1 00:00:01,100 --> 00:00:04,340 covering the week's top tech dorks like 2 00:00:04,340 --> 00:00:04,350 covering the week's top tech dorks like 3 00:00:04,350 --> 00:00:07,970 covering the week's top tech dorks like Linux bias attackers behind one of the 4 00:00:07,970 --> 00:00:07,980 Linux bias attackers behind one of the 5 00:00:07,980 --> 00:00:10,820 Linux bias attackers behind one of the world's most more destructive pieces of 6 00:00:10,820 --> 00:00:10,830 world's most more destructive pieces of 7 00:00:10,830 --> 00:00:11,419 world's most more destructive pieces of ransomware 8 00:00:11,419 --> 00:00:11,429 ransomware 9 00:00:11,429 --> 00:00:14,060 ransomware have found a new way to defeat defenses 10 00:00:14,060 --> 00:00:14,070 have found a new way to defeat defenses 11 00:00:14,070 --> 00:00:16,129 have found a new way to defeat defenses that that might otherwise prevent the 12 00:00:16,129 --> 00:00:16,139 that that might otherwise prevent the 13 00:00:16,139 --> 00:00:18,130 that that might otherwise prevent the attack from Incred encrypting data 14 00:00:18,130 --> 00:00:18,140 attack from Incred encrypting data 15 00:00:18,140 --> 00:00:21,410 attack from Incred encrypting data installing a buggy driver first and then 16 00:00:21,410 --> 00:00:21,420 installing a buggy driver first and then 17 00:00:21,420 --> 00:00:23,630 installing a buggy driver first and then hacking it to burrow deeper into the 18 00:00:23,630 --> 00:00:23,640 hacking it to burrow deeper into the 19 00:00:23,640 --> 00:00:26,900 hacking it to burrow deeper into the targeted computer the ransomware in this 20 00:00:26,900 --> 00:00:26,910 targeted computer the ransomware in this 21 00:00:26,910 --> 00:00:29,870 targeted computer the ransomware in this case is Robin Hood known for taking down 22 00:00:29,870 --> 00:00:29,880 case is Robin Hood known for taking down 23 00:00:29,880 --> 00:00:31,730 case is Robin Hood known for taking down the city of Baltimore networks and 24 00:00:31,730 --> 00:00:31,740 the city of Baltimore networks and 25 00:00:31,740 --> 00:00:35,080 the city of Baltimore networks and systems in Greenville North Carolina 26 00:00:35,080 --> 00:00:35,090 systems in Greenville North Carolina 27 00:00:35,090 --> 00:00:38,090 systems in Greenville North Carolina Robin Hood can easily encrypt sensitive 28 00:00:38,090 --> 00:00:38,100 Robin Hood can easily encrypt sensitive 29 00:00:38,100 --> 00:00:39,889 Robin Hood can easily encrypt sensitive files once a vulnerability has allowed 30 00:00:39,889 --> 00:00:39,899 files once a vulnerability has allowed 31 00:00:39,899 --> 00:00:41,630 files once a vulnerability has allowed the malware to gain a toehold 32 00:00:41,630 --> 00:00:41,640 the malware to gain a toehold 33 00:00:41,640 --> 00:00:44,690 the malware to gain a toehold for networks that are better fortified 34 00:00:44,690 --> 00:00:44,700 for networks that are better fortified 35 00:00:44,700 --> 00:00:46,549 for networks that are better fortified the ransomware ax has a harder time 36 00:00:46,549 --> 00:00:46,559 the ransomware ax has a harder time 37 00:00:46,559 --> 00:00:49,970 the ransomware ax has a harder time breaking in now Robin Hood has found a 38 00:00:49,970 --> 00:00:49,980 breaking in now Robin Hood has found a 39 00:00:49,980 --> 00:00:52,700 breaking in now Robin Hood has found a way to defeat these defenses in two 40 00:00:52,700 --> 00:00:52,710 way to defeat these defenses in two 41 00:00:52,710 --> 00:00:54,979 way to defeat these defenses in two recent attacks researchers from security 42 00:00:54,979 --> 00:00:54,989 recent attacks researchers from security 43 00:00:54,989 --> 00:00:58,790 recent attacks researchers from security firm Sophos said the ransomware has used 44 00:00:58,790 --> 00:00:58,800 firm Sophos said the ransomware has used 45 00:00:58,800 --> 00:01:02,569 firm Sophos said the ransomware has used its access to a targeted machine to 46 00:01:02,569 --> 00:01:02,579 its access to a targeted machine to 47 00:01:02,579 --> 