Our home IoT devices are constantly being probed for weaknesses so that they can be compromised and used for broader nefarious purposes like cyber warfare. The Ukrainians may be considered some of the best in the world when it comes to defending against cyber warfare because they have been regularly attacked and have been defending their systems for years. Today’s guest is Mikko Hypponen. He has written for The New York Times, Wired, and Scientific American and has lectured at universities like Oxford, Stanford, and Cambridge. Mikko works as the Chief Research Officer for WithSecure and sits on the advisory board of Europol.
“Surprisingly, many of the hackable devices online wouldn’t be hackable if the consumers would simply read the manual. It’s not completely the fault of the vendors.” - Mikko Hypponen Click To TweetShow Notes:
- [1:11] – Mikko shares his background as an old-school hacker.
- [2:46] – His mother advised Mikko to pursue this career in the 1980s.
- [5:23] – Smart devices like doorbells and refrigerators are not configured correctly because security makes the device more expensive.
- [7:50] – Mikko discusses regulation in Europe and how, most of the time, regulation fails.
- [9:03] – Many hackable devices wouldn’t be hackable if consumers read the manual.
- [11:13] – Most malware traffic used to be Windows based but is now Linux based.
- [12:26] – Many people don’t think that there’s any data that can be stolen from IoT devices, but they are surprisingly powerful.
- [14:16] – Mikko explains some recent attacks.
- [15:43] – Medical devices are just as vulnerable as any other IoT device.
- [17:41] – What is a honeypot?
- [19:02] – Mikko shares that he has been a victim himself with his credit card number stolen twice.
- [20:14] – Even experts make mistakes.
- [21:26] – If you believe you have been hacked or think you are being scammed, take a step back.
- [23:06] – Mikko describes some of his experience living so near Russia and monitoring cyber warfare.
- [25:07] – Spying and espionage is a big problem in countries bordering Russia.
- [30:06] – With invasions in 2022, Ukraine improved many systems.
- [31:20] – Mikko makes a prediction on what will come next that sounds like Science Fiction, just like cyber war sounded like before.
- [32:18] – What are Mikko’s thoughts on AI?
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Mikko.com
Transcript:
Mikko, thank you so much for coming on the Easy Prey Podcast today.
Well, thank you. Thanks for having me.
We've been having a fun time chatting before we're recording and I think we've eaten up most of our time doing that. Not really, but we’ll jump into it. Can you give myself and the audience a little more background about who you are and what you do?
Sure. My name is Mikko. I live in Helsinki, which is in Finland, which is in Europe. I'm an old-school hacker. I started programming as a teenager, sold my first programs when I was 17 years old, reverse-engineered my first malware in 1991 when I was 21 years old.
For the last 32 years I've been tracking online attackers, figuring out where the organized crime gangs come from, and tracking down governmental attackers, especially Russia, since I live a hundred miles from the Russian border.
We'll get into that one. That's got to be an interesting story, Ukraine versus Russia on the cyber front. What got you interested in computers?
It was my mom of all possible choices. My dear late mother […] got into computers in the 1960s. In the 1960s, very few people were working with computers, but she went to work for the Finland State Computing Centre in Helsinki, Finland, in 1967, I believe. She retired from there after 40 years of work, which means throughout my teenage years and all those defining years of my time, mom would come home carrying punch cards, punch […] and things like that.
Obviously, me and my two brothers all ended up working with computers. I especially remember in 1986 when I was 16, when my mother sat me down at the kitchen table and told me, “Mikko, you should go and study telecommunications. Telecommunications is the future.” That's a pretty good call in 1986 because that was before mobile phones, before the common internet, before any of that. I'm glad I had the chance to thank my mom later on. “You know what, mom? That's a really good call.”
I remember my first computer was a Commodore VIC-20 with a tape cassette. At some point, maybe when we had a Commodore 64, we got an amazing 300 Baud Modem that you have the suction cups that you would click onto your handset phone.
Oh my, the first computer that I programmed anything on was at the school and that was the Nokia computer. Nokia used to make computers. These were CPM Machines, but at home, the first computer was a Commodore 64. Now every time I speak to people who used to have a VIC-20, I always give them credit because most people don't know this. VIC-20 and Commodore 64 have basically the same CPU, but VIC-20 is faster. It has a higher megahertz rate than Commodore 64. It might have less colors and less pixels, but it has a faster CPU, so good for you. There you go.
It's a very far cry from what goes on today when our pens have computers in them, our watches have computers in them, and our water bottles have computers in them.
