>> much more to the newly designed c-span.org, more video with 11 beatrice mcneeley's free to what it is of an live and recorded. more features, online schedule and the three network layouts of the you concur please go through all programs on the network and even receive any mail a letter in your program is scheduled to air. more access to our most popular series of programs like washington journal, campaign 2012, book tv, and american history tv in more availability. use our handy channel finder to see where are the three networks are available on captive of cable or satellite systems. and click on spam products or decent books. the all knew c-span.org. and now the computer warned that infected more than 7 million computers around the world into a dozen date in 2009. this is about an hour and ten minutes.

[applause] [applause] [applause] >> we are going to do this in several parts. i'm going to do a very brief intervention, and then mark is not to talk and a brief reading and the new live q&a. then i think cards will come up and we will try to make this as inclusive as possible. for our discussion tonight mark bowden is a journalist who has we all that is the author of black hawk down and you probably also know was the basis for a 2001 movie directed by ridley scott. mark was a journalist first from 1979 to 2003. he was at the philadelphia inquirer, and for three seasons he covered football, is that

right? >> that's correct. >> she is written for the new yorker, men's journal atlantic, sports illustrated, rolling stone. i have to mention that would pianos that he was aspiring to embark on a journalistic career reading the electric kool-aid acid test. i was inspired as well. and in addition we of one of the characters from his new book, t.j. campana, who, to my mind, is as close as you can get to a digital sherlock holmes. he is also the senior manager for investigations of microsoft it's a crime unit, and he just gave me his cradle sticker, may he as an extra one. he has many tales to tell. so i just -- before they talk alike to talk a little bit about our subjects. the history of the worm, the

term probably most of you're familiar with colleges let me set it out. it originally came from a wonderful science fiction novel written by john brodeur in 1975 in which he posits something called the tape one. and the wonderful thing about the book, and particularly with respect is that he dismissed an authoritarian regime to control their society through basically in on the prison now work. and the rebels e used to born in, and the only way the perishing could get rid of the warm us to take down the neck, and thus the lost control. so that would bring it up, sure. also probably all know that the first real warm browns were experimented with as eros -- xerox park but to researchers.

are either of them here tonight? so i was looking in your paper in preparation for this, and i thought -- so what is a difference from a form of virus? they both came from science fiction novels. their terms of mark, but in the original shock paper who a word is simply defined it as a competition that lives on one or more machines. we can go from there, maybe it and to distribute computing. but also, in addition to the roots and of distributing computing being here ellises to talk about the roots of computer crime

he believes the first computer crime was a drug deal done in the late 1960's between mit a i stevens as stamford sales students. above that to be true. that is as much as i have to lay out. >> great. thank you. thank you for coming. i am particularly delighted to be on the stage with two guys to know what they're talking about. i am an old newspaper reporter, as john mentioned. about 30 years ago a fellow named sam nunn and he was the managing editor of the philadelphia enquirer the

overnight name to me this science writer. and this was a terrific thing for me because i was working in a suburban bureau, and then i get to come down and work in the main office. particularly during the 1970's the enquirer was one of the preeminent newspapers in america . overnight i was one of the preeminent science writers in america, all of which was, of course, completely unmerited. it turned out that jim, and looking for a new science writer for the newspaper was going to the resin maze of everyone on staff, and he noticed that i subscribe to scientific american. that is so i became a science writer. the truth of the matter is i was an english major in college, and i have started subscribing to scientific american precisely because i knew nothing of a science. i thought, well, helped also much of the modern world depends

on science and technology, out to make an effort to understand these things. i think that magazine has done a lot better, but 20 or 30 years ago i could not read any of those articles. they always settle intro that i could understand, but the sitter the actual article started and was lost. they had been building up in my closet for about three or four years, and little did i know that there would launch me to the height of american journalism. but i discovered, though, the in covering science in the years that i did it for the inquirer that my ignorance was actually very useful because i was writing stories for not experts, and i was a year and enough to ask the truly a your question that needed to be asked. othello's and severe and physicist at the university of pennsylvania our best what knowledge from was. and it was so effective for me

that it became a kind of philosophy of journalism. so whether i am writing about pro football or a battle in somalia or the a ron hostage crisis or in this case of a piece of mall where i would begin really at ground zero. and if you were to actually listen to some of the initial and to use that i did in preparation for this you would laugh because i have to stop the people i'm talking to, literally ever since to ask what they're talking about. questions like what is a router, what's the server, what is an isp. it was all complete -- completely foreign. what occurred to me about the story, though, was that over the months that the record there was this fascinating intellectual struggle going on between very high-level computer security experts and some extraordinarily

sophisticated authors. the conficker popped up in november of two dozen date and rapidly began assembling one of the largest but nets in the world price. what was specially fascinating is that the ad hoc group of volunteers his but working together to try to corral conficker, as neighbors to try to the fence this thing and, the creators of the war would make countermoves. this went on move countermove over a 45 month time frame. will redo a little passage commandos set it up just by explaining that after several of these moves and countermoves rodney joffe, who is this wonderful burly south african who emigrated to the united states years ago and who has become the head of security for new star, which is, you know, a

big telecommunications and internet based company in washington, he became the de facto head of the cobol, as they call themselves, the conficker working group. and as they continued to grow and as those who were battling it realized that it posed a unique threat to the internet itself, rodney went to washington to try to enlist the support of the federal government in fighting this thing. so rodney get invited to do a presentation at the department of commerce because new star manages the dot u.s. the top-level domain for the government. so he was a contractor. he was invited then. he gave them his power point presentation which it put together in his hotel room and i before about the conficker weren't. this along the folks in the room

who have for the most part not even heard of conficker. he started getting invited over the next couple of days to give the same presentation to various other places. so this passage am going to reach you is like two or three days after he has made his initial presentation. the following day he was asked to brief the staff of the senate select committee on intelligence because the committee's offices were off-limits to those without a high security clearance the staff arranged to meet with rodney in the visitors center of the capitol building in the cafeteria. about a dozen staffers met him there in the middle of the afternoon. the cafeteria's quiet and mostly empty. they cordoned off a portion of the big room with a portable dividers and set a route along table. before rodney gets started one of the staffers, young woman interrupted him.

