Why Red Dragon 1949 Can Only Tell You SOME of the Cybersecurity Stories He's Lived

RedDragon1949 is an experienced Cyber Warfare Officer and an independent information security professional who has worked in some of the most serious cybersecurity hot spots in the world - including North Korea, China and Iran.

If you think you know what is happening in the world of cyberwarfare and espionage, you may want to check in with RedDragon1949. If you have no idea what is happening, you definitely want to catch up with him.

About Red Dragon 1949

Red Dragon 1949 is an internationally recognized cyber intelligence subject matter expert who has provided multi-cultural threat intelligence on global nation state cyber warfare attacks and information warfare initiatives. His clients include global 50 companies across industries including healthcare, oil and gas, international defense, and cyber threat counter- intelligence activities.

He has conducted numerous classified cyber, physical and social engineering threat and vulnerability assessments worldwide for commercial and governmental agencies. ed Dragon 1949 is also a registered white hat hacker and was named one of 20 Cyber Policy Experts to Follow On Twitter.

RedDragon1949.com is the premiere global web location for all updated information focused on the People’s Republic of China. Their intent is to develop a mutual cooperation and understanding of how the Internet and connected systems can be used by a nation state as a military weapon system.

About Matt Stephenson

Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity Podcast and host of ThreatVector.

Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.

Can’t get enough of InSecurity? You can find us at ThreatVector InSecurity PodcastsiTunes/Apple Podcasts and GooglePlay as well as SpotifyStitcherSoundCloudI Heart Radio and wherever you get your podcasts!
 

VIDEO TRANSCRIPT


MATT: Welcome back to Insecurity…. and now we have a very special treat—and I know I say we have special treats all the time—but this one, it's rare that we have to refer to someone by a handle because the security of millions could be at stake. With that, I introduce you to RedDragon1949, and that's actually the best way to find him on the internet. I don't even know where to start with your story. Let's go a little bit of background first. United States Government currently monitoring really four countries considered what, serious cybersecurity threats?

REDDRAGON1949: Yes, yes. Well, and a lot of this goes back to the history of cyber warfare, specifically in the cyber espionage vertical of this domain that we find ourselves in terms of cybersecurity at large, with the Office of the Director of National Intelligence and Counter Intelligence Executive, and actually naming the Russian Federation and the People's Republic of China and their theft of intellectual property and other types of important facts about companies, organizations, and certainly government agencies.

REDDRAGON1949: That was 2011 and now here it is almost 2020, a little bit over ten years later, and we're still at it yet.

MATT: Glad to see so much change and success with those two nations and the two others on the list. Iran and North Korea.

REDDRAGON1949: Democratic People's Republic of Korea. Absolutely. DPRK.

MATT: And now you've got a lot of experience doing a lot of really interesting things. Some of what you can even tell us about. Of these four countries, where have you worked perhaps and even lived?

REDDRAGON1949: Well, with the exception of DPRK, North Korea, I've either lived, worked, or studied abroad with the exception perhaps of Russia, the Russian Federation. But I grew up in Tehran, Iran, before the Shah was deposed and was there for just about almost seven years and then I first went to China in 1983, actually having to get a special waiver to get out of the Marine Corps.

REDDRAGON1949: It was right after Kissinger and Nixon had opened up China to the world.

MATT: And that had to be an interesting proposition, you said, "I would like to get out of the Marines in order to move to China. "

REDDRAGON1949: Well, it was phrased a little bit more differently than that. May I use some profanity?

MATT: Please. We're all adults here.

REDDRAGON1949: Yes. This Gunnery Sergeant calls me up from Headquarters Marine Corps and he's like, "Hagestad, what the f*** are you doing wanting to go to China?" And I said, "Well gunny, I think it's important for us to understand and learn about our adversaries because we may go to war with them one day." That's 1983, and he said, "Well, I'm going to approve this Hagestad, Headquarters Marine Corps wants you to go and do this study abroad. But when you're done, you muster right back and you're going to let us know what you discovered."

MATT: So you have a very interesting resume/CV, between time spent abroad studying in China at a time that was very serious to make that decision, and being born and raised, not born and raised, but just having spent part of your childhood in Tehran, maybe gets a few cross-eyed looks from some government agencies?

