Big Retail Cyber Attack: Amazon’s AI Offensive & the Google AI Opt‑Out Illusion
Welcome to another episode
of Cloud Unplugged.
Got some new news for this week.
It's all about retail hacks.
The retail in the UK, Co-op,
Marks and Spencers, and kind of Harrods,
but Harrods managed to do a good job.
Basically, that was the drama this week,
almost pretty much to the
point of being closed down.
Cloud growth, numbers obviously soaring,
which I'll kind of come on
to how much it's grown by.
And a curveball of just
something at the end,
a little bit of news that's random,
a little surprise one that
I'll do at the very end.
And Lewis,
what are you going to be talking
about today in the news?
So...
Amazon seemed to bubble up
to the top of the things
which seemed to be vying for attention.
Amazon AI.
So there's certainly a whole
bunch of announcements around AI,
their own models, their own services,
and what those services are based on,
their own APIs.
And also there's an
announcement from Amazon,
not related to AI, about SaaS,
SaaSing Amazon and their marketplace.
Cool.
That's good.
Did you have a good bank
holiday before we get into the news?
I did, yeah.
I met up with friends.
We prepared for a barbecue
and went to Marks and Spencer's.
Couldn't get beans.
Wow.
And our friends couldn't pay on cards.
Well, they couldn't pay on cards.
It was working with the card
by the time we got there.
But yeah, anyway, we'll come to that.
So that was fun.
And also I carried on my
little experiment with Vibe
programming with my son or for my son,
but definitely not writing
a single line of code.
This is you programming another child AI.
You decided as a son.
Is that?
I don't know what's going on.
That's what you're telling me there.
Did he get into it more this
time around or is it still
you doing all the vibe coding?
He's very much into the application.
And there's definitely some
stuff I'd read on the right
way to do sort of vibe
programming and use one big
model to come up to take a
feature description where
you just write a sentence,
I'd like my app to do this kind of thing.
And you get it to generate a
markdown document
describing exactly how it worked,
given its access to the
code base and it working
out how it would work.
And then you can iterate in place and say,
nearly,
but actually this page is meant to
do that and blah, blah, blah.
A couple of iterations and then you say,
okay, now do it.
And it did.
It just kind of worked.
I mean, it's a phenomenally simple app,
but it's got some back end.
It's got a front end.
It's in memory.
It's VoteViz.
Find it on GitHub.
Have a little look.
Yeah.
It's running on Firebase.
It was fun.
That's good.
Very cool.
So, yeah,
so you tried to go to Marks & Spencers,
but you couldn't pay
because they'd basically been... I mean,
their hack was pretty impressive,
to be fair.
They went all in on that one, Dragonforce.
was who did that one.
And then Scattered Spider
was the one that was the
group that did the co-op.
But I don't think anyone
knows who it was for
Harrods because they
managed to lock it down quickly.
I heard slightly differently,
but that might be just like,
I don't know.
You heard differently?
Yeah.
I heard that Dragonforce
were the providers of the
ransomware software.
Yeah, correct.
And then the networking one
was a different team.
yeah and it thinks the
spider the spider guys
scattered spider scattered
spider I think they may
have been the actual group
that perpetrated um the
attack for marks and
spencer's anyway um so they
used or had to pay um the
ransomware guys the dragon
force um people for their
Ransomware SaaS?
I don't know how I word it.
There's affiliations and a
mature marketplace of crime here.
Well, if we get into it, I guess,
so for the current one, and
I'm hoping my information is correct.
It's been on the news and
the story kept changing.
So I can't really work out
now what's truth and what's PR.
They could obviously try to
do a spin to protect their brand.
Actually would, I suppose.
But from what I understood,
there was a logging server.
Colt was migrating to Azure
as part of an Azure migration.
There was a central logging
service that was public to the internet.
It was that that managed to be exploited,
which then gave them all of the logs of,
I think,
nothing to do with sensitive
customer data,
but gave them internal information logs,
I think,
of themes and usernames and
passwords logging into things and stuff.
And I think at that point
then they started to then
send direct messages using
some specific tool, Team Fisher.
I think it is something like Python app,
Microsoft Teams,
and then started to
basically send messages that way.
