{
  "version": 3,
  "sources": ["ssg:https://framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/QCOmNQxP0FzCYPglj29K/WJBZI1Ghk-63.js"],
  "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as o}from\"framer\";import{motion as n}from\"framer-motion\";import*as a from\"react\";export const richText=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What happened?\"}),/*#__PURE__*/t(\"p\",{children:[\"The world\u2019s largest meat producer was attacked by \",/*#__PURE__*/e(\"strong\",{children:\"REvil\"}),\" on May 31. After the attack, it had to shut down multiple processing plants around the world. In Canada, the United States, and Australia, \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/XnE9cvF\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"some facilities\"})}),' had to close. Especially, \"',/*#__PURE__*/e(o,{href:\"https://cutt.ly/XnE9cvF\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"JBS shut down operations at its Dinmore Australia facility \u2014 the biggest beef plant in the southern hemisphere.\"})}),'\"']}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"JBS\"}),\" \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/InE9sOX\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"did not publicly confirm\"})}),\" what kind of attack it was. They also \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/HnE9hxU\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"refrained from pointing out\"})}),\" any responsibility. The world\u2019s press accessed this information thanks to a White House \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/hnE9f9W\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"press briefing on June 1\"})}),\". There, Ms. Karine Jean-Pierre, the White House Principal Deputy Press Secretary, revealed that it was a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ransomware attack\"})}),\". And, it was \",/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-06-02/hacking-outfit-linked-to-russia-is-behind-jbs-cyberattack\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Bloomberg\"})}),\" who revealed that it was an attack perpetrated by REvil.\"]}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we have already talked about \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"ransomware\"})})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/ransomware-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Ransomware as a Service (RaaS)\"})})}),\". So it is enough to summarize that this attack consists of installing \u201C\",/*#__PURE__*/e(o,{href:\"https://cutt.ly/InE9sOX\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"malware that encrypts its target\u2019s systems\"})}),\".\u201D Its purpose is to ask for money to decrypt that data or to prevent it from being published.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Who are those involved?\"}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(\"strong\",{children:\"victim\"}),\" is JBS, a company that, according to its \",/*#__PURE__*/e(o,{href:\"https://jbsfoodsgroup.com/our-business\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"official website\"})}),\", is the #1 global beef producer, #1 global poultry producer, #2 global pork producer. They also own \",/*#__PURE__*/e(o,{href:\"https://primo.com.au/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Primo\"})}),', \"Australia\u2019s largest provider of ham, bacon, salami, and deli meats.\"']}),/*#__PURE__*/t(\"p\",{children:[\"The perpetrator is \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/world-us-canada-57338896\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"REvil\"})}),', \"a criminal network of ransomware hackers that first came to prominence in 2019.\" This group is also ',/*#__PURE__*/e(o,{href:\"https://cutt.ly/PnE3yt0\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[\"known as \",/*#__PURE__*/e(\"strong\",{children:\"Sodinokibi\"})]})}),\" and appeared in \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/mnE3rGG\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"April 2019\"})}),'. Since then, REvil has incorporated into its criminal portfolio cyberattack methods such as \"',/*#__PURE__*/e(o,{href:\"https://cutt.ly/PnE3yt0\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"malicious spam campaigns and RDP attacks\"})}),\",\u201D but always having ransomware as its main attack.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/ransomware-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"last post\"})}),\", we pointed out that the \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/WnE3isA\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GandCrab gang ended operations\"})}),\" after a year of trading with exorbitant profits. Some of the gang members would presumably be \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/inE3p0o\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"linked to REvil\"})}),\", a gang that uses an attack model known as RaaS (see Figure 1). According to the \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/0nE9o2c\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"FBI statement\"})}),\" they are the main suspect of the JBS cyberattack.\"]}),/*#__PURE__*/e(\"img\",{alt:\"REvil timeline\",className:\"framer-image\",height:\"171\",src:\"https://framerusercontent.com/images/9tUKbgFi4IwUZe8p0On1zUDfrk.png\",srcSet:\"https://framerusercontent.com/images/9tUKbgFi4IwUZe8p0On1zUDfrk.png?scale-down-to=512 512w,https://framerusercontent.com/images/9tUKbgFi4IwUZe8p0On1zUDfrk.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/9tUKbgFi4IwUZe8p0On1zUDfrk.png 1920w\",style:{aspectRatio:\"1920 / 343\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 1. \",/*#__PURE__*/e(o,{href:\"https://www.secureworks.com/blog/REvil-the-gandcrab-connection\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"REvil Timeline\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:['In October 2020, \"UNKN\", one of the REvil ransomware syndicates, took an interview that was published on the Russian-speaking tech Youtube channel \"',/*#__PURE__*/e(o,{href:\"https://www.youtube.com/watch?v=ZyQCQ1VZp8s\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Russian OSINT\"})}),'.\" It was posted on the official website of ',/*#__PURE__*/e(o,{href:\"https://cutt.ly/rnE0RRY\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Advanced Intelligence\"})}),\", where it was argued that the name evokes the Resident Evil franchise. In the same interview, REvil claimed to make a revenue of $100M in 2019; a year with the goal of achieving at least $1B, ideally $2B. This is consistent with the figure estimated by the \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/mnE9u4a\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"IBM Security X-Force report\"})}),' published in September 2020. According to SecurityIntelligence, in \"our conservative estimate for Sodinokibi ransomware profits in 2020 is at least $81 million.\" Besides, UNKN announced that among the most profitable attack victims ',/*#__PURE__*/e(o,{href:\"https://cutt.ly/rnE0RRY\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the agriculture sector\"})}),\" is one of the best future targets. This, of course, did not remain an empty promise.\"]}),/*#__PURE__*/e(\"h2\",{children:\"REvil\u2019s modus operandi\"}),/*#__PURE__*/t(\"p\",{children:[\"UNKN noted that REvil\u2019s developer team is \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/rnE0RRY\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"made up of less than ten individuals\"})}),'. The team is so small precisely because they don\u2019t perpetrate most of their attacks. Since they operate as RaaS, most of their attacks \"',/*#__PURE__*/e(o,{href:\"https://cutt.ly/rnE0RRY\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"are conducted by the affiliates or adverts who disseminate the payload and navigate the victim\u2019s networks\"})}),'.\" They are the ones responsible for infecting the systems of their victims with the virus that \"',/*#__PURE__*/e(o,{href:\"https://cutt.ly/XnE9rVV\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"encrypts files after infection and discards a ransom request message\"})}),'.\"']}),/*#__PURE__*/t(\"p\",{children:['REvil affiliates often apply \"',/*#__PURE__*/e(o,{href:\"https://www.infradata.com/resources/what-is-revil-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"mass-spread attacks using exploit-kits and phishing-campaigns\"})}),'\" to distribute their malware. But the most commonly used attack vector, according to UNKN, is ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/pass-cracking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"brute-force\"})}),\" Remote Desktop Protocol (\",/*#__PURE__*/e(o,{href:\"https://www.paubox.com/blog/what-is-remote-desktop-protocol-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"RDP\"})}),'). This is very efficient for criminals, because \"',/*#__PURE__*/e(o,{href:\"https://cutt.ly/dnE29W2\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"brute force attacks are usually automated, so it doesn\u2019t cost the attacker a lot of time or energy\"})}),'.\"']}),/*#__PURE__*/e(\"h2\",{children:\"A worldwide attack\"}),/*#__PURE__*/t(\"p\",{children:[\"JBS is headquartered in Brazil and \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/LnE200M\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"has facilities in 20 countries\"})}),', though fifty percent of its \"',/*#__PURE__*/e(o,{href:\"https://cutt.ly/TnE3fHA\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"overall revenue\"})}),'\" corresponds to the United States. Therefore, and given the multiple outsourcing processes of the company, the attack made on JBS servers has required an international effort to solve it. In particular, Andre Nogueira, Chief Executive Officer of the Brazilian company, thanked the ',/*#__PURE__*/e(o,{href:\"https://cutt.ly/4nE2MNh\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"joint work of the United States, Canada, and Australia\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Today, a cyberattack not only affects the company and its employees but can become a global threat. This case is a magnificent example because it \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/znE2Nd6\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"affected countries everywhere\"})}),\": in North America, South America, Oceania, and Europe. Everything happened precisely when the pandemic hit the food sector the hardest. The Food and Agriculture Organization of the United Nations (FAO) published its \",/*#__PURE__*/e(o,{href:\"http://www.fao.org/news/story/en/item/1403339/icode/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"report on food prices\"})}),\" on Tuesday, June 1. The bottom line is that in May food prices have increased so rapidly that they have reached their highest peak since September 2011. If we add to that a cyberattack that paralyzed the meat production company for three days, then the outlook doesn\u2019t seem very encouraging for June.\"]}),/*#__PURE__*/e(\"img\",{alt:\"\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/TvrGKAJmxKNo2fChHM4HkcoCXNc.png\",srcSet:\"https://framerusercontent.com/images/TvrGKAJmxKNo2fChHM4HkcoCXNc.png?scale-down-to=512 512w,https://framerusercontent.com/images/TvrGKAJmxKNo2fChHM4HkcoCXNc.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/TvrGKAJmxKNo2fChHM4HkcoCXNc.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 2. Graphic by \",/*#__PURE__*/e(o,{href:\"http://www.fao.org/worldfoodsituation/foodpricesindex/en/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"FAO\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"The attack was particularly worrying in Australia, where the Minister for Agriculture, Drought, and Emergency Management said on \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/qnE2Vaa\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a local radio station\"})}),\" that\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"It's a global attack\"}),\". And we're working now with international partners around trying to trace and then rectify and obviously prosecute where possible, who has perpetrated this attack.\"]})}),/*#__PURE__*/t(\"p\",{children:['It was the joint effort of different nations that allowed them to face REvils\u2019s attack. This was also made clear by the FBI in its statement on the matter, in which they stated: \"A cyberattack on one is an attack on us all.\" And Russia\u2019s Deputy Foreign Minister Sergei Ryabkov himself backed the idea of working together with international peers by ',/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/world-us-canada-57318965\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"stating that\"})}),' \"Biden administration had been in contact with Moscow to discuss the cyber-attack.\"']}),/*#__PURE__*/e(\"h2\",{children:\"How did the attack end?\"}),/*#__PURE__*/t(\"p\",{children:[\"Unlike the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/pipeline-ransomware-darkside/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Colonial Pipeline\"})}),\" case or the victims of \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/babuk-locker/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Babuk locker\"})}),\", JBS has not confirmed the payment of the ransom. On \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/znE2Z9A\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"June 3\"})}),\", the company\u2019s CEO said they returned to operation at normal capacity because the attack did not affect either the central system or the backup data. And with this, no information about customers, suppliers, or employees was compromised.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Without doubting the company\u2019s quick reaction, or the efficient procedures carried out by the White House and the FBI, let me say that I am still forming my opinion about this outcome. It would sound logical to stick with the official version and not persist in doubt. However, not since \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/RnE2KMS\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"REvil has not given any statement\"})}),\" on its \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/dark-web/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"dark web\"})}),\", and considering what \",/*#__PURE__*/e(o,{href:\"https://cutt.ly/nnE3jCJ\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The Irish Times has published\"})}),\" about it:\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"Ransomware syndicates, as a rule, don't post about attacks when they are in initial negotiations with victims \u2014 or if the victims have paid a ransom.\"})}),/*#__PURE__*/t(\"p\",{children:[\"Let me leave the door open to whether JBS finally paid the ransom. It would not be the only company that, without denying having paid the ransom, resumes activities after an attack of this type (see \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/business-51017852\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Travelex\"})}),\" case).\"]}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we specialize in cybersecurity through \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"pentesting\"})}),\" or ethical hacking. For more information, don\u2019t hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us\"})}),\"!\"]})]});export const richText1=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Spectre\"}),\" was in the spotlight of cyber threat news in 2018. Its name is a direct reference to the only agent capable of attacking in that way: a specter. Since every ghost always comes back, Spectre has reappeared! To start talking about it, we have prepared a story and a challenge for you. \",/*#__PURE__*/e(\"strong\",{children:\"Can you solve it?\"})]}),/*#__PURE__*/e(\"p\",{children:\"Imagine the following scenario: one businessman increased his company\u2019s efficiency by hiring different people to perform routine tasks even before someone asked them to do so. If a posteriori instruction contradicted what the employees had done, they reversed and forgot those failed actions.