
Selena Larson: Yeah, so I would say any person who works in this industry who says they know everything about everything is lying to you.
Willem Dafoe: You know, I'm something of a scientist myself.
Selena Larson: Who can rhapsodize on things and, you know, can talk about everything and anything from fraud to, you know, botnets to APT malware, to nation state politics, to all these things. That's impossible. Like, one single person cannot stay on top of everything in cybersecurity. And I-- for me, I have to be very mindful about the things that I can control and I know impact me on my job and the things that are interesting to me, but I know that I don't feel responsibility to be aware of what's happening, because other people more-- know way more about this than I do. And so, for me, I really want to make sure that I'm staying on top of the stuff that I need to know about, and then listen to podcasts like the CyberWire for the stuff that I could, you know-- it's interesting to me, but maybe not necessarily impacting my work. But from a digital detox perspective, I do think it's very-- like a burnout in cybersecurity is so real, it's so prevalent. And I think that we are all under a lot of pressure, whether you work defer or IT helpdesk or, you know, threat research. So malware reversing, taking stuff from the dark web, and downloading it. And so, I do try and kind of go off a little, you know, less, less crazy on my phone and stuff. But I read a lot of physical books. I love physical books because I do need a brain break. And I get my nails done a lot, and that takes a while. So I put my phone away, my computer away, and I don't-- like, that's my-- that's my self-care of trying to figure out ways of not being around the screen.
Keith Mularski: Yeah, yeah.
Dave Bittner: My scalp is sweating.
Keith Mularski: Yes, I was going to say.
Dave Bittner: My nose is running. Okay, so the question was detox.
Keith Mularski: Yes.
Dave Bittner: Okay.
Selena Larson: Which you're going to need after this?
Keith Mularski: Yes.
Dave Bittner: Yes. Absolutely, so, you know, we joke around the office sometimes that like my job is, "Hi, I'm Dave Bittner and here's today's bad news," you know?
Keith Mularski: Yes.
Dave Bittner: And so, and that can get to you after a while. And so my job, I'm spending a good part of my day hunting down the bad news and trying to decide-- you know, trying to rank them. Like, what are the-- because we do about 10 stories a day on each CyberWire podcast. So what are the most important 10 stories they're going to benefit our audience the most to know about? So you have to do that. But I think to your point, it's a really good one that I cannot be an expert on most of this stuff. And so, I rely on people like you, you know, I know who have specialties. So I may not know the answer to something, but I know who does. And so building those relationships and being able to call somebody up and ask them, what does this mean? You know, I've done that with-- actually, I've done that with both of you.
Keith Mularski: Yeah. So how do you decompress?
Dave Bittner: I don't.
Selena Larson: Listen to David Bowie.
Dave Bittner: When I'm starting to feel it, that I need some time off, I need to respect that. And even just sometimes taking a single day to do nothing, to go, you know, walk to the-- go to a state park and hike or stay away. Like you were saying, put the phone down and just try to breathe and change my space in my mindset, and all that kind of stuff.
Keith Mularski: And I think, like you were mentioning in our industry, especially like doing, you know, DFIR, you know, it's just pressure. And, you know, one of the things I always told, you know, my agents working for me, the people that worked for me at EY, was that you can't-- you could run a marathon or you could run a sprint, but you can't sprint a marathon. And it's really important to really kind of pace yourself because otherwise, you'll burn out very quick. And it's also like when-- like if you're lifting weights, if you lift weights every day, you don't make gains, you need time to let those muscles grow. And it's a lot like that in our industry, I think, that we just put a lot of pressure on ourselves, because everything is a five-alarm fire. You know, not just these wings. You know, so it's really important for that. So some of the things that I try to do is, one is I don't bring a phone or a tablet in my bedroom. So it's like-- so this way I go up there and I sleep and, you know, I don't have a TV in there, and so it's just total decompression. And when I go on vacations, I like to go on cruises because you turn your phone off, because the Wi-Fi on the cruise is just crazy expensive.
Dave Bittner: Yeah, my glasses are steaming up.
Selena Larson: Well, before we do this next one, I'm going to put-- I have to put my hair up. It's getting hot.
Dave Bittner: Oh, is it?
Selena Larson: It's time.
Dave Bittner: Oh, is it? Oh, I see.