00:01:04,939 its access to a targeted machine to install a driver from taiwan-based 48 00:01:04,939 --> 00:01:04,949 install a driver from taiwan-based 49 00:01:04,949 --> 00:01:07,880 install a driver from taiwan-based motherboard manufacturer gigabyte that 50 00:01:07,880 --> 00:01:07,890 motherboard manufacturer gigabyte that 51 00:01:07,890 --> 00:01:10,880 motherboard manufacturer gigabyte that has a known vulnerability in it it's the 52 00:01:10,880 --> 00:01:10,890 has a known vulnerability in it it's the 53 00:01:10,890 --> 00:01:13,160 has a known vulnerability in it it's the same vulnerability that led to gigabyte 54 00:01:13,160 --> 00:01:13,170 same vulnerability that led to gigabyte 55 00:01:13,170 --> 00:01:15,140 same vulnerability that led to gigabyte officials discontinuing the use of the 56 00:01:15,140 --> 00:01:15,150 officials discontinuing the use of the 57 00:01:15,150 --> 00:01:18,200 officials discontinuing the use of the driver but since it contains gigabytes 58 00:01:18,200 --> 00:01:18,210 driver but since it contains gigabytes 59 00:01:18,210 --> 00:01:20,390 driver but since it contains gigabytes cryptographic signature the Windows 60 00:01:20,390 --> 00:01:20,400 cryptographic signature the Windows 61 00:01:20,400 --> 00:01:23,210 cryptographic signature the Windows operating system trusts it and allows it 62 00:01:23,210 --> 00:01:23,220 operating system trusts it and allows it 63 00:01:23,220 --> 00:01:25,850 operating system trusts it and allows it it allows it to run in the highly 64 00:01:25,850 --> 00:01:25,860 it allows it to run in the highly 65 00:01:25,860 --> 00:01:28,070 it allows it to run in the highly sensitive Windows kernel region of the 66 00:01:28,070 --> 00:01:28,080 sensitive Windows kernel region of the 67 00:01:28,080 --> 00:01:32,480 sensitive Windows kernel region of the OS without question whisks a benign but 68 00:01:32,480 --> 00:01:32,490 OS without question whisks a benign but 69 00:01:32,490 --> 00:01:35,440 OS without question whisks a benign but buggy driver installed Robin Hood then 70 00:01:35,440 --> 00:01:35,450 buggy driver installed Robin Hood then 71 00:01:35,450 --> 00:01:37,969 buggy driver installed Robin Hood then exploited the vulnerability to gain the 72 00:01:37,969 --> 00:01:37,979 exploited the vulnerability to gain the 73 00:01:37,979 --> 00:01:40,190 exploited the vulnerability to gain the ability to read and write to virtually 74 00:01:40,190 --> 00:01:40,200 ability to read and write to virtually 75 00:01:40,200 --> 00:01:43,249 ability to read and write to virtually any memory region chosen by the attacker 76 00:01:43,249 --> 00:01:43,259 any memory region chosen by the attacker 77 00:01:43,259 --> 00:01:45,950 any memory region chosen by the attacker the Robin Hood exploit changed a single 78 00:01:45,950 --> 00:01:45,960 the Robin Hood exploit changed a single 79 00:01:45,960 --> 00:01:49,340 the Robin Hood exploit changed a single byte to disable the windows requirement 80 00:01:49,340 --> 00:01:49,350 byte to disable the windows requirement 81 00:01:49,350 --> 00:01:52,520 byte to disable the windows requirement that drivers be signed with that Robin 82 00:01:52,520 --> 00:01:52,530 that drivers be signed with that Robin 83 00:01:52,530 --> 00:01:54,859 that drivers be signed with that Robin Hood installed its own unsigned driver 84 00:01:54,859 --> 00:01:54,869 Hood installed its own unsigned driver 85 00:01:54,869 --> 00:01:57,889 Hood installed its own unsigned driver that used its highly privileged kernel 86 00:01:57,889 --> 00:01:57,899 that used its highly privileged kernel 87 00:01:57,899 --> 00:02:00,440 that used its highly privileged kernel access to kill processes and files 88 00:02:00,440 --> 00:02:00,450 access to kill processes and files 89 00:02:00,450 --> 00:02:02,660 access to kill processes and files belonging to endpoint security products 90 00:02:02,660 --> 00:02:02,670 belonging to endpoint security products 91 00:02:02,670 --> 00:02:05,780 belonging to endpoint security