\"}),/*#__PURE__*/e(\"p\",{children:\"Some years later, the businessman\u2019s lifeless body appeared in his library. He had a deep wound in his heart with an undue pool of blood. There was nothing nearby that could have been used to kill him. The room had doors and windows closed from the inside with no openings in walls, ceiling, or floor. The only suspect was an employee who was with him two hours before his death. However, after drinking the infallible truth serum, it was confirmed his innocence. The victim\u2019s sister claims the assassin was a ghost. But was it?\"}),/*#__PURE__*/e(\"p\",{children:\"Clues are already given, and we can suggest a solution. But, before that, if you think that this story is merely fiction, I invite you to read what happened with the Spectre case.\"})]});export const richText2=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Spectre\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.ieee-security.org/TC/SP2019/SP19-Slides-pdfs/Paul_Kocher_01_-_Spectre_Attacks-IEEE-SecurityPrivacy_v05.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Since 2004\"})}),\" the 3.8GHz Pentium 4 has been allowed to \",/*#__PURE__*/e(o,{href:\"https://www.anandtech.com/show/1695\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"bump in speed from the already available 6xx line of processors.\"'})}),\" Computers and devices that work with microchips increased their efficiency. Behind that increased performance, there was an effort \",/*#__PURE__*/e(o,{href:\"https://www.youtube.com/watch?v=zOvBHxMjNls\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"to boost pipeline in average cases\"})}),\", reduce memory delays by using caches, and work during delays using \",/*#__PURE__*/e(\"strong\",{children:\"speculative execution\"}),\". That allowed routine processes (\",/*#__PURE__*/e(o,{href:\"https://turbofuture.com/computers/What-are-the-basic-functions-of-a-CPU\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"such as move data from one memory location to another, or jump to a different address\"})}),\") to be much more efficient. Now, how did this advantage become a vulnerability?\"]}),/*#__PURE__*/t(\"p\",{children:[\"To answer that, we will explain what \",/*#__PURE__*/e(\"strong\",{children:\"speculative execution\"}),\" is by referring to Paul Kocher\u2019s talk: \",/*#__PURE__*/e(o,{href:\"https://youtu.be/zOvBHxMjNls\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"Spectre Attacks Exploiting Speculative Execution\"})})}),\". In fact, Spectre was brought out into the open for the \",/*#__PURE__*/e(o,{href:\"https://meltdownattack.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"first time\"})}),\" in May 2019 at the \",/*#__PURE__*/e(o,{href:\"https://www.ieee-security.org/TC/SP2019/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"40th IEEE Symposium on Security and Privacy\"})})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Speculative execution\"}),/*#__PURE__*/t(\"p\",{children:[\"A CPU could start a course of action without confirming that it is the correct path. In other words, \",/*#__PURE__*/e(o,{href:\"https://spectreattack.com/spectre.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"having the CPU guess likely future execution directions and prematurely execute instructions on these paths.\"'})}),\" This means that even before the value that executes an instruction appears, the CPU is already performing it.\"]}),/*#__PURE__*/t(\"p\",{children:[\"This solution responded to the limited number of processes a CPU can execute at the same time. That number is conditioned by each CPU \",/*#__PURE__*/e(o,{href:\"https://techterms.com/definition/clockcycle#:~:text=A%20clock%20cycle%2C%20or%20simply,processes%20require%20multiple%20clock%20cycles.\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"clock cycle\"})}),\". To avoid waiting,\"]}),/*#__PURE__*/e(\"img\",{alt:\"Kocher et al.\",className:\"framer-image\",height:\"83\",src:\"https://framerusercontent.com/images/Bj7AQ2xGdpO1njC7G7tcdExJzA.png\",srcSet:\"https://framerusercontent.com/images/Bj7AQ2xGdpO1njC7G7tcdExJzA.png?scale-down-to=512 512w,https://framerusercontent.com/images/Bj7AQ2xGdpO1njC7G7tcdExJzA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Bj7AQ2xGdpO1njC7G7tcdExJzA.png 1920w\",style:{aspectRatio:\"1920 / 167\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://spectreattack.com/spectre.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Text fragment from: Kocher et al., 2019\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:'When the value is known, a CPU identifies if the speculation was correct. If so, \"the code continues as supposed, and the result would come faster.\" If the assumption was wrong,'}),/*#__PURE__*/e(\"img\",{alt:\"Kocher\",className:\"framer-image\",height:\"75\",src:\"https://framerusercontent.com/images/D7rhtNhXrGNioq3NJq2cfhqB3Nw.png\",srcSet:\"https://framerusercontent.com/images/D7rhtNhXrGNioq3NJq2cfhqB3Nw.png?scale-down-to=512 512w,https://framerusercontent.com/images/D7rhtNhXrGNioq3NJq2cfhqB3Nw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/D7rhtNhXrGNioq3NJq2cfhqB3Nw.png 1920w\",style:{aspectRatio:\"1920 / 150\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://spectreattack.com/spectre.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Text fragment from: Kocher et al., 2019\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:['There is no cost in time or resources since the alternative option is to wait for the value to be revealed. Then either the CPU expects data to execute orders or \"get ahead of the job\" and perform the process before the command. However, over time it was seen that ',/*#__PURE__*/e(o,{href:\"https://www.ieee-security.org/TC/SP2019/SP19-Slides-pdfs/Paul_Kocher_01_-_Spectre_Attacks-IEEE-SecurityPrivacy_v05.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"there were security implications from speculative execution\"})}),\". In fact, the CPU was opening a vulnerability on its own: a \",/*#__PURE__*/e(\"strong\",{children:\"fault attack\"}),\" hardware was built-in.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Branch Predictor and Out-of-bounds\"}),/*#__PURE__*/t(\"p\",{children:[\"One way to change instructions is by taking advantage of \",/*#__PURE__*/e(\"strong\",{children:\"Branch predictors\"}),\". These are architectural units used \",/*#__PURE__*/e(o,{href:\"https://spectrum.ieee.org/computing/hardware/how-the-spectre-and-meltdown-hacks-really-worked\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"to guess where guess where the next instruction, after a branch, will come from.\"'})}),\" Through them, the CPU speculates whether a conditional branch will be taken and the possible outcome of the instruction if it is executed. If the speculation is wrong, the CPU will reverse all registry contents back to where they were before proceeding.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Now, the CPU performs a legal \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-vulnerabilities-111/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"out-of-bounds\"})}),\", i.e., \",/*#__PURE__*/e(o,{href:\"https://cwe.mitre.org/data/definitions/125.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"the software reads data past the end, or before the beginning, of the intended buffer.\"'})}),\" The Buffer is a memory piece in the processor that allows returning from cache or temporary memory to complete long-lasting memory addresses. Here is where a security breach is performed. In Kocher\u2019s words, the problem is that:\"]}),/*#__PURE__*/e(\"img\",{alt:\"From Kocher's presentation\",className:\"framer-image\",height:\"150\",src:\"https://framerusercontent.com/images/yzRanepu8eu92aUo9QQZu5alCE.png\",srcSet:\"https://framerusercontent.com/images/yzRanepu8eu92aUo9QQZu5alCE.png?scale-down-to=512 512w,https://framerusercontent.com/images/yzRanepu8eu92aUo9QQZu5alCE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/yzRanepu8eu92aUo9QQZu5alCE.png 1920w\",style:{aspectRatio:\"1920 / 300\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://youtu.be/zOvBHxMjNls?t=331\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Fragment from Kocher\u2019s presentation\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"What is astonishing is that it is not only allowed, but it is integrated into CPU operations!\"}),/*#__PURE__*/t(\"p\",{children:[\"This vulnerability has been widely known and analyzed. Since 2018, when it first came to light, Intel and AMD, two of the world\u2019s biggest processor companies, \",/*#__PURE__*/e(o,{href:\"https://spectrum.ieee.org/computing/hardware/how-the-spectre-and-meltdown-hacks-really-worked\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"adjusted their microcode to change the behavior of some assembly-language instructions in ways that limit speculation.\"'})}),' Their solution was to limit \"spaces\" in which speculation is allowed. By doing so, they made specific processing moments safer but slower.']}),/*#__PURE__*/e(\"h2\",{children:\"Spectre reappearance\"}),/*#__PURE__*/t(\"p\",{children:[\"A paper published by the University of Virginia concludes that this threat is not over yet. \",/*#__PURE__*/e(o,{href:\"https://engineering.virginia.edu/news/2021/04/defenseless-uva-engineering-computer-scientists-discover-vulnerability-affecting\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Researchers have\"})}),' \"uncovered a line of attack that breaks all Spectre defenses,\" which means that \"billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.\"']}),/*#__PURE__*/t(\"p\",{children:[\"Specifications of this new threat can be reviewed in their \",/*#__PURE__*/e(o,{href:\"https://www.cs.virginia.edu/venkat/papers/isca2021a.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"article (Ren et al., 2021).\"})}),\" However, the main risk identified in their study is that Spectre vulnerability is not in the software but in the hardware. Notably, Intel, AMD, and AMR processors use \",/*#__PURE__*/e(o,{href:\"https://erik-engheim.medium.com/what-the-heck-is-a-micro-operation-e991f76209e\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"micro-ops\"})}),\" to process complex instructions into small micro-op caches. And \",/*#__PURE__*/e(o,{href:\"https://www.cs.virginia.edu/venkat/papers/isca2021a.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"published research\"})}),' describes \"attacks that exploit the micro-op cache as a timing channel to transmit secret information.\" As a result of those attacks, criminals can leak secrets in three primary settings (see those settings in detail ',/*#__PURE__*/e(o,{href:\"https://www.cs.virginia.edu/venkat/papers/isca2021a.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here\"})}),\").\"]}),/*#__PURE__*/t(\"p\",{children:[\"Although this finding is recent and will be publicly discussed this year in June at the \",/*#__PURE__*/e(o,{href:\"https://www.iscaconf.org/isca2021/program/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"International Symposium on Computer Architecture\"})})}),\", the team that wrote the paper has already talked to Intel and AMD about their findings. On May 4, an \",/*#__PURE__*/e(o,{href:\"https://itwire.com/security/us-researchers-find-flaw-affecting-processors-made-since-2011.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Intel spokesman said\"})}),': \"that existing mitigations were not being bypassed and that this scenario was addressed in its secure coding guidance.\" Still, that response is disappointing because the problem should not be solved using constant-time programming. Instead, it should be fixed from its source: processors.']}),/*#__PURE__*/e(\"h2\",{children:\"Not-so-perfect crime\"}),/*#__PURE__*/e(\"p\",{children:\"Let us go back to our crime scene. The key is in the truth serum test. Is it possible that the employee does not remember what he did? Why did he act this way, if he is the assassin? What did he use to get through the victim\u2019s heart? The answer is, perhaps, in the excessive pool of blood. If there is a way to make an object disappear in a couple of hours\u2026 Can you think of what it could be?\"}),/*#__PURE__*/t(\"p\",{children:[\"We hope you have enjoyed this post, and we look forward to hearing from you. By the way, do you need help with \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"vulnerability management\"})}),\"? \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Contact us!\"})})]})]});export const richText3=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/e(\"p\",{children:\"In this blog, we will not delve into Colonial Pipelines, though we will mention some details about them. Instead, our spotlight will be the self-appointed criminal gang called DarkSide, which was behind the attack. How they operate, who they are, and, more importantly, how can your company avoid becoming a victim of such an attack?\"})});export const richText4=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What happened?\"}),/*#__PURE__*/t(\"p\",{children:[\"The FBI confirmed that on May 7th, the Colonial Pipeline networks were attacked by the \",/*#__PURE__*/e(o,{href:\"https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networks\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DarkSide ransomware\"})}),\" gang. After that, the company \",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/technology/fireeye-shares-jump-after-pipeline-cyberattack-2021-05-10/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"closed its complete network\"})}),\" for some days. In fact, until the date this post is published, \",/*#__PURE__*/e(o,{href:\"https://www.usatoday.com/story/news/nation/2021/05/12/colonial-pipeline-hack-shutdown-gas-outages-refuel/5065013001/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the main pipeline is still shut\"})}),\". However, \",/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it was known\"})}),\" that the company already paid $5 million in cryptocurrency \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/colonial-pipeline-paid-close-to-5-million-in-ransomware-blackmail-payment/?ftag=TRE-03-10aaa6b&bhid=29868913901264489308848757891800&mid=13366532&cid=2399622965\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"to decrypt locked systems\"})}),\". (Which seems insignificant compared to the \",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/business/energy/colonial-pipeline-has-cyber-insurance-policy-sources-2021-05-13/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"$15 million coverage that their cyber-security insurance can cover\"})}),\").\"]}),/*#__PURE__*/e(\"h2\",{children:\"Who is involved?\"}),/*#__PURE__*/t(\"p\",{children:[\"The Colonial Pipeline network \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/technology-57063636\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"transports almost half\"})}),\" of the East Coast\u2019s fuel supply. This is why \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/colonial-pipeline-resumes-operations-cyberattack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"prices at the pumps increased\"})}),\" after the long-lasted cut. In total, \",/*#__PURE__*/e(o,{href:\"https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the pipeline network is 5,500 miles long\"})}),\", which makes it the longest in the country (see image below).\"]}),/*#__PURE__*/e(\"img\",{alt:\"Colonial pipeline\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png\",srcSet:\"https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png?scale-down-to=512 512w,https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Colonial Pipeline\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"The pipeline\u2019s primary source is in Texas, the state where, by far, stands the most significant number of refineries. While \",/*#__PURE__*/e(o,{href:\"https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203#:~:text=According%20to%20an%20Energy%20Department,a%20million%20barrels%20a%20day.\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Texas has more than 20 refineries with a total capacity less than a million barrels a day, the whole East Coast has only seven\"})}),\". Therefore, a disruption in the flow from that state has paralyzed operations in several sectors (\",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/business/energy/us-govt-top-fuel-supplier-work-secure-pipelines-closure-enters-4th-day-2021-05-10/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"including seven of the largest airports in the country and five military bases\"})}),\"; see image below).