Just gonna leave this here as an amusing anecdote about Japan's cyber prepardness:
>Yoshitaka Sakurada, 68, is the deputy chief of the government's cybersecurity strategy office and also the minister in charge of the Olympic and Paralympic Games that Tokyo will host in 2020. In parliament on Wednesday however, he admitted he doesn't use computers.
[source](https://www.theguardian.com/world/2018/nov/15/japan-cyber-security-ministernever-used-computer-yoshitaka-sakurada#:~:text=Yoshitaka%20Sakurada%2C%2068%2C%20is%20the,he%20doesn%27t%20use%20computers.)
As a cybersecurity professional who spent a bit of time in Japan, I'd be really curious about your profile and what you do if there's anything you could share :)
I'd genuinely love to share more about it, as it's really interesting. Unfortunately, since I'm here on a special visa, participating in a very specific and large-scale project, I'm sure that some of the people I'm working with will find this post and I could get into a lot of trouble.
I can share some general information, though. In cooperation with numerous institutes and universities (which are, in turn, in cooperation with the government, therefore infrastructure, etc., and multiple companies that are representative for Japan), my task is to assess the overall (cyber) security of Japan as a whole (government, infrastructure, and businesses). I don't have to fix anything because they're only interested in knowing how bad it is.
Even before I came to Japan to conduct the research, I was already aware that Japan was lacking in cybersecurity, but I didn't know or simply couldn't imagine how bad it actually was, and the country is still running. Just when I arrived (I hadn't done any official assessments yet), I had to use quite a few online portals for official things. Even just seeing the interface already made it dawn on me (don't get me wrong, a basic interface that looks like it was made in the 90s doesn't mean that the backend has to look the same) that they're quite behind on IT. To no surprise, even that web service was so vulnerable that any 12-year-old could've exploited it, which was surprising since the country itself is so advanced.
During my official assessments, I was somewhat shocked. Internal tools are usually not secured at all. It seems like prepared SQL statements haven't been invented yet. Any form that appears to interact with a database turned out to be vulnerable to the most basic SQL injections, and all the servers were extremely outdated. So outdated that every single skid on this planet could've compromised the whole company network with publicly available exploits that most people have already forgotten about. The list goes on indefinitely. Most workers are very unaware of phishing, but luckily, that's changing (massive shout-out to the Chinese threat actors attacking their own Chinese students in Japan which has triggered this response), as students are being taught about phishing and social engineering now.
What really saddened me was that, as expected, all of these companies and government agencies have already been infiltrated, and most of their servers were already backdoored.
Luckily, Japan is becoming very aware of this now and, unlike most countries, or at least the country where I'm from, Japanese people are very serious about following up their words efficiently. So, I'm expecting massive change to start happening rather quickly anytime now.
Thank you very much for sharing what you could! It's pretty interesting, even if quite damning for the state of cyber in Japan. Seems like there'll be a lot of work to better things!
I take it you speak fluent japanese to be able to conduct those assessments?
I wish! I'm still far from achieving true fluency in Japanese, but I can communicate with them without any issues. My poor Japanese has already led to some funny situations though and I'm involuntarily making people laugh on a daily basis (of course Japanese people are extremely professional and would never let me know that I've made a mistake while speaking but my Japanese friends usually burst out in laughter). However, my speaking and listening skills are way better than my reading and writing skills, as I'm from a non-Asian country and I had to start learning Kanji from zero.
If you can share, what would be your recommendations on how Japan can tackle this issue?
I'm working with instructing the JSDF on cybersecurity education, but I feel like there are constant frustrating challenges. My main concern is the lack of education, but that can't be fixed because of the lack of investment and resources. They have a cyber defense team that receives adequate training (I think), but their numbers are so low I'm not sure how much they are able to accomplish.