And then ended up kind of getting in.
And from that point on,
I managed to kind of
exploit beyond that from
getting access to people's
usernames and passwords to
log into systems to then
obviously infiltrate further.
Marks and Spencer was kind of the same,
but it was just pure Team Fisher.
So they used social
engineering on Team Fisher
app to pretend to be
different people and then
managed to then deliver payloads
So hang on,
Marks and Spencers was the same as Co-op.
They both had logging
service breaches first?
Or different ways in?
Co-op was first the log
server to get the data
about the people that work
there and then do a more targeted attack.
Marks and Spencers was just
using that Team Fisher
python app that then kind of
pretends to be people
different people we get it
at work sometimes people
get emails from me even
though the email address
would be like bibbidi bob
one two three at gmail.com
whatever right but it'd be
like I don't know I'd be
like hey Lewis I've tried
to call you really
important can you give me a
call back on this number I
did that though I always respond
Do you always ring?
Yeah.
But do you not think when
you heard my voice, what was the accent?
It was...
It was, hello, my name is John Nathan.
So basically like me.
But I thought, that's got to be you.
Pretty similar to me, yeah.
I haven't responded to any of those.
But that's quite a surprise.
We've had them.
Yeah, we get them quite a lot.
I get messages from people saying,
I'm guessing this wasn't you.
Just because people aren't sure, obviously,
you know, I think it's so brief.
That, you know,
I could be stuck in a well
somewhere and desperately
need to speak to somebody.
I don't know.
Um, but yeah, so I think,
I think obviously we're
doing like phishing attacks
and then I think there were
then basically using, um,
SharePoint files,
like payload delivery to
the SharePoint files to
deploy some like malware.
Uh, some like, I think it's JSS,
JSS loader that then
basically obviously then
loads up malware.
as well,
and then managed to compromise the
credentials and get onto
the VPN using MFA fatigue
attacks and SIM swapping
and things like that.
And then once they got onto the VPN,
then they could actually
start to hop around the VPN
because there wasn't really
much protection.
Once you're on the VPN,
it was pretty broad.
You could roam around everywhere.
Pretty sophisticated and a full on breach.
It was.
Full on internal access to their systems.
And then they got the Active
Directory database.
Yeah,
they got the Active Directory
database exfiltrated,
so then they got all of that.
Then they cracked those passwords through,
like, obviously,
a password hash cracker called, like,
SoftPerfect or whatever.
And then once they'd done
that and they got access to passwords,
they then got into the VMware estate,
which is basically the
big... I think they're back
in where most of their back
end is because, obviously,
they've got some stuff in...
the cloud and obviously a
load of probably critical
back end services.
I imagine logistic services
all on VMware and probably
Oracle or whatever.
Who knows?
And then the encrypted,
basically the VMs with a key,
basically locking everyone out.
Yeah.
And that's when you're in the ransomware.
So then you're like, look,
if you want these decrypted,
you want to restore a service,
you need to pay seven million pounds,
please.
Do you reckon they paid?
Or spent.
Seventeen million pounds.
On their own staff.
They lost.
Three hundred and sixty.
Million pounds.
Being down.
So I guess.
Seventeen.
In the grand schemes.
Of three hundred and sixty.
In the period.
That they were down.
I mean.
You know.
In the end.
Like.
I mean.
Maybe.
If you're.
If you're.
You've got to fix it, right?
You don't want to pay the €.
and then, like, the next week it goes,
well, you didn't fix it,
so we'll do it again.
That's basically what the CTO did.
He rang everybody,
and it was a really moving message,
and he went, we've got to fix it.
And everyone's like, oh, my God,
you're right.
LAUGHTER
why didn't we think of that?
Yeah.
We were just paying up.
We just had the credit card and we were,
we were just wiring.
Yeah.
So called John Shanks.
We got this email saying to call him.
At BibbidiBob.
Yeah, BibbidiBob, yeah.
Yeah, so I think it was quite that.
Marks and Spencer sounded
quite sophisticated.
I think, though, obviously internally,
the Active Directory to extract that data,
the VPN,
and there's obviously layers of
weaknesses inside of it to
be able to exploit further.
So it was like, you know, I guess this is,
This is kind of the thing,
the same with the co-op.
