10 episodes

Listen to your long form article at your leisure

SendToPod SendToPod AI

    • Technology

Listen to your long form article at your leisure

    How to Negotiate with Ransomware Hackers

    How to Negotiate with Ransomware Hackers

    Original Article: How to Negotiate with Ransomware Hackers
    Convert your long form article to podcast? Visit SendToPod
    Follow me on Twitter to find out more. ---- Minder soon found more work. Sometimes it was a prominent company facing a multimillion-dollar ransom demand, and the negotiation took weeks. Sometimes it was a small business or a nonprofit that he took on pro bono and tried to wrap up over the weekend. But GroupSense rarely made money from the negotiations. Some ransomware negotiators charge a percentage of the amount that the ransom gets discounted. “But those really profitable approaches are ripe for fraud, or for accusations of fraud,” Minder said. Instead, he charged an hourly rate and hoped that some of the organizations that he helped would sign up for GroupSense’s core product, security-monitoring software.
    Last March, after GroupSense’s office shut down, Minder paced in circles in his four-hundred-and-seventy-five-square-foot apartment. “I was, like, I need to go hike,” he said. He towed two motorcycles to a rental house in Grand Junction, Colorado. As the world fell apart, the ransomware cases kept coming. Minder handled the negotiations himself; he didn’t want to distract his employees, and he found that the work required a certain emotional finesse. “Most of our employees are really technical, and this isn’t a technical skill—it’s a soft skill,” he told me. “It’s hard to train people for it.”
    The initial exchange of messages was crucial. People advocating on their own behalf had a tendency to berate the hackers, but that just riled them up. Minder aimed to convey a kind of warm condescension—“Like, we’re friends, but you don’t really know what you’re doing,” he explained. His girlfriend, who speaks Romanian, Russian, Ukrainian, and some Lithuanian, helped him find colloquialisms that would set the right tone. He liked to call the hackers kuznechik, Russian for “grasshopper.”
    Occasionally, Minder was called in to try to rescue negotiations that had gone off the rails. If hackers felt that a negotiation was moving too slowly, or they sensed that they were being lied to, they might cut off communication. Following the advice of Chris Voss, a former F.B.I. hostage negotiator who is now a negotiation consultant, Minder tried to establish “tactical empathy” by mirroring the hacker’s language patterns.
    Most of the time, Minder found himself dealing with a representative from one of the syndicates. “The first person you talk to is, like, level-one support,” he told me. “They’ll say something like ‘I want to work with you, but I have to get my manager’s approval to give that kind of discount.’ ”
    GroupSense partnered with CipherTrace, a blockchain-analysis firm, which allowed Minder to see that a particular cryptowallet had been created and to trace its transactions. Determining the average payments flowing into a wallet gave him a sense of the going rate, so he could avoid overpaying. He came to understand that syndicates were working from a script. “Oftentimes, we can go to the client and say how it’s going to go before it starts,” he told me.
    The clients themselves could be more challenging. Minder ran all communications by them, through a secure portal. Some wanted to edit every message to the hackers. “It’s like a spy game to them,” Minder said. Others erupted in anger or frustration. “Sometimes you’re negotiating in two directions at once—with the hacker and with the victim,” he said. “You have to have a personality type where you can be empathetic but also give directions in a way that isn’t confrontational.”
    Minder has already seen pressure tactics and ransom demands escalate. In 2018, the average payment was about seven thousand dollars, according to t...