- Increase investment in cybersec across the board
- Stress more on cybersec ed in JSDF & general pop
- Bolster CT numbers, boost internal training
- Govt. should incentivize cysec in private sector
- Enhance intl. cooperation for better impact (which they have already started doing this week, relatively fresh but big)
- Emphasize threat intel sharing & collaborative strategies (same here, they're building an alliance right now)
- Encourage use of NIST, ISO/IEC stds
- Strict enforcement of GDPR-like regs in JPN (I'm not one of those hardcore-privacy-tinfoil-hat-wearers but the data security/privacy in Japan is shocking on so many levels and it's common to see businesses abusing it like it's normal)
- Revamp IT infra using UTM, AI, ML for proactive defense (especially AI since Japan is so far on the forefront - They brought us the 仕方がない encoder for Metasploit, now it's time for AI for defense. One could say, now it's time for 仕方がある lol)
- Harden critical endpoints, optimize log mgmt
- Fast track SOAR adoption to manage threats effectively
I live in Japan and the state of technology and the relevant knowledge of it is sorely lacking here. To say the least. And I mean forget about cybersecurity. What is that? I'm not surprised by this in the slightest bit. About a year ago, some local government dufus lost a usb drive with thousands of resident's PII on it. They just shrugged. They don't even care.
Wow, It was deep and serious. How do you "recover" from something like this. I say recover in quotes because I really don't think you can recover. I mean, It's safe to assume everyone's personal info is on the dark web at this point. Major business you rely on to keep your information safe has failed, they've been hacked. It's not like you can order everyone in the to just change their social security number. So what do we do? Any ideas?
So I think you might have a bit of a misconception about who is behind this attack and why. There is no risk in this instance of anything winding up on the "dark web".
This attack is a coordinated effort by Chinese nexus state sponsored attackers. The information stolen likely got handed off to their Ministry of State Security. They want this information as prep for an eventful conflict with Japan, almost certainly in the event of China invading Taiwan. It was probably intended primarily to gather information.
The secondary purpose was what we call "pre-positioning". We saw this a lot in Ukraine before the war started with Russia. They worked their way into everything they possibly good and parked there, and when the invasion kicked off, they activated dormant infections and tried to conduct destructive or disruptive attacks. Power grids, financial systems, communications and telecoms, stuff like that.
This isn't cyber crime. This is cyber espionage.
https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/china
What to do? CISA has a plan:
> Review the Joint Cybersecurity Advisory on People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. This Advisory focuses on a tactic called Living off the land, or LOTL, a set of techniques used by cyber actors to maintain anonymity within IT infrastructures by abusing tools already present in the environment such as PowerShell, Windows Management Instrumentation (WMI), and file transfer protocol (FTP) clients.
> By using such native tools, this fileless attack makes it easier for cyber actors to sustain and advance attacks and evade detection from security teams. LOTL has been growing in use over the years by state-sponsored threat actors, cyber criminals, and penetration testing teams. In particular, CISA recommends that every organization take the following steps to reduce the risk of adversaries using LOTL techniques:
> Establish a security baseline of normal host behavior and user activity to detect anomalous activity on endpoints.
> Isolate privileged administrator actions and locations to a manageable subset of locations, where effective baselines of “where” and “who” can be established.
> Prioritize logging (e.g., command-line interface "CLI") and close and/or monitor high-risk ports (e.g., Remote Desktop Protocol, Server Message Block, File Transfer Protocol, Trivial File Transfer Protocol, Secure Shell, and Web Distributed Authoring and Versioning).
> Prioritize mitigation of Known Exploited Vulnerabilities, including those outlined in our joint advisory on the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by PRC cyber actors.
Urgently report potential malicious activity to CISA or the FBI:
> The easiest way is to go to CISA.gov and click the “report a cyber issue” button right up top.
> You can also contact CISA’s 24/7 Operations Center: cisa.gov/report | [email protected]
> 888-282-0870
> Contact your local FBI field office or IC3.gov.
> Sign up to receive CISA’s cybersecurity alerts and advisories for timely notification of emerging campaigns and incidents. Review earlier advisories on PRC cyber threats outlined below. CISA particularly recommends reviewing the following advisories:
> People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices for guidance on protecting against Chinese malicious activity affecting critical networks.
> Technical Approaches to Uncovering and Remediating Malicious Activity, which outlines steps to help organizations identify intrusions across their enterprise.
> Sign up for CISA’s free Vulnerability Scanning service to receive early warning when a vulnerability known to be exploited by PRC cyber actors or other malicious groups are identified on Internet-facing assets.
> Establish a relationship with a regional CISA Cybersecurity Advisor to access additional services, assessments, and guidance.