Selena Larson: It's time. You know-- oh, jeez. It's an extra layer that I don't need.
Unidentified Speaker: Sauce number 4, Only Moruga in the Building. Scoville one million.
Selena Larson: Ohhh.
Dave Bittner: Only Moruga. It's Moruga. What does that mean?
Selena Larson: It's a very spicy pepper. Is it the scorpion pepper? Is that a separate one? I don't know if Moruga is the scorpion pepper. It's a very spicy pepper.
Keith Mularski: I've never had a Moruga pepper, and so this will be interesting.
Dave Bittner: Oh, we have to put extra on it?
Selena Larson: Yeah, just a little dab.
Dave Bittner: Oh my gosh.
Selena Larson: Well, that was a lot, so you probably don't have to do that much, but I accidentally over-poured.
Keith Mularski: I'm going to dab off.
Selena Larson: Yeah, you can dab off my dab.
Keith Mularski: Oh, look at that.
Selena Larson: All right.
Keith Mularski: Okay.
Dave Bittner: All right. Okay.
Keith Mularski: Wait.
Selena Larson: Only Moruga in the building.
Keith Mularski: All right.
Dave Bittner: All right.
Keith Mularski: Okay. Down the hatch.
Selena Larson: Cheers.
Keith Mularski: Cheers up.
Dave Bittner: Cheers, cheers, all right.
Keith Mularski: Three, two, one. Mm-hmm.
Dave Bittner: Very good taste.
Keith Mularski: Yeah.
Selena Larson: That's good.
Keith Mularski: I'm waiting for it to hit.
Dave Bittner: Okay. Yeah.
Keith Mularski: Okay, it's coming.
Dave Bittner: Yeah, I can tell, it's building. It's just a question of how much and how long.
Keith Mularski: It's--
Dave Bittner: Oh, there it is.
Keith Mularski: There it is.
Selena Larson: Yes, this one took the longest.
Keith Mularski: Yeah, it took a little.
Dave Bittner: And now that it's there, it's staying. Okay. Why could we not have done the thing where they bake cupcakes?
Keith Mularski: Now, it's-- Oh, my God! The taste is good, but it's hot.
Dave Bittner: It is. Okay.
Keith Mularski: It's hot.
Dave Bittner: Do we have a couple more--
Selena Larson: I'm feeling I'm breathing fire.
Dave Bittner: Do we have a couple more nuggets? Because I'm not quite done.
Keith Mularski: Okay.
Unidentified Speaker: Oh no, not the FBI hat.
Keith Mularski: Oh, no.
Dave Bittner: The tables are turned, and I'll be asking the questions now.
Keith Mularski: Oh, right.
Dave Bittner: Mr. Interrogator.
Selena Larson: Oh, my God.
Keith Mularski: Oh, look at this. You're representing.
Dave Bittner: Yes.
Keith Mularski: All right.
Dave Bittner: In my previous career, I actually did some work with the FBI.
Keith Mularski: Oh, I did not want to do that.
Dave Bittner: Did you touch your eyes?
Keith Mularski: Maybe.
Dave Bittner: Oh, my God. My eyes are watering.
Keith Mularski: Okay. It's good.
Dave Bittner: I'm so glad we're not doing 10 of these.
Keith Mularski: Yeah.
Dave Bittner: Oh.
Keith Mularski: Thank you.
Dave Bittner: I am going to sweat through this hat.
Keith Mularski: All right.
Dave Bittner: All right. So, Keith.
Keith Mularski: Yes?
Selena Larson: Wait, do we need another nuggets?
Dave Bittner: Yes.
Selena Larson: Shall I get them?
Dave Bittner: But I'm trying to move this along, so you know. All right. Drink, drink, drink.
Keith Mularski: All right. I'm ready, Dave.
Dave Bittner: All right, we're going to do one more round.
Keith Mularski: Okay.
Dave Bittner: With the really odd stuff.
Selena Larson: The more of the hot sauce.
Dave Bittner: Yes.
Selena Larson: Wow!
Dave Bittner: You can't go back.
Selena Larson: I love it. I love it. No, this is great. This is what--
Dave Bittner: No, it's not. This is awful. All right. Oh, good God. All right.
Selena Larson: I'm ready. I'm ready. I'll do a little more.
Dave Bittner: This hurts so bad.