just so you know, she said, we probably know a whole lot more about conficker than you do. we received a classified briefing yesterday afternoon, the law and said. so is probably not much weight can tell us about it. that's really good news said rodney. his voice heavy sarcasm. i know he knew without a doubt how foolish the estelle's was. the woman's areas in northern. @booktv collecting his notes. says you have matters to a plea of a control, and there is no reason for me to waste any more of your time. as she stood there was a chorus of nos. stay, protested one. we want to hear it, said another rodney sat back down. he took up copies of his power point presentation which had been printed up on stationery. he handed them out around the table. the woman who had addressed which you copy a pronounced dahlia : this is the same presentation we saw at the close

of five white house briefing yesterday. the meeting dissolved into laughter when the severs realized that they had simply taken ride is briefing and presented it at the white house as artwork and specified it to boot. rodney later confirmed it with his white house contacts to have attended all three sessions. they just did yours as their own so much for federal cyber defense. [applause] [applause] >> that is actually a terrifying death to start on, now that i think about it. >> isn't it? isn't it? >> you know, there are certain analogies that appear in your bucket various times. early on i think at a certain point you give the sense of the internet as the wild west : there is some sense of that

territory stretching out in cyber space forever, and that by analogy to my mind sort of brings up the possibility of the definition of the call as was phalanges. was wondering, what if, you know, the vigilante term worked, correct, masking a book of you. the following question is, you know, says the fed's and not doing very well, is the vigilante the last best offense in cyberspace? >> well, they certainly were in this case demand that think actually, the guys, he was one of them, there were a little uncomfortable with the designation when someone lifted up and realized. >> vigilante put someone realized the actual definition implies a kind of illicit or illegal activity. and so this subsequently dubbed themselves the conficker working group. but just like being a factor on the playground and people start calling his skinny. there is just no way you will ever get rid of that.

to the continued, even odds of cells to call themselves the trouble. >> would you take issue with the notion of is what to? >> yeah. the authorization they're saying, an assertion of the rights we have to protect turn system. vigilante is one of those lightning rod terms. working in legal and corporate affairs, you know, they call them vigilantes'. it is true and the says there was an ad hoc assembly.

the. >> card was a freeze a breakdown when you started your book. did you get the corporation easily conduit difficulty, does it depend? >> everyone was for legal to help. while level of ignorance. i have to say that there were in the patients. most of the folks who are worked with when i would out of the way tell me understand, redraft the story as i was writing it and correct mistakes to help me better understand the story.

what was conficker indications. >> the very nature of the internet lacy's early 70's utopias spirit of really sharing data. at that time primarily by academic researchers. they failed to really adequately consider how the openness of the internet which is such a boon to the world could also be a tremendous vulnerability. there be people who could take advantage of it.

president obama, he specifically cited teeeight -- conficker as a case decided of prepared federal government was to protect even its own network. so things have improved. as my impression. eocene and number of formal moves have been made by the federal government in the last two or three years that have been publicized and written about, so clearly the government is more aware today than there were two or three years ago. but there remains an enormous problem because it is a global issue. there is no such thing as a global police force. there really is no such thing as international law governing something like this, so the you know, it poses a tremendous challenge. >> i think the openness of the internet is its greatest strength and weakness. it is tough to really kind of manageability, security on the same level.

so, really, the fact that the internet is so open does make it vulnerable to these types of scenarios. invented the different time an era. the conficker incident was an awakening, definitely a new way of thinking about how we can address these types of issues, but thinking around how is it that all of these great technology companies are sitting in this situ technology right now. how can we not be more aware of what is going on, and how can we play a bigger role as an industry to try to tackle some of these problems? in really honestly, when he called up with a couple of my colleagues and the phone and said to make, what is microsoft doing, we were on asleep like, well, released a patch for that. you know, so we are sitting there looking at having meetings . computing, the folks that to all of the patchy for our technologies. you know, we can do something

here. we should be able to do something more year, and that was kind of an awakening for microsoft in particular. you see our program explode into all these differ ways of thinking about cyber crime and the way people are using the internet and microsoft technologies. >> can you give us kind of an epidemiology for people who may not know the blow of low of conficker, the first half. you did talk a reddish showing up. i guess it was john they talked about it. just sort of describe the beast here. >> rudd, the warm itself, it popped up on billboards. honeypot. honey net actually, and it was on his monitor. one of -- what happens is when the piece about where, a line will bubble on his monitor, and there are all these readouts defining what this is. one of which is the column which indicates sell well recognize this viruses to the major anti

virus industry. the vendors. this one recognized by nine. that is the first in the get his attention, and the next thing that happened was replicating so rapidly that within 24 hours, shoving every other piece of software out of this honeypot. the only readout were conficker, conficker, conficker, conficker. i literally had nothing else to work on at that point. what they discovered at sri when it began to dissect it was that it was very, very sophisticated. it was highly in a scripted. one of the things that did it was to check to see if the computer was about to the effect that a ukrainian keyboard and it was so distracting. but basically, of course, what a warm like this does is penetrate to the core of your operating system and replicate itself, send out and in fact every other computer on your network.

and also began calling home to a remote controller. the remote controller, the way you would ordinarily kill a botnets is job often said thomas intercepted communication and effectively kill it. so to prevent that the worm had no rhythm that generated randomly 250 new domains everyday so that he had to be behind only one of the steward and 50 doors on a given day whereas in order if you wanted to cut this thing off you have to shut down all to a hundred and 50 domains every single day forever. and so that was, you know, one example of the cutting nature of the thing. and that think he exited began buying up remains and putting them on his credit card, which gives you a sense of how ad hoc this affair was to try to stop the. >> before we go farther down the

path of the worms evolution, i just wanted to get back to that question of, you know, what kind of -- a question for t.j. i have a very old e-mail address, and i have a filter in front of it. >> well was that? >> most of the people here know. >> says most, a ticket, is distributed by but that, and in the form of , well, the level of spam is some rough correlation out there in the world, low-level of infection. my -- i remember about a year ago a large botnets was taken down. i have to say that if i look historically at the number of spam messages every day, it looks like it is fairly

tentative percent worse than it was. a good indicator of the state of, it is a perspective situation. so the operation you're referring to is b107. weekend of sit back and laugh at some other reports coming in. you know, one of them was zero attack on spam, one was 5% 110%, and most 30%, so we kind of look to more like a locomotive the real number. we determined it was a prospective think. we call our friends at cabell, do we do anything good for you based? well, we see a drop-off. well, i was hoping for a bigger number. the problem as a whole lot of the providers have systems in place that prevent sending as banned from non known in d.a.'s. so really they have been blocking a lot of the span of a city already, so we had a small impact with cabell.

with other organizations, particularly private companies, they saw a huge dropoff because the big spam runners would not really be sending you know because they knew that we would be blocking. i am assuming that have similar countermeasures, so we talked. they said that they have lawyers and manage the issue, with the thing that we sell marijuana and are honeypot attempt to spend -- send spam out, it was in the not so much a different domains. we deathly saw, but that would never make it into an in box because of the filtering. so, you know, only such a look at these things in going back to their herds of questions i looked at how many millions of my customers are being impacted. right fish stock, running something else. is based on our testing till so we look at a little differently. spam, said mccourt raman said they're harming us. well when i looked at it amikacin and many of my customers are being impacted.

