Security Unlocked 3.3.21
Ep 17 | 3.3.21

Digital Crimes Investigates: Counterfeit Tales


Nic Fillingham: Hello, and welcome to Security Unlocked, a new podcast from Microsoft where we unlock insights from the latest in news and research from across Microsoft Security engineering and operations teams. I'm Nic Fillingham.

Natalia Godyla: And I'm Natalia Godyla. In each episode, we'll discuss the latest stories for Microsoft Security, deep dive into the latest threat intel, research and data science-

Nic Fillingham: And profile some of the fascinating people working on artificial intelligence in Microsoft Security.

Natalia Godyla: And now, let's unlock the pod. Hi, Nic. How's it going?

Nic Fillingham: Hello, Natalia. It's going well. How are you?

Natalia Godyla: It's going well. I am super-excited for this episode, because it will be a trip down memory lane. We're gonna be talking about counterfeiting CDs and Beanie Babies. Well, Beanie Babies aren't covered in this episode, but they're counterfeited.

Nic Fillingham: So we were, we were having a conversation before we started recording about, you know, things that have been counterfeited, and one of the examples that we stumbled upon was Beanie Babies, and I said, "What's a Beanie Baby?" And Natalia said "How do you not know what Beanie Babies are?" So 15 minutes ago, you, you educated me on a Beanie Baby, and I've learned something about you, is that you collected Beanie Babies. Is that right? You were in the Beanie Baby fad. You were in the, the trend.

Natalia Godyla: Oh, yes. Yes. Beanie Babies and Pokemon cards. I definitely collected them.

Nic Fillingham: Do you still have your Pokemon cards?

Natalia Godyla: Yes. Yes, I do.

Nic Fillingham: And do you still have your Beanie Babies?

Natalia Godyla: I've got one Beanie Baby left.

Nic Fillingham: Do you know, with certainty, that it is not a counterfeit Beanie Baby?

Natalia Godyla: I don't, but I don't think I wanna find out.

Nic Fillingham: If only there were some kind of technology. Maybe a, a hologram or something, embedded into the Beanie Baby for you to have a high degree of certainty-

Natalia Godyla: (laughs)

Nic Fillingham: That it was real.

Natalia Godyla: (laughs)

Nic Fillingham: And I'm talking about holograms because our guest on the podcast today, Donal Keating from the DCU, walks us through his journey into security, and his path to Microsoft, and how he spent a lot of his career in the anti-counterfeiting space. And we talked about CDs, we talked about counterfeiting CDs and optical discs. This was very exciting for me. We talk about the period in time when I was actually joining Microsoft, which was when Windows XP was coming out, and so the whole, you know, hologram on the CD, and you hold it up to the light, and there'd be different colors and pictures, like...

Nic Fillingham: That was all very exciting. I guess that must have been early 2000s. That was a-, that was super-exciting when that was happening, so this was a, this was a great conversation, and I think we also talk about chickens at some point, too. I don't, I d-, I'm not sure how we got there, but we cover a lot of ground in this conversation.

Natalia Godyla: And with that, I feel like we shouldn't keep people hanging. On to the pod.

Nic Fillingham: On to the pod.

Natalia Godyla: Hi, Donal. Welcome back to Security Unlocked. Thanks for joining us for a second time.

Donal Keating: Thank you. I'm delighted to be here.

Natalia Godyla: So Donal, you are the director of research and innovation of the Digital Crime Unit. I know that you've talked a little bit about what you did in our last episode, but would you mind giving the audience a refresher? What does a, a day in the life of Donal in the Digital Crimes Unit?

Donal Keating: Well, e-each day is different, obviously, because when you're sort of working on the, on the side of security and crime-fighting, people evolve very rapidly, so there is no set pattern of what I do every day. But I am lucky to have a relatively unique position in the DCU, we call it the Digital Crimes Unit, in that I work across all of the different pillars th-, that we fight, and I also the opportunity to work, uh, work across the company, so... And we're always looking for new techniques, new data sources, and new crime mechanics, and I tend to get involved in, in the things that are new. So it's a very interesting job. As someone said, there's not many jobs where you wake up in the morning and look at the news and say, "What's going to be on my plate today?" But-

Natalia Godyla: (laughs)

Donal Keating: Working in this space tends to be that sort of a job.

