federal government? >> guest: yes, they are a client. >> host: there are clients. is this consulting or do you do the actual investigation? >> guest: then adjusting business. investigation, something happened and try to figure out who's behind it now that did it. we start off when he decides that we sell annual subscription to our cyber thread intelligence research so that research is conducted without a task to the customers. they say i'm concerned about cyber threats in my enterprise so we build an intelligence collection plan and hear the threats irrelevant with an abc company are xyz government agency that would cause much damage. we task the research teams around the world from 20 different countries. go look for a thread in the development cycle people building tools and capable infrastructure targets as they would pose a threat to our customers. we then analyze the threats in a thread fusion center in chantilly where they research

components command like the puzzle pieces come in here and we put together puzzles. we say wow this looks like a person's religion from a cyber rhyme adversary perspective against the sectors. we delivered the red and analytical context of how that threat operates and what they are trying to accomplish but also the technical artifacts you can look for in your environment. they are fighting the fight on the data level. you can't assess risk unless you understand what they are trying to do so we say here of the data connections and if you see this puzzle piece that relates to this puzzle. someone says that's a big deal. need to take action on that so what we do as we help serve data elements and say these are bad pieces of data but they indicate this threat is being action against you. that's how customers drive prayer decision of actions. >> host: in a recent "new york times" article on your company is said that companies receive up to 17,000 alerts on a regular

basis and how are your alerts different than what they are receiving? >> that's a great question. the problem is not to increase the problem but fix the problem. people are trying to write additional alerts and. i will give an example. a panel with a government in -- someone asked a question you must have a mammoth amount of words and he said one point 5 billion today. howdy do with that? you have a significant nod to resources. we can shrink the problem to $10,000 a day and we keep on dialing it down to get to 1000 critical alerts a day. they say kevin you must have a huge security data. absolutely ever read it well-resourced team and we can handle about 10. no one asked the question. i say kevin you have the right

10, how do you figure out which 10 at the risk to the enterprise? you said we take 1000 vertical alerts and hit your api and that turned her face toward dataset and we can look at what threats we are faced with an and say these are the top 10 risks, go work on those. you have to shrink the problem rather than trying to increase your resources to meet the demand with all the alerts. you have to say of the 17,000 words which are the ones that are the biggest risk to my enterprise. so singly if you could only pick one thing to do today but would you work on. you'd work on the thread that created the biggest risk to your business so that's what we do. we help them reconcile all the alerting and environment. we help them pick which ones present the biggest risk to the enterprise. >> host: when you look what happened to target and the office of personnel management where they warn that they missed the risks? >> guest: i can't speak on the specifics of those breaches but i will say generic leg and we

were public by default on the target related breaches because there was a warning system in place there. the code base that was developed that was used against the majority of the retailers and those breaches was developed six months before was ever started great it was sold in underground forums. if you are active in those forms you are able to gain access into that code base and a code base was a memory scraping tool which allowed you to gain access to the credentials from the time they went through the card swipe until the time they were encrypted. so the tools being sold, keep up the tools are gained access to the tools you could reverse engineered and say this is a tool that targets retailers point-of-sale systems. here's how it operates in a resolve a technical artifacts of your retailer and you have 100 critical alerts that they knew only have time to do with one if you hit the intelligence database that we provide the

pulse of that report. that's the one i'm going to work on today. you know what they are trying to do. in cases of nation on nation traditional nation sponsored activity using proprietary tools and proprietary infrastructure never been seen before and i'm not saying that's what opm was that sophisticated tax like that government on government very difficult for any commercial party to fight that fight. it is truly a national resource to be in that space but the vast majority of cyberthreats conducted against government and commercial sector day they develop these threats in the open and they're using common and for structure and common tools. there are three using tools and using strategies and there's a way to get ahead of the threat if you are forward-leaning from intelligence perspective. >> host: how is isight partners different than semantic and mcafee? >> guest: the folks of managed