\"]}),/*#__PURE__*/e(\"img\",{alt:\"Pipelines flow\",className:\"framer-image\",height:\"350\",src:\"https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png\",srcSet:\"https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png?scale-down-to=512 512w,https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png 1920w\",style:{aspectRatio:\"1920 / 700\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.reuters.com/business/energy/us-govt-top-fuel-supplier-work-secure-pipelines-closure-enters-4th-day-2021-05-10/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Pipelines flow\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let\u2019s talk about \",/*#__PURE__*/e(\"strong\",{children:\"DarkSide\"}),\". It looks like they became public \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"in August of 2020\"})}),\", and they were discovered \",/*#__PURE__*/e(o,{href:\"https://heimdalsecurity.com/blog/what-is-darkside-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"by MalwareHunterTeam\"})}),\" (see image below). DarkSide is perhaps \",/*#__PURE__*/e(o,{href:\"https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"one of the most important exponents of the rising Ransomware-as-a-Corporation\"})}),\" (RaaC) trend. They differ from other ransomware criminal groups in their victims' search method. An ordinary criminal uses spoofing, \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/smishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"smishing\"})}),\", or \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\", waiting for a victim to take the bait. Instead, DarkSide studies its potential victims carefully by determining its economic activity, income, and expenses. After that, they analyze the attack difficulty, its success probability and inquire about the company\u2019s most vulnerable point to start their attack from there. Unlike well-known criminal groups such as DoppelPaymer, Sodinokibi, \",/*#__PURE__*/e(o,{href:\"https://statescoop.com/maze-ransomware-attackers-leak-data-stolen-from-suburban-washington-schools/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Maze\"})}),', and NetWalker, DarkSide is structured around a \"',/*#__PURE__*/e(o,{href:\"https://www.cnbc.com/2021/05/10/hacking-group-darkside-reportedly-responsible-for-colonial-pipeline-shutdown.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"business model\"})}),'.\" In addition, it is noticeable that ',/*#__PURE__*/e(o,{href:\"https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they have a code of ethics\"})}),\" that prohibits them from attacking hospitals, schools, and government agencies. \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/technology-54591761\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"It is also reported that\"})}),\" they look to obtain the most significant profit by attacking big companies. At the same time, \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/technology-54591761\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they make donations using some of the money received through ransomware\"})}),\". For example, they gave 10 thousand dollars to Children International and another 10 thousand dollars to the Water Project Receipt in October 2020. Both of them were rejected by the NGO\u2019s.\"]}),/*#__PURE__*/e(\"img\",{alt:\"DarkSide leaks\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png\",srcSet:\"https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png?scale-down-to=512 512w,https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-05-12/darkside-hackers-mint-money-with-ransomware-franchise\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DarkSide leaks\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"How did it happen?\"}),/*#__PURE__*/t(\"p\",{children:[\"DarkSide infiltrated the Colonial Pipeline network by blocking data from their computers and servers. To unblock their data, the company must pay the money criminals asked for. Specifically, they \",/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"stole 100 gigabytes of data threatening to share it on the web\"})}),\". Besides, though details are not precise, \",/*#__PURE__*/e(o,{href:\"https://www.trendmicro.com/en_us/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"their modus operandi starts\"})}),\" with (but is not limited to) a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\" email that tricked an employee. Likewise, by using \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/importance-pentesting/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"penetration testing\"})}),\" tools, \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/3618688/darkside-ransomware-explained-how-it-works-and-who-is-behind-it.html?upd=1620908660505\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they can perform lateral movements\"})}),\". In addition, \",/*#__PURE__*/e(o,{href:\"https://www.nytimes.com/2021/05/10/us/politics/pipeline-hack-darkside.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it can be assumed that\"})}),\" the attack was directed to the commercial area and not the operational one. Apparently, their goal was not to crash down the pipeline but to extort the company to make money (as has been done in \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/darkside-the-ransomware-group-responsible-for-colonial-pipeline-cyberattack-explained/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"previous cases\"})}),\"). In this sense, their main attack is not so different from the typical ransomware attack.\"]}),/*#__PURE__*/t(\"p\",{children:[\"DarkSide gets data from their victims' servers, encrypts them, uploads them to their leak-website (which can only be accessed by search engines that allow you to enter the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/dark-web/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"deep web\"})}),\" as Tor), and then asks for the money to decrypt them. The encryption is twofold; first, they use a \",/*#__PURE__*/e(o,{href:\"https://www.mcafee.com/enterprise/en-us/threat-center/threat-landscape-dashboard/ransomware-details.darkside-ransomware.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SALSA20 key\"})}),\", one of the fastest encryption on the market, and then use an RSA-1024 key. Then, \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they withdraw\"})}),\" data servers and disable the \",/*#__PURE__*/e(o,{href:\"https://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-08-21-crime_darkside_ransomware.vk.notes.raw\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"termination of specific processes\"})}),\". Finally, every file \",/*#__PURE__*/e(o,{href:\"https://heimdalsecurity.com/blog/what-is-darkside-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"extension changes to .DarkSide\"})}),\" and any of them open \",/*#__PURE__*/e(o,{href:\"https://www.pcrisk.com/removal-guides/18504-darkside-ransomware\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"an executable that redirects to .txt with the following text\"})}),\":\"]}),/*#__PURE__*/e(\"img\",{alt:\"Welcome to dark\",className:\"framer-image\",height:\"192\",src:\"https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png\",srcSet:\"https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png?scale-down-to=512 512w,https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png 1920w\",style:{aspectRatio:\"1920 / 384\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:'\"Welcome to Dark.\"'}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://malwarewarrior.com/how-to-remove-darkside-ransomware-and-decrypt-darkside-files/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The gang lists all types of stolen data and sends\"})}),' a \"personal website\" URL to their victim. Data is already loaded and expected to be published automatically if the company does not pay before the deadline. If that is not enough, they also threaten to delete that information from the victim\u2019s network. In fact, in a press release posted on a Tor website in August 2020, ',/*#__PURE__*/e(o,{href:\"https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they announce that\"})}),\".\"]}),/*#__PURE__*/e(\"img\",{alt:\"If you refuse to pay\",className:\"framer-image\",height:\"248\",src:\"https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png\",srcSet:\"https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png?scale-down-to=512 512w,https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png 1918w\",style:{aspectRatio:\"1918 / 496\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:'\"If you refuse to pay.\"'}),/*#__PURE__*/e(\"h2\",{children:\"What have we learned?\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://edition.cnn.com/videos/politics/2021/05/10/colonial-pipeline-white-house-biden-sot-vpx.cnn/video/playlists/this-week-in-politics/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"President Biden himself said\"})}),\" he is now very interested in the cyberattack situation. In fact, on Wednesday, May 12th, \",/*#__PURE__*/e(o,{href:\"https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the White House released an Executive Order\"})}),' in which they declare that the Federal Government is going to: \"improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.\" The extensive document is clearly motivated by the DarkSide attack, but also by recent ones (surely the ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/exchange-server-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"hack to Microsoft Exchange Server\"})}),\", the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/solarwinds-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SolarWinds security fiasco\"})}),\", or the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/facebook-data-leak/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Facebook Data Leak\"})}),\").\"]}),/*#__PURE__*/t(\"p\",{children:[\"This means US law enforcement \",/*#__PURE__*/e(o,{href:\"https://grahamcluley.com/darkside-ransomware-gang-fear/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"are likely to be putting significant resources into uncovering\" their identity'})}),\". So, it should not be surprising that Congressman Jim Langevin (D-RI), chair of the House Armed Services Subcommittee on Cybersecurity, Innovative Technologies, and Information Systems \",/*#__PURE__*/e(o,{href:\"https://web.archive.org/web/20210514050555/https://langevin.house.gov/press-release/langevin-praises-sweeping-biden-executive-actions-cybersecurity\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"has said\"})}),': \"Cybersecurity is the most urgent national security challenge facing our nation, and I applaud President Biden for taking action early in his term to address and eliminate glaring vulnerabilities.\"']}),/*#__PURE__*/t(\"p\",{children:['For all this, it seems that DarkSide regrets the social harm caused by their criminal activity. We can assume that not only for their \"ethical code\" but also because they are now in the limelight. In this respect, what Nicole Perlroth, a New York Times cybercrime reporter, said last ',/*#__PURE__*/e(o,{href:\"https://twitter.com/nicoleperlroth/status/1391794316507418624?s=20\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Monday\"})}),\" turns very interesting:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Nicole Perlroth\",className:\"framer-image\",height:\"175\",src:\"https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png\",srcSet:\"https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png?scale-down-to=512 512w,https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png 1920w\",style:{aspectRatio:\"1920 / 350\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/nicoleperlroth\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"@nicoleperlroth\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"We also learned that ransomware can jeopardize \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"companies and the infrastructure\"})}),\" of an entire country. This means, in turn, that companies and governments must reinforce their cybersecurity systems. Because \",/*#__PURE__*/e(o,{href:\"https://www.osti.gov/biblio/1602649\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"they\u2019re not paying enough attention to these risks\"})})}),': \"the ONG (Oil & Natural Gas) industry is unaware of potentially useful technologies that have been developed for ensuring cyber-security of other infrastructure systems, such as the electric grid.\"']}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.secureworldexpo.com/industry-news/colonial-pipeline-poor-cybersecurity\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Robert Smallwood was one of the consultants\"})}),' who delivered an 89-page report in January 2018 after conducting a six-month audit. He said last Wednesday that the deficiencies and vulnerabilities in the cybersecurity system were so high that \"',/*#__PURE__*/e(o,{href:\"https://apnews.com/article/va-state-wire-technology-business-1f06c091c492c1630471d29a9cf6529d\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"an eighth-grader could have hacked into that system\"})}),'.\" All of this resulted in a costly and embarrassing lesson: prevention in terms of cybersecurity risks is very important. Never take it lightly. Otherwise, there will be no guarantee that you will not be attacked by the DarkSide.']}),/*#__PURE__*/e(\"p\",{children:\"For now, we\u2019ll just recommend you what they say throughout the Galaxy: may the force be with you.\"}),/*#__PURE__*/e(\"p\",{children:\"If you want to know more about how to protect yourself from cyberattacks, we invite you to review our page.\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we specialize in cybersecurity through \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"pentesting\"})}),\" or ethical hacking. For more information, don\u2019t hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us!\"})})]})]});export const richText5=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Las brechas de datos y los m\\xfaltiples ciberataques contra empresas de todo tipo y tama\\xf1o en el ahora predominante mundo digital siguen aumentando. (Consulta \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-i/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"aqu\\xed\"})}),\" informaci\\xf3n sobre tendencias cibercriminales del a\\xf1o pasado). Muchas de estas compa\\xf1\\xedas se han dado cuenta de la necesidad de utilizar pruebas de seguridad en sus sistemas para determinar si son vulnerables a posibles amenazas y llevar a cabo las mejoras necesarias lo antes posible. Sin embargo, es posible que algunas empresas solo se limiten a cumplir con los est\\xe1ndares de la industria y las regulaciones de protecci\\xf3n al consumidor como \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/hipaa/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"HIPAA\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/pci/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"PCI DSS\"})}),\", y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/gdpr/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GDPR\"})}),\". De una forma u otra, la soluci\\xf3n \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/pruebas-penetracion-servicio/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"pentesting\"})})}),\" ha ido ganando mayor valor y popularidad en la evaluaci\\xf3n de la seguridad a lo largo de los a\\xf1os entre organizaciones que van m\\xe1s all\\xe1 de las agencias gubernamentales y los bancos.