Natalia Godyla: And how did you end up in this role? What has been your path not just to Microsoft, but security? I know, a big question.

Donal Keating: Oh, my. (laughs)

Natalia Godyla: (laughs)

Donal Keating: Once upon a time, Mammy Keating and Daddy Keating met. E-e-e-, um...

Natalia Godyla: (laughs)

Donal Keating: So, if I start-

Nic Fillingham: And where was that, Donal?

Natalia Godyla: (laughs)

Donal Keating: Sorry? Wh- where was that?

Nic Fillingham: Yeah, where was that?

Donal Keating: That was in, that was in Ireland. So I, I grew up in-

Nic Fillingham: Paint, paint us the picture. Like, it's, tell... I want beautiful, rolling green countrysides. I want-

Donal Keating: (laughs)

Nic Fillingham: Paint me that beautiful picture of Ireland.

Donal Keating: Uh, well, uh... (laughs)

Natalia Godyla: (laughs)

Donal Keating: I don't know if I'm gonna go back that far. It's, that's before Moses was a boy.

Nic Fillingham: (laughs)

Natalia Godyla: (laughs)

Donal Keating: So my parents are Irish. Uh, father an engineer, my grandfather an artist. My other grandfather was a blacksmith. So sort of technology had always been in the family. When I was growing up, uh, I guess my parents had been a product of the, of the war, and Ireland, at the best of times, didn't have very much, so the, the ability to make things and figure things out from first principles was always p-pretty important, uh, in my family.

Donal Keating: So I grew up. My brother's, uh, an engineer. A c-, a civil engineer, built a very successful company in civil engineering. So I guess I was the black sheep of the family. I became a physicist, and when I graduated from physics, it was in the 1980s. I won't say exactly when, but the unemployment rate in Ireland at the time was in the high 20s, I believe, and for new graduates, there was pretty much two, three jobs a year going, and I certainly wasn't in the top two or three percent of the graduates coming out of the country, so I emigrated, like a lot of Irish people do, and my first stop was the UK.

Donal Keating: So I got a job as a young, very green physicist. The only advantage I have is I had done applied physics, so I was to run a lathe as well as do some calculations, and I started to work for a, a UK company that was a venture capital-funded start up, looking at some very interesting optical technology. So my major was in opto-electronics, and this company was involved in the research into storage media. And at the time, CD audio had been quite the technology. C-, recordable CD had not been yet invented, but there was a space in the market for what was considered archival media, and this company had some very innovative and patented technology which we called Mothi. It was a, a recordable media that effectively made a mechanical mark. So it wasn't just a change of reflection. There was actually a mechanical mark on the media. And b- (laughs), I won't even go into the capacities of these things in, in today's world.

Nic Fillingham: Almost like a vinyl record?

Donal Keating: Uh, a-, well, uh, almost like a vinyl record, but at a nano scale. So a laser would... What normally it would do with m-, recordable media is, a dye would absorb, or not absorb and a-allow light through to the reflective layer beneath. The trick of this technology, called WORM, uh, write once read many, was a layer that looked a little bit like an egg box, and when the laser hit the texture, it would blow a bubble in the egg box, therefore making it reflective, and the company name was Plasmon, which actually refers to a physical phenomenon that means a surface that the, uh, incident light gets redirected along the surface of the incident plane.

Donal Keating: So i-, it was just an interesting piece of technology. I worked for that company for six years, starting out knowing nothing, and worked for an incredible mentor engineer, a guy by the name of Bob Longman, who taught many engineers like me. He was quite a legend.

Donal Keating: And through that company, it was like pure R&D work. We knew what the end goal was, but how to get there was entirely uncharted.So we got to work on all sorts of interesting, uh, technologies. But that really was the beginning of a skillset that I think everyone in security needs, and, uh, particular in research innovation. It's, when there aren't train tracks, how can you look at a problem, split it into smaller problems, and do things that you can measure, observe... Uh, basically articulate, "Well, okay, these three things happen. Therefore, what does it mean for the bigger picture?" So that reframing the question was training that I got right when I, when I graduated. So that was the start.