attack services have this technology that sits 3 inches in front of problem so you comes all these packets setting off all these alerts. they use all their detection routines in sayeville latest code doesn't look right orifices a bad piece of malware and we should block that. they don't have threat contact. they start off with things that are happening in their environment to the final mile of the attack. they do the forensics that may seem at this came from his amanda control server so they tend to work their way out away from things that have happened to where it came from but very rarely can i work all the way out of who's behind it what they are trying to accomplish. if you think of it there are three pillars. there's the attack surface and that's all the security companies and then there's the attacker service so when you click on that spear fish that they send you and i want to download malware where they dropping in from? wears their server that's delivering the malware so that's the attacker service enabled by the layer to have the threat source themselves read rate someone behind a keyboard with a

pulse that hasn't objected to accomplish it most folks start off here with the technology companies and try to work their way back out. we start out here in the threat environment itself built playbooks on how they're going to execute their strategy strip out the edibles and say here's the play they're going to run and they are capable of running it and here's what they are trying to accomplish so you can connect data in this case an audible to the playbook. it allows people to make decisions. husky it is using the phrase left of move. what is that? >> guest: in the ied problem in the desert out to be iraqi environment 10 years ago the first issue people face was in snipers and tanks and machine guns and rockets. it was ieds. improvised explosive devices and they fought the same way you traditionally fight a threat, stop the bleeding armor every tank to grab how to jamman to take these things when you're in

close proximity and then move out and say where they placing these bombs and analytics and web explosions or to avoid them. somebody says how do we attack us before the bombs go off and try to recover from it? in the cyber complex you the same type of analysis and the same type of trajectory. try to blogger thing and stop the bleeding and armor everything in layer the security devices in front of your precious assets and information. finally pudu in the standings behind us so we can get ahead of this direct? the whole business model is premised on our customers getting left of boom and building protective layers prior to the attack being executed and we do that it scales 24/7, three to 65 and that's the part of our business that is hard to do. it's a long lead time to build this type of company. takes an awful lot of research and patience and that's where we

sit today. >> host: subfamily or the washington d.c. burbs. people are sitting at computers, what do they do? >> guest: this or that amounts to center. we do have corporate functions here. we talk about her researchers around the world so researchers are gathering information and puzzle pieces. they say hey here are all these things do look like it could be bad. all those puzzle pieces come into this facility where the analyst to organize by the cyber hactivist team the cyberespionage team the control systems team they look at all those puzzle pieces may say they use are data analytics platform and put together the different puzzle pieces and they say you know what this is a combination with this that comes from this what this person at these targets as what's going on. they do the analysis that says this is the playbook. this is this group with this capability and this infrastructure with these tools targeting these banks trying to accomplish the following

objective so they create the written analysis and then we take the data element out of that analysis and here here we deliver that her customers. here are the technical things we should look war but all of the technical link back to the analysis. what you are saying is this analytical picture so we could read that right analysis. now i know what to do. this is a big deal for me. so this is the analysis center that puts it all together. >> host: yet people around the world. do they have security clearances? >> guest: most of them do not. in fact i'm not sure if we have anybody outside the united states with clearances. we hire local people. >> host: example. >> guest: we have people in 20 different countries former cyber crime professionals in our country's government, some folks that work in their search response teams former law

enforcement professionals all people that worked locally in their government trying to protect their government against cyber criminals in cyber espionage criminals. we bring them all together in his global cause and try to secure customers interest globally. all of our customers are global. we are global business and we support companies and global infrastructure and adversaries are global in nature. they're just looking for a soft spot whether that saucepot is the u.s. or korea or in australia or brazil. those folks that we have hired roughly two-thirds of everybody we have hired comes from someone we know so it's definitely word-of-mouth. we go to great length to find the key people to build teams around a lot of that was personal. i spent several hundred thousand miles a year and airplanes from 2,722,010 establishing these risk centers and that was with

an excellent team in place that manages relationships and make sure we are working together as one unified team. >> host: what you look oregon analyst quit do you look for programmer? >> guest: we have a variety of skills to work together as one system. a lot of folks am going to hired the star guide and build everything around them and if you lose that person then you are toast. you rely on them for everything. you have built this interdependent system in capability. all that tools development and engineering that built their analytical workbench 12 and was better putting together the puzzle their technical support system send it over to our lab to be encrypted so we all work together as one global team. it's not a bunch of individual rock stars. it's a rock star system rather than individuals. the individual capabilities are all passionate about what we do.

