In this episode of On Location with Sean Martin and Marco Ciappelli, recorded live at the Australian Cyber Conference 2024 in Melbourne, hosts Marco Ciappelli and Sean Martin sit down with Peter Gigengack, cybersecurity director at Western Australia's Office of Digital Government. Together, they examine the personal, ethical, and societal complexities of managing digital legacies—our online identities and assets—after death.
Guest: Peter Gigengack, Director Cyber Security, Capability, Department of Premier and Cabinet of WA
On LinkedIn | https://www.linkedin.com/in/peter-gigengack/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
The digital era has reshaped nearly every aspect of our lives, but it has also introduced new challenges to end-of-life planning. Peter Gigengack shares his insights on this pressing issue, recounting how he navigated the emotional and logistical hurdles of managing a loved one’s digital footprint after their passing.
A Personal Story of Loss and Discovery
Peter's journey into the realm of digital legacies began when his elderly relative, "John," passed away. The family was left not only with John’s physical belongings but also his vast and complicated online presence.
Without access to passwords or guidance from John, the family faced a daunting task. Drawing on his technical expertise, Peter took the lead, discovering firsthand the difficulties that come with managing digital identities without preparation.
Ethical and Legal Considerations
The discussion moves into the ethical and legal complexities of managing digital legacies. Peter admits that while his family’s choices were driven by love and respect, they highlighted a significant gray area between honoring someone’s memory and navigating privacy laws.
These questions are universal: What rights do families have to access a loved one’s digital accounts? How can individuals protect their online presence while providing their families with the tools they need to manage it?
Preparing for the Inevitable
Sean and Marco discuss proactive steps, such as assigning digital heirs, securing access to critical accounts, and incorporating digital assets into estate planning. They also challenge technology providers to offer clearer solutions for managing digital legacies responsibly and ethically.
The conversation emphasizes the need for individuals to take ownership of their digital afterlives while advocating for systemic changes that ease the burden on grieving families.
The Future of Digital Immortality
The episode explores the broader implications of digital immortality. In an age where online personas often outlast their creators, society must grapple with how we remember, honor, and even interact with the deceased.
Marco, Sean, and Peter discuss potential technologies, like AI-driven tools that could simulate conversations with late loved ones, and the ethical dilemmas they may bring. The trio reflects on the balance between preserving memories and respecting boundaries in a rapidly advancing digital world.
Key Takeaways
Peter encourages families to have honest conversations about their digital legacies, ensuring everyone is prepared for life’s uncertainties. Sean underscores the cybersecurity perspective, drawing parallels to how businesses prepare for digital risks.
The episode ends with a call to action: Start planning your digital legacy today, and advocate for policies that simplify the process for future generations.
Conclusion
This episode tackles a timely and often overlooked topic, urging listeners to consider the impact of their digital footprints after death. Whether you're looking for practical guidance or contemplating the philosophical questions of digital immortality, the conversation offers valuable perspectives for navigating this evolving landscape.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Securing Digital Legacies: Ethical Challenges and Insights Based on a True Story | An Australian Cyber Conference 2024 in Melbourne Conversation with Peter Gigengack | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: Audio's good. Excellent.
[00:00:01] Marco Ciappelli: Audio's good.
[00:00:02] Sean Martin: We're all rolling there.
[00:00:05] Marco Ciappelli: Sounds good. Alright, so, Here we go. Here we are. This is, uh, talking about something that it may not be that technical, but it turned out to be technical. I'll make it technical. And you'll make it technical, he'll make it technical, and I'm just Well, I'm just going to say that at this point for me, everything is technical, society, technology, uh, digital, analog, it's a big, uh, it's a big blur.
Absolutely. Right? So we're living with it. We don't understand sometimes, or when I even ask someone. We are living with it and we still draw a line between what is the real world? And for those listening to the podcast, I just did the air quote and in the digital world, which happens to be real as well That's where we live our life.
So
[00:00:58] Peter Gigengack: that's right
[00:00:59] Marco Ciappelli: and that not only our life Now our death.
[00:01:02] Peter Gigengack: Our death, that's right.
