Robert Lemos

A Russian site has somehow gotten the transcript of my interview with the Dream Coders Team, the developers of MPack, and posted them. In fact, they scooped my own posting at SecurityFocus, posting apparently the day of the first interview I had on June 20 (June 21, Russian time) and then updating the following day. The two later chat sessions, on June 26 and July 2, were not posted.

I just learned that they published the transcripts today, after someone posted the link to the comment section of OffensiveComputing’s post on the interview. The Russian information in the chat log, the local time, and the fact that
the chat included blank responses apparently from me, all point to the logs being from the interviewee’s computer.

The posting of the chat sessions poses some interesting questions, among the most salient being: Why would DCT post the interviews, and if it wasn’t DCT, does that call into question the identity of the interviewee?

The first question, unfortunately, I can’t answer. Either DCT gave the transcript to the site for an unspecified reason, or someone was able to get the transcript from DCT without the Dream Coders Team knowledge. Of course, if someone had access to the Dream Coders Team’s systems, then ostensibly the identity of the person with whom the chat was conducted could be called into question.

Online identity is a tricky thing. I plan to put up another blog post delving into the issues tomorrow. However, suffice it to say that establishing identity between the creator of the program and any given e-mail address is nearly impossible using only online sources. Instead, there has to be clues left by the developers. In this case, an online advertisement for MPack had an ICQ number to which I sent my message for an interview request. A person responded to that request, ergo, the person was likely to be associated with MPack.

So, if a potential answer to the question of who posted the interview is that the interview was posted without DCT’s knowledge, then it is possible that whoever was able to get the chat sessions from DCT’s systems could also have gotten access to the ICQ account and faked the interview. However, I think this explanation is unlikely. Especially since the (translated via Google) introduction to the interview is:

June 21, 2007 Interviews with party commands DCT.
Actors: actor DCT (Coders Dream Team), Rob Lemos (Rob Lemos, SecurityFocus editor and reporter CNet News.com the security).The interview covers the history of Mpack, also touched on some interesting aspects. The dialogue is in English.

Note: The Russian that Google translated as “Actors” and “actor” is translated by Babelfish as “The characters” and “participant,” respectively.

There are other questions involving the chat sessions and journalism that I wanted to address as well.

The first thing that a reader will notice in comparing the interviews is that the chat session is typical of the breed: Messy with answers not always following questions and a few extraneous comments thrown in. For that reason, and after consulting with some other journalists, I decided to clean up the interview for posting — as I noted in the introduction to the SecurityFocus interview.

Another issue is that three topics that were in the original chat sessions were not in the interview that appeared on SecurityFocus: DCT’s critique of the comments made in another interview in which security researcher RSnake talked with a phishing fraudster, information and opinions of the Estonia attacks, and DCT’s opinion of the Russian Business Network (RBN). All of these were issues that I brought up to get an opinion from the interviewee. However, those comments, in the end, were not relevant to the issue at the heart of the interview: The MPack infection kit. For that reason, they were not included in the final Q&A.

Finally, a grab bag of smaller points. The picture to which the interviewee referred showed a desk with a computer on it, both covered in what appeared to be $100 bills. I thought it was gratuitous, so didn’t put the image in the SecurityFocus interview. Also, while the interviewee asked to see the final interview, the SF transcript was never given to DCT before it was published. Finally, the interviews on June 26 and July 2 had little relevant content, and mostly were about assuaging the interviewee’s suspicions that I was somehow connected to law enforcement, which is why they were likely not included in the online transcript.

So, since they have been published elsewhere, I’m posting the the full transcripts to the two interviews in question here. I’ve changed DCT’s ICQ number to his pseudonym and my information to my name as well. Otherwise, the interviews are verbatim, with a single comment noted in italics. I have not included a link to the original site where this was posted, as — considering who the interview subject is — it could be, or could be changed to be, a malware infection site.