so when we started to look in particular this so that it would reach out and we could track. so it's up to download a patch from our center in a very specific way several to fingerprint that, so we knew how many of the machines, how many missions through dealing with. what criteria we are looking at in the conficker case. how many of my customers are being negatively impacted by this piece. so, i think it is -- i think the state is not great on the internet, but i really -- in the past couple years i have really seen a surge in internet service providers and technology companies taking more of an interest knowing that private companies can do more to protect folks, so i think -- i think -- i think the dark days of behind this. some types of wood. i think we're getting that. as we start to really understand that there is more that we can

do, we're coming out of that. so at our last conference we had two weeks ago we had nothing conferences for two years now. the heels of the international katie tuscaloosa. how can my company help, take down. i would love to see spam go away as the distribution mechanism, but from the perspective, there is a certain perspective this shows that that might be the case. there might not be any change, but we are still in the a busy, so we don't know. >> i still feel that we don't know whodunit. i want to check in with you guys. there have been a couple of things that happened. take me to law enforcement aspects of the warm and how you guys feel that they can close of sensitivity of this war and are.

>> my suspicion is, and i can say with any certainty, that the authorities do know who was behind it. and i suspect that the difficulty in apprehending them has more to do with the policy, dealing with a foreign government, dealing with foreign laws and police agencies that it doesn't actually finding them, we do know about the authors of the warm without having. they are tremendously sophisticated programmers, and the reason i use the word burro is because it is also not one person because the warm conficker devastated such a high level of proficiency in so many different areas that is literally impossible for to imagine that one person would have that the level of ability in that level of knowledge in so many different areas at the same time. so the likely culprit is a group well funded, probably funded by

an organized crime syndicate to set out to create a very large, very stable botnets which could be used as a platform for all manner of mischief, money-making platform. >> if you look at the early indications of how conficker would be infectious being leveraged and a strong ties to know fate anti virus, strong ties to some type of affiliate program. but the keyboard check is really interesting because nobody wants to be arrested by local authorities for compromising machines in their country. really looking toward eastern europe to find know what that looks like, but it is one of those really interesting -- i agree. we referred the case to the fbi early on. they have been working the case for quite some time. i know that they're working hard on it. i don't have a picture of the guy. goods and just enjoying this a bit too much, what can you rule

out the possibility? if you wanted to point to the ukraine, what better and more obvious when putting in the keyboard? >> that is definitely a possibility. at think that it is entirely possible that someone would create something like the conficker botnets as a money-making tool because a damn bit -- it can be used for virtually anything. this group in europe used it to scam to drain $72 million of american bank accounts. did did that just by placing a portion of this botnets. >> was that the one time it was used, or was it used several times? >> you know the answer. >> in the early days was driving traffic traffic converter. ..

>> i mentioned earlier that, you know, the worm was generating 250 domains every day randomly, and when rick wesson and the cabal got their arms around corralling all 250, the sea variant generated 50,000 domains every day. so it was almost like, well, you're willing to spend this amount of money and time and effort to stop us, are you willing to, you know, make an exponential leap. and then they went one more step beyond that. >> that's right. you know, in fact, the cabal actually managed to recruit the cooperation of every top level country domain in the world, all 110 of them, and got their arms around 50,000 a day only to have

the worm introduce peer-to-peer communications so they didn't even need it. >> and do you think the authors were doing this on the fly, they were see what the cabal was doing, they were responding and saying -- >> without a doubt. you know, they would put little clues in that they were monitoring, you know, the traffic on the list serve that the cabal maintained. they were tapping into sris, a system just to check on, you know, o forth and how -- >> without giving away their identity. >> no, they didn't. you know, one of the interesting things they did was the communication from the worm to the bot master was encrypted with shaw ii initially which is the highest level public encryption method in the world. and right now there is actually a competition going on to develop shaw iii which went it's complete will introduce the new highest level of public

encryption. well, configure a had shaw ii as it method of encryption, configure b used a proposal from shaw iii which came from the author of the previous two shaws. and then he had a minor flaw in his proposal, so he withdrew it and corrected it, and configure c had the corrected proposal from him. so my personal theory is it might be -- [laughter] >> so when they went to that peer-to-peer mechanism, the cabal or anybody else was never able to see into the peer-to-peer communication mechanism. were you able to see the traffic that went -- >> you could still see into the peer-to-peer network. one of the big issues we face is we don't want to make smarter criminals, so we want to make sure we're observing, we're

always putting the enemy at a disadvantage. the fact that they went to the peer-to-peer mechanism didn't make it invisible. we knew they were still communicating. we could still kind of track to a limited degree if we had enough sensors in peer-to-peer network, we could map a significant portion. i know the guys at sri were working diligently, as were others, to do that. they were actually able to sneak a domain in that we had missed because we were still trying to figure out how do we stalk 50,000 domains per day. they snuck it in, they only updated a part of the bot that peer-to-peer mechanism. it's traditionally noisy, it's not as reliable as the straight command and control. it is more resilient to attack, but as you saw in the operation 79 and b49, there are vulnerables in the most of the peer-to-peer pieces that are out there, so we're able to oftentimeses analyze the mall

wear and the traffic -- malware and the traffic flow to be able to impact that. >> how many infected machines are there out there in the world still? did i hear 10 million? that's too big a number? >> no. that was initial numbers early on. >> right. >> they were using the key value, the unique strain that was seen in the update of the code. what we think is i think the latest number from shadow serve about four and a half million configure a-b modes and around 250,000 configure c modes that are out there. >> and it hasn't done anything of note for how long? >> long time. >> okay. that's -- >> to your question earlier, john, about the ukraine, i mean, the most logical explanation for a bot net like this as a platform for criminal activity, but if it is a sophisticated feint, you know, something like a bot net of this size is also a very powerful tool. and if you wanted to launch a

cyber attack, it's certainly capable of overwhelming overwhee route servers of the internet itself. now, if a nation-state was behind it, you wouldn't necessarily use that weapon right away. you would wait until you wanted to use it. i mean there, have been folks who have read this book, and they're disappointed that the real world sometimes doesn't offer a clean ending to a story. so it is true that the authors of the configure bot net have not tried to destroy the internet with it. but i don't know about you, the guy that somebody could wake up on the wrong side of the bed in key jeff and wipe out communications in north america, i find a little disturbing. >> there have been some arrests in the ukraine, but your bet is that they haven't gotten the configure authors? >> correct. >> okay, okay. so, um, you know, there's a spectrum of possibilities and motive here. one is, the most obvious is just malware distribution or selling off lease time. there's, you know, cyber war