[00:01:03] Marco Ciappelli: So that's kind of like what we're going to talk about here today, Sean. It's going to be interesting. I know.
[00:01:08] Sean Martin: So we're here at, uh, Australia, CyberCon, hosted by EISA. And, uh, we're in Melbourne. Lots of great folks. Lots of great topics.
This one caught our attention. And, uh, Peter Gigengak, good to see you. You're speaking here at the conference. A few things, if I'm not mistaken.
[00:01:26] Peter Gigengack: Yeah, I've got a few things that are on. Um, and obviously this one's really great. Quite a dear one to me, talking about digital identities, um, after death.
[00:01:32] Marco Ciappelli: Yeah, so, a little bit about yourself to start with.
[00:01:36] Peter Gigengack: To start, to start off, um, uh, my role, I am a director of cybersecurity in, uh, Western Australia's Office of Digital Government. I look after, um, I guess capability and uplift, um, cybersecurity maturity across WA. And so I guess my role is to drive, I guess, programs at work, initiatives that would help raise cyber security maturity, everything from penetration testing, cybersecurity, when it's training and actually implementation support.
Um, and so I guess my journey as a, I guess we're recovering sysadmin, spend a lot of time on the tools, um, really like for this story that we're working, talking about today. Um, I had to leverage some of those, I guess, uh, tools and kind of processes to apply, um, in a way that I wasn't anticipating.
[00:02:23] Marco Ciappelli: Yeah.
And what, what did trigger you to actually dive deep into this, like thinking hard about this topic
[00:02:30] Peter Gigengack: as about presenting for this topic or
[00:02:33] Marco Ciappelli: kind of like, you know, one day you said, This is going to happen to a lot of people.
[00:02:39] Peter Gigengack: Actually, I wasn't probably thinking about it. Um, and I think this is the key talking point about why I took this opportunity to try and present.
Um, so we have a situation where one of our elderly family relatives passed away. Um, and look, as we know when people pass away, We've got the cleanup of all of their physical assets, and I guess execution of wills, and like, um, there's a lot of pieces that have to occur for the family, and it's already a challenge.
Yeah.
Um, and so as people are kind of, uh, losing their loved ones. All those memories come back and it's quite an emotional piece of time. Um, we were, I guess our family was caught in a situation where we had this elderly relative that was, we'll just call him John for the sake of today. Um, John, look, he was elderly, um, and we had, I guess, concerns around his, um, Online activities before he passed away.
But really, um, his, I guess, I guess, uh, let's just say like his personality just meant he wasn't open to it and so he kind of locked it away a bit. Now, um, he eventually did pass away. Um, and I guess as a family, as we were, I guess, going through the physical stuff, we went through and obviously trying to understand some of that digital piece.
Not to, kind of, dive in like reading someone's journal, but going all, Look, we wanted to obviously understand, look, over the course of his life, he'd taken photos of the family. He's, um, obviously transacted with a bunch of people that were. We believed at the time, or had suspicions around, that he was getting some form of scam.
He was elderly, he was quite vulnerable in his life, and we knew that, we had pretty good suspicions that he was being, I guess, um, uh, scammed in some way. Taking advantage. Taking advantage of. Um, and like, in this situation, we knew that he was in conversation with someone international, saying, hey, I want to come to Australia.
Obviously, um, his generous nature was always going, oh, I want to make sure this person comes here. Um, and we were really trying to, as a family, really to kind of go, well, We knew something was happening and, and like we knew that finances over time hadn't been really there. And so in the absence of it, we kind of all went, let's, I guess, pull apart a little bit of that digital footprint.
Um, and try to unravel that. The key thing that was a challenge was We had nothing to go with. Um, we had no, um, we had computers, we had tablets, and we just didn't have anything to start with. And so it started off with a bit of a journey going, well, I've got a computer, I've got no password.
Um, where do you start?
Um, and so me coming from that, uh, I guess, highly tech IT technology, um, technical experience, I thought, okay, look, if I've got, I've got enough experience, if I need to break into a computer, I know how to use it. What I need to, um, and look, I, I will, I've been in cyber about two and a bit years. I am definitely not a digital forensics expert.