there's so much demand for talent and space that they are not passionate and love what they do they will work some rows and make more money. the people that work here primarily are passionate about our our mission and supportive of our customers. secondarily they are smart, hard-working they get along with other people. we have a culture of experts here so a lot of ego running around the same building isn't good for chemistry or to mark. we all rely me to it that to be successful in our rock star system. the output is all customer centric and all of our employees realize the customers pay the bills. everything we do is for them in every emplacers shareholders to offer customers know every time they pick up the phone they are talking to a business that has a vested interest to look after them. >> you are not a public company though. >> now, though. >> now, we are not which is a luxury. we are able to grow the business and make the right strategic decisions for customers in the near-term and long-term.

>> host: are you going to go public at some point? >> guest: oh you know who knows. we don't have a desire to do it today. we enjoyed what we said a comfortable position and making the right decisions long-term for the business, not necessarily what's the best position to prepare for an ipo or to make a short-term. uis want to present business trajectory and business predictability that you have any option you want in the future whether it was going public or strategically acquiring other businesses to grow your business but this was built by the longtime and -- term. >> host: john watters how did you come up with the idea of isight and when to start developing it and what's your background? >> guest: i'm an economics guide by background. i managed all the money for founder resources so as chairman and ceo of the holding company

we managed headphones and real estate funds and private equity funds in core holdings. i sat on the number boards and is a risk manager for wealth and a family and fast financial risk and real estate risk and credit risk and all those types of things i was eyes and treat her the overall challenge of competing and managing risk better. that gentleman died in 98. i looked at cyber is an investment sigh at my own capital capital and outside capital is still with me today. to set up a private and public vehicle and started investing in cyber security. one of my early investments was was -- i just cannot have a bankruptcy in 2001 and bought the company for $10 literally out of bankruptcy. they were in the ground for this building and we bought them. they had just been through the ringer. management had been in there are so after we continued to invest

in the business and 2002 symantec bought records -- on the same day in august in 2002. we are in a really great place. i'm going to get more engaged so i went in as the ceo in 2003 with a very early cyberintelligence company. so i build that business is canceled in 2000 by the vested and other businesses that want to take a step back in 2006 in the sight of want to do i realize threat intelligence was the least, dom nominator and industry. but still they way we can protect our interests against hackers that meant to do harm to our global economic efficiencies, trade, relationships you name it and you have had to have an intelligence apparatus to help you manage the risk through

enterprise governments. the mission of this it the. they have this unique impression. they are not building collection requirements based on a retailer. they will protect this retailer. that's not their mission. they don't get taxpayer money to do that. so the those same retailers and energy companies and banks intelligence operations so unless you know what you are up against you have no way to know how to resource so i set out to build this business and brought in a great set of people around me to build a company that could sustainably repeatedly and scalable he delivered over the ricin threat intelligence that allows people to make strategic resourcing decisions how they want to invest their security resources to give them the best chance to efficiently mitigate the risk and operationally how do they detect something that

doesn't look right and comprehensive they protect against that attack operationally and tactically rather than trying to work look at things they have seen before how to build a systematic indicator that says here's what's coming down the pike. this group is trying to target so the whole business rationale was an economic lens how efficiently can manage corporate resources to manage risks and enterprise resources and how effectively you can align your current resources against the latest enterprise. it's built to an economic rational and. so we have got a good blend in terms of the business purpose behind it. that's just an technical intelligence way. >> host: does the u.s. tell intelligence and the u.s. government did they think the right way about the right things when it comes to cyber intelligence in cyber security nova the past several