It's like there was an entry
point that made them see the co-op,
right?
Because they're scanning all the time,
everything.
And then this pinged it back.
The first bit, well, actually,
it's a multi-pronged thing.
There's many layers, aren't there?
There was a misconfiguration,
so a bit of human error.
to allow these logs to be
private in one case.
It was a human error.
Well, wait, wait, wait.
The human error though,
misconfiguration allowed
for the automation of the
whole scanning of the
internet that goes on, you know,
because you have tools
running all the time across
all the Amazon IPs and all
of the Azure IPs, et cetera.
it obviously pinged to say, hey,
there's a thing over here.
And then the tool then
obviously went in and did the thing.
And then obviously they then
worked out who it was at that point.
Once you've worked out who it was,
that's the radar, isn't it?
It's almost like the Batman symbol,
I guess, really.
In that sense,
I think that could have been
more avoidable because had
they put the policies in the cloud first,
and work backwards from
making exemptions for
certain things where you need it.
Instead,
you've probably done no real policies,
put the thing in, and not even known.
Obviously, for speak,
it's a migration rather than caution.
So, I mean,
the rule of thumb is make sure
you just put the policies in place.
There's plenty out there, CIS,
benchmark policy.
Literally, you could put the CIS ones,
NIST, whatever.
You could have put them all in,
and then it wouldn't have
been public to the internet
because that would have
been blocked by default.
So I think that one was a
bit more avoidable, to be fair.
Obviously accidental, it's human error,
like you're saying,
but that's the point of
policies is people do make mistakes,
hence why you have the policies, really.
Yeah.
Well, yeah, security is hard.
It's harder to make things
absolutely secure because
it causes friction for people.
But people fundamentally
have to put the security in
and develop with security on.
Otherwise, they're going to be vulnerable.
Yeah, exactly.
And then you don't have a business.
You don't have a business.
You're three hundred sixty million down.
But yeah,
so I think actually co-op is
still down from what I read.
I think you still bits of it
are still down.
They have to pay
You can't pay on your card.
I think in some stores you
still have to pay via cash, I think.
Any massive insight or
nugget to summarize?
Do you think cybersecurity
breaches are on an increase?
Do you think, dare I say it,
AI has been used
potentially to help people
use or broker or discover?
No, I think this was like, I mean,
who knows?
I think the apps, I mean,
one of them is just a
Python app called Team Fisher.
And it's a way of pretending
on Microsoft Teams to be somebody else.
And, you know, same as email, you know,
like I was explaining before,
if you call a number.
So you don't think there's
any increase in the use of these tools?
Not really.
I mean,
these have been around for like
things that auto scan and
detect for certain things.
Mostly for a lot of the
times it's Bitcoin mining
more than it is anything else, right?
Like people use your compute
to Bitcoin mine.
That's normally the default
that goes on all the time.
But I don't think it's any more or worse.
Not that I'm aware of anyway.
No, sure.
One other thing,
just sort of on the general
hacking theme.
You haven't heard anything
about the electricity supply in Iberia?
No little nuggets or updates?
I do believe from somebody in the know,
that it was a cyber attack.
But that's just, again, conjecture.
It wasn't you.
It was somebody that
has closer relations with cyber.
But I don't know.
I mean,
it felt very much like a cyber
attack to me,
the way that it managed to all go down.
It felt very coordinated.
From an engineering perspective,
it didn't seem like you
could fluke across one sort
of type of power or even
one manufacturer of power
things in one particular...
Yeah, it seemed like that was more likely.
But yes, interesting.
I don't know.
I mean, again,
that's an off-record thing
that someone mentioned.
Who knows?
But yeah, it did seem more that way.
And obviously, this truly is cyber.
There's no disguising that
because they've come out and said so.
I think the co-op kind of
tried to cover it up a bit
because that happened in February.
Bits of this happened in February, yeah.
And then I think there was
people saying they didn't anyway.
And then it turns out they
obviously didn't.
So that's it.
So that's my news for that.
Wow.
Amazon then.
So you say there are some
new AI services taking over the world.
Yeah.
And what are they like?
Well, it's interesting.
