Home
Story
2022 Jailbreak Security Summit: Justin Sherman: Russia’s Open-Source Code and Private-Sector...
N2K logoOct 28, 2022

2022 Jailbreak Security Summit: Justin Sherman: Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem.

When analyzing Moscow’s cyber power, much of the policy community and international media focuses on the Russian government’s internal cyber units and several criminal entities identified in the press. This overlooks a vast part of the Russian cyber ecosystem—including open-source code projects to which Russian developers contribute and the private-sector companies that help build talent, develop capabilities, and support state operations.

This talk, from Margin Research and its SocialCyber project, will describe its research findings in the areas of open-source code, foreign capability development, and foreign hacker communities—specifically focused on Russia.

Justin Sherman works with Margin Research’s team on research concerning foreign open-source code, cyber capability development, and hacker communities. He is also the founder of Global Cyber Strategies, a DC-based research and advisory firm, a senior fellow at Duke University’s Sanford School of Public Policy, and a nonresident fellow at the Atlantic Council.

Transcript:

Justin Sherman: Thank you very much. Can we hear me in the back, OK? Yeah, so thanks so much to everyone for being here and for the opportunity to speak with you all today about this. I also understand I am between you and snacks later, so I will try and keep this brief and then we can have questions and discussion. So we will be talking today about the Russian open-source code and private-sector cybersecurity ecosystem. So I am based in D.C. I run Global Cyber Strategies, which is a research firm there. But today I'll be talking about my work with Margin Research on this particular DARPA project focused on the Russian hacker ecosystem. 

Justin Sherman: And so what we'll run through first is a little bit more about the SocialCyber project, which is quite an interesting DARPA initiative that's been started up, a bunch of different contractors working on this problem set. We'll talk a little bit about our research into Russian open-source code, go through some of the key actors in the hacker ecosystem in Russia and then end with a bit of a look forward, especially as the situation in Moscow continues to evolve in quite interesting ways. 

Justin Sherman: So just to jump right in - so Margin is a boutique research firm based in New York City working on this project, the full title of which is listed here. The shorthand is SocialCyber And there's basically two premises to this project. The first is that open-source software is important generally to national security because of where it's used. It's also important specifically to the Defense Department. And so how do we understand the particular risks that are posed to that ecosystem not just on the technical side, but also thinking about the human side of the equation. Which companies, which individuals, others are contributing to the security of that software? 

Justin Sherman: So just to give you an idea, this is how broadly DARPA is thinking about this problem, which is, yes, you can have, you know, things that are technical. You can have people submit code that includes new vulnerabilities introduced into something like the Linux kernel. At the same time, there's also a whole host of risks that we lose if we just focus on the code. There's also pressure that can be placed on developers to do particular things. There could be information operations against open-source communities - and other kinds of activities that sort of bring in that social dimension of social cyber. 

Justin Sherman: And so the thinking of this project is, let's actually try and wrap our heads around this and then understand resulting national security risks. So Margin's approach here - and I will preface this - so I have a background in computer science. It's been a minute since I programmed, so I will be going through a bit more of the technical work that Margin's doing. Certainly, if folks have questions, can try and answer them, but happy to connect with the team. The later half of this, which is more the analysis of the Russian ecosystem, is more so my area. 

Justin Sherman: But the Margin approach to this issue - right? - because it's looking at open-source software broadly, is to say, let's look specifically at the Linux kernel. Let's look at the chain of trust and development that goes into developing the Linux operating system. And let's actually think about who the key players and contributors to the Linux kernel are from all around the world. There has been a separate workstream on China, in this case, including analysis on Russia. 

Justin Sherman: So there's really three phases to this approach. The first is to say, how do we actually ingest data about contributors to an open-source software system like the Linux OS and specifically the Linux kernel? The second phase, then, is to take various streams of data about those contributions and merge them all together. So this includes things like going through particular mailing-list data to understand the individuals who are attached to the Linux operating system. It's also gathering Twitter information and other open-source data on those developers that can be pieced all together. 

Justin Sherman: And then the third phase, which is where folks like myself and other linguists and regional experts come in, is to then actually take that data and identify particular people in the ecosystem, identify people who may be introducing security problems. And even if they're not introducing known vulnerabilities, at least say, who are the key players? If we think about pressure points, for example, that a foreign government could exert on particular people, who are those actors, and what are their places in the ecosystem? - long way of saying, in 2021, the top contributor to the Linux kernel on an organizational basis was Huawei, the Chinese telecom we're probably all familiar with that the U.S., specifically, the FCC, has designated as a national security threat, along with several other Chinese tech companies, for their close entanglements with the Chinese government and the intelligence services. Interestingly, Linux even - or Huawei - excuse me - even beat Intel in 2021 in terms of the number of contributions. 