years has that thinking changed the approach? >> guest: it's a good question. and today there's a recognition of all the same threats. he used to be 10 years ago people would say the government has all these national threats and things are sophisticated. why would they target us? i make motion pictures. why would a nation ever target me or i'm a casino and why would anybody come it may? i'm a commercial entity entities though the partial entities were very much focused on regulation that was the definition of success. to comply with all the regulatory impairment frameworks that operated in, the borges held them accountable to that. are you tci compliant? yes, check the box. the government was always facing secure rest of their enterprise and operational ability and the dod spectrum they spend ballpark 10% of their security budget on

intelligence that leads in time to manage 90% of their other resources. if their navigational chip on how they will navigate the threat environment. in the commercials that are less than 1% so now with the same threats and scythian national entities are targeting -- you have to learn from a spring to the government so now the commercial sector is pivoting into an intelligence approach to security to bring intelligence at the core of how they are thinking about and resourcing against threats. most importantly building an adaptive model predicted think of a budget cycle lets get all the money to the play resources next year and we will revisit it next year. that doesn't work when the threat is changing every month or quarter or six months or a day. you have to have an adaptive posture and constantly build that kind of a systematic way to shift. that's news of the commercial sector has taken an awful lot of talent from the government

sector. it's hard to going to large enterprise today were security vendor not find former intel officer's former military intel officers government practitioners assert practitioners to come out of the military and come into the commercial sector. you've almost seen a complete shift of military capability. a lot of the stuff is in the commercial sector now and they are leaning in the same way the government eyes has such an intelligence approach, finally. it's taken a long time for them to get here but we are taking a step in the right direction. >> host: john watters to use the public internet for your business? you are worldwide. >> guest: as little as possible. certainly not the things we do on the research model. that wouldn't be wise. >> host: is it overbuilt type thing? >> guest: the mechanics of how you communicate anonymously and

maintain some level of anonymity in our operations from overseas perspective, that's kind of the secret tradecraft. everybody does it try to anonymize who they are. >> host: if somebody is on their computer or are they are in chrome or safari or whatever how secure are they? >> i think these type knowledge accompanies do as good a job as they can and do the ability they have to manage their own infrastructure. the weakest link of size people. if you've got somebody in front of your house giving you the key to the house and giving it a combination of the safe everyday because you walk up to the safe repair man in the say hey junior year mom called and said stop i, could you give me the code i know she left it for you under the mailbox. how are you going to protect against back? what's happened is that

technology vendors a lot of them get the brunt of the problem and say hey it's microsoft or whoever but a lot of times it's the frailty of the users themselves. a lot of it is education and awareness in good behavior on the internet itself and description point that we are seeing happening today which is beginning to prioritize security over efficiency. it's a pain if you got to go in and login i.t. or and login to your on line bank and remember these passwords and they send you a text. security takes priority so you'll take some inconvenience now to be secure with your assets of that's another big tipping point in answering we are seeing. >> host: what is the dark web? >> guest: the dark weapons basically a part of the communication that goes on that not open to google. maybe it's some parts so it's basically communication forums where people are buying and selling illicit cyber tools whether they are cyber or

selling us to win credentials are selling infrastructure in ranting botnet infrastructure selling access into customers environments, there's a whole dark web of this communication system that goes on with this illicit trading pity can't build machinery to listen to the dark web harvest information. you actually have to have someone engaging on it to be able to pervasively stay there. >> host: what are some common forms are uncommon forms of malware? >> guest: there are several common forms of malware. theirs does.but nowhere. they try to destroy your operation system so where you can't reopen it. you saw that with ramco and the sony breach. there is encryption malware the said hey we are going to encrypt