The cloud providers
obviously having access at
cost to a lot of compute.
and being aligned with the
AI foundational model
providers to provide hosting services.
In the case of Microsoft,
that's very closely aligned.
There's an affiliation and a
share ownership
sort of thing going on there
in case of google they
obviously are creating
foundational models it's
part of their core business
and they've been hosting it
as such for a long time um
and amazon don't really
have a play I think they've
got a lot of shares in
anthropic but they haven't really got
a bit of anthropic in their
estate knowingly don't know
that it's a little less
woolly but they're now very
publicly um come out um
with a whole raft of uh ai
announcements um so I'll
start first with um their
models they've got their
own models it's a nova series of models
So they are creating
foundational models that
are trained and have
varying levels of
capability depending on how
much compute you run and
how much you therefore pay for.
So they've got their premier
Nova model and a whole raft
of other models that are
related to gen and image
generation and LLMs, etc.
Very specific models,
very specific use case to
what you're saying.
Yeah, their own internal model.
Not quite.
So they've got a foundational model.
Their premier Nova model is
a foundational model.
So it is a general LLM.
But yeah, their own training,
their own model, they're owning it.
Then they've got Amazon Bedrock,
which is their AI model API.
which allows access to all the Nova models,
but also Claude three point
five and others.
You can tell I haven't
actually played with the AI.
This particular API is like the news.
Yeah.
And it's interesting.
It's not the latest Claude.
And I don't know.
It's interesting to know if
Anthropic are hosted on Amazon or not.
And if there's any reciprocal benefits.
you know, arrangement.
But the main thing is Amazon
Bedrock is a way to get at
AI models using an API.
So your workloads can then use AI.
But then there's some
service announcements as well.
Amazon Q. Yeah, it's been a while though,
Q.
Yeah, well,
I guess it's been percolating
and using later models,
and they've gone a lot further.
So they've got two arms of Q,
two arms of Q, is that even a thing?
Two flavors of their Q product service.
Two Q-shaped arms,
which is really ineffective
when you're trying to, yeah.
And then another one over here.
Yeah, really hard to do stuff.
yeah one of them's uh amazon
q business which is not to
do with um working with
business flows and
logistics and all sorts of
niche areas that you might
want to build out agentic
flows etc and the other
part is amazon q developer
which is integrated
at the most fundamental
level as some software that
can be run as a CLI or
integrated into your IDEs.
So there's a Visual Studio
add-in and also add-ins for
various other IDEs, Eclipse, et cetera,
et cetera.
So they're going broad and
they're trying to meet
developers where they are.
And also they released,
I saw from yourself, you know,
MCP suite of server tools,
which may be released to work with, well,
they're MCP servers,
so you can run them anywhere,
whether they're natively
already built into their IDE add-ins,
or you've then got to do that separately.
But, you know, fundamentally the IDE,
ai integration needs to know
about the mcp so and it's
interesting they're working
with the existing ides
rather than windsurf or
cursor who fork the ides
and own the ide space
because they want slightly
tighter integration and
more features so but anyway
amazon's play on whether
you're doing cicd terraform
amazon cloud formation um
right in their tool base um
or using it for general code generation.
Interesting.
Yeah, I did see that.
They've got the AWS MCP
server that you can just run, obviously,
yourself.
But they've got quite a few.
There's like a Terraform
Workflow One diagrams.
It's a very easy thing to release,
to be fair.
The MCP standard is almost a
description of
discovery bits as well
obviously yeah it's a
description it's the
discovery bit pretty much
you write down some english
I am a thing that knows how
to run ls and I will be an
ls mcp server and then you
the actual thing can be of
a different type of
executor so you can have a json um
api interface or you can
literally have a cli with
arguments so you could make
your own mcp by typing ls
and some words and plugging
it in as an mcp server yay
so you know it's gonna it's
pretty thin regardless of
the level of uh yeah yeah I
mean it is yeah the mcp
server is obviously it's a thin
It's a thin thing.
But I think as it gets more
enriched and offers more capability,
then I think it's kind of
interesting to see whether
when you're building on top of that,
like another agent,
agent-to-agent type things,
you start to connect,
you move into their MCP,
so you're connecting with
your agent to then speed things up.