Justin Sherman: On the Russian side, the contribution volume overall is much lower. But Positive Technologies is one of the big contributors from the Russian side, a company that we'll talk more about in a minute, sanctioned by the U.S. government that develops offensive capabilities for the Russian intelligence community and helps with a variety of other hacking activities. So just a couple of examples - if you dig in further - from what some of the Linux kernel experts on our team have looked at is, you know, of about 36,000 different contributors to the Linux kernel, there are at least 30 or so that exhibit suspicious behavior in the kinds of code they're submitting. 

Justin Sherman: One example is, in 2020, there was a senior security engineer at Huawei who pushed some code introducing new vulnerabilities. This got out. They claimed it was a security patch. It was a whole thing, and the company disavowed any knowledge of what was going on with that particular developer. So you have these cases where, again, it's not necessarily known to be malicious, but there are reasons for concern, and there are also risks, given corporate association or links with a particular foreign government. 

Justin Sherman: So here's just one other example. Once you have this kind of information, you can do things like say, which Chinese educational institutions are the biggest contributors to this particular piece of open-source software? Again, you can then do analysis on top of this to say, what are different risks that may or may not 

Justin Sherman: stem from this, given who's doing the contributions? Some of these have links with the defense apparatus, etc. So here's an example in the Russian case. Again, as I mentioned, one of the top contributors to the Linux kernel from Russia is affiliated with a company called Positive Technologies, which we will talk more about here. But this particular individual, Alexander Popov, does security research at the company, has had an interesting career trajectory in Russia, doing security for the Russian railways, doing a lot of different research projects but, since 2013, has been pretty focused on this question of Linux kernel security and, as you'll see here, has submitted over 40 patches to the kernel, publicized some important vulnerabilities and developed exploits and patches for those vulnerabilities and has widely spoken internationally and on the Russian hacker conference circuit. 

Justin Sherman: So this is an interesting case because here we have - we did this analysis. We identify a key contributor from Russia to this open-source software. And the contributions really appear security-focused. A lot of this individual's work, when you look into it, appears defensive, and the company, indeed, has a large defensive-research focus. But you get into these questions about potential influence and what happens, especially given that Positive Technologies is known to also discover vulnerabilities and then build exploits for them and pass them off to the Russian intelligence community before then disclosing them or without then disclosing those vulnerabilities. So who cares? 

Justin Sherman: So, you know, first of all, Linux is very widely used. We all know that. But the second piece is that, in Russia in particular, there's been a huge push over the last decade to move towards domestically made hardware and software. This began around 2010, 2014. This is a whole other 90-minute diatribe I can do. But you had essentially the Arab Spring. You had the Maidan Revolution in Ukraine. You had talk of Twitter revolutions. You had all of these geopolitical events that essentially drove a new level of Kremlin fear about the internet and fear about foreign software as a means of foreign government influence, projection, surveillance, etc. And so you had senior Kremlin officials, you had Putin himself, actually, coming out and saying things like, we need a stronger domestic tech base. We need to get rid of our dependence on Western technology. And so that really accelerated in this middle block here. You had the Russian government stand up in - a few years earlier - this Skolkovo Innovation Center, which they were dubbing the Russian Silicon Valley. There is probably a joke in the Russian and the Silicon Valley part there because it fell apart due to corruption. But there were also a number of budget cuts and other things over the years that really deteriorated that. But you see a rise in focus on domestic software. 

Justin Sherman: And in 2019, Linux became a key part of this because the Russian government actually cleared Astra Linux for use in defense-ministry and intelligence-community computer systems. They had sort of reached an apex of concern about Microsoft Windows, believing, for a variety of reasons, many of them Putin-type paranoia, about foreign surveillance and so really wanted to purge their systems of the Western OS and instead go with something that they were developing. And so we've seen this acceleration since then, this emphasis on developing domestic technology, on replacing foreign technology. 