products the advanced status of the driver gave 92 00:02:05,780 --> 00:02:05,790 the advanced status of the driver gave 93 00:02:05,790 --> 00:02:08,630 the advanced status of the driver gave it greater ability than other techniques 94 00:02:08,630 --> 00:02:08,640 it greater ability than other techniques 95 00:02:08,640 --> 00:02:10,760 it greater ability than other techniques to ensure that the targeted processes 96 00:02:10,760 --> 00:02:10,770 to ensure that the targeted processes 97 00:02:10,770 --> 00:02:13,430 to ensure that the targeted processes are permanently stopped 98 00:02:13,430 --> 00:02:13,440 are permanently stopped 99 00:02:13,440 --> 00:02:15,890 are permanently stopped there are other windows trusted drivers 100 00:02:15,890 --> 00:02:15,900 there are other windows trusted drivers 101 00:02:15,900 --> 00:02:17,990 there are other windows trusted drivers with known vulnerabilities that could be 102 00:02:17,990 --> 00:02:18,000 with known vulnerabilities that could be 103 00:02:18,000 --> 00:02:19,430 with known vulnerabilities that could be used in the same way of gigabytes 104 00:02:19,430 --> 00:02:19,440 used in the same way of gigabytes 105 00:02:19,440 --> 00:02:23,690 used in the same way of gigabytes drivers these include sign drivers from 106 00:02:23,690 --> 00:02:23,700 drivers these include sign drivers from 107 00:02:23,700 --> 00:02:28,400 drivers these include sign drivers from VirtualBox novel cpu-z and asus and 108 00:02:28,400 --> 00:02:28,410 VirtualBox novel cpu-z and asus and 109 00:02:28,410 --> 00:02:31,280 VirtualBox novel cpu-z and asus and while the gigabyte driver may be the 110 00:02:31,280 --> 00:02:31,290 while the gigabyte driver may be the 111 00:02:31,290 --> 00:02:33,590 while the gigabyte driver may be the first known instance of this type of 112 00:02:33,590 --> 00:02:33,600 first known instance of this type of 113 00:02:33,600 --> 00:02:36,560 first known instance of this type of hack it is it very well may not be the 114 00:02:36,560 --> 00:02:36,570 hack it is it very well may not be the 115 00:02:36,570 --> 00:02:37,100 hack it is it very well may not be the last 116 00:02:37,100 --> 00:02:37,110 last 117 00:02:37,110 --> 00:02:39,500 last and points to a need for Microsoft to 118 00:02:39,500 --> 00:02:39,510 and points to a need for Microsoft to 119 00:02:39,510 --> 00:02:41,600 and points to a need for Microsoft to reassess the way their certificate 120 00:02:41,600 --> 00:02:41,610 reassess the way their certificate 121 00:02:41,610 --> 00:02:46,400 reassess the way their certificate revocation procedures hmm that's tough 122 00:02:46,400 --> 00:02:46,410 revocation procedures hmm that's tough 123 00:02:46,410 --> 00:02:48,980 revocation procedures hmm that's tough mm-hmm because the the part of me wants 124 00:02:48,980 --> 00:02:48,990 mm-hmm because the the part of me wants 125 00:02:48,990 --> 00:02:50,840 mm-hmm because the the part of me wants to say Oh we'll just revoke the 126 00:02:50,840 --> 00:02:50,850 to say Oh we'll just revoke the 127 00:02:50,850 --> 00:02:53,180 to say Oh we'll just revoke the certificate anytime there's an exploit 128 00:02:53,180 --> 00:02:53,190 certificate anytime there's an exploit 129 00:02:53,190 --> 00:02:55,370 certificate anytime there's an exploit but remember that then that would 130 00:02:55,370 --> 00:02:55,380 but remember that then that would 131 00:02:55,380 --> 00:03:01,070 but remember that then that would nullify everybody's drivers right so 132 00:03:01,070 --> 00:03:01,080 nullify everybody's drivers right so 133 00:03:01,080 --> 00:03:04,220 nullify everybody's drivers right so this is all mole I mean as I'm hearing 134 00:03:04,220 --> 00:03:04,230 this is all mole I mean as I'm hearing 135 00:03:04,230 --> 00:03:07,880 this is all mole I mean as I'm hearing it this is like a new wave of Trojan 136 00:03:07,880 --> 00:03:07,890 it this is like a new wave of Trojan 137 00:03:07,890 --> 00:03:10,040 it this is like a new wave of Trojan attacks so to speak yeah