So it is going to be quite
an interesting thing,
but it's still quite early.
It is early, yeah.
And the marketplace,
what was the news for the marketplace?
You said...
They've got more sassies,
haven't you said?
On the first of May,
they're basically making a
change to the AWS
marketplace to allow for
SaaS products to be listed online.
irrespective of where they're hosted.
So the AWS marketplace used
to be for AWS customer or
internal offerings on the
AWS cloud platform.
And now they've changed that.
They said, oh, no,
we can make it a general
software marketplace.
And then we can give a
little differentiator badge for
Two people who are hosted on
AWS as like a little free uplift.
Oh, you're on AWS.
We like you.
We might even list you first.
Who knows?
I don't know what the play is here.
It's an interesting announcement.
Isn't that more like a disty though?
Are they like becoming more
of a distributor for licensing?
So essentially you end up using...
the Amazon marketplace to buy any software,
essentially.
So you might want Jira or it
could be anything, right?
And actually you can use
your cloud credits, I guess,
to offset the cost.
If you've got a commitment to spend, say,
like, oh, we're committed for five mil,
whatever,
then actually... So it's a
marketplace store,
very much like the Apple store,
on all things that run in
the Apple industry.
They do do marketplaces well, though,
Amazon.
That is, they are good at the old...
It's an interesting thing
what the driver is and it's
whether their marketplace
is easy to navigate, easy to... I mean,
I remember trying to release,
go through the process in a previous era,
trying to release software to that.
And it was very painful and
it involved humans and CSV
files and all sorts of craziness.
I remember all of that.
That's when you are...
Yeah,
it's when you're trying to do
something inside of a customer's estate.
But when you're using it,
when you're a client of,
it might be very good.
Or for a SaaS,
if it just literally is buying...
you know,
licensed software of a thing as a
distributor, say, you know, HashiCorp,
right?
You want to buy X number of
licenses for that and you're using this,
you know, HashiCloud or whatever.
There's a benefit on both sides.
There's a benefit for them
to take a cut and also for
the punter to be able to
discover and use more
against one credit pool.
Yeah, I think it's very smart.
I think it's really,
really smart because...
A lot of people are going to
the marketplace,
even just the cloud security marketplace.
Sorry,
the cloud security market is massive
and you obviously are in
the cloud and it starts with the cloud.
So therefore then offering
all of the things that are
going to layer in.
So you're not being ultra
competitive where you're
then having to have all
those services yourself as the cloud.
Actually,
there's a margin I could just take.
you know, off these other services.
Like,
why are we just not taking a margin
of all these products that
other people are buying anyway?
Like, whiz.
Very sassy.
It is very sassy.
I think it's very, yeah, hats off.
I think it does make a lot
of sense for them.
Obviously, you know, hyper,
hyper growth and, you know,
ultra mega growth
like behemoth.
It's interesting, you know,
their background is obviously storefront,
you know,
with Amazon as the brand and
where they came from on the
consumer facing side.
And then they evolved into the AWS stuff.
And similar things have happened in China,
you know,
Alipay and what's the other one?
My mind's gone blank.
But there's very similar
storefront experiences that
then became cloud companies, obviously,
and the same story.
So they already had a store.
So it's like,
at which point are these full circle?
Yeah.
Or do other clouds follow suit?
I don't know.
Well, there is.
I mean, they do.
They all have their marketplaces.
I think, you know, if you're...
if you're losing revenue you
know competitive say
something like wiz and
wizzy in the market say for
cloud security as a cloud
security products offering
and you've kind of got
semi-competitive tools
there but you know people
are aligning it's more to
wiz because it's more
enriched or whatever
whatever the reason is but
then yeah why not take a
percentage of something
that people are buying
anyway and just make it
easier to buy it you know so yeah um
I have two extra bits,
one secret bit and one normal bit,
the cloud growth stuff.
Nothing really that interesting,
so I'm not going to talk
about it too much,
other than the fact that
this is going to really shock you.
It's growing.
Try.
No.
The cloud is growing, yeah.
The cloud?
No, no, we're talking about clouds.
The cloud spend,
more people are using the cloud.
Yeah,
all of the... Drinking water from the
clouds or...
We're talking about computing,
cloud computing.