If someone would have told me back then when I was programming my Commodore 64 in […] language in the 1980s, that eventually every home is going to have a computer, I wouldn't have believed that. Of course, much less would I have believed that every pocket would have a computer.
These days, you talked about it in your books, like we were talking beforehand, you've got smart doorbells now. No one would have thought of, “I'm going to have a smart doorbell.”
They make a lot of sense. I understand perfectly well why people have smart doorbells or smart fridges. I don't have a smart fridge myself, but I've seen people doing grocery shopping and they can't remember what's in the fridge so they just take out their phone and look inside the fridge. That makes a lot of sense to me.
The problem, really, is that nobody configures these correctly. In the marketplace, the cheapest product wins. That basically means for the vendors building these appliances, there's no incentive to make them secure. If you invest money as a vendor to make your smart fridge more secure than the competitors’, the only end result is that your product is more expensive.
When people go shopping for fridges or washing machines, they ask questions about the color of the thing or how big it is. Nobody asks questions about security. That's really the problem we have with IoT security.
When people go shopping for fridges or washing machines, they ask questions about the color of the thing or how big it is. Nobody asks questions about security. That's really the problem we have with IoT security. -Mikko Hypponen Click To TweetNo one plans on updating the firmware on the refrigerator.
That's right. In many ways, it's sort of a market failure, and the way we typically try to fix market failure is with rules and regulations. I'm not really a fan of regulation, but if we're going to regulate something, this might be the place to do it. Some sort of regulation, which will make vendors shipping vulnerable IoT devices make them liable for the damages they create.
It's actually quite weird if you buy a washing machine and it catches fire in the middle of the night and burns your house down. The vendor is liable for the damages. But if the very same washing machine has weak authentication or remote authentication back and someone gains access to your home network and you wake up with every laptop in your home having some ransomware on it, suddenly they are not liable. Maybe that's the thing we should change.
Like you said, I hate seeing those things have to happen through government regulations. It's usually a sledgehammer when it needs to be a little bit delicate and more refined.
Then again, you are speaking something from the EU and it's very well known that the EU, in many ways, can innovate so we regulate.
I don't think that's unique to the EU. Most places, it seems to be that the government regulations—I’m trying to choose my words carefully here—indicate those that wrote those regulations don't quite understand what they are trying to regulate so they are overly broad or overly specific and don't really address the problem.
During the spring in Italy, I spent a week there. I couldn't access ChatGPT during the week because ChatGPT is blocked in Italy. Don't ask me why. There's something with copyright or whatever. I'm sure that the ones losing the most out of these kinds of things are the Italians themselves. Regulation isn't easy and I think it typically fails.
Yeah. Let's get back to smart devices. If consumers are generally buying the cheapest devices, they're going to be more prone to having security issues, less prone to having firmware updates. How do we, as consumers, manage our smart devices?
In fact, surprisingly many of these hackable devices online wouldn't be hackable if the consumers would simply read the manual. There's plenty of information coming with these products explaining how to change the default password, how to configure it right, how to prevent outsiders from accessing your control panel, and how to segment your whole network to keep your computers in one segment and your IoT devices in another segment. The problem is nobody reads the manual, so it's not completely the fault of the vendors. The consumers have some responsibility here as well, but we can't really expect consumers to read the manual.
My favorite example about this is that you will remember VHS or VCR recorders in the 1980s. Every living room had one right below the huge TV set. Every time you go to your friend's house, the VCR is blinking at 00:00. The reason why it's blinking is the time hasn't been set. The manual, of course, explains how to set the time. We simply do not know. They never did that, did they?
If you did it then, the next […] and no one repeated it. People did not know how to maintain or configure the device. It's the same problem we have with IoT. Nobody reads the manual.
What are the most common failure points for the consumer then? Is it default passwords? I know some router manufacturers have gotten, maybe I won't call it smart, but each one comes out the door with a unique password on a sticker on the device versus admin admin or password password.
The sticker on the device, I actually like that. Of course it's very weak if someone gains physical access to your router, but that completely changes the threat scenario. Now the attacker has to be in your home. Most attackers are not in your home.
I don't even mind if people wrote passwords in their wallet, sure. It's better to use a password manager. But if you have a password written on a piece of paper in your wallet, somebody has to physically gain access to your wallet, which is not most of the attackers online. If you have a weak password, the whole world can try it.
Authentication is the most common problem. We see this with these massively common IoT works, most of which are one way or another belonging to the Mirai, which we found six or seven years ago. Mirai is Japanese, which means the future. The future of malware.