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Por esta raz\\xf3n, el mercado de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" se ha vuelto mucho m\\xe1s amplio, con cada vez m\\xe1s proveedores de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" ofreciendo sus servicios, lo que hace cada vez m\\xe1s compleja la elecci\\xf3n para las empresas interesadas en su implementaci\\xf3n. Como manifest\\xf3 el \",/*#__PURE__*/e(\"em\",{children:\"pentester\"}),\" profesional \",/*#__PURE__*/e(o,{href:\"https://securityboulevard.com/2020/06/5-tips-for-selecting-a-penetration-testing-company-in-2020/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Elliot en Security Boulevard\"})}),\" el a\\xf1o pasado, seleccionar una empresa de pruebas de penetraci\\xf3n puede ser una tarea desalentadora; se trata de una industria plagada de t\\xe1cticas de venta enga\\xf1osas, certificaciones d\\xe9biles y, simplemente, profesionales no cualificados. Como consecuencia, diferentes empresas y personas relacionadas con la ciberseguridad han ido sugiriendo a trav\\xe9s de sus redes sociales algunos consejos para tener en cuenta a la hora de elegir proveedores de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Antes de pasar a estos consejos para entender mejor el mercado, familiaric\\xe9monos un poco m\\xe1s con el concepto. \",/*#__PURE__*/e(o,{href:\"https://resources.infosecinstitute.com/topic/the-history-of-penetration-testing/#gref\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"A finales de la d\\xe9cada de 1960\"})}),', empezaron a surgir los llamados \"equipos tigre\" para probar la capacidad de los sistemas gubernamentales y empresariales para resistir ciberataques. Entre los pioneros del desarrollo de las pruebas de penetraci\\xf3n se encuentra James P. Anderson, quien en los a\\xf1os 70 estableci\\xf3 los pasos finales de las pruebas para esos equipos tigre. Sin embargo, al parecer fue hace poco, en 2009, que se defini\\xf3 un est\\xe1ndar de ejecuci\\xf3n de penetraciones para probar los sistemas en busca de formas de vulnerarlos y obtener acceso a los datos. Este riguroso enfoque combina procedimientos manuales por parte de ',/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" y pruebas automatizadas mediante herramientas, con predominio de los primeros. En resumen, el \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" es una evaluaci\\xf3n de la seguridad con una simulaci\\xf3n de ataques aut\\xe9nticos para identificar las vulnerabilidades que los ciberdelincuentes podr\\xedan explotar en un entorno determinado.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Hace un a\\xf1o, \",/*#__PURE__*/e(o,{href:\"https://www.netspi.com/blog/executive/penetration-testing/the-penetration-testing-paradox-criteria-for-evaluating-providers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[\"Charles Horton public\\xf3 un \",/*#__PURE__*/e(\"em\",{children:\"post\"})]})}),\" para NetSPI en el que describe cuatro factores que puedes tener en cuenta a la hora de elegir un equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/gestion-vulnerabilidades/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"gesti\\xf3n de vulnerabilidades\"})}),\" adecuado para tu organizaci\\xf3n. Inicialmente, se refiere a la innegable importancia de contar con \",/*#__PURE__*/e(\"strong\",{children:\"un grupo talentoso\"}),\". Cada uno de los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" deber\\xeda tener la capacidad de ver los objetivos a trav\\xe9s de los ojos de los \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" maliciosos. Deber\\xedan ser \\xe1giles a la hora de adquirir conocimientos y mejorar las t\\xe9cnicas a emplear en funci\\xf3n de las necesidades de sus clientes y de las nuevas complejidades en su campo. Por supuesto, deber\\xedas verificar que se trate realmente de un equipo que vas a vincular a tu personal y no de un \\xfanico individuo sobre el que recaiga todo el peso y la responsabilidad.\"]}),/*#__PURE__*/t(\"p\",{children:[\"En relaci\\xf3n con el factor talento, podemos ver que otras fuentes (p. ej., \",/*#__PURE__*/e(o,{href:\"http://web.archive.org/web/20201210221420/https://resources.infosecinstitute.com/topic/top-10-things-look-avoid-choosing-pen-testing-vendor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20infosecResources%20%28InfoSec%20Resources%29\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Infosec\"})}),\" e \",/*#__PURE__*/e(o,{href:\"https://medium.com/intruder-io/how-to-choose-a-pentesting-company-5eddc82982d1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Intruder\"})}),\") tambi\\xe9n hablan de certificaciones y experiencia. Ellas recomiendan que busques equipos de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" cuyos miembros posean \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/certifications/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"certificaciones profesionales reconocidas en el sector\"})}),\", tales como CEH, CRTE, OSCE, OSCP, OSWE y OSWP. Estas credenciales pueden generar cierta confianza en relaci\\xf3n con la capacidad de los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\". Pero cuidado, \\xa1ellas no se deber\\xedan tomar como medida suficiente para elegir un equipo! Como dice Elliot, las certificaciones siguen estando muy por debajo de lo que se espera de un \",/*#__PURE__*/e(\"em\",{children:\"pentester\"}),\" experto. Y advierte que los organismos de certificaci\\xf3n inherentemente deben dirigirse a un grupo de personas lo suficientemente grande como para seguir siendo rentables. En su lugar, Elliot te invita a prestar mucha atenci\\xf3n a los repositorios Git de las compa\\xf1\\xedas, as\\xed como a sus investigaciones y publicaciones.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Como segundo factor, Horton destaca la capacidad del equipo para seguir procesos de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" estandarizados y, al mismo tiempo, personalizables. Mediante la \",/*#__PURE__*/e(\"strong\",{children:\"estandarizaci\\xf3n\"}),\" (como puede hacerse, por ejemplo, con los listados de control de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\"), una empresa especializada deber\\xeda garantizar resultados coherentes en diferentes proyectos de evaluaci\\xf3n. En cuanto a la \",/*#__PURE__*/e(\"strong\",{children:\"personalizaci\\xf3n\"}),\", deber\\xedan demostrar que puede reconocer las similitudes y diferencias entre las necesidades de sus clientes y que es capaz de ajustarse a ellas en sus pruebas de penetraci\\xf3n.\"]}),/*#__PURE__*/t(\"p\",{children:[\"La personalizaci\\xf3n est\\xe1 relacionada con la flexibilidad, una mentalidad abierta, una cualidad que debe poseer un \",/*#__PURE__*/e(\"em\",{children:\"pentester\"}),\". Los analistas que elijas para la evaluaci\\xf3n de la seguridad de tu organizaci\\xf3n deber\\xedan ser curiosos y creativos, estar siempre interesados en aprender sobre nuevas t\\xe9cnicas y ambientes en los que simular ataques. Por supuesto, para asegurarte de que los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" implicados se ajustan adecuadamente a tus necesidades, ten en cuenta las palabras de \",/*#__PURE__*/e(o,{href:\"https://medium.com/intruder-io/how-to-choose-a-pentesting-company-5eddc82982d1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Andrew en Intruder\"})}),\": aseg\\xfarate de que tu proveedor potencial tenga experiencia relevante en los tipos de tecnolog\\xeda con los que trabajas.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Como tercer punto, Horton menciona que un excelente equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" para tu negocio deber\\xeda saber \",/*#__PURE__*/e(\"strong\",{children:\"c\\xf3mo gestionar y presentar los datos\"}),\" obtenidos del an\\xe1lisis. Todo ello de forma que facilite a tu personal la remediaci\\xf3n r\\xe1pida y eficaz de las vulnerabilidades. Con sus herramientas, el equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" deber\\xeda organizar reportes detallados y priorizar los hallazgos para ti, ahorr\\xe1ndote algunos dolores de cabeza administrativos. De acuerdo con \",/*#__PURE__*/e(o,{href:\"http://web.archive.org/web/20201210221420/https://resources.infosecinstitute.com/topic/top-10-things-look-avoid-choosing-pen-testing-vendor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20infosecResources%20%28InfoSec%20Resources%29\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Brecht de Infosec\"})}),\", los informes de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" pueden estar plagados de jerga t\\xe9cnica, lo que supondr\\xeda un problema. Es por esto que se valora mucho la capacidad de comunicar la complejidad en t\\xe9rminos comprensibles para ejecutivos no t\\xe9cnicos. As\\xed que, \\xa1solicita, revisa y compara informes de ejemplo de los proveedores!\"]}),/*#__PURE__*/t(\"p\",{children:[\"Tambi\\xe9n podemos a\\xf1adir a lo dicho que es rigurosamente necesario que la empresa proveedora del servicio permita establecer un pacto documentado de confidencialidad y seguridad de los datos. De antemano, debe existir un seguro de responsabilidad civil por parte del proveedor para proteger a tu empresa de cualquier da\\xf1o o p\\xe9rdida relacionado con tus sistemas y datos. Adem\\xe1s, debes saber qui\\xe9nes ser\\xe1n los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" encargados de realizar las pruebas y c\\xf3mo se gestionar\\xe1n los datos, solicitando informaci\\xf3n como nombres y curr\\xedculums.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Horton termina con un factor que hace \\xe9nfasis en la \",/*#__PURE__*/e(\"strong\",{children:\"calidad colaborativa\"}),\" del equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\". Desde el principio, los miembros de estos grupos de evaluaci\\xf3n deber\\xedan recibir formaci\\xf3n para tener una mentalidad colectiva. M\\xe1s all\\xe1 de compartir conocimiento internamente, la colaboraci\\xf3n consiste en ampliarlo, transmitirlo a otras personas fuera de los l\\xedmites corporativos y contribuir a una comunidad dedicada a la ciberseguridad. Podemos a\\xf1adir aqu\\xed que el equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" deber\\xeda ser capaz de mantener una comunicaci\\xf3n constante y clara con tu equipo. Siempre deber\\xedan proporcionar retroalimentaci\\xf3n sobre el progreso, las dificultades y los resultados, junto con valiosas recomendaciones para la acci\\xf3n.\"]}),/*#__PURE__*/t(\"p\",{children:[\"La selecci\\xf3n de un proveedor competente de pruebas de penetraci\\xf3n no es una tarea sencilla, pero es ideal para detectar vulnerabilidades en tus sistemas y mantener en buen estado tu organizaci\\xf3n. Si buscas un proveedor de servicios de pruebas de penetraci\\xf3n para una asociaci\\xf3n a largo plazo, podemos mostrarte c\\xf3mo en Fluid Attacks cumplimos con todos los factores enumerados aqu\\xed e incluso m\\xe1s. Somos una empresa que reconoce el valor fundamental del an\\xe1lisis manual en \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/pruebas-penetracion-servicio/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"pentesting\"})})}),\", de modo que empleamos herramientas automatizadas pero superamos sus defectos mediante la labor de \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" humanos. Estamos entre los que le ofrecen reataques para confirmar que las vulnerabilidades han sido remediadas con \\xe9xito. Adem\\xe1s, superamos el n\\xfamero t\\xedpico de dos o tres profesionales por proyecto, \\xa1alcanzando un promedio de 15 \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" \\xe9ticos!\"]}),/*#__PURE__*/t(\"p\",{children:[\"\\xbfQuieres saber m\\xe1s sobre nosotros? Puedes consulta \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/universe\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"aqu\\xed nuestro repositorio\"})}),\" y \",/*#__PURE__*/e(o,{href:\"https://clutch.co/profile/fluid-attacks\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"aqu\\xed las opiniones de nuestros clientes\"})}),\". Para m\\xe1s informaci\\xf3n, \\xa1no dudes en \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/contactanos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contactarnos\"})}),\"!\"]})]});export const richText6=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we are very proud of the great goal we have recently achieved with our open-source tool, which we constantly develop and employ to detect some systems' vulnerabilities. This tool has reached \",/*#__PURE__*/e(\"strong\",{children:\"100% in True Positives and 0% in False Positives against the OWASP Benchmark\"}),\" version 1.2. Let's put this achievement in context.\"]})});export const richText7=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What is the OWASP?\"}),/*#__PURE__*/t(\"p\",{children:[\"Perhaps you've heard of the \",/*#__PURE__*/e(o,{href:\"https://owasp.org/www-project-top-ten/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Top 10\"})}),\" list of vulnerabilities. The Open Web Application Security Project (\",/*#__PURE__*/e(o,{href:\"https://owasp.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP\"})}),\") is a non-profit foundation committed to helping improve software security through various means. The OWASP functions as an open, online community where anyone can contribute to the production of material in the field of web application security and benefit from the information available. Fluid Attacks is an active corporate member of The OWASP Foundation.\"]}),/*#__PURE__*/e(\"h2\",{children:\"What is the OWASP Benchmark?\"}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(o,{href:\"https://owasp.org/www-project-benchmark/#\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Benchmark Project\"})}),\" is a free Java test suite created in 2015 to assess the accuracy, speed, and coverage of automated software vulnerability detection tools. It helps determine the strengths and weaknesses of different application security testing (AST) machines and allows objective comparisons between them. So, we can put under evaluation static (SAST), dynamic (DAST), or interactive (IAST) tools. This benchmark is quite helpful for choosing a new tool on the market or finding out what needs to be improved in the machine you have been developing.\"]}),/*#__PURE__*/e(\"p\",{children:\"The most recent version of the OWASP Benchmark (v1.2), a fully executable open-source web app, contains 2,740 test cases (single Java servlets). Each case has either a genuine, exploitable vulnerability or a false vulnerability, all of them belonging to 11 categories and corresponding to specific CWEs. If we refer to all test cases, 51.6% have actual exposures (multiple variants of each category), and 48.4% contain false ones. In short, the best tools according to this benchmark should only report those real vulnerabilities.\"}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark test cases\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png\",srcSet:\"https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png?scale-down-to=512 512w,https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png 1920w\",style:{aspectRatio:\"1920 / 950\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Figure 1. Test cases in OWASP Benchmark v1.2.\"}),/*#__PURE__*/e(\"p\",{children:\"Companies have long relied on SAST and DAST solutions to protect their applications and verify compliance requirements. However, it has been pretty usual for automated vulnerability detection processes to show errors in their reports. Thus, through this benchmark, for example, we can realize that a tool may fail to identify real vulnerabilities (it has False Negatives, which we have also referred to as omissions) and may fail to ignore false vulnerability alarms (it gives False Positives). On the other side, we can find that a tool may correctly identify real vulnerabilities (it gives True Positives) and ignore false alarms (it has True Negatives).\"}),/*#__PURE__*/e(\"p\",{children:\"Accordingly, referring to some extreme cases we don\u2019t want to witness, there may be a tool that reports every line of code it reviews in an application as vulnerable. That would help us detect all the vulnerabilities present; however, we would also be full of false positives, and it would be worthless. The same quality would be valid for a tool with zero false positives but which cannot detect any vulnerability. Finally, it would be useless to have a tool that randomly has 50% true positives and 50% false positives. See the following chart:\"}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark interpretation guide\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png\",srcSet:\"https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png?scale-down-to=512 512w,https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 2. \",/*#__PURE__*/e(o,{href:\"https://raw.githubusercontent.com/OWASP-Benchmark/BenchmarkJava/8df16196378048c54f68cd3a77531e9741a0c7ae/scorecard/content/benchmark_guide.png\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Benchmark Results Interpretation Guide\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:'True Positive Rate (TPR) is the percentage of true vulnerabilities that the tool identifies. False Positive Rate (FPR) is the percentage of false vulnerabilities that the tool reports as true ones. The ideal point is where we have a TPR of 100% and an FPR of 0%. Anyway, it will always be preferable to be above the red segmented line (\"Random Guess\"), with the first rate\u2019s value always exceeding that of the second one; the farther away, the better. Be careful because it seems that some vendors may strive to display you 100% in TPR as if it were the sole relevant value when it comes to accuracy.'