We almost went down that journey where we might've had to do that. Um, fortunately thinking about a, um, an elderly person, they weren't as sophisticated as I would be as a technologist. So like they're like logging onto their computer. Yes, we didn't have passwords, but, um, when we carved it back in, it was Um, the logon was their initials, their password was also their initials.
Had to kind of decomplicate it a bit. Um, and eventually we were able to log in and I guess from there it was really a discovery going well, um, knowing that I guess we believed that they were I guess wrapped up in that scenario, going well, could we understand like, CHAT
[00:06:39] Marco Ciappelli: GPT. Yeah. You had a reason, right?
You had a motive here to do this. But I feel like there is many other situations all around the world that I've never seen. Facing the same thing that you've been facing, and maybe there have been maybe other reasons. Maybe somebody's in control more of the family assets and so from a legal perspective, how does that work?
[00:07:05] Peter Gigengack: Now, look, I will put my hat on. I am not a legal.
[00:07:08] Marco Ciappelli: No, I mean, but I mean, From what you learned by doing that.
[00:07:12] Peter Gigengack: I guess my, as part of the process, like the people that were charged with the execution of the will and had that, were basically the people that were instructing me to work with that. Now they were the family relative.
And it kind of then went, oh, um, I guess you know, nothing's worse than kind of having to troll through someone's journal and understand that. But we had a, I guess a good reason to look at this to go through and go, well, look, let's even just try and get some more memories back from this person, like photos, um, and yeah, like the, like that scenario was very, very real to us that we wanted to do that.
Um, now from a legal piece, um, like I, I, I have to say we probably didn't check a lot of boxes on that. Were we allowed to do that, but I guess as a family, uh, I guess having that transfer of assets to us, we were, I guess, in a way, in charge of, of those.
[00:08:06] Sean Martin: How about from a, like a service provider perspective?
So I'm assuming some of the photos may have been in a cloud backup service or something like that. Were the providers
[00:08:18] Peter Gigengack: working with you, or? Well, we didn't go down that avenue. Um, fortunately, once we were logged into his machine, we were able to at least go through and go, Okay, let's look locally. What have we got?
Not a lot. Um, let's, uh, go through and look at, like, the, I guess the worst part was going, Well, let's go understand what the browsing history and, like, the web based emails and web based clouds. Social media, et cetera, but again, some of those, we still didn't have credentials. We didn't know what they actually had.
Um, and because I suppose that nature where they weren't as transparent with the family, we knew that they had multiple Facebook identities or similar. And so trying to map that out was, Coming with nothing to start off with. We had to kind of just step through logically. Like, oh, what have we got? Let's map it out.
And I guess part of that was having to go through, like, email trails of, like, to try and discover, okay, do we have things that, to try and identify the account, and I guess piece that digital footprint together. And that was probably, because that was obviously intermixed with some of those conversations with that person, we believe that was, I guess, taking advantage of them.
So, yeah. It became quite confronting.
[00:09:27] Marco Ciappelli: Right, right. So I know, and then I'm curious to know that maybe what happened, right? But before we get there, I'm thinking like nowadays, there is um, you go on Facebook or other social media, you can actually attribute the like a legacy account to someone else. You could, yes.
Right? So I guess that's
[00:09:51] Sean Martin: Before one becomes a legacy.
[00:09:52] Marco Ciappelli: Before one becomes a legacy. It's kind of like you're writing your own will, in a way. And say, well, I'm going to leave. My, uh, my social media life in the hands of someone else.
[00:10:03] Peter Gigengack: And I think the technology, um, companies are actually kind of getting into tune of this around that.
Effectively, it's a life cycle of their, those identities and going enabling, or do we just close it off? Or, in the case, do we memorialize someone's profile so then people can leave memories or kind of revisit them? Right, you have options. Yeah, so there's a bunch of options there. I think now that a lot more, you know, there probably when, when they first started and as I suppose people who are kind of getting better, bettering their lives in it, they're now starting to unlock a bit of that.