Here is the first interview:

June 20, 2007
(04:50:32 PM) DCT: hi, I am here 21-03 GMT +3
About MPack
(04:52:06 PM) Rob Lemos: Hey, thanks for getting in touch.
(04:53:08 PM) Rob Lemos: If it would make it easier, do you want to create a throwaway e-mail address that I can correspond with?
(04:53:18 PM) Rob Lemos: Or is ICQ your preferred method of contact.
(04:53:39 PM) DCT: I think icq is much better than e-mail
(04:54:24 PM) Rob Lemos: OK. For introduction purposes, I’m Rob Lemos, editor of SecurityFocus and former CNet News.com security reporter.
(04:55:17 PM) Rob Lemos: First question: How old is Mpack? Panda dates its first detection back to December 2006, but I see your copyright goes back to 2005.
(04:57:08 PM) DCT: (repeat the msg if I went off, all these socks sometimes work bad)
(04:57:35 PM) Rob Lemos: Rob Lemos: OK. For introduction purposes, I’m Rob Lemos, editor of SecurityFocus and former CNet News.com security reporter.
(04:55:17 PM) Rob Lemos: First question: How old is Mpack? Panda dates its first detection back to December 2006, but I see your copyright goes back to 2005.
(04:58:02 PM) DCT: Nice to meet you)
(05:01:22 PM) Rob Lemos: BTW, I have a lot of questions and the connection seems to be spotty. Should I just send them in ICQ to you?
(05:01:56 PM) Rob Lemos: (It’s why I tend to like interviewing using e-mail.)
(05:02:47 PM) DCT: About the first version - it was only for internal testing purposes from the beginning - june 2006
(05:03:31 PM) Rob Lemos: When did you start selling Mpack? How profitable has it become for you?
(05:03:31 PM) DCT: My friend (hello to fuzka) was helping to analyze different exploits and make a pack from them
(05:05:00 PM) DCT: It become a commercial project since august-september 2006.
Which answer do you want for the second question?
(05:05:53 PM) Rob Lemos: Profitable or not? And if you want to give the number of copies you have sold and the number of support licenses you have, that would be interesting.
(05:05:56 PM) Rob Lemos:
(05:06:32 PM) Rob Lemos: I have to go for about 30 minutes. (Going to have dinner with my family.) Can I ICQ you then?
(05:06:42 PM) DCT: yep
(05:09:08 PM) DCT: about the profits -
The project is not so profitable compating with other activities over the internet. But I just like it, thats why it is still alive)
(05:40:18 PM) Rob Lemos: I’m back. Any idea on how many servers that MPack is currently installed on? Or how successful it has been?
(05:42:29 PM) DCT: I really don’t know about the number of servers, I suppose it counts in tens
But if you are talking about the pages containing iframe to the server with the pack - this value may counts in tens of thousands
(05:43:33 PM) DCT: Successful, heh =) It just works and do what it should do
(05:45:37 PM) Rob Lemos: Panda estimated in May that 160,000 computers had been compromised by Mpack and Dream Downloader. Does that sound like a legitimate number to you?
(05:47:12 PM) Rob Lemos: Also, considering that your software consists of PHP scripts, do you worry that someone will just use the latest version and continue building their own project based on that?
(05:47:17 PM) DCT: Sounds a bit large but may be true. Clients doesn’t give a usage statistics to us
(05:47:17 PM) Rob Lemos: Or is open source OK with you?
(05:49:18 PM) Rob Lemos: Also, there has been a lot of talk about “Russian cyber gangs” behind WebAttacker and MPack. Any chance you consider yourselves part of a “cyber gang”?
(05:49:22 PM) Rob Lemos:
(05:49:27 PM) DCT: Well, anyone of course can try to do that, but will they be succesful? The main thing in MPack not the scripts itself but the support, and the method exploits are combined together