Nic Fillingham: I think I i-interrupted you, Donal, but what was the... Did you tell us? What was the capacity? What was the storage capacity of this early CD-

Donal Keating: (laughs) -

Nic Fillingham: Technology.

Nic Fillingham: I'm assuming it was small.

Donal Keating: it was-

Nic Fillingham: I'm assuming that's, that's

Nic Fillingham: ... the giggle your-

Donal Keating: It was small, yeah.

Natalia Godyla: (laughs)

Donal Keating: 540 megabytes was considered this huge enormous storage capacity.

Nic Fillingham: But that's much smaller than the, the theoretical max of uh, cd's. No, it didn't say you only get to about 714 meg or something?

Donal Keating: Yeah. Yeah but that, that was yeah but that was a CDR, and now we got DVDR, and yeah but these are capacities like if you pick a USB now, the tiny, tiny, tiny surface area will contain ten times that capacity. You know you look at floppy discs and you know, you look at the evolution of it. Really truly the laws of physics are being uh, like hard disc drives which I, at one stage I worked for Seagate, I'm like come to the, my narrative, but even when I was at Seagate in the 90's, the idea that you were coming close to the capacity of what a platter could hold.

Donal Keating: They continue, hard drives, continue to push the limits. They're still uh, following Moore's at a phenomenal rate. Like if you look at a technology like hard drive, and you had to start that from scratch, people would say that's impossible. That is absolutely impossible to get that performance you know, even if using a huge design team.

Donal Keating: But that's the great thing about evolution, you start off with something small you tweak it, you tweak it, you tweak it you put economic pressure on it to make it faster and bigger and you end up with here we have hard drives today same with Solid State. Solid State technology in another 20 years time. There will still be Solid State and it'll be faster and bigger and better than all the rest of it.

Nic Fillingham: I thought you were sort of going to be comparing that early technology. That mech, that mechanical I forget the, the words you use but that mechanical mark on the disc. I thought you might have been comparing that to sort of later uh, technologies for writing to a CD. But you were, you were talking about CD's in general. Yes the capacity of a CD is, is obviously very very small.

Donal Keating: Yeah. So the, the sort of people that were interested in it were people who needed archival technology. So uh, they worked with the British Library for instance was one of their um, audiences. But also company records and you know things that needed very good archival life. So, what you might not know is that your CDR um, if you've kept them in a drawer for 20 years will not be producing all the pictures that you thought you'd put onto your CDR.

Donal Keating: And those technologies break down relatively quickly. So this was a, a technology that they said would um, stay on the shelf for a long time.

Nic Fillingham: Why was that? The material is sort of susceptible to pressure change, temperature change, what, what is it?

Donal Keating: Well with a recordable CD for instance is a dyeing. And dyes tend not to be, not to be stabled. You know you look at an old book even when it's closed up. The pictures in the, in your old books would be faded from what they were. Well if you need that high contrast and, and you have fading with your dye, you're gonna loose fidelity.

Donal Keating: That's really just comparing this technology and CDR which is you know, but, the bit that I'm getting to is, you might have recording mechanisms that store data for a long time but the drives that read those do not store for a long time.

Donal Keating: So, back then it was all scuzzy interfaces. To find a PC with a scuzzy interface now would be a, would be a whole, a whole piece of work. So, the reason the Cloud is gonna be so much better for storing data is regardless of what the readout technology is going to evolve with the Cloud.

Donal Keating: I was kinda lucky in my career in that I was at the right place at the right time. So I worked for a number of companies that basically built CD manufacturing in Ireland. I hopped around those companies being part of the supply chain to Microsoft. So the very first indication of security, Microsoft introduced what we called an Innerband Hologram on I want to say was Windows 98.

Donal Keating: It was a security feature to try and make counterfeiting of the Windows 98 dix, more difficult. Long story short, Microsoft decided themselves that they wanted a CD manufacturing plant. And they recruited me. At the time I really want to work for Microsoft. I had been a supplier to them and they had been pretty aggressive as customers. So I, I wasn't a terribly keen employee but they made it worth my while to join Microsoft to build them a CD-ROM plant in Dublin which I did.