that's what it 138 00:03:10,040 --> 00:03:10,050 attacks so to speak yeah that's what it 139 00:03:10,050 --> 00:03:14,710 attacks so to speak yeah that's what it feels like like you're coming in through 140 00:03:14,710 --> 00:03:14,720 feels like like you're coming in through 141 00:03:14,720 --> 00:03:17,479 feels like like you're coming in through yeah trusted source to get access is 142 00:03:17,479 --> 00:03:17,489 yeah trusted source to get access is 143 00:03:17,489 --> 00:03:21,199 yeah trusted source to get access is that not the basic principle of behind 144 00:03:21,199 --> 00:03:21,209 that not the basic principle of behind 145 00:03:21,209 --> 00:03:23,960 that not the basic principle of behind it or is it a whole different way of 146 00:03:23,960 --> 00:03:23,970 it or is it a whole different way of 147 00:03:23,970 --> 00:03:26,330 it or is it a whole different way of just feels like so they're using it as 148 00:03:26,330 --> 00:03:26,340 just feels like so they're using it as 149 00:03:26,340 --> 00:03:29,390 just feels like so they're using it as an elevated privilege tactic so they're 150 00:03:29,390 --> 00:03:29,400 an elevated privilege tactic so they're 151 00:03:29,400 --> 00:03:34,190 an elevated privilege tactic so they're using a driver that windows trusts 152 00:03:34,190 --> 00:03:34,200 using a driver that windows trusts 153 00:03:34,200 --> 00:03:38,300 using a driver that windows trusts because of the signature being valid so 154 00:03:38,300 --> 00:03:38,310 because of the signature being valid so 155 00:03:38,310 --> 00:03:40,250 because of the signature being valid so it's not a fake driver it's not like a 156 00:03:40,250 --> 00:03:40,260 it's not a fake driver it's not like a 157 00:03:40,260 --> 00:03:43,280 it's not a fake driver it's not like a malware it is a legitimate driver but it 158 00:03:43,280 --> 00:03:43,290 malware it is a legitimate driver but it 159 00:03:43,290 --> 00:03:45,770 malware it is a legitimate driver but it has a bug in it mm-hmm that caused it to 160 00:03:45,770 --> 00:03:45,780 has a bug in it mm-hmm that caused it to 161 00:03:45,780 --> 00:03:48,740 has a bug in it mm-hmm that caused it to be recalled basically but the Windows 162 00:03:48,740 --> 00:03:48,750 be recalled basically but the Windows 163 00:03:48,750 --> 00:03:50,300 be recalled basically but the Windows operating system no matter what version 164 00:03:50,300 --> 00:03:50,310 operating system no matter what version 165 00:03:50,310 --> 00:03:52,820 operating system no matter what version you're running still trusts the 166 00:03:52,820 --> 00:03:52,830 you're running still trusts the 167 00:03:52,830 --> 00:03:55,040 you're running still trusts the Installer for that driver because of the 168 00:03:55,040 --> 00:03:55,050 Installer for that driver because of the 169 00:03:55,050 --> 00:03:58,610 Installer for that driver because of the certificate that is applied to it and so 170 00:03:58,610 --> 00:03:58,620 certificate that is applied to it and so 171 00:03:58,620 --> 00:04:01,130 certificate that is applied to it and so the hackers are using that to then be 172 00:04:01,130 --> 00:04:01,140 the hackers are using that to then be 173 00:04:01,140 --> 00:04:02,990 the hackers are using that to then be able to elevate their privileges and do 174 00:04:02,990 --> 00:04:03,000 able to elevate their privileges and do 175 00:04:03,000 --> 00:04:05,060 able to elevate their privileges and do whatever the heck they want and that's 176 00:04:05,060 --> 00:04:05,070 whatever the heck they want and that's 177 00:04:05,070 --> 00:04:07,610 whatever the heck they want and that's the scary thing because how do you stop 178 00:04:07,610 --> 00:04:07,620 the scary thing because how do you stop 179 00:04:07,620 --> 00:04:10,570 the scary thing because how do you stop that how can you possibly stop that I 180 00:04:10,570 --> 00:04:10,580 that how can you possibly stop that I 181 00:04:10,580 --> 00:04:14,150 that how can you possibly stop that I think it comes