(05:50:37 PM) DCT: Cyber gang is a funny word from AVers and officials. We are just a group of people working together, but doing some illegal business
(05:51:06 PM) DCT: Anyway, I know the WebAttacker team, we are the friends =)
(05:53:11 PM) Rob Lemos: Where are you based, if you don’t mind me asking?
(05:53:34 PM) DCT: Rebuild the question pls
(05:54:06 PM) Rob Lemos: Are all your members Russian? Or are you international?
(05:54:49 PM) DCT: Developers are russians, helpers and testers are from other countries
(05:55:19 PM) Rob Lemos: Do you mainly sell to other Russians? I’ve only seen advertisements for the product is Russian.
(05:55:29 PM) Rob Lemos: *in* Russian.
(05:56:51 PM) DCT: It was started for ru-speaking “market”, but nowadays more and more guys from another countries gets in touch interested in buying the pack
(05:57:32 PM) DCT: It all because of AVers articles about the pack
(05:58:14 PM) Rob Lemos: Also, do you have connections with real-life criminals? The AV industry always seems to try to make a connection between criminal groups and the up-and-coming cyber criminals. It would seem that groups of programmers like yourselves would potentially get contacted by criminals.
(05:58:30 PM) Rob Lemos: On the AV attention — any marketing is good marketing, eh?
(06:01:26 PM) DCT: Well, about link with real-life criminals - I think it is a bullshit. AVers want to make an image showing us like bad guys stealing smthg from stores, etc. But really almost nobody from my friends contacts with criminals about our work or anything else
(06:02:25 PM) Rob Lemos: So how would you characterize yourselves? Are you online friends? RL friends? Are you all college computer science graduates or self-taught coders?
(06:02:35 PM) DCT: About AV attention - well, yes, but it is bad - more people know about the pack - more the officials want to catch us
(06:03:42 PM) Rob Lemos: True. Are you worried about prosecution? In the U.S., where I’m based, writing tools like MPack might not be illegal, but the fact that you advertised for illegal use would likely get you at least a conspiracy charge.
(06:03:56 PM) DCT: We are all the online friends. Some are RL friends. Mainly self-taught
(06:04:03 PM) Rob Lemos: For example, HD Moore and Metasploit…
(06:04:59 PM) DCT: In Russia there is a law which forbide creation of tools like MPack
(06:05:29 PM) Rob Lemos: Where are you headed with development? Just keeping up with the exploits? Or do you intend to make the tools more business-like or more user-friendly?
(06:06:06 PM) DCT: We make all the possible things to be secured even if an officer will broke the window and will try to get the PC for analyzis =)
(06:07:21 PM) DCT: Main aim is to make it work better - make more infections in other words. Everything other is not so important
(06:10:14 PM) Rob Lemos: Cool. I’m finishing up a story now for posting (Congressional hearings on the Dept. of Homeland Security’s poor security), but if you have some time tomorrow, please contact me, I’d like to ask some more questions after I think about all of this.
(06:12:22 PM) DCT: Ok, no problem. And I advice you to use the Opera with scripts and plugins disabled in order not to be catched by the MPack some day =)
(06:13:48 PM) Rob Lemos: Hehe. Right now I use Linux with Firefox and NoScript. Not perfect, but everything requires Javascript these days.
(07:07:28 PM) DCT: http://img115.imageshack.us/img115/7933/sdape0.jpg
a picture from my friend for you
(07:15:34 PM) Rob Lemos: very nice. how much money is that?
(07:15:48 PM) DCT: about 50k
(07:17:26 PM) Rob Lemos: how’s does he make his money?
(07:19:13 PM) DCT: Generally - MPack + brains
(07:19:27 PM) DCT: fraud
(07:22:28 PM) Rob Lemos: So he’s a customer?
(07:22:58 PM) DCT: yes