tool, what i discovered in your book i thought was just fascinating, you had an explanation that in one of the generations of the worm, um, the nodes reported how connected they were. >> right. >> mentioned that their authors were thinking about the structure of the social ground. and there were some guys at mit who were wondering whether conficker wasn't some gigantic sensor net, that somebody was trying to build, basically, a surveillance tool rather than a theft tour. did either of you run into that possibility, that somebody instrumented the net to -- >> so there was robust discussion within the conficker work group of what their actual cause or use of the bot net was, you know, everything ranging from a state-sponsored piece of malware that got out of some secret lab somewhere to, you know, the prevailing theory right now that's being used to

monetize scareware. you know, certainly it's just too chatty. i mean, so if you look at some of the modern advanced threat malware that's out there right now, they're not being that chatty on your network. this was not designed to be a stealth piece of malware. >> so how long have you been in this business? when did you start sort of doing forensics and this? >> i went to florida state university in the better part of the '90s, so i got, you know, mr. bowden is his uncle, used to be the coach of our seminoles, so it was really nice to see that. ever since i was in grad school, my undergrad's in criminology and really i was more interested in information security, but, you know, you kind of put yourself through college, you do many things, right? so really looking at network administration, that's how i put myself through undergrad, and i

had an acumen for it, so i ban looking at those -- began looking at those things. in the mid '90s academic institutions really the wild, wild west was a good description of what those networks were like. typically fragmented administration, we were a public university, we couldn't block anything at the edge. i hear that's still the case. so we would see some amazing, you know, traffic patterns, and it was really kind of an open, an open, you know, hundred pot, the entire -- honey pot, the entire network was. so that's where it tarted to pique my interest. >> do you have trouble keeping your spirits up? i mean, this is kind of like rolling a big ball uphill at some point. >> i love it. i love it. [laughter] every day, my wife is, are you going to come to bed? hold on. [laughter] five minutes turns into five hours, the sun's coming up. no, i don't think, and we were kind of discussing this earlier on in the green room, i don't think i could wake up every day and do the same thing, and

that's what this type of thing allows us to do. >> and i found that true not just of t.j., but all those people involve with the the cabal. people asked me, well, if they weren't getting paid to do this, some l folks were doing it out of the goodness of their hearts, why were they doing it? and i think, you know, maybe the right answer is it's fun. it's fascinating. these people think they're smarter than we are? i don't think so. >> they are, sometimes --? >> sometimes they are, sometimes they're not. >> no, never. [laughter] good guys will always win. you've seen all the cowboy movies, right? >> how many members in the cabal are here? rick's here s paul here? anybody else? just two of you. >> are we a dying breed? nobody can make it out? >> so what's your take on this white hat culture? what did you come away from meeting this group of people engaged in the struggle? >> i think you could make an argument that, you know, that

conficker is not -- it's tremendously interesting and sophisticated. it might not be the most dangerous worm ever. the potnet might not -- botnet might not be the biggest worm ever, but for my purposes it's a wonderful case study, and it gave me an opportunity to sort of walk around in a subculture, in this case the culture of computer security geeks, ubergeeks, i call them. excuse me. >> just nerds. >> okay. and i think for me that's the fun of reporting and writing, is learning about aspects of the world and modern life that i otherwise would never encounter. and so for me, you know, i think that this is a unique subculture because the internet is a relatively new phenomenon. it's grown so rapidly that you find that the folks who were at the sort of vanguard in the

field are, there are very few of them. it isn't like you can go to -- well, nowadays you probably could, but i know when phil went to stanford back in, i guess, the 1980s -- i'm probably making him older than he is, maybe 1990s -- he had to actually shop around for a college professor who could teach him something because he had grown up playing with computer networks and systems, and it was such a new thing that he had developed a very high level of proficiency on his own, and it was really difficult to find someone who could tell him or teach him anything. and i think that that level of skill has continued, and it's developed in different individuals in different, for different reasons. but that's how i see them. >> it's interesting to kind of look at that, too, if you talk to andre demino back in new jersey, andrew ludwig -- >> yeah. andre was, i think he went to community college, and he was running a security -- he was an i.t. security guy for a small

company in new jersey, and he discovered that somebody over the weekend had broken into his network and used it to stash a lot of pirated music and movies. and he was able to clean it out and secure his network, and his bosses said, okay, end of problem. but andre thought, wow, you know? and he went back, and he checked his system, and he said that people were rattling his doorknob all the time to do this kind of thing. the idea that someone in eastern europe was trying to deposit a lot of illicit material in his little office park in new jersey, you know, intrigued him so much that he set himself on a course where he's become one of the leading authorities on botnets in the world. >> did you spend a lot of time with the shadow server group? talk -- what is shadow serve everybody? >> primarily, i spent time with andre, but i also talked to richard, one of the originators of it. again, the essence of a volunteer organization. they began, um, monitoring

botnets, dissecting the malware that creates botnets and killing them. they consider themselves to be botnet killers. and they would inform networks, they would just out of the blue they would call a network, a security guy, and they say, oh, we're calling, you know, from bergin county, new jersey, to let you know that your network has been hijacked, you know, by someone. and they would routinely be dismissed as, you know, someone pranking on them or someone showing off. but in time people realized that they were right. and they were offering this information for free. so andre's philosophy is, it's kind of like if you see someone's house is on fire, do you charge them to inform them that their house is on fire? he thinks not. so he knocks on the door, and he says, hey, your house is on fire. so he does this out of the goodness of his heart. >> andre and i and richard talk

a lot about that, kind of that model of saying, hey, you know, what's the right thing to do. and they strongly, shadow server strongly aligns with what they're trying to do. at the end of the day, the goal is to reach out to that end customer and try to clean them up and say, hey, there's some things you need to be doing in order to be a good internet citizen. >> you have talked about the takedowns, but is your group engaged in light-scale disinfection? do you mention some things that suggest you've written code and goes out and takes infections off machines? is that routinely done? [inaudible conversations] >> i'll be clear. >> yeah. on what scale have you done that? >> it's part of the windows update package, runs on 70 million computers each month. so that's one of the tools that we news. >> does that only get in machines that have the box checked? >> yes. so then we also develop tools

called the enhanced msrt, we also have a disc called system sweeper that beats to a windows pe image that has the full signature set. we engage with isps and certs around the world to get them operation from our sink hole so they can go out and carry that message into their countries, so it was the first time we had that remediation piece in place, and it's slow going. it was rough, it was ugly. who didn't want the data, who wanted the data, were they able to actually use the day? it took us about a year to get about 90% clean. when we did operation b107, we actually had a 50% reduction in the first, like, 45 days or something like that. so we're getting better. is that a long-term solution? no. we need to figure out what is the longer-term solution that we can really have more impact. but we kind of come up against we're the good guys, we can't push code to that machine like