Fun fact: When we look at the internet traffic all over the IPv4 address space and look at malicious traffic in particular, of course it used to be mostly Windows malware, but it isn't anymore. This is surprising. Most malware traffic we see today is Linux malware traffic. There's more traffic online coming from Linux-based malware than from Windows-based malware.
Most malware traffic we see today is Linux malware traffic. There's more traffic online coming from Linux-based malware than from Windows-based malware. -Mikko Hypponen Click To TweetThe reason why this changed is IoT malware. There's plenty of IoT devices that are running on Linux and there are plenty of these Mirai-related malware out there. They infect devices by trying known weak passwords and username combinations.
Are the threat actors trying to get access to the devices to get access to the internal network or to use them for denial-of-service and launching attacks on others external to their home user's network?
Botnets are the default use for infected IoT devices. It's almost surprising because people think there's no computing power to steal from these devices. Actually, there's surprisingly much to steal. For example, we regularly see security cameras taken over by IoT botnets. Connected security cameras are actually pretty powerful. They have to have wide bandwidth so that they can stream full HD or 4k video streams and they have to have pretty impressive computing capability so they can encode 4k streams in real time.
If you use that to launch another denial-of-service attack, you end up with a really powerful denial-of-service attack, especially when you have, let's say, 5000 or 20,000 of these devices at the same time. We also see them being used for cryptocurrency mining. You would think there is not much power in there, but there are cryptocurrencies which have been designed so that you don't need dedicated devices or GPUs to mine them.
Of course they can also be used as ways of gaining access to further networks. Although, most of those kinds of attacks are then in corporate networks, not in home networks. Think of the coffee machine in the office being infiltrated and then used to gain access to the internal network and then leverage that for lateral movement further in the network.
The denial-of-service attacks these days are getting absolutely terrifying and massive. So many people now have gigabit fiber into the home that you've got a compromised device or two on your network times a million devices, it's a staggering amount of bandwidth.
And it's not going to go away. Right now as we are recording this, NATO is having its summit in Lithuania, not too far away from Finland. Those networks in Lithuania have been under massive denial-of-service attacks for the last days organized by Russian patriotic hacker groups. I was just checking their targets, which they announced in Telegram because they are crowdsourcing these attacks.
They were hitting the conference website where the NATO summit is going on right now. They are hitting public infrastructure like transportation. They are hitting NATO websites. If you have enough bandwidth, you can put down a lot of packets. Even if you have denial-of-service filtering, it's still going to hurt you and going to cost you.
The massive amounts of bandwidth cost money somewhere along the line. Someone has to pay for it somewhere.
Yeah, but then again, it is transient. The way I always explain it to laymen is that it's a traffic jam because that's what they understand. Traffic jams are a huge problem, but once the traffic jam clears, there's no permanent damage. Nothing was stolen. Nothing was broken. It just slows things down.
It's an inconvenience as opposed to damage.
That's right. Then again, if the inconvenience means that you can't get a doctor appointment because the reservation system is down, that's a real-world problem.
Yeah. Traffic jams do have life-and-death consequences at some scale and at some point. Do you see in your research much attack on medical equipment these days?
Yeah. They are as easily hackable as anything else. You would think that the vendors would make sure that medical devices are better protected than a fridge or a washing machine. In practice, they're not. The big typical excuse is that they're supposed to be put into separate disconnected networks or separate segments. They're supposed to be kept offline. That's something which is really easy to say and surprisingly hard to do in the real world.
The root cause why it's hard to do in the real world is the TCP/IP routes; that's the strength of the protocol. That's why we've been using the same protocol for 50 years. It's been designed from the very beginning that if the packet can't get from point A to point B, it will find a new route. If that doesn't work, it will find a new route. It will keep trying until it finds a route. It might go around the world, but if that's the only way to get to the destination, it will go around the world.
This means when you initially set up a network, which is secured and disconnected, over time surprising things happen. Someone reconfigures the network, someone connects two networks together, someone adds a bridge, someone adds a remote access point, or someone installs a modem so they can work remotely. The company buys another company and the networks are merged. Then after two or three years, you're surprised to find that the things which were supposed to be offline are no longer offline.
That could be quite startling when your pacemaker is accessible by someone on the internet.
We've had this happen many times. We scan the networks of different countries, for example, just to see what's in there. When we find something really concerning, sometimes it's a honey pot. That's something which explains some of the worst things we find, but some of them are actually real.