    The Lazarus heist: How North Korea almost pulled off a billion-dollar hack

    The Lazarus heist: How North Korea almost pulled off a billion-dollar hack

    Original Article: The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
    Convert your long form article to podcast? Visit SendToPod
    Follow me on Twitter to find out more. ----
    In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank and came within an inch of success - it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world's poorest and most isolated countries train a team of elite cyber-criminals?
    It all started with a malfunctioning printer. It's just part of modern life, and so when it happened to staff at Bangladesh Bank they thought the same thing most of us do: another day, another tech headache. It didn't seem like a big deal.
    But this wasn't just any printer, and it wasn't just any bank.
    Bangladesh Bank is the country's central bank, responsible for overseeing the precious currency reserves of a country where millions live in poverty.
    And the printer played a pivotal role. It was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank.
    When staff found it wasn't working, at 08:45 on Friday 5 February 2016, "we assumed it was a common problem just like any other day," duty manager Zubair Bin Huda later told police. "Such glitches had happened before."
    In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.
    To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.
    But who were these hackers and where were they from?
    According to investigators the digital fingerprints point in just one direction: to the government of North Korea.
    SPOILER ALERT: This is the story told in the 10-episode BBC World Service podcast, The Lazarus Heist - click here to listen. This article is a 20-minute read.
    That North Korea would be the prime suspect in a case of cyber-crime might to some be a surprise. It's one of the world's poorest countries, and largely disconnected from the global community - technologically, economically, and in almost every other way.
    Image source, Getty Images
    And yet, according to the FBI, the audacious Bangladesh Bank hack was the culmination of years of methodical preparation by a shadowy team of hackers and middlemen across Asia, operating with the support of the North Korean regime.
    In the cyber-security industry the North Korean hackers are known as the Lazarus Group, a reference to a biblical figure who came back from the dead; experts who tackled the group's computer viruses found they were equally resilient.
    Little is known about the group, though the FBI has painted a detailed portrait of one suspect: Park Jin-hyok, who also has gone by the names Pak Jin-hek and Park Kwang-jin.
    It describes him as a computer programmer who graduated from one of the country's top universities and went to work for a North Korean company, Chosun Expo, in the Chinese port city of Dalian, creating online gaming and gambling programs for clients around the world.
    While in Dalian, he set up an email address, created ...

    Pearl Leff | In Praise of Memorization

    Pearl Leff | In Praise of Memorization

    Original Article: Pearl Leff | In Praise of Memorization
    Try to add your own article? Visit SendToPod
    Follow me on Twitter to find out more. ---- I once worked at a small company of insanely productive engineers. They were geniuses by any account. They knew the software stack from top to bottom, from hardware to operating systems to Javascript, and could pull together in days what would take teams at other companies months to years. Between them they were more productive than any division I've ever been in, including FAANG tech companies. In fact, they had written the top-of-the-line specialized compiler in their industry — as a side project. (Their customers believed that they had buildings of engineers laboring on their product, while in reality they had less than 10.)
    I was early in my career at the time and stunned by the sheer productivity and brilliance of these engineers. Finally, when I got a moment alone with one of them, I asked him how they had gotten to where they were.
    He explained that they had been software engineers together in the intelligence units of their country's military together. Their military intelligence computers hadn't been connected to the internet, and if they wanted to look something up online, they had to walk to a different building across campus. Looking something up online on StackOverflow was a major operation. So they ended up reading reference manuals and writing down or memorizing the answers to their questions because they couldn't look up information very easily. Over time, the knowledge accumulated.
    Memorization means purposely learning something so that you remember it with muscle memory; that is, you know the information without needing to look it up.
    Every educator knows that memorization is passé in today's day and age. Facts are so effortlessly accessible with modern technology and the internet that it's understanding how to analyze them that's important. Names, places, dates, and other kinds of trivia don't matter, so much as the ability to logically reason about them. Today anything can be easily looked up.
    But as I've gotten older I've started to understand that memorization is important, much more than we give it credit for. Knowledge is at our fingertips and we can look anything up, but it's knowing what knowledge is available and how to integrate it into our existing knowledge base that's important.
    You Can't Reason Accurately Without Knowledge You know a lot of things.

    A lot of life involves reasoning: taking this information you have and making hypotheses that connect different pieces in a way that provides a deeper understanding of them.
    The more information you have muscle memory for, the more you can use to reason about.
    But you can't draw connections between things you don't know exist, or don't have a good "feel" for.
    The problem with not memorizing is that you're limited by the lack of data points, or nodes that you can make connections between. In short, you're limited by your lack of understanding of what to look up.
    Here's a small illustration.
    Many would argue that there is no point for kids to memorize the world map today. But if you know basic geography, you will hear all kinds of political analysis that only works because the person arguing it doesn't have any idea where anything is on a map. This is the problem with not making school kids learn basic geography. You can look up any country on Google, but if you've never had to memorize approximately where they are, either voluntarily or in school, you'll never get a sense of why things are the way they a...