Justin Sherman: And, again, Linux has been a key thread of this effort, which brings us to this part, which is sort of the second piece of what we'll talk about today. And this is a lot of the work that I've been doing on this project and have done for other organizations, which is, when we're talking about cyber capabilities in Russia, cyber talent in Russia, cyber power, broadly, in Russia, we're not just talking about government units. We're not just talking about the FSB, the GRU. Those are key parts of it. But we're also talking about this really large web of actors that have often changing, sometimes nebulous relationships with the government - cybercriminals, patriotic hackers, developers at totally legit Russian IT companies who get coerced into building things for the government, front companies, etc. 

Justin Sherman: And so here what we'll talk about is one slice of that, which is the actors in the private sector. There are plenty of these companies who are doing defensive work. There are plenty who have had relationships for years with Western security companies. There are also some of these firms that help intelligence agencies recruit, that build capabilities for the Russian military or covertly support strategic planning in cyber. And so, again, from a national security perspective, there's reason to understand this development ecosystem. Again, really wide range - so, you know, you got companies like Infowatch, Positive Technologies, Sberbank-Technologies, Rostelecom-Solar, Kaspersky, which DOD in 2018 banned as a national security risk, alleging the Russian IC was funneling through Kaspersky virus - antivirus installations to steal data. So you have this quite interesting ecosystem in Russia of these companies. 

Justin Sherman: So, again, some of this support is - really is defensive. Security Code is one example - provides defensive security services, products, support to - this is just a sampling, right? - to Rosgvardiya, the National Guard, to the Federal Security Service, the Ministry of Defense - right? - has a huge government portfolio and is really one of the key contractors on the defensive side - same thing on the private sector or oligarch private-sector side - this company being a key protector of, you know, companies like Gazprom and Transneft that carry Russian energy and are a massive underpinning of Putin's power in Russia and of Kremlin economic levers in Europe, for example - so, again, some key actors, once you start to map it out, who sit at interesting nexuses in this ecosystem. 

Justin Sherman: On the flip side, again, some of this is defensive. Some of this is offensive support that these companies are providing to the Russian government. So two examples that Treasury has designated are Neobit and AST, which are both medium, smaller-sized Russian companies that provide support for the Russian intelligence community. Interestingly - you know, this is public - I had not seen anything written on this specifically - but if you go back, one of the Russian spies that was expelled from the U.S. in June 2010 - I'm sure we all recall, or many of us recall the spy ring that was tossed out - one of them was working at Microsoft and before that was at Neobit, actually. So you got sort of interesting things about who they turned to for capabilities, who they then sent into the field to do various things. And Positive is one other example that we will dive into here and show some of the research our team has done into Positive, all open source, a lot of Russian-language stuff. So who is Positive Technologies? Positive Technologies was founded in 2002 as, really, a cybersecurity startup. They had one office in Moscow. They had, I think, six employees, you know, really kind of working from the ground up situation. Now they have many, many employees, have a global reach. We'll get to that data in a minute. 

Justin Sherman: But Positive will tell you - and they will say on their website and in news releases and other things - that they support the Russian Ministry of Defense. What they will say, though, is that all of this support is defensive. So nothing going on here. We're doing firewalls. We're doing vulnerability management. We're doing incident response - all of that jazz. But you have the U.S. government and some others then coming out and saying, well, actually, in addition to doing that, they're supporting FSB cyber operations. And you have on top of that a bunch of reporting talking about classified U.S. conversations about how, again, they will identify vulnerabilities and then build exploits for them and pass them off to the Russian intelligence community, including a division at Positive that does reverse engineering of U.S. government and Western government offensive capabilities. 

Justin Sherman: So, again, it's a large company. There's lots of divisions, but some of them are doing very active support for offensive capabilities. They also have other kinds of outreach, which we'll run through in a minute. So they help the FSB and the GRU, Russia's military intelligence agency, recruit hackers. They'll run hackathons. They run the largest capture-the-flag competition in Russia, which we'll look at momentarily, and use these events, knowingly, for the intel community to come and identify people they want to work in the government. They also have a really big footprint in Russian universities. So there's really been a huge uptick in the last decade of Russian universities teaching cyber to their students. They will not call it cyber. Russian doctrine does not use the word cyber. They will call it information security, broadly including actual information and content and disinformation. But they have content that they push out to dozens of these universities as well. 