For people who don't know, what is a honeypot?
Honeypot is a bait system, which looks like a really vulnerable, really important system, but it's only there to get the attackers to attack it. In reality, it's not the system it claims to be at all. It's a trap. For example, we find payment terminals online with default passwords and we look at them. We contact the vendor and they tell us that, “Yes, it's fine. It's a honeypot. You don't have to worry about it.”
Sometimes when we call, for example, factories and tell them, “Hey, your control interfaces are exposed to the internet and there's no password.” You end up with these really weird absurd phone discussions where the factory tells you that, “No, you're wrong, Mikko. You're wrong. Our control interfaces are not on the public internet. They're in a private network. They cannot be accessed from the internet.”
Then I tell them that, “You know what? Believe what you want. I'm looking at your interface right now and I'm in Helsinki, Finland,” and they don't believe me. Then I suggest, “OK, why don't I go and start clicking on these buttons in your interface.” Then they're like, “OK, please don't click on the buttons.”
“Please don't break our hardware or shut down our factory. This could cost us real money.” Speaking of all of this hacking, have you been a victim of a hacking incident yourself?
Yeah, I have. I've had my credit card numbers stolen twice over the years. Then again, I don't know exactly how it was stolen. I'm guessing it was stolen in these breaches. Global payments breach was the biggest one we ever saw where more than 10 million credit card numbers were taken in one go. Nevertheless, the end result was that someone in Italy was buying first-class tickets on my credit card and I've been infected.
My computers have been infected as well. I work with malware. I've been doing reverse-engineering for decades. Sometimes, you mis-click. I've had it happen to myself. The end result is that the thing you're trying to analyze, executes and gets out of control. Of course, we do this in disconnected systems in virtual machines, so they're not going to go and infect outsiders, but it's still a huge mess when you have to roll back everything and double-check, triple-check that nothing went down.
I completely understand why people get infected or why people get fooled. When you are tired, when you're anxious, when you're in a hurry, we all make mistakes. I make mistakes.
I completely understand why people get infected or why people get fooled. When you are tired, when you're anxious, when you're in a hurry, we all make mistakes. I make mistakes. -Mikko Hypponen Click To TweetThat's good for people to know that even experts make mistakes and hopefully you're putting things in place to address the mistake when it happens. What are some of the things that people can do as we talk a lot about prevention, but assuming that you have been compromised, what are some things that you should do before you're compromised and things that you should do after you've been compromised?
Before you get compromised, the number one rule is backups. You have to have a recovery mechanism one way or another. It depends if we're speaking about home users or corporate users, but especially for home users, these cloud backups have changed things a lot, especially on Apple side being able to take things into iCloud, which happens pretty much automatically.
Before you get compromised, the number one rule is backups. You have to have a recovery mechanism one way or another. -Mikko Hypponen Click To TweetIt’s really a great way to make sure you have an online backup, which is hard to corrupt for the outsider. Even if the current version of the iCloud backup is corrupted, Apple can roll back to a previous version and there's no easy way for an attacker to corrupt that. That's a great benefit.
If things have already happened, my number one tip is that when you are in a crisis situation, when you believe you've been hacked, or when you are getting scammed, you get a phone call, you get an email about something critical, take a break, step out of the room, walk around the block, and think it through. Just clear your head for a second and reconsider what's happening. “What's the real information? What's really happening? Am I being scammed? Am I being fooled, or I made a mistake? My machine is infected.”
Instead of drastically trying to undo everything, step away from the keyboard and think for a moment before you act. Think about who you should be calling for help. Think about what you should be doing next instead of doing it.
That taking a pause is a good practical thing when things start getting out of control.
As always, it's much easier to say than to do.
Yeah. In the moment, when the adrenaline is flowing, when your emotions are high, stopping and walking away is really, really hard to do.
That's exactly when you should do it.
We almost need a circuit breaker when our emotions get too high. It just clicks and, “Nope, I’ve got to take a break.” Let's shift gears and talk a little bit about, I don't know if you call it cyber warfare, but let's talk about what's going on between Russia and Ukraine on the cyber front.
Sure. Just as a background, Finland has 900 miles of border with Russia. Both my grandfathers fought the Russians in the Second World War. Finland has a very long history with a very problematic neighbor, the biggest country in the world. Since I've been working for Finnish cybersecurity companies all my life from here, of course we pay close attention to what's happening in Russia. Not just Russia and cybercrime gangs, but also the Russian government.