}),/*#__PURE__*/t(\"p\",{children:[\"This is where the Benchmark Accuracy Score comes in. It is essentially an individual score, a \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Youden%27s_J_statistic\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Youden\u2019s index\"})}),\", that goes from 0 to 100 to summarize the accuracy of a set of tests. The equation is simple: we just need to subtract one (1) from the sum of the tool\u2019s sensitivity (same as TPR) and specificity (same as 1-FPR) expressed as part of a whole number. See this example taken from the OWASP\u2019s website:\"]}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark score example\",className:\"framer-image\",height:\"225\",src:\"https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png\",srcSet:\"https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png?scale-down-to=512 512w,https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png 1920w\",style:{aspectRatio:\"1920 / 450\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 3. Example of the Benchmark Score (\",/*#__PURE__*/e(o,{href:\"https://owasp.org/www-project-benchmark/#\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here in 'Scoring'\"})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:'Consequently, the Benchmark Score for a tool with insufficient accuracy equals 0, and for a tool with perfect accuracy equals 100 (Youden\u2019s index equals 1). In Figure 4, the Benchmark Score, which can also be negative, corresponds to the line\u2019s length from a given point down to the diagonal \"Random Guess\" line.'}),/*#__PURE__*/e(\"h2\",{children:\"What are Fluid Attacks' results?\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we decided to test our primary, customized tool. Only by applying the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SAST\"})}),\" technique (although it can also perform \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DAST\"})}),\"), this tool can achieve the best possible outcome against the OWASP Benchmark with a TPR of 100% and an FPR of 0%. So, our Benchmark Score equals 100, the highest value! A few years ago, developers in the OWASP Benchmark project published a comparison chart for different open-source and commercial SAST tools. It is now in this chart that we include the results obtained by our tool.\"]}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark results comparison\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png\",srcSet:\"https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png?scale-down-to=512 512w,https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Figure 4. OWASP Benchmark results comparison.\"}),/*#__PURE__*/e(\"h2\",{children:\"Issues we're aware of at Fluid Attacks\"}),/*#__PURE__*/e(\"p\",{children:\"The values obtained in this scenario are easy to determine accurately because the number of existing vulnerabilities is known from the beginning, contrary to what usually happens in real-world applications. You need to understand that this project does not include all vulnerability categories and possible cases. Nevertheless, looking ahead, OWASP hopes to have all types of vulnerabilities that belong to its Top 10 in its tests and offer code in other languages, not just Java.\"}),/*#__PURE__*/e(\"p\",{children:\"OWASP created these test cases from coding patterns observed in actual applications, but some of them may be of questionable relevance, and most are simpler than in reality. Companies that focus only on improving their machines and getting excellent scores, particularly in these types of benchmarks, could be severely limited when facing a greater variety of real-world code. So, it would help you keep in mind that a good result in this test is not enough to assume that a tool will do very well in detecting vulnerabilities in general: beware of false illusions of security!\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we are proud to have achieved this goal with the OWASP Benchmark, but certainly, it is only one of the sources we use as a reference to improve our tool. We keep getting feedback from real applications and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"their code\"})}),\". And while our customers can take advantage of our tool to look for vulnerabilities, we always recommend performing comprehensive security testing by adding our ethical hackers' invaluable manual work.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To conclude, as anyone can use the OWASP Benchmark to evaluate any application security testing tool, if you are among the customers or stakeholders who want to prove for themselves that our results are authentic, \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/know-and-reproduce-the-scanner-s-owasp-benchmark-results\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"you can follow this guide\"})}),\". Additionally, if you want to learn more about our tool, don\u2019t hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us\"})}),\"!\"]})]});export const richText8=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"A few days ago, someone published the phone numbers and other account information of hundreds of millions of Facebook users on a cybercrime forum. We're talking about information that is now 'free' but which had been circulating on the web months before and that even Facebook refers to as material extracted from its platform in 2019. This case comes in addition to several previous ones that have cast serious doubt on this widely used social network's security. Let's take a look!\"}),/*#__PURE__*/t(\"p\",{children:[\"If you were asked why you use Facebook, what would you answer (that is if you use it)? Perhaps your reason wouldn't be too far from the funny remark expressed by \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/new-poll-shows-facebooks-severe-trust-problem/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Gewirtz in ZDNet\"})}),\": \\\"We all use Facebook because it's the only way we can know what people we haven't talked to in years have eaten for dinner.\\\" But, whatever your reason for using it, have you been aware of its security and user data handling issues? One of the most mentioned incidents has been \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the Cambridge Analytica scandal\"})}),\", where Facebook shared the data of millions of its users without their consent to that British company, mainly for political advertising. Apart from this, there have been cases of \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/facebook-harvested-1-5-million-user-email-contacts-without-permission/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"harvesting of user email contacts\"})}),\" without permission, \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/facebook-we-stored-hundreds-of-millions-of-passwords-in-plain-text/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"passwords stored in plain text\"})}),\", and, well, information leaks, our concern here.\"]}),/*#__PURE__*/t(\"p\",{children:[\"On this occasion, the information that has been made public corresponds to \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"533,313,128 Facebook users\"})}),\". Apparently, almost all the records include the user's ID (a long number linked to the account), name, gender and a piece of information that makes this situation more alarming: their phone number. We can also find data such as the user's email address, relationship status, date of birth, occupation, city, among others, in some records. These data are part of the user profiles, and the passwords have not been exposed. However, phone numbers, now public, are information that usually remains private within accounts.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Facebook founders data leak\",className:\"framer-image\",height:\"82\",src:\"https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png\",srcSet:\"https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png 1917w\",style:{aspectRatio:\"1917 / 164\"},width:\"958\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Facebook's founders in data leak\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"In this database, the affected users are separated by country (although Africa is listed, perhaps referring to South Africa). The threat actor(s) registered 106 nations (\",/*#__PURE__*/e(o,{href:\"https://threadreaderapp.com/thread/1349671294808285184.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the list may show 107\"})}),\", but there's an error with Tunisia appearing twice) and specified the total number of users for each of them. For instance, in rounded figures, the U.S. has 32.3M records; Colombia, 18.0M; Mexico, 13.3M; Peru, 8.1M; Chile, 6.9M, and Panama, 1.5M.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Currently, those are 106 separate download packages in a public cybercrime forum. Nevertheless, \",/*#__PURE__*/e(o,{href:\"https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"as Cimpanu in The Record says\"})}),', \"While the forum is publicly accessible and anyone can register a profile, the download links for these packages are only available to users who bought forum credits.\" Specifically, ',/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it is said\"})}),\" that any person must pay eight credits to access the database, with each credit costing approximately $2.19. This is pretty cheap for the amount of information available; that's why people say it's \\\"free data\\\" in almost all the sources I checked.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Typically, these stolen data sets are initially sold privately at high prices. Later, they are sold at lower costs, and, in the end, they are given for free by their owners mostly to gain reputation within the hacker community. In this case, the stolen information corresponds, especially \",/*#__PURE__*/e(o,{href:\"https://about.fb.com/news/2021/04/facts-on-news-reports-about-facebook-data/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"according to Facebook itself\"})}),\", to the same data that malicious actors harvested from its platform in 2019. \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Abrams in BleepingComputer says\"})}),\" it was in mid-2020 when this stolen information came to light in a hacker community with one member selling it to other members. Later, in January 2021, Hudson Rock's CTO \",/*#__PURE__*/e(o,{href:\"https://twitter.com/UnderTheBreach/status/1349674272227266563\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Alon Gal tweeted that\"})}),' \"a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.\" Finally, at the beginning of this month, ',/*#__PURE__*/e(o,{href:\"https://twitter.com/UnderTheBreach/status/1378314424239460352\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Gal tweeted that\"})}),' those \"Facebook records were just leaked for free.\"']}),/*#__PURE__*/t(\"p\",{children:[\"But what happened to Facebook to have all that information from \",/*#__PURE__*/e(o,{href:\"https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"about a fifth\"'})}),\" of its complete user pool leaked? Several sources refer to a vulnerability in the 'Add Friend' feature on Facebook that hackers could have exploited. \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"It is unknown if'})}),' this alleged vulnerability allowed the threat actor to retrieve all of the information in the leaked data or just the phone number, which was then combined with information scraped from public profiles,\" says Abrams. It was from there that criminals could have created the database of 533M users.']}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://about.fb.com/news/2021/04/facts-on-news-reports-about-facebook-data/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Facebook, on the other hand\"})}),\", does not mention vulnerability or hacking in its public statement. They believe that only the 'scraping' technique was used by criminals to extract user data before September 2019, employing their 'contact importer' feature. Facebook created this function for people to easily find their friends on the network (supposedly getting limited but public information from the profiles) using their contact lists (phone numbers). Apparently, after realizing how some individuals were using this characteristic, the company decided to change it and resolve the situation. \\\"We updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,\\\" says Clark, Facebook's Product Management Director.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Interestingly, on September 4, 2019, \",/*#__PURE__*/e(o,{href:\"https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Whittaker in TechCrunch reported\"})}),\" many Facebook users' phone numbers (linked to IDs and other data) recently exposed online. Expressly, he referred to an exposed, unprotected server (\",/*#__PURE__*/e(o,{href:\"https://www.forbes.com/sites/daveywinder/2019/09/05/facebook-security-snafu-exposes-419-million-user-phone-numbers/?sh=2e0ad5901ab7\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"not a Facebook one\"'})}),\") with more than 419M records. On that occasion, the U.S. had 133M records, about four times more than in the 'most recent case.' At that time, Facebook said malicious actors scraped that data before they restricted access to users' phone numbers on their platform, i.e., \",/*#__PURE__*/e(\"em\",{children:\"more than a year ago\"}),\". \",/*#__PURE__*/e(o,{href:\"https://edition.cnn.com/2019/09/04/tech/facebook-phone-numbers-exposed\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"Until April 2018'})}),\", people could enter another person's phone number to find him or her on Facebook.\\\" But, wait a minute, didn't they say users could do this up until August 2019? That doesn't add up! And while there may be discussions about this inconsistency, nobody mentioned it in the posts I had the opportunity to review.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Bourgeois tweet\",className:\"framer-image\",height:\"407\",src:\"https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png\",srcSet:\"https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png 1920w\",style:{aspectRatio:\"1920 / 815\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/Liz_Shepherd/status/1378398417450377222\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Tweet by Liz Bourgeois\"})}),\", Director, Strategic Response Communications at Facebook.\"]}),/*#__PURE__*/t(\"p\",{children:['The thing now is that, for this 533M records situation, people are talking about \"old data\" from 2019, leaked from a problem that Facebook \"resolved\" in August of the same year. However, even if the data is around two years old, it can still be valuable to cybercriminals. Phone numbers and email addresses are often the same over many years. Threat actors can then engage in phishing (with email addresses), smishing (mobile text phishing), SIM swap attacks (',/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"steal multi-factor authentication'})}),' codes sent via SMS\"), and other scams or impersonation attacks. Therefore, if you use Facebook, you should beware of strange messages with requests for further information or enclosed links, possibly even associated with the pandemic.']}),/*#__PURE__*/t(\"p\",{children:[\"By the way, since Facebook seems not to have made it available, \",/*#__PURE__*/e(o,{href:\"https://haveibeenpwned.