down to where's your 182 00:04:14,150 --> 00:04:14,160 think it comes down to where's your 183 00:04:14,160 --> 00:04:16,520 think it comes down to where's your first line of defense I think the only 184 00:04:16,520 --> 00:04:16,530 first line of defense I think the only 185 00:04:16,530 --> 00:04:17,870 first line of defense I think the only thing you have to do that you can look 186 00:04:17,870 --> 00:04:17,880 thing you have to do that you can look 187 00:04:17,880 --> 00:04:20,210 thing you have to do that you can look at is how did they get in in the first 188 00:04:20,210 --> 00:04:20,220 at is how did they get in in the first 189 00:04:20,220 --> 00:04:22,430 at is how did they get in in the first place was it a phishing scam was it 190 00:04:22,430 --> 00:04:22,440 place was it a phishing scam was it 191 00:04:22,440 --> 00:04:24,170 place was it a phishing scam was it somebody clicked on an email that had 192 00:04:24,170 --> 00:04:24,180 somebody clicked on an email that had 193 00:04:24,180 --> 00:04:25,640 somebody clicked on an email that had some file this malware that allowed 194 00:04:25,640 --> 00:04:25,650 some file this malware that allowed 195 00:04:25,650 --> 00:04:26,780 some file this malware that allowed somebody to run some 196 00:04:26,780 --> 00:04:26,790 somebody to run some 197 00:04:26,790 --> 00:04:28,730 somebody to run some resident in their computer is it that 198 00:04:28,730 --> 00:04:28,740 resident in their computer is it that 199 00:04:28,740 --> 00:04:31,310 resident in their computer is it that you have remote desktop turned on on one 200 00:04:31,310 --> 00:04:31,320 you have remote desktop turned on on one 201 00:04:31,320 --> 00:04:33,320 you have remote desktop turned on on one of your computers on your network and 202 00:04:33,320 --> 00:04:33,330 of your computers on your network and 203 00:04:33,330 --> 00:04:35,390 of your computers on your network and that's really easy to hack now I don't 204 00:04:35,390 --> 00:04:35,400 that's really easy to hack now I don't 205 00:04:35,400 --> 00:04:37,430 that's really easy to hack now I don't know how certificates work just because 206 00:04:37,430 --> 00:04:37,440 know how certificates work just because 207 00:04:37,440 --> 00:04:40,100 know how certificates work just because I haven't delved into that but does each 208 00:04:40,100 --> 00:04:40,110 I haven't delved into that but does each 209 00:04:40,110 --> 00:04:42,500 I haven't delved into that but does each certificate in each driver have its own 210 00:04:42,500 --> 00:04:42,510 certificate in each driver have its own 211 00:04:42,510 --> 00:04:46,250 certificate in each driver have its own like a certificate identifier no the 212 00:04:46,250 --> 00:04:46,260 like a certificate identifier no the 213 00:04:46,260 --> 00:04:48,560 like a certificate identifier no the driver doesn't have its own certificate 214 00:04:48,560 --> 00:04:48,570 driver doesn't have its own certificate 215 00:04:48,570 --> 00:04:50,750 driver doesn't have its own certificate but the company that manufactures the 216 00:04:50,750 --> 00:04:50,760 but the company that manufactures the 217 00:04:50,760 --> 00:04:54,740 but the company that manufactures the driver does so that certificate says yes 218 00:04:54,740 --> 00:04:54,750 driver does so that certificate says yes 219 00:04:54,750 --> 00:04:59,800 driver does so that certificate says yes to Microsoft this is a gigabyte driver 220 00:04:59,800 --> 00:04:59,810 to Microsoft this is a gigabyte driver 221 00:04:59,810 --> 00:05:02,810 to Microsoft this is a gigabyte driver provided by gigabyte because it contains 222 00:05:02,810 --> 00:05:02,820 provided by gigabyte because it contains 223 00:05:02,820 --> 00:05:05,630 provided by gigabyte because it contains the certificate that proves that this is 224 00:05:05,630 --> 00:05:05,640 the certificate that proves that this is 225 00:05:05,640 --> 00:05:07,820 the certificate that proves that this is a legitimate driver from gigabyte so 226 00:05:07,820 --> 