There's been plenty of attacks by the government, espionage attacks, over the last 15 years that we've been investigating. But now when things are becoming much more concrete, what we are seeing is that countries like Russia, they're not only doing espionage, they're also sabotaging with cyber tools. When you do sabotage during wartime—we don't call it sabotage, then it's war. These could be called cyber weapons and this should be called cyber war.
If you look at what's happening right now between Russia and Ukraine, they are fighting a war in five different domains at the same time: on land, on sea, in air, in space, and in cyberspace. The interesting thing when you think about these domains where we find our wars today is that the expansion of these domains from the original domain, which was only a land war—thousand years ago—the only wars we had were land wars—have always been shaped by technology and it's going to continue whatever the next domain for war will be shaped by technology.
We don't know what it's going to be. What we do know is that it's going to sound like science fiction today exactly like cyber war would've sounded like science fiction 30 years ago.
What are the targets that both countries are going after and what's the intent behind it to further the physical war?
There's both spying and espionage happening, which is crucial. Today technology enables you to track troop movements or grouping of the troops in a completely different way than it used to be. If you look at the Russia-Ukraine war right now, in many ways, it resembles the war we had 80 years ago in Europe. You have tanks and you have guys in ditches with assault rifles; that’s like we did in 1943 or whatever.
The difference is that now you can send out drones and satellites to look at what's really happening. You can triangulate RF radio. You can track people's mobile phones, which means you get much more information. The kind of information that during the Second World War, the only way to get that information was to send someone over there to see it with their own eyes. That's the only way you would really be able to figure out what was happening and that's the real difference. Technology is shaping war in many ways, but the real game changer is cyber attacks themselves.
Russia has been targeting Ukraine with cyber attacks for the last seven years, both for gaining access to their systems to get information, but also destruction. GRU, the Russian military intelligence, is best known for doing these destructive attacks, including attacks like NotPetya from six years ago or the attacks we've seen over the last 18 months including the 27th of February 2022 attacks against Ukrainian border control systems.
When the war broke out again in February last year, there were these massive cues of women and children trying to flee Ukraine to the safety of Poland and they couldn't get out of the country. They were like 24-, 48-hour cues on the borders, which were caused by the fact that Russian cyber attacks had wiped the computers of Ukrainian border control. The borders were open, but the computers were down and everything had to be done by pen and paper. That's what normal modern and cyber war looks like.
Taking out kind of critical infrastructure and whatnot, has there been many attacks on power, water, utility platforms?
There's been attacks on electricity multiple times, but the last successful time Russians were able to cut power in Ukraine was almost three years ago and it's not for a lack of trying. They've tried over and over again, but lately they've been failing and the reason why they're failing is very simple: Ukraine has become the best country in Europe to defend their networks against Russian governmental attacks. They're better than us here in Finland or in Germany or in the UK or in France.
The reason is very simple. They've been targeted with these governmental attacks from Russia for seven or eight years now. When you do something over and over and over again, you become an expert in whatever you're doing. That's what they've done. In Finland, we have a large reserve. We are a country of five-and-a-half million people, but we have a million men reserved, including me.
Whenever I go back to military refreshers, they don't give me a gun, they give me a keyboard because that's what I'm best at. When we do our rehearsals, it makes us believe we're playing, like games. We are figuring out that if the Russians would do this, what would we do then?
That's completely different to what Ukrainians are doing. They're fighting a very real war and they've been defending against very real attacks for many years. That's what gives them the expertise. Of course, they have very powerful help from the West helping them defend against these attacks from Russia.
Is some of it just because they've had time to address some of the things that we were talking about earlier? We thought the network was segregated, but, “Oh, someone put a modem in over here, someone connected these networks together over there,” that they just had the practical experience of having to defend for so many years that they just kind of are more aware of the digital landscape, so to speak?
It's a big country. They have great technical expertise. They have great universities. They have a large infrastructure. The biggest challenge they've had is the amount of legacy systems. If you look at their GDP, it's not a very wealthy country compared to most of Europe and that really translates directly to the fact that there's a lot of old systems running old operating systems on them.
As you know, it's almost impossible to try to patch and defend outdated systems and legacy systems. That's the thing that they've been able to improve heavily over the last 18 months or so. They've also heavily embraced cloud ever since the invasion started in February 2022. They moved their governmental systems very quickly to cloud environments as Russian troops started rolling over the border.