the bad guys, what other mechanisms are available. so we have robust debates. >> so one of the things that mark did that was just so good, at least compelling to me, was in describing your patching process and when that patch went out, sort of you being prepared, realizing that there was an instruction manual that you'd given to the black hats out there and, you know, you had alerted them to a vulnerable. to me -- vulnerability. to me, how do you get around that as, you know, just a structural problem that you're facing? >> so the guys in trustworthy computing, microsoft's secured resource center, they weigh on that heavily. so, you know, understanding if there's going to be vulnerability in any of our components, that's being actively exploited, we weigh that. there's a lot of people that are dedicated to that. and we know as soon as we issue the patch a whole bunch of people are going to say, okay, what did they change? they change these bits. they can very quickly start to look at where, you know, what vulnerability was patched. so, you know, that's something

that does go into the equation. so at the international task force meeting in virginia in 2008 when we announced the patch mso8 o 67, i still remember the number -- [laughter] we said, hey, guys, let's start looking at this. and we had the advantage of having security researchers from 45 countries in the room, so we actually got rid of that last session, we spent about an hour and a half with everybody, we had folks from msrc in the room with us, samples of bauer and some of the exploit code, and we started kind of shifting it around. but we knew, you know, it was definitely a vulnerability, we need to get the patch out there, and there were people in the room patching their machines over the wi-fi coordination center. [laughter] we should have probably planned ahead for that. yeah, i mean, it was one of those things you can't avoid. you're going to fix something, people are curious, you're going to look at. >> it was six weeks later that conficker appeared. >> yeah.

it was a really short amount of time. >> right. >> i have friends who model cars, they take a snapshot of the os run anything their car, they take it to the dealership, get the update, oh, what'd they tweak? it's curiosity. these guys are using it for nefarious activity though. >> you paint a really good picture of, a compelling picture of the white hat culture. did you look at all at the black hat culture? did you spend any time on the other side of the innocence? >> no. i -- fence? >> no, i honestly, i did look at, there are web sites where some of these purveyors are, they're openly celebrating their success. i watched online a company party that one of these groups was having where they were raffling off cars to people. and there was a rock band and everything else, this was in russia. it was very funny. >> yeah, it was funny. but it showed, you know, the

level of involvement and openness with which people are engaged in this in certain parts of the world. the scope of this book i deliberately chose to narrow it to, you know, the struggle against conficker. and since i didn't know -- i was hopeful, to be honest, that they would catch these guys before i finished writing this book. if they had, it would have, i would have tried to go to wherever it is they're from if it's the ukraine, and i would have tried to add that piece to the story. unfortunately, that didn't happen in time. >> we have $250,000 out right now. anyone leading to the successful arrest and conviction, if anyone knows anything, i think mark would definitely want to know about that too. >> yes, absolutely. >> do the rewards work for you? >> yes. so we issued, i think, four awards at this point, the first one not so much, the we could one, yes -- second one, yes. we've gotten some good tips on the conficker case, so we can't talk too many details about that, it's ongoing. but it has been referred to the

fbi and $250,000 is, you know, i'd love to have $250,000. [laughter] thai making millions, well, there's an additional $250,000. we'll see. >> do you have a favorite success? either because, you know -- >> see, i don't use the success as i have favorite things that have happened, not necessarily all successful. i think i've learned more from failing than successes. so i think early on when we started to kind of contemplate defensive dns and the microsoft active response strategy, you know, looking with the guys from fire eye kind of realize what the challenge is. i'm sitting there going i have budget, why can't i just buy all these domains, and my more's going to say you're going to charge $35,000 on your corporate amex, that's not going to work. there's things we can do. obviously, buying the domains is

not the long-term solution, but as a stopgap, it would have worked. so i think it's one of those things that it motivated and a lot of guys i worked with on it to say, okay, we're not going to let that happen again. >> a couple more questions for mac, -- mark, and then i'll turn to you. can you contrast report anything this world to report anything the black hawk down world? >> not that different, to be honest. i made a joke, and it's true, how i had to literally stop folks every sentence to ask what it is they're talking about. and that was also true when i started working on blackhawk down. you know, soldiers spoke in a jargon, referred to weapons systems. they speak their own language. and i was, in the beginning, really stopping people all the time saying, well, i remember once you're often mistaken as an expert for the field that you've, in the field that you've just written about, and i was talking about blackhawk down at the army war college in

carlisle, and a colonel in the back of the room raised his hand, and he said, asked me if i thought a bradley armored vehicle should have been part of the force protection package in mogadishu. and i think before you're entitled to have an opinion about a bradley army vehicle, you'd need to know what one was. [laughter] >> at the very least drive one. back when i would cover football, the sports writers would say how can you go from covering politics or transportation to writing about sports? and i tell 'em, you know, it's a transportable skill. the whole idea is that you go into a world you don't understand, you find the people who can educate you, you ask questions until you arrive at your own level of understanding, and you write the story. that's, in a nutshell what can i do -- what i do and why i like doing it. >> so one last question. you know, i think you deeply engaged in conficker when stuxnet came on the scene? and did -- how, as a writer, you

know, you're telling one story, and there's this other story -- the great thing about conficker is it was one story, and you had a cast. that's sort of true with stuxnet. did you feel conflicted because there's another big -- >> not much, to be honest. i have a kind of disinclination to be writing the same story that everybody else is writing. and i had no doubt that stuxnet would attract a lot of attention. >> everybody went over there. >> and there'll be a stuxnet book or two, i'm sure, maybe you're writing one, john. >> i'm not. >> i have no desire to compete with those folks. i would rather find a story that no one else is telling. and, to me, i mean, when i wrote about -- i wrote a book about the philadelphia eagles' 1992 season, and i remember the sports writers say why are you writing this season, they didn't win the super bowl. well, it was an opportunity to write about that world and those people. and so, to me, that's what this story is. and the fact that there might be a sexier story that comes down the line is almost guaranteed.