Selena Larson: Getting all there.
Keith Mularski: Yeah, and not like a John Cougar song with "Hurt So Good."
Dave Bittner: No, no, no, this is unpleasant. This is really unpleasant.
Keith Mularski: Okay.
Dave Bittner: Hey, Dave, why don't you be a podcaster? That'd be fun. Oh, yeah, we'll make funny videos, and we'll have a good time. That sounds like a great career. All right, so.
Selena Larson: It's flashing before your eyes.
Dave Bittner: I know, well, lots of things are-- >> All right, all right, all right. Three, two, one, cheers. Cheers.
Selena Larson: Cheers.
Dave Bittner: Okay. So, gee, man.
Keith Mularski: Mm-hmm.
Dave Bittner: In your career with the FBI, all your years of hunting down bad guys--
Keith Mularski: Mm-hmm.
Dave Bittner: What was the craziest thing you ever saw? What was the wildest thing that made you step back and go, "Is this-- could this possibly be real with these numb skulls that I'm chasing around the world?"
Keith Mularski: Okay, I'm taking this hat off because-- Oh, I'm going to eat this first one.
Dave Bittner: Okay.
Selena Larson: There's one extra. There's one left.
Dave Bittner: Dull things. I know there are some crazy personalities. Wasn't there a guy with the cats?
Keith Mularski: There were guys with cats.
Dave Bittner: Like exotic cats, right?
Keith Mularski: Yeah, so that was Bogachev, the GameOver ZeuS.
Selena Larson: Oh, yeah.
Keith Mularski: So he was very unique in that, you know, he had these exotic cats.
Selena Larson: Was it like a lynx or like a--
Keith Mularski: Yeah, yeah. It was like, yeah.
Selena Larson: I'm sorry.
Keith Mularski: Yeah, like a lynx or like a bobcat.
Selena Larson: A bobcat, bobcat, there we go, okay.
Keith Mularski: Something like that. You know, he had-- thank you, thank you so much. Yeah, so I'm going slow on this, Dave.
Dave Bittner: Yeah, whoa, how's your brain?
Keith Mularski: Yeah, it's going good. My eyes have stopped watering. So, yeah, I mean, I guess like the funniest thing is that their wives and girlfriends always-- never met a camera that they didn't like. So, so, so we had-- >>Dave Bittner: Not like me. So, we had a thing like, you know, you've heard in like the intelligence community, you heard of like HUMINT, which is like human intelligence, or SIGINT. And so, we had a thing which we called WAGINT for wives and girlfriends' intelligence. So, you know, just seeing what they would be posting all the time, and, you know, you just saw crazy stuff, a lot of stuff not safe for work. And so you could just kind of imagine some of those things, but, you know, they would post where they were, which was always great for us because then you knew what they were doing. So, yeah. So that's the best I can come with the clarity of my head right now. So.
Dave Bittner: How are you?
Selena Larson: I'm good, this is great. This is great for me.
Keith Mularski: Yeah, I'm doing better now, much better now.
Dave Bittner: I'm dying here, guys.
Keith Mularski: The fact that you doubled down and went for two. So we're going to talk our first computers. What was the first one you owned that you used that sparked your love for tech? Was it a bulky desktop from the '90s or something else entirely? And then was there a specific moment when you thought, "Okay, this is-- I'm hooked on tech?"
Selena Larson: So I will answer.
Dave Bittner: Go ahead. Please.
Selena Larson: Another thing about me, I didn't like technology. When I was growing up, I didn't like it. I like, you know, all millennials had our, you know, MySpace and AIM and everything, and I like did the marquee scroll so stuff could go across my MySpace page, and I was like, "I'm a hacker". But I didn't really like technology, and I was kind of whatever about it. I really wanted to be-- I was a journalist, so I really wanted to be a journalist. I wanted to be a writer. I wanted to, you know, be a person that does words and not numbers. And then I went to San Francisco, and I was doing a job interview in San Francisco, and they're like, well, it was for technology reporter jobs. And it was like, well, you know, what do you know about-- or like, what do you know about technology? And I'm like, nothing. But you know what I do know about the news. And in San Francisco, technology is the news.
Dave Bittner: The news, yeah.