    How I got to 200 productive hours a month

    How I got to 200 productive hours a month

    Original Article: How I got to 200 productive hours a month
    Convert your long form article to podcast? Visit SendToPod
    Follow me on Twitter to find out more. ----
    Two years ago I could spend a week not working because I was avoiding some task. One year ago it was 100 to 120 hours of work monthly. Nowadays I do around 200 productive hours each month, which is over six hours of productive time daily. All this time I have been working from home, mostly on the same project.
    This guide describes how I achieved these results. As a former game designer, I organized my daily routines by applying the same behavioral psychology principles that are used to create video game experiences. Some of my advice is trivial, and you have definitely heard it before, but when used in a right way, it will create a robust framework to change ineffective habits.
    The framework is built from three tiers: the environment, the body and the mind. It goes exactly in this order because a well-maintained body can't do much in a distraction-polluted environment, and a trained mind won't help an exhausted body. You don't need to perfect each element before starting to work on the next one, but consider them foundations for each other and direct your efforts accordingly.
    While it's my personal technique, I believe it will work for you too. There's a high chance that I have undiagnosed ADHD: I have been expelled from two schools as a result of behavioral problems coming from inattention, and I still match most of the symptoms. So if you have a better natural attention span, this approach should be even more effective for increasing your concentration power.
    Caution: The mentioned amount of hours is not advisable for people working on someone else's business for illusory stock options, with no payment for overtime. There's also no point in going beyond this number because working over 50 hours a week actually decreases productivity. Life should come first in the "work-life balance."

    Environment A properly organized environment shapes a path to your goals while preventing accidental turns that lead to procrastination. Because our levels of willpower, motivation and self-awareness are not constant, setting a safeguard in advance is essential to overcome the low points.
    The core principle of a productive environment is increasing the friction required to slip into distracting activities, so that it takes a significant effort to get distracted. A basic example would be erasing leisure sites from your internet history and start using them in a separate browser — it will both prevent the autocomplete from doing you a disservice and increase the number of actions you need to get to distractions. Or if you have problems with gaming, uninstall everything after each session so you will need to wait for a game to download when you want to play the next time.
    But in my experience, this is not effective compared to eliminating everything distracting from your workstation and using a separate device for leisure in another room. This is where behavioral psychology shows up: you anchor different types of behaviors to locations with classical conditioning. They do not overlap, and it's clear for your brain where you do what. It's also much easier to feel that something is wrong when you sit in a "leisure place" all day. Even George R.R. Martin has a similar setup for writing his books.
    You can also optimize your leisure device by unsubscribing from excessive emails, u...

    Atomic Habits for Product Managers

    Atomic Habits for Product Managers

    Original Article: Atomic Habits for Product Managers
    Convert your long form article to podcast? Visit SendToPod
    Follow me on Twitter to find out more. ---- James Clear's Atomic Habits provides a compelling rationale for why frequently practicing small and easy to do atomic habits consistently compounds in benefit to ultimately generate incredible results. It then goes on to provide a comprehensive guide for reliably forming such atomic habits, regardless of the level of self-discipline or willpower you may naturally have. While many of his ideas naturally appeal to those seeking to develop lifestyle habits like exercising, losing weight, or quitting smoking, I found his ideas to be equally relevant for product managers looking to accelerate their career.
    There is a whole host of skills that product managers seek to develop that can only truly be built through deliberate practice. This includes everything from honing your analytical rigor, to building your product intuition, to becoming more strategic. You can't just attend a class or read a few blog posts and expect to become great at any of these. At the same time, simply doing your product role the same way you've always been doing it is also unlikely to help you develop the specific skills you're after.
    Instead, the formula for mastering these types of skills requires first developing atomic habits to encourage daily or weekly practice and then performing the habit with deliberate practice. For example, building your analytical rigor requires setting aside time every day to critically review dashboards and form hypotheses from the trends that you see, running weekly ad-hoc queries to deep dive into specific user behavior, putting together metrics recaps a week after every feature launch, as well as spending time each month determining how to improve or augment the dashboards you currently have. Yet the daily demands of a product management role are already so taxing that if you aren't already performing these activities, you'll find it difficult to incorporate them into your weekly routine. That's why to successfully build any of these skills you'll need to first develop the right atomic habits to support them. I wanted to share three of my favorite strategies for doing just that from the book.
    Start with a habits scorecard The right way to start any new habit is to first put together a habits scorecard of your existing habits. The idea is to detail every activity you do in a given day and then to score each as positive, neutral, or negative. For product managers, the best way to do this is to spend one week tracking every activity you do on your calendar. This means beyond your existing meetings, add events for every single thing you spend time on: checking email, grabbing coffee, writing specs, updating JIRA tickets, reviewing designs, lunch, etc.
    Once you've put this together for an entire week you can score each activity and develop a clear picture of where your time is being spent. This creates the necessary awareness to help you figure out where there may be time you are spending on negative habits that you can re-purpose to the new habits you are seeking to build. Maybe you feel like you are spending too much time in unproductive meetings and you can look at ways to either ma...