but it doesn't really influence me. >> let me get the audience involved and do it by way of cards because there's some interesting questions. this is two-part, one's a question, and one's a comment for mark. the question is, um, what is the conficker for unix environments? >> what's uninix? [laughter] >> let me ask this question. there's this operating system that has, it's a lot like a unix environment, very much like -- [laughter] why do you think you have such a larger problem in the mac into be world aside from the fact that they have 10% market share? is there anything else that's different? >> i think we can hang, we can hang that on a number of things. so market share being kind of one that's kind of been beaten to death, right? also the fact that, you know, there's not that much money in it. so if you think about what the

problem is. it's a cyber crime problem. they don't do this for giggles like we probably did back in college, right? i can make people's computers do funny things. they're about money. so what's the biggest net that they can cast? they can cast a really big net on windows. um, i think the apple guys are starting to see a little bit more of it. i think, you know, it's going to be their turn to kind of have their windows xp moment, but i said right now it's one of those things, i think it hasn't hit yet. >> and remember, this wonderful youthnet mainer some years ago basically, making your argument it was a question of scale, then you can kind of estimate what percentage of the market share they would have to reach to be at that point, and i think it was 19.7% market share. >> but it's also, you know, smart -- criminals are smart. they're lazy, that's why they're criminals, but they're smart too. if they realize an apple computer costs this much more than a normal pc, does that

having something to say about the socioeconomic status of the people that are doing it? they might write banking trojans for mac os and write a different type for windows machines. we're going to start to see more of that happening. but at the end of the day, it's cyber crime. i don't care, if i need a car and i'm a car thief, i don't really care what kind of car you drive. i need the car, i'm going to go steal the car. so really kind of bringing it back there's not, obviously, security ramifications, you know, windows 7 being more secure than vista, than windows xp. kind of microsoft learning that as we go, but there's also that other element of cyber crime is the criminals are going to go where the money is. >> just a comment to mark. some of us who have been involved in networks, etc., since the 1980s have always been scared by, quote, conficker instances and how to attack them without killing the network. okay. um, another question.

do you think the worm creation might have been funded by a terrorist group like al-qaeda? >> no. and i think because we've never seen that level of sophistication from terrorist organizations and, also, the the way that it's been used there's nothing to stop the authors of the conficker botnet from launching a massive cyber attack on april 1st of 2009 other than i think they probably don't want to take down the internet. they probably want to use the internet to make money. so if it was a terrorist organization, we would probably know by now. >> and if it was a terrorist o, it'd probably be a little quieter, right? again, it comes back to how noisy the threat is. >> this is to t.j. what is microsoft doing to prevent worms/virus in the first place, then it says in parentheses, like unix. [laughter] >> so we have a number of

programs. obviously, the secure development life cycle, trying to get folks to code in a manner that makes it more difficult to attack. windows 7, you know, having things like address space layout randomization, aslr debt, things like that. we, obviously, have a trustworthy computing contingent, an arm of individuals from across the country who have timely patches, automatic updates, we have a division of our company calls the microsoft malware protection center, so we offer free antivirus. at the end end of the day, what we've seen is a shift from attacks against windows to a shift in attacks against third party add-ins and social engineering. so i think we're making huge strives on the security front as far as os vulnerabilities, now we're working really hard with partners to find out ways in which we can secure those applications. one of the tools i regularly deploy on all of our systems in

our fusion center the enhanced mitigation tool kit. it allows you to put some of those controls around specific applications within the windows environment so you can actually have application layer aslr, application layer depp on the machines. so we're learning by being forged in the fire, right? so for the past ten years we've really been under the scrutiny of the security community, and i think we've stepped up to that challenge. now, at the end of the day if granny wants to install the dancing pigs screen saver that she just has to have and that's been trojanized, we try to make it so that folks have an informed decision of what they're installing on windows, but then we have teams that if something does get out of control, we bring that to bear on the problem, and we try to protect our customers and in new and, quite frankly, unique way for all the industry. ..

and every time in history that someone, with the way of defending the castle, the attackers find a way to braces offense. this is what is happening in the intellectual realm. >> the question. the number of infections. does this include pirated software? if not, what are you estimating

the actual worldwide number of conficker infections to be? >> so, the infection number, the estimates are based on cinco de the. we don't distinguish between pirated copy or a legitimate topic, so that is the true number, and it is what in all the ways. counting -- so we took the academic argument out of it. we said, how many unique ip addresses to recede per day? there is the address renewals, all kinds of stuff that, you know, the will monday as numbers. but if you take into affect people that are behind corporate and d acp we think is a 20% reduction in the number. so for a half million is of the most accurate number that we can say knowing all the flaws. so that is the best number that we have. to. >> guest, i think, one of the others of questions that would be asked, and now take the time to answer it, course of does issue pirated versions of windows. if it's a critical patch we

issue that. you have to be at the right patch level in order to receive that patch, but we absolutely do issue. a critical nature, you're running a pirated version of windows and you connect to the update site, you will be allowed to install that automatically. >> how hard would it be for a nation state to create a persistent but that bigger and more stable than conficker? >> not hard at all, i wouldn't think. >> depends on the this is state. >> it does. i mean, if you are aware of of vulnerability then you can exploit it. you know, something like that can spread very, very rapidly. >> even simpler than that. some of the new technologies we're seeing now, new attack vectors, the ad exchange for example, browsing the espn does come and getting hit with

third-party played under windows boxed, those are some of the things that we're looking at as ways to do mass compromise and give people -- >> the trend appears to be away from that. for a long time it was creating massive but nets, and now the trend seems to be more these advanced persistent threats or you have a very careful and sculpted exploit for a specific reason. >> and that is what you see this kind of the purpose, as if i want to make a lot of money really put a compromise a lot of machines now that i have a 61 the for the anti virus update ago. on the issue for a long time and i go the is vast and persistent thread. what you're seeing is a forced approach procuress advanced now are going into the space, and the new innovations, new, innovative techniques for more of the criminal. you're actually right. >> a couple of years ago the fbi said that something like 100 countries that cyber warfare

programs. you're out there in the real world. does that seem like a possible number to you? >> yes. i don't know where they came up with the number. i would think that there is probably, -- >> in the modern world so much, we increasingly lean on the internet for some much that anyone who was thinking about going to work to has a military would incorporate cyber warfare into the package. we saw it and -- when russia invaded georgia. recited the invasion of estonia. you saw possibly any country with a major military or defense department is developing capabilities, not only to defend themselves, but to attack their enemies. >> so we're going to run into, or have we already into the stage like the. of nuclear testing where, you know, countries and were developing a clear weapons for testing in the atmosphere, the cyber equivalent stage.