REDDRAGON1949: Well, yes. I mean our government certainly because I have a clearance, they've done all the backgrounds and things and certainly my files were affected by the OMB hack. So the government that may have been involved or not, certainly knows my history and I'm very transparent when I go abroad. Absolutely, I don't play any games, it's very serious business.

MATT: Now you spend a lot of your time working abroad, which means you get to see these cultures from within.

REDDRAGON1949: Yes.

MATT: You know the views of America on how they feel.

REDDRAGON1949: Absolutely.

MATT: But you also have that rare look into how they see us. How is that exchange? What are we getting right? What are we not getting right? What are they getting right and maybe not getting right?

REDDRAGON1949: Well, and that's a good question. So if we take, for example, the Chinese, and everyone knows that I'm part of a Chinese military think tank, the Knowfar Institute out of Jiangsu Province. I asked one of their sponsors from Beijing who had some minders with him and I said, "So what do you guys think about the United States?" And he's like, "Well, we know that you've had a lot of combat experience and you’re representative of that, and we want that from a military perspective, but actually we would rather prefer that you went and invaded North Korea so we could economically colonize it."

MATT: Let's go, just lay that out of the table. We'll be honest up front.

REDDRAGON1949: Yes, absolutely.

MATT: So I like that approach.

REDDRAGON1949: So we know their desire and their intent.

MATT: Yeah. So when you are ready to take that next engagement, knowing that you're going to be overseas with, regardless of which country that's in, what types of things do you need to keep in mind as the, obviously, you're traveled enough, you're not the ugly American when you go somewhere, you know what you're doing?

REDDRAGON1949: Yeah.

MATT: When you come to China, what happens when you land and you look around? It's like, all right, I'm here for ‘X’ amount of time. I need to be ready for anything.

REDDRAGON1949: Well, and be ready for anything is the operative statement, everything's a test. Everything I do, touch, say, act is being evaluated and reviewed by the minders that I have, whether it's the Russian Federation, People's Republic of China, or any other country that I've gone to. They want to check to make sure and they'll ask me questions from my history that I never thought they would have known to test me to see if it's actually what is true or not.

MATT: I guess that's one thing I'm wondering about, given all of the time you spent in countries that we have labeled as adversaries, when I say people raising an eyebrow at you, maybe it's not here, but when you go to Russia and they see that you are an American who has spent time in Iran, time in China at times of when they were cozy with them and we were not like, does that change? Is your experience different than mine would be, knowing that my resume is totally boring in general, but certainly compared to yours?

REDDRAGON1949: Well, it goes back to what I just mentioned. Everything that I perform, or say, or do, is being reviewed, and generally my reception, staging, and onward integration, RSO and IO, as we use in the Marine Corp into that culture for whatever the action is that I'm being asked or told to perform while I'm there by that government, is organized by them. For example, my entry into Russia, which I have no experience in, don't speak very much Russian at all, was being befriended by two separate Russian hackers at conferences around the world. And so lo and behold, when the driver came to get me as a guest of the Ministry of Foreign Affairs in Russia, they were there to greet me and bring me in. I know. Exactly.

MATT: I'm trying to picture that here. The limousine shows up to take you to Congress and there are two hackers in the back seat.

REDDRAGON1949: Oh yeah, but they knew that I had a familiar relationship with them and it's interesting because I owed them quite a bit of thanks because growing up as a Marine, we were trained to target on the Russians with our weapons systems. The popup targets were always the Russian Commie. And for the first few hours when you get in a country like Russia, or China, or wherever it might be, you're tired, and you're hot, and you just want to go lay down. Well, they kept me awake for a good seven or eight hours and they demystified Russia. They took me to the Kremlin, we took pictures there, took me to a Russian restaurant.

MATT: Oh, nice.

REDDRAGON1949: Took me to Saint Basil's Cathedral, took pictures and I really appreciated it because they demystified what I thought was an enemy state and let me see it from a cultural perspective. They're human beings, just like we are.

MATT: And you've been softened up a little bit by a very long flight, so you're ready to absorb some things.

REDDRAGON1949: Absolutely, the steak was tender.

MATT: So, we are in Vegas right now for the 10th anniversary of Bsides. You are volunteering, which is awesome, but you've got some other stuff going on this week. You're giving a talk at DEFCON?

REDDRAGON1949: I am, yes. I'll be speaking about the Chinese military's use of biochemical weapons.

MATT: Very interesting.