Donal Keating: We got that up and running. And just at that time, a team in the US wanted even more secure CD manufacturing. So at the time, one of the great ways of making money very easily was to produce either Office 97 or Windows 98 CD's and sell them. Now, you could make money in different ways. You could just bootleg them and make recordable CD's, but people then knew that they were buying something cheap and cheerful. There was, you get a few bucks for it but you weren't gonna make big dollars.

Donal Keating: But the more sophisticated criminals did is they made visual pass offs, like very very good pass offs of the product. Packaged them up and even it into the supply chain. So today everyone is conscious of supply chain attacks. Solar winds being an example and in the recent past supply chain attacks have been all over the business. But if you go back to those times, people didn't really consider the supply chain attack. And one of the significant vulnerabilities in the software industry back then was, there was this whole world of people prepared to make very, very sophisticated counterfeits.

Donal Keating: So, I was working for Microsoft at the time and there had been some legal cases chasing down counterfeiters and the, they had a newly appointed attorney in Europe looking after the counterfeiting team and we got talking and it was just one of those things that you know, you suddenly meet someone who knows what they really want to do and I knew how the product was made. And I said, "Look. All, all of the, the way you're going about this identification of counterfeit is all wrong." You know. The, the example I think was that if something was misprinted, it was, if it was badly printed disc it must be counterfeit.

Donal Keating: I've run en, enough CD plants to know you can have a bad day in printing discs. So that was the start of the concept of a proper forensic analytic lab that would look at product and say, "This is genuine or counterfeit." And that really was the start of getting into the security space. And then I guess was in the year 2000-2001 maybe.

Natalia Godyla: What was your next step within Microsoft. What, what brought you to the role you have today?

Donal Keating: Yeah, so actually at the time when, when I met the legal team for the first time I, I was transitioning out from running the CD plant to working on the anti-counterfeiting technologies. In fact I used to, I kinda had a role that was mostly based in the US uh, looking at hologram technology, fingerprinting technology, just a variety of technologies that are going to be used to protect our products.

Donal Keating: But it became more and more interesting to me to chase the criminals rather than to try and protect the product. There was lots of people focused on protecting the product. There was very few people uh, focused on, on locking up the crooks. And I think that was from one side, from the traditional counterfeiting side. One of the things that you got to learn is the economics of being a, a criminal.

Donal Keating: And they would save themselves as, as people but what's their motivation? How do they do it? You know, how do they communicate? So, that was way back then that seemed to be very interesting and exciting. So I did more and more of that. Like I said I went around the world. I was in raids all over the world of, of plants producing counterfeit discs.

Nic Fillingham: Can you share any examples?

Natalia Godyla: (laughs)

Donal Keating: Yeah. yeah, yeah, yeah I can so, the, the more recent one actually that's back in 2013 because we pretty much stopped em' physically counterfeiting but back in 2013-2014, there was a plant in the Ukraine that had been, it, it had belonged to the old regime. There's a new regime comes in so they re-raid the plant and I, I got called in just because I knew about how to obtain evidence from a CD plant. So they just wanted a kind of an expert from Microsoft to help them obtain

Donal Keating: ... obtain the evidence from the plant. But I arrived at this factory, brought there by law enforcement, and they had these huge doors, big, enormous, big steel doors. But the bit that appealed to me was (laughing) two feet to the right of the door, there was actually a hole blown in the wall. The cops said that to do the raid, he said, "That door is too secure but the wall's not so secure." So they went through the wall.

Donal Keating: I- I've done cases in- in Russia also. So everyone knows that counterfeiting is a problem, but one of the ways you- you protect yourself is if you have someone who is on the law enforcement side of the house who will not raid plants, that they are kind of under their protection. But what happens when you stop paying the protection money? So it turns out that Microsoft got pulled in because someone wasn't paying their protection money, uh, anymore, and law enforcement raided the f- facility.

Donal Keating: I went there to analyze the evidence and testify that yes, this in fact was a Microsoft product that was being counterfeited. When the plant that had been raided realized that the law enforcement were taking it seriously, they obviously paid their dues again. So I'm in this police station in the morning, uh, we're taking the evidence, y- you know, gathering up the notes. And when you're handling evidence, you have these tags, so you take something out, do your analysis, and then you seal the bag and- and sign it.