i mean, this certainly wasn't a test. it was an act, but do you think we have seen tests of -- >> well, you certainly see it in as be nice. you know, there are mounting numbers of instances where a lot of it is traced back to china, whether correctly or not. you know, where supposedly secure american networks are being scanned for data and uploaded -- data is being a bloated. spyware, the keystroke logging. you know, this kind of stuff has just become fairly commonplace. >> with the ever-growing residency of mobile platforms and the internet are there any katie targeting mobile devices specifically? >> additionally see an increase in the amount of well -- our impact in the mobile platform. as our devices get smarter and

more -- always on the mall was connected to the internet, that is a logical place. most of what we have seen on the windows phone side, exploits either in the handset hardware itself or to the marketplace. i can't speak for other companies in the valley that might be experiencing different things, but you're going to see it. you're going to see it on the tablets that are out. people are walking around with tablets in a mobile device. this is clear that the bad guy is going to go with the money is. >> in terms of your new mobile platform, the new windows based mold platform, the interface is common in any way that they will be, a vulnerability? >> so, you have a windows from there. how much does it look to an attacker like a windows pc? >> so it doesn't look like it. it is a part of our code, so it is partially based on the windows mobile operating system, but it is almost a complete rewrite. so as we go from windows 57 date

it will be a little bit different. >> and in terms, microsoft said in your -- and the applications that will run under mobile platform, how similar or different we're strategy beat him in terms of jury in trying to keep the universe closed correctly because the standard are closer to apple? >> i don't know the answer to that question, but i'll say that it will have absorbed. when does mobile. we see a lot -- receive a lot of the benefits of having some of that. so if you think about how microsoft is positioning our technologies, it is kind of that prescreen vision where my experience should be the same on any device that i log in to paris to be able to get those applications that i won on demand. so the way we are looking at it is how do we invest those applications before they make it down to the vice? >> this will take a little bit of explanation. is the project with untraceable running a sensible idea to have

parents are lunacy? >> i did not read it carefully, but there was a paper that suggested a new set of vulnerabilities. i mean, do you think -- i mean, how much can you trust your anonymity? any sense. >> it comes back to that same question. suffer as written by humans and humans are unfair and @booktv apparently fallible. navy has been written here by someone in this room and we don't know about it. if you are, have some business cards and no elected a cuba the job. it is one of those things spirited people and brought enough at any piece of software you're going to find new and interesting ways, and when i think is interesting, and you alluded to it earlier in the conversation, most of the conversation is a you're looking at our buffer overrun to my memory type modifications. what is next? what is my kid going to use.

wendy live in the year of flying cars. so yes. you have -- if you're going to use it you will use a resources and these tools and you have to understand that the sulfur you're using. i think most people don't get that. i get that from my sister-in-law . buying something on amazon. if you get compromised his fault is it? she pointed me. [laughter] try had nothing to do with this transaction. but that is the impression. everyone in the wrong kind of feels a certain part of that. it's our fault. if they did and that's our fault, as a figure out a way that we can manage that. it's difficult. sometimes heated debates. >> how long will it be possible?

>> your turn after three. at think if he is in the room we just had the latest 2012 list come out. so we are working on with the high level to block those. on the countryside, it's a little bit more difficult. some of those folks have fallen off wanted to block it for much longer. so i know that the big deal these are still doing a couple. they're still participating, and represent the bulk. relieve a and b infection. the smaller group, so they have been amazingly open to continuing the effort as long as we produce the list. there will to go and have the profits. >> the individual knows themselves present the signature. could you use that to -- what are the intricacies of actually taking it off of the machine that is running an old version of windows that may not have any protection of all? is that a workable strategy?

>> exactly. >> you have something. >> yes. >> a great job of producing reports. around the world. again, developing a number of tools. a number of anti virus companies to make it pretty easy to get off the machine. the intima if everyone in the world, automatic updates, that would be plain. but, you know, kinda working through some of the mechanisms. people that are infected are basically people that don't have the mineral production, not running a bit into virus. the bad as of stop developing code because it has been detectable for the better part of three years. the vulnerability, better pad of three years, so these are folks that are kind of limbo, not doing with the need to be doing. >> i think we're getting it. >> to alt. >> one are two more questions. >> redone. >> okay. please join me in thanking the panel tonight.

>> you are watching book tv on c-span2, 48 hours of nonfiction authors and books every weekend. >> policy not to discuss the film that i am making while i am making them for all of the obvious reasons. wor >> currently working on one. >> maybe. >> i just don't -- i don't -- i don't talk about it. they just appear when they about appear. i mean, it is not in the best in interest of the phone to give the heads of. before i made sicko i made the e mistake of saying no is making t it, the film on the health care fiutstry. and that, the health caredustrya industry just went on highrt and alert. th in fact, the pharmaceutical companies went on real high even alert. even though the film was going to be about them, it was about s the insurance industry, thebout former cinco companies spent hundreds of thousands of dollars

preparing for me. i did all these internal memos sent to me from people work, differ from some of the companies say, you know, we hadg we h an answer a state where they hired a michael more actor to ar come in and you roll plan with us. up at this is so you are supposed to handle in.el anhot line, pfizer had the hot line. if i show up at one of the regional offices around the all this number in new york. when bill potter, an executive at cigna health insurance representative describe the request your. and he, when he was the vice-president to talk about th hundreds of thousands, millionss of dollars that they spent they hoping to discredit me, attack me, to, if necessary, figuratively, not literallyli compass me off a cliff. so they, you know, so i learned my lesson there.clif its not a goood idea to give advance notice when i am workin

.ed >> and book tv interviewed his book.o if you would like to see that you can get to booktv.org.to book.org and search function in the upper left-hand corner. corner-mail, as an iranian american i am concerned about rumors that you may be planning a trip to ron. the pro-government press has my written more than once a yearn have been invited to come and you have accepted. they would consider that a coup if it happened. >> i have been invited for many years. i think one of my films, it might have been bowling for i yearsine, won the top prize investable a number of years agp the top prize was a beautifull persian rug that they sent me. no, not going there to the film festival i don't know if it isy. an, iy -- you know, the thing is , i'm very active in a lasthe

year to., theye uple've had a couple of filmmakers, since been under house arrest, and i have been active with other film makers ie this country trying to convince the iranian government to release them, leave them alone, let them make the film's.heme the iranian films, some of the greatest filmmakers. have a chance to see a phone, there really to are really good. so there is definitely a countrs that loves movies. through ink, you know, we saw through the movement here your o two ago that there is a huge, a huge sentiment in the country t be free of the dictates of those who would, you know, want to run the country. you know, a democracy on aertain theyain level. they actually do have free do h elections. run, and there has a been a couple the characters coe

about this the vaccine.at are really incredible things, so ini try to avoid any sort of accesss of the evil discussion because t know that there are people in our government that we have had our way with iraq and want to move on to the next weekend. and the areto be it. in there are certain forces that bombiran,o now go to war or bomb and with things like that, so i tried to avoid any kind of -- i don't want to be associated witw anything with my government attacking anybody else in the t splendid. so i think we leave it to the tt hiople.n people a i t i think they're going to stand up and get the country that thet want. hopefu i'm hopeful for that. mos >> michael moore's most recent s book, here comes trouble,life. stories from my life. oregon. john in portland, oregon. you're on the air. of >> zillow. as seen a few of your propaganda films of ther years. that u try