Justin Sherman: So here's just one example. This is some data we scraped together. You know, venture capitalists love a good hockey-stick curve, right? They've had pretty good growth in the last several years. Again, they started out small. 2010 to 2014, you see a good bump, and then after that, again, coincident with this domestic tech push, Kremlin investment in the domestic cyber ecosystem, huge uptick in company size. Our estimate's they now have, like, 1,200, 1,300 employees, but, you know, seem to be growing. And, you know, folks can go, for their amusement, find career postings and things of that nature. 

Justin Sherman: So another interesting case we find here when we look at Positive is not just growth in the number of employees but actually moving to increase their footprint overseas and to push their cybersecurity software and services to clients around the world - again, interesting in and of itself, even more so when you consider the entanglements with the government. So Denis Baranov took over as CEO last summer. The founder, Yury Maksimov, left the CEO position, went to the board - company politics. But before that, he ran application security research so does have a deep technical research background and is also the driving force between a major capture-the-flag competition that they put on every year. We'll talk about that in a minute. This year's featured attacks on Russian oil systems, foreign attacks on Russian banks that they have to defend against. It's quite interesting. 

Justin Sherman: But what I want to talk about here, though, is that when Baranov took over Positive Technologies, he said, I have three goals - more automation, so throwing in the AI buzzword. I want to IPO, which they have done. And I want to scale up our international presence. We had 40- to 50% international growth in 2021 or - excuse me - in 2020. I want to get even more. Similar thing if you go through - there's a number of Russian press articles about this - Positive really wants to expand in the Global South. They want to expand in Southeast Asia, in the Middle East. And the pitch they're doing is not too unfamiliar to folks who have followed Russian arms deals and other kinds of things, which is, OK, sure, Latin American company - this is literally an example one of the executives gave. Sure, a Latin American company might not want to go all in on Positive Technologies' cybersecurity software, but they might also be concerned about U.S. espionage or European security-created risk. So maybe this is a way to diversify, and we can actually target our sale towards that desire to diversify risk across different countries. So again, playing into this political landscape as well. More fun graphics. 

Justin Sherman: So in 2002, as we mentioned, we just had six lonely programmers in the Positive Technologies' Moscow office. Again, this is stuff we've scraped. You go a decade later, all of a sudden, greatly expanded international presence. They have offices in Italy. They have an office in London. They have an office in Boston - quite interesting - in South Korea, right? A lot of these groups are doing sales, but over the decade, you see them start to actually send security researchers and others doing vulnerability hunting and other things overseas to do this work as well. 2021, it's even more. So opened a bunch of offices in Russia, outside of Moscow. Saint Petersburg is another big location. Mumbai, right? The list goes on. The Boston office has closed because they were sanctioned last year, and, you know, that doesn't really make sense for them to stay. But again, there's this focus - and they really have had this big growth. If we look at this, to a year later, and if we remember that graph, they have hundreds more employees and now really doing this. So again, questions about company expansion, questions about entanglement with the security services. There's a lot of attention to Kaspersky and a couple others. But you do see other Russian cyber companies really pushing to take over market share internationally. 

Justin Sherman: One more example here, and then we'll talk about Russian hacker recruitment, which is a quite interesting topic. So some folks in the room may already know where I'm going with this, but Dmitry Sklyarov runs reverse engineering at Positive Technologies. So recall that one of the allegations is Positive Technologies, for the FSB, reverse engineers U.S. and other government hacking capabilities. So big name in the Russian hacker space, speaks at all the conferences, et cetera, et cetera. And this is the part some folks might remember, is he actually was in U.S. custody about two decades ago. Sklyarov flew from Russia, where he was born and is based and lives, to Las Vegas for Defcon in 2001, gave his talk, and then the FBI came in, and they arrested him for violating the Digital Millennium Copyright Act through copyright circumvention software that he was building. So after he was arrested, he agreed to testify against his very tiny employer in Russia that was actually distributing the software. The U.S. government said, OK, we'll cut you a deal, and we'll send you back to Russia. 

Justin Sherman: So a few years later, he joined Positive Technologies. Again, they were started in '06, so he was a pretty early hire. Now he runs their reverse engineering division and has done a bunch of other research work. He - there is a long list of vulnerabilities that he has written about and disclosed some major ones recently and intel chips, and other things. And he's also a huge driver and supporter of these conference events, which we'll talk about momentarily, that the Russian government uses to recruit. So, again, why am I mentioning this? I think it's an interesting case study. We don't really often see foreign hacker in U.S. custody, let go, goes back to home country, now a key supporter of a company building hacking tools against the government that arrested him. So I'm not going to get into all that there, but I do think it's an interesting path to follow, especially when you consider the work on reverse engineering that he leads at Positive now. And, you know, people could make various arguments about what could or could not have been done with that talent. 