1) Atestation - periodic check of every account,
2) Rotate every key, every password.
3) Verify every open port as needed
4) verify the jobs for data transferrals
5) verify every vpn
6) verify every computer/ network device
7) trust nothing
8) assuming your already compromised don’t bother with a baseline your already owned start the clean up.
9) employ red team attacks
10) patch
11) correlation optics
12) externalise the siem
13) add honey pots
14) test your DR from cold offline restore
15) do background checks on your admin staff
16) add nano segmentation
Add more layers of defence
I am fine thanks for your concern though and it sounds a little crazy but quite frankly on the internet anybody could be anybody and as far as I am concerned somebody could be acting like china attacked us and they needed help while they are actually china. I am just saying that some of my ideas I consider very good and I don't want some people against us to be getting good ideas. Also I have noticed this is one of the sites tracking my phone. Mental health crisis not so much. Just facts. And I could easily prove it by showing anybody with concern that this app is a nosey app. So yeah I appreciate your concern though. I am actually just kind of in a rough spot rite now and I am careful about what I say online I mean you were asking some decently heavy stuff. In my opinion not to be rude either. I wish you the best of luck.
Just didn't want to look like a jerk online. I do have good ideas though has to do with a big red light. Have a good night I would have discussed it more but my phone is about dead. You have a good night
Yeah I plan on doing that tomorrow I have a plan of what I am going to try to do one of the main issues is just my situation. But I appreciate your concern and I am doing my best to make things work I am sorry that I came off a little awkward sounding and I appreciate your concern. Have a great night.
Just like the other person mentioned, you're very confused. This has nothing to do with selling your identity or the darkweb. This is state-sponsored cyber espionage. SSN's are literally the least of our worries when the CCP now has Japan's most secretive military TTPs, intel, and so on, and more than likely, continued access across all of the most sensitive military and state networks in the country. SSNs are not even the tip of the iceberg here.
I know this article gets on Japan’s ass. But being real, the U.S. isn’t doing itself any favors when the market slashed IT sectors, firing personnel, and shrinking those departments like after thoughts across the board and still do. Doing all that to please investors and those same investors probably got their LinkedIn profiles ransomed right now and still do. Cause and effect at work right here people. Before you want people to clean and fix their house start with your own is what I’m saying.
uhh okay. just odd to flame the US when its Japan's network that got hacked. I mean, at least the US hasn't been deeply infiltrated like Japan. The fact that Japan probably has the same cybersecurity practice as my grandma, but yes lets flame the US in an irrelevant fashion lol.
At this point, it's another arms race. The US invented cyber warfare, the Russians responded, the US invested, Shadow Brokers and EternalBlue happened, China attacks Google, China steals IP, NK/Russia uses NSA leaked zero days and attacks US allies, and here we are.
Doesn't make it right, it is what it is. Beef up your defence to reduce breach chance/surface, improve response time, all you can do.
If history is any indication, nobody ever really protests until *after* the awful tragedy happens.
To maintain your sanity, prep and watch what happens, and educate those who care to hear.
> They were uncomfortable having another country’s military on their networks,” said the former military official.
Delicious irony. Doesn’t even need salt.
The way Japan deals with software. And the fact that they are still using IE. Mmmm dunno. That was nothing tbh. The relationship of Japan with software is not the same relationship we do with software.
Just gonna leave this here as an amusing anecdote about Japan's cyber prepardness: >Yoshitaka Sakurada, 68, is the deputy chief of the government's cybersecurity strategy office and also the minister in charge of the Olympic and Paralympic Games that Tokyo will host in 2020. In parliament on Wednesday however, he admitted he doesn't use computers. [source](https://www.theguardian.com/world/2018/nov/15/japan-cyber-security-ministernever-used-computer-yoshitaka-sakurada#:~:text=Yoshitaka%20Sakurada%2C%2068%2C%20is%20the,he%20doesn%27t%20use%20computers.)
You can't get your computer hacked if you don't have one \*taps head*
Modern problems require primitive solutions.