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"haveibeenpwned.com\"})}),\" allows you to check if you're part of the victims of this data leak. Initially, this page only allowed verification via email address. But this data is quite limited in quantity in this leak (\",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"only for 2.5M of the affected users\"})}),\"), so, a few days ago, \",/*#__PURE__*/e(o,{href:\"https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/#comment-5332905964\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the website enabled the search through phone numbers\"})}),\". Good luck!\"]})]});export const richText9=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Este art\\xedculo es el quinto de una serie basada en el libro \",/*#__PURE__*/e(o,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"Tribe of Hackers Red Team\"})})}),\" de Carey y Jin (2019). Como ya coment\\xe9 \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"en el primer art\\xedculo\"})}),\", en este libro encontramos las respuestas de 47 expertos en \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/ejercicio-red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"red teaming\"})})}),\" a las mismas 21 preguntas. En las entradas anteriores, hice referencia a las opiniones de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(1.0) Carey\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(2.0) Donnelly\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-3/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(3.0) Weidman\"})}),\", y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-4/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(4.0) Secor\"})}),\". Para esta ocasi\\xf3n, decid\\xed centrarme en las respuestas de Carlos P\\xe9rez (\",/*#__PURE__*/e(o,{href:\"https://twitter.com/carlos_perez?lang=en\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Darkoperator\"})}),\"), el primer latinoamericano incluido en la serie, quien lleva m\\xe1s de veinte a\\xf1os en el mundo de la ciberseguridad.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Carlos trabaj\\xf3 para el gobierno de Puerto Rico, realizando \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" y ayudando a proteger sus redes. M\\xe1s tarde, se uni\\xf3 a Compaq/HP como arquitecto s\\xe9nior de soluciones para las pr\\xe1cticas de consultor\\xeda de seguridad y redes para clientes en Sudam\\xe9rica, Centroam\\xe9rica y el Caribe. Tambi\\xe9n trabaj\\xf3 en Tenable como director de ingenier\\xeda inversa y, en el momento de la entrevista del libro, era el l\\xedder de pr\\xe1ctica para la investigaci\\xf3n en TrustedSec. Actualmente, Carlos es conocido por sus contribuciones a herramientas de seguridad de c\\xf3digo abierto como \",/*#__PURE__*/e(o,{href:\"https://github.com/darkoperator/dnsrecon\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DNSRecon\"})}),\" y \",/*#__PURE__*/e(o,{href:\"https://github.com/darkoperator/Metasploit-Plugins\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Metasploit\"})}),\".\"]})]});export const richText10=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"h2\",{children:[\"Para los que buscan ser diligentes en los \",/*#__PURE__*/e(\"em\",{children:\"red teams\"})]}),/*#__PURE__*/t(\"p\",{children:[\"Carlos comienza recomendando conocimientos espec\\xedficos, divididos en t\\xe9cnicos y no t\\xe9cnicos, que \\xe9l considera necesarios para quienes quieran formar parte de un \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\". \",/*#__PURE__*/e(\"strong\",{children:\"En el aspecto t\\xe9cnico\"}),\", inicia refiri\\xe9ndose a una base s\\xf3lida en l\\xf3gica de programaci\\xf3n, un conocimiento esencial para la correcta adaptaci\\xf3n a diversos lenguajes de programaci\\xf3n, as\\xed como para la producci\\xf3n y alteraci\\xf3n de herramientas. A continuaci\\xf3n, Carlos sugiere una buena comprensi\\xf3n de las redes porque, seg\\xfan dice, la mayor\\xeda de las acciones atravesar\\xe1n este tipo de ambiente. Adem\\xe1s, seg\\xfan Carlos, tendr\\xe1s que entender c\\xf3mo se configuran, se mantienen y se aseguran los sistemas. Y deber\\xedas mantener un m\\xe9todo de pr\\xe1ctica y aprendizaje constantes, siempre con el objetivo de evitar cualquier sesgo t\\xe9cnico.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"En el aspecto no t\\xe9cnico\"}),\", Carlos comienza destacando la importancia de conocer acerca de las estructuras, la comunicaci\\xf3n y el trabajo en equipo de una organizaci\\xf3n. Precisamente, en cuanto al acto de expresar ideas, reconoce que muchos en este campo son introvertidos. Sin embargo, sin pelos en la lengua, Carlos advierte que si no eres capaz de transmitir informaci\\xf3n sobre riesgos, mitigaci\\xf3n y apoyo de una manera que los responsables de la toma de decisiones puedan utilizar y comprender, entonces habr\\xe1s fracasado. Por \\xfaltimo, \\xe9l a\\xf1ade la importancia de aprender sobre las nuevas tendencias y buenas pr\\xe1cticas en la industria de TI (que a veces son ignoradas por los profesionales), por ejemplo, Cloud y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/devsecops/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DevOps\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Al igual que otros expertos cuyas opiniones se han presentado en esta serie, Carlos nos recuerda que no es necesario participar en actividades ilegales para adquirir habilidades de \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\". La informaci\\xf3n, el entrenamiento y el material de referencia para aprender todos los aspectos est\\xe1n disponibles p\\xfablicamente, y todo puede simularse en un \\xe1mbito de prueba para ensayar y validar conceptos. No cometas el est\\xfapido error de jugar al chico/chica malo/a cuando probablemente puedas aprender las mismas habilidades en el proceso para convertirte en un \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/hacking-etico/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[/*#__PURE__*/e(\"em\",{children:\"hacker\"}),\" \\xe9tico\"]})}),\", siendo un \",/*#__PURE__*/e(\"em\",{children:\"hacker\"}),\" \\xe9tico.\"]}),/*#__PURE__*/t(\"h2\",{children:[\"Para los que ya sudan sangre en los \",/*#__PURE__*/e(\"em\",{children:\"red teams\"})]}),/*#__PURE__*/t(\"p\",{children:[\"Empecemos por el trabajo en equipo. De acuerdo con Carlos, cada miembro del \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" deber\\xeda tener un conocimiento claro del cliente y de los sistemas que se van a evaluar. La planificaci\\xf3n debe realizarse precisamente en grupo. Todos los miembros pueden compartir sus opiniones desde el principio, y el equipo puede discutirlas con la intenci\\xf3n de llegar a acuerdos. A medida que avance el proyecto, deben realizarse reuniones peri\\xf3dicas para revisar las acciones. Al final de un contrato, debe hacerse un intercambio de opiniones en el que los egos queden a un lado y se diga sinceramente lo que hay que mejorar.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Para Carlos, es falso decir que las nuevas t\\xe9cnicas y \",/*#__PURE__*/e(\"em\",{children:\"exploits\"}),\" deben mantenerse en secreto, incluso de los clientes, para evitar perder ventajas en otros contratos. \",/*#__PURE__*/e(\"em\",{children:\"Red teaming\"}),\" no consiste simplemente en emular, sino que tambi\\xe9n implica cultivar una relaci\\xf3n con el cliente, en la que el pensamiento cr\\xedtico puede ayudar a gestionar los riesgos potenciales y mejorar la ciberseguridad.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Cuando, por ejemplo, en un ejercicio de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/pruebas-penetracion-servicio/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"pentesting\"})})}),\" o de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-breach-attack-simulation/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"simulaci\\xf3n de ataque\"})}),\" los equipos de seguridad del cliente consiguen descubrirte, ten en cuenta algo que Carlos comparte desde su experiencia: No tiene por qu\\xe9 ser algo negativo con tu trabajo y tus capacidades; puede ser que en el lado del cliente ya hayan aprendido de proyectos anteriores y hayan aplicado las medidas necesarias. De acuerdo con sus palabras, puedes recordarte que tu tarea es ayudarles a poner a prueba su seguridad y hacer que sus sistemas sean m\\xe1s seguros.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Frase de P\\xe9rez\",className:\"framer-image\",height:\"426\",src:\"https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png\",srcSet:\"https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png?scale-down-to=512 512w,https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png 1919w\",style:{aspectRatio:\"1919 / 853\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:\"La imagen original de Carlos fue tomada del libro de referencia.\"}),/*#__PURE__*/e(\"h2\",{children:\"Para empresas que aspiran estar a la vanguardia en seguridad\"}),/*#__PURE__*/t(\"p\",{children:[\"A la pregunta de cu\\xe1ndo introducir un \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" en el programa de seguridad de una organizaci\\xf3n, Carlos responde (en t\\xe9rminos de condiciones): En esa organizaci\\xf3n tiene que haber una cultura de involucrar a la seguridad desde el principio del proceso, cuando tenga sentido hacerlo, y una disposici\\xf3n a escuchar ideas cr\\xedticas alternadas de los planes cuando estos se expongan. Debe ser una empresa que reconozca la necesidad y est\\xe9 dispuesta a someter a evaluaci\\xf3n sus proyectos y sistemas para identificar debilidades y vulnerabilidades en ellos. Pero no solo eso, seg\\xfan Carlos, la organizaci\\xf3n debe estar dispuesta a asumir esfuerzos para eliminar y mitigar los riesgos se\\xf1alados por el \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"El criterio de Carlos es bastante valioso cuando sugiere que es mejor no implementar los servicios de un \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" dentro de una empresa, al menos no en ese momento, en el que su equipo de seguridad est\\xe1 algo aislado de los procesos generales de la toma de decisiones. Adem\\xe1s, para \\xe9l, no es buena idea convocar a los \",/*#__PURE__*/e(\"em\",{children:\"red teams\"}),\" cuando, m\\xe1s que una colaboraci\\xf3n, lo que hay entre los grupos de esa empresa es solo competencia y conflicto.\"]}),/*#__PURE__*/e(\"p\",{children:'Por otro lado, Carlos advierte a las compa\\xf1\\xedas interesadas en su seguridad que tengan cuidado con, desde su punto de vista, el \"control de seguridad de menor costo\" que en muchos lugares se puede ver implementado. Se refiere a herramientas sin m\\xe9tricas, objetivos y entrenamiento ajustados a las particularidades de la empresa cliente, las cuales acaban solo proporcionando un efecto placebo a los que firmaron el cheque.'}),/*#__PURE__*/t(\"p\",{children:[\"Adicionalmente, Carlos menciona un control de seguridad f\\xe1cil y sencillo que una empresa puede implementar ahora que el \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\" y el \",/*#__PURE__*/e(\"em\",{children:\"malware\"}),\" son tan empleados para comprometer redes o sistemas. Se trata de abordar primero las v\\xedas de entrada m\\xe1s comunes. Seg\\xfan Carlos, la mayor\\xeda de las compa\\xf1\\xedas no bloquean ni controlan la ejecuci\\xf3n de HTA, Windows Scripting Host o macros de Office. Despu\\xe9s de bloquear las rutas de entrada, el equipo de seguridad puede empezar a perfilar el comportamiento t\\xedpico dentro del entorno para construir un sistema de detecci\\xf3n autom\\xe1tica de comportamientos anormales.\"]}),/*#__PURE__*/e(\"h2\",{children:\"\\xa1Eso es todo, amigos!\"}),/*#__PURE__*/t(\"p\",{children:[\"No olvides que puedes acceder a la entrevista completa con Carlos P\\xe9rez en el \",/*#__PURE__*/e(o,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"libro de Carey y Jin\"})}),\". Por cierto, recuerda que si quieres formar parte del \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" de Fluid Attacks, puedes consultar nuestra p\\xe1gina de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/careers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Trabaja con nosotros\"})}),\". Y si necesitas informaci\\xf3n sobre nuestros \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/servicios/hacking-continuo/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"servicios\"})}),\" y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"soluciones\"})}),\" para tu organizaci\\xf3n, puedes hacer \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/contactanos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"click aqu\\xed para contactarnos\"})}),\".\"]})]});export const richText11=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"This month, the FBI released the \",/*#__PURE__*/e(o,{href:\"https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"2020 Internet Crime Report\"})}),\", based on the activity of the Internet Crime Complaint Center (IC3). The IC3 serves worldwide citizens to obtain accurate and up-to-date information about cybercrime and as a reporting mechanism if they suspect they are victims in cyberspace. In cases where they are truly victims, they receive assistance from the FBI. This agency is also responsible for investigating, understanding and holding criminal actors accountable in order to prevent additional attacks. In this post, I want to share with you some highlights from the mentioned report.\"]})});export const richText12=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"A new record\"}),/*#__PURE__*/e(\"p\",{children:'It is now commonplace for cybersecurity reports concerning the past year to begin by referring to the opportunities the COVID-19 pandemic has brought to cybercriminals. For instance, a lot more people working remotely, many more companies turning to digital transformation, lots of overburdened healthcare workers, and, in general, almost everyone in substantial uncertainty about what the virus could represent. As mentioned by Paul Abbate, Deputy Director of the FBI, \"These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society.\"'}),/*#__PURE__*/t(\"p\",{children:[\"Last year the IC3 received \",/*#__PURE__*/e(\"strong\",{children:\"791,790\"}),\" complaints \u2014a new record with a 69% increase over 2019\u2014 representing losses of more than \",/*#__PURE__*/e(\"strong\",{children:\"$4.2 billion\"}),\". Almost half of these losses (about $1.8 billion) were related to Business E-mail Compromise (BEC) schemes where the number of complaints was much lower (19,369) than for Phishing scams (241,342), for example. This last type of crime was the leader in the number of complaints, but even so, related losses were just close to $54 million. Additionally, according to the report, the number of ransomware incidents again showed growth, reaching a total of 2,474 with losses of over $29.1 million. (Read about \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ransomware\"})}),\".)\"]}),/*#__PURE__*/t(\"p\",{children:[\"It is relevant to highlight at this point a vulnerable population about which I had honestly heard little in this area and which has significantly been affected in recent times. I'm talking about people \",/*#__PURE__*/e(\"em\",{children:\"over the age of 60\"}),\". Astonishingly, 105,301 of the total complaints in 2020 were issued by people in that age group. But get the picture, that's only counting those who chose to report their age, so there could have been many more. Their losses were close to \",/*#__PURE__*/e(\"strong\",{children:\"one billion dollars\"}),\". That's why the FBI and the IC3 have invested a lot of time and effort in educating this population to protect themselves and not become victims.\"]}),/*#__PURE__*/e(\"h2\",{children:\"COVID-19 as a tool\"}),/*#__PURE__*/e(\"p\",{children:'The previous year, the IC3 received more than 28,500 complaints in direct relation to the COVID-19. \"Fraudsters targeted the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which included provisions to help small businesses during the pandemic\" and unemployment insurance benefits. Loan and grant fraud and phishing for Personally Identifiable Information (PII) made up the majority of the incidents people complained about in connection with the CARES Act. For example, in some U.S. states, there were complaints from citizens that when they wanted to claim their benefits, it turned out that criminals had already stolen their identities and demanded monetary assistance online.'