your data. if you pay me a thousand dollars i will send you the encryption key so you can use your data. so one is destruction one is locking it up. the most common is covert malware that maintains persistent environment so is constantly under system why campy do to the end is trying to gain access to files and information and things of value from an information perspective to expo. up from your entity. >> host: with the advent of wireless, has that made security even more difficult? >> guest: i think it's made it more difficult. when you think of trying to maintain the protective layer with al qaeda threat. you are not saying that the threat of an at 11 take against those? you to look at the world through that lens. you say i've got all these things to protect another protect them so you think of all

that the assets of the global companies now they access points. the internet of things and all the devices in connectivity and the vendors and connectivity channel partners. you are so connected and all the wireless connections there's no way to protect everything. wireless is another expansion point of your environment from a third perspective instead of trying to protect everything that viewed the ships and really shrinks the problem from a defender's perspective, what are the fact that i'm concerned about, how do they deal with those deal with those threats not hypothetically but what are they really doing? if it happens to be a wireless nexus or wireline or offender a particular type of malware or spearfish campaign at least you know what they are trying to do and you can protect against about. it's not this internet thing called anyway and works. you can't just protect about it theoretically. >> host: john watters on your

web site bienko partners.com there was an article talking about the sei someone -- telling so many mice to pay the rent because we can't figure out how to get rid of this malware. >> guest: it's really interesting, isn't it? don't negotiate with hostages and don't negotiate with terrorists perspective and by the same token it's your business and you can't operate your business you can't pay your bills or make payroll because you can't operate in for a thousand bucks you're going to regain your operational efficiency for a week or a month until they do it again it buys you time to dig out a permanent solution. i think the point is probably that. if you need to operate your business and that similarly to do it in the near term by yourself the time to figure out a good solution long-term. for small businesses to protect

themselves against the stuff and they can change the code modestly of her time to wear your malware detection by protect against the last version of rent somewhere but not that next sosa case of people defending against things that happens not understanding what's going to happen in trying to stay a step ahead of it. hopefully recently on "the communicators" talk to jim lewis he said that the main state actors, china, russia, north korea and iran. are there other actors out there or nonstate actors that are becoming real threats most apparatus of any developed nation has a cyber capability that they are using whether directly or indirectly. those examples you gave were that jim gave almost every one

of them to my knowledge are intellectual or intelligence position on this. they operate through the funds so it might be china or iran or russia or north korea, whatever it is. if you look at the whole sony breach it wasn't the iranians are the north korean government saying we did this and here is someone in the north korean military that operates the guardians of peace which is the hactivist fund operating in a way saying they are not us. it's just some affiliation they got together to cause damage to sony. they try to remove themselves from it so there is possible to viability and a layer between the apparatus and the executioner of the threat that a lot of these countries operate through third-party fronts, teams, groups, hactivist that gives them the ability to maintain some separation from what is happening.

it's hard to determine what's real and what's after the show and what's after the show was not a tradition in terms what national and interest on executing that on their behalf. >> host: hangar building up a dark room and a lot of people at computer screens. what are they doing that there? >> guest: analysis. it's easy to say you have a puzzle piece to put together a puzzle that is harder to do. you look at the technical piece of this a lot of the folks have technical skills in reverse engineering the malware and if it's encrypted. you have to break the encryption. they operate the target mostly and they solve tough technical problems to help our customer simplify what it is they are looking at. our customers will send this malware that they don't understand to will break it down and say here's exactly how it operates in that's connected this group and here's what they are trying to do. it allows them to make the

decisions for the enterprise from a defensive perspective. the guys in the room you see in the technical guys when the lights are up attending to the analysis creating the analytical product to deliver to customers. >> host: why does the room stay dark? >> guest: you know i don't now. when i got into this business it was the craziest thing, all the lights are out and everyone loves to work in the dark. a dark ground and they have a bright screen and the time passes easier. these guys work a lot. if they were working anywhere they would be doing the same kind of thing. it is love their job. >> host: do you have a higher higher -- >> guest: we are not in that business. we hire people that have white hat hackers to try to figure out how to protect against lack that the hackers but we don't hire the guys that have been bad and want to be good. that's just too risky.