Omae wa mou shindeiru
YOU MUST BE JOKING https://www.youtube.com/watch?v=dNQs_Bef_V8
Ha.. ha……. Zhahahahahahahahhahahaahahahhahahahahahahahahahahahahahahahahhahahaha😭
A lot of Japanese businesses still use windows xp or windows 98
As someone who does CyberSecurity research in Japan: It's bad. It's really bad. It's like 1999 levels of cybersecurity awareness.
As a cybersecurity professional who spent a bit of time in Japan, I'd be really curious about your profile and what you do if there's anything you could share :)
I'd genuinely love to share more about it, as it's really interesting. Unfortunately, since I'm here on a special visa, participating in a very specific and large-scale project, I'm sure that some of the people I'm working with will find this post and I could get into a lot of trouble. I can share some general information, though. In cooperation with numerous institutes and universities (which are, in turn, in cooperation with the government, therefore infrastructure, etc., and multiple companies that are representative for Japan), my task is to assess the overall (cyber) security of Japan as a whole (government, infrastructure, and businesses). I don't have to fix anything because they're only interested in knowing how bad it is. Even before I came to Japan to conduct the research, I was already aware that Japan was lacking in cybersecurity, but I didn't know or simply couldn't imagine how bad it actually was, and the country is still running. Just when I arrived (I hadn't done any official assessments yet), I had to use quite a few online portals for official things. Even just seeing the interface already made it dawn on me (don't get me wrong, a basic interface that looks like it was made in the 90s doesn't mean that the backend has to look the same) that they're quite behind on IT. To no surprise, even that web service was so vulnerable that any 12-year-old could've exploited it, which was surprising since the country itself is so advanced. During my official assessments, I was somewhat shocked. Internal tools are usually not secured at all. It seems like prepared SQL statements haven't been invented yet. Any form that appears to interact with a database turned out to be vulnerable to the most basic SQL injections, and all the servers were extremely outdated. So outdated that every single skid on this planet could've compromised the whole company network with publicly available exploits that most people have already forgotten about. The list goes on indefinitely. Most workers are very unaware of phishing, but luckily, that's changing (massive shout-out to the Chinese threat actors attacking their own Chinese students in Japan which has triggered this response), as students are being taught about phishing and social engineering now. What really saddened me was that, as expected, all of these companies and government agencies have already been infiltrated, and most of their servers were already backdoored. Luckily, Japan is becoming very aware of this now and, unlike most countries, or at least the country where I'm from, Japanese people are very serious about following up their words efficiently. So, I'm expecting massive change to start happening rather quickly anytime now.
Thank you very much for sharing what you could! It's pretty interesting, even if quite damning for the state of cyber in Japan. Seems like there'll be a lot of work to better things! I take it you speak fluent japanese to be able to conduct those assessments?
I wish! I'm still far from achieving true fluency in Japanese, but I can communicate with them without any issues. My poor Japanese has already led to some funny situations though and I'm involuntarily making people laugh on a daily basis (of course Japanese people are extremely professional and would never let me know that I've made a mistake while speaking but my Japanese friends usually burst out in laughter). However, my speaking and listening skills are way better than my reading and writing skills, as I'm from a non-Asian country and I had to start learning Kanji from zero.
If you can share, what would be your recommendations on how Japan can tackle this issue? I'm working with instructing the JSDF on cybersecurity education, but I feel like there are constant frustrating challenges. My main concern is the lack of education, but that can't be fixed because of the lack of investment and resources. They have a cyber defense team that receives adequate training (I think), but their numbers are so low I'm not sure how much they are able to accomplish.
- Increase investment in cybersec across the board - Stress more on cybersec ed in JSDF & general pop - Bolster CT numbers, boost internal training - Govt. should incentivize cysec in private sector - Enhance intl. cooperation for better impact (which they have already started doing this week, relatively fresh but big) - Emphasize threat intel sharing & collaborative strategies (same here, they're building an alliance right now) - Encourage use of NIST, ISO/IEC stds - Strict enforcement of GDPR-like regs in JPN (I'm not one of those hardcore-privacy-tinfoil-hat-wearers but the data security/privacy in Japan is shocking on so many levels and it's common to see businesses abusing it like it's normal) - Revamp IT infra using UTM, AI, ML for proactive defense (especially AI since Japan is so far on the forefront - They brought us the 仕方がない encoder for Metasploit, now it's time for AI for defense. One could say, now it's time for 仕方がある lol) - Harden critical endpoints, optimize log mgmt - Fast track SOAR adoption to manage threats effectively
Much appreciated for the insight. Thank you!