i noticed that you try to edit things so that people think then and i wanpened when it didn't come and now wanted to specifically ask about fahrenheit 911. you aah the section where asking congressmen to send their kids to iraq. one congressman, republican congressman said heco had two nephews in afghanistan. you edit it so that it doesn't k @booktv looks like he has nooff. response and walked off, and whd that's not what happened, saw want to know why you did not responsehis actual response if you're supposed to be a documentarian. >> local and thank you for that question. first of all, in that particulai tion aas a very specific questionnd. it of invested of every congressman the ran into, republican and repu democrat.democr would you send your son, your son or daughter. in would not answer the question.st and instead @booktv the number of oi others did this. an

revenant you or i have an uncle laura have a cousin. i have somebody down the block. unrstand m would you send your son or your daughter, not your sisters, your son or your daughter. he would not answer the question to read it want to answer that question because at that time when i made this known there were only one member of congresc who actually had a son oractualy daughter in iraq.ust and i just thought, that's interesting. are 535 members of congress, the majority. to but they don't wantbe to sacrife someone from their own family.e send kids from the other family. since then, you know, from those who live on the other side ofer the tracks. so that was the point of that, and he was just given me a politician dodger answer saying

that he had some relative overie there. there tha onestiast my question. i still think it's a relevant question. you reknow, if you're going to vote for war would you be willing to send your son or to daughter? tell you this, i was over, ii have not seen all the world or to memorial until yesterday. i went over there.there, and when you walk in on the very first tone that you walk into the memorial this is world war ii memorial, big letters, andtts the letters right under it. george w. bush. and it really kind of shocked me for a second.think, o becau it's because he was presidentwhn when it iopened, but i'm the wang, i don't see that on t e washington monument.iden i don't see some plaque of then ntfferson memorial, you know, we who was present when that opene- what is his name specificallyg doing on world war ii? ? here is a guy who supported the vietnam war the would not go.

i mean, at least with clinton h dodged it, but he was opposed to the war, so that is a consisten position. the w he did not like to work, did noi want to go. i g et that. bush, he was for the were back then.nd thoughtther heat that other people should go, not him. so strange our policy is in the guard.l and then his name is on the vere first known as you enter the world or to memorial? of war that my uncle died then, 405,000 americans died in, and your name is on this? i you know, it took me back to th question about, you know, yes, y they're really good atwar, supporting a war, getting as in the wars, but if they had to die with their kid get to that kind of know about that. but let somebody else's kid diet this just a boring to me.me. >> there is a story about your

and sr and his world war two experience. tso a w story in there about yu taking a trial run to canada.>>n >> yes. my dad was in the division in world war two.orld war and he was in many of those battles right on the beaches,nds terrific stuff. hific and that kill this one story in te day,'re about the christmas day of 1943 where he was in the battle of new britain. end it was of friendly fire incident where he and his unit n had taken a hell.ey were but there are japanese. hil history of the hill. wathink every guy in my dad's unit was ss hot. one was killed and 13 were wounded. everyone was shot but my dad. d, the only when he did not give a inkingith a low-flying american heants coming into a mirror

japanese. he told me during a time every christmas day he remembers and is grateful for being alive. somehow he survived an incidents and i tell the story in the boo . in, my incident -- of course i was opposed to the vietnam war, as i said earlier. as i came near draft age, i'mhik thinking, what am i going to do? i'm not try to kill vietnamese. and so i and somebody's decided that we were, i don't know, 16 of 17 years old.years ol we were going to go to jail. we weren't going to go do service, some other service.youo you could do that foruld governg we decided we are going to move to canada. we had to. we knew nothing about canada, w and one day with the car and tok about over to port huron, mich.h to do a dry run, to sort of seea how we would escape if we add te

and we got over there and forget the motor to the above. so then we decided to try but ck the car across the bridge. @booktv will be met with the military in of these checkpoints. there were all scared and the brher there's a smoking a joint so they canid relax. jois s i didn't do any drugs, so i was s thedoesignated driver. so i tell the story about getting across the blue water into cannd into canada. our great escape. es of course the next year there n was a draft lottery in my numbet ed.e up like number 2703 yourrat something like that. i wasn't there. >> richmond viejo, thank you for holding to redrawn. >> cal >> an absolute pleasure to besoe speaking with you this with afternoon. how are you doing. doing, >> thank you.nk y i'm doing well. >> calle >> i have a question to ask.i i contacted my local american cancer society concerning an cog event that they're going to be

holding. i -- i suffer from a brain injury and some other illnessesd and i am -- your piece on sicko i loabsolutely beautiful. i loved it. beautiful. my question, sir, is, how do i approached or how would i goch h about approaching the american cancer society concerning ang a study that they did in 1974 wit4 tnc shrinking tumors in mice and wantingt wanting to go that correction.diction? >> actually, i do have someemory anmory of something about that. i can't speak to it. i will say this. the active ingredient in marijuana.

you know, our drug laws in thisa country, that's another whole are show.us just so out of whack. out and things like that, medical marijuana, things, but will try- to use it to help people.se i think years from now, historians will look back at this and wondered why we did so many of the things.say, i would say for you. and d'agata questions like this all the time for people who, you heow, they see my movie and they need help with medical problems or other hmo will pay for them to see a specialist.remember, en robert, these insurance companies want to provide aslitr little care as possible becausee of the seven make a profit. and so i would say to you, sir, that definitely get behind,ehin- there is an organization that ii trying to free up the studies,s,

use these charts. there are people have beenfi fighting the fda for a long timm because they take so long witheg treat mr. be used in europe and other places in are being usedd here. remember, the fda, of coursefd controlled essentially by the lobbyists of the pharmaceuticalh company ane d others, a vested n interest to the vested interest in making. tol until the story in my last film, capitalism. and people were shocked that he he sait want to trade market.

on that.doctor i am a doctor, a researcher. a did a great salary with the big house.ght? tucker of patriotism.rld. we we don't have that much. i sure would like to see more of it. >> you can watch this and other brands online. >> well, there is a new book out called core watchers, i would as accounts of the supreme court history. clear cushman is the author. john roberts got chief justice of the u.s. supreme court wrote the foreword. you by the? >> the justices themselves, their wives, children tomorrow advocates. core staff, reporters to cover

the court, and even some just random bystanders to happen to be in the courtroom monday and would miss something exciting and then went back and recorded it. some most of what this book is is be digging up all the stuff over the last 227 years that the court has been in existence and finding all of the insider stories written by people were affiliated with the court. >> what is one of your favorite insider stories? >> i have so many because there are some that are funny and some better poignant and some better educational. but i guess the ones that i like the most of the ones written by the supreme court's houses because you really get a sense of what it was like at home. my favorite is written by elizabeth block who is the wife of hugo block. he had a hard time sleeping at night. cogitating on a very good case. he like to wake up at about 3:00 a.m. and niger and say i have to talk this over with you. under the startling