Donal Keating: Suddenly, there's an urgent request to go to lunch at, you know, 11:30 or something. Never a man to dodge lunch, we went off to lunch.

Natalia Godyla: (laughs).

Donal Keating: But the lunch went on about three hours, and when we came back I'm looking at my pile and I see all this stuff that I had already examined, but they're not my seals, it's not my signature. And I said, "Th- this is not what I looked at this morning." (laughs). "Oh yeah, that's- that's what you looked at this morning." (laughs).

Donal Keating: It was the sort of environment where you don't- don't go and argue with anyone, so we just stepped away from that. There was some- some follow-up, but there was no confirmation that what that plant had been producing was Microsoft counterfeits and it all got swept under the carpet.

Nic Fillingham: Donal, when I hear the word raid though, I think of paramilitary, I think of guns and- and- and all that. Is my mental image accurate? What, how- how sort of scary, how dangerous were these- these raids that you were a part of? Or are they a bit more sort of... Well, yeah, that- that- that's my question.

Donal Keating: So generally with counterfeiting, they tend to be, they're not dangerous. So sometimes, mostly I would get called in after the raid had happened, so therefore there's no danger, the environment is secure. Remember, these manufacturers are doing it on behalf of someone else. It- it's like malware today, there's a whole bunch of different individuals in the supply chain. My specialization at the time was the- the actual plants themselves, so we were going to sites that it was a regular manufacturer who was just breaking the law. There wasn't that risk.

Donal Keating: But since I came to the US, I moved for Microsoft to the US in 2013, I got hauled into a raid where someone was selling product keys, and for some reason the case was a Homeland Security case. And that's the first time that I've ever seen, I actually wrote up a report afterwards, um, I was there with a- a Microsoft colleague and he was ex-FBI, and to him, it was perfectly normal. But to an Irishman who has grown up on American TV, it looked like the real thing.

Donal Keating: They had an address and we were going in to the address, but there's a briefing beforehand that has a SWAT and a whole bunch of agents that are going there now. We're invited along as the- the analysts, like to- to analyze what they find. But there's this briefing that starts off with, you know, if there's- if there's shootings, here's where the hospitals are. If it's, you know, serious, here's where the helicopters land. You kinda get this mental image built up that you're going to raid a super-secure and heavily-armed target.

Donal Keating: In this case, the entire team arrive up (laughing), and the guy arrives out in his dressing gown. And- and his first words to law enforcement was, "I haven't counterfeited for a year." (laughs).

Natalia Godyla: (laughs).

Nic Fillingham: (laughs).

Donal Keating: Working that closely with law enforcement was quite a buzz, but all of that was sort of intellectual property crime that I was focused on, and since then, since 2013, 2014, I have changed my focus pretty much entirely to protecting Microsoft customers. So taking all of those techniques and, you know, understanding about the way people behave, and looking at behavior of criminals.

Donal Keating: And using data, in essence, to- to look for, I used to look forensically for evidence of did it come from an authorized supply chain or an unauthorized supply chain? We built some special technology to do that with microscopes and image matching and stuff. So taking a lot of those concepts and then applying it to data streams. Is this a normal behavior for this type of data? Where's the anomaly? What's the cause of it? All of those sorts of things.

Natalia Godyla: Was there ever a counterfeit example that shocked you, that was just so close to truth that you were surprised? Like just awed at the counterfeit artistry?

Donal Keating: Well, I will say absolutely, I'm- I'm in awe of the ability for people to make things that look so visually identical. And a- a counterfeit never, they never manufacture things in exactly the same way that we did it, so we would emboss a hologram, uh, the counterfeiters by and large produce labels. But boy, were those labels good visual pass-offs. You know, it became, I wouldn't say impossible but it actually became, you know, you need to put your glasses on to look at the th- thing and say, "Oh yeah, that's counterfeit."

Donal Keating: But again, that's to someone who has knowledge of the product. Uh, I think a- a thing that a lot of people forget, specialists, people who look at this stuff all the time will look at it and say, "Oh, well, that's, you know, it's missing the T and I've got a small I here. And look, this- this color is a bit off." To someone who buys this product once every three years or once every two years there's no build-up of a reference library of, "You know what? If it looks good, it must be genuine. And in fact, there's a little sticker on it that says this is genuine." (laughs). Therefore, you're socially engineered into thinking yes, it's genuine.