Then I imagine, I kind of think that if you have soldiers with cell phones in their pockets, that becomes a whole new way to try to figure out what's going on. Now you're trying to compromise phones belonging to soldiers to figure out where they are using cell phone systems to find out where devices are and then trying to determine, “Are these domestic or are these foreign devices?” and use that as intel as well.
Yeah. We are carrying supercomputers in our pockets with all the benefits and with all the problems that come with the fact.
You were talking earlier about the next domain for war. What do you think the next domain is?
I don't know, but I can make a guess. I already said that it's going to sound like science fiction. What would be enough science fiction-like? I don't know. How about this: the sixth domain for war will be nano warfare, where the armies would be dispersing airborne aerosols over the battlefield, which would contain tiny nanobots, which would enter the bloodstream of enemy soldiers and find their way to their brains to change their thoughts.
Does that sound like science fiction? Yes, it does. Just like cyber war sounded like science fiction 30 years ago.
Nanopipes that just disable all the equipment.
Yeah, something like that. Maybe it's going to be something on AI, which of course, AI is leading the hottest AI summer in history.
Let's wrap up with AI. What are your thoughts, concerns, and joys about AI?
We started building machine learning systems for our cybersecurity products in 2005. That's 18 years ago. That's a really long time ago. All that time, we've been waiting for our enemies to catch up, to start to use the same technologies.
We're still mostly waiting. We've seen the deep fake. We've seen the first Python malware, which uses GPT to write its code. What really is still missing, which could happen any day, is complete automation of malware campaigns. This is going to be interesting when it happens, because right now, there's very few areas where the defenders are winning and the attackers are losing.
When you think about the automation of detection technologies, we actually do have the upper hand because we are much, much faster than the enemy. Security companies like WithSecure, where I work, or EDR products all around the world are automated as much as possible. Whenever there's a new possible attack, it gets dropped into a honey pot. The samples are extracted, they're thrown into virtual systems, they're executed and analyzed. If they turn out to be malicious, detection is automatically built, tested, and deployed. This happens in minutes.
The attackers are still working manually. They are writing a new ransomware. Then they are crafting malicious emails, registering domain names, spamming out the emails, and then when they realize that the domain is blacklisted, they go and register a different domain. When they notice that the emails are thrown into spam, they rewrite the email. When they realize that the binary is detected, they recompile it manually at human speed and the defenders work at machine speed.
We do have the upper hand for now. When the attackers change, when they shift into full automation, which they could do today, then it's going to be a machine against a machine and we don't really know who's going to win. The only thing we do know is that the only thing which can defend you from a bad AI is a good AI.
Maybe that's the next domain for war is AI versus AI.
It sounds like a new movie.
Or an old movie, I guess, depending on how you look at it.
Yeah, very true.
There've been a few of them out there. As we wrap up here, if people want to find more about you, what you do, and the books you've written, where can they go?
Sure. They should go to my website, my name is Mikko and my website is mikko.com. On the website, there's a section for publications, including my newest book published by Wiley in August 2022 called If It's Smart, It's Vulnerable. Now available in four different languages. We're actually right now working on Ukrainian translation as well. I'm really happy that it's been received well and it's a bestseller. I'm really happy about the success of the book.
That’s awesome. I assume it's available everywhere that you can download, listen, and physically ship books from?
It's on Amazon as a hardcover, ebook, and audiobook. Audiobooks are great. I really love the guy who read the book, I didn't read it myself.
Oh, that's too bad.
My publisher actually asked me, “Mikko, why don't you just read one chapter from the book to your recorder and send it over and we'll consider if you should read it yourself?” I did my best reading impression. I sent it over and they were so nice. They replied back to me, “Mikko, this is great. We love the way you sound. Your English is excellent. Your pronunciation is top-notch, but really no one's going to listen to eight hours of this.”
Oh, that's too bad. Can people be able to find you on social media, or have you abandoned social media or switched to Threads?
I can't switch to Threads. It's not available in the EU. I haven't even seen it. It's actually surprisingly hard to get into the EU. Of course, I can use a VPN to go to the USA, but you would have to have the US version of the app store to be able to download it. It's a bit tricky because then you have to throw away all of your existing applications.
I haven't even seen it, which means I'm still on Twitter. I've been on Twitter for 13 years. I have a big following there, so it's kind of sad to let it go, but it seems to be dying.
Is it just Mikko?
It's just Mikko.
You thought about these things many years ago before the rest of us.
Personal branding, Chris. Personal branding.
Always a challenge for people. Thank you so much for coming on the Easy Prey Podcast today.
Thank you for having me.