And the interview from the second day (almost 10 lines are missing from the end of the leaked transcript, so I have not included them here either):

Jun 21, 2007
(01:22:19 PM) DCT: Hi, you wanted me to contact you today
(01:56:34 PM) Rob Lemos: Hey.
(01:59:11 PM) Rob Lemos: What’s this Russian Business Network (RBN)? I was just looking at an iDefense/Verisign analysis of Mpack and they mentioned the RBN. Familiar with them?
(02:00:21 PM) Rob Lemos: Also, are you “$ash”?
(02:01:09 PM) DCT: We are familiar with RBN, it is some kind of a hoster
(02:01:25 PM) DCT: $aSH is a separate person
(02:01:44 PM) Rob Lemos: Ah. What name should I use to refer to you?
(02:02:06 PM) Rob Lemos: And does your group of programmers have a name?
(02:02:27 PM) DCT: You can see it right near my messages, or in the profile
(02:03:09 PM) Rob Lemos: DCT?
(02:03:38 PM) Rob Lemos: Ah, DCT.
(02:04:04 PM) Rob Lemos: Dream Coders Team == dct?
(02:04:21 PM) DCT: yes
(02:04:36 PM) Rob Lemos: How many are you in total?
(02:05:34 PM) DCT: dreamcoders together is 3 persons on constant basis & some people are periodically recruited for one-time job
(02:06:09 PM) Rob Lemos: So you (DCT), $ash and one other?
(02:07:11 PM) DCT: 3 coders, $aSH is some kind of marketing director
(02:07:38 PM) Rob Lemos: So you’ve built this up with almost the same structure as a company?
(02:07:55 PM) Rob Lemos: Does that make you “founder and CEO”?
(02:08:26 PM) DCT: looks like yes in both questions =)
(02:09:39 PM) Rob Lemos: When you called RBN a “hoster” do you mean like an ISP that hosts people, or is that a name for groups that use Mpack and other packages to compromise people?
(02:10:02 PM) DCT: ISP
(02:10:46 PM) Rob Lemos: So when iDefense/VeriSign makes statements like:
“The Russian Business Network (RBN) is one of the most notorious criminal groups on the Internet today. A recent MPack attack installed Torpig malicious code hosted on an RBN server. RBN is closely tied to multiple attacks including Step57.info cPanel exploitation, VML, phishing, child pornography, Torpig, Rustock, and many other criminal attacks to date. Nothing good ever comes out of the Russian Business Network net block.”
Does that make sense?
(02:11:25 PM) Rob Lemos: Or is it someone hosted on RBN doing all of this?
(02:11:52 PM) Rob Lemos: And is RBN an ISP that is friendly to criminals?
(02:12:11 PM) DCT: All these things were done by their customers, not by RBN itself
(02:12:33 PM) Rob Lemos: Isn’t RBN under any pressure to shut these people down?
(02:12:58 PM) DCT: Of course, the officials are pressing them pretty much
(02:13:13 PM) DCT: And sometimes very successfully
(02:14:38 PM) Rob Lemos: On a different note, some of these security analysts are referring to Mpack as WebAttacker II, but there is no relationship between WebAttacker and Mpack is there?
(02:15:51 PM) DCT: Calling MPack as WebAttacker 2 is a mistake. It is 2 different projects. I was talking to WebAttaker’s manager recently and he told they are goind to start the real WebAttacker 2 pack in the nearest time
(02:18:53 PM) Rob Lemos: Any chance I could get an introduction?
(02:19:37 PM) DCT: wait a bit
(02:19:51 PM) Rob Lemos: Do guys code the exploits yourselves? Or do you use publicly released PoC as the basis of your exploits?
(02:20:20 PM) Rob Lemos: No problem.
(02:23:30 PM) Rob Lemos: That is, would you put your exploit coders on the level of, say, HD Moore, or do you use what people like Moore and other do to create your exploits?