00:05:07,830 a legitimate driver from gigabyte so 227 00:05:07,830 --> 00:05:09,860 a legitimate driver from gigabyte so what if the certificate system changed 228 00:05:09,860 --> 00:05:09,870 what if the certificate system changed 229 00:05:09,870 --> 00:05:11,990 what if the certificate system changed in such a way that you have your your 230 00:05:11,990 --> 00:05:12,000 in such a way that you have your your 231 00:05:12,000 --> 00:05:14,990 in such a way that you have your your main certificate safer gigabyte but then 232 00:05:14,990 --> 00:05:15,000 main certificate safer gigabyte but then 233 00:05:15,000 --> 00:05:16,580 main certificate safer gigabyte but then you have your sub certificates for each 234 00:05:16,580 --> 00:05:16,590 you have your sub certificates for each 235 00:05:16,590 --> 00:05:20,720 you have your sub certificates for each driver roll out so that it identifies 236 00:05:20,720 --> 00:05:20,730 driver roll out so that it identifies 237 00:05:20,730 --> 00:05:25,360 driver roll out so that it identifies this driver is this subset yeah a 238 00:05:25,360 --> 00:05:25,370 this driver is this subset yeah a 239 00:05:25,370 --> 00:05:28,850 this driver is this subset yeah a developer I feel like that's your you're 240 00:05:28,850 --> 00:05:28,860 developer I feel like that's your you're 241 00:05:28,860 --> 00:05:33,530 developer I feel like that's your you're giving me nightmares right now Jeff like 242 00:05:33,530 --> 00:05:33,540 giving me nightmares right now Jeff like 243 00:05:33,540 --> 00:05:35,330 giving me nightmares right now Jeff like where you're going but it just sounds 244 00:05:35,330 --> 00:05:35,340 where you're going but it just sounds 245 00:05:35,340 --> 00:05:37,400 where you're going but it just sounds like a logistical nightmare as far as 246 00:05:37,400 --> 00:05:37,410 like a logistical nightmare as far as 247 00:05:37,410 --> 00:05:38,990 like a logistical nightmare as far as managing those certificates like it 248 00:05:38,990 --> 00:05:39,000 managing those certificates like it 249 00:05:39,000 --> 00:05:41,500 managing those certificates like it could just be a nightmare I think maybe 250 00:05:41,500 --> 00:05:41,510 could just be a nightmare I think maybe 251 00:05:41,510 --> 00:05:45,230 could just be a nightmare I think maybe some kind of an aristocrat is able to 252 00:05:45,230 --> 00:05:45,240 some kind of an aristocrat is able to 253 00:05:45,240 --> 00:05:47,900 some kind of an aristocrat is able to identify maybe it's a checksum that 254 00:05:47,900 --> 00:05:47,910 identify maybe it's a checksum that 255 00:05:47,910 --> 00:05:50,690 identify maybe it's a checksum that identifies known faulty drivers or 256 00:05:50,690 --> 00:05:50,700 identifies known faulty drivers or 257 00:05:50,700 --> 00:05:53,030 identifies known faulty drivers or deprecated drivers so that Windows could 258 00:05:53,030 --> 00:05:53,040 deprecated drivers so that Windows could 259 00:05:53,040 --> 00:05:54,350 deprecated drivers so that Windows could say yes this is a valid certificate 260 00:05:54,350 --> 00:05:54,360 say yes this is a valid certificate 261 00:05:54,360 --> 00:05:57,410 say yes this is a valid certificate however gigabyte has marked this 262 00:05:57,410 --> 00:05:57,420 however gigabyte has marked this 263 00:05:57,420 --> 00:06:01,480 however gigabyte has marked this certificate there this installer as bad 264 00:06:01,480 --> 00:06:01,490 certificate there this installer as bad 265 00:06:01,490 --> 00:06:03,440 certificate there this installer as bad it's got to be some kind of an 266 00:06:03,440 --> 00:06:03,450 it's got to be some kind of an 267 00:06:03,450 --> 00:06:05,840 it's got to be some kind of an identifier yeah it's good it'll be 268 00:06:05,840 --> 00:06:05,850 identifier yeah it's good it'll be 269 00:06:05,850 --> 00:06:07,159 identifier yeah it's good it'll be interesting 270 00:06:07,159 --> 00:06:07,169 interesting 271 00:06:07,169 --> 00:06:12,770 interesting yeah dude oh yeah that's the answer