REDDRAGON1949: Yes, it's TLP red. So traffic light protocol red. So-

MATT: Does that mean we can't talk about it?

REDDRAGON1949: We can talk about it, but I can't give you details. And once it's talked about or spoken about, there won't be any residual effects that could be used against anybody because of the sensitive nature of the material.

MATT: Now with all of your experience, you have done a lot of different things that we can wrap into security, but you are not coming out of a technology or a cybersecurity studying background?

REDDRAGON1949: Not at all. I mean I do have advanced degrees courtesy of our tax dollars if you will. And-

MATT: You're welcome.

REDDRAGON1949: Yes, exactly. But essentially, so I have three Masters degrees, one from the Marine Corps Command and Staff College and then I have one from the University of Minnesota, basically management of technology. Then another one in security technologies. In my third Masters I took my thesis statement, it essentially said in 2010 that I thought that the Chinese, who I thought, were somebody that I had studied before might use a computer, or keyboard and a mouse, and a monitor, as a weapons system. Much like we use kinetic systems in the Marine Corps to defeat fixed in place and defeat an enemy and my Masters became a book, 21st Century Chinese Cyber Warfare. In doing that, our government and other governments want to know how I was able to predict that. I'm not saying I predicted Chinese cyber espionage, but it's just hilarious that the path that we're on now was essentially nothing existed before that. I mean there was sporadic events and then it suddenly just kind of blew up and I just happened to be at the epicenter of that. Just blind luck.

MATT: Well, but that's the perfect, I don't believe there's anything blind luck about what, we've been talking enough. I think I have an idea that luck is very little what happens with you, but epicenter is such a great word because you are working in the intersection of economics, of history, of culture, of technology, and all those things. Is that something that we tend to forget about? That we get focused on if it's election manipulation, we want to talk about hacking the voting booth, which seems to be kind of the last in line of things you'd want to do for that sort of thing.

REDDRAGON1949: Absolutely. The most important thing that I've told customers, governments, agencies around the world is look at it from the eyes of the adversary or a commercial enterprise. What is it that if you lost, you would economically cease to exist tomorrow? And you have one of two things. You can either give it to the adversary or sell it to them and make a profit before they turn around and steal it from you and make their own money out of it and you cease to exist. Vis-a-vis the telco state-owned enterprise Huawei and ZTE, and the joint venture with Nortel, the Canadian telecom.

MATT: Yeah. I remember that.

REDDRAGON1949: Fascinating. Yes.

MATT: So, one thing that you'd like to, a myth you'd like to explode given the countries that you've worked in, American attitudes toward them for the entire world because the entire world definitely watches Insecurity, what's something you would wish people would stop thinking, whether it's about Iran or about China or about Russia, just from your experience, your involvement?

REDDRAGON1949: Well, it would have to be the country that I grew up in, the Islamic Republic of Iran. It was Persia, then Iran, and I will tell you that the folks that I interact with academically, because I still teach at university, NSA Center of Excellence, is that the people very much want regime change. There are people just like you and I, they are sick and tired of the oppressive regime of the Ayatollah and the IRGC, Islamic Republic Guard Corps, and the heavy fist that they're using to suppress the people. And human rights aside, you look at the Uyghurs in China, I think that the Persian people want to have a society of their own or they're able to exchange ideas much like it was when the Shah was in power and seeing that all of the Iranians are wrong or bad is a myth that I'd like people to stop. Certainly the government is definitely not good, but not every government is perfect.

MATT: Now you are doing speaking engagements, you have written four books.

REDDRAGON1949: Four books. Correct.

MATT: You are all over the world. Shameless plug time. If people want to dig in and learn more about what you have done, what you have predicted. So even some things that may be yet to come, where can they find you?

REDDRAGON1949: They can find me at redragon1949.com, and occasionally I'll post things for folks that they may not otherwise be able to enjoy, for people that may digest them and use them for things that may be in the defense of our country.

MATT: And same thing on LinkedIn as well. So trust me, there's a lot of good stuff out there. We wish that you could come to DEFCON and check it out, but you never know, there could be a podcast or two in the future. @RedDragon1949. As for us, all the good stuff you know we're doing it at threatvector.Cylance.com. On Twitter it's @cylanceinc and at BlackBerry. I am Matt Stevenson. You can find me at @packmatt73, We're looking for the cool folks. I hope we find them.