(02:35:44 PM) DCT: I think we are far from guys like HD Moore, because for our pack there are 2 main methods of receiving new exploits - the first one is guys sending us any material they find in wild, bought from others or received from others, and the second one - analyzing and improving the public reports and PoCs
(02:39:22 PM) DCT: If you want any info about WebAttacker 2 - you may contact MrTwister
(02:54:33 PM) Rob Lemos: MrTwister is an IM handle?
(02:55:36 PM) DCT: ICQ nickname, I cant find his icq # in the list
(02:55:50 PM) Rob Lemos: For the first way of getting exploits, do you pay for the exploits sent in that way?
(02:56:15 PM) DCT: Sometimes
(02:56:28 PM) Rob Lemos: I’ve written several articles on the value of 0-day vulnerability information. It would be interesting to hear what you pay…
(02:57:19 PM) DCT: An average price of 0-day IE flaw is 10k in case of good exploitation results
(02:57:50 PM) Rob Lemos: Ah. So you actually pay less than legitimate companies, it sounds like.
(02:58:53 PM) Rob Lemos: So do you have a day job, or does Mpack take up your time?
(03:00:15 PM) DCT: I have a legitimate job, and able to combine it with other projects like MPack
(03:00:49 PM) Rob Lemos: Do you ever plan to do projects like Mpack full time?
(03:01:00 PM) Rob Lemos: A life of crime, as it were….
(03:01:01 PM) Rob Lemos:
(03:01:23 PM) DCT: Man, don’t you think it is stupid? =)
(03:01:40 PM) DCT: It is just a business
(03:02:01 PM) DCT: while it makes income - we will work on it
(03:02:07 PM) Rob Lemos: So I guess it’s never going to be uber-profitable…
(03:02:19 PM) DCT: and while we are interested in it - it will live
(03:03:52 PM) Rob Lemos: I’m just trying to get a comparison to, say, your users that seem to make out pretty well, in terms of income.
(03:04:13 PM) Rob Lemos: Did you see the interview that Rsnake did with a phisher on ha.ckers.org?
(03:04:41 PM) DCT: No, I would like to look it trought
(03:05:15 PM) Rob Lemos: http://ha.ckers.org/blog/20070508/phishing-social-networking-sites/
(03:05:31 PM) DCT: Of course out customers make sometimes huge profits. So the MPack is some kind of brandname-establishment project
(03:05:38 PM) DCT: \\our customers
(03:05:43 PM) Rob Lemos: The phisher claims to be making $3k to $4k a day, working 3 to 4 days a week.
(03:06:22 PM) Rob Lemos: That’s $600k to $800k a year.
(03:06:33 PM) Rob Lemos: Of course, that’s what he says.
(03:07:18 PM) Rob Lemos: Establishing a brand name? Does that mean you are looking at doing something different/more in the future?
(03:08:21 PM) DCT: We have some other projects running, and more are to be realized
(03:08:38 PM) DCT: may a give some notes about that interview with a phisher?
(03:09:46 PM) Rob Lemos: Sure. You mean you want to give me some comments on the interview?
(03:10:03 PM) DCT: yep
(03:10:14 PM) Rob Lemos: Sure.
(03:12:11 PM) DCT: >Alot of groups came to me asking if I wanted in, I declined.
It is rare nowadays than a group invites you to join. Also, “hackers groups” nowadays (well, I talking about the ru-speaking underground) are the script-kiddies & teens which want to be famous and can do nothing theirselves
(03:12:24 PM) Rob Lemos: BTW, did you know anyone involved on either side of the Estonia attacks?
(03:12:40 PM) DCT: yep, I know, but a bit later about it
(03:12:44 PM) Rob Lemos: Cool.
(03:12:49 PM) Rob Lemos: Sorry to interrupt…
(03:15:54 PM) DCT: >What types of sites make the best phishing sites?
>Social networking sites, Any site that involves teenagers ranging from 14 years old upwards.