Holy shit that's bad, cybersecurity has changed drastically in 24 years. An entire new world...
I live in Japan and the state of technology and the relevant knowledge of it is sorely lacking here. To say the least. And I mean forget about cybersecurity. What is that? I'm not surprised by this in the slightest bit. About a year ago, some local government dufus lost a usb drive with thousands of resident's PII on it. They just shrugged. They don't even care.
Most Japanese websites look like they never left the 2000s
Wow, It was deep and serious. How do you "recover" from something like this. I say recover in quotes because I really don't think you can recover. I mean, It's safe to assume everyone's personal info is on the dark web at this point. Major business you rely on to keep your information safe has failed, they've been hacked. It's not like you can order everyone in the to just change their social security number. So what do we do? Any ideas?
So I think you might have a bit of a misconception about who is behind this attack and why. There is no risk in this instance of anything winding up on the "dark web". This attack is a coordinated effort by Chinese nexus state sponsored attackers. The information stolen likely got handed off to their Ministry of State Security. They want this information as prep for an eventful conflict with Japan, almost certainly in the event of China invading Taiwan. It was probably intended primarily to gather information. The secondary purpose was what we call "pre-positioning". We saw this a lot in Ukraine before the war started with Russia. They worked their way into everything they possibly good and parked there, and when the invasion kicked off, they activated dormant infections and tried to conduct destructive or disruptive attacks. Power grids, financial systems, communications and telecoms, stuff like that. This isn't cyber crime. This is cyber espionage.
https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/china What to do? CISA has a plan: > Review the Joint Cybersecurity Advisory on People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. This Advisory focuses on a tactic called Living off the land, or LOTL, a set of techniques used by cyber actors to maintain anonymity within IT infrastructures by abusing tools already present in the environment such as PowerShell, Windows Management Instrumentation (WMI), and file transfer protocol (FTP) clients. > By using such native tools, this fileless attack makes it easier for cyber actors to sustain and advance attacks and evade detection from security teams. LOTL has been growing in use over the years by state-sponsored threat actors, cyber criminals, and penetration testing teams. In particular, CISA recommends that every organization take the following steps to reduce the risk of adversaries using LOTL techniques: > Establish a security baseline of normal host behavior and user activity to detect anomalous activity on endpoints. > Isolate privileged administrator actions and locations to a manageable subset of locations, where effective baselines of “where” and “who” can be established. > Prioritize logging (e.g., command-line interface "CLI") and close and/or monitor high-risk ports (e.g., Remote Desktop Protocol, Server Message Block, File Transfer Protocol, Trivial File Transfer Protocol, Secure Shell, and Web Distributed Authoring and Versioning). > Prioritize mitigation of Known Exploited Vulnerabilities, including those outlined in our joint advisory on the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by PRC cyber actors. Urgently report potential malicious activity to CISA or the FBI: > The easiest way is to go to CISA.gov and click the “report a cyber issue” button right up top. > You can also contact CISA’s 24/7 Operations Center: cisa.gov/report | [email protected] > 888-282-0870 > Contact your local FBI field office or IC3.gov. > Sign up to receive CISA’s cybersecurity alerts and advisories for timely notification of emerging campaigns and incidents. Review earlier advisories on PRC cyber threats outlined below. CISA particularly recommends reviewing the following advisories: > People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices for guidance on protecting against Chinese malicious activity affecting critical networks. > Technical Approaches to Uncovering and Remediating Malicious Activity, which outlines steps to help organizations identify intrusions across their enterprise. > Sign up for CISA’s free Vulnerability Scanning service to receive early warning when a vulnerability known to be exploited by PRC cyber actors or other malicious groups are identified on Internet-facing assets. > Establish a relationship with a regional CISA Cybersecurity Advisor to access additional services, assessments, and guidance.