}),/*#__PURE__*/e(\"p\",{children:\"According to the FBI, impersonating government personnel via emails, social media and phone calls has been one of the most frequently observed criminal strategies throughout the pandemic. Thus, when talking about COVID-19 vaccinations caught on, the malefactors knew how to exploit that situation. They started creating scams with fraudulent advertisements, asking people to pay out of pocket or provide personal information to join the waiting list or gain early access to the vaccine.\"}),/*#__PURE__*/e(\"h2\",{children:\"Business Email Compromise\"}),/*#__PURE__*/e(\"p\",{children:\"Based on the data I referenced above, Business Email Compromise (linked to the Email Account Compromise; EAC) is the costliest scheme of attack present in this FBI's report. Again, 19,369 complaints with losses above $1.8 billion. BEC/EAC corresponds to an advanced scam aimed at businesses and individuals making fund transfers. The fraudsters usually employ social engineering or any computer intrusion technique to compromise email accounts and use them to request unauthorized transfers of money to fraudulent locations. In the early days, chief executive/financial officers' email accounts were generally the hacking targets. \\\"Over the years, the scam evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.\\\"\"}),/*#__PURE__*/t(\"p\",{children:[\"On the positive side, the IC3's Recovery Asset Team (RAT) operations in response to the BEC/EAC schemes are noteworthy. This team was founded three years ago to facilitate communication with financial institutions and support the freezing of funds for victims of fraudulent transfers. In 2020, the RAT had an extraordinary \",/*#__PURE__*/e(\"strong\",{children:\"82%\"}),\" success rate, freezing more than $380 million of the nearly $463 million in reported losses corresponding to 1,303 incidents.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Tech Support Fraud\"}),/*#__PURE__*/t(\"p\",{children:[\"Another form of scam emphasized in the report is Tech Support Fraud, which apparently continues to grow. In this scheme, criminals pose as technical support representatives offering solutions to problems such as compromised email and bank accounts, software license renewals, and infected systems. It also seems that they impersonate representatives of financial and utility companies. All this to order the innocent victims to make transfers to fraudulent foreign accounts or acquire lots of prepaid cards. Statistics for this case reveal 15,421 complaints with losses above $146 million, of which approximately \",/*#__PURE__*/e(\"strong\",{children:\"84%\"}),\" corresponded to victims over 60 years of age.\"]}),/*#__PURE__*/e(\"p\",{children:\"Among additional data I would like to highlight from this FBI's report are the following:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"In the last five years, IC3 received an average of approximately \",/*#__PURE__*/e(\"strong\",{children:\"440,000\"}),\" complaints per year.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"The first five types of crime with the highest number of victims were: (\",/*#__PURE__*/e(\"strong\",{children:\"1\"}),\") Phishing/Vishing/Smishing/Pharming (241,342). (\",/*#__PURE__*/e(\"strong\",{children:\"2\"}),\") Non-Payment/Non-Delivery (108,869). (\",/*#__PURE__*/e(\"strong\",{children:\"3\"}),\") Extortion (76,741). (\",/*#__PURE__*/e(\"strong\",{children:\"4\"}),\") Personal Data Breach (45,330). (\",/*#__PURE__*/e(\"strong\",{children:\"5\"}),\") Identity Theft (43,330).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"California is the state with the highest number of reported victims in 2020, a total of \",/*#__PURE__*/e(\"strong\",{children:\"69,541\"}),\". The next four states on the list are Florida (53,793), Texas (38,640), New York (34,505) and Illinois (20,185).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"IC3 offers a top 20 countries, excluding the U.S., by the number of victims. The United Kingdom ranks first with \",/*#__PURE__*/e(\"strong\",{children:\"216,633\"}),\" victims, significantly above Canada, which ranks second with 5,399 victims. Mexico is ranked ninth (1,164), Brazil eleventh (951) and Colombia nineteenth (418).\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"For more details on the findings, examples of some incidents and even recommendations on certain types of scams, \",/*#__PURE__*/e(o,{href:\"https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here's the link\"})}),\" to the referenced report.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Apropos of annual reports, just a week ago, Fluid Attacks released the 2021 \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.docsend.com/view/nrdygc2mik3kp5u5\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"State of Attacks\"})}),\" report. It will help you get ideas about practices you can implement within your company to prevent cyberattacks based on security vulnerabilities.\"]})]});export const richText13=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"The attention of global media, U.S. federal agencies and other organizations is partly shifting from one world power to another this month. I mean, in the cybersecurity field, the Russians were in the limelight with the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/solarwinds-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SolarWinds supply chain attack\"})}),\". Now, the Chinese have taken on the central role. \",/*#__PURE__*/e(o,{href:\"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Microsoft has attributed attacks\"})}),\" on its Exchange Server to a Chinese state-sponsored group. These cybercriminals took advantage of four zero-day vulnerabilities in that software and have exploited them to break into many organizations, primarily in the United States. In this post, we will examine several details that are known so far about this incident.\"]})});\nexport const __FramerMetadata__ = {\"exports\":{\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],
  "mappings": "2MAAAA,IAAsJ,IAAMC,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0DAAkEE,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAE,+IAA4JA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,+BAA4CF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sHAAiH,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,IAAiBA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,0CAAuDF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,iGAAyGF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,6GAA0HF,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,iBAA8BF,EAAEC,EAAE,CAAC,KAAK,+GAA+G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,2DAA2D,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,QAAqBA,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,gFAAwFA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iDAA4C,CAAC,CAAC,CAAC,EAAE,qGAAgG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,EAAE,6CAA0DA,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,wGAAqHF,EAAEC,EAAE,CAAC,KAAK,wBAAwB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,8EAAyE,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAmCE,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,0GAAuHF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBH,EAAEI,EAAE,EAAE,CAAC,SAAS,CAAC,YAAyBF,EAAE,SAAS,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,oBAAiCA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,iGAA8GF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAE,0DAAqD,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,UAAuBE,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,6BAA0CF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,kGAA+GF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,qFAAkGF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,oDAAoD,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,aAA0BE,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,uJAAoKE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,+CAA4DF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,qQAAkRF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,4OAAyPF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,uFAAuF,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,6BAAwB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA0DE,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,EAAE,iJAAyJF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gHAA2G,CAAC,CAAC,CAAC,EAAE,oGAAiHF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sEAAsE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8CE,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+DAA+D,CAAC,CAAC,CAAC,EAAE,kGAA+GF,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,6BAA0CF,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,qDAAkEF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yGAAoG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sCAAmDE,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,kCAA+CF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,6RAA0SF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wDAAwD,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qJAAkKE,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,4NAAyOF,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,oTAA+S,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,GAAG,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,wBAAqCE,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,oIAAiJE,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,EAAeF,EAAE,aAAa,CAAC,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,sKAAsK,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0WAA6WE,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,sFAAsF,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,cAA2BE,EAAEC,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,2BAAwCF,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,yDAAsEF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,qPAAgP,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wSAAgTE,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,WAAwBF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,0BAAuCF,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,EAAeF,EAAE,aAAa,CAAC,SAAsBA,EAAE,IAAI,CAAC,SAAS,4JAAuJ,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0MAAuNE,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyEE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,qEAA6EF,EAAEC,EAAE,CAAC,KAAK,uCAAuC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBL,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,+RAA4SA,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2SAAsS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2hBAAihB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qLAAqL,CAAC,CAAC,CAAC,CAAC,EAAeI,EAAuBN,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,yHAAyH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,6CAA0DF,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oEAAoE,CAAC,CAAC,CAAC,EAAE,uIAAoJF,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,wEAAqFF,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,qCAAkDA,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uFAAuF,CAAC,CAAC,CAAC,EAAE,kFAAkF,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,EAAE,gDAAwDA,EAAEC,EAAE,CAAC,KAAK,+BAA+B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,kDAAkD,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,4DAAyEA,EAAEC,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,uBAAoCF,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wGAAqHE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gHAAgH,CAAC,CAAC,CAAC,EAAE,gHAAgH,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yIAAsJE,EAAEC,EAAE,CAAC,KAAK,0IAA0I,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,gBAAgB,UAAU,eAAe,OAAO,KAAK,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yCAAyC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,mLAAmL,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,SAAS,UAAU,eAAe,OAAO,KAAK,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,wCAAwC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yCAAyC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4QAAyRE,EAAEC,EAAE,CAAC,KAAK,yHAAyH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6DAA6D,CAAC,CAAC,CAAC,EAAE,gEAA6EF,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,yBAAyB,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyEE,EAAE,SAAS,CAAC,SAAS,mBAAmB,CAAC,EAAE,wCAAqDA,EAAEC,EAAE,CAAC,KAAK,gGAAgG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oFAAoF,CAAC,CAAC,CAAC,EAAE,gQAAgQ,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8CE,EAAEC,EAAE,CAAC,KAAK,oFAAoF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,WAAwBF,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0FAA0F,CAAC,CAAC,CAAC,EAAE,2OAAsO,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,6BAA6B,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,qCAAqC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0CAAqC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,+FAA+F,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uKAA+KE,EAAEC,EAAE,CAAC,KAAK,gGAAgG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0HAA0H,CAAC,CAAC,CAAC,EAAE,6IAA6I,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+FAA4GE,EAAEC,EAAE,CAAC,KAAK,iIAAiI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,yNAAyN,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,8DAA2EE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,2KAAwLF,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,oEAAiFF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,6NAA0OF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwGE,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,kDAAkD,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,0GAAuHA,EAAEC,EAAE,CAAC,KAAK,iGAAiG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,oSAAoS,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oZAA0Y,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kHAA+HE,EAAEC,EAAE,CAAC,KAAK,sFAAsF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeG,EAAuBL,EAAID,EAAS,CAAC,SAAsBC,EAAE,IAAI,CAAC,SAAS,+UAA+U,CAAC,CAAC,CAAC,EAAeM,EAAuBR,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuGE,EAAEC,EAAE,CAAC,KAAK,6GAA6G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,kCAA+CF,EAAEC,EAAE,CAAC,KAAK,gGAAgG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,mEAAgFF,EAAEC,EAAE,CAAC,KAAK,uHAAuH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,cAA2BF,EAAEC,EAAE,CAAC,KAAK,+GAA+G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,+DAA4EF,EAAEC,EAAE,CAAC,KAAK,iMAAiM,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,gDAA6DF,EAAEC,EAAE,CAAC,KAAK,2GAA2G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oEAAoE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8CE,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,sDAA8DF,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,yCAAsDF,EAAEC,EAAE,CAAC,KAAK,4GAA4G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAE,gEAAgE,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,4GAA4G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,oIAA4IE,EAAEC,EAAE,CAAC,KAAK,+LAA+L,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gIAAgI,CAAC,CAAC,CAAC,EAAE,sGAAmHF,EAAEC,EAAE,CAAC,KAAK,6HAA6H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,6HAA6H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAiCE,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,EAAE,sCAAmDA,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,8BAA2CF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,2CAAwDF,EAAEC,EAAE,CAAC,KAAK,qHAAqH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+EAA+E,CAAC,CAAC,CAAC,EAAE,yIAAsJF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,2YAAmZF,EAAEC,EAAE,CAAC,KAAK,sGAAsG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,qDAAkEF,EAAEC,EAAE,CAAC,KAAK,oHAAoH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,yCAAsDF,EAAEC,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,oFAAiGF,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,kGAA+GF,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yEAAyE,CAAC,CAAC,CAAC,EAAE,oMAA+L,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,2GAA2G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uMAAoNE,EAAEC,EAAE,CAAC,KAAK,qHAAqH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gEAAgE,CAAC,CAAC,CAAC,EAAE,8CAA2DF,EAAEC,EAAE,CAAC,KAAK,uHAAuH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,mCAAgDF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,uDAAoEF,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,WAAwBF,EAAEC,EAAE,CAAC,KAAK,mIAAmI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,kBAA+BF,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,uMAAoNF,EAAEC,EAAE,CAAC,KAAK,uHAAuH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,6FAA6F,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,+KAA4LE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,uGAAoHF,EAAEC,EAAE,CAAC,KAAK,+HAA+H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,sFAAmGF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,iCAA8CF,EAAEC,EAAE,CAAC,KAAK,4GAA4G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,yBAAsCF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,yBAAsCF,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8DAA8D,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,2FAA2F,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mDAAmD,CAAC,CAAC,CAAC,EAAE,0UAAkVF,EAAEC,EAAE,CAAC,KAAK,qHAAqH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,uBAAuB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,4IAA4I,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,6FAA0GF,EAAEC,EAAE,CAAC,KAAK,6IAA6I,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,EAAE,uRAAoSF,EAAEC,EAAE,CAAC,KAAK,sDAAsD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,YAAyBF,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8CE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iFAAiF,CAAC,CAAC,CAAC,EAAE,6LAA0MF,EAAEC,EAAE,CAAC,KAAK,sJAAsJ,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,yMAAyM,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,+RAA4SE,EAAEC,EAAE,CAAC,KAAK,qEAAqE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,qCAAqC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEC,EAAE,CAAC,KAAK,iGAAiG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,kIAA+IF,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,yDAAoD,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,yMAAyM,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,EAAE,wMAAqNF,EAAEC,EAAE,CAAC,KAAK,gGAAgG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qDAAqD,CAAC,CAAC,CAAC,EAAE,wOAAwO,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,wGAAmG,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6GAA6G,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyEE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,qEAA6EF,EAAEC,EAAE,CAAC,KAAK,uCAAuC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeK,EAAuBT,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,qKAAkLE,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,gdAA6dF,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,yCAAsDF,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,mMAAmM,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiDE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,yEAAsFA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,8JAA2KA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,gBAA6BA,EAAEC,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,mdAAgeF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uHAAoIE,EAAEC,EAAE,CAAC,KAAK,wFAAwF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,2mBAAwnBF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,kGAA+GA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,qMAAqM,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAgCE,EAAEC,EAAE,CAAC,KAAK,+HAA+H,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBH,EAAEI,EAAE,EAAE,CAAC,SAAS,CAAC,gCAA6CF,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,+GAA4HA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,MAAmBA,EAAEC,EAAE,CAAC,KAAK,mEAAmE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,wGAAqHF,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,qBAAkCA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,sFAAmGA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,2YAA2Y,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gFAA6FE,EAAEC,EAAE,CAAC,KAAK,yPAAyP,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,MAAmBF,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,kGAA+GF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,0BAAuCA,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wDAAwD,CAAC,CAAC,CAAC,EAAE,8IAA2JF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,iMAA8MA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,4UAA4U,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uFAAoGE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,oEAAiFA,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,qEAAkFA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,qIAAkJA,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAE,uLAAuL,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0HAAuIE,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,gRAA6RA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,yFAAsGA,EAAEC,EAAE,CAAC,KAAK,iFAAiF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,8HAA8H,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,qCAAkDA,EAAE,SAAS,CAAC,SAAS,yCAAyC,CAAC,EAAE,8KAA2LA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,yJAAsKA,EAAEC,EAAE,CAAC,KAAK,yPAAyP,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,qBAAkCF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,uSAAuS,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8aAA2bE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,sIAAsI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0DAAuEE,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,EAAE,kBAA+BA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,uZAAoaA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,0PAA0P,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sfAAmgBE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,uGAAoHA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,yPAAsQA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyEE,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,MAAmBF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4CAA4C,CAAC,CAAC,CAAC,EAAE,iDAA8DF,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeM,EAAuBR,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAC,oNAAiOE,EAAE,SAAS,CAAC,SAAS,8EAA8E,CAAC,EAAE,sDAAsD,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBX,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4CE,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,wEAAqFF,EAAEC,EAAE,CAAC,KAAK,qBAAqB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,yWAAyW,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,8BAA8B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoBE,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,yhBAAyhB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,ohBAAohB,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,6BAA6B,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kpBAAkpB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yiBAAoiB,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,uCAAuC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,aAA0BE,EAAEC,EAAE,CAAC,KAAK,iJAAiJ,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,+lBAA0lB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iGAA8GE,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAgB,CAAC,CAAC,CAAC,EAAE,sTAA4S,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,gCAAgC,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,6CAA0DE,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,oUAA0T,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kCAAkC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwGE,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,4CAAyDF,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,mYAAmY,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,qCAAqC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,keAAke,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mkBAAmkB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mOAAgPE,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,4MAA4M,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yNAAsOE,EAAEC,EAAE,CAAC,KAAK,+GAA+G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,oFAA4FF,EAAEC,EAAE,CAAC,KAAK,uCAAuC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,qeAAqe,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qKAAkLE,EAAEC,EAAE,CAAC,KAAK,+EAA+E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,0RAAySF,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,wLAAqMF,EAAEC,EAAE,CAAC,KAAK,uGAAuG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAEC,EAAE,CAAC,KAAK,oGAAoG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,mDAAmD,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,8EAA2FE,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,0gBAA0gB,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,8BAA8B,UAAU,eAAe,OAAO,KAAK,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,6KAA0LE,EAAEC,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,yPAAyP,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,mGAAgHE,EAAEC,EAAE,CAAC,KAAK,gGAAgG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,2LAAwMF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,yPAA2P,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,oSAAiTE,EAAEC,EAAE,CAAC,KAAK,+EAA+E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,iFAA8FF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,+KAA4LF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,gOAA6OF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,sDAAsD,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgFE,EAAEC,EAAE,CAAC,KAAK,gGAAgG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,0JAAuKF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,2SAA2S,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,+EAA+E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,ixBAAmxB,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAEC,EAAE,CAAC,KAAK,oEAAoE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,yJAAsKF,EAAEC,EAAE,CAAC,KAAK,sIAAsI,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,mRAAgSF,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,yEAAyE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,uTAAwT,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,8DAA8D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,4DAA4D,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,+cAA4dE,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,6OAA6O,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgFE,EAAEC,EAAE,CAAC,KAAK,8BAA8B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,oMAAiNF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAE,0BAAuCF,EAAEC,EAAE,CAAC,KAAK,kHAAkH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBb,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAEC,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,8CAA2DA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,gEAA6EF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,8FAA2GA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,qFAAkGF,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,2HAA2H,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,shBAAmiBA,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,MAAmBF,EAAEC,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeU,EAAwBd,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,KAAK,CAAC,SAAS,CAAC,6CAA0DE,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gLAA6LE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,KAAkBA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,EAAE,spBAAspB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6BAA6B,CAAC,EAAE,4sBAAytBA,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wLAAqME,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,+XAA4YA,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBH,EAAEI,EAAE,EAAE,CAAC,SAAS,CAAcF,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,eAA4BA,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,YAAY,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,uCAAoDE,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,+EAA4FE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,giBAAgiB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyEE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,0GAAuHA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAE,4NAA4N,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwDE,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAsBA,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,idAAid,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kEAAkE,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8DAA8D,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyDE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,mqBAAgrBA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4GAAyHE,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,wNAAqOA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,sHAAsH,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gbAAgb,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8HAA2IE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,8eAA8e,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,0BAA0B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oFAAiGE,EAAEC,EAAE,CAAC,KAAK,4EAA4E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,0DAAuEF,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,4DAAyEA,EAAEC,EAAE,CAAC,KAAK,oCAAoC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,kDAA+DF,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,MAAmBF,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,0CAAuDF,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAwBb,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiDE,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4BAA4B,CAAC,CAAC,CAAC,EAAE,qiBAAqiB,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAwBhB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,umBAAumB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2CE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,uGAA0GA,EAAE,SAAS,CAAC,SAAS,cAAc,CAAC,EAAE,8fAA2gBA,EAAEC,EAAE,CAAC,KAAK,sEAAsE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,wEAAwE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,8MAA2NE,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAE,mPAAgQA,EAAE,SAAS,CAAC,SAAS,qBAAqB,CAAC,EAAE,oJAAoJ,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0rBAA0rB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,weAAwe,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,i4BAAm4B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sUAAmVE,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,gIAAgI,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wmBAAqnBE,EAAE,SAAS,CAAC,SAAS,KAAK,CAAC,EAAE,gDAAgD,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2FAA2F,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,oEAAiFE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,uBAAuB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,2EAAwFE,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,oDAAiEA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,0CAAuDA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,0BAAuCA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,qCAAkDA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,EAAE,4BAA4B,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwGE,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,EAAE,mHAAmH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,oHAAiIE,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,EAAE,mKAAmK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oHAAiIE,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,+EAA4FE,EAAEC,EAAE,CAAC,KAAK,yDAAyD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,sJAAsJ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAea,EAAwBf,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAC,+NAA4OE,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,sDAAmEF,EAAEC,EAAE,CAAC,KAAK,yFAAyF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAE,sUAAsU,CAAC,CAAC,CAAC,CAAC,EACx76Hc,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC",
  "names": ["init_ssg_sandbox_shims", "richText", "u", "x", "p", "Link", "motion", "richText1", "richText2", "richText3", "richText4", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "richText11", "richText12", "richText13", "__FramerMetadata__"]
}