>> host: finally john watters in our conversation with jim lewis cybersecurity expert he talked about what he thought were the greatest threats including an electrical blackout such as in the northeast several years ago edward you see the biggest threat nexus of financial, the warfare etc.? >> guest: is a good question. to one we have seen the latest is the destructive malware that you saw in the sony breach. all of a sudden the data is gone and you can operate in your environment. ability to operate and communicate is out there and they have overwritten all of your databases and are operational ability just goes away. that is a scary moment. any business that's connected to your life so distracted nowhere is certainly near term effect. whether that's applied to take out electricity for take out a database or impair your ability to communicate with your telecom

different ways to use distractive malware or disruptive malware. where it gets named is really a function of who's behind it and why. i think a lot of countries ostensibly want to bring ever bottle back from us because people are fact-based and i think it. if they company as a means to take out our grid didn't dare you say they used the means to take a physical capability for country so if you're going to to respond to the same level of attacks you say we can drop the bomb to take out there's part people are still trying to figure out the policy on this in the cyber domestic create physical damage. so the rules of the road and engagement are still unfolding on the national to national side but from a colonel perspective they want to take art our public operate. that's how they make money so

they shut down internet shop building and you destroy your ability to operate they just lost a target rich environment. they want to keep us on line. they want to keep operating if they want to keep its expanding the flexibility and functionality of our banking system. give them more places to go. the criminologist had no desire to take us up on it or heard us. it might be camouflaged through some hactivist group but that would be a nation or terrorist group for sure. >> host: john watters what are the mechanics of malware and the actors who put the malware out there? how does it operate? >> guest: the malware is a big component of this if you think of the entire phase you have to get in someone's environment. unless you you're sophisticated or you have proprietary access for a vulnerability that the customer does not to participate in being hacked there just passively hacks most oftentimes it's pure fishing. he has seen e-mails that say check out this new "cnn" article

on whatever. you will click on the link and by doing so you just unwittingly welcomed into your environment come into your network under your desktop. kara there and i become you. i'm able to go in and now i'm on your environment and say what are your passwords and you probably use the same passwords over and over again so my malware persist in your environment to try to expand as far as it can into the rest rest of your network to gain access to the something of interest. you have this antivirus software and they are trying to scrape malware off of your environment. westerheide to look like it's good that it doesn't do anything to draw attention to sell. the maurer tied to proliferate in your environment and telefind something of interest and now it's harvesting the different data storage come to different files in different pieces of information i would be of interest to his beloved adversary is. now need to get that information out in a way that is not

detected. it takes a long in one huge file alarms to go off this has had a white is kind of get in the slipstream of traffic? you're busy sending out i was between 9:00 or 10:00 in the morning they will go on times. so it gains it out. now it's gained information outside of your environment. now has to get back so it's got to go to some drop server that says dump all the files onto. now it's got to get it back to their host location without it being traceable so there are ways to clear its track and try to go to the navigation piece. before the malware is issued is a spear phishing campaign. at this something that's going to create the malware? the bad guys to grade out their own tools. who am i going to host it was so i've got to drop it. since you click on that spear fish eye of the a server that's going to download the malware interim. byron.

spearfish is cultivated for you i have to have the server to drop the malware from that to create the malware by the malware from somebody say you different actors in this whole ecosystem. yet the person behind it who is the mastermind. yet the tool providers and if infrastructure posters. the other folks coming up at the spearfish. yet the people hosting the servers to trade the data tended to have the anonymous routing components gets all the data back to you. a lot of those are handled by third parties. cybermerchants that are selling malware. hosting command-and-control center hosting drop servers are outsourcing to hack themselves. pay us and we will gain access for you. i'll get the data for you. there are so many big players in this whole ecosystem the