Yeah,
nine hundred and twenty three
billions by the end of
twenty twenty seven.
That's dollars, though, obviously.
That's a cost of all clouds in the US.
Just all the cloud, global cloud market.
Yeah.
And that's a fifteen percent
growth essentially from
twenty twenty one.
Wow.
Something like eighty
percent of enterprises in
basically know they're going
to be spending more in the
cloud that's what they've
all said and I did read
another stat I think like
nearly ninety percent of
businesses are in the cloud
or something insane it's
like some quite high stat
of how many organizations
seem to already have some
footprint in the cloud um
to some degree so
Yeah, that's nothing really like, I mean,
you kind of would expect it.
I think obviously it's going
to diversify with all the
AI space and sasses and all
the other things that
you're going to get.
So probably just grow in that sense.
But it doesn't, it's not just,
it's not public cloud only.
It's cloud in general.
It's a cloud market,
which is obviously massive.
I was hearing Microsoft had
their earnings announcement
and they were citing all the cloud.
Were they going bust?
Yeah, there's no cloud demand.
There is no cloud.
I don't know where they're
heading this from.
Yeah,
so there's a big growth from the
perspective of individual
revenue of individual cloud
vendors and also across the markets.
Yeah.
And the secret bit is if you are worried,
which you might be,
about Google DeepMind,
Basically getting all your data,
because obviously, you know, Google,
then producing.
So say you're a publisher,
say you write news articles,
say you're an image thing,
you've got a portfolio of
your images on there,
and you think to yourself, well,
I hope Google doesn't train on my data.
Maybe there's a way to stop it.
Maybe I can kind of opt out and say,
actually, do you know what?
Please don't steal my IP.
Just make your site not searchable.
That's the answer there.
Oh, is that simple?
Yeah, yeah, yeah.
Oh,
is that the button that says don't
search your site?
No robots.txt file.
That's it.
That's it.
You just make one of those files.
You remove it.
Don't have one.
What about if it's already
been ingested and then you
make a no robots?
You're too late, basically.
If it's already been ingested...
then good luck figuring out
if it's already been ingested.
No one knows how to unlearn
things from a model at all
without relearning from scratch.
So that's interesting.
So, yeah.
So basically there is no
real proper way to stop it
other than removing your
site to be indexed completely.
Did Google have some antitrust?
Were there some
announcements with Google's
reach being under...
They had all these preview stuff.
Yeah, there was something like preview.
I think there's some opt out
preview things or something.
Something was going on,
but they were saying that there isn't.
It kind of did some announcement,
but they made it sound like
you could block things from
being searchable by AR
models and all this other stuff.
But actually, it wasn't really.
The search AI still was
searching everything,
and then it was actually
still saying it actually
secretly was ingested anyway.
But they made it sound like
you could actually opt out
of models being trained on your stuff,
and it transpires.
How naive.
You can't.
No, no, you can't.
No, no, you can.
The way to make it secure is
to keep it offline.
A bit like, you know, secure, private,
same thing, unplugged.
There we go.
Cloud Unplugged.
That's the name of our show.
Unplug it all and it's
secure and it's private.
Do you reckon fax machines
are going to come back into fashion?
Paper and stuff like that.
Yeah, we'll be faxing pictures, ideas,
images, because we just don't.
Well,
if there is a massive increase in
cyber attacks and, you know,
someone attacks some
fundamental infrastructure,
not just one store,
maybe we'll have to do that.
It'd be CDs.
So it's going to be the rise
of CDs to protect your
music so you can't train on music,
and the rise of fax machines.
It's basically the nineties.
The nineties racing to get
back to the eighties as
quickly as possible,
and then ending up in the
seventies with absolutely no computers.
Exactly.
And then with the power outages,
it could be like, you know,
eighteen hundreds.
So...
What you need is progress back.
Exactly, that is progress, yeah.
I'm glad we've worked out
the very practical measures
that our listeners can take
to opt out of Google.
Yeah.
But that is it for us on another episode.
Tune in next week.
We'll be obviously again
looking at the news,
seeing what the next hot
topics are and keeping you up to date.
Thanks for listening.
Bye-bye.
Adios.
Creators and Guests