And I guess, um, we've got regulations like GDPR, which are really focused on that citizen privacy. Um, and obviously now that's kind of enabled people's ability to delete themselves offline from platforms as well. So Lisa is now the, Technology players are all kind of catching up to that. Um, but I guess the piece that was missing also was going, well this person hadn't left any clear instructions as well.
Like, what would you want us to do? Um, same thing if you're at a funeral and you wanted them to read out a special piece that would inspire the family or similar. Right. There was no instructions and so, I guess, for us it was left to, I guess, to discover first what we had. And then go, well, what actions do we want to take after that as a family and step through that.
[00:11:19] Marco Ciappelli: Right. So, Sean, do you have anything? Because I'm going philosophical here. I'm just thinking, I mean,
[00:11:26] Sean Martin: I'm all, yeah, which I want you to do as well. But I'm, I'm just thinking, not directly related to your, your experience and your story, but when I think about identities, I think about business.
Yeah,
[00:11:39] Sean Martin: you do.
That's where I spend a lot of time. And there's an IT person who helps manage the identity across a number of things for each person. The organization, yeah. And the devices, and And so on and so forth. We don't, we take that on ourselves in our personal lives, and it's enough to just keep track of it ourselves, let alone how we want things to, I mean, IT departments have onboarding usage.
Should hopefully have offboarding. And offboarding. Exactly. That's right. So all the stuff in between, this role, that role, these rights, those rights, a lot of that doesn't happen for us. We have to do that for ourselves. It's our own responsibility, yeah. And kind of to Marco's point, you might find some services that offer capabilities to memorialize or what have you.
Many don't. Um, I personally lock everything down as best I can. Not because I'm private to my family necessarily, but I'm private to the rest of the world. Um, but I'd want my family, I have nothing to hide, so I'd want my family to have access to the photos and the accounts, bank accounts and things like that, which I've put in the wills, or the will, but um,
there's no real easy way to technically, digitally handle that.
[00:13:05] Peter Gigengack: And look at our guesses. We are in that odds where we're trying to manage risk. We're trying to, obviously, a lot of the time we're operating on behalf of, as you say, the organization. Trying to protect from adversaries. Our family, hopefully they're not an adversary.
There are certain circumstances where obviously that, um, people get into those unfortunate circumstances. But in general, hopefully you've got a good relationship with your family that you're not seen as they're not seen as adversarial. And they could be empowered to, I guess, take those next steps after you pass away.
So it is a real kind of, you know, my own after going through this experience, trying to go, Oh, how do I, how do I balance that? Because I'm like, well, I'll be just trying to crank up all the security. And I'm like, well, my, my, my, my. Family are far less technically capable to, to go through that process. Um, and look, the, the irony is that as an all, uh, within our professional lives, we will be looking at things like a disaster recovery plan or a business continuity plan.
And we're very deliberate and we kind of get right over the coals saying, Oh, we don't have one. We've got to have all emergency access to these credentials. If we have an incident and I think, um, hopefully like this presentation I'm trying to go through with, uh, Aza is really trying to help explore people practical steps.
They can then go, well, how about you make sure you think about it in that way. Now, the unfortunate part, if you pass away, there's no disaster recovery plan for that, but like in the end, if you can leave at least the pieces that would help your family not also have to kind of struggle through going, oh, I'm.
I'd have to go through a whole lengthy process of mapping accounts, resetting passwords and kind of unpicking that, um, as well, uh, in a way, like, it did feel a little bit like kind of going through someone's diary or something like in a physical sense. And so, like, as you're going through those. Uh, conversations or emails in there to try and discover what was there.
Well, you go, well, like, I'm, am I, I'm being exposed to things I, I, kind of counter to wanting, what I wanted to achieve. Obviously, I want to remember my family member as that loving person. The person that we have great memories about. And we don't want any of that kind of process to kind of be tarnished by, well, I've had to dig through this to understand behaviours and activities that we've had.
Thought were, um, being exploited and at the end of the, the day, like we did map out, I guess some of the conversations, um, and like, I won't go into those details, but like, look, we did try to identify, well, were there persistent paying, um, or sending money. And, um, like look, it was really difficult to even, like, understand that.