Justin Sherman: So now we'll talk about these conferences, and then I'll wrap here. So, you know, not dissimilar to other countries, the Russian intelligence community will send people to hacker conferences and say, go find talent - broad remit, right? That's - as we know, that's not unique to Russia, but Positive Hack Days is a key part of this. It's run by Positive Technologies. It was set up a decade ago. And it's a really big destination for Russian government agencies looking for young talent and looking for talent in particular areas. And as you can see, there's a ton of company sponsors. This is one of the biggest conferences in Russia every year. It's quite impactful in the Russian hacker community. So yet more data and charts. So, you know, Sputnik vaccine not doing too hot. 

(LAUGHTER) 

Justin Sherman: But really, I mean, you know, they're going up. They're going up. Obviously, disaster hits in 2020. 2021, they had this kind of crappy half-online thing, didn't go well, clearly. But 2022, they're basically back up to where they left before COVID and still climbing. So there's other data I can - happy to talk with folks after about on sponsors, other things. But every year, you have more companies pouring money into this conference in Russia. You have more government entanglement with this conference. So again, when we think about where the government sources its talent in Russia, where it recruits from, et cetera, these kinds of events are really significant to that. Here's just one example. So, you know, of all the different speakers at the most recent one that was held several weeks ago, Positive Technologies monopolized its own conference. So that was kind of interesting - there in the blue. But if we take that out, we see, again, tons of people from different organizations are going to this. If you go through the full list, it's small Russian cybersecurity vendors. It's large defense contractors. It's people from government organizations. And again, there's a lot of expanded focus at this conference on the Russian situation in the world, generally - lots of talk about Russia under cyberwar, words like that, from other countries and whatnot. 

Justin Sherman: You know, just to underscore this a little further, they had some really big names at the most recent conference. You had the Minister of Mass Communications and Digital Development in Russia give a couple of talks. You had Maria Zakharova. If anyone ever reads Russian propaganda, you probably know it or have seen her name as one of the biggest Kremlin spokespeople and as the spokesperson for the Foreign Affairs Ministry in Russia. She gave a keynote about digital sovereignty and how Russia needs to move away from dependence on foreign technology. A number of others - right? - people moping about how people are hacking Russia because of the war on Ukraine. And you also had the - which is interesting and back to the point of this DARPA project - a focus on open-source code. You had people talking about the importance of open-source development. You had people talking about the importance of expanding Russian native bug bounty platforms, which I don't know if I have a slide on. We can talk more about it - is also something Positive Technologies just stood up, a centralized place for Russian hackers to identify vulnerabilities in Russian companies and report them as well. 

Justin Sherman: Two more examples here, and then we'll wrap for questions. So the Moscow Capture the Flag is another popular event used for recruitment - again, not necessarily unique to Russia but another example of how they think about this. You had this launched in 2010 by a bunch of CISOs. That same year, the FSB, the Federal Security Service in Russia, came in and started using the event to recruit hackers. Five years later, the Ministry of Defense began sponsoring the event and started doing the same thing, which is also an important note, I think, right? Sometimes it's tempting to pretend that these foreign countries, particularly ones we might call authoritarian, are top down, super organized. They've got a bunch of agencies doing different things. There's bureaucracy. There's noncoordination. This, I think, is one interesting learning example, where the FSB has been ahead of the MOD in Russia for years on cyber. This is a basic example of the FSB identifying these conferences and CTFs to recruit from, and MOD trailing a bit behind, but also seeing value in actually investing money in those events. Yeah. And they had a bunch of other people attend. They had Infotecs attend, which develops capabilities and has worked with people associated with election interference, a ton of interesting things. And again, you'll see similar themes at these events. It's protecting against attacks on Russian critical infrastructure, securing particularly the financial system in Russia and energy infrastructure in Russia - again, not surprising given political priorities for the Putin regime. 