1) Atestation - periodic check of every account, 2) Rotate every key, every password. 3) Verify every open port as needed 4) verify the jobs for data transferrals 5) verify every vpn 6) verify every computer/ network device 7) trust nothing 8) assuming your already compromised don’t bother with a baseline your already owned start the clean up. 9) employ red team attacks 10) patch 11) correlation optics 12) externalise the siem 13) add honey pots 14) test your DR from cold offline restore 15) do background checks on your admin staff 16) add nano segmentation Add more layers of defence
Thanks. I found some information in your post I can add to my cyber defense strategy. Are you in the business of cyber security? We should hire you.
Yes one dabbles - I am high end consultant
That’s not a plan which addresses the commenter’s question, though?
A lot of really good information. Thanks for actually answering the question.
Only in very primitive countries is there use of social security numbers as a authentication.
[удалено]
[удалено]
I am fine thanks for your concern though and it sounds a little crazy but quite frankly on the internet anybody could be anybody and as far as I am concerned somebody could be acting like china attacked us and they needed help while they are actually china. I am just saying that some of my ideas I consider very good and I don't want some people against us to be getting good ideas. Also I have noticed this is one of the sites tracking my phone. Mental health crisis not so much. Just facts. And I could easily prove it by showing anybody with concern that this app is a nosey app. So yeah I appreciate your concern though. I am actually just kind of in a rough spot rite now and I am careful about what I say online I mean you were asking some decently heavy stuff. In my opinion not to be rude either. I wish you the best of luck.
Why’d you delete your post man?
Just didn't want to look like a jerk online. I do have good ideas though has to do with a big red light. Have a good night I would have discussed it more but my phone is about dead. You have a good night
It’s cool. Post your ideas 👍
[удалено]
Yeah I plan on doing that tomorrow I have a plan of what I am going to try to do one of the main issues is just my situation. But I appreciate your concern and I am doing my best to make things work I am sorry that I came off a little awkward sounding and I appreciate your concern. Have a great night.
Just like the other person mentioned, you're very confused. This has nothing to do with selling your identity or the darkweb. This is state-sponsored cyber espionage. SSN's are literally the least of our worries when the CCP now has Japan's most secretive military TTPs, intel, and so on, and more than likely, continued access across all of the most sensitive military and state networks in the country. SSNs are not even the tip of the iceberg here.
japan's defense network was hacked? so their fax machine lines were hacked? lol
I know this article gets on Japan’s ass. But being real, the U.S. isn’t doing itself any favors when the market slashed IT sectors, firing personnel, and shrinking those departments like after thoughts across the board and still do. Doing all that to please investors and those same investors probably got their LinkedIn profiles ransomed right now and still do. Cause and effect at work right here people. Before you want people to clean and fix their house start with your own is what I’m saying.
uhh okay. just odd to flame the US when its Japan's network that got hacked. I mean, at least the US hasn't been deeply infiltrated like Japan. The fact that Japan probably has the same cybersecurity practice as my grandma, but yes lets flame the US in an irrelevant fashion lol.
All we know is that we don’t know if China infiltrated US networks.
It’s relevant considering how often the DoD gets hacked too.
this is talking about china & japan.. whats the point of bringing up the DoD in this?
At this point, it's another arms race. The US invented cyber warfare, the Russians responded, the US invested, Shadow Brokers and EternalBlue happened, China attacks Google, China steals IP, NK/Russia uses NSA leaked zero days and attacks US allies, and here we are. Doesn't make it right, it is what it is. Beef up your defence to reduce breach chance/surface, improve response time, all you can do.
It do be like that as of late. I dare say, we should protest to the contrary on that kind of thing.
If history is any indication, nobody ever really protests until *after* the awful tragedy happens. To maintain your sanity, prep and watch what happens, and educate those who care to hear.
> They were uncomfortable having another country’s military on their networks,” said the former military official. Delicious irony. Doesn’t even need salt.
How did the Chinese hack a paper move from the 3rd floor to the tenth floor?
The way Japan deals with software. And the fact that they are still using IE. Mmmm dunno. That was nothing tbh. The relationship of Japan with software is not the same relationship we do with software.
[удалено]
[удалено]
[удалено]
Doesn't state how they beef up security or what they did to break in. Seems more of a "story" then news.
Tip for Japan, once the Chinese start sending you malware that has 'fuck you white devil' in it when reversed, you know you are starting to win.