Maybe they did some of this offline, I don't know. But like, in this sense, it was really just kind of that, uh, I guess, process that we didn't want to, or didn't need, while we're trying to grieve as a family. Right. And so, hopefully, Presentation and his theme and raising awareness really just kind of gets a conversation going well What could I do now?
Look each even as I was kind of doing research and yes trying to prepare myself as best I could for this speech not just from my own personal journey, but going well, let's look at some of the other aspects Um, and so like some of that research, I think there's a law society in Australia and they said only about 7 percent of people are actually factoring this into their wills.
Um,
now the other part now within Australia, we've got multiple section territories, each their own jurisdiction. Um, they've actually got different processes for wills as well. And so. Like, even, um, advice I could give you to one person may not be consistent with another. And so, really, it's about kind of doing a bit of due diligence around going, well, let's go speak to a lawyer that can actually go through and go, well, let's make sure we capture these.
So, when we get to that spot, well, your family's not stuck. They can go through and go, well, look, if I need to get to the accounts, here is how you do it. Um, and, look, I've seen really good examples, not from, This group of other family members or family friends that have gone through that same journey. And the process for them was so much more, um, I guess seamless.
And they just went, here's the accounts, here's our accounts. This is how I'd reset. I'd log in, like I've got my phone number. If you need to do a pass and reset with multi factor authentication, MFA to get in, and it was really logically laid, and from the having to not have to go through that process, really for them, made it a bit more of a simple process to go while they're navigating that.
And so, like, having both sides understanding where it's been a bit rough, versus going, look, here's one that's actually done it really well, and, um, they were set up for success for the family, and they could navigate that a bit more seamlessly. Quite an interesting kind of comparison.
[00:17:52] Marco Ciappelli: I think, I think this is the same.
It's a conversation started, but also for me that I'm normally just starting to think from an ethical, philosophical perspective, like, you know, our life keep going in the digital world, as I said at the beginning, but then, you know, if we were not in this digital era, somebody passed, of course, like many other time, and you really don't, you really don't know where these guys was handling CHAT GPT.
CHAT GPT. CHAT GPT. And then maybe you hire an investigator and you go to look in the bank, whatever it is. But now, our life is so, you know, memorized. It's in the digital, almost like forever, as we know, right? I mean, the database is there, you can delete your account, but it's probably still in the backup somewhere.
[00:18:57] Peter Gigengack: And look, like most, if you were to pass away today, it's Your accounts would keep perpetually running until someone was notified, right? Yeah,
[00:19:05] Marco Ciappelli: and I think from a societal perspective, where I'm going, and I'd love to know from you what would have you learned from a human level, like, perspective, it's kind of like, So, do we let the deceased respect the decision that they had?
Either they left the wheel or didn't left the wheel. Uh, do they want to have a digitalized version of themselves transferring an AI? I know I'm going way over what you did. But, I mean, this is the question that we need to start asking ourselves as a, as a society. Where we could potentially live forever.
For That's right. Not a highlander, but
[00:19:47] Peter Gigengack: we could be training some large language model. Who knows exactly. Um, and, and look, I've even had some people like engaging me once they saw this topic pop up saying, Oh, what about like, again, as you kind of suggested, living on through AI or, um, and look there, even through a bunch of the research I was doing and look, it's not, I'm not covering this topic in my presentation, but going,
[00:20:08] Marco Ciappelli: well, but you will, It'll kind of get it going, right?
[00:20:12] Peter Gigengack: Um, where people have had interactions with their deceased relatives well beyond that they passed away because maybe it's account takeovers or similar. And obviously like the, like could you imagine like your family member Passed away many years ago speaking to you, like it, like, it's a real, you'd be kind of like quite unnerving going, Well, hang on, who is this?
Um. MySpace what? MySpace what? That's right. Um, and, and so like, look, it's, it's a real, I, I, I came up with it. Even through the research, which I didn't cover in this, like, prepare for in the presentation, I found, like, some really creepy stories of this actually already occurring. Now, look, is that because someone didn't do that housekeeping towards the end?