    Why is selling software so weird?

    Why is selling software so weird?

    Original Article: Why is selling software so weird?
    Try to add your own article? Visit SendToPod
    Follow me on Twitter to find out more. If you squint enough, building software looks a lot like building a house.
    In both cases, you start with a problem and Frankenstein together various components using rules of thumb until you have something that looks like a solution.
    Because the crafts look so similar, you’d be forgiven if you thought the business models behind building software and houses were similar. They couldn’t be more different.
    When you’re building a house, you have a pretty good idea of how many people that house will impact. The market has already demonstrated that they’ll pay for a roof and a walk-in shower and a state of the art heated toilet seat. If you erect a sturdy 4 bedroom, 2 ½ bathroom house with these amenities in a desirable neighborhood, you can rest easy knowing that you’ll be able to sell it.
    This is not how software works.
    The main problem here is that houses and software have wildly different marginal costs. If I build a house and my neighbor really likes it and wants to live in a house that’s exactly the same, it will cost them almost as much to build as it cost me. Sure, they might be able to save a few thousand dollars on architectural fees, but they’ll still need wood, wires, and boatloads of time from skilled plumbers, electricians, and carpenters to assemble those raw materials into something resembling a house. Marginal cost is just the cost to produce one more unit of something - in this case, one more house.
    Contrast this with software, which lives in the realm of often-near-zero marginal costs. I can’t make a living building Zoom for someone because Zoom already did that. The marginal cost to Zoom of onboarding a new customer is almost zero, whereas the fixed cost to me of recreating Zoom is astronomical.
    Building houses is a great business because those high marginal costs for each new house are paid to you. The work you do correlates pretty linearly with the value you provide, providing you with a steady stream of income and feedback that the thing that you’re doing is actually useful. The trade-off is that it’s hard to gain much leverage in your work, with leverage meaning something like “how much impact can I have for every hour I work”. Whether you work on a small project with a small impact with a small team or a big project with a big impact with a big team, the amount of impact per person might vary by 1x or 1.5x or even 10x, but the physical nature of the work makes it hard to stretch the impact much beyond that.
    Software is a great business because, if you can build something that’s useful and provides $10/month of value to someone, it’ll probably cost you a lot less than $10/month to provide that value to a second person. Multiply that by 1,000 and you’re getting paid to do a full time job, even if you only work 5 hours per week. Multiply that by 10,000 and you can retire in a few years. It’s an extremely high leverage business.
    This makes software a weird anomaly. Paging back through history, there have been very few opportunities for near-zero marginal cost goods. Probably the closest parallel to present day software in history is publishing companies, where additional prints are cheap compared to the cost of creating the content in the first place.
    Unfortunately, there are three significant downsides to software’s low marginal cost structure:
    First is that software takes a lot of time to write up-front. By the time you’ve signed up your first customer at $10/month, there’s a good chance you’ve spent 100s or 1000s of hours writing that software. Low volume software is not a good business to be in.
    The ...