Donal Keating: Uh, I love- I love when you g- get products from Amazon and you, a little card comes out that says, "This is an authentic product because, you know, we've got the card that says it's an authentic product."

Nic Fillingham: The certificate of authenticity, which is a little matchbox-

Donal Keating: Uh, yeah.

Nic Fillingham: ... square of cardboard that, uh, (laughing)-

Donal Keating: Yeah, yeah.

Nic Fillingham: ... has been printed on an inkjet printer. (laughing). And cut out with scissors.

Donal Keating: Yeah. One of the things that criminals are very good at is social engineering people into thinking they're doing the right thing, in- in whatever area it is. Like they would give people additional stuff in counterfeit packages, and made them feel even better about themselves getting this really good deal online. Uh, you know, it- it's just the- the psychology of- of people, we're just not designed to be suspicious of everything. Which is great, but unfortunately for people who work in this space, you get suspicious of everything.

Nic Fillingham: So we're rapidly moving away from physical media. My Xbox doesn't even have a- doesn't even have a disc drive anymore, so it's, you know, it's entirely- it's entirely online digital distribution. But I see there is still, there are still counterfeiters out there. There are still, you know, it's still probably big business in some parts of the world. Is that, are- are, do you still have your finger on the pulse or have you fully, uh, left that- that space?

Donal Keating: I have fully left that space, but absolutely, you know, there- as long as there is a dollar to be made there will be people in that space. But it's just not- it's just not what Microsoft focuses our effort on. You know, there- there will always be people who wanna go and pick up- up Windows on a CD-R. What I would say is then they know the risks that they're taking. You know, they're- they're a self-selecting group.

Donal Keating: You know, we always talk about make sure that you're patched and have everything updated and use good password security. Well, you can- you can lose all that if you choose to obtain your software on a recordable CD where it says, you know, "This- this is real stuff." You know, e- especially on a, at the OS level. When you're installing an OS from a disc before anything has been turned on and all your signatures have been updated, it- it-

Donal Keating: It's really easy to- to build a device with a lot of malware on it. Therefore, that is an area that I have concerns about, is that your supply chain for your hardware is, y- you're not buying the thing that you can get for the cheapest price. You're- you're buying from your authorized channel, you're buying from people that are reputable.

Donal Keating: I think one of the really important things in security is the reputation and, you know, trustworthiness of your supply chain. So that's not an area that we spend a huge amount of time in, but it certainly is a thing that, um, is- is of concern to me.

Nic Fillingham: And Donal, I think you've already said this, but to reiterate, the- the- the principles and the learning from your time in- in forensics and in physical, uh, disk manufacturing and- and- and anti-counterfeit work is that the sort of human psychology and the social engineering that was a big part of that business continues to this day. And you were sort of bringing a lot of those learnings and principles forward, and you're just now applying them to, uh, new supply chains and- and new technologies. Is that- is that accurate?

Donal Keating: That's accurate. The- the one other thing, we did start to get into what I would consider big data in 2013, 2014, when we started to take activation behavior. So as devices touch Microsoft's servers for activation or validation, starting to do analysis on- on, at a large scale. So there were a lot of indications back when that you could identify countries that had relatively high rates of what I would considered piracy, and they correlated well with what, with encounter rates of malware coming from Defender and th- the various AV companies.

Donal Keating: So it- it started out as a narrative, uh, in 2013, 2014, that we had high piracy rates. You als- also had high levels of- of security issues on the devices. I think that has- that has continued to some extent, but now as we move to a more digital, and- and hopefully more secure, supply chain, that opportunity for people to, you know, put large volumes of physical product that have malicious doors on them is hopefully being removed. But the skillset that I learned in, you know, analyzing very large volumes of data, that sort of was the start of it.

Donal Keating: In fact, the Digital Crimes Unit built some analytic environments, uh, originally on, you know, on-prem servers, and now we've moved over to Azure. That allows us to do very large-scale analytics of huge datasets. That was sort of borne of our analysis of activation and validation, um, six, seven years ago.