mastermind steps back and says it's a lot easier for me to maintain my anonymity if i can use these people to do it for me. they will put together the puzzle pieces and keep the strategy and they will get what they want. >> gives a snapshot of who that mastermind might be. a college student somewhere. as a mathematician? >> it very much varies by what the type of cyber threat is. if it's a hactivist different than the cyber criminal group versus the cyberespionage campaign. maybe a national interests this is what i want to operate their traditional apparatus to go to target information they energy sector of another country defense industrial base. want to have a degree of separation of plausible deniability so would be a group of folks affiliated with that national interest that operate in a team or group or hactivist

group saying hey we don't like energy companies and we are going to try to steal their stuff. so they will create cause for action. the tool that they use may be partially provided by government. infrastructure they use might be provided by the government. there are groups the mastermind is typically somebody currently or previously in that military capability. that's a national cyberespionage operator operating upfront. and then they use parsley and national infrastructure tools partially commercial tools. you have organized crime spillover words traditional organized criminal groups in the cyber division in the cyber division was someone he says okay here's what we are going after you pick up information for identity theft or on line banking or credit card theft or on line payment system. all those various flavors you have a vpn charge of each one.

then you've got your service providers. who are the tools are malware manufactures we want to bypass from? who are our trusted mules that would want want to still think that country have someone pick up an envelope and you get it to western union and ship us the money. so they built the whole ecosystem of suppliers to their strategy but they said very well removed from that. the masterminds are almost never involved an activity themselves and they're the ones that bear the majority of the problem. >> host: are you reverse engineering? are their fingerprints throughout this entire ecosystem? >> guest: yeah. the fingerprints or any one of the suppliers in the supply chain so if you are not the structure provider or somebody that sells x. white kids who are selling merchandise, stolen

credit card credentials for i.d.s that were harvested out of whatever environment all those players they have buy from and sell to. they are getting their tools from somewhere. they're getting their code from somewhere. they are getting their data from somewhere. so they got who they are buying it from and who they are selling it to. you have a whole ecosystem of his compromising the victim to this selling the tools to who is actually selling the stolen goods that come out of it and who is monetizing the credit cards, who is taking the monetization to western union and putting it back? if you track those different pieces of it today by prominent they sell it to you can begin to build the gut ecosystem understanding of these threat campaigns. >> host: how are these bad actors as you call them john watters how are they financially compensated?

is their actual cash ever exchanging or is it all virtual? >> guest: at the virtual currency, bitcoin and virtual currency exchanges. some barter systems or there will trade you this for that so everything from the barter system to commercial currency to bitcoin. as a whole variety of mechanisms it is very rarely western union or cash in a mailbox like the traditional criminal aspect you think of. it's not the same dollar volume mute thank be there. that credit card might be worth 1 dollar or maybe $50. so these are volume operators and the bit players don't make that much money. the masterminds made a the fortune. the guys behind these things can make tens of millions of dollars at quarter. the actual meals might make thousands of dollars a month.

eight coder might create code and sell off fix the end make 20 or $30,000. the black pos malware kit for example can be used against retailers, that was 6000 bucks that was going for. so we had few people buying it and there's no honor among thieves and the thieves are giving it to their buddies for free in the next thing you know you are $6000 so you might be out of the sell it to the first couple then i have no market. so different players have different amounts of money they can make from it. >> host: given the fact that it's a lot of virtual currency or electronic currency does that make it easier to track? >> guest: makes it harder to track actually because people of their virtual currency on a credit card or their bank account. there's a whole myriad of ways to non-attribute in and mist attribute to on that virtual currency. bitcoin by its nature is to have

a non-distributable type of currency that you can use in transactions. most of the virtual currencies are the same so the way they get loaded comey have 10 people that each load up $100 each into a virtual currency that you just pay cash to 10 people to get it in there a year separation behind it. all the currencies have pretty good tradecraft so it's not attributable to them. >> host: we have been talking with john watters who is the direct your, ceo of isight partners. thank you for your time. >> guest: you are welcome. ..

>> congress, year in review, thursday on c-span at 8 p.m. eastern. >> this week on "q&a." our guest is jan jarboe russell is her new book train to crystal city about the only internment camp examines the camp in southern texas that was home to japanese detainees but