I can’t imagine for that could be used phished info from such sites
(03:19:29 PM) DCT: >depending what is inside their email inbox determines how much more profit I make. If an email account has one of the following paypal/egold/rapidshare/ebay accounts even the email account itself, I sell those to scammers

he tells what he have so many accounts what he can’t even look them through but among that checks the contents of mailbox
I tried some days checking mailboxes, it is so boring and hard
And the accouts from mailboxes wont be 3-4k per day)
(03:20:10 PM) DCT: an average price for ebay\paypal acc is 20-40$ for each
(03:20:55 PM) DCT: e-gold can be used of course sometimes, but good balance is not so often
(03:21:07 PM) Rob Lemos: And they are getting busted…
(03:21:13 PM) DCT: Well, that is an IMHO anyway =)
(03:21:24 PM) DCT: who? o_O
(03:21:55 PM) Rob Lemos: E-Gold: http://www.securityfocus.com/news/11462
(03:22:18 PM) Rob Lemos: They’ve been raided by the FBI and IRS for money laundering.
(03:22:52 PM) DCT: money landering? You mean the were drops?
(03:22:59 PM) DCT: \\they were
(03:24:03 PM) Rob Lemos: No. It means that E-gold’s owners allegedly knew that they were receiving the profits from crime and allowed that money to be transferred elsewhere.
(03:25:48 PM) DCT: I suppose they knew it all the time and then the officials came from the window they suddenly “realised” that and make some actions in order to prevent the illegal transfers
(03:26:45 PM) Rob Lemos: Yeah. They make profit no matter what the money transfer is for, so it (Editor: allegedly) pays for E-Gold to look the other way.
(03:26:57 PM) Rob Lemos: Until the FBI came knocking.
(03:27:03 PM) DCT: yep
(03:27:42 PM) Rob Lemos: Are you worried about law enforcement catching up with you?
(03:28:33 PM) DCT: Yes, a bit. And with all these stories about MPack over the internet we will have to shut the project down in some time
(03:29:21 PM) Rob Lemos: Do you feel sorry for people whose computer’s get compromised via Mpack?
(03:30:24 PM) DCT: Well, I feel myself as a factory producing military ammo =)
(03:31:03 PM) Rob Lemos: Nice analogy.
(03:35:22 PM) DCT: So, you wanted smthng about Estonian attacks
(03:35:31 PM) Rob Lemos: yes.
(03:36:52 PM) Rob Lemos: what was your impression of the attacks? nationalist pride among botnet operators?
(03:41:16 PM) DCT: Some botnet operators was too stupid to got impressed by those activities with the monument and the result was a local ru-est cyberwar. We hacked and ddosed their gov sites, and they hacked the coordination site (webdozor) and some others. Also there was a global icq uin unreg on 8-11th of may as I remember, and I suppose it may lead to “estonian patriots”. I think that politics and underground should never be mixed together - they play their game, we - ours. We make money, and they too
(03:45:53 PM) DCT: .
(03:48:44 PM) Rob Lemos: Sorry, i’m just taking a call.
(03:48:54 PM) DCT: np
(04:07:41 PM) Rob Lemos: Off now. What’s a “global ICQ uin unreg”?
(04:09:41 PM) DCT: ICQ accounts (uin numbers) were randomly deleted and their users were unable to connect their icq clients receiving an “uin deleted” error message. All returned to normal after some days, some says mirabilis restored the icq base from the backups
(04:10:46 PM) Rob Lemos: Ah, so sort of a DoS on ICQ…
(04:10:55 PM) DCT: not really
(04:11:14 PM) Rob Lemos: someone had access to the ICQ database then?
(04:11:26 PM) DCT: Most likely an exploitation of a flaw in new icq client
(04:11:34 PM) DCT: there is a new feature there
(04:11:41 PM) DCT: “report spam user”
(04:12:08 PM) Rob Lemos: Is ICQ the most popular IM protocol in Russia? Seems like a lot of people use it…
(04:12:29 PM) DCT: And uins may be deleted due to some tool emulation abuses on spam from some uins
Yes, ICQ is the most popular one
(04:13:15 PM) Rob Lemos: So did the Estonia-Russia attack amount to much, in your mind?
(04:13:45 PM) Rob Lemos: Estonia’s government brought the issue to a NATO conference.
(04:18:56 PM) DCT: well, you know, estonian peoples from the ancient times were suffering from slavian who came to their territory and do all the bad thing they could imagine. All this was gathering and put throught the times, and nowadays is one of the moments than Estonia can show all its hate to russian people. I have friends there and they told what skinheads can just kill anybody singing russian gymn =)
And the NATO conference is one more thing est government do to kick the russian government’s ass
(04:20:30 PM) Rob Lemos: so is there bad blood between operators/hackers on the Net as well, or do they not care so much?
(04:21:29 PM) DCT: what do you mean with “bad blood” ? (sorry, my english is not so good)
(04:22:00 PM) Rob Lemos: they don’t like each other.
(04:23:31 PM) DCT: No, doing business over the internet wipes out all the nationalities, etc. We just work together, no matter who you are. The main is your abilities
(04:24:04 PM) Rob Lemos: So, the tension between Estonia and Russia has essentially gone away online?
(04:25:54 PM) DCT: I suppose it was like flashmob - one posted a msg asking for help with hacking\ddosing, and the others answered. Now it is almost ended as I know
(04:27:30 PM) Rob Lemos: Cool. Last question for today… Can you describe yourself as much as you feel comfortable? Age, college degree or not, etc.? I’m likely going to do a story on Mpack for next week and such details are nice.
(04:30:15 PM) DCT: I would prefer to keep it in secret in order to make official’s job identifing me much harder
(04:31:21 PM) DCT: Would you give me to look at a draft to tell you my opinion? =)
(04:33:46 PM) Rob Lemos: Sorry. It’s a rule among journos that we don’t let others look, but I’m really careful. If I have any questions, I might send some quotes/paragraphs to you. I can also send the link to you as soon as it gets posted.
(04:34:58 PM) Rob Lemos: But I once broke the rule for a nervous source, and regretted it. I instantly gained another editor, and a bad one at that.
(04:35:59 PM) DCT: Now I see why there is so many false and stupid things in the newspapers =) Ok, as you want, I won’t push you)
(04:37:18 PM) DCT: Remember, you editor wants to see me as a bad russian mafia’s criminal who wants to take over the world =)))
(04:37:27 PM) DCT: \\your editor
(04:37:41 PM) Rob Lemos: Nah, my editor lets me do what I want.
(04:38:31 PM) Rob Lemos: I’m going to read over the interviews over the weekend and figure out where I will go with the article.
(04:39:00 PM) Rob Lemos: I almost want to do a Q&A, but I don’t know if there is enough for that.
(04:39:21 PM) Rob Lemos: If I do a Q&A, I will send it to you first.
(04:40:01 PM) Rob Lemos: But if I do it as an article, then I won’t.
(04:40:10 PM) DCT: Ok, will you put the picture I sent you?)
(04:41:07 PM) Rob Lemos: Hehe. SecurityFocus doesn’t use a lot of pictures, but I’ll think about it. By the way, I noticed at least one of the bills wasn’t a $100 but a $10 (the one on the center of the monitor).
(04:41:48 PM) DCT: =)
(04:42:29 PM) DCT: So, it was nice to talk with you
(04:42:57 PM) Rob Lemos: Thanks. You too.
(04:43:09 PM) Rob Lemos: If you ever see me on and want to ping me, feel free.