Natalia Godyla: You've had a couple notable shifts. What else other than your background in analytics has prepared you, or have you done to prepare for these changes? Do you have any recommendations to somebody who might be experiencing a similar shift and wants to get up to speed for this type of role?

Donal Keating: W- well, if it's in Microsoft, we are incredibly lucky in that we have some very, very smart people. I'd say that the number one skillset that you need in navigating this is your ability to pick up the phone and talk to someone and admit that you know nothing about it. You really do have to talk to people who have expert knowledge in the area. Because you can be great at cultivating data, but unless you understand really what it means down to a very, very granular level, not the- not the 101 version of it but the 201 and 301 version of what do these things mean? And in Microsoft, we also have the people from Microsoft Research. I've been helped enormously on the AI and ML side from people who have done this clustering on short strings.

Donal Keating: There is no magic to any of this. You've gotta have the data, you've gotta have the right data, you've gotta have the cleaned data, but there are tooling that, once you have everything that you want, allow you to represent it in a way that is easy to manipulate and- and highlight the things that are important. So I would say what have I done? I've talked to a lot of people in Microsoft about how they do what they're specialized at.

Nic Fillingham: And what about when you're not working on this stuff? What's, what do you- what do you like to do, Donal, in your- in your spare time? And does any of that, uh, bleed over into your professional life? Do you, uh, do you like to do your thinking when you're climbing walls or- or something? That was a terrible example, but- but what (laughing)- what-

Natalia Godyla: (laughs).

Nic Fillingham: What do you- what do you do for fun?

Donal Keating: Well, when I'm working, my 150-pound dog, who really is a- a- a slobbering sweetheart-

Natalia Godyla: (laughs).

Nic Fillingham: Type of dog, breed?

Donal Keating: He's an Anatolian Shepherd, specifically a Kangal. So-

Nic Fillingham: I have a Great Pyrenees, which I believe is a- a distant cousin.

Donal Keating: Oh, yes. Yes. Uh, his name is Pamuk, it's a Turkish breed and pamuk means cotton in Turkish. But when I'm working, um, he does kinda, because he's a big dog, I kinda like to think that, you know, hey, if we had a security team that just looked, you know, dangerous would people mess with our product?

Natalia Godyla: (laughs).

Donal Keating: So that's one thing that, you know, I- I- I do like to think about my job when I walk the dog. But I'm also something of an urban farmer. I have three chickens and I like to grow potatoes, because I'm an Irishman, and turnips and leeks and stuff in my tiny little garden. So.

Nic Fillingham: Are your chickens laying at the moment? Because we have ducks, and my ducks have gone on strike and I'm not getting any eggs out of them at the moment.

Natalia Godyla: (laughs).

Nic Fillingham: I'm wondering if- if you're... I know- I know chickens and ducks are a- a different bird, so I am aware of that, but just wondering if it's, what are you seeing in your- in your chickens?

Donal Keating: You know, I'm a data guy, so, um, we went from one egg per chicken per day in the summer to kind of nothing in the late fall, and then starting luckily on the 21st of December, we got a- a burst of eggs. And then we now, out of three chickens I get one a day. I'm not exactly sure which one is doing, is...

Natalia Godyla: (laughs).

Donal Keating: If one is producing all of 'em or they're firing every third day. But, um, yeah, we're- we're- we're production again.

Nic Fillingham: I think we need some machine learning algorithms to, uh, monitor the egg producing habits of chickens and/or ducks to see if we can, uh, increase output.

Donal Keating: Uh, for- for sure.

Natalia Godyla: (laughs).

Donal Keating: It- it's- it's the only way to go about it, eh? The problem though with AI is we'd need to get about half a million chickens, and then we'd have a pretty good answer.

Natalia Godyla: (laughs).

Nic Fillingham: (laughs).

Natalia Godyla: Well, we definitely thank you for that, Donal. And thanks for joining us again on Security Unlocked.

Donal Keating: You're very welcome. Thank you for having me back.

Natalia Godyla: Well, we had a great time unlocking insights into security. From research to artificial intelligence, keep an eye out for our next episode.

Nic Fillingham: And don't forget to tweet us @msftsecurity, or email us at, with topics you'd like to hear on a future episode. Until then, stay safe.

Natalia Godyla: Stay secure.