Selena Larson: And so I very quickly became caught up to speed. And then I was like, wow, I love it. And then I really liked cybersecurity and privacy. And so I was like, I'm almost entirely self-taught. I haven't really-- I've done some trainings, but not a ton.
Dave Bittner: Yeah.
Selena Larson: But now I love it, but now I love it. But my first computer was like a bubble Mac.
Dave Bittner: Okay, yeah.
Selena Larson: I think it was a teal, like the teal bubble Mac. I had to share it with my siblings. We designated, yeah, yeah. We had designated like, you know, times and things you could do, and I think I just had-- just missed that you can't use the phone and the computer at the same time. So my sister had that, but then I had the-- oh, we had to turn it off. What about you, Dave?
Dave Bittner: I'm sorry.
Keith Mularski: This is awesome.
Dave Bittner: I didn't hear a single word you were saying, by the way. The first time I laid hands on computers was-- I went to like a-- they had like a special summer camp, summer school kind of thing. And they had TRS-80 Model 1s, which are like some of the original 8-bit computers. So that's where I learned how to like program BASIC, and I loved it. I loved it so much. So then I saved up money because I had a paper route, and I bought a TRS-80 color computer. I could hook up to a cheap TV, and I had a cassette recorder, and all that original stuff. And then, you know, the thing is when you're 11 or 12, like you don't have any money, but the thing you have is time.
Keith Mularski: Yeah.
Dave Bittner: So, I would spend all summer long just like all night, you know, whatever, and I programmed all my own stuff, and eventually got a modem, and that opened up a whole another world of phone-phreaking and--
Selena Larson: You were a phreaker.
Dave Bittner: I was.
Keith Mularski: Love it.
Selena Larson: Did you phreak?
Keith Mularski: I did not. Yeah. I did not. I got into it a little bit later when I got in college. So, you know, they had these Apple computers, you know, at college, so you kind of got into that and just started out with I wanted something easier than a typewriter to type my stuff, and then I kind of went from there. And then one of my roommates would always play on a computer, you know, you play like Leisure Suit Larry, you know, things like that. You know, so just kind of go in and from the games. And then finally, you know, when Windows 95 came out with the "Start Me Up" campaign, that's kind of when I got that first internet computer, which was a gateway computer back in those days. And I think I can't even remember, like the hard drive is probably like two gigabytes, maybe three gigabytes, something like that. And you had that, you know, very fast 28-bit modem dial-up, you know, which was crazy. And then, you know, when I was at the FBI, I did more like offensive stuff. So, because I worked counterintelligence and espionage my first seven years. And then I was like, well, this internet thing I don't think is going to be a fad, you know. I think it's not going to go away so I transferred over to Cyber Division, and then I had a really great-- I was like you-- I wasn't formally trained but I had a great agent, his name was Tom Grasso, and he was kind of like my Yoda, you know, that he just could take time and would show me how to do everything. And, you know, from that, it just kind of took off. So--
Selena Larson: Oh, that's great.
Dave Bittner: Yeah.
Selena Larson: Yeah.
Keith Mularski: Yeah. And that was, you know, pre like big internet, where everything is just accessible at any time. And so you're just kind of curious as like, you know, what is going on over in East Germany, what is going on in just, you know, even in the UK. It's just a lot different, for sure.
Dave Bittner: Yeah.
Keith Mularski: Well, all right, Dave, Selena, it's-- we just took on the wings of death and now there's nothing left here. Nothing to do right now but to just roll out the red carpet for this camera, this camera, and this camera.
Dave Bittner: Yeah. I'm good.
Keith Mularski: Yeah, and I also-- let's-- yeah.
Selena Larson: I would invite all of our listeners--
Keith Mularski: Yes, please.
Selena Larson: To, first of all, try some hot sauce. It'll make your brain rattle, and you'll be very happy and tell some fun stories with your friends. But more importantly, tune in wherever you get your podcast to "Only Malware in the Building", N2K Network/CyberWire, the great cast and crew here, actually in the building, only crew in the building.
Keith Mularski: Yeah.
Selena Larson: Very exciting.
Keith Mularski: And we survived.
Selena Larson: We survived. We survived. We survived. Tune in to "Only Malware in the Building."
Dave Bittner: Day's not over yet. Day's not over yet.
Keith Mularski: All right.
Selena Larson: We did it.
Keith Mularski: That was a blast, guys. [ Music ]