Justin Sherman: So, you know, the last example here is the CGF Russian Cup, set up by this half-botched - mostly botched Russian Silicon Valley project. But they run dozens of these competitions across Russia. They get thousands and thousands of young people involved in cybersecurity in Russia through these events. Some of these conferences also have launched stuff for elementary school ages and all kinds of other initiatives for very young people to get involved in cybersecurity from that age. It's really not clear from the open-source data what they're actually doing, but they are trying to target people who were, like, 8 to at least get aware of these issues. And again, you'll see entanglement with a number of U.S.-sanctioned cybersecurity companies. You see people from the Kronstadt group, which builds drones and other weapons that are used, including in Ukraine. So a lot of national security defense bent to the hacker community writ large in Russia. So all of that - many things said about the Russian hacker ecosystem. What now? 

Justin Sherman: So, you know, the SocialCyber project continues to evolve. As I mentioned, there's been a whole large separate workstream on China. Chinese contributions to open-source software are much greater than they are from Russia. So that's its own interesting separate workstream. But when doing this kind of analysis, at least the margin research folks are thinking about, how do you automate this, how do you look at other countries, and then what kinds of deep dives can you do into foreign hacker communities to actually understand those dynamics? One thing I'm personally very interested in, which I mentioned, is foreign bug bounty programs. You had Positive Technologies set up one of the first major bug bounty platforms in Russia several weeks ago. They already have a couple major companies on board and a bunch of government people talking about specifically that platform and how important it is. So, you know, those kinds of ecosystem developments, I think, are important when we talk about foreign capabilities. They're also important when we think about even broader questions than maybe we covered here, like Russian dependence on foreign technology and what that looks like in the coming years. So - threw the Twitter handles up here. 

Justin Sherman: But with that, I will open for any questions folks have about any of this content. Yes, question. 

Unidentified Person #2: I'm just curious about your thoughts on the future of kind of individual actors working together like Killnet in Russia, so that particularly (inaudible) kind of a - with all due respect - a clown show (inaudible) - looking in, you know... 

(LAUGHTER) 

Justin Sherman: Yeah. So the question is - and tell me if this is a fair summary there - is how much are we going to see individual action coordinated in Russia, like with Killnet, or is it just a clown show? I think... 

Unidentified Person #2: Yeah, that was it. 

Justin Sherman: ...Was the term of art. 

(LAUGHTER) 

Justin Sherman: Right. Clown is a - there's another word you can put in front of it. But the - I think yes, right? Essentially, how the Russian cybercriminal ecosystem works is sort of a threefold social contract. So mostly go after foreign targets. Don't undermine regime objectives. And if we tell you to do something, you'd better do it. Limited data, but all of those three things are borne out. The few cases you can find of Russian authorities actually arresting Russian hackers, it's for going after Russians. It's running credit card scams against moms and dads. It's targeting Russian banks or something else that, if you're a Russian hacker, is a very bad idea. And same thing on those other points. If you don't comply with requests, people have to leave the country, or they'll get coerced. So all to say, there is a lot of space for people to do that kind of action. There are a lot of incentives for people to go after money, to set up their own - whether it's something like Killnet or something more, you know, ransomware cartel style or something really coordinated. So I don't see that going away anytime soon. One thing I think we'll have to watch is - the more the Russian economy goes even more into the ground, is the extent to which the regime says, have at it. You know, ransomware is bringing a ton of money into Russia. And, you know, these kinds of activities are really profitable for corrupt officials and other people. 

Justin Sherman: Yeah. At the back, yes. 

Unidentified Person #3: I'm curious. Have you seen any correlation between propaganda, disinformation - (inaudible). 

Justin Sherman: Yeah. So has there been intersection between sort of more of these cybersecurity issues and disinformation and propaganda and that kind of thing? Absolutely. As I mentioned, so Russian - I mean, there isn't Russian cyber doctrine, per se. But, like, Russian military literature, et cetera, doesn't use the word cyber unless it's talking about foreign government concepts. That's not a domain to the Russians. That's not a capability set to the Russians. They use the term information security, which exactly to your point, encompasses things we would call infosec - encryption, firewalls, all that - also includes content, also includes misinformation, also includes controlling bad press reporting, suppressing dissent speech. So yes, they very much think about it fused. You see plenty of operations, like some of the ones Mandiant has disclosed recently, among others, that use cyber and information in tandem to target social media accounts or manipulate people into doing things that they then hack or whatnot. So it's very much fused. And I think that's a challenge from our analysis perspective. We often draw that line very cleanly between data and information here, cyber and disinformation, what have you. They don't think about it that way. Yeah, so if that answers your question? Fantastic. 

Justin Sherman: Any other questions? Fantastic. Well, I will not stand in the way of food and more beer. But thank you very much. 

(APPLAUSE)