I don't, I will never know, but, like, I suppose it kind of puts it out saying, look, if we don't kind of have a plan for them, at least, it could, like, materialize. In something like someone taking over the account and then like responding and like, look, that would just cause a whole bunch of other kind of, um, I guess more emotions to kind of be poured out again from the family going, oh, what I've gotta deal with this now as well.
And like, I think, um, I guess most people just don't like having those surprises, like going, oh wow, we found this as well, or
[00:21:31] Marco Ciappelli: Right. And there's, that's another thing I'm thinking like, I mean, you had, you. You took a pretty big burden to, to take that on yourself. Somebody may say, well, let's have a third party do that because so they can say, well, you'll find out what you need to find out about this specific topic, then let the memory be what the memory is.
[00:21:51] Peter Gigengack: What the memory is. And look, there's probably a business opportunity in there somewhere, right?
[00:21:55] Marco Ciappelli: Oh yeah. I can see, I can see lawyers right now, like, ping, ping, ping.
[00:22:00] Peter Gigengack: Um, and look, there's like. I think, I guess, based on my career journey and like, as like an IT professional, I've had to do a number of, I guess, more investigations against my typical kind of HR type of, um, I guess, issues or like looking for insiders within an organisation.
So it's quite a typical activity that an IT person does and like we already have to compartmentalize yourself in your role. So then you're obviously keeping a confidentiality when we're doing this in a family situation. Now, I was the most technical competent, um, and it fell to myself, which like, look, I knew what I knew I'd be up for some challenges.
And I think there's still stuff that I will never know. Um, because we obviously wanted to just find the minimum amount that we wanted to kind of make sure we understood. And then from there, it's like, well, look, let's preserve what we've got. Um, and like, let's just remember that person for who they are.
Now look, could we get a surprise later on? Who knows. Um,
[00:22:58] Sean Martin: Well there's the, and I remember it was on the news when I was in Ireland one time where I think two, two guys brought in their neighbor who was no longer with us, but physically there into the post office to collect the, uh, the dole check.
[00:23:14] Marco Ciappelli: Oh, wait, wait, wait, that's the movie, right?
It's a movie, but it's also real. Was it Weekend at Bernie's back in the 80s? It was like that.
[00:23:22] Sean Martin: It was a real, a real story. But I guess my point is, for the digital life, if somebody was collecting something from somewhere. Correct. Maybe not, maybe not just a government subsidy or payment, but from some other service or royalty or whatever, I'm just thinking out loud here.
Netflix subscription. Yeah, so even, they may not want to talk to the family at that point, right? Yeah. Just let that Netflix run forever. Yeah, that's right.
[00:23:48] Peter Gigengack: And it's already hard enough to kind of
[00:23:51] Marco Ciappelli: cancel those
[00:23:51] Peter Gigengack: kind of things, so like, you know, Hopefully we, through that process, we were able to identify as much as we know, um, the airline, even just like that kind of, having an experience as a family, like, yes, as you say, you could outsource that, um, and then, I guess, um, How much would you want to find out someone else doing that for it as well?
Um, and so, um, it is quite a sensitive issue within our family. Going, look, we want to obviously respect that person as well. Um, they were a great person, um, family, very loved. And so, like, look, it was really, um, quite challenging and confronting to sort of navigate that. So, again, if we could, um, You can talk about it, leave clear expectations for our family to navigate that.
It'll really just set up that whole process to help it be as seamless as you possibly can, even though how crappy it is as you go through it, right?
[00:24:48] Marco Ciappelli: Yeah. And I mean, look, society has been changing so quickly, right? I mean, especially with, with all this legacy account and our online, and. And I think there is, on one side, I'm just thinking out loud here, is that people don't, are not really, many are not comfortable about making plans for, for when they die.
Because you're just going to postpone that as much as you can until, yeah, until unfortunately you can't do anything about it, number one. Number two, many people, I think, they're still not realizing how much of our life is actually online. So you've got to get to that point where this has become the norm.
That's right.
[00:25:33] Peter Gigengack: And look, I'm halfway through my life. Hopefully not even close. And when I was even going through this process for myself, going, Well, I've got hundreds of accounts. Now look, all of them aren't the same value of information. But you've got everything from your social media, email accounts.
I've got infrastructure as a professional. And Okay, well, I've got to make sure I pass those on, like, look, if someone wants to know about my e commerce things, yeah, sure, whatever, here's their accounts, but, like, there's obviously different value or, and richness of information that would be either available to your family and or an adversary, um, as well, and, like, replicate
[00:26:12] Marco Ciappelli: your something, or they, like, grab all that data, your digital twin that you don't want to have, create a
[00:26:17] Peter Gigengack: digital twin.
Use that against the family in some other mechanism and weaponize it, which is quite, we see that in enterprise. People get ransomware. Pretty much, yeah. I'm not trying to put suggestions to the adversaries out there, but like, Look, if you're not closing off those accounts and they've got simple credentials or they're not, we're not turning on multi factor to help, I guess, devalue those credentials in the first place.
Somebody may find it. Someone may find it. Use them in a way that will actually brings additional harm to others. Individuals or the family or using for other forms of I guess fraud or similar Obviously banks are in particularly in Australia quite have got really good checks and balances around that and across the world that obviously finances are very Well regulated.
Yeah in general and so some of those checks are pretty well well in place But like you could open up accounts internationally and do do all kind of things that could I guess be malicious And so like making sure that you also Being responsible to make sure that, well, that doesn't also play out is like another piece that You can cut it.
Yeah, you can go down a real rabbit hole. This, this topic as uh, confronting as it was to go through has, so is multifaceted and, um, very, you can go in, in very different directions and, and rabbit holes. I,
[00:27:36] Marco Ciappelli: I, my, my mind is in a rabbit hole right now. Like I'm. I'm all the way down with Alice and the White Rabbit.
Cuz I keep thinking about, oh, and there is this. Oh, and there is that. And
[00:27:48] Peter Gigengack: look, Um, It was really interesting when I was kind of thinking about this topic and um, with, With other, other cyber professionals. They're like, I haven't seen this being presented at a conference. And I thought, well, I, I've, I've lived through something, we better do it.
I've, I've lived through something that I, I know would be uncomfortable for many. Um, how about I try and, um, like talk about it? So then look. They can go back, and they can talk about it, and so on and so forth. Um, and look, by helping that, having those conversations early, Now look, there are some technical things we can do, like, if we were, um, trying to, I guess, help infantrise that, Yes, we've got password managers that can help.
Um, now look, how would we structure that in a way that's That would enable a family to do that. Have it like an emergency access the same way you would in an enterprise. Um, and whether or not that would be safer. It's having a master key that's kept separate offline. Or you can use a physical token like a UBKey passkey.
There's a way mechanics can do it. There's also the very low tech and just having that secret password book that you get from your stationary places. But everyone jokes about it. And saying that's insecure, but for that purpose only, and if it's well treated or if it's being held on behalf of kind of in a trusted person and hat and like, so those are the kind of mechanics from a practical sense, how you maybe implement it.
Um, now look.
[00:29:11] Marco Ciappelli: Yeah. It's kind of like having the, when you, you know, seeing the old movies and I'm sure in real life, when you have that, There is all the things in the surface, but then maybe this person has also the, the bigger safe in the bank in the vault with a
really big
[00:29:28] Marco Ciappelli: key where the real secrets are, the real jewelry or whatever it is.
And then eventually, is that going to be? Uh, you know, I'm thinking Harry Potter and the Green God forever, right? And, and, or, um, somebody's going to have access to it because it's still a family heritage and asset. And, and so a lot of, a lot of questions about it. Now, did, did you ended up, uh, solving the case?
[00:29:57] Peter Gigengack: I think we were able to. Closed out aspects where we saw that finances weren't, were no longer, I guess, been exiting the accounts or anything like that. But, um, I guess if there was other pieces we didn't know about them and they were unlinked from the, I guess, the parts that we knew about. Um, but yeah, like even having that.
And kind of, um, understanding where those bank accounts were in the first place was kind of even those, um, bits of the challenges. And so, I look, I knew the process if we found, uh, I guess evidence of, uh, ongoing, um, activity, how to report that. So within Australia we've got, uh, The Australian Signals Directorate and the Australian Cyber Security Centre.
They've got the report cyber mechanism where we could go through report that and then it'd be passed on to, I guess, relevant authorities and they can take the action, kick down doors, those kind of things. Um, and so I was really aware going, look, as I'm going through this, like, I'm looking for those people.
If I need to grab, have those, let's make sure I've got what we can to, I guess, make sure that, well look, if it was still ongoing, that we had an ability to obviously, uh, make sure that it wasn't also having other people's lives, and, um, often those Kind of, uh, scam, uh, groups or similar, they're not just targeting one, they are running multiple concurrent, um, attacks across individuals and victimizing a lot, so, um, by at least knowing that, like, look, I'm glad I didn't have to go through that piece but, like, it could have been a reality, um, and was really quite mindful how I navigated that piece.
to make sure we're really conscious on like, okay, well, from that, it's like an evidence collection and you've got to have, like, do what you need to in that space. Um, again, I'm not a digital forensics expert, but I understood that I had to reserve evidence and I could make sure there was no kind of odd choices around, like chain of custody type scenarios.
So, yeah, like, I wish I would, like, if there was, it would have been really nice if we did find something. And then we go, look, that now can be investigated and so forth. But it was really a bit unclear. Um, or we couldn't find anything else that really was suggested ongoing.
[00:32:11] Marco Ciappelli: Well, I'm glad you're sharing this.
Yeah, thanks. With the community. I mean, people are thinkers, of course. You know, in cyber security, that's what people do. But also that if people are listening right now that are not in the cyber security profession, but they, they start thinking about what could happen. I think it opened venues, maybe business ideas to us, as you mentioned, but also, you know, the way to legally Navigate it.
Navigating this and start thinking that it's a different, it's a different game nowadays. If you're in the grid, if you're on the grid, you're on the grid forever. Kinda. Kind of, yeah. Yeah.
[00:32:59] Sean Martin: Well, the takeaway for me is, it goes back to me for cyber operations, you don't wait for the breach. You don't wait for the event.
You have an understanding of what might be coming and you prepare for that. So for in this case, it's an understanding for yourself. It's a conversation with your family. Here's what I want. Here's my wishes, either written or verbally. Understanding from the elders, and even if they're not elders, nothing is guaranteed, right?
So what does a family want? That's right. So it doesn't become an issue of ethics or morals or legalities or wishes, right? It's an understood
[00:33:39] Marco Ciappelli: But you see, you're talking as a security professional, but you think this way, but Grandpa or anyone else. I think it's important that when you maybe I'm just saying maybe when you subscribe to an online service, there is a legacy check for a
[00:34:02] Sean Martin: lot of people, not everybody.
Clearly, a lot of people have wills and trusts, and I'm suggesting that as part of those conversations, the technology forget cyber. Yeah, it has to
[00:34:17] Marco Ciappelli: come in. To that. Yeah. No, I,
[00:34:19] Peter Gigengack: you've pretty much stole my takeaways from the It's all good. You go. Um, sorry. Good, good thing that
[00:34:25] Marco Ciappelli: your conversation and your session has already happened.
I'm already, we're not giving away anything . We're producing this after your, yeah, that's wrong session. Well, Peter, thank you so much. This has been like a very eye opening, uh, conversation for me. And, uh, I appreciate again that you're sharing it with the community. And, um, for everybody listening, this was a little bit of a different kind of conversation, but definitely something that will make you think.
And, uh, as I always say, if it makes you think, we did a good job.
[00:34:57] Sean Martin: We did our job anyway,
[00:34:59] Marco Ciappelli: good or not. We did our job. Peter did his job. Peter did his job. Thank you. So stay tuned. Um, many more conversation are gonna come up from, uh, Melbourne here and, uh, the conference, the cybersecurity conference 2024. Stay tuned.
[00:35:17] Sean Martin: Still. 2024
[00:35:18] Marco Ciappelli: still. 2024.
[00:35:20] Sean Martin: This is amazing. No, for that long, we're nearly, nearly 25. Alright, thanks everybody. Take too